Skip to content

Instantly share code, notes, and snippets.

@H7-25

H7-25/main.php

Created October 22, 2018 21:36
Show Gist options
  • Save H7-25/07f51af2a6278eedd3f28663e3f04118 to your computer and use it in GitHub Desktop.
Save H7-25/07f51af2a6278eedd3f28663e3f04118 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
main.php
#!/usr/bin/php
<?php
include('includes/geoip.inc');
include 'includes/tor.class.php';
include 'includes/ip2asn/src/ip2asn.php';
use peterkahl\ip2asn\ip2asn;
$active = null;
$debug = in_array ('-debug', $_SERVER['argv']);
$full = !in_array ('-reduced', $_SERVER['argv']);
$geoip_check = false;
setlocale (LC_TIME, 'it_IT');
echo "\nC-Logger v1.2 - (author: SimosNap Coder Staff)\n";
echo "\n";
if (!file_exists ('includes/functions.inc.php')) die ("[ERROR] Couldn't load function file !\n\n");
include ('includes/functions.inc.php');
alog_wt ("\nC-Logger v1.2 - Session Started: %s", strftime ('%a %b %d %T %Y'));
echo "[+] Loading config file .. ";
if (!file_exists ('includes/config.inc.php')) error ('[ERROR] Couldn\'t load config file !');
include ('includes/config.inc.php');
done ();
$idle = time();
$UUID = $conf['server']['sid'].$conf['client']['uid'];
echo "[+] Sending process to background .. ";
if (($pid = @pcntl_fork ()) < 0) {
error ('[ERROR] Couldn\'t fork process !');
} else if ($pid == 0) {
// socket connection
if (! ($sock = @fsockopen ($conf['ircd']['server'], $conf['ircd']['port'], $errno, $error, 30))) error ('[ERROR] Couldn\'t connect to IRCd !');
// introducing server
$status = 0;
$status += !intval(rawline($sock, 'CAPAB START'));
foreach ($conf['server']['capab'] as $capab) {
$status += !intval(rawline($sock, 'CAPAB CAPABILITIES :' . $capab));
}
$status += !intval(rawline($sock, 'CAPAB END'));
$status += ! intval (rawline ($sock, 'SERVER %s %s 0 %s :%s', $conf['server']['name'], $conf['server']['password'], $conf['server']['sid'], $conf['server']['description']));
$status += ! intval (rawline ($sock, ':%s BURST', $conf['server']['sid']));
$status += ! intval (rawline ($sock, ':%s ENDBURST', $conf['server']['sid']));
if ($status) error ('[ERROR] Couldn\'t introduce server !');
while (true) {
if ($text = @fgets ($sock, 512)) {
$text = str_replace (array ("\r", "\n"), array ("", ""), $text);
// DEBUG
if ($debug) {
echo $text."\n";
}
if ((@preg_match ('/^:[0-9][0-9A-Z]{2} ENDBURST/i', $text, $args)) && (!$active)){
// introducing pseudo-client
//:3AX +UID 3AXAAAAAD 1353445680 ChanServ services.simosnap.com services.simosnap.com services 0.0.0.0 1353445680 +Iko :Channel Server
$status = 0;
$status += ! intval (rawline ($sock, 'UID %s %s %s %s %s %s 0.0.0.0 %s +Ik :%s',
$UUID,
$signon = time(),
$conf['client']['nick'],
$conf['client']['host'],
$conf['client']['host'],
$conf['client']['ident'],
$signon = time(),
$conf['client']['realname']));
$status += ! intval (rawline ($sock, ':%s FJOIN %s %s +tn :o,%s',
$conf['server']['sid'],
$conf['client']['main_channel'],
time(),
$UUID));
if ($status) error ('[ERROR] Couldn\'t introduce pseudo-client !');
$idle = $signon;
$active=true;
$geoip_check = true;
}
//-- NICK CONNECTING
//:076 UID 076AAAAFL 1353931026 Simos 2-227-104-160.ip185.fastwebnet.it SimosNap-gbmvlc.ip185.fastwebnet.it simos 2.227.104.160 1353931031 +ix :Simos
