#!perl# MPGH User Information Grabber by Mike Rohsoft# C:\Users\Scriptkiddy\

1. #!perl
2. # MPGH User Information Grabber by Mike Rohsoft
3. # C:\Users\Scriptkiddy\Desktop>perl mpgh.pl
4. # My Rank is: member1
5. # My Mail is: xxxxxx@xxxxxxxxxxxxxxxxxxxx.de
6. use strict;
7. use LWP::UserAgent;
8. #======= User Login =========
9. my $username = 'MikeRohsoft'; # You should edit this
10. my $password = 'XXXXXXXXXXX'; # And this
11. #============================
12. #======= Client Config ======
13. my $user_agent = 'Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:8.0) Gecko/20100101 Firefox/8.0';
14. my $cookie_file = 'mpgh.cookie';
15. #============================
16. #======= Site Config ========
17. my $protocol = 'http';
18. my $url = 'www.mpgh.net';
19. my $index_uri = 'forum/index.php';
20. my $login_uri = 'forum/login.php?do=login';
21. my $login_params =
22. {  
23.         do => 'login',
24.     vb_login_md5password => '',
25.     vb_login_md5password_utf => '',
26.      s => '',
27.     securitytoken => 'guest',
28.      vb_login_username => $username,
29.      vb_login_password => $password,
30.      vb_login_password_hint => 'Password',
31. }; 
32. #=============================
33. # Create our global HTTP Object
34. my $ua = LWP::UserAgent->new
35. (                        
36.      agent => $user_agent,
37.          cookie_jar =>
38.      {
39.          autosave => 1,
40.          ignore_discard  => 1,
41.          file => $cookie_file,
42.      },
43.      max_redirect => 4,
44.      timeout => 90
45. );
46. #====== Pattern Routine ======
47. sub onLogin
48. {
49.      my $content = shift;
50.      my $usrid = 0;
51.      my $rank = my $email = '';
52.      ($usrid) = $1 if $content =~ m!<a href="member\.php\?u=(\d+)">$username</a>!s; # Extract our Userid
53.      if($usrid)
54.      {
55.         my $res = $ua->get(sprintf '%s://%s/forum/member.php?u=%d', $protocol, $url, $usrid)->decoded_content; # Browse to our Profile
56.         ($rank) = $res =~ m!<img src="$protocol://$url/ranks/([^\.]*?)\.png".*?/>!s; # Extract Rank by Picture
57.         $res = $ua->get(sprintf '%s://%s/forum/profile.php?do=editpassword', $protocol, $url)->decoded_content; # Browse to our email address
58.         ($email) = $res =~ /input.*?name="email".*?value="(.*?)"/s; # Extract our Email Address
59.     }
60.     print "My Rank is: $rank\n";
61.     print "My Mail is: $email\n";
62. }
63. #=============================
64. #=============================
65. #=============================
66. my $index_url = sprintf '%s://%s/%s', $protocol, $url, $index_uri; # Build Index URL
67. my $res = $ua->get($index_url);
68. my $content = $res->decoded_content;
69. if($content =~ /www\.cloudflare\.com/) # Bypass Cloudflare
70. {
71.     my ($jscript) = $content =~ /setTimeout.*?function.*?(var.*?)f\.submit/s; # Extract the JScript we need
72.     my @MicrosoftJScript = ();
73.     my $keyname = '';
74.         $jscript =~ s/\n//g;
75.         for(split /;/s, $jscript)
76.         {
77.          next unless /^([a-zA-Z]+\.[a-zA-Z]+)/ or /^\s*var /; # We only need the declaration of the object and the object lines
78.          if ($keyname eq '')
79.          {
80.              ($keyname) = $_ =~ /^([a-zA-Z]+\.[a-zA-Z]+)/; # get our Object.KeyName if we don't got already
81.          }
82.          s/a\.value(.*)/WScript.Echo(parseInt($keyname, 10))/s; # Replace a.value* with WScript.Echo(parseInt($keyname, 10)) for Console output
83.         push @MicrosoftJScript, "$_;\n";
84.     }
85.     # We are lazy, we can decrypt what happen, or load a blowed JavaScript Interpreter, or we just use the build in MS Interpreter
86.     open my $fh, '>', 'sumscript.js';
87.     print $fh  @MicrosoftJScript";
88. close $fh;
89.     my $buffer = `cscript //E:jscript sumscript.js`;
90.     unlink 'sumscript.js'; # clean up
91.     my $sum = 0;
92.     for(split /\n/, $buffer) # We only need the Integer output, so we should extract it from callback
93.     {
94.         if(/^(\d+)$/)
95.         {
96.             $sum = $1;
97.             last; # stop loop if we found it
98.         }
99.     }
100.     if($sum)
101.     {
102.         my $cloudflare_sum = $sum + length($url);
103.         my %formvalues = ( jschl_answer => $cloudflare_sum ); # We got already the first value
104.                # Gather uri and Formular Objects
105.         my ($cloudflareuri, $values) = $content =~ m!<form id="challenge-form" action="(.*?)" method="get">(.*?)</form>!s;
106.         for(split /\n/, $values)
107.         {
108.             $formvalues{$1} = $2 if m!<input type="hidden" name="(.*?)" value="(.*?)"/>!; # Gather name and value fields
109.         }
110.         my $cloudflare_request = sprintf '%s://%s%s?', $protocol, $url, $cloudflareuri; # Create our callback url
111.         $cloudflare_request .= "$_=$formvalues{$_}&" for keys %formvalues; # Append the Values to url
112.         chop $cloudflare_request; # Remove the last &
113.         sleep 4; # Wait 4 seconds like the Browser
114.         $res = $ua->get($cloudflare_request);
115.     }
116.     else
117.     {
118.         die "can't calcute cloudflare sum";
119.     }
120. }
121. my $login_url = sprintf '%s://%s/%s', $protocol, $url, $login_uri; # Built Login URL
122. $res = $ua->post($login_url, $login_params); # Request our Login Parameters declared in the Head
123. $res = $ua->get($index_url);
124. # We should Loged in now
125. $content = $res->decoded_content;
126. &onLogin($content);