ONE PIECE HACKING

Ngiler SH3LL 360
: / home / tbf / membrubackend / app / Services /

Information Server
MySQL : OFF Perl : OFF CURL : ON WGET : OFF PKEXEC : OFF

Directive	Local Value
IP Address	89.40.16.97
System	Linux server.atelieruldeit.ro 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
User	tbf
PHP Version	7.3.33
Software	Apache
Doc root	Writable

Edit File : WebSocketClientService.php \| Size : 7.90 KB
<?php namespace App\Services; use ErrorException; class WebSocketClientService { /** * Connect to WebSocket and send a short message * * @param string $host * @param int $port * @param array $data * @param array $headers * * @return string / public function connectAndSendData(string $host, int $port, array $data, array $headers = []): string { $returnString = ''; $errorString = ''; $data['key'] = config('app.ws_secret'); $message = json_encode($data); if ( $sp = $this->websocketOpen($host, $port, $headers,$errorString) ) { $this->websocketWrite($sp, $message); $returnString = $this->websocketRead($sp,$errorString); fclose($sp); } else { $returnString = 'Failed to connect to server, Server responed with: '.$errorString; } return $returnString; } /* * Open websocket connection * * @param string $host * @param int $port * @param array $headers * @param string $error_string * @param int $timeout * @param bool $ssl * * @return bool\|false\|resource / private function websocketOpen(string $host = '', int $port = 8080, array $headers = [], string &$error_string = '', int $timeout = 10, bool $ssl = false) { // Generate a key (to convince server that the update is not random) // The key is for the server to prove it is websocket aware. (We know it is) $key = base64_encode(openssl_random_pseudo_bytes(16)); $header = "GET / HTTP/1.1\r\n" ."Host: $host\r\n" ."pragma: no-cache\r\n" ."Upgrade: WebSocket\r\n" ."Connection: Upgrade\r\n" ."Sec-WebSocket-Key: $key\r\n" ."Sec-WebSocket-Version: 13\r\n"; // Add extra headers if (!empty($headers)) { foreach ($headers as $h) { $header.=$h."\r\n"; } } // Add end of header marker $header.="\r\n"; // Connect to server $host = $host ?? config('app.ws_host'); $port = $port < 1 ? config('app.ws_port') : $port; $address = ($ssl ? 'ssl://' : '') . $host . ':' . $port; $crtFilePath = config('app.ws_tls_crt'); $cafile = __DIR__.'/../../resources/ssl/'.$crtFilePath; $socketContext = stream_context_create([ 'ssl' => [ 'verify_peer_name' => false, 'verify_peer' => false, 'allow_self_signed' => true, 'cafile' => $cafile, ] ]); try { $sp = stream_socket_client($address, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, $socketContext); } catch (ErrorException $e) { $sp = null; } if(!$sp) { $error_string = "Unable to connect to websocket server: $errstr ($errno)"; return false; } // Set timeouts stream_set_timeout($sp, $timeout); //Request upgrade to websocket $rc = fwrite($sp, $header); if(!$rc) { $error_string = "Unable to send upgrade header to websocket server: $errstr ($errno)"; return false; } // Read response into an assotiative array of headers. Fails if upgrade failes. $reaponse_header = fread($sp, 1024); // status code 101 indicates that the WebSocket handshake has completed. if(!strpos($reaponse_header," 101 ") \|\| !strpos($reaponse_header,'Sec-WebSocket-Accept: ')){ $error_string = "Server did not accept to upgrade connection to websocket." .$reaponse_header. E_USER_ERROR; return false; } // The key we send is returned, concatenate with "258EAFA5-E914-47DA-95CA- // C5AB0DC85B11" and then base64-encoded. one can verify if one feels the need... return $sp; } /* * Write to websocket * * @param resource $sp * @param string $data * @param bool $final * * @return false\|int / private function websocketWrite($sp, string $data, bool $final = true) { // Assamble header: FINal 0x80 \| Opcode 0x02 $header = chr(($final?0x80:0) \| 0x02); // 0x02 binary // Mask 0x80 \| payload length (0-125) if (strlen($data)<126) { $header .= chr(0x80 \| strlen($data)); } elseif (strlen($data)<0xFFFF) { $header .= chr(0x80 \| 126) . pack("n",strlen($data)); } else { $header .= chr(0x80 \| 127) . pack("N",0) . pack("N",strlen($data)); } // Add mask $mask = pack("N", rand(1, 0x7FFFFFFF)); $header .= $mask; // Mask application data. $dataLength = strlen($data); for ($i = 0; $i < $dataLength; $i++) { $data[$i] = chr(ord($data[$i]) ^ ord($mask[$i % 4])); } return fwrite($sp,$header.$data); } /* * Read from websocket * * @param resource $sp * @param string\|NULL $error_string * * @return bool\|string / private function websocketRead($sp, string &$error_string = NULL) { $data = ""; do { // Read header $header = fread($sp,2); if(!$header) { $error_string = "Reading header from websocket failed."; return false; } $opcode = ord($header[0]) & 0x0F; $final = ord($header[0]) & 0x80; $masked = ord($header[1]) & 0x80; $payload_len = ord($header[1]) & 0x7F; // Get payload length extensions $ext_len = 0; if ($payload_len >= 0x7E) { $ext_len = 2; if ($payload_len == 0x7F) { $ext_len = 8; } $header = fread($sp, $ext_len); if (!$header) { $error_string = "Reading header extension from websocket failed."; return false; } // Set extented paylod length $payload_len = 0; for ($i=0;$i<$ext_len;$i++) { $payload_len += ord($header[$i]) << ($ext_len - $i - 1) 8; } } // Get Mask key if ($masked) { $mask = fread($sp,4); if (!$mask) { $error_string = "Reading header mask from websocket failed."; return false; } } // Get payload $frame_data = ''; do { $frame = fread($sp, $payload_len); if (!$frame) { $error_string = "Reading from websocket failed."; return false; } $payload_len -= strlen($frame); $frame_data.=$frame; } while ($payload_len>0); // Handle ping requests (sort of) send pong and continue to read if ($opcode == 9) { // Assamble header: FINal 0x80 \| Opcode 0x0A + Mask on 0x80 with zero payload fwrite($sp,chr(0x8A) . chr(0x80) . pack("N", rand(1,0x7FFFFFFF))); continue; } elseif ($opcode == 8) { // close fclose($sp); } elseif ($opcode < 3) { // 0 = continuation frame, 1 = text frame, 2 = binary frame // Unmask data $data_len = strlen($frame_data); if ($masked) { for ($i = 0; $i < $data_len; $i++) { $data .= $frame_data[$i] ^ $mask[$i % 4]; } } else { $data .= $frame_data; } } else { continue; } } while (!$final); return $data; } } Back