//:180 UID 180AAAAC0 1389960848 Guest54409 78.5.125.62 SimosNap-it6.a2s.5.78.IP ~h7-25 78.5.125.62 1389960826 +Tix :Charlie
//:3AX UID 3AXAAAAAB 1389751041 BotServ services.simosnap.com services.simosnap.com services 0.0.0.0 1389751041 +Ik :Bot Service
if (@preg_match ('/^:(?<sid>[0-9][0-9A-Z]{2}) UID (?<uid>[0-9][0-9A-Z]{2}[0-9A-Z]{6}) (?<timestamp>\d+) (?<nick>[^\s]+) (?<host>[^\s]+) (?<fakehost>[^\s]+) (?<ident>[^\s]+) (?<ip>[^\s]+) (?<signon>\d+) (?<modes>[^\s]+)\s?(?<snomask>[^\s]+ )\s?:(?<realname>.+)$/i', $text, $args)) {
global $ip;
$ip = gethostbyname6($args['host']);
if ($ip == false) { $ip = gethostbyname($args['host']); }
$long = ip2long($ip);
if ($geoip_check == true) {
//if((strpos($ip, ":") === false)) {
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
//ipv4
$gi = geoip_open("/usr/share/GeoIP/GeoIP.dat",GEOIP_STANDARD);
$geoip = geoip_country_code_by_addr($gi, $ip);
$geoip_name = geoip_country_name_by_addr($gi, $ip);
if ($geoip == "") {
$geoip = "UNK";
}
if ($geoip_name == "") {
$geoip_name = "UNK";
}
} else {
//ipv6
$gi = geoip_open("/usr/share/GeoIP/GeoIPv6.dat",GEOIP_STANDARD);
$geoip = geoip_country_code_by_addr_v6($gi, $ip);
$geoip_name = geoip_country_name_by_addr_v6($gi, $ip);
if ($geoip == "") {
$geoip = "UNK";
}
if ($geoip_name == "") {
$geoip_name = "UNK";
}
}
if (!filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
//$tor = Tor::getInstance($ip, '6667');
$tor = new Tor($ip, '6667');
if ($tor->isTorActive()) {
rawline ($sock, ':%s ZLINE %s +12h :Tor exit server detected. Using Tor is not allowed on this network', $UUID, $ip);
rawline ($sock, ':%s PRIVMSG %s :%s', $UUID, $conf['client']['main_channel'], "Utente ".$args['nick']."!".$args['ident']."@".$args['host']." - ".$args['realname']." (TOR EXIT SERVER) ");
}
if ($geoip != "IT") {
$isMikroTik = MikroTikChek("http://".$ip."/");
if ($isMikroTik == 1) {
alog("MikroTik=".$isMikroTik." - ".$ip);
rawline ($sock, ':%s ZLINE %s +12h :MikroTik vulnerable router detected! Upgrade your router firmware and check your configuration. Visit http://support.simosnap.org to open a support ticket.', $UUID, $ip);
rawline ($sock, ':%s PRIVMSG %s :%s', $UUID, $conf['client']['main_channel'], "Utente ".$args['nick']."!".$args['ident']."@".$args['host']." - ".$args['realname']." (MIKROTIK ROUTER) ");
} else {
alog("MikroTik=".$isMikroTik." - ".$ip);
}
}
/*if (ipInDnsBlacklist($ip, 'all.s5h.net')) {
if (($geoip != 'IT') || (false === $exception_match) ) {
//rawline ($sock, ':%s ZLINE %s +1h :You are listed in all.s5h.net DNSBL. Please visit http://www.usenix.org.uk/content/rbl.html for more information.', $UUID, $ip);
//rawline ($sock, ':%s PRIVMSG %s :%s', $UUID, $conf['client']['main_channel'], "Utente ".$args['nick']."!".$args['ident']."@".$args['host']." - ".$args['realname']." - (DNSBL all.s5h.net) ");
} else {
//rawline ($sock, ':%s PRIVMSG %s :%s', $UUID, $conf['client']['main_channel'], "Utente ".$args['nick']."!".$args['ident']."@".$args['host']." - ".$args['realname']." (MATCH ITALY EXCEPTION DNSBL all.sh.net) ");
}
}*/
}
// ASN ban block
$asn_banarray = array('8359','200557','50896','204601','57172','206485','24875','8100','62282','32181','49453','49505','50340','62282','31549','12772','48265','51026','3216','41084','203735','60781');
