Underc0de
[In]Seguridad Informática => Bugs y Exploits => Mensaje iniciado por: dracko.rx en Febrero 24, 2010, 03:11:23 PM
#Name program = Sniper-Admin
#Version = beta
#Funcion = Buscar panel de admin
#Autor = Guason
use LWP::Simple;
use LWP::UserAgent;
@path = ("admin1.html","admin1.php","admin2.php","admin2.html","yonetim.php","yonetim.html",
"yonetici.php","yonetici.html","adm/","admin/",
"admin/account.php","admin/account.html","admin/index.php","admin/index.html","admin/login.php",
"admin/login.html","admin/home.php","admin/controlpanel.html","admin/controlpanel.php","admin.php",
"admin.html","admin/cp.php","admin/cp.html","cp.php","cp.html","administrator/","administrator/index.html",
"administrator/index.php","administrator/login.html","administrator/login.php","administrator/account.html",
"administrator/account.php","administrator.php","administrator.html","login.php","login.html",
"modelsearch/login.php","moderator.php","moderator.html","moderator/login.php","moderator/login.html",
"moderator/admin.php","moderator/admin.html","moderator/","account.php","account.html","controlpanel/",
"controlpanel.php","controlpanel.html","admincontrol.php","admincontrol.html","adminpanel.php",
"adminpanel.html","admin1.asp","admin2.asp","yonetim.asp","yonetici.asp","admin/account.asp",
"admin/index.asp","admin/login.asp","admin/home.asp","admin/controlpanel.asp","admin.asp","admin/cp.asp",
"cp.asp","administrator/index.asp","administrator/login.asp","administrator/account.asp","administrator.asp",
"login.asp","modelsearch/login.asp","moderator.asp","moderator/login.asp","moderator/admin.asp","account.asp",
"controlpanel.asp","admincontrol.asp","adminpanel.asp","fileadmin/","fileadmin.php","fileadmin.asp",
"fileadmin.html","administration/","administration.php","administration.html","sysadmin.php","sysadmin.html",
"phpmyadmin/","myadmin/","sysadmin.asp","sysadmin/","ur-admin.asp","ur-admin.php","ur-admin.html","ur-admin/",
"Server.php","Server.html","Server.asp","Server/","wp-admin/","administr8.php","administr8.html",
"administr8/","administr8.asp","webadmin/","webadmin.php","webadmin.asp","webadmin.html","administratie/",
"admins/","admins.php","admins.asp","admins.html","administrivia/","Database_Administration/","WebAdmin/",
"useradmin/","sysadmins/","admin1/","system-administration/","administrators/","pgadmin/","directadmin/",
"staradmin/","ServerAdministrator/","SysAdmin/","administer/","LiveUser_Admin/","sys-admin/","typo3/",
"panel/","cpanel/","cPanel/","cpanel_file/","platz_login/","rcLogin/","blogindex/",
"formslogin/","autologin/","support_login/","meta_login/","manuallogin/","simpleLogin/",
"loginflat/","utility_login/","showlogin/","memlogin/","members/","login-redirect/","sub-login/",
"wp-login/","login1/","dir-login/","login_db/","xlogin/","smblogin/","customer_login/","UserLogin/",
"login-us/","acct_login/","admin_area/","bigadmin/","project-admins/","phppgadmin/","pureadmin/",
"sql-admin/","radmind/","openvpnadmin/","wizmysqladmin/","vadmind/","ezsqliteadmin/",
"hpwebjetadmin/","newsadmin/","adminpro/","Lotus_Domino_Admin/","bbadmin/","vmailadmin/",
"Indy_admin/","ccp14admin/","irc-macadmin/","banneradmin/","sshadmin/","phpldapadmin/","macadmin/",
"administratoraccounts/","admin4_account/","admin4_colon/","radmind-1/","Super-Admin/","AdminTools/",
"cmsadmin/","SysAdmin2/","globes_admin/","cadmins/","phpSQLiteAdmin/","navSiteAdmin/","server_admin_small/",
"logo_sysadmin/","server/","database_administration/","power_user/","system_administration/","ss_vms_admin_sm/");
my $web = $ARGV[0];
unless ($ARGV[0]) {
print "\n\n\t\t\tSniper-Admin by Guason\t\t\t\n\n";
print "\nModo de uso perl $0 <WEB>\n\n";
print "<WEB> = Web solamente ejemplo = http://www.petardas.com/\n\n";
exit 1;
}
logo();
print "\n\n";
print "Buscando paths en $web\n\n\n";
foreach $paths(@path) {
$junto = $web.$paths;
$lwp = LWP::UserAgent->new();
$code = $lwp -> get($junto);
if($code->content =~ /Username/ ||
$code->content =~ /Password/ ||
$code->content =~ /username/ ||
$code->content =~ /password/ ||
$code->content =~ /USERNAME/ ||
$code->content =~ /PASSWORD/ ||
$code->content =~ /Senha/ ||
$code->content =~ /senha/ ||
$code->content =~ /Personal/ ||
$code->content =~ /Usuario/ ||
$code->content =~ /Clave/ ||
$code->content =~ /Usager/ ||
$code->content =~ /usager/ ||
$code->content =~ /Sing/ ||
$code->content =~ /passe/ ||
$code->content =~ /P\/W/ ||
$code->content =~ /Admin Password/
) {
print "Se encontro $path\n";
}
}
print "\n\n\n\nScan Finalizado\n\n";
print "\n\nWritten by Guason || 2009\n\n";
print "Visita infierno-hacking.webcindario.com & guason-cracker.blogspot.com\n\n";
exit 1;
sub logo {
print "\n\t\t\tSniper-Admin Version 0.1 || Written by Guason\t\t\t\n";
}
#Agradecimientos = none =0
#Email = [email protected]
#Web = infierno-hacking.webcindario.com
#Blog = guason-cracker.blogspot.com
#Good ByeUse:
Citarperl sniper.pl www.example.com/