Edit File : WebSocketClientService.php | Size : 7.90 KB

<?php

namespace App\Services;

use ErrorException;

class WebSocketClientService
{
    /**
     * Connect to WebSocket and send a short message
     *
     * @param string $host
     * @param int $port
     * @param array $data
     * @param array $headers
     *
     * @return string
     */
    public function connectAndSendData(string $host, int $port, array $data, array $headers = []): string
    {
        $returnString = '';
        $errorString = '';

$data['key'] = config('app.ws_secret');

$message = json_encode($data);

if ( $sp = $this->websocketOpen($host, $port, $headers,$errorString) ) {
            $this->websocketWrite($sp, $message);
            $returnString = $this->websocketRead($sp,$errorString);

fclose($sp);
        } else {
            $returnString = 'Failed to connect to server, Server responed with: '.$errorString;
        }

return $returnString;
    }

/**
     * Open websocket connection
     *
     * @param string $host
     * @param int $port
     * @param array $headers
     * @param string $error_string
     * @param int $timeout
     * @param bool $ssl
     *
     * @return bool|false|resource
     */
    private function websocketOpen(string $host = '', int $port = 8080, array $headers = [], string &$error_string = '', int $timeout = 10, bool $ssl = false)
    {
        // Generate a key (to convince server that the update is not random)
        // The key is for the server to prove it is websocket aware. (We know it is)
        $key = base64_encode(openssl_random_pseudo_bytes(16));

$header = "GET / HTTP/1.1\r\n"
            ."Host: $host\r\n"
            ."pragma: no-cache\r\n"
            ."Upgrade: WebSocket\r\n"
            ."Connection: Upgrade\r\n"
            ."Sec-WebSocket-Key: $key\r\n"
            ."Sec-WebSocket-Version: 13\r\n";

// Add extra headers
        if (!empty($headers)) {
            foreach ($headers as $h) {
                $header.=$h."\r\n";
            }
        }

// Add end of header marker
        $header.="\r\n";

// Connect to server
        $host = $host ?? config('app.ws_host');
        $port = $port < 1 ? config('app.ws_port') : $port;
        $address = ($ssl ? 'ssl://' : '') . $host . ':' . $port;

$crtFilePath = config('app.ws_tls_crt');
        $cafile = __DIR__.'/../../resources/ssl/'.$crtFilePath;

$socketContext = stream_context_create([
            'ssl' => [
                'verify_peer_name'  => false,
                'verify_peer'       => false,
                'allow_self_signed' => true,
                'cafile'            => $cafile,
            ]
        ]);

try {
            $sp = stream_socket_client($address, $errno, $errstr, $timeout, STREAM_CLIENT_CONNECT, $socketContext);
        } catch (ErrorException $e) {
            $sp = null;
        }

if(!$sp) {
            $error_string = "Unable to connect to websocket server: $errstr ($errno)";
            return false;
        }

// Set timeouts
        stream_set_timeout($sp, $timeout);

//Request upgrade to websocket
        $rc = fwrite($sp, $header);
        if(!$rc) {
            $error_string = "Unable to send upgrade header to websocket server: $errstr ($errno)";
            return false;
        }

// Read response into an assotiative array of headers. Fails if upgrade failes.
        $reaponse_header = fread($sp, 1024);

// status code 101 indicates that the WebSocket handshake has completed.
        if(!strpos($reaponse_header," 101 ")
            || !strpos($reaponse_header,'Sec-WebSocket-Accept: ')){
            $error_string = "Server did not accept to upgrade connection to websocket."
                .$reaponse_header. E_USER_ERROR;
            return false;
        }
        // The key we send is returned, concatenate with "258EAFA5-E914-47DA-95CA-
        // C5AB0DC85B11" and then base64-encoded. one can verify if one feels the need...

return $sp;
    }

/**
     * Write to websocket
     *
     * @param resource $sp
     * @param string $data
     * @param bool $final
     *
     * @return false|int
     */
    private function websocketWrite($sp, string $data, bool $final = true)
    {
        // Assamble header: FINal 0x80 | Opcode 0x02
        $header = chr(($final?0x80:0) | 0x02); // 0x02 binary

// Mask 0x80 | payload length (0-125)
        if (strlen($data)<126) {
            $header .= chr(0x80 | strlen($data));
        } elseif (strlen($data)<0xFFFF) {
            $header .= chr(0x80 | 126) . pack("n",strlen($data));
        } else {
            $header .= chr(0x80 | 127) . pack("N",0) . pack("N",strlen($data));
        }

// Add mask
        $mask = pack("N", rand(1, 0x7FFFFFFF));
        $header .= $mask;

// Mask application data.
        $dataLength = strlen($data);
        for ($i = 0; $i < $dataLength; $i++) {
            $data[$i] = chr(ord($data[$i]) ^ ord($mask[$i % 4]));
        }

return fwrite($sp,$header.$data);
    }

/**
     * Read from websocket
     *
     * @param resource $sp
     * @param string|NULL $error_string
     *
     * @return bool|string
     */
    private function websocketRead($sp, string &$error_string = NULL)
    {
        $data = "";

do {
            // Read header
            $header = fread($sp,2);
            if(!$header) {
                $error_string = "Reading header from websocket failed.";
                return false;
            }

$opcode = ord($header[0]) & 0x0F;
            $final = ord($header[0]) & 0x80;
            $masked = ord($header[1]) & 0x80;
            $payload_len = ord($header[1]) & 0x7F;

// Get payload length extensions
            $ext_len = 0;
            if ($payload_len >= 0x7E) {
                $ext_len = 2;
                if ($payload_len == 0x7F) {
                    $ext_len = 8;
                }

$header = fread($sp, $ext_len);
                if (!$header) {
                    $error_string = "Reading header extension from websocket failed.";
                    return false;
                }

// Set extented paylod length
                $payload_len = 0;
                for ($i=0;$i<$ext_len;$i++) {
                    $payload_len += ord($header[$i]) << ($ext_len - $i - 1) * 8;
                }
            }

// Get Mask key
            if ($masked) {
                $mask = fread($sp,4);
                if (!$mask) {
                    $error_string = "Reading header mask from websocket failed.";
                    return false;
                }
            }

// Get payload
            $frame_data = '';
            do {
                $frame = fread($sp, $payload_len);
                if (!$frame) {
                    $error_string = "Reading from websocket failed.";
                    return false;
                }
                $payload_len -= strlen($frame);
                $frame_data.=$frame;
            } while ($payload_len>0);

// Handle ping requests (sort of) send pong and continue to read
            if ($opcode == 9) {
                // Assamble header: FINal 0x80 | Opcode 0x0A + Mask on 0x80 with zero payload
                fwrite($sp,chr(0x8A) . chr(0x80) . pack("N", rand(1,0x7FFFFFFF)));

continue;
            } elseif ($opcode == 8) {
                // close
                fclose($sp);
            } elseif ($opcode < 3) {
                // 0 = continuation frame, 1 = text frame, 2 = binary frame
                // Unmask data
                $data_len = strlen($frame_data);
                if ($masked) {
                    for ($i = 0; $i < $data_len; $i++) {
                        $data .= $frame_data[$i] ^ $mask[$i % 4];
                    }
                } else {
                    $data .= $frame_data;
                }
            } else {
                continue;
            }

} while (!$final);

return $data;
    }
}

Back