if ($long == -1 || $long === FALSE) {
} else {
global $asn;
$asnObj = new ip2asn('srv/bgp');
$temp = $asnObj->getAsn($ip);
$asn = $temp['as_number'];
}
if ($long == -1 || $long === FALSE) {
} else {
global $asn;
$asnObj = new ip2asn('srv/bgp');
$temp = $asnObj->getAsn($ip);
$asn = $temp['as_number'];
}
if ( in_array($asn, $asn_banarray) ) {
rawline ($sock, ':%s ZLINE %s +1h :Your provider ASN Number is blocked, please visit http://support.simosnap.com for more information', $UUID, $ip);
rawline ($sock, ':%s PRIVMSG %s :%s', $UUID, $conf['client']['main_channel'], "Utente ".$args['nick']."!".$args['ident']."@".$args['host']." ASN Number Bloccato : ".$asn);
}
}
}
// WHOIS --> : <uuid> IDLE <target uuid>
// : <uuid> IDLE <target uuid> <signon> <seconds idle>
if (@preg_match ('/^:([0-9][0-9A-Z]{2}[0-9A-Z]{6}) IDLE ([0-9][0-9A-Z]{2}[0-9A-Z]{6})$/i', $text, $args)) {
if (!strcasecmp ($args[2], $UUID)) {
rawline($sock, ':%s IDLE %s %s %s', $args[2], $args[1], $signon, time() - $idle);
}
}
// PRIVMSG --> :
if (@preg_match ('/^:([0-9][0-9A-Z]{2}[0-9A-Z]{6}) PRIVMSG ([^\s]+) :(.+)$/i', $text, $args)) {
//echo $args[2];
if (!strcasecmp ($conf['client']['main_channel'], $args[2])) {
$prefix = "!";
$commands = explode(' ', $args[3]);
if (!strcasecmp ($prefix.$conf['client']['nick'], $commands[0])) {
switch (strtolower($commands[1])) {
case 'status':
rawline($sock, ':%s PRIVMSG %s :Sign-On: %s', $UUID, $conf['client']['main_channel'], date('d/m/Y H:i:s', $signon));
break;
case 'on':
$geoip_check = true;
rawline($sock, ':%s PRIVMSG %s :Geoip Check Enabled', $UUID, $conf['client']['main_channel']);
break;
case 'off':
$geoip_check = false;
rawline($sock, ':%s PRIVMSG %s :Geoip Check Disabled', $UUID, $conf['client']['main_channel']);
break;
case 'check':
$checked = MikroTikChek("http://".$commands[2]."/");
if (!$commands[2]) {
rawline($sock, ':%s PRIVMSG %s :Warning! Missing parameter. Syntax !check <IP>', $UUID, $conf['client']['main_channel']);
} else {
if ($checked == 1) {
rawline($sock, ':%s PRIVMSG %s :Mikrotik Router detected on IP: %s', $UUID, $conf['client']['main_channel'], $commands[2]);
} else {
rawline($sock, ':%s PRIVMSG %s :No mikrotik Router detected on this IP', $UUID, $conf['client']['main_channel']);
}
}
break;
case 'debug':
$debug = true;
rawline($sock, ':%s PRIVMSG %s :Debug Enabled', $UUID, $conf['client']['main_channel']);
break;
case 'nodebug':
$debug = false;
rawline($sock, ':%s PRIVMSG %s :Debug Disabled', $UUID, $conf['client']['main_channel']);
break;
default:
rawline($sock, ':%s PRIVMSG %s :Unknown command (%s)', $UUID, $conf['client']['nick'], $conf['client']['main_channel'], strtolower($commands[1]));
break;
}
}
}
}
if (@preg_match ('/^:[0-9][0-9A-Z]{2} PING (.+) (.+)$/i', $text, $args)) {
rawline ($sock, 'PONG %s %s',$args[2],$args[1]);
}
//if ($debug) alog_wt ('%s', $text);
alog_wt ('%s', $text);
}
}
@fclose ($sock);
alog_wt ("\nSession Closed: %s", strftime ('%a %b %d %T %Y'), false);
} else {
if ($fp = @fopen ('PID', 'w')) {
@fwrite ($fp, $pid . "\n");
@fclose ($fp);
}
done ();
echo "\n";
echo "Launched in background (pid: $pid)\n\n";
